Bonjour, Voici le patch afin de remplir la fiche utilisateur à partir des infos d'un serveur d'authentification central (SSO) de type Shibboleth ou LemonLDAP::NG .
Afin de tester, tu peux mettre ces infos au tout début du fichier login.php : $_SERVER['REMOTE_USER'] = 'totoA'; $_SERVER['name'] = "cromagnon"; $_SERVER['email'] = "t...@to.com"; Attention! ceci ne fonctionnera pas s'il y a un ou plusiuers serveur LDAP d'activé. J'ai également ajouté le fait que ça passe dans le moteur de règle des habilitations pour ce cas là, et j'ai ajouté le critère LOGIN dans ces même règles. Cordialement, -- David DURIEUX Tel : +33 (0)4.82.53.30.53 Mail : d.duri...@siprossii.com Site Web : http://www.siprossii.com/ SIPROSSII Les Lafôrets 69430 Beaujeu FRANCE
--- glpi084/front/auth.sso.php 1970-01-01 01:00:00.000000000 +0100 +++ glpi084/front/auth.sso.php 2013-01-29 15:27:19.482543888 +0100 @@ -0,0 +1,51 @@ +<?php +/* + * @version $Id: auth.sso.php 20027 2013-01-27 16:12:33Z remi $ + ------------------------------------------------------------------------- + GLPI - Gestionnaire Libre de Parc Informatique + Copyright (C) 2003-2012 by the INDEPNET Development Team. + + http://indepnet.net/ http://glpi-project.org + ------------------------------------------------------------------------- + + LICENSE + + This file is part of GLPI. + + GLPI is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + GLPI is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GLPI. If not, see <http://www.gnu.org/licenses/>. + -------------------------------------------------------------------------- + */ + +/** @file +* @brief +*/ + +include ('../inc/includes.php'); + +Session::checkRight("config", "w"); + +$authSSO = new AuthSSO(); + +if (isset($_POST["update"])) { + $authSSO->update($_POST); + Html::redirect($CFG_GLPI["root_doc"] . "/front/auth.sso.php"); +} + +Html::header(__('Single Sign-On central server (WebSSO)'), $_SERVER['PHP_SELF'], "config", + "authsso", "others"); + +$authSSO->showForm(); + +Html::footer(); +?> \ No newline at end of file --- glpi084/front/setup.auth.php 2013-01-27 20:18:43.863542013 +0100 +++ glpi084/front/setup.auth.php 2013-01-29 14:47:54.789548242 +0100 @@ -1,6 +1,6 @@ <?php /* - * @version $Id: setup.auth.php 20029 2013-01-27 16:38:12Z remi $ + * @version $Id$ ------------------------------------------------------------------------- GLPI - Gestionnaire Libre de Parc Informatique Copyright (C) 2003-2012 by the INDEPNET Development Team. @@ -59,6 +59,9 @@ echo "<p>".__('Impossible to use email server as external source of connection').'</p>'; } echo "</td> </tr>"; +echo "<tr class='tab_bg_1'><td class='center b'>"; +echo "<a href='auth.sso.php'>". __('Single Sign-On central server (WebSSO)')."</a>"; +echo "</td> </tr>"; echo "<tr class='tab_bg_1'><td class='center'>". "<a href='auth.others.php'>" . __('Others authentication methods') ."</a></td></tr>"; echo "</table>"; --- glpi084/install/mysql/glpi-0.84-empty.sql 2013-01-29 15:11:32.019541828 +0100 +++ glpi084/install/mysql/glpi-0.84-empty.sql 2013-01-29 14:52:49.100546746 +0100 @@ -98,6 +98,34 @@ ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; +### Dump table glpi_authssos + +CREATE TABLE IF NOT EXISTS `glpi_authssos` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email1_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `realname_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `firstname_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `phone_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `phone2_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `mobile_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `comment_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `title_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `category_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `language_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `entity_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `date_mod` datetime