/**
* {@inheritdoc}
*/
public function attempt($username, $password, $bindAsUser = false)
{
$this->validateCredentials($username, $password);
try {
if ($this->configuration->getUseSSO()) {
// If SSO is enabled, we'll try binding over kerberos
$remoteUser = $this->getRemoteUserInput();
$kerberos = $this->getKerberosAuthInput();
// If the remote user input equals the username we're
// trying to authenticate, we'll perform the bind.
if ($remoteUser == $username) {
$this->bindUsingKerberos($kerberos);
}
} else {
// Looks like SSO isn't enabled, we'll bind regularly instead.
$this->bindUsingCredentials($username, $password);
}
} catch (BindException $e) {
// We'll catch the BindException here to return false
// to allow developers to use a simple if / else
// using the authenticate method.
return false;
}
// If we're not allowed to bind as the user,
// we'll rebind as administrator.
if ($bindAsUser === false) {
// We won't catch any BindException here so
// developers can catch rebind failures.
$this->bindAsAdministrator();
}
// No bind exceptions, authentication passed.
return true;
}
/**
* {@inheritdoc}
*/
public function authenticate($username, $password, $preventRebind = false)
{
$auth = false;
try {
if ($this->configuration->getUseSSO()) {
// If SSO is enabled, we'll try binding over kerberos
$remoteUser = $this->getRemoteUserInput();
$kerberos = $this->getKerberosAuthInput();
// If the remote user input equals the username we're
// trying to authenticate, we'll perform the bind
if ($remoteUser == $username) {
$auth = $this->bindUsingKerberos($kerberos);
}
} else {
// Looks like SSO isn't enabled, we'll bind regularly instead
$auth = $this->bindUsingCredentials($username, $password);
}
} catch (AdldapException $e) {
if ($preventRebind === true) {
// Binding failed and we're not allowed
// to rebind, we'll return false
return $auth;
}
}
// If we're allowed to rebind, we'll rebind as administrator
if ($preventRebind === false) {
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
if (!$this->connection->isBound()) {
throw new AdldapException('Rebind to Active Directory failed. AD said: ' . $this->connection->getLastError());
}
}
return $auth;
}
/**
* {@inheritdoc}
*/
public function authenticate($username, $password, $bindAsUser = false)
{
$auth = false;
try {
if ($this->configuration->getUseSSO()) {
// If SSO is enabled, we'll try binding over kerberos
$remoteUser = $this->getRemoteUserInput();
$kerberos = $this->getKerberosAuthInput();
// If the remote user input equals the username we're
// trying to authenticate, we'll perform the bind
if ($remoteUser == $username) {
$auth = $this->bindUsingKerberos($kerberos);
}
} else {
$this->validateCredentials($username, $password);
// Looks like SSO isn't enabled, we'll bind regularly instead
$auth = $this->bindUsingCredentials($username, $password);
}
} catch (AdldapException $e) {
if ($bindAsUser === true) {
// Binding failed and we're not allowed
// to rebind, we'll return false
return $auth;
}
}
// If we're not allowed to bind as the
// user, we'll rebind as administrator.
if ($bindAsUser === false) {
$this->bindAsAdministrator();
}
return $auth;
}
/**
* Prepares the connection by setting configured parameters.
*
* @return void
*/
protected function prepareConnection()
{
// Set the beginning protocol options on the connection
// if they're set in the configuration.
if ($this->configuration->getUseSSL()) {
$this->connection->useSSL();
} elseif ($this->configuration->getUseTLS()) {
$this->connection->useTLS();
}
// If we've set SSO to true, we'll make sure we check if
// SSO is supported, and if so we'll bind it to
// the current LDAP connection.
if ($this->configuration->getUseSSO() && $this->connection->isSaslSupported()) {
$this->connection->useSSO();
}
}
