/**
* Retrieve list of users with all details.
*
* @return array Rows of user data
*/
function ldap_auth_user_list($username = NULL)
{
global $config, $ds;
ldap_init();
ldap_bind_dn();
//$filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')';
$filter_params = array();
$filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_objectclass']);
if (!empty($username)) {
// Filter users by username
$filter_params[] = ldap_filter_create($config['auth_ldap_attr']['uid'], $username);
}
if (count($config['auth_ldap_group']) == 1) {
//$filter = '(&'.$filter.'(memberof='.$config['auth_ldap_group'][0].'))';
$filter_params[] = ldap_filter_create('memberOf', $config['auth_ldap_group'][0]);
} else {
if (count($config['auth_ldap_group']) > 1) {
$group_params = array();
foreach ($config['auth_ldap_group'] as $group) {
//$group_filter .= '(memberof='.$group.')';
$group_params[] = ldap_filter_create('memberOf', $group);
}
$filter_params[] = ldap_filter_combine($group_params, '|');
//$filter = '(&'.$filter.'(|'.$group_filter.'))';
}
}
$filter = ldap_filter_combine($filter_params);
print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]");
$search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
print_debug(ldap_error($ds));
$entries = ldap_get_entries($ds, $search);
//print_vars($entries);
if ($entries['count']) {
for ($i = 0; $i < $entries['count']; $i++) {
$username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0];
$realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0];
$user_id = ldap_internal_auth_user_id($entries[$i]);
$email = $entries[$i]['mail'][0];
$userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username;
print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]");
foreach ($config['auth_ldap_group'] as $ldap_group) {
$authorized = 0;
$compare = ldap_search_user($ldap_group, $userdn);
if ($compare === -1) {
print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
continue;
} elseif ($compare === FALSE) {
print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]");
} else {
// $$compare === TRUE
print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]");
$authorized = 1;
break;
}
}
if (!isset($config['auth_ldap_group']) || $authorized) {
$user_level = ldap_auth_user_level($username);
$userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id, 'level' => $user_level, 'email' => $email);
}
}
}
return $userlist;
}
/**
* Function to validate the user and password for a given login. Error messages in $ldap_cache["error"];
*
* @param string User login
* @param string User password (plain text)
*
* @return bool True if the login is correct, false in other case
*/
function ldap_valid_login($login, $password)
{
global $ldap_cache, $config;
if (!function_exists("ldap_connect")) {
die("Your installation of PHP does not support LDAP");
}
$ret = false;
if (!empty($config["auth_methods"]["ldap_port"])) {
$ds = @ldap_connect($config["auth_methods"]["ldap_server"], $config["auth_methods"]["ldap_port"]);
//Since this is a separate bind, we don't store it global
} else {
$ds = @ldap_connect($config["auth_methods"]["ldap_server"]);
//Since this is a separate bind we don't store it global
}
if ($ds) {
if ($config["auth_methods"]["ldap_version"] > 0) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config["auth_methods"]["ldap_version"]);
}
if ($config["auth_methods"]["ldap_start_tls"] && !@ldap_start_tls($ds)) {
$ldap_cache["error"] .= 'Could not start TLS for LDAP connection';
return $ret;
}
if (ldap_search_user($login)) {
$r = @ldap_bind($ds, $config["auth_methods"]["ldap_login_attr"] . "=" . $login . "," . $config["auth_methods"]["ldap_base_dn"], $password);
if (!$r) {
$ldap_cache["error"] .= 'Invalid login';
//$ldap_cache["error"] .= ': incorrect password'; // uncomment for debugging
} else {
$ret = true;
}
} else {
$ldap_cache["error"] .= 'Invalid login';
//$ldap_cache["error"] .= ': no such user';
}
@ldap_close($ds);
} else {
$ldap_cache["error"] .= 'Error connecting to LDAP server';
}
return $ret;
}
