function _initLDAP($secure = true, $rdn = null, $pwd = null, $ldapError = null)
{
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array(null, null));
// clear ldap error state
}
$ldap = ApplicationConfiguration::service('egi.ldap.host');
$ds = ldap_connect($ldap);
if ($ds === false) {
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array(null, "Could not initialize connection to the EGI SSO server"));
}
return null;
}
if (!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options"));
}
return null;
}
if (!@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options"));
}
return null;
}
if ($secure) {
if (!@ldap_start_tls($ds)) {
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array($ds, "Could not establish a secure connection to the EGI SSO server"));
}
return null;
}
}
if (!isset($rdn) && !isset($pwd)) {
$ok = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password'));
} else {
$ok = @ldap_bind($ds, $rdn, $pwd);
}
if (ldap_errno($ds) !== 0) {
if (!is_null($ldapError)) {
call_user_func_array($ldapError, array($ds, "Could not bind to the EGI SSO server"));
}
@ldap_close($ds);
return null;
} else {
if ($ok === false) {
@ldap_close($ds);
return false;
}
}
return $ds;
}
public function updateallAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
return;
$ldap = ApplicationConfiguration::service('egi.ldap.host');
$ldapbind = false;
$ds = ldap_connect($ldap);
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
$ldapbind = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password'));
}
}
if ($ldapbind) {
$users = new Default_Model_Researchers();
$users->refresh();
for ($i = 0; $i < $users->count(); $i++) {
$u = $users->items[$i];
if (!isnull($u->username)) {
$sr = ldap_search($ds, "ou=people,dc=egi,dc=eu", "(uid=" . $u->username . ")");
$info = ldap_get_entries($ds, $sr);
if ($info["count"] > 0) {
if (array_key_exists('destinationindicator', $info[0])) {
$gender = $info[0]['destinationindicator'][0];
$u->gender = $gender;
$u->save();
}
}
}
}
ldap_close($ds);
}
}
private function BuildQuery()
{
$this->api->view->isAuthenticated = false;
$this->api->view->isAdmin = false;
$q = array();
$flt = "";
$ignore = AppdbAPIHelper::GetIgnoreParameterList();
//Collect query related parameters
foreach ($this->routeParams as $k => $v) {
if (in_array($k, $ignore)) {
continue;
}
$q[$k] = $v;
//Clear retreived parameters from request parameters
unset($this->routeParams[$k]);
unset($_GET[$k]);
}
if (array_key_exists('userid', $q)) {
//user ID with hashed password, matched against hash in database
if (array_key_exists('passwd', $q)) {
$u = new Default_Model_Researchers();
$u->filter->id->equals($q["userid"]);
if (count($u->items) > 0) {
if ($u->items[0]->password === $q["passwd"]) {
$this->api->view->isAuthenticated = true;
$this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified;
$_GET["userid"] = $q["userid"];
// error_log('API call authenticated');
}
}
}
} elseif (array_key_exists('username', $q)) {
//username and real password, matched against LDAP
error_log('Trying to authenticate user via LDAP');
$u = new Default_Model_Researchers();
$u->filter->username->equals($q["username"]);
if (count($u->items) > 0) {
$username = $q["username"];
$userid = $u->items[0]->id;
} else {
$username = null;
}
if ($username !== null) {
if (array_key_exists('passwd', $q)) {
$ldap = ApplicationConfiguration::service('egi.ldap.host');
$username = "******" . $username . ",ou=people,dc=egi,dc=eu";
$password = $q['passwd'];
$ldapbind = false;
$ds = ldap_connect($ldap);
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
if (APPLICATION_ENV == 'production') {
if (ldap_start_tls($ds)) {
$ldapbind = @ldap_bind($ds, $username, $password);
}
} else {
$ldapbind = @ldap_bind($ds, $username, $password);
}
}
}
ldap_close($ds);
if ($ldapbind) {
//login info was valid
$_GET["userid"] = $userid;
$this->api->view->isAuthenticated = true;
$this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified;
} else {
error_log('API call authentication failed');
}
}
}
}
//Remove unwanted fields from flt
foreach (array("orderbyOp", "orderby", "userid", "passwd", "username", "id") as $ign) {
if (array_key_exists($ign, $q)) {
$_GET[$ign] = $q[$ign];
unset($q[$ign]);
}
}
if (array_key_exists('flt', $q) && count($this->routeModelQuery) === 0) {
$_GET['flt'] = $q['flt'];
if (isset($q['fuzzySearch'])) {
$_GET['fuzzySearch'] = $q['fuzzySearch'];
}
} else {
$q = AppdbAPIRequestProcessor::Transform($this->routeXslt, $this->version, $q);
if ($q === null) {
$this->api->view->Error = "Invalid query parameter";
return;
}
if (count($this->routeModelQuery) > 0) {
$mq = $this->routeModelQuery;
$this->routeModelQuery = array();
foreach ($mq as $m) {
if (isset($q[$m])) {
$this->routeModelQuery[$m] = $q[$m];
}
}
} else {
if (count($q) > 0) {
//Create json query object for FILTER query
$flt = "";
foreach ($q as $k => $v) {
if (strpos($k, "id") > 0) {
$flt .= "+=" . $k . ":" . $v . " ";
} else {
$flt .= "+" . $k . ":" . $v . " ";
}
}
}
}
if ($flt != "") {
$_GET[AppdbAPIHelper::GetQueryKey()] = $flt;
}
}
}
