wenil/amneziavpnphp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add LDAP/Active Directory integration with group-based access control

Browse Source 
- Add PHP LDAP extension to Docker container
- Implement LdapSync class for authentication and user synchronization
- Add automatic user sync via cron (every 30 minutes)
- Create role-based access control system (admin, manager, viewer)
- Add LDAP configuration UI in settings
- Support for both Active Directory and OpenLDAP
- Group-to-role mapping with flexible configuration
- Add 50+ translations (EN + RU) for LDAP features
- Include comprehensive setup documentation
- Enhance Auth::login() with LDAP fallback
- Add LDAP settings page with connection testing
This commit is contained in:
infosave2007
2025-11-10 17:46:27 +03:00
parent 406d3439e7
commit e7e901f6e5
13 changed files with 1141 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
inc/Auth.php
+29
View File
@@ -16,6 +16,35 @@ class Auth {
public static function login(string $email, string $password): bool {
$pdo = DB::conn();
$email = strtolower(trim($email));
// Try LDAP authentication first if enabled
$ldap = new LdapSync();
if ($ldap->isEnabled()) {
$ldapUser = $ldap->authenticate($email, $password);
if ($ldapUser) {
// LDAP auth successful - sync/create user in local DB
$stmt = $pdo->prepare('SELECT * FROM users WHERE ldap_dn = ? LIMIT 1');
$stmt->execute([$ldapUser['ldap_dn']]);
$user = $stmt->fetch();
if (!$user) {
// Create new LDAP user
$stmt = $pdo->prepare('INSERT INTO users (email, password_hash, name, role, status, ldap_synced, ldap_dn) VALUES (?, \'\', ?, ?, \'active\', 1, ?)');
$stmt->execute([$ldapUser['email'], $ldapUser['display_name'], $ldapUser['role'], $ldapUser['ldap_dn']]);
$userId = (int)$pdo->lastInsertId();
} else {
$userId = (int)$user['id'];
// Update user info from LDAP
$stmt = $pdo->prepare('UPDATE users SET email = ?, name = ?, role = ?, status = \'active\', last_login_at = NOW() WHERE id = ?');
$stmt->execute([$ldapUser['email'], $ldapUser['display_name'], $ldapUser['role'], $userId]);
}
$_SESSION['user_id'] = $userId;
return true;
}
}
// Fallback to local DB authentication
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = ? LIMIT 1');
$stmt->execute([$email]);
$user = $stmt->fetch();