diff --git a/doc/zh-cn.yaml b/doc/zh-cn.yaml new file mode 100644 index 0000000..21b3c86 --- /dev/null +++ b/doc/zh-cn.yaml @@ -0,0 +1,27 @@ +--- +name: 禅道开源版LDAP插件 +code: ldap +type: extension +site: http://www.zentao.net +author: 'jie.dong<409726418@qq.com>' +abstract: > + 支持LDAP验证登录,并将用户的邮箱,姓名同步至禅道数据库。 +desc: > + 1.插件安装后,在后台页面会多出一个"LDAP"子页面,可在该页面配置LDAP服务器信息 + 2.本地用户,通过在账户名称前加“$”符号来登录禅道 +install: | + 1. 通过禅道的插件管理来进行安装。 + 1.1 使用管理员身份登录禅道,访问插件管理。 + 1.2 通过本地安装的方式进行安装 + 2. 手工安装,将代码解压缩,然后将目录拷贝到禅道对应的目录,比如module拷贝到zentao的module。 +releases: + 1.2: + zentao: + compatible: 11.5 + incompatible: + charge: free + date: 2019-05-16 + conflicts: null + depends: null + license: LGPL + changelog: > diff --git a/module/common/ext/lang/zh-cn/ldap-plugin.php b/module/common/ext/lang/zh-cn/ldap-plugin.php new file mode 100644 index 0000000..ae246aa --- /dev/null +++ b/module/common/ext/lang/zh-cn/ldap-plugin.php @@ -0,0 +1,7 @@ +admin->menu->ldap = array('link' => 'LDAP|ldap|index', 'subModule' => 'ldap'); +$lang->ldap = new stdclass(); +$lang->ldap->menu = $lang->admin->menu; +$lang->menugroup->ldap = 'admin'; +$lang->admin->menuOrder[100] = 'ldap'; +$lang->ldap->menuOrder = $lang->admin->menuOrder; \ No newline at end of file diff --git a/module/group/ext/lang/en/ldap-resource.php b/module/group/ext/lang/en/ldap-resource.php new file mode 100644 index 0000000..54d2527 --- /dev/null +++ b/module/group/ext/lang/en/ldap-resource.php @@ -0,0 +1,5 @@ +resource->ldap = new stdclass(); +$lang->resource->ldap->index = 'common'; +$lang->resource->ldap->setting = 'setting'; \ No newline at end of file diff --git a/module/group/ext/lang/zh-cn/ldap-resource.php b/module/group/ext/lang/zh-cn/ldap-resource.php new file mode 100644 index 0000000..54d2527 --- /dev/null +++ b/module/group/ext/lang/zh-cn/ldap-resource.php @@ -0,0 +1,5 @@ +resource->ldap = new stdclass(); +$lang->resource->ldap->index = 'common'; +$lang->resource->ldap->setting = 'setting'; \ No newline at end of file diff --git a/module/group/ext/lang/zh-tw/ldap-resource.php b/module/group/ext/lang/zh-tw/ldap-resource.php new file mode 100644 index 0000000..54d2527 --- /dev/null +++ b/module/group/ext/lang/zh-tw/ldap-resource.php @@ -0,0 +1,5 @@ +resource->ldap = new stdclass(); +$lang->resource->ldap->index = 'common'; +$lang->resource->ldap->setting = 'setting'; \ No newline at end of file diff --git a/module/ldap/control.php b/module/ldap/control.php new file mode 100644 index 0000000..01b4daa --- /dev/null +++ b/module/ldap/control.php @@ -0,0 +1,72 @@ + + * @package user + * @version $Id: control.php 5005 2013-07-03 08:39:11Z chencongzhi520@gmail.com $ + * @link http://www.zentao.net + */ +class ldap extends control +{ + public $referer; + + /** + * Construct + * + * @access public + * @return void + */ + public function __construct() + { + parent::__construct(); + } + + public function index() + { + $this->locate(inlink('setting')); + } + + public function setting() + { + $this->view->title = $this->lang->ldap->common . $this->lang->colon . $this->lang->ldap->setting; + $this->view->position[] = html::a(inlink('index'), $this->lang->ldap->common); + $this->view->position[] = $this->lang->ldap->setting; + $this->display(); + } + + //将LDAP信息保存至config.php + public function save() + { + if (!empty($_POST)) { + $this->config->ldap->host = $this->post->ldapHost; + $this->config->ldap->version = $this->post->ldapVersion; + $this->config->ldap->bindDN = $this->post->ldapBindDN; + $this->config->ldap->bindPWD = $this->post->ldapPassword; + $this->config->ldap->baseDN = $this->post->ldapBaseDN; + $this->config->ldap->searchFilter = $this->post->ldapFilter; + $this->config->ldap->uid = $this->post->ldapAttr; + $this->config->ldap->mail = $this->post->ldapMail; + + // 此处我们把配置写入配置文件 + $ldapConfig = "ldap = new stdclass();\n" + ."\$config->ldap->host = '{$this->post->ldapHost}';\n" + ."\$config->ldap->version = '{$this->post->ldapVersion}';\n" + ."\$config->ldap->bindDN = '{$this->post->ldapBindDN}';\n" + ."\$config->ldap->bindPWD = '{$this->post->ldapPassword}';\n" + ."