DEFAULT NULL, + `comment` text COLLATE utf8_unicode_ci, + `is_active` tinyint(1) NOT NULL DEFAULT '0', + `registration_number_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email2_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email3_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email4_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `date_mod` (`date_mod`), + KEY `is_default` (`is_active`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + ### Dump table glpi_autoupdatesystems DROP TABLE IF EXISTS `glpi_autoupdatesystems`; --- glpi084/install/update_0831_084.php 2013-01-29 15:11:32.012545087 +0100 +++ glpi084/install/update_0831_084.php 2013-01-29 14:57:07.914542173 +0100 @@ -61,7 +61,8 @@ 'glpi_entities_rssfeeds', 'glpi_groups_rssfeeds', 'glpi_problems_suppliers', 'glpi_profiles_rssfeeds', 'glpi_rssfeeds_users', 'glpi_rssfeeds', - 'glpi_suppliers_tickets', 'glpi_ticketcosts'); + 'glpi_suppliers_tickets', 'glpi_ticketcosts', + 'glpi_authssos'); foreach ($newtables as $new_table) { // rename new tables if exists ? @@ -744,6 +745,37 @@ WHERE `ticketcost` IS NULL"; $DB->queryOrDie($query, "0.84 set ticketcost in glpi_profiles"); + $migration->displayMessage(sprintf(__('Change of the database layout - %s'), 'auth SSO')); + + if (!TableExists('glpi_authssos')) { + $query = "CREATE TABLE IF NOT EXISTS `glpi_authssos` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email1_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `realname_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `firstname_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `phone_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `phone2_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `mobile_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `comment_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `title_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `category_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `language_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `entity_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `date_mod` datetime DEFAULT NULL, + `comment` text COLLATE utf8_unicode_ci, + `is_active` tinyint(1) NOT NULL DEFAULT '0', + `registration_number_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email2_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email3_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + `email4_field` varchar(255) COLLATE utf8_unicode_ci DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `date_mod` (`date_mod`), + KEY `is_default` (`is_active`) + ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"; + $DB->queryOrDie($query, "0.84 add table glpi_authssos"); + + $migration->migrationOneTable('glpi_authssos'); + } $migration->displayMessage(sprintf(__('Change of the database layout - %s'), 'rss flows')); --- glpi084/inc/auth.class.php 2013-01-02 10:56:21.000000000 +0100 +++ glpi084/inc/auth.class.php 2013-01-29 14:46:39.823550757 +0100 @@ -1,6 +1,6 @@ <?php /* - * @version $Id: auth.class.php 19898 2012-12-30 19:58:35Z yllen $ + * @version $Id$ ------------------------------------------------------------------------- GLPI - Gestionnaire Libre de Parc Informatique Copyright (C) 2003-2012 by the INDEPNET Development Team. @@ -327,6 +327,11 @@ } if (self::isValidLogin($login)) { $this->user->fields['name'] = $login; + // Get data from SSO if defined + $ret = $this->user->getFromSSO(); + if (!$ret) { + return false; + } return true; } break; @@ -514,12 +519,18 @@ } } } - //If user is set as present in GLPI but no LDAP DN found : it means that the user - //is not present in an ldap directory anymore - if (!$user_dn - && $this->user_present) { - $user_deleted_ldap = true; - $this->user_deleted_ldap = true; + if (count($ldapservers) == 0 + && $authtype == self::EXTERNAL) { + // Get data from SSO if defined + $this->user->getFromSSO(); + } else { + //If user is set as present in GLPI but no LDAP DN found : it means that the user + //is not present in an ldap directory anymore + if (!$user_dn + && $this->user_present) { + $user_deleted_ldap = true; + $this->user_deleted_ldap = true; + } } // Reset to secure it $this->user->fields['name'] = $login_name; @@ -1127,7 +1138,17 @@ Dropdown::showYesNo('existing_auth_server_field_clean_domain', $CFG_GLPI['existing_auth_server_field_clean_domain']); echo "</td></tr>\n"; - + + echo "<td class='center'>" . __('Get user data from Single Sign-On central server (WebSSO)'); + echo "</td><td>"; + $authSSO = new AuthSSO(); + if ($authSSO->getFromDB(1)) { + echo Dropdown::getYesNo($authSSO->fields['is_active']); + } else { + echo Dropdown::getYesNo(0); + } + echo "</td></tr>\n"; + echo "<tr class='tab_bg_1'><td class='center' colspan='2'>"; echo "<input type='submit' name='update' class='submit' value=\"".__s('Save')."\" >"; echo "</td></tr>"; --- glpi084/inc/authsso.class.php 1970-01-01 01:00:00.000000000 +0100 +++ glpi084/inc/authsso.class.php 2013-01-29 15:27:25.691542975 +0100 @@ -0,0 +1,169 @@ +<?php +/* + * @version $Id: authsso.class.php 19453 2012-10-09 12:45:32Z moyo $ + ------------------------------------------------------------------------- + GLPI - Gestionnaire Libre de Parc Informatique + Copyright (C) 2003-2012 by the INDEPNET Development Team. + + http://indepnet.net/ http://glpi-project.org + ------------------------------------------------------------------------- + + LICENSE + + This file is part of GLPI. + + GLPI is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + GLPI is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GLPI. If not, see <http://www.gnu.org/licenses/>. + -------------------------------------------------------------------------- + */ + +/** @file +* @brief +*/ + +/** + * Class used to manage Auth mail config +**/ +class AuthSSO extends CommonDBTM { + + + // From CommonDBTM + public $dohistory = true; + + + static function getTypeName($nb=0) { + return __('Single Sign-On central server (WebSSO)'); + } + + + static function canCreate() { + return Session::haveRight('config', 'w'); + } + + + static function canView() { + return Session::haveRight('config', 'r'); + } + + + + function defineTabs($options=array()) { + + $ong = array(); + $this->addStandardTab('Log', $ong, $options); + + return $ong; + } + + + + /** + * Print the auth mail form + * + * @param $ID Integer : ID of the item + * @param $options array + * + * @return Nothing (display) + **/ + function showForm($options=array()) { + global $CFG_GLPI; + + if (!Session::haveRight("config", "w")) { + return false; + } + + if (!$this->getFromDB(1)) { + $this->add(array('id'=>'1')); + $this->getFromDB(1); + } + + echo "<form method='post' action='".$CFG_GLPI['root_doc']."/front/auth.sso.php'>"; + echo "<div class='center'><table class='tab_cadre_fixe'>"; + echo "<input type='hidden' name='id' value='1'>"; + + echo "<tr class='tab_bg_1'>"; + echo "<th class='center' colspan='4'>" . __('Single Sign-On central server (WebSSO)') . + "</th></tr>"; + + echo "<tr class='tab_bg_1'>"; + echo "<td>" . __('Active'). "</td>"; + echo "<td>"; + Dropdown::showYesNo('is_active', $this->fields['is_active']); + echo "</td>"; + echo "<td colspan='2'></td></tr>"; + + echo "<tr class='tab_bg_2'><td>" . __('Surname') . "</td>"; + echo "<td><input type='text' name='realname_field' value='". + $this->fields["realname_field"]."'