Context Navigation

source: npl/webapps/sugarcrm/LDAPAuthenticateUser.php-groupcheck.patch @ a2d969e

perl-5.22

Last change on this file since a2d969e was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 8 years ago
initial commit, transferred from cleaned syn3 svn tree
Property mode set to `100644`
File size: 1.1 KB

(a) LDAPAuthenticateUser.php vs. (b) a

-                      a
                         // Authentication succeeded, get info from LDAP directory
                         $attrs = array_keys($GLOBALS['ldapConfig']['users']['fields']);
                         $base_dn = $GLOBALS['ldap_config']->settings['ldap_base_dn'];
+                        $name_filter = "(" . $GLOBALS['ldap_config']->settings['ldap_login_attr']. "=" . $name . ")";
+                        //check group membership
+                        $result = @ldap_search($ldapconn, "cn=SugarCRM,ou=Groups,$base_dn", "(memberUid=$name)", $attrs);
+                        $info=@ldap_get_entries($ldapconn, $result);
+                        if (strtolower($name)=="administrator" || $info[0])
+                        {
+                                $GLOBALS['log']->debug("ldapauth: Group membership OK");
+                        }
+                        else
+                        {
+                                $GLOBALS['log']->debug("ldapauth: FAILED, $name not member of SugarCRM group!");
+                                return '';
+                        }
+                        $name_filter = "(" . $GLOBALS['ldap_config']->settings['ldap_login_attr']. "=" . $name . ")";
                         $GLOBALS['log']->debug("ldapauth: Fetching user info from Directory.");
                         $result = @ldap_search($ldapconn, $base_dn, $name_filter, $attrs);
                          if($this->loginError($error)){

Note: See TracBrowser for help on using the repository browser.

Download in other formats: