XOOPS  2.6.0
Ldap.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
12 namespace Xoops\Auth;
13 
15 
27 class Ldap extends AuthAbstract
28 {
29 
33  public $ldap_server;
34 
39  public $ldap_port = '389';
43  public $ldap_version = '3';
44 
48  public $ldap_base_dn;
49 
54 
59 
64 
69 
74 
79 
84 
89 
93  public $ds;
94 
98  public $ldap_use_TLS;
99 
104 
109 
115  public function __construct(Connection $dao = null)
116  {
117  if (!extension_loaded('ldap')) {
118  trigger_error(sprintf(\XoopsLocale::F_EXTENSION_PHP_NOT_LOADED, 'LDAP'), E_USER_ERROR);
119  return;
120  }
121 
123  $this->dao = $dao;
124  //Configuration options that are stored in the database
125  $configs = $xoops->getConfigs();
126  foreach ($configs as $key => $val) {
127  $this->$key = $val;
128  }
129  }
130 
142  public function authenticate($uname, $pwd = null)
143  {
144  $authenticated = false;
145  $this->ds = ldap_connect($this->ldap_server, $this->ldap_port);
146  if ($this->ds) {
147  ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
148  if ($this->ldap_use_TLS) { // We use TLS secure connection
149  if (!ldap_start_tls($this->ds)) {
151  }
152  }
153  // If the uid is not in the DN we proceed to a search
154  // The uid is not always in the dn
155  $userDN = $this->getUserDN($uname);
156  if (!(is_string($userDN))) {
157  return false;
158  }
159  // We bind as user to test the credentials
160  $authenticated = ldap_bind($this->ds, $userDN, stripslashes($pwd));
161  if ($authenticated) {
162  // We load the Xoops User database
163  return $this->loadXoopsUser($userDN, $uname, $pwd);
164  } else {
165  $this->setErrors(ldap_errno($this->ds), ldap_err2str(ldap_errno($this->ds)) . '(' . $userDN . ')');
166  }
167  } else {
169  }
170  @ldap_close($this->ds);
171 
172  return $authenticated;
173  }
174 
182  public function getUserDN($uname)
183  {
184  $userDN = false;
185  if (!$this->ldap_loginname_asdn) {
186  // Bind with the manager
187  if (!ldap_bind($this->ds, $this->ldap_manager_dn, stripslashes($this->ldap_manager_pass))) {
188  $this->setErrors(
189  ldap_errno($this->ds),
190  ldap_err2str(ldap_errno($this->ds)) . '(' . $this->ldap_manager_dn . ')'
191  );
192 
193  return false;
194  }
195  $filter = $this->getFilter($uname);
196  $sr = ldap_search($this->ds, $this->ldap_base_dn, $filter);
197  $info = ldap_get_entries($this->ds, $sr);
198  if ($info['count'] > 0) {
199  $userDN = $info[0]['dn'];
200  } else {
201  $this->setErrors(0, sprintf(
203  $uname,
204  $filter,
205  $this->ldap_base_dn
206  ));
207  }
208  } else {
209  $userDN = $this->ldap_loginldap_attr . '=' . $uname . ',' . $this->ldap_base_dn;
210  }
211 
212  return $userDN;
213  }
214 
222  public function getFilter($uname)
223  {
224  if ($this->ldap_filter_person != '') {
225  $filter = str_replace('@@loginname@@', $uname, $this->ldap_filter_person);
226  } else {
227  $filter = $this->ldap_loginldap_attr . '=' . $uname;
228  }
229 
230  return $filter;
231  }
232 
242  public function loadXoopsUser($userdn, $uname, $pwd = null)
243  {
244  $xoopsUser = false;
245  $provisHandler = Provisioning::getInstance($this);
246  $sr = ldap_read($this->ds, $userdn, '(objectclass=*)');
247  $entries = ldap_get_entries($this->ds, $sr);
248  if ($entries['count'] > 0) {
249  $xoopsUser = $provisHandler->sync($entries[0], $uname, $pwd);
250  } else {
251  $this->setErrors(0, sprintf('loadXoopsUser - ' . \XoopsLocale::EF_ENTRY_NOT_READ, $userdn));
252  }
253 
254  return $xoopsUser;
255  }
256 }
const F_EXTENSION_PHP_NOT_LOADED
Definition: en_US.php:451
const EF_ENTRY_NOT_READ
Definition: en_US.php:238
authenticate($uname, $pwd=null)
Definition: Ldap.php:142
$ldap_givenname_attr
Definition: Ldap.php:78
static getInstance()
Definition: Xoops.php:160
loadXoopsUser($userdn, $uname, $pwd=null)
Definition: Ldap.php:242
const E_CANNOT_CONNECT_TO_SERVER
Definition: en_US.php:313
getFilter($uname)
Definition: Ldap.php:222
setErrors($err_no, $err_str)
else $filter
Definition: dialog.php:95
$xoops
Definition: admin.php:25
global $xoopsUser
Definition: config.php:132
if(isset($_POST['name'])) $info
Definition: execute.php:57
$ldap_loginldap_attr
Definition: Ldap.php:58
$configs
Definition: config.php:27
$ldap_surname_attr
Definition: Ldap.php:73
$ldap_manager_pass
Definition: Ldap.php:88
const E_TLS_CONNECTION_NOT_OPENED
Definition: en_US.php:370
$ldap_loginname_asdn
Definition: Ldap.php:53
$uname
Definition: checklogin.php:37
static getInstance(AuthAbstract $auth_instance)
__construct(Connection $dao=null)
Definition: Ldap.php:115
getUserDN($uname)
Definition: Ldap.php:182
const EF_USER_NOT_FOUND_IN_DIRECTORY_SERVER
Definition: en_US.php:278