1

我正在尝试部署一个 cakePHP 应用程序,该应用程序在 Windows 中完全可以正常工作。我使用 LdapUser 模型通过 Active Directory 进行身份验证:

Ldap用户:

<?php
class LdapUser extends AppModel
{
var $name = 'LdapUser';
var $useTable = false;

var $myCompany_ldap = "x.x.x.x";
//var $myCompany_ldap_config = array ('basedn' => 'CN=x,DC=x,DC=x');
var $basedn = 'CN=x,DC=x,DC=x';
var $myCompany_ldap_domain = "x.x";
 //  var $user       = "x@x.x";
 // var $pass       = "x!"; 
var  $exists = false;
var $ds;


function __construct()
{
parent::__construct();

ini_set('max_execution_time', 300); //300 seconds = 5 minutes
$this->ds=ldap_connect( $this->myCompany_ldap );

// print_r($this->basedn);
// debug($this->ds);
// print_r($this->ds);

ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3);

print_r($this->res);

//debug($this->exists);
//print_r($this->exists);
}

function __destruct()
{

    ldap_close($this->ds);
   // $this->loadModel('Cookie');
  //  $this->Cookie->destroy();
} 


function isConnected(){


    return ldap_bind($this->ds, $this->basedn);

}



function isLdapUser($user, $pass){

     $this->exists = ldap_bind($this->ds, $user, $pass);
    // debug($this->exists);
     //debug($user);
    // debug($pass);
        return $this->exists;

  } 

 } 

然后在 UserController 里面的 login 函数中:

    // Login User
public function login() {

    // Check if the user is already logged in
    if ($this->Session->check('Auth.User.id')){ 

        // Redirect to login page
        $this->redirect($this->Auth->loginRedirect); 
    }
    else{
        // If the user is not logged in


        session_set_cookie_params(0); 

        // If the request is a POST request
        if ($this->request->is('post')) { 
            //get credentials
            $this->username = $this->request->data['User']['username'];
            $this->password = $this->request->data['User']['password'];
            $this->domain = $this->request->data['User']['domain'];
            //debug($this->username);
            debug($this->domain) ;

            if ($this->Auth->login() ) { 
                // Successful login
                //Check if specific user exists in LDAP:
                $this->loadModel('LdapUser');

                $this->ds = $this->LdapUser->isConnected();
                //print_r('Ldap status: '. $this->ds);
                //debug($this->ds) ;
                //echo $this->ds;

                $this->isLdapUser =
                                     $this->LdapUser->isLdapUser($this->username .

                //debug($this->isLdapUser);
if ( $this->username =='tsc' || $this->ds  ){ 
if ($this->isLdapUser ||     'tsc' ) {
// Get all the user information and store in Session
$this->User->id = $this->Auth->user('id');
$this->User->contain(array('User', 'Role' => array('Ui', 'Action.name')));
$this->Session->write('User', $this->User->read());

$actions = array();
foreach ($this->Session->read('User.Role.Action') as $key => $value){
     array_push($actions, $value['name']);
                        }
$this->Session->write('User.Role.Action', $actions);

// Render different layout depending on user type
if($this->Session->read('User.Role.Ui.name') == Configure::read('usertype.msp')){
    $this->Session->write('SessionValues.ui', Configure::read('usertype.msp'));
$this->Auth->loginRedirect = array('controller' => 'PortStats', 'action' => 
    'index');
}
else if($this->Session->read('User.Role.Ui.name') == 
    Configure::read('usertype.tsc')){
     $this->Session->write('SessionValues.ui', Configure::read('usertype.tsc'));

$this->Auth->loginRedirect = array('controller' => 'PortStats', 'action' => 
    'index');
}
else if($this->Session->read('User.Role.Ui.name') == 
    Configure::read('usertype.superAdminUserType')){
$this->Auth->loginRedirect = array('controller' => 'uis', 'action' => 'index');
                        }

    // Redirect to main login page
    $this->redirect($this->Auth->loginRedirect);


}
else {
// Failed login
session_destroy();
$this->Session->setFlash(__('Login failed: access not granted'), 'default', 
    array(), 'fail');

    }

    }
else {


// Failed login
session_destroy();
$this->Session->setFlash(__('Login failed: LDAP out of reach'), 'default', 
array(), 'fail');               
}
} 
else { 

