Hi, Realizing that this may be a somewhat niche need, we have a use case where we'd like self-service-password to be able to operate on multiple directories on the same server. I have implemented this by defining a new "Directory" field on the various pages, in the form of a select list of directories defined in the config file.
If you think this would be useful functionality, please feel free to include this in the self-service-password tool (with whatever cleanups/modifications you may feel are necessary). If not, then I'll just throw this out there in case any other users have a similar use case to mine. (Note: I have only done the localization for the English language here, but porting that to the rest of the supported languages should be fairly trivial.) Thanks. -- Greg Veldman IT Infrastructure Services, Purdue University [email protected] | (765)-496-2456
--- conf/config.inc.php.orig 2017-02-16 09:42:49.480259994 -0600 +++ conf/config.inc.php 2017-02-16 09:33:36.441379373 -0600 @@ -23,11 +23,15 @@ # Configuration #============================================================================== # LDAP +$ldap_directories = array ( + "One" => "dc=one,dc=example,dc=com", + "Two" => "dc=two,dc=example,dc=com", +); $ldap_url = "ldap://localhost";; $ldap_starttls = false; -$ldap_binddn = "cn=manager,dc=example,dc=com"; +$ldap_binddn = "cn=manager,{directory}"; $ldap_bindpw = "secret"; -$ldap_base = "dc=example,dc=com"; +$ldap_base = "{directory}"; $ldap_login_attribute = "uid"; $ldap_fullname_attribute = "cn"; $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))"; --- lang/en.inc.php.orig 2017-02-16 09:20:32.227250273 -0600 +++ lang/en.inc.php 2017-02-16 08:57:48.583814434 -0600 @@ -35,6 +35,7 @@ $messages['passworderror'] = "Password was refused by the LDAP directory"; $messages['title'] = "Self service password"; $messages['login'] = "Login"; +$messages['directory'] = "Directory"; $messages['oldpassword'] = "Old password"; $messages['newpassword'] = "New password"; $messages['confirmpassword'] = "Confirm"; --- pages/change.php.orig 2017-02-15 14:58:26.410812333 -0600 +++ pages/change.php 2017-02-16 09:13:54.624585647 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $confirmpassword = ""; $newpassword = ""; $oldpassword = ""; @@ -43,11 +44,14 @@ else { $result = "oldpasswordrequired"; } if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = $_REQUEST["login"]; } else { $result = "loginrequired"; } +if (isset($_REQUEST["directory"]) and $_REQUEST["directory"]) { $directory = $_REQUEST["directory"]; } + else { $result = "loginrequired"; } if (! isset($_REQUEST["login"]) and ! isset($_POST["confirmpassword"]) and ! isset($_POST["newpassword"]) and ! isset($_POST["oldpassword"])) { $result = "emptychangeform"; } # Strip slashes added by PHP $login = stripslashes_if_gpc_magic_quotes($login); +$directory = stripslashes_if_gpc_magic_quotes($directory); $oldpassword = stripslashes_if_gpc_magic_quotes($oldpassword); $newpassword = stripslashes_if_gpc_magic_quotes($newpassword); $confirmpassword = stripslashes_if_gpc_magic_quotes($confirmpassword); @@ -57,6 +61,11 @@ $result = check_username_validity($login,$login_forbidden_chars); } +# Check the entered directory for characters that our installation doesn't support +if ( $result === "" ) { + $result = check_username_validity($directory,$login_forbidden_chars); +} + # Match new and confirm password if ( $newpassword != $confirmpassword ) { $result="nomatch"; } @@ -93,6 +102,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -106,6 +116,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -245,6 +256,23 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <select name="directory" id="directory"> + <?php + foreach ($ldap_directories as $name => $base) { + echo "<option value=\"$base\">$name</option>\n"; + unset($base); + unset($name); + } + ?