protected function tearDown()
{
if ($this->_ldap !== null) {
$this->_ldap->disconnect();
$this->_ldap = null;
}
}
public function testDisconnect()
{
$ldap = new Zend_Ldap($this->_options);
for ($i = 0; $i < 3; $i++) {
$ldap->disconnect();
try {
$ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for unknown username');
} catch (Zend_Ldap_Exception $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
}
}
}
protected function _disconnect()
{
$this->_ressource->disconnect();
}
private static function _ldapIntegration($userId, $username, $password, $loginServer = null)
{
$userId = intval($userId);
$conf = Phprojekt::getInstance()->getConfig();
$ldapOptions = $conf->authentication->ldap->toArray();
// Zend library does not allow determining from which server the user was found from
// That's why we need to request the server from the user during login.
$account = null;
if ($loginServer !== null && array_key_exists($loginServer, $ldapOptions)) {
$searchOpts = $ldapOptions[$loginServer];
try {
$ldap = new Zend_Ldap($searchOpts);
$ldap->connect();
$ldap->bind($username, $password);
$filter = sprintf("(\n &(\n |(objectclass=posixAccount)\n (objectclass=Person)\n )\n (\n |(uid=%s)\n (samAccountName=%s)\n )\n )", $username, $username);
$result = $ldap->search($filter, $searchOpts['baseDn']);
$account = $result->getFirst();
$ldap->disconnect();
} catch (Exception $e) {
throw new Phprojekt_Auth_Exception('Failed to establish a search connection to the LDAP server:' . ' ' . $server . ' ' . 'Please check your configuration for that server.', 8);
}
} else {
throw new Phprojekt_Auth_Exception('Server not specified during login! "
. "Please check that your login screen contains the login domain selection.', 9);
}
if ($account !== null) {
// User found
$integration = isset($conf->authentication->integration) ? $conf->authentication->integration->toArray() : array();
$firstname = "";
$lastname = "";
$email = "";
if (isset($account['givenname'])) {
$firstname = $account['givenname'][0];
}
if (isset($account['sn'])) {
$lastname = $account['sn'][0];
}
if (isset($account['mail'])) {
$email = $account['mail'][0];
}
// Set user params
$params = array();
$params['id'] = intval($userId);
// New user has id = 0
$params['username'] = $username;
$params['password'] = $password;
$admins = array();
if (isset($integration['systemAdmins'])) {
$admins = split(",", $integration['systemAdmins']);
foreach ($admins as $key => $admin) {
$admins[$key] = trim($admin);
}
}
$params['admin'] = in_array($username, $admins) ? 1 : 0;
// Default to non-admin (0)
if ($userId > 0) {
$user = self::_getUser($userId);
$params['admin'] = intval($user->admin);
}
// Integrate with parameters found from LDAP server
$params['firstname'] = $firstname;
$params['lastname'] = $lastname;
$params['email'] = $email;
if ($userId > 0) {
// Update user parameters with those found from LDAP server
$user->find($userId);
$params['id'] = $userId;
if (!self::_saveUser($params)) {
throw new Phprojekt_Auth_Exception('User update failed for LDAP parameters', 10);
}
} else {
// Add new user to PHProjekt
// TODO: Default conf could be defined in configuration
// Lists needed for checks ?
// Set default parameters for users
$params['status'] = "A";
// Active user
$params['language'] = isset($conf->language) ? $conf->language : "en";
// Conf language / English
$params['timeZone'] = "0000";
// (GMT) Greenwich Mean Time: Dublin, Edinburgh, Lisbon, London
// Default integration vals from config
if (isset($integration['admin']) && $params['admin'] == 0) {
$val = intval($integration['admin']);
if ($val == 1 || $val == 0) {
$params['admin'] = $val;
}
}
if (isset($integration['status'])) {
$val = trim(strtoupper($integration['status']));
if (in_array($val, array("A", "I"))) {
$params['status'] = $val;
}
}
if (isset($integration['language'])) {
$val = trim(strtolower($integration['language']));
$languages = Phprojekt_LanguageAdapter::getLanguageList();
if (array_key_exists($val, $languages)) {
$params['language'] = $val;
} else {
if (($val = array_search('(' . $val . ')', $languages)) !== false) {
$params['language'] = $val;
}
}
}
if (isset($integration['timeZone'])) {
$val = trim(strtolower($integration['timeZone']));
$timezones = Phprojekt_Converter_Time::getTimeZones();
if (array_key_exists($val, $timezones)) {
$params['timeZone'] = $val;
} else {
if (($val = array_search($val, $timezones)) !== false) {
$params['timeZone'] = $val;
}
}
}
if (!self::_saveUser($params)) {
throw new Phprojekt_Auth_Exception('User creation failed after LDAP authentication', 10);
}
}
} else {
throw new Phprojekt_Auth_Exception('Failed to find the LDAP user with the given username', 11);
}
}
