function ldap_authenticate($user, $pass) { // Global variables global $ldap_base_DN, $ldap_server, $template, $admin_users, $ldap_user_cn; // Connect to the LDAP server $conn = ldap_connect($ldap_server) or die("Cannot connect"); ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // Bind anonymously, query the server for the user, and error if it can't be found if (!($bind = ldap_bind($conn))) { $template['message'] = "<p>Anonymous bind failed.</p>"; return; } // Do a search for the username and get the DN - this is easier than manually constructing it if (!($search = ldap_search($conn, $ldap_base_DN, "{$ldap_user_cn}={$user}"))) { $template['message'] = "<p><strong>Error:</strong> Could not find the username.</p>"; return; } // If there isn't only one row. if (ldap_count_entries($conn, $search) != 1) { $template['message'] = "<p>There was an error processing the username, or it cannot be found.</p>"; return; } // Extract the entries, and bind with the user's full DN, then unset the password for security $entries = @ldap_get_entries($conn, $search); $bind_auth = @ldap_bind($conn, $entries[0]['dn'], $pass); unset($pass); // If we have a successful bind, add the relevant session information if ($bind_auth) { $_SESSION['admin'] = in_array($user, $admin_users); $_SESSION['username'] = $user; header('Location: index.php'); } else { $template['message'] = "<p><strong>Login failed.</strong> Please try again.</p>"; } }
/** * Get entries count */ public function count() { if (!isset($this->count)) { $this->count = ldap_count_entries($this->conn, $this->ldap); } return $this->count; }
function _encrypt($str_userpswd) { echo '<h3>Prueba de consulta LDAP</h3>'; echo 'Conectando ...'; $ds = ldap_connect('localhost'); echo 'El resultado de la conexión es ' . $ds . '<p>'; if ($ds) { echo 'Autentificándose ...'; $r = ldap_bind($ds); echo 'El resultado de la autentificación es ' . $r . '<p>'; echo 'Buscando (sn=P*) ...'; $sr = ldap_search($ds, 'o=halys, c=halys', 'sn=h*'); echo 'El resultado de la búsqueda es ' . $sr . '<p>'; echo 'El número de entradas devueltas es ' . ldap_count_entries($ds, $sr) . '<p>'; echo 'Recuperando entradas ...<p>'; $info = ldap_get_entries($ds, $sr); echo 'Devueltos datos de ' . $info['count'] . ' entradas:<p>'; for ($i = 0; $i < $info['count']; $i++) { echo 'dn es: ' . $info[$i]['dn'] . '<br>'; echo 'La primera entrada cn es: ' . $info[$i]['cn'][0] . '<br>'; } echo 'Cerrando conexión'; ldap_close($ds); } else { echo '<h4>Ha sido imposible conectar al servidor LDAP</h4>'; } }
/** * Validate group membership * * Searches the LDAP server for group membership of the * supplied username. Quotes all LDAP filter meta characters in * the user name before querying the LDAP server. * * @param string Distinguished Name of the authenticated User * @return boolean */ public function checkGroupMembership($user) { if (!is_resource($this->_resource)) { $this->connect(); } $userDn = $this->_getAccountDn($user); foreach ($this->_options['groups'] as $group) { // make filter $filter = sprintf('(&(%s=%s)(%s=%s)%s)', $this->_options['groupAttr'], $group, $this->_options['memberAttr'], $this->_quoteFilterString($userDn), $this->_options['groupFilter']); // make search base dn $search_basedn = $this->_options['groupDn']; if ($search_basedn != '' && substr($search_basedn, -1) != ',') { $search_basedn .= ','; } $search_basedn .= $this->_options['baseDn']; $func_params = array($this->_resource, $search_basedn, $filter, array($this->_options['memberAttr'])); $func_name = 'ldap_search'; //echo "Searching with $func_name and filter $filter in $search_basedn"; // search if (($result_id = @call_user_func_array($func_name, $func_params)) != false) { if (@ldap_count_entries($this->_resource, $result_id) == 1) { @ldap_free_result($result_id); //echo 'User is member of group'; return true; } } } // default throw new Zend_Ldap_Exception(null, 'User is NOT member of any group!', BDBLdap::LDAP_USER_NOT_MEMBER_OF_GROUP); return false; }