> + </select> + </div> + </div> + </div> <div class="form-group"> <label for="oldpassword" class="col-sm-4 control-label"><?php echo $messages["oldpassword"]; ?></label> <div class="col-sm-8"> --- pages/sendsms.php.orig 2017-02-15 14:58:55.608575486 -0600 +++ pages/sendsms.php 2017-02-16 09:14:46.670982783 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $sms = ""; $ldap = ""; $userdn = ""; @@ -58,10 +59,11 @@ session_name("smstoken"); session_start(); $login = $_SESSION['login']; + $directory = $_SESSION['directory']; $sessiontoken = $_SESSION['smstoken']; $attempts = $_SESSION['attempts']; - if ( !$login or !$sessiontoken) { + if ( !$login or !$directory or !$sessiontoken) { $result = "tokennotvalid"; error_log("Unable to open session $smstokenid"); } elseif ($sessiontoken != $smstoken) { @@ -96,21 +98,29 @@ $decrypted_sms_login = explode(':', decrypt($_REQUEST["encrypted_sms_login"], $keyphrase)); $sms = $decrypted_sms_login[0]; $login = $decrypted_sms_login[1]; + $directory = $decrypted_sms_login[2]; $result = "sendsms"; -} elseif (isset($_REQUEST["login"]) and $_REQUEST["login"]) { +} elseif (isset($_REQUEST["login"]) and $_REQUEST["login"] and isset($_REQUEST["directory"]) and $_REQUEST["directory"]) { $login = $_REQUEST["login"]; + $directory = $_REQUEST["directory"]; } else { $result = "emptysendsmsform"; } # Strip slashes added by PHP $login = stripslashes_if_gpc_magic_quotes($login); +$directory = stripslashes_if_gpc_magic_quotes($directory); # Check the entered username for characters that our installation doesn't support if ( $result === "" ) { $result = check_username_validity($login,$login_forbidden_chars); } +# Check the entered directory for characters that our installation doesn't support +if ( $result === "" ) { + $result = check_username_validity($directory,$login_forbidden_chars); +} + #============================================================================== # Check reCAPTCHA #============================================================================== @@ -144,6 +154,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -157,6 +168,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -187,7 +199,7 @@ error_log("No SMS number found for user $login"); } else { $displayname = ldap_get_values($ldap, $entry, $ldap_fullname_attribute); - $encrypted_sms_login = encrypt("$sms:$login", $keyphrase); + $encrypted_sms_login = encrypt("$sms:$login:$directory", $keyphrase); $result = "smsuserfound"; } @@ -209,6 +221,7 @@ session_name("smstoken"); session_start(); $_SESSION['login'] = $login; + $_SESSION['directory'] = $directory; $_SESSION['smstoken'] = $smstoken; $_SESSION['time'] = time(); $_SESSION['attempts'] = 0; @@ -248,6 +261,7 @@ session_name("token"); session_start(); $_SESSION['login'] = $login; + $_SESSION['directory'] = $directory; $_SESSION['time'] = time(); $token = encrypt(session_id(), $keyphrase); @@ -321,6 +335,12 @@ </div> </div> <div class="form-group"> + <label class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <p class="form-control-static"><?php echo $directory; ?></p> + </div> + </div> + <div class="form-group"> <label class="col-sm-4 control-label"><?php echo $messages["sms"]; ?></label> <div class="col-sm-8"> <p class="form-control-static"><?php if ($sms_partially_hide_number) echo (substr_replace($sms, '****', 4 , 4)); else echo $sms;?></p> @@ -383,6 +403,23 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <select name="directory" id="directory"> + <?php + foreach ($ldap_directories as $name => $base) { + echo "<option value=\"$base\">$name</option>\n"; + unset($base); + unset($name); + } + ?> + </select> + </div> + </div> + </div> <?php if ($use_recaptcha) { ?> <div class="form-group"> <div class="col-sm-offset-4 col-sm-8"> --- pages/sendtoken.php.orig 2017-02-15 14:59:04.097797379 -0600 +++ pages/sendtoken.php 2017-02-16 09:14:59.768334314 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $mail = ""; $ldap = ""; $userdn = ""; @@ -36,11 +37,14 @@ else { $result = "mailrequired"; } if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = $_REQUEST["login"]; } else { $result = "loginrequired"; } -if (! isset($_POST["mail"]) and ! isset($_REQUEST["login"])) +if (isset($_REQUEST["directory"]) and $_REQUEST["directory"]) { $directory = $_REQUEST["directory"]; } + else { $result = "loginrequired"; } +if (! isset($_POST["mail"]) and ! isset($_REQUEST["login"]) and ! isset($_REQUEST["directory"])) { $result = "emptysendtokenform"; } # Strip slashes added by PHP $login = stripslashes_if_gpc_magic_quotes($login); +$directory = stripslashes_if_gpc_magic_quotes($directory); $mail = stripslashes_if_gpc_magic_quotes($mail); # Check the entered username for characters that our installation doesn't support @@ -48,6 +52,11 @@ $result = check_username_validity($login,$login_forbidden_chars); } +# Check the entered directory for characters that our installation doesn't support +if ( $result === "" ) { + $result = check_username_validity($directory,$login_forbidden_chars); +} + #============================================================================== # Check reCAPTCHA #============================================================================== @@ -81,6 +90,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -94,6 +104,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -146,6 +157,7 @@ session_name("token"); session_start(); $_SESSION['login'] = $login; + $_SESSION['directory'] = $directory; $_SESSION['time'] = time(); if ( $crypt_tokens ) { @@ -230,6 +242,23 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <select name="directory" id="directory"> + <?php + foreach ($ldap_directories as $name => $base) { + echo "<option value=\"$base\">$name</option>\n"; + unset($base); + unset($name); + } + ?> + </select> + </div> + </div> + </div> <div class="form-group"> <label for="mail" class="col-sm-4 control-label"><?php echo $messages["mail"]; ?></label> <div class="col-sm-8"> --- pages/resetbytoken.php.orig 2017-02-15 15:11:58.180042026 -0600 +++ pages/resetbytoken.php 2017-02-16 08:54:03.258835840 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $token = ""; $tokenid = ""; $newpassword = ""; @@ -66,8 +67,9 @@ session_name("token"); session_start(); $login = $_SESSION['login']; + $directory = $_SESSION['directory']; - if ( !$login ) { + if ( !$login or !$directory ) { $result = "tokennotvalid"; error_log("Unable to open session $tokenid"); } else { @@ -131,6 +133,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -144,6 +147,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -252,6 +256,15 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <input type="text" name="directory" id="directory" value="<?php echo htmlentities($directory) ?>" class="form-control" placeholder="<?php echo $messages["directory"]; ?>" /> + </div> + </div> + </div> <div class="form-group"> <label for="newpassword" class="col-sm-4 control-label"><?php echo $messages["newpassword"]; ?></label> <div class="col-sm-8"> --- pages/setquestions.php.orig 2017-02-16 10:37:13.344392825 -0600 +++ pages/setquestions.php 2017-02-16 10:41:39.593652890 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $password = ""; $question = ""; $answer = ""; @@ -41,11 +42,14 @@ else { $result = "passwordrequired"; } if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = $_REQUEST["login"]; } else { $result = "loginrequired"; } +if (isset($_REQUEST["directory"]) and $_REQUEST["directory"]) { $directory = $_REQUEST["directory"]; } + else { $result = "loginrequired"; } if (! isset($_POST["answer"]) and ! isset($_POST["question"]) and ! isset($_POST["password"]) and ! isset($_REQUEST["login"])) { $result = "emptysetquestionsform"; } # Strip slashes added by PHP $login = stripslashes_if_gpc_magic_quotes($login); +$directory = stripslashes_if_gpc_magic_quotes($directory); $password = stripslashes_if_gpc_magic_quotes($password); $question = stripslashes_if_gpc_magic_quotes($question); $answer = stripslashes_if_gpc_magic_quotes($answer); @@ -55,6 +59,11 @@ $result = check_username_validity($login,$login_forbidden_chars); } +# Check the entered directory for characters that our installation doesn't support +if ( $result === "" ) { + $result = check_username_validity($directory,$login_forbidden_chars); +} + #============================================================================== # Check reCAPTCHA #============================================================================== @@ -88,6 +97,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -101,6 +111,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -207,6 +218,23 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <select name="directory" id="directory"> + <?php + foreach ($ldap_directories as $name => $base) { + echo "<option value=\"$base\">$name</option>\n"; + unset($base); + unset($name); + } + ?> + </select> + </div> + </div> + </div> <div class="form-group"> <label for="password" class="col-sm-4 control-label"><?php echo $messages["password"]; ?></label> <div class="col-sm-8"> --- pages/resetbyquestions.php.orig 2017-02-16 10:37:20.501588128 -0600 +++ pages/resetbyquestions.php 2017-02-16 10:46:17.523220466 -0600 @@ -27,6 +27,7 @@ # Initiate vars $result = ""; $login = ""; +$directory = ""; $question = ""; $answer = ""; $newpassword = ""; @@ -46,11 +47,14 @@ else { $result = "questionrequired"; } if (isset($_REQUEST["login"]) and $_REQUEST["login"]) { $login = $_REQUEST["login"]; } else { $result = "loginrequired"; } +if (isset($_REQUEST["directory"]) and $_REQUEST["directory"]) { $directory = $_REQUEST["directory"]; } + else { $result = "loginrequired"; } if (! isset($_POST["confirmpassword"]) and ! isset($_POST["newpassword"]) and ! isset($_POST["answer"]) and ! isset($_POST["question"]) and ! isset($_REQUEST["login"])) { $result = "emptyresetbyquestionsform"; } # Strip slashes added by PHP $login = stripslashes_if_gpc_magic_quotes($login); +$directory = stripslashes_if_gpc_magic_quotes($directory); $question = stripslashes_if_gpc_magic_quotes($question); $answer = stripslashes_if_gpc_magic_quotes($answer); $newpassword = stripslashes_if_gpc_magic_quotes($newpassword); @@ -61,6 +65,11 @@ $result = check_username_validity($login,$login_forbidden_chars); } +# Check the entered directory for characters that our installation doesn't support +if ( $result === "" ) { + $result = check_username_validity($directory,$login_forbidden_chars); +} + #============================================================================== # Check reCAPTCHA #============================================================================== @@ -94,6 +103,7 @@ # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { + $ldap_binddn = str_replace("{directory}", $directory, $ldap_binddn); $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); @@ -107,6 +117,7 @@ # Search for user $ldap_filter = str_replace("{login}", $login, $ldap_filter); + $ldap_base = str_replace("{directory}", $directory, $ldap_base); $search = ldap_search($ldap, $ldap_base, $ldap_filter); $errno = ldap_errno($ldap); @@ -219,6 +230,23 @@ </div> </div> </div> + <div class="form-group"> + <label for="directory" class="col-sm-4 control-label"><?php echo $messages["directory"]; ?></label> + <div class="col-sm-8"> + <div class="input-group"> + <span class="input-group-addon"><i class="fa fa-user"></i></span> + <select name="directory" id="directory"> + <?php + foreach ($ldap_directories as $name => $base) { + echo "<option value=\"$base\">$name</option>\n"; + unset($base); + unset($name); + } + ?> + </select> + </div> + </div> + </div> <div class="form-group"> <label for="question" class="col-sm-4 control-label"><?php echo $messages["question"]; ?></label> <div class="col-sm-8">
_______________________________________________ ltb-dev mailing list [email protected] https://lists.ltb-project.org/cgi-bin/mailman/listinfo/ltb-dev