\$config->ldap->baseDN = '{$this->post->ldapBaseDN}';\n" + ."\$config->ldap->searchFilter = '{$this->post->ldapFilter}';\n" + ."\$config->ldap->uid = '{$this->post->ldapAttr}';\n" + ."\$config->ldap->mail = '{$this->post->ldapMail}';\n" + ."\$config->ldap->name = '{$this->post->ldapName}';\n"; + + $file = fopen("config.php", "w") or die("Unable to open file!"); + fwrite($file, $ldapConfig); + fclose($file); + $this->locate(inlink('setting')); + } + } +} diff --git a/module/ldap/lang/en.php b/module/ldap/lang/en.php new file mode 100644 index 0000000..5b22b53 --- /dev/null +++ b/module/ldap/lang/en.php @@ -0,0 +1,28 @@ + + * @package user + * @version $Id: en.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $ + * @link http://www.zentao.net + */ +$lang->ldap->common = "LDAP"; +$lang->ldap->setting = "Setting"; +$lang->ldap->host = 'LDAP Host: '; +$lang->ldap->version = 'Protocol Version: '; +$lang->ldap->bindDN = 'BindDN: '; +$lang->ldap->password = 'BindDN Password: '; +$lang->ldap->baseDN = 'BaseDN: '; +$lang->ldap->filter = 'Search filter: '; +$lang->ldap->attributes = 'Account Attribute: '; +$lang->ldap->sync = 'Sync'; +$lang->ldap->save = 'Save'; +$lang->ldap->test = 'Connect Test'; +$lang->ldap->mail = 'EMail:'; +$lang->ldap->name = 'Name Attrubte:'; + +$lang->ldap->methodOrder[5] = 'index'; +$lang->ldap->methodOrder[10] = 'setting'; \ No newline at end of file diff --git a/module/ldap/lang/zh-cn.php b/module/ldap/lang/zh-cn.php new file mode 100644 index 0000000..1c4cd79 --- /dev/null +++ b/module/ldap/lang/zh-cn.php @@ -0,0 +1,29 @@ + + * @package user + * @version $Id: zh-cn.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $ + * @link http://www.zentao.net + */ + +$lang->ldap->common = "LDAP"; +$lang->ldap->setting = "设置"; +$lang->ldap->host = 'LDAP服务器: '; +$lang->ldap->version = '协议版本: '; +$lang->ldap->bindDN = 'BindDN: '; +$lang->ldap->password = 'BindDN 密码: '; +$lang->ldap->baseDN = 'BaseDN: '; +$lang->ldap->filter = 'Search filter: '; +$lang->ldap->attributes = '账号字段: '; +$lang->ldap->sync = '手动同步'; +$lang->ldap->save = '保存设置'; +$lang->ldap->test = '测试连接'; +$lang->ldap->mail = 'EMail 字段:'; +$lang->ldap->name = '姓名字段:'; + +$lang->ldap->methodOrder[5] = 'index'; +$lang->ldap->methodOrder[10] = 'setting'; \ No newline at end of file diff --git a/module/ldap/lang/zh-tw.php b/module/ldap/lang/zh-tw.php new file mode 100644 index 0000000..e71bdbc --- /dev/null +++ b/module/ldap/lang/zh-tw.php @@ -0,0 +1,28 @@ + + * @package user + * @version $Id: zh-tw.php 5053 2013-07-06 08:17:37Z wyd621@gmail.com $ + * @link http://www.zentao.net + */ +$lang->ldap->common = "LDAP"; +$lang->ldap->setting = "设置"; +$lang->ldap->host = 'LDAP服务器: '; +$lang->ldap->version = '协议版本: '; +$lang->ldap->bindDN = 'BindDN: '; +$lang->ldap->password = 'BindDN 密码: '; +$lang->ldap->baseDN = 'BaseDN: '; +$lang->ldap->filter = 'Search filter: '; +$lang->ldap->attributes = '账号字段: '; +$lang->ldap->sync = '手动同步'; +$lang->ldap->save = '保存设置'; +$lang->ldap->test = '测试连接'; +$lang->ldap->mail = 'EMail 字段:'; +$lang->ldap->name = '姓名字段:'; + +$lang->ldap->methodOrder[5] = 'index'; +$lang->ldap->methodOrder[10] = 'setting'; \ No newline at end of file diff --git a/module/ldap/model.php b/module/ldap/model.php new file mode 100644 index 0000000..d9fee5f --- /dev/null +++ b/module/ldap/model.php @@ -0,0 +1,127 @@ + +host); + if ($ds) { + ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); + ldap_bind($ds, $dn, $pwd); + $ret = ldap_error($ds); + ldap_close($ds); + } else { + $ret = ldap_error($ds); + } + return $ret; + } + + //通过UID获取用户DN信息 + //参数:配置文件,用户UID + //返回用户DN信息或者null + public function getUserDN($config, $account) + { + $ret = null; + $ds = ldap_connect($config->host); + if ($ds) { + ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); + ldap_bind($ds, $config->bindDN, $config->bindPWD); + //$filter = "(uid=$account)"; + $rlt = ldap_search($ds, $config->baseDN, $config->uid.'='.