function DoTest($testname, $param, $hostname, $timeout, $params) { global $NATS; $url = $params[0]; $bind = $params[1]; $pasw = $params[2]; $base = $params[3]; $filter = $params[4]; $ds = ldap_connect($url); if (!$ds) { return -2; } $ldap = $bind && $pasw ? ldap_bind($ds, $bind, $pasw) : ldap_bind($ds); if (!$ldap) { return -1; } if ($base && $filter) { $search = ldap_search($ds, $base, $filter); $val = ldap_count_entries($ds, $search); } else { $val = 1; } ldap_close($ds); return $val; }
/** * Load current tags of an entry */ function ajax_loadtags($dn, $type = 'plain') { global $conf; global $LDAP_CON; global $FIELDS; if (!$FIELDS['_marker']) { return; } header('Content-Type: text/html; charset=utf-8'); $sr = ldap_search($LDAP_CON, $dn, '(objectClass=inetOrgPerson)', array($FIELDS['_marker'])); if (!ldap_count_entries($LDAP_CON, $sr)) { return false; } $result = ldap_get_binentries($LDAP_CON, $sr); $entry = $result[0]; if ($type == 'plain') { echo join(', ', (array) $entry[$FIELDS['_marker']]); } else { foreach ((array) $entry[$FIELDS['_marker']] as $tag) { echo '<a href="index.php?marker='; echo rawurlencode($tag); echo '" class="tag">'; echo htmlspecialchars($tag); echo '</a> '; } } }
public function count() { if (false !== ($count = ldap_count_entries($this->connection->getResource(), $this->search->getResource()))) { return $count; } throw new LdapException(sprintf('Error while retrieving entry count: %s', ldap_error($this->connection->getResource()))); }
function getUserDn($username) { if ($this->send_utf8_credentials) { $username = studip_utf8encode($username); $reader_password = studip_utf8encode($this->reader_password); } $user_dn = ""; if (!($r = @ldap_bind($this->conn, $this->reader_dn, $this->reader_password))) { $this->error_msg = sprintf(_("Anmeldung von %s fehlgeschlagen."), $this->reader_dn) . $this->getLdapError(); return false; } if (!($result = @ldap_search($this->conn, $this->base_dn, $this->getLdapFilter($username), array('dn')))) { $this->error_msg = _("Durchsuchen des LDAP Baumes fehlgeschlagen.") . $this->getLdapError(); return false; } if (!ldap_count_entries($this->conn, $result)) { $this->error_msg = sprintf(_("%s wurde nicht unterhalb von %s gefunden."), $username, $this->base_dn); return false; } if (!($entry = @ldap_first_entry($this->conn, $result))) { $this->error_msg = $this->getLdapError(); return false; } if (!($user_dn = @ldap_get_dn($this->conn, $entry))) { $this->error_msg = $this->getLdapError(); return false; } return $user_dn; }
/** * @return int * @throws EntryCountRetrievalFailureException */ public function entryCount() { if (!($result = ldap_count_entries($this->link, $this->result))) { throw new EntryCountRetrievalFailureException(ldap_error($this->link), ldap_errno($this->link)); } return $result; }
function checkldapuser($username, $password) { require 'config.php'; $username = strtolower($username); $connect = ldap_connect($ldapServer); if ($connect != false) { ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // enlace a la conexión $bind = ldap_bind($connect, $usrLDAP, $pwdLDAP); if ($bind == false) { $mensajeError = "Falla la conexión con el servidor LDAP con el usuario \n{$usrLDAP}"; return $mensajeError; } // active directory - pch $bind = @ldap_bind($connect, "{$campoBusqLDAP}=" . $username . ",{$cadenaBusqLDAP}", $password); if ($bind == false) { $mensajeError = "Usuario o contraseña incorrecta"; return $mensajeError; } // busca el usuario - pch if (($res_id = ldap_search($connect, $cadenaBusqLDAP, "{$campoBusqLDAP}=" . $username)) == false) { $mensajeError = "No encontrado el usuario en el LDAP"; return $mensajeError; } $cant = ldap_count_entries($connect, $res_id); if ($cant == 0) { $mensajeError = "El usuario {$username} NO se encuentra en el A.D. {$bind} HLPHLP"; return $mensajeError; } if ($cant > 1) { $mensajeError = "El usuario {$username} se encuentra {$cant} veces en el A.D."; return $mensajeError; } $entry_id = ldap_first_entry($connect, $res_id); if ($entry_id == false) { $mensajeError = "No se obtuvieron resultados"; return $mensajeError; } if (($user_dn = ldap_get_dn($connect, $entry_id)) == false) { $mensajeError = "No se puede obtener el dn del usuario"; return $mensajeError; } error_reporting(0); /* Autentica el usuario */ if (($link_id = ldap_bind($connect, "{$user_dn}", $password)) == false) { error_reporting(0); $mensajeError = "USUARIO O CONTRASEÑA INCORRECTOS"; return $mensajeError; } return ''; @ldap_close($connect); } else { $mensajeError = "no hay conexión a '{$ldap_server}'"; return $mensajeError; } @ldap_close($connect); return false; }
public function count_entries() { if (isset($this->search)) { return ldap_count_entries($this->ds, $this->search); } else { return 0; } }
public static function readUser($ldapconn, $dn) { $search = ldap_read($ldapconn, $dn, USER::FILTER_USERS, array("cn", "mail", "displayName", "sn", "givenName", "memberOf")); if (ldap_count_entries($ldapconn, $search) > 0) { $entry = ldap_first_entry($ldapconn, $search); return User::readFromLdapEntry($ldapconn, $entry); } }
public function count_entries() { if (!empty($this->search)) { return ldap_count_entries($this->ds, $this->search); } else { throw new e_developer("Invalid count entries"); } }
/** * @see ResultSet::getRecordCount() */ function getRecordCount() { $rows = @ldap_count_entries($this->result); if ($rows === null) { throw new SQLException("Error fetching num entries", ldap_error($this->conn->getResource())); } return (int) $rows; }
/** * LDAP storage handler * @return bool * @param $id string * @param $pw string **/ protected function _ldap($id, $pw) { $dc = @ldap_connect($this->args['dc']); if ($dc && ldap_set_option($dc, LDAP_OPT_PROTOCOL_VERSION, 3) && ldap_set_option($dc, LDAP_OPT_REFERRALS, 0) && ldap_bind($dc, $this->args['rdn'], $this->args['pw']) && ($result = ldap_search($dc, $this->args['base_dn'], 'uid=' . $id)) && ldap_count_entries($dc, $result) && ($info = ldap_get_entries($dc, $result)) && @ldap_bind($dc, $info[0]['dn'], $pw) && @ldap_close($dc)) { return $info[0]['uid'][0] == $id; } user_error(self::E_LDAP, E_USER_ERROR); }
function ldap_mailhost_on_login($tools) { // load the settings for this module require $tools->include_path . 'settings.php'; // we're looking to find the user's imap server setting $imap_server = false; // user posted to login form if (isset($_POST['user'])) { $user = $_POST['user']; // check to see if the user specified their domain (user@domain) $domain = false; if (strstr($_POST['user'], '@') && strpos($_POST['user'], '@') < strlen($_POST['user'])) { $user = substr($_POST['user'], 0, strpos($_POST['user'], '@')); $domain = substr($_POST['user'], strpos($_POST['user'], '@') + 1); } // make sure we have safe input if (!preg_match($uid_pattern, $user)) { return; } if ($domain && !preg_match($domain_pattern, $domain)) { return; } // connect and bind to ldap if (!($connect = @ldap_connect($ldap_server))) { return; } if (!($bind = @ldap_bind($connect, $ldap_user, $ldap_pass))) { return; } // search for the user in the appropriate ldap base dn if (!($search = @ldap_search($connect, $domain ? sprintf($domain_base_format, $domain) : $default_base, sprintf($uid_filter_format, $user)))) { return; } // make sure we found one and only one user if (ldap_count_entries($connect, $search) != 1) { return; } // get the mailhost attribute from the user entry $info = ldap_get_entries($connect, $search); if ($info[0] && $info[0][$mailhost_attr] && $info[0][$mailhost_attr][0]) { $mailhost = $info[0][$mailhost_attr][0]; // look up the mailhost value in the settings map to find // the corresponding imap_alt server foreach ($server_map as $alt_imap => $vals) { if ($mailhost == $vals) { // if all went well // we found the correct imap server to connect to $_POST['imap_server'] = $alt_imap; return; } } } // if something went wrong, the imap_server will remain whatever // the default imap_server setting is in hastymail.conf // depending on what that is set to, it will probably result in // and error to the user indicating that that imap server is down } }