></td>"; + echo "<td>" . __('First name') . "</td>"; + echo "<td><input type='text' name='firstname_field' value='". + $this->fields["firstname_field"]."'></td></tr>"; + + echo "<tr class='tab_bg_2'><td>" . __('Comments') . "</td>"; + echo "<td><input type='text' name='comment_field' value='".$this->fields["comment_field"]."'>"; + echo "</td>"; + echo "<td>" . __('Administrative number') . "</td>"; + echo "<td>"; + echo "<input type='text' name='registration_number_field' value='". + $this->fields["registration_number_field"]."'>"; + echo "</td></tr>"; + + + echo "<tr class='tab_bg_2'>"; + echo "<td>" . __('Email') . "</td>"; + echo "<td><input type='text' name='email1_field' value='".$this->fields["email1_field"]."'>"; + echo "</td>"; + echo "<td>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '2') . "</td>"; + echo "<td><input type='text' name='email2_field' value='".$this->fields["email2_field"]."'>"; + echo "</td></tr>"; + + echo "<tr class='tab_bg_2'>"; + echo "<td>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '3') . "</td>"; + echo "<td><input type='text' name='email3_field' value='".$this->fields["email3_field"]."'>"; + echo "</td>"; + echo "<td>" . sprintf(__('%1$s %2$s'),_n('Email','Emails',1), '4') . "</td>"; + echo "<td><input type='text' name='email4_field' value='".$this->fields["email4_field"]."'>"; + echo "</td></tr>"; + + echo "<tr class='tab_bg_2'><td>" . __('Phone') . "</td>"; + echo "<td><input type='text' name='phone_field'value='".$this->fields["phone_field"]."'>"; + echo "</td>"; + echo "<td>" . __('Phone 2') . "</td>"; + echo "<td><input type='text' name='phone2_field'value='".$this->fields["phone2_field"]."'>"; + echo "</td></tr>"; + + echo "<tr class='tab_bg_2'><td>" . __('Mobile phone') . "</td>"; + echo "<td><input type='text' name='mobile_field'value='".$this->fields["mobile_field"]."'>"; + echo "</td>"; + echo "<td>" . _x('person','Title') . "</td>"; + echo "<td><input type='text' name='title_field' value='".$this->fields["title_field"]."'>"; + echo "</td></tr>"; + + echo "<tr class='tab_bg_2'><td>" . __('Category') . "</td>"; + echo "<td><input type='text' name='category_field' value='". + $this->fields["category_field"]."'></td>"; + echo "<td>" . __('Language') . "</td>"; + echo "<td><input type='text' name='language_field' value='". + $this->fields["language_field"]."'></td></tr>"; + + + + echo "<tr class='tab_bg_2'><td class='center' colspan='4'>"; + echo "<input type='submit' name='update' class='submit' value=\"".__s('Save')."\">"; + echo "</td></tr>"; + echo "</table></div>"; + Html::closeForm(); + } + +} +?> \ No newline at end of file --- glpi084/inc/ruleright.class.php 2013-01-29 15:11:34.975542549 +0100 +++ glpi084/inc/ruleright.class.php 2013-01-29 14:49:26.939542372 +0100 @@ -1,6 +1,6 @@ <?php /* - * @version $Id: ruleright.class.php 20049 2013-01-29 09:36:45Z moyo $ + * @version $Id$ ------------------------------------------------------------------------- GLPI - Gestionnaire Libre de Parc Informatique Copyright (C) 2003-2012 by the INDEPNET Development Team. @@ -277,6 +277,13 @@ $criterias['MAIL_EMAIL']['linkfield'] = ''; $criterias['MAIL_EMAIL']['virtual'] = true; $criterias['MAIL_EMAIL']['id'] = 'mail_email'; + + $criterias['LOGIN']['table'] = ''; + $criterias['LOGIN']['field'] = ''; + $criterias['LOGIN']['name'] = __('Login'); + $criterias['LOGIN']['linkfield'] = ''; + $criterias['LOGIN']['virtual'] = true; + $criterias['LOGIN']['id'] = 'login'; $criterias['GROUPS']['table'] = 'glpi_groups'; $criterias['GROUPS']['field'] = 'completename'; --- glpi084/inc/rulerightcollection.class.php 2013-01-27 14:07:34.624542372 +0100 +++ glpi084/inc/rulerightcollection.class.php 2013-01-29 