// Failed login
$this->Session->setFlash(__('Invalid username or password, please try again'), 
'default', array(), 'fail');                
            }
        }
    }
}

我得到:

    Warning (2): ldap_bind() [http://php.net/function.ldap-bind]: Unable to bind to    
    server: Invalid credentials [APP/Model/LdapUser.php, line 56]
     Warning (512): Model "User" is not associated with model "User" [CORE/Cake/Model  
     /Behavior/ContainableBehavior.php, line 339]

我的猜测是,这可能是 platofrms 之间区分大小写的问题,但在 Ubuntu 中不起作用真的很麻烦......

[编辑]有我的用户模型:

<?php
 App::uses('AuthComponent', 'Controller/Component');
 class User extends AppModel {

public $name = 'User';
var $actsAs = array('Containable');

// Define which database to use
var $useDbConfig = 'myDb';

// Many-To-One relationship
var $belongsTo = array('Role');

// validation of input data
public $validate = array(
'username' => array(
'required' => array(
'rule' => 'notEmpty',
'message' => 'A username is required'
                ),
'isUnique' => array (
'rule' => 'isUnique',
'message' => 'This username already exists'
                )           
        ),
        'password' => array (
        'not_empty' => array (
        'rule' => 'notEmpty',
        'message' => 'The field "Password" cannot be empty'
        ),
        'between_chars' => array (
        'rule' => array ('between', 4, 10),
        'message' => 'Password must be between 4 and 10 chars'
                )
        ),
        'passwordVerify' => array(
        'not_empty' => array (
        'rule' => 'notEmpty',
        'message' => 'The field "Confirm Password" cannot be empty'
        ),
        'match_password' => array (
        'rule' => 'matchPasswords',
        'message' => '"Confirm Password" must be the same as "Password"'
                )
        ),
        'name' => array(
                'required' => array(
                'rule' => array('notEmpty'),
                'message' => 'A name is required'
                )
        ),
        'surname' => array(
        'required' => array(
        'rule' => array('notEmpty'),
        'message' => 'A surname is required'
                )
        ),          
        'role_id' => array(
                'valid' => array(
                        'rule' => 'notEmpty',
        'message' => 'Please enter a valid role',
                        'allowEmpty' => false
                )
        ),
        'oldPassword' => array (
                'match_password' => array (
                        'rule' => 'matchOldPassword',
                        'message' => 'Invalid password'
                ),
                'required' => array (
'rule' => 'requiredOldPassword',
'message' => '"Current Password" is required if you wish to edit the password'
                )
        ),
        'newPassword' => array (
        'required' => array (
        'rule' => 'requiredNewPassword',
    'message' => '"New Password" is required if you wish to edit the password'
                ),
                'between_chars' => array (
                        'rule' => 'lengthNewPassword',
    'message' => 'Password must be between 4 and 10 chars'
                )
        ),
        'newPasswordVerify' => array (
    'required' => array (
    'rule' => 'requiredNewPasswordVerify',
'message' => '"Confirm Password" is required if you wish to edit the password'
                ),
'match_password' => array (
'rule' => 'matchNewPasswordVerify',
'message' => '"Confirm Password" must be the same as "New Password"'
                )
        )
);

// Verify that password and password verification match when creating a new user
public function matchPasswords ($data) {
if ($this->data['User']['password'] == $this->data['User']['passwordVerify']) {  
                return true;
    } else {    
        return false;
    }           
}



public function matchOldPassword ($data) {


       if (!empty($this->data['User']['oldPassword'])){ // when an input is given for 
        'oldPassword'...
if ($_SESSION['User']['User']['password'] == 
     AuthComponent::password($this->data['User']['oldPassword'])) { // when password 
      is correct (equal to 'password')
            return true;
        } else { // when password is invalid (not equal to 'password')
            return false;
        }
    }
    return false; // default value when 'oldPassword' is empty
}

// Verify that a value for 'oldPassword' (current password) is given when 
    'newPassword' or 'newPasswordVerify' are also given during the procedure of 
     editing the password
public function requiredOldPassword ($data) {
if (!empty($this->data['User']['newPassword']) || !empty($this->data['User']
    ['newPasswordVerify'])){ // when an input is given for 'newPassword' or 
    'newPasswordVerify'...
if (!empty($this->data['User']['oldPassword'])){ // when an input is given for 
oldPassword...
            return true;
        } else { // when no input is given for oldPassword...
            return false;
        }
    }
    return false; // default value when 'newPassword' and 'newPasswordVerify' 
are left empty
}

