[4000] | 1 | <?php |
---|
| 2 | /*********************************************** |
---|
| 3 | * File : authLDAP.php |
---|
| 4 | * Project : Z-Push |
---|
| 5 | * Descr : Authenticate user in an Ldap Server |
---|
| 6 | * and get required information. |
---|
| 7 | * Parameters must be configured in config.php |
---|
| 8 | * This program is based on SearchLdap.php from Z-Push project. |
---|
| 9 | * |
---|
| 10 | * Created : emerson-faria.nobre@serpro.gov.br - 21/feb/2011 |
---|
| 11 | * |
---|
| 12 | * |
---|
| 13 | * This program is free software: you can redistribute it and/or modify |
---|
| 14 | * it under the terms of the GNU Affero General Public License, version 3, |
---|
| 15 | * as published by the Free Software Foundation with the following additional |
---|
| 16 | * term according to sec. 7: |
---|
| 17 | * |
---|
| 18 | * According to sec. 7 of the GNU Affero General Public License, version 3, |
---|
| 19 | * the terms of the AGPL are supplemented with the following terms: |
---|
| 20 | * |
---|
| 21 | * This program is distributed in the hope that it will be useful, |
---|
| 22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 24 | * GNU Affero General Public License for more details. |
---|
| 25 | * |
---|
| 26 | * You should have received a copy of the GNU Affero General Public License |
---|
| 27 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
---|
| 28 | * |
---|
| 29 | * Consult LICENSE file for details |
---|
| 30 | ************************************************/ |
---|
| 31 | |
---|
| 32 | require_once("config.php"); |
---|
| 33 | |
---|
| 34 | class AuthLDAP { |
---|
| 35 | var $_connection; |
---|
| 36 | |
---|
| 37 | // connect and bind with LDAP server and return UIDNUMBER |
---|
| 38 | function bind($user,$pwd) { |
---|
| 39 | if (!function_exists("ldap_connect")) { |
---|
| 40 | debugLog("AuthLDAP: php-ldap is not installed. Search aborted."); |
---|
| 41 | return false; |
---|
| 42 | } |
---|
| 43 | |
---|
| 44 | // connect to LDAP |
---|
| 45 | $this->_connection = @ldap_connect(LDAP_HOST, LDAP_PORT); |
---|
| 46 | @ldap_set_option($this->_connection, LDAP_OPT_PROTOCOL_VERSION, 3); |
---|
| 47 | |
---|
| 48 | // Authenticate |
---|
| 49 | if (constant('ANONYMOUS_BIND') === true) { |
---|
| 50 | if(! @ldap_bind($this->_connection)) { |
---|
| 51 | debugLog("AuthLDAP: Could not bind anonymously to server! Search aborted."); |
---|
| 52 | $this->_connection = false; |
---|
| 53 | return false; |
---|
| 54 | } |
---|
| 55 | } |
---|
| 56 | else if(! @ldap_bind($this->_connection, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) { |
---|
| 57 | debugLog("AuthLDAP: Could not bind to server with ADMIN user '".LDAP_BIND_USER."' and given password! Authentication aborted."); |
---|
| 58 | $this->_connection = false; |
---|
| 59 | return false; |
---|
| 60 | } |
---|
| 61 | $user_attributes = $this->getSearchResults($user); |
---|
| 62 | if (! $user_attributes or $user_attributes["searchtotal"] !== 1) { |
---|
| 63 | debugLog("AuthLDAP: Could not retrieve user $user information. Authentication aborted."); |
---|
| 64 | $this->_connection = false; |
---|
| 65 | return false; |
---|
| 66 | } |
---|
| 67 | if(! @ldap_bind($this->_connection, $user_attributes[0]["DN"], $pwd)) { |
---|
| 68 | debugLog("AuthLDAP: Could not bind to server with LOGON user '".$user."' and given password! Authentication aborted."); |
---|
| 69 | $this->_connection = false; |
---|
| 70 | return false; |
---|
| 71 | } else return $user_attributes[0]["UIDNUMBER"]; |
---|
| 72 | } |
---|
| 73 | |
---|
| 74 | // perfom the search on the LDAP server |
---|
| 75 | function getSearchResults($searchquery) { |
---|
| 76 | global $ldap_field_map; |
---|
| 77 | if (isset($this->_connection) && $this->_connection !== false) { |
---|
| 78 | $searchfilter = str_replace("SEARCHVALUE", ",", $searchquery); |
---|
| 79 | } |
---|
| 80 | |
---|
| 81 | if (isset($this->_connection) && $this->_connection !== false) { |
---|
| 82 | $searchfilter = str_replace("SEARCHVALUE", $searchquery, LDAP_SEARCH_FILTER); |
---|
| 83 | $result = @ldap_search($this->_connection, LDAP_SEARCH_BASE, $searchfilter); |
---|
| 84 | if (!$result) { |
---|
| 85 | debugLog("AuthLDAP: Error in search query. Search aborted"); |
---|
| 86 | return false; |
---|
| 87 | } |
---|
| 88 | |
---|
| 89 | // get entry data as array |
---|
| 90 | $searchresult = ldap_get_entries($this->_connection, $result); |
---|
| 91 | |
---|
| 92 | $items = array(); |
---|
| 93 | $querycnt = $searchresult['count']; |
---|
| 94 | $items['searchtotal'] = $querycnt; |
---|
| 95 | |
---|
| 96 | foreach ($ldap_field_map as $key=>$value ) { |
---|
| 97 | if (isset($searchresult[0][$value])) { |
---|
| 98 | if (is_array($searchresult[0][$value])) |
---|
| 99 | $items[0][$key] = $searchresult[0][$value][0]; |
---|
| 100 | else |
---|
| 101 | $items[0][$key] = $searchresult[0][$value]; |
---|
| 102 | } |
---|
| 103 | } |
---|
| 104 | return $items; |
---|
| 105 | } |
---|
| 106 | else return false; |
---|
| 107 | } |
---|
| 108 | |
---|
| 109 | function disconnect() { |
---|
| 110 | if ($this->_connection) |
---|
| 111 | @ldap_close($this->_connection); |
---|
| 112 | |
---|
| 113 | return true; |
---|
| 114 | } |
---|
| 115 | } |
---|
| 116 | ?> |
---|