source: contrib/z-push/include/authldap.php @ 4000

Revision 4000, 3.9 KB checked in by emersonfaria, 13 years ago (diff)

Ticket #1746 - Criada autenticacao dos Backends no LDAP e corrigido bug de login alfanumerico
  • Property svn:executable set to *
Line 
1<?php
2/***********************************************
3 * File      :   authLDAP.php
4 * Project   :   Z-Push
5 * Descr     :   Authenticate user in an Ldap Server
6 *               and get required information.
7 *               Parameters must be configured in config.php
8 *               This program is based on SearchLdap.php from Z-Push project.
9 *
10 * Created   :   emerson-faria.nobre@serpro.gov.br - 21/feb/2011
11 *
12 *
13 * This program is free software: you can redistribute it and/or modify
14 * it under the terms of the GNU Affero General Public License, version 3,
15 * as published by the Free Software Foundation with the following additional
16 * term according to sec. 7:
17 *
18 * According to sec. 7 of the GNU Affero General Public License, version 3,
19 * the terms of the AGPL are supplemented with the following terms:
20 *
21 * This program is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU Affero General Public License for more details.
25 *
26 * You should have received a copy of the GNU Affero General Public License
27 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
28 *
29 * Consult LICENSE file for details
30 ************************************************/
31
32require_once("config.php");
33
34class AuthLDAP {
35        var $_connection;
36
37        // connect and bind with LDAP server and return UIDNUMBER
38        function bind($user,$pwd) {
39                if (!function_exists("ldap_connect")) {
40                        debugLog("AuthLDAP: php-ldap is not installed. Search aborted.");
41                        return false;
42                }
43
44                // connect to LDAP
45                $this->_connection = @ldap_connect(LDAP_HOST, LDAP_PORT);
46                @ldap_set_option($this->_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
47
48                // Authenticate
49                if (constant('ANONYMOUS_BIND') === true) {
50                        if(! @ldap_bind($this->_connection)) {
51                                debugLog("AuthLDAP: Could not bind anonymously to server! Search aborted.");
52                                $this->_connection = false;
53                                return false;
54                        }
55                }
56                else if(! @ldap_bind($this->_connection, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) {
57                        debugLog("AuthLDAP: Could not bind to server with ADMIN user '".LDAP_BIND_USER."' and given password! Authentication aborted.");
58                        $this->_connection = false;
59                        return false;
60                }
61                $user_attributes = $this->getSearchResults($user);
62                if (! $user_attributes or $user_attributes["searchtotal"] !== 1) {
63                        debugLog("AuthLDAP: Could not retrieve user $user information. Authentication aborted.");
64                        $this->_connection = false;
65                        return false;
66                }
67                if(! @ldap_bind($this->_connection, $user_attributes[0]["DN"], $pwd)) {
68                        debugLog("AuthLDAP: Could not bind to server with LOGON user '".$user."' and given password! Authentication aborted.");
69                        $this->_connection = false;
70                        return false;
71                } else return $user_attributes[0]["UIDNUMBER"];
72        }
73
74        // perfom the search on the LDAP server
75        function getSearchResults($searchquery) {
76                global $ldap_field_map;
77                if (isset($this->_connection) && $this->_connection !== false) {
78                        $searchfilter = str_replace("SEARCHVALUE", ",", $searchquery);
79                }
80
81                if (isset($this->_connection) && $this->_connection !== false) {
82                        $searchfilter = str_replace("SEARCHVALUE", $searchquery, LDAP_SEARCH_FILTER);
83                        $result = @ldap_search($this->_connection, LDAP_SEARCH_BASE, $searchfilter);
84                        if (!$result) {
85                                debugLog("AuthLDAP: Error in search query. Search aborted");
86                                return false;
87                        }
88
89                        // get entry data as array
90                        $searchresult = ldap_get_entries($this->_connection, $result);
91
92                        $items = array();
93                        $querycnt = $searchresult['count'];
94                        $items['searchtotal'] = $querycnt;
95
96                        foreach ($ldap_field_map as $key=>$value ) {
97                                if (isset($searchresult[0][$value])) {
98                                        if (is_array($searchresult[0][$value]))
99                                        $items[0][$key] = $searchresult[0][$value][0];
100                                        else
101                                        $items[0][$key] = $searchresult[0][$value];
102                                }
103                        }
104                        return $items;
105                }
106                else return false;
107        }
108
109        function disconnect() {
110                if ($this->_connection)
111                @ldap_close($this->_connection);
112
113                return true;
114        }
115}
116?>
Note: See TracBrowser for help on using the repository browser.