auth_ldap.php

Go to the documentation of this file.

<?php
defined('XOOPS_ROOT_PATH') or die('Restricted access');

if (file_exists($file = $GLOBALS['xoops']->path('class/auth/auth_provisionning.php'))) {
    include_once $file;
}

if (!class_exists('XoopsAuthProvisionning')) {
    trigger_error('Required class XoopsAuthProvisionning was not found at line ' . __FILE__ . ' at line ' . __LINE__, E_USER_WARNING);
    return false;
}

class XoopsAuthLdap extends XoopsAuth
{
    var $cp1252_map = array("\xc2\x80" => "\xe2\x82\xac" , 
    "\xc2\x82" => "\xe2\x80\x9a" , 
    "\xc2\x83" => "\xc6\x92" , 
    "\xc2\x84" => "\xe2\x80\x9e" , 
    "\xc2\x85" => "\xe2\x80\xa6" , 
    "\xc2\x86" => "\xe2\x80\xa0" , 
    "\xc2\x87" => "\xe2\x80\xa1" , 
    "\xc2\x88" => "\xcb\x86" , 
    "\xc2\x89" => "\xe2\x80\xb0" , 
    "\xc2\x8a" => "\xc5\xa0" , 
    "\xc2\x8b" => "\xe2\x80\xb9" , 
    "\xc2\x8c" => "\xc5\x92" , 
    "\xc2\x8e" => "\xc5\xbd" , 
    "\xc2\x91" => "\xe2\x80\x98" , 
    "\xc2\x92" => "\xe2\x80\x99" , 
    "\xc2\x93" => "\xe2\x80\x9c" , 
    "\xc2\x94" => "\xe2\x80\x9d" , 
    "\xc2\x95" => "\xe2\x80\xa2" , 
    "\xc2\x96" => "\xe2\x80\x93" , 
    "\xc2\x97" => "\xe2\x80\x94" , 
    "\xc2\x98" => "\xcb\x9c" , 
    "\xc2\x99" => "\xe2\x84\xa2" , 
    "\xc2\x9a" => "\xc5\xa1" , 
    "\xc2\x9b" => "\xe2\x80\xba" , 
    "\xc2\x9c" => "\xc5\x93" , 
    "\xc2\x9e" => "\xc5\xbe" , 
    "\xc2\x9f" => "\xc5\xb8");
    var $ldap_server;
    var $ldap_port = '389';
    var $ldap_version = '3';
    var $ldap_base_dn;
    var $ldap_loginname_asdn;
    var $ldap_loginldap_attr;
    var $ldap_mail_attr;
    var $ldap_name_attr;
    var $ldap_surname_attr;
    var $ldap_givenname_attr;
    var $ldap_manager_dn;
    var $ldap_manager_pass;
    var $_ds;

    function XoopsAuthLdap(&$dao)
    {
        $this->_dao = $dao;
        // The config handler object allows us to look at the configuration options that are stored in the database
        $config_handler =& xoops_gethandler('config');
        $config = $config_handler->getConfigsByCat(XOOPS_CONF_AUTH);
        $confcount = count($config);
        foreach ($config as $key => $val) {
            $this->$key = $val;
        }
    }

    function cp1252_to_utf8($str)
    {
        return strtr(utf8_encode($str), $this->cp1252_map);
    }

    function authenticate($uname, $pwd = null)
    {
        $authenticated = false;
        if (!extension_loaded('ldap')) {
            $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);
            return $authenticated;
        }
        $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
        if ($this->_ds) {
            ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
            if ($this->ldap_use_TLS) { // We use TLS secure connection
                if (!ldap_start_tls($this->_ds)) {
                    $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
                }
            }
            // If the uid is not in the DN we proceed to a search
            // The uid is not always in the dn
            $userDN = $this->getUserDN($uname);
            if (!$userDN) {
                return false;
            }
                // We bind as user to test the credentials
            $authenticated = ldap_bind($this->_ds, $userDN, stripslashes($pwd));
            if ($authenticated) {
                // We load the Xoops User database
                return $this->loadXoopsUser($userDN, $uname, $pwd);
            } else {
                $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userDN . ')');
            }
        } else {
            $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);
        }
        @ldap_close($this->_ds);
        return $authenticated;
    }

    function getUserDN($uname)
    {
        $userDN = false;
        if (!$this->ldap_loginname_asdn) {
            // Bind with the manager
            if (!ldap_bind($this->_ds, $this->ldap_manager_dn, stripslashes($this->ldap_manager_pass))) {
                $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $this->ldap_manager_dn . ')');
                return false;
            }
            $filter = $this->getFilter($uname);
            $sr = ldap_search($this->_ds, $this->ldap_base_dn, $filter);
            $info = ldap_get_entries($this->_ds, $sr);
            if ($info['count'] > 0) {
                $userDN = $info[0]['dn'];
            } else {
                $this->setErrors(0, sprintf(_AUTH_LDAP_USER_NOT_FOUND, $uname, $filter, $this->ldap_base_dn));
            }
        } else {
            $userDN = $this->ldap_loginldap_attr . '=' . $uname . ',' . $this->ldap_base_dn;
        }
        return $userDN;
    }

    function getFilter($uname)
    {
        $filter = '';
        if ($this->ldap_filter_person != '') {
            $filter = str_replace('@@loginname@@', $uname, $this->ldap_filter_person);
        } else {
            $filter = $this->ldap_loginldap_attr . '=' . $uname;
        }
        return $filter;
    }

    function loadXoopsUser($userdn, $uname, $pwd = null)
    {
        $provisHandler = XoopsAuthProvisionning::getInstance($this);
        $sr = ldap_read($this->_ds, $userdn, '(objectclass=*)');
        $entries = ldap_get_entries($this->_ds, $sr);
        if ($entries['count'] > 0) {
            $xoopsUser = $provisHandler->sync($entries[0], $uname, $pwd);
        } else {
            $this->setErrors(0, sprintf('loadXoopsUser - ' . _AUTH_LDAP_CANT_READ_ENTRY, $userdn));
        }
        return $xoopsUser;
    }
} // end class

?>