$account); + $count=ldap_count_entries($ds, $rlt); + if($count > 0){ + $data = ldap_get_entries($ds, $rlt); + $ret = $data[0]['dn']; + $str = serialize($data); + } + ldap_unbind($ds); + } + return $ret; +} + + //添加新用户到禅道数据库 + public function addUserToZrnTaoDB($config, $data, $password){ + $pass = true; + $user = new stdclass(); + //$account = ''; + $user->account = $data[0][$config->uid][0]; + $user->password = md5($password); + $user->email = $data[0][$config->mail][0]; + $user->realname = $data[0][$config->name][0]; + $this->dao->insert(TABLE_USER)->data($user)->autoCheck()->exec(); + if(dao::isError()) + { + echo js::error(dao::getError()); + die(js::reload('parent')); + $pass = false; + } + return $pass; + } + //获取LDAP用户信息 + //accoutn uid=d0388 + public function getUserMessageFromLDAP($config, $account) + { + $ds = ldap_connect($config->host); + if ($ds) { + ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); + ldap_bind($ds, $config->bindDN, $config->bindPWD); + $filter = "(|(sn=*))"; + $rlt = ldap_search($ds, $config->baseDN, $account); + $data = ldap_get_entries($ds, $rlt); + return $data; + } + return null; + } + + //判断当前用户是否存在于禅道数据库 + //参数:用户UID + //成功返回true,失败返回false + public function isExistInZenTaoDB($account) + { + $pass = false; + $record = $this->dao->select('*')->from(TABLE_USER) + ->where('account')->eq($account) + ->andWhere('deleted')->eq(0) + ->fetch(); + if($record){ + $pass = true; + } + return $pass; + } + + //更新用户状态 + public function updateUserDB($account, $password){ + $record = $this->dao->select('*')->from(TABLE_USER) + ->where('account')->eq($account) + ->andWhere('deleted')->eq(0) + ->fetch(); + $user = $record; + $ip = $this->server->remote_addr; + $password = md5($password); + $last = $this->server->request_time; + $this->dao->update(TABLE_USER)->set('password')->eq($password)->set('visits = visits + 1')->set('ip')->eq($ip)->set('last')->eq($last)->where('account')->eq($account)->exec(); + $user->last = date(DT_DATETIME1, $user->last); + } + + //设置新增用户默认权限,默认权限为guest + //参数:account + public function setDefaultUserGroup($account){ + $data = new stdclass(); + $data->account = $account; + $data->group = 2; + $this->dao->insert(TABLE_USERGROUP)->data($data)->exec(); + } +} diff --git a/module/ldap/view/setting.html.php b/module/ldap/view/setting.html.php new file mode 100644 index 0000000..2709316 --- /dev/null +++ b/module/ldap/view/setting.html.php @@ -0,0 +1,72 @@ + + * @package mail + * @version $Id$ + * @link http://www.zentao.net + */ +include '../../common/view/header.html.php'; +?> +
+
+
+ icons['mail']);?> + ldap->common;?> + ldap->setting;?> +
+
+
'> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ldap->host; ?>ldap->host, "class='form-control'");?>
ldap->version; ?>ldap->version, "class='form-control'");?>
ldap->bindDN; ?>ldap->bindDN, "class='form-control'");?>
ldap->password; ?>ldap->bindPWD, "class='form-control'");?>
ldap->baseDN; ?>ldap->baseDN, "class='form-control'");?>
ldap->filter; ?>ldap->searchFilter, "class='form-control'");?>
ldap->attributes; ?>ldap->uid, "class='form-control'");?>
ldap->mail; ?>ldap->mail, "class='form-control'");?>
ldap->name; ?>ldap->name, "class='form-control'");?>
+ ldap->save); + ?> +
+
+
+ diff --git a/module/user/ext/model/identify.php b/module/user/ext/model/identify.php new file mode 100644 index 0000000..c8a3764 --- /dev/null +++ b/module/user/ext/model/identify.php @@ -0,0 +1,31 @@ +loadModel('ldap'); + $dn = $ldap->getUserDN($this->config->ldap, $account); + $pass = $ldap->identify($this->config->ldap, $dn, $password); + if ('Success' == $pass){ + //验证成功 + //账户是否存在于禅道DB + if ($ldap->isExistInZenTaoDB($account)){ + //存在,更新用户信息并登录 + $ldap->updateUserDB($account, $password); + return parent::identify($account, $password); + } else { + //不存在,添加到禅道DB后进行登录 + $data = $ldap->getUserMessageFromLDAP($this->config->ldap,$this->config->ldap->uid.'='.$account); + $addUser = $ldap->addUserToZrnTaoDB($this->config->ldap, $data, $password); + //设置用户默认权限 + $ldap->setDefaultUserGroup($account); + return parent::identify($account, $password); + } + } + //验证失败 + return false; + } +}