1 | <?php |
---|
2 | /*********************************************** |
---|
3 | * File : authLDAP.php |
---|
4 | * Project : Z-Push |
---|
5 | * Descr : Authenticate user in an Ldap Server |
---|
6 | * and get required information. |
---|
7 | * Parameters must be configured in config.php |
---|
8 | * This program is based on SearchLdap.php from Z-Push project. |
---|
9 | * |
---|
10 | * Created : emerson-faria.nobre@serpro.gov.br - 21/feb/2011 |
---|
11 | * |
---|
12 | * |
---|
13 | * This program is free software: you can redistribute it and/or modify |
---|
14 | * it under the terms of the GNU Affero General Public License, version 3, |
---|
15 | * as published by the Free Software Foundation with the following additional |
---|
16 | * term according to sec. 7: |
---|
17 | * |
---|
18 | * According to sec. 7 of the GNU Affero General Public License, version 3, |
---|
19 | * the terms of the AGPL are supplemented with the following terms: |
---|
20 | * |
---|
21 | * This program is distributed in the hope that it will be useful, |
---|
22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
24 | * GNU Affero General Public License for more details. |
---|
25 | * |
---|
26 | * You should have received a copy of the GNU Affero General Public License |
---|
27 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
---|
28 | * |
---|
29 | * Consult LICENSE file for details |
---|
30 | ************************************************/ |
---|
31 | |
---|
32 | require_once("config.php"); |
---|
33 | |
---|
34 | class AuthLDAP { |
---|
35 | var $_connection; |
---|
36 | |
---|
37 | // connect and bind with LDAP server and return UIDNUMBER |
---|
38 | function bind($user,$pwd) { |
---|
39 | if (!function_exists("ldap_connect")) { |
---|
40 | debugLog("AuthLDAP: php-ldap is not installed. Search aborted."); |
---|
41 | return false; |
---|
42 | } |
---|
43 | |
---|
44 | // connect to LDAP |
---|
45 | $this->_connection = @ldap_connect(LDAP_HOST, LDAP_PORT); |
---|
46 | @ldap_set_option($this->_connection, LDAP_OPT_PROTOCOL_VERSION, 3); |
---|
47 | |
---|
48 | // Authenticate |
---|
49 | if (constant('ANONYMOUS_BIND') === true) { |
---|
50 | if(! @ldap_bind($this->_connection)) { |
---|
51 | debugLog("AuthLDAP: Could not bind anonymously to server! Search aborted."); |
---|
52 | $this->_connection = false; |
---|
53 | return false; |
---|
54 | } |
---|
55 | } |
---|
56 | else if(! @ldap_bind($this->_connection, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) { |
---|
57 | debugLog("AuthLDAP: Could not bind to server with ADMIN user '".LDAP_BIND_USER."' and given password! Authentication aborted."); |
---|
58 | $this->_connection = false; |
---|
59 | return false; |
---|
60 | } |
---|
61 | $user_attributes = $this->getSearchResults($user); |
---|
62 | if (! $user_attributes or $user_attributes["searchtotal"] !== 1) { |
---|
63 | debugLog("AuthLDAP: Could not retrieve user $user information. Authentication aborted."); |
---|
64 | $this->_connection = false; |
---|
65 | return false; |
---|
66 | } |
---|
67 | if(! @ldap_bind($this->_connection, $user_attributes[0]["DN"], $pwd)) { |
---|
68 | debugLog("AuthLDAP: Could not bind to server with LOGON user '".$user."' and given password! Authentication aborted."); |
---|
69 | $this->_connection = false; |
---|
70 | return false; |
---|
71 | } else return $user_attributes[0]["UIDNUMBER"]; |
---|
72 | } |
---|
73 | |
---|
74 | // perfom the search on the LDAP server |
---|
75 | function getSearchResults($searchquery) { |
---|
76 | global $ldap_field_map; |
---|
77 | if (isset($this->_connection) && $this->_connection !== false) { |
---|
78 | $searchfilter = str_replace("SEARCHVALUE", ",", $searchquery); |
---|
79 | } |
---|
80 | |
---|
81 | if (isset($this->_connection) && $this->_connection !== false) { |
---|
82 | $searchfilter = str_replace("SEARCHVALUE", $searchquery, LDAP_SEARCH_FILTER); |
---|
83 | $result = @ldap_search($this->_connection, LDAP_SEARCH_BASE, $searchfilter); |
---|
84 | if (!$result) { |
---|
85 | debugLog("AuthLDAP: Error in search query. Search aborted"); |
---|
86 | return false; |
---|
87 | } |
---|
88 | |
---|
89 | // get entry data as array |
---|
90 | $searchresult = ldap_get_entries($this->_connection, $result); |
---|
91 | |
---|
92 | $items = array(); |
---|
93 | $querycnt = $searchresult['count']; |
---|
94 | $items['searchtotal'] = $querycnt; |
---|
95 | |
---|
96 | foreach ($ldap_field_map as $key=>$value ) { |
---|
97 | if (isset($searchresult[0][$value])) { |
---|
98 | if (is_array($searchresult[0][$value])) |
---|
99 | $items[0][$key] = $searchresult[0][$value][0]; |
---|
100 | else |
---|
101 | $items[0][$key] = $searchresult[0][$value]; |
---|
102 | } |
---|
103 | } |
---|
104 | return $items; |
---|
105 | } |
---|
106 | else return false; |
---|
107 | } |
---|
108 | |
---|
109 | function disconnect() { |
---|
110 | if ($this->_connection) |
---|
111 | @ldap_close($this->_connection); |
---|
112 | |
---|
113 | return true; |
---|
114 | } |
---|
115 | } |
---|
116 | ?> |
---|