/** * Constructor. * * @param \Zend\Ldap\Ldap $ldap * @param resource $resultId * @return void */ public function __construct(Ldap\Ldap $ldap, $resultId) { $this->_ldap = $ldap; $this->_resultId = $resultId; $this->_itemCount = @ldap_count_entries($ldap->getResource(), $resultId); if ($this->_itemCount === false) { throw new Ldap\Exception($this->_ldap, 'counting entries'); } }
public function search($statement) { //returns false if there is a problem $results = array(); $_search = ldap_search($this->_ldapCnx, $this->_baseDn, $statement, $this->_resultFields); $results['data'] = ldap_get_entries($this->_ldapCnx, $_search); $results['count'] = ldap_count_entries($this->_ldapCnx, $_search); return $results; }
function login($uid, $pwd, $ip = 0) { // connect to ldap-server // echo ("Host: ".$this->host." Port: ".$this->port." BaseDN: ".$this->basedn." UID: $uid, PWD: $pwd \n<br>\n"); if ($connect = @ldap_connect($this->host)) { // if connected to ldap server, check for protocol version if (!@ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3)) { // echo "version 2<br>\n"; $this->ldapver = 2; } // echo "verification on '$this->host': "; // bind to ldap connection if (($bind = @ldap_bind($connect)) == false) { // print "bind:__FAILED__<br>\n"; return false; } // check whether we have an email address or an actual user id if (strpos($uid, '@') > 0) { $filter = "mail=" . $uid; } else { $filter = "uid=" . $uid; } // search for user if (($res_id = @ldap_search($connect, $this->basedn, $filter)) == false) { // print "failure: search in LDAP-tree failed<br>"; return false; } if (@ldap_count_entries($connect, $res_id) != 1) { // print "failure: error looking up user $username<br>\n"; return false; } if (($entry_id = @ldap_first_entry($connect, $res_id)) == false) { // print "failure: entry of searchresult couln't be fetched<br>\n"; return false; } if (($user_dn = @ldap_get_dn($connect, $entry_id)) == false) { // print "failure: user-dn coulnd't be fetched<br>\n"; return false; } // authenticate user if (($link_id = @ldap_bind($connect, $user_dn, $pwd)) == false) { // print "failure: username, password didn't match: $user_dn<br>\n"; return false; } // login went fine, user login is ok @ldap_close($connect); $this->uid = $uid; return true; } else { // no conection to ldap server echo "no connection to '{$ldap_server}'<br>\n"; } // echo "failed: ".ldap_error($connect)."<BR>\n"; // something went wrong, cleanup and return false @ldap_close($connect); return false; }
public function doSearch($filter) { $numEntries = 0; if (!$this->bindResult) { $this->connect(); } @($this->searchResult = ldap_search($this->ldapConnection, $this->baseDN, $filter, $this->ldapAttributes)); @($this->numEntries = ldap_count_entries($this->ldapConnection, $this->searchResult)); return $this->numEntries; }
