/**
* @return void
*/
public function testInvalidOptionResultsInException()
{
$optionName = 'invalid';
try {
$this->_ldap->setOptions(array($optionName => 'irrelevant'));
$this->fail('Expected Zend_Ldap_Exception not thrown');
} catch (Zend_Ldap_Exception $e) {
$this->assertEquals("Unknown Zend_Ldap option: $optionName", $e->getMessage());
}
}
public function testSetOptionsConnect()
{
$ldap = new Zend_Ldap();
$ldap->setOptions($this->_options);
try {
$ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for invalid username');
} catch (Zend_Ldap_Exception $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
}
}
/**
* Sets the LDAP specific options on the Zend_Ldap instance
*
* @param Zend_Ldap $ldap
* @param array $options
* @return array of auth-adapter specific options
*/
protected function _prepareOptions(Zend_Ldap $ldap, array $options)
{
$adapterOptions = array('group' => null, 'groupDn' => $ldap->getBaseDn(), 'groupScope' => Zend_Ldap::SEARCH_SCOPE_SUB, 'groupAttr' => 'cn', 'groupFilter' => 'objectClass=groupOfUniqueNames', 'memberAttr' => 'uniqueMember', 'memberIsDn' => true);
foreach ($adapterOptions as $key => $value) {
if (array_key_exists($key, $options)) {
$value = $options[$key];
unset($options[$key]);
switch ($key) {
case 'groupScope':
$value = (int) $value;
if (in_array($value, array(Zend_Ldap::SEARCH_SCOPE_BASE, Zend_Ldap::SEARCH_SCOPE_ONE, Zend_Ldap::SEARCH_SCOPE_SUB), true)) {
$adapterOptions[$key] = $value;
}
break;
case 'memberIsDn':
$adapterOptions[$key] = $value === true || $value === '1' || strcasecmp($value, 'true') == 0;
break;
default:
$adapterOptions[$key] = trim($value);
break;
}
}
}
$ldap->setOptions($options);
return $adapterOptions;
}
/**
* gets userdata from LDAP
*
* @return array data of currently logged in user
*/
public static function getUserdata()
{
// get usernumber from session
// if session has not been defined return false
$user = new Zend_Session_Namespace('loggedin');
if (isset($user->usernumber) === false) {
return false;
}
$return = array();
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$multiOptions = $config->ldap->toArray();
$mappingSettings = $config->ldapmappings->toArray();
unset($multiOptions['log_path']);
unset($multiOptions['admin_accounts']);
$ldap = new Zend_Ldap();
foreach ($multiOptions as $name => $options) {
$mappingFirstName = $mappingSettings[$name]['firstName'];
$mappingLastName = $mappingSettings[$name]['lastName'];
$mappingEMail = $mappingSettings[$name]['EMail'];
$permanentId = $mappingSettings[$name]['personId'];
$ldap->setOptions($options);
try {
$ldap->bind();
$ldapsearch = $ldap->search('(uid=' . $user->usernumber . ')', 'dc=tub,dc=tu-harburg,dc=de', Zend_Ldap::SEARCH_SCOPE_ONE);
if ($ldapsearch->count() > 0) {
$searchresult = $ldapsearch->getFirst();
if (is_array($searchresult[$mappingFirstName]) === true) {
$return['firstName'] = $searchresult[$mappingFirstName][0];
} else {
$return['firstName'] = $searchresult[$mappingFirstName];
}
if (is_array($searchresult[$mappingLastName]) === true) {
$return['lastName'] = $searchresult[$mappingLastName][0];
} else {
$return['lastName'] = $searchresult[$mappingLastName];
}
if (is_array($searchresult[$mappingEMail]) === true) {
$return['email'] = $searchresult[$mappingEMail][0];
} else {
$return['email'] = $searchresult[$mappingEMail];
}
if (is_array($searchresult[$permanentId]) === true) {
$return['personId'] = $searchresult[$permanentId][0];
} else {
$return['personId'] = $searchresult[$permanentId];
}
return $return;
}
} catch (Zend_Ldap_Exception $zle) {
echo ' ' . $zle->getMessage() . "\n";
if ($zle->getCode() === Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH) {
continue;
}
}
}
return $return;
}
public function testAccountCanonization()
{
$options = $this->_options;
$ldap = new Zend_Ldap($options);
$canonDn = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_DN);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_DN, $canonDn);
$canonUsername = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canonUsername);
$canonBackslash = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_BACKSLASH);
$this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canonBackslash);
$canonPrincipal = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_PRINCIPAL);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canonPrincipal);
$options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_USERNAME;
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon);
$options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_BACKSLASH;
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon);
$options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_PRINCIPAL;
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon);
unset($options['accountCanonicalForm']);
unset($options['accountDomainName']);
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon);
unset($options['accountDomainNameShort']);
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon);
$options['accountDomainName'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME;
$ldap->setOptions($options);
$canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME);
$this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon);
}
