--- ../orig/cacti-0.8.6j/auth_login.php Wed Jan 24 08:38:13 2007 +++ auth_login.php Thu Aug 2 10:54:39 2007 @@ -35,9 +35,38 @@ $ldap_conn = ldap_connect(read_config_option("ldap_server")); if ($ldap_conn) { - $ldap_dn = str_replace("",$_POST["login_username"],read_config_option("ldap_dn")); - $ldap_response = @ldap_bind($ldap_conn,$ldap_dn,stripslashes($_POST["login_password"])); + + // added by prune for real LDAP login 20070801 + // bind with the admin user + $ldapb = @ldap_bind($ldap_conn,read_config_option("ldapadmin_dn"), read_config_option("ldapadmin_pass")); + $ldapuid = $_POST["login_username"]; + + // create the LDAP Request + if (read_config_option("ldap_user_role") != "") { + $ldap_query = "(&(uid=".$ldapuid.")(inetuserstatus=active)(nsrole=".read_config_option("ldap_user_role")."))"; + } + else { + // we are not using roles + $ldap_query = "(&(uid=".$ldapuid.")(inetuserstatus=active))"; + } + + $ldapsr = @ldap_search($ldap_conn, read_config_option("ldap_dn"), $ldap_query); + if ($ldapsr == false) { $ldap_auth = false; } //not nice, I know... :) + $ldapinfo = @ldap_get_entries($ldap_conn, $ldapsr); + if (! isset ($ldapinfo[0]["dn"])) { + echo "Error login - check permission and role rtl-monitoring-ro-role in LDAP"; + exit(); + } + + $ldap_dn = $ldapinfo[0]["dn"]; + $ldap_response = @ldap_bind($ldap_conn,$ldap_dn,$_POST["login_password"]); + // end added + + // original, removed by prune + //$ldap_dn = str_replace("",$_POST["login_username"],read_config_option("ldap_dn")); + //$ldap_response = @ldap_bind($ldap_conn,$ldap_dn,stripslashes($_POST["login_password"])); + // end removed + if ($ldap_response) { $ldap_auth = true; if (sizeof(db_fetch_assoc("select * from user_auth where username='" . $_POST["login_username"] . "' and realm = 1")) == 0) { --- ../orig/cacti-0.8.6j/include/config_settings.php Wed Jan 24 08:38:13 2007 +++ include/config_settings.php Thu Aug 2 10:51:08 2007 @@ -723,12 +723,34 @@ "method" => "textbox", "max_length" => "100" ), + "ldap_user_role" => array( + "friendly_name" => "LDAP Role", + "description" => "This is the LDAP Role, as defined in Sun LDAP Server where the user have to be assigned.", + "method" => "textbox", + "max_length" => "100" + ), "ldap_template" => array( "friendly_name" => "LDAP Cacti Template User", "description" => "This is the user that cacti will use as a template for new LDAP users.", "method" => "textbox", "max_length" => "100" - ) + ), + "ldapadmin_header" => array( + "friendly_name" => "LDAP Settings for Admin Bind", + "method" => "spacer", + ), + "ldapadmin_dn" => array( + "friendly_name" => "LDAP DN for Admin Authentication Bind", + "description" => "The Distinguished Name of the user for binding to LDAP and do an authenticated search.", + "method" => "textbox", + "max_length" => "100" + ), + "ldapadmin_pass" => array( + "friendly_name" => "LDAP Admin Password", + "description" => "This is the password of the user used to bind for Authenticated Bind.", + "method" => "textbox", + "max_length" => "100" + ), ) );