/** * getGroupMembership() - return any group names the user is a member of; including those that are not relevant for yacy collections * filtering/mapping is done in class UserPrivs, * @see class/user_privs.class.php * * @return array list of all found group names */ public static function getGroupMemberShip() { // try to connect to one of the given ldap/ad server $ldapConnect = false; foreach (Config::$ldapServer as $ldapHost) { if (!$ldapConnect) { $ldapConnect = ldap_connect($ldapHost); } } if ($ldapConnect) { ldap_set_option($ldapConnect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapConnect, LDAP_OPT_REFERRALS, 0); // ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 1); // debug only // bind with the given system account to determine user's distinguished name (dn) $ldapBind = ldap_bind($ldapConnect, Config::BIND_DN, Config::BIND_PASSWORD); if ($ldapBind) { if (Config::DEBUG) { trigger_error('ldap bind with system credentials: success', E_USER_NOTICE); trigger_error('trying to authenticate user: '******'dn']; if (Config::DEBUG) { trigger_error('found user dn: ' . $userDN, E_USER_NOTICE); } // re-bind with user-specific credentials (determined dn and given pass) $ldapBind = ldap_bind($ldapConnect, $userDN, self::AUTH_PWD); if ($ldapBind) { if (Config::DEBUG) { trigger_error('bind with user specific credentials: success', E_USER_NOTICE); } $commonName = $ldapRecords[0]['cn'][0]; $ldapSearchQuery = 'CN=' . $commonName; $ldapResult = ldap_search($ldapConnect, Config::LDAP_BASE_DN, $ldapSearchQuery); $ldapRecords = ldap_get_entries($ldapConnect, $ldapResult); $isMemberOf = array(); for ($i = 0; $i < $ldapRecords[0]['memberof']['count']; $i++) { $isMemberOf[] = $ldapRecords[0]['memberof'][$i]; } return $isMemberOf; } else { throw new Exception('received exactly one dn, but could not bind - please check the given credentials'); } } else { throw new Exception('could not determine users dn - please verify the given credentials'); } } else { throw new Exception('could not bind with system account - please verify the system account given'); } } else { throw new Exception('could not connect to any of the given ldap/ad server'); } }
/** * Constructor. * * @param \Zend\Ldap\Ldap $ldap * @param resource $resultId * @throws \Zend\Ldap\Exception\LdapException if no entries was found. * @return DefaultIterator */ public function __construct(Ldap\Ldap $ldap, $resultId) { $this->ldap = $ldap; $this->resultId = $resultId; ErrorHandler::start(); $this->itemCount = ldap_count_entries($ldap->getResource(), $resultId); ErrorHandler::stop(); if ($this->itemCount === false) { throw new Exception\LdapException($this->ldap, 'counting entries'); } }
/** * Loads an entry from the LDAP server for the given user * * @param array $config * @param string $username */ public function __construct($username) { $config = self::getConfig(); $this->openConnection(); $result = ldap_search(self::$connection, $config['DIRECTORY_BASE_DN'], $config['DIRECTORY_USERNAME_ATTRIBUTE'] . "={$username}"); if (ldap_count_entries(self::$connection, $result)) { $entries = ldap_get_entries(self::$connection, $result); $this->entry = $entries[0]; } else { throw new \Exception('ldap/unknownUser'); } }
public function search($username) { if ($ds = $this->baseConnect()) { $base = $this->base_schema . ',' . $this->base; $filter = "({$this->directoryString}={$username})"; $sr = ldap_search($ds, $base, $filter); $info = ldap_count_entries($ds, $sr); ldap_close($ds); return $info; } return null; }
/** * Constructor. * * @param Zend_Ldap $ldap * @param resource $resultId * @return void */ public function __construct(Zend_Ldap $ldap, $resultId) { $this->_ldap = $ldap; $this->_resultId = $resultId; $this->_itemCount = @ldap_count_entries($ldap->getResource(), $resultId); if ($this->_itemCount === false) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception($this->_ldap, 'counting entries'); } }