// Verify that a value for 'newPassword' (current password) is given when 

public function requiredNewPassword ($data) {
    if (!empty($this->data['User']['oldPassword']) || 
!empty($this->data['User']['newPasswordVerify'])){ // when an input is given for   
 'oldPassword' or 'newPasswordVerify'...
        if (!empty($this->data['User']['newPassword'])){ 
            return true;
        } else { // when no input is given for newPassword...
            return false;
        }
    }
    return false; 
}

// Verify that 'newPassword' has an appropriate length
public function lengthNewPassword ($data) {
    if (!empty($this->data['User']['newPassword'])) { )>=4 && .
strlen($this->data['User']['newPassword'])<=10){ // when length is valid..
            return true;
        } else { // when length is invalid...
            return false;
        }
    }
    return false; // default value when 'newPassword' is left empty
}


public function matchNewPasswordVerify ($data) {
if ($this->data['User']['newPassword'] == $this->data['User']
['newPasswordVerify']) {
        return true;
    } else {
        return false;
    }
}


public function requiredNewPasswordVerify ($data) {
    if (!empty($this->data['User']['oldPassword']) || 
!empty($this->data['User']['newPassword'])){ // when an input is given for 
'oldPassword' or 'newPassword'...
        if (!empty($this->data['User']['newPasswordVerify'])){ // when an 
            return true;
        } else { // when no input is given for newPasswordVerify...
            return false;
        }
    }
    return false; // default value when 'oldPassword' and 'newPassword' are left empty
}

// Password stored with SHA1 (cakePHP default) or MD5 hashing algorithm
public function beforeSave($options = array()) {
    if (isset($this->data[$this->alias]['password'])) {
        $this->data[$this->alias]['password'] = 
AuthComponent::password($this->data[$this->alias]['password']);
        //$this->data['User']['password'] = md5($this->data['User']
['password']); // MD5 hashing algorithm
    }
    return true;
}

var $hasMany = array(
    'MspDashboard' => array(
        'className' => 'MspDashboard',
        'foreignKey' => 'user_id',
        'dependent' => false,
        'conditions' => '',
        'fields' => '',
        'order' => '',
        'limit' => '',
        'offset' => '',
        'exclusive' => '',
        'finderQuery' => '',
        'counterQuery' => ''
    )
);
   }

[编辑]:我倾向于认为警告不是我的问题的原因:它发生在两个平台上,但不应该中断网站的功能。

因此,当在调试级别 = 2 的窗口中时,我看到: 视窗

但是在 ubuntu 中,我得到的只是这个屏幕,看起来有问题:

ubuntu

4

2 回答 2

2

关于 512 相关错误:

$this->User->contain(array('User', 'Role' => array('Ui', 'Action.name')));

改成:

$this->User->contain(array('Role' => array('Ui', 'Action.name')));

不包含模型本身。

关于 LDAP 错误,似乎是这一行:

$this->exists = ldap_bind($this->ds, $user, $pass);

我会从一些这样的代码开始调试:

var_dump($this->ds);
var_dump($user);
var_dump($pass);
$this->exists = ldap_bind($this->ds, $user, $pass);

将此数据复制粘贴到某个 LDAP 工具中,并首先验证它们是否正确。

试试这个函数来获取更多的错误信息: http: //php.net/manual/en/function.ldap-error.php

于 2013-09-02T08:33:58.797 回答
0

好的,谜团解决了:

警告与此无关:

这行代码容易出错:

if ($this->isLdapUser ||     'tsc' ) {
.......

用户 tsc 是本地数据库中的管理员,并且在 ldap 中不存在,因此肯定会从 ldap_bind 超时,看起来 Ubuntu 平台会在浏览器超时时使我的应用程序崩溃。相反,我的本地机器将在超时时间等待并继续登录。

我刚刚修改了我的代码,所以管理员用户 'tsc' 将直接登录,而无需从 ldap auth 传递。

于 2013-09-09T16:51:19.157 回答