diff --git a/contrib/openldap/core-fd-conf.schema b/contrib/openldap/core-fd-conf.schema
index 2b6939272dd8f7d5ae249d55f0d32cfdc463ea5c..6e9ac07ee6c7fee68079d1dafa4d4ded7befe54b 100644
--- a/contrib/openldap/core-fd-conf.schema
+++ b/contrib/openldap/core-fd-conf.schema
@@ -295,6 +295,12 @@ attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE)
+attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
+ DESC 'FusionDirectory - HTTP Auth activation'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+
# Debugging
attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
@@ -569,6 +575,7 @@ objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
fdPrimaryGroupFilter $ fdListSummary $
fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $
fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
+ fdHttpAuthActivated $
fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $
fdEnableSnapshots $ fdSnapshotBase $
fdTabHook $ fdShells $ fdDisplayHookOutput $
diff --git a/html/index.php b/html/index.php
index 0416310708c4fc50ece01162954666cc9015182e..e5db9d2c795d74117c2df34488a010cdde55714d 100644
--- a/html/index.php
+++ b/html/index.php
@@ -192,7 +192,7 @@ if (isset($_POST['server'])) {
}
$config->set_current($server);
-if ($config->get_cfg_value('casActivated') == 'TRUE') {
+if (($config->get_cfg_value('casActivated') == 'TRUE') || ($config->get_cfg_value('httpAuthActivated') == 'TRUE')) {
session::global_set('DEBUGLEVEL', 0);
}
@@ -351,6 +351,15 @@ class Index {
exit;
}
+ /* Return HTTP authentication header */
+ static function authenticateHeader($message = 'Authentication required')
+ {
+ header('WWW-Authenticate: Basic realm="FusionDirectory"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo "$message\n";
+ exit;
+ }
+
/* Run each step in $steps, stop on errors */
static function runSteps($steps)
{
@@ -393,6 +402,36 @@ class Index {
}
}
+ /* All login steps in the right order for HTTP auth login */
+ static function authLoginProcess()
+ {
+ global $config, $message, $ui;
+
+ self::init();
+
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ self::authenticateHeader();
+ }
+
+ self::$username = $_SERVER['PHP_AUTH_USER'];
+ self::$password = $_SERVER['PHP_AUTH_PW'];
+
+ $success = self::runSteps(array(
+ 'validateUserInput',
+ 'ldapLoginUser',
+ 'loginAndCheckExpired',
+ 'runSchemaCheck',
+ 'checkForLockingBranch',
+ ));
+
+ if ($success) {
+ /* Everything went well, redirect to main.php */
+ self::redirect();
+ } else {
+ self::authenticateHeader($message);
+ }
+ }
+
/* All login steps in the right order for CAS login */
static function casLoginProcess()
{
@@ -466,7 +505,9 @@ class Index {
}
}
-if ($config->get_cfg_value('casActivated') == 'TRUE') {
+if ($config->get_cfg_value('httpAuthActivated') == 'TRUE') {
+ Index::authLoginProcess();
+} elseif ($config->get_cfg_value('casActivated') == 'TRUE') {
require_once('CAS.php');
/* Move CASĂ‚ autoload before FD autoload */
spl_autoload_unregister('CAS_autoload');
diff --git a/plugins/config/class_configInLdap.inc b/plugins/config/class_configInLdap.inc
index f46e1c8809aac472994355a0112efc411175ece4..c1c931b8ba19ba9115b60ba69acf8cf08c7afe09 100644
--- a/plugins/config/class_configInLdap.inc
+++ b/plugins/config/class_configInLdap.inc
@@ -208,6 +208,11 @@ class configInLdap extends simplePlugin
'fdSessionLifeTime', TRUE,
0 /*min*/, FALSE /*no max*/, 1800
),
+ new BooleanAttribute (
+ _('HTTP authentication'), _('Use HTTPĂ‚ authentication protocol instead of the login form.'),
+ 'fdHttpAuthActivated', FALSE,
+ FALSE
+ ),
)
),
'snapshots' => array(
@@ -475,6 +480,15 @@ class configInLdap extends simplePlugin
$this->fusionConfigMd5 = md5_file(CACHE_DIR."/".CLASS_CACHE);
+ $this->attributesAccess['fdHttpAuthActivated']->setManagedAttributes(
+ array(
+ 'erase' => array (
+ TRUE => array (
+ 'fdCasActivated',
+ )
+ )
+ )
+ );
$this->attributesAccess['fdEnableSnapshots']->setManagedAttributes(
array(
'disable' => array (