/** * Realiza la autentificacion utilizando un servidor LDAP * @return $value Retorna TRUE o FALSE de acuerdo al estado de la autentifiacion */ function autenticar($id_usuario, $clave, $datos_iniciales = null) { if (!extension_loaded('ldap')) { throw new toba_error("[Autenticación LDAP] no se encuentra habilitada la extensión LDAP"); } $conexion = @ldap_connect($this->server); ldap_set_option($conexion, LDAP_OPT_PROTOCOL_VERSION, 3); if (!$conexion) { toba::logger()->error('[Autenticación LDAP] No es posible conectarse con el servidor: ' . ldap_error($conexion)); return false; } //$bind = @ldap_bind($conexion); $bind = @ldap_bind($conexion, $this->bind_dn, $this->bind_pass); if (!$bind) { toba::logger()->error('[Autenticación LDAP] No es posible conectarse con el servidor: ' . ldap_error($conexion)); return false; } $res_id = @ldap_search($conexion, $this->dn, sprintf($this->filter, $id_usuario)); if (!$res_id) { toba::logger()->error('[Autenticación LDAP] Fallo búsqueda en el árbol: ' . ldap_error($conexion)); return false; } $cantidad = ldap_count_entries($conexion, $res_id); if ($cantidad == 0) { toba::logger()->error("[Autenticación LDAP] El usuario {$id_usuario} no tiene una entrada en el árbol"); return false; } if ($cantidad > 1) { toba::logger()->error("[Autenticación LDAP] El usuario {$id_usuario} tiene más de una entrada en el árbol"); return false; } $entrada_id = ldap_first_entry($conexion, $res_id); if ($entrada_id == false) { toba::logger()->error("[Autenticación LDAP] No puede obtenerse el resultado de la búsqueda" . ldap_error($conexion)); return false; } $usuario_dn = ldap_get_dn($conexion, $entrada_id); if ($usuario_dn == false) { toba::logger()->error("[Autenticación LDAP] No pude obtenerse el DN del usuario: " . ldap_error($conexion)); return false; } $link_id = @ldap_bind($conexion, $usuario_dn, $clave); if ($link_id == false) { toba::logger()->error("[Autenticación LDAP] Usuario/Contraseña incorrecta: " . ldap_error($conexion)); return false; } ldap_close($conexion); $usuario = $this->recuperar_usuario_toba($id_usuario); toba::logger()->debug("[Autenticación LDAP] OK"); return true; }
/** * Authenticates a user against ldap server. * @return boolean whether authentication succeeds. */ public function authenticate() { try { $serverType = Yii::app()->authenticationHelper->ldapServerType; $host = Yii::app()->authenticationHelper->ldapHost; $port = Yii::app()->authenticationHelper->ldapPort; $baseDomain = Yii::app()->authenticationHelper->ldapBaseDomain; $bindPassword = Yii::app()->authenticationHelper->ldapBindPassword; $bindRegisteredDomain = Yii::app()->authenticationHelper->ldapBindRegisteredDomain; $ldapConnection = LdapUtil::establishConnection($serverType, $host, $port, $bindRegisteredDomain, $bindPassword, $baseDomain); if ($ldapConnection) { if ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_OPEN_LDAP) { $ldapFilter = '(|(cn=' . $this->username . ')(&(uid=' . $this->username . ')))'; } elseif ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_ACTIVE_DIRECTORY) { $ldapFilter = '(sAMAccountName=' . $this->username . ')'; } else { throw new NotSupportedException(); } $ldapResults = ldap_search($ldapConnection, $baseDomain, $ldapFilter); $ldapResultsCount = ldap_count_entries($ldapConnection, $ldapResults); if ($ldapResultsCount > 0) { $result = @ldap_get_entries($ldapConnection, $ldapResults); $zurmoLogin = parent::authenticate(); if (!$zurmoLogin) { if ($result[0] && @ldap_bind($ldapConnection, $result[0]['dn'], $this->password)) { if ($this->errorCode != 1) { $this->setState('username', $this->username); $this->errorCode = self::ERROR_NONE; return true; } } } else { $this->setState('username', $this->username); $this->errorCode = self::ERROR_NONE; return true; } } else { return parent::authenticate(); } } else { return parent::authenticate(); } } catch (NotFoundException $e) { $this->errorCode = self::ERROR_USERNAME_INVALID; } catch (BadPasswordException $e) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } catch (NoRightWebLoginException $e) { $this->errorCode = self::ERROR_NO_RIGHT_WEB_LOGIN; } return false; }
