/**
* {@inheritdoc}
*/
public function authenticate($username, $password, $preventRebind = false)
{
$auth = false;
try {
if ($this->configuration->getUseSSO()) {
// If SSO is enabled, we'll try binding over kerberos
$remoteUser = $this->getRemoteUserInput();
$kerberos = $this->getKerberosAuthInput();
// If the remote user input equals the username we're
// trying to authenticate, we'll perform the bind
if ($remoteUser == $username) {
$auth = $this->bindUsingKerberos($kerberos);
}
} else {
// Looks like SSO isn't enabled, we'll bind regularly instead
$auth = $this->bindUsingCredentials($username, $password);
}
} catch (AdldapException $e) {
if ($preventRebind === true) {
// Binding failed and we're not allowed
// to rebind, we'll return false
return $auth;
}
}
// If we're allowed to rebind, we'll rebind as administrator
if ($preventRebind === false) {
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
if (!$this->connection->isBound()) {
throw new AdldapException('Rebind to Active Directory failed. AD said: ' . $this->connection->getLastError());
}
}
return $auth;
}
/**
* {@inheritdoc}
*/
public function bindAsAdministrator()
{
$username = $this->configuration->getAdminUsername();
$password = $this->configuration->getAdminPassword();
$suffix = $this->configuration->getAdminAccountSuffix();
$this->bindUsingCredentials($username, $password, $suffix);
}
/**
* Binds to the LDAP server as the configured administrator.
*
* @throws AdldapException
*/
protected function bindAsAdministrator()
{
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
if ($this->connection->isBound() === false) {
$error = $this->connection->getLastError();
throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}");
}
}
/**
* {@inheritdoc}
*/
public function bindAsAdministrator()
{
$username = $this->configuration->getAdminUsername();
$password = $this->configuration->getAdminPassword();
$suffix = $this->configuration->getAdminAccountSuffix();
if (empty($suffix)) {
// Use the user account suffix if no administrator account suffix is given.
$suffix = $this->configuration->getAccountSuffix();
}
$this->bindUsingCredentials($username, $password, $suffix);
}
/**
* Binds to the LDAP server as the configured administrator.
*
* @throws AdldapException
*
* @return bool
*/
protected function bindAsAdministrator()
{
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$adminSuffix = $this->configuration->getAdminAccountSuffix();
if (empty($adminSuffix)) {
// If the admin suffix is empty, we'll use the default account suffix.
$adminSuffix = $this->configuration->getAccountSuffix();
}
$this->bindUsingCredentials($adminUsername, $adminPassword, $adminSuffix);
if ($this->connection->isBound() === false) {
$error = $this->connection->getLastError();
throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}");
}
return true;
}
/**
* {@inheritdoc}
*/
public function bindAsAdministrator()
{
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
}
