/** * Initializes a new connection to CIF LDAP. * This method is protected to ensure that new CifLdap instances * can't be created with the `new` keyword. */ protected function __construct() { if (!putenv('LDAPTLS_CACERT=' . self::TLS_CERT)) { trigger_error('Unable to set TLS certificate', E_USER_WARNING); } $this->log('Connecting to CIF LDAP.'); self::$connection = ldap_connect(self::LDAP_SERVER); if (!self::$connection) { $this->log_and_except('Unable to open connection to CIF LDAP.'); } if (self::DEBUG) { ldap_set_option(self::$connection, LDAP_OPT_DEBUG_LEVEL, 7); } if (!ldap_start_tls(self::$connection)) { $this->log_and_except('Unable to secure CIF LDAP connection.'); } ldap_set_option(self::$connection, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option(self::$connection, LDAP_OPT_REFERRALS, 0); // Don't follow referals from the server $this->log('Binding to CIF LDAP.'); if (!ldap_sasl_bind(self::$connection, null, null, 'GSSAPI', null, null, null, 'maxssf=1')) { $this->log_and_except('Unable to perform SASL bind to CIF LDAP.'); } }