function authenticated_via_ldap($username, $password, &$ldap_displayname) { global $LDAP_options, $debug_mode; if ($LDAP_options['cache_retry'] > $LDAP_options['cache_refresh'] or $LDAP_options['cache_refresh'] > $LDAP_options['cache_expiry']) { throw new RackTablesError('LDAP misconfiguration: refresh/retry/expiry mismatch', RackTablesError::MISCONFIGURED); } if ($LDAP_options['cache_expiry'] == 0) { // immediate expiry set means disabled cache return authenticated_via_ldap_nocache($username, $password, $ldap_displayname); } // authenticated_via_ldap_cache()'s way of locking can sometimes result in // a PDO error condition, which convertPDOException() was not able to dispatch. // To avoid reaching printPDOException() (which prints backtrace with password // argument in cleartext), any remaining PDO condition is converted locally. try { return authenticated_via_ldap_cache($username, $password, $ldap_displayname); } catch (PDOException $e) { if (isset($debug_mode) && $debug_mode) { // in debug mode re-throw DB exception as-is throw $e; } else { // re-create exception to hide private data from its backtrace throw new RackTablesError('LDAP caching error', RackTablesError::DB_WRITE_FAILED); } } }
function authenticated_via_ldap($username, $password, &$ldap_displayname) { global $LDAP_options, $debug_mode; $LDAP_defaults = array('group_attr' => 'memberof', 'group_filter' => '/^[Cc][Nn]=([^,]+)/', 'cache_refresh' => 300, 'cache_retry' => 15, 'cache_expiry' => 600); foreach ($LDAP_defaults as $option_name => $option_value) { if (!array_key_exists($option_name, $LDAP_options)) { $LDAP_options[$option_name] = $option_value; } } try { // Destroy the cache each time config changes. if ($LDAP_options['cache_expiry'] != 0 && sha1(serialize($LDAP_options)) != loadScript('LDAPConfigHash')) { discardLDAPCache(); saveScript('LDAPConfigHash', sha1(serialize($LDAP_options))); deleteScript('LDAPLastSuccessfulServer'); } if ($LDAP_options['cache_retry'] > $LDAP_options['cache_refresh'] or $LDAP_options['cache_refresh'] > $LDAP_options['cache_expiry']) { throw new RackTablesError('LDAP misconfiguration: refresh/retry/expiry mismatch', RackTablesError::MISCONFIGURED); } if ($LDAP_options['cache_expiry'] == 0) { // immediate expiry set means disabled cache return authenticated_via_ldap_nocache($username, $password, $ldap_displayname); } // authenticated_via_ldap_cache()'s way of locking can sometimes result in // a PDO error condition that convertPDOException() was not able to dispatch. // To avoid reaching printPDOException() (which prints backtrace with password // argument in cleartext), any remaining PDO condition is converted locally. return authenticated_via_ldap_cache($username, $password, $ldap_displayname); } catch (PDOException $e) { if (isset($debug_mode) && $debug_mode) { // in debug mode re-throw DB exception as-is throw $e; } else { // re-create exception to hide private data from its backtrace throw new RackTablesError('LDAP caching error', RackTablesError::DB_WRITE_FAILED); } } }