function _initLDAP($secure = true, $rdn = null, $pwd = null, $ldapError = null) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array(null, null)); // clear ldap error state } $ldap = ApplicationConfiguration::service('egi.ldap.host'); $ds = ldap_connect($ldap); if ($ds === false) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array(null, "Could not initialize connection to the EGI SSO server")); } return null; } if (!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options")); } return null; } if (!@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options")); } return null; } if ($secure) { if (!@ldap_start_tls($ds)) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array($ds, "Could not establish a secure connection to the EGI SSO server")); } return null; } } if (!isset($rdn) && !isset($pwd)) { $ok = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password')); } else { $ok = @ldap_bind($ds, $rdn, $pwd); } if (ldap_errno($ds) !== 0) { if (!is_null($ldapError)) { call_user_func_array($ldapError, array($ds, "Could not bind to the EGI SSO server")); } @ldap_close($ds); return null; } else { if ($ok === false) { @ldap_close($ds); return false; } } return $ds; }
public function updateallAction() { $this->_helper->layout->disableLayout(); $this->_helper->viewRenderer->setNoRender(); return; $ldap = ApplicationConfiguration::service('egi.ldap.host'); $ldapbind = false; $ds = ldap_connect($ldap); if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) { $ldapbind = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password')); } } if ($ldapbind) { $users = new Default_Model_Researchers(); $users->refresh(); for ($i = 0; $i < $users->count(); $i++) { $u = $users->items[$i]; if (!isnull($u->username)) { $sr = ldap_search($ds, "ou=people,dc=egi,dc=eu", "(uid=" . $u->username . ")"); $info = ldap_get_entries($ds, $sr); if ($info["count"] > 0) { if (array_key_exists('destinationindicator', $info[0])) { $gender = $info[0]['destinationindicator'][0]; $u->gender = $gender; $u->save(); } } } } ldap_close($ds); } }
private function BuildQuery() { $this->api->view->isAuthenticated = false; $this->api->view->isAdmin = false; $q = array(); $flt = ""; $ignore = AppdbAPIHelper::GetIgnoreParameterList(); //Collect query related parameters foreach ($this->routeParams as $k => $v) { if (in_array($k, $ignore)) { continue; } $q[$k] = $v; //Clear retreived parameters from request parameters unset($this->routeParams[$k]); unset($_GET[$k]); } if (array_key_exists('userid', $q)) { //user ID with hashed password, matched against hash in database if (array_key_exists('passwd', $q)) { $u = new Default_Model_Researchers(); $u->filter->id->equals($q["userid"]); if (count($u->items) > 0) { if ($u->items[0]->password === $q["passwd"]) { $this->api->view->isAuthenticated = true; $this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified; $_GET["userid"] = $q["userid"]; // error_log('API call authenticated'); } } } } elseif (array_key_exists('username', $q)) { //username and real password, matched against LDAP error_log('Trying to authenticate user via LDAP'); $u = new Default_Model_Researchers(); $u->filter->username->equals($q["username"]); if (count($u->items) > 0) { $username = $q["username"]; $userid = $u->items[0]->id; } else { $username = null; } if ($username !== null) { if (array_key_exists('passwd', $q)) { $ldap = ApplicationConfiguration::service('egi.ldap.host'); $username = "******" . $username . ",ou=people,dc=egi,dc=eu"; $password = $q['passwd']; $ldapbind = false; $ds = ldap_connect($ldap); if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) { if (APPLICATION_ENV == 'production') { if (ldap_start_tls($ds)) { $ldapbind = @ldap_bind($ds, $username, $password); } } else { $ldapbind = @ldap_bind($ds, $username, $password); } } } ldap_close($ds); if ($ldapbind) { //login info was valid $_GET["userid"] = $userid; $this->api->view->isAuthenticated = true; $this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified; } else { error_log('API call authentication failed'); } } } } //Remove unwanted fields from flt foreach (array("orderbyOp", "orderby", "userid", "passwd", "username", "id") as $ign) { if (array_key_exists($ign, $q)) { $_GET[$ign] = $q[$ign]; unset($q[$ign]); } } if (array_key_exists('flt', $q) && count($this->routeModelQuery) === 0) { $_GET['flt'] = $q['flt']; if (isset($q['fuzzySearch'])) { $_GET['fuzzySearch'] = $q['fuzzySearch']; } } else { $q = AppdbAPIRequestProcessor::Transform($this->routeXslt, $this->version, $q); if ($q === null) { $this->api->view->Error = "Invalid query parameter"; return; } if (count($this->routeModelQuery) > 0) { $mq = $this->routeModelQuery; $this->routeModelQuery = array(); foreach ($mq as $m) { if (isset($q[$m])) { $this->routeModelQuery[$m] = $q[$m]; } } } else { if (count($q) > 0) { //Create json query object for FILTER query $flt = ""; foreach ($q as $k => $v) { if (strpos($k, "id") > 0) { $flt .= "+=" . $k . ":" . $v . " "; } else { $flt .= "+" . $k . ":" . $v . " "; } } } } if ($flt != "") { $_GET[AppdbAPIHelper::GetQueryKey()] = $flt; } } }