14:49:48.222544076 +0100 @@ -1,6 +1,6 @@ <?php /* - * @version $Id: rulerightcollection.class.php 19937 2013-01-14 20:58:39Z yllen $ + * @version $Id$ ------------------------------------------------------------------------- GLPI - Gestionnaire Libre de Parc Informatique Copyright (C) 2003-2012 by the INDEPNET Development Team. @@ -255,6 +255,10 @@ return $rule_parameters; } return $rule_input; + } else if ($params["type"] == "SSO") { + $rule_parameters["MAIL_EMAIL"] = $params["email"]; + $rule_parameters["LOGIN"] = $params["login"]; + return $rule_parameters; } //IMAP/POP login method $rule_parameters["MAIL_SERVER"] = $params["mail_server"]; --- glpi084/inc/user.class.php 2013-01-02 10:56:21.000000000 +0100 +++ glpi084/inc/user.class.php 2013-01-29 14:50:29.145552770 +0100 @@ -1,6 +1,6 @@ <?php /* - * @version $Id: user.class.php 19898 2012-12-30 19:58:35Z yllen $ + * @version $Id$ ------------------------------------------------------------------------- GLPI - Gestionnaire Libre de Parc Informatique Copyright (C) 2003-2012 by the INDEPNET Development Team. @@ -950,7 +950,8 @@ if (isset($this->fields["id"]) && ($this->fields["id"] > 0)) { $authtype = Auth::getMethodsByID($this->fields["authtype"], $this->fields["auths_id"]); - if (count($authtype)) { + if (count($authtype) + || $this->fields["authtype"] == Auth::EXTERNAL) { // Clean emails $this->input["_emails"] = array_unique ($this->input["_emails"]); @@ -1444,6 +1445,97 @@ } // getFromIMAP() + + /** + * Function that try to load from the SSO server the user information... + **/ + function getFromSSO() { + global $DB; + + $authSSO = new AuthSSO(); + if (!$authSSO->getFromDB(1)) { + return true; + } + if (!$authSSO->fields['is_active']) { + return true; + } + $this->fields['_ruleright_process'] = true; + foreach ($authSSO->fields as $field=>$value) { + if (strstr($field, "_field")) { + $field = str_replace('_field', '', $field); + if (!isset($_SERVER[$value]) + || empty($_SERVER[$value])) { + switch ($field) { + case "title" : + $this->fields['usertitles_id'] = 0; + break; + case "category" : + $this->fields['usercategories_id'] = 0; + break; + + default : + $this->fields[$field] = ""; + } + + } else { + switch ($field) { + case "email1" : + case "email2" : + case "email3" : + case "email4" : + // Manage multivaluable fields + if (!preg_match('/count/',$_SERVER[$value])) { + $this->fields["_emails"][] = addslashes($_SERVER[$value]); + } + // Only get them once if duplicated + $this->fields["_emails"] = array_unique($this->fields["_emails"]); + break; + + case "language" : + $language = Config::getLanguage($_SERVER[$value]); + if ($language != '') { + $this->fields[$field] = $language; + } + break; + + case "title" : + $this->fields['usertitles_id'] = Dropdown::importExternal('UserTitle', + addslashes($_SERVER[$value])); + break; + + case "category" : + $this->fields['usercategories_id'] = Dropdown::importExternal('UserCategory', + addslashes($_SERVER[$value])); + break; + + default : + $this->fields[$field] = $_SERVER[$value]; + break; + + } + } + } + } + ///Only process rules if working on the master database + if (!$DB->isSlave()) { + //Instanciate the affectation's rule + $rule = new RuleRightCollection(); + + $this->fields = $rule->processAllRules(array(), Toolbox::stripslashes_deep($this->fields), + array('type' => 'SSO', + 'email' => $this->fields["_emails"], + 'login' => $this->fields["name"])); + + //If rule action is ignore import + if (isset($this->fields["_stop_import"])) { + return false; + } + } + return true; + } + + + /** * Blank passwords field of a user in the DB * needed for external auth users
_______________________________________________ Glpi-dev mailing list Glpi-dev@gna.org https://mail.gna.org/listinfo/glpi-dev