function auth($user, $pass, $args) { if ($this->ldapless_php) { return false; } else { if ($ldsrvs = access_query("authldapserver")) { foreach ($ldsrvs as $ld_srv) { if ($ld_cid = ldap_connect($ld_srv)) { break; } } if (!$ld_cid) { techo("WARN: mod_auth_ldap: unable to connect to server(s)", NW_EL_WARNING); return false; } } else { techo("WARN: mod_auth_ldap: no AuthLDAPServer specified", NW_EL_WARNING); ldap_close($ld_cid); return false; } } $ld_dn = access_query("authldapbinddn", 0); $eu = explode("@", $user); $ld_dn = str_replace("%AUTH_USER%", $user, $ld_dn); $ld_dn = str_replace("%AUTH_USER_U%", $eu[0], $ld_dn); $ld_dn = str_replace("%AUTH_USER_D%", $eu[1], $ld_dn); if ($ld_bind = ldap_bind($ld_cid, $ld_dn, $pass)) { if ($ld_filter = access_query("authldapmatchfilter", 0)) { if ($ld_q = ldap_search($ld_cid, $ld_dn, $ld_filter)) { if ($a = ldap_count_entries($ld_cid, $ld_q)) { ldap_close($ld_cid); return true; } else { ldap_close($ld_cid); return false; } } else { ldap_close($ld_cid); return false; } } else { ldap_close($ld_cid); return true; } } else { ldap_close($ld_cid); return false; } }
/** * read binary attribute from one entry from the ldap directory * * @todo still needed??? * * @param string $_dn the dn to read * @param string $_filter search filter * @param array $_attribute which field to return * @return blob binary data of given field * @throws Exception with ldap error */ public function fetchBinaryAttribute($_dn, $_filter, $_attribute) { $searchResult = @ldap_search($this->getResource(), $_dn, $_filter, $_attributes, $this->_attrsOnly, $this->_sizeLimit, $this->_timeLimit); if ($searchResult === FALSE) { throw new Exception(ldap_error($this->getResource())); } $searchCount = ldap_count_entries($this->getResource(), $searchResult); if ($searchCount === 0) { throw new Exception('Nothing found for filter: ' . $_filter); } elseif ($searchCount > 1) { throw new Exception('More than one entry found for filter: ' . $_filter); } $entry = ldap_first_entry($this->getResource(), $searchResult); return ldap_get_values_len($this->getResource(), $entry, $attribute); }
/** * LDAPEngine constructor to initialize object * @param string $uid user id * @param string $password password associated with uid */ function LDAPEngine($uid, $password) { global $conf; $this->connected = false; if (strlen($uid) == 0 || strlen($password) == 0) { return; } $this->host = $conf['ldap']['host']; $this->port = $conf['ldap']['port']; $this->basedn = $conf['ldap']['basedn']; $this->AD_lookupid = $conf['ldap']['lookupid']; $this->AD_lookuppwd = $conf['ldap']['lookuppwd']; $this->ldap = ldap_connect($this->host, $this->port) or die("Could not connect to LDAP server."); $this->uid = $uid; if ($this->ldap) { $bind = $this->AD_lookupid ? @ldap_bind($this->ldap, $this->AD_lookupid, $this->AD_lookuppwd) : @ldap_bind($this->ldap); if ($bind) { // System authentication was a success, lookup user's dn via uid= filter $result = ldap_search($this->ldap, $this->basedn, "uid" . "=" . $this->uid); if (ldap_count_entries($this->ldap, $result) <= 0) { print "<p>LDAPEngine: Search in LDAP failed. uid={$this->uid}<p>"; ldap_close($this->ldap); return; } else { $this->binddn = ldap_get_dn($this->ldap, ldap_first_entry($this->ldap, $result)); //print "<p>LDAPEngine: User binding as dn=".$this->binddn."<p>"; $bind2 = @ldap_bind($this->ldap, $this->binddn, $password); if ($bind2) { //print "<p>LDAPEngine: bind using user credentials successful.</p>"; } else { //print "<p>LDAPEngine: bind using user credentials failed.</p>"; ldap_close($this->ldap); return; } } // ------------------------------------ if ($this->loadUserData()) { $this->connected = true; $this->password = $password; } else { ldap_close($this->ldap); } } else { die("LDAPEngine: Attempt to bind to:" . $this->host . " using systemid:" . $this->lookupid . " failed."); ldap_close($this->ldap); } } }