public function validUsername($uname, &$response) { if ($uname == NSS_STATIC_UID) { $response = array('uid' => NSS_STATIC_UID, 'mail' => NSS_STATIC_UID . '@nowhere.org', 'cn' => 'Test User', 'displayName' => 'Test User'); // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); return TRUE; } return FALSE; }
public function validUsername($uname, &$response) { $result = FALSE; if (preg_match($this->_prefs['usernameRegexp'], strtolower($uname), $pieces)) { $q = $this->_db->DBReadLocalUser($uname); if ($q) { $response = array('uid' => $q[0]['username'], 'mail' => $q[0]['mail'], 'cn' => $q[0]['displayname'], 'displayName' => $q[0]['displayname'], 'organization' => $q[0]['organization']); $result = TRUE; } else { $result = FALSE; } // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); } return $result; }
public function Tryvalid($uname, &$response) { global $smarty; $result = FALSE; // Bind to one of our LDAP servers: foreach ($this->_ldapServers as $ldapServer) { if ($this->_ldapUseSSL) { $ldapServer = "ldaps://" . $ldapServer; } if ($ldapConn = ldap_connect($ldapServer)) { // Set the protocol to 3 only: ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); // Connection made, now attempt to start TLS and bind anonymously: if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapBindUser, $this->_ldapBindPass)) { break; } } } if ($ldapBind) { if (!is_array($this->_ldapBase)) { $this->_ldapBase = array($this->_ldapBase); } foreach ($this->_ldapBase as $ldapBase) { $ldapSearch = ldap_search($ldapConn, $ldapBase, "sAMAccountName={$uname}"); if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) { // We got a result and a DN for the user in question, so // that means s/he exists! $result = TRUE; if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) { $response = array(); foreach ($responseArray as $key => $value) { if (is_array($value) && array_key_exists('count', $value) && $value['count'] >= 1) { $response[$key] = $value[0]; // For Klas Elmby and his AD "proxyAddresses" attribute // containing alternate email addresses for this user //if ($key=="proxyAddresses") { // $num = 0; // $response['proxyAdd'] = array(); // for ($n=0; $n<$value['count']; $n++) { // if (strncasecmp($value[$n],"smtp:",5)==0) { // $response['proxyAdd'][$num] = substr($value[$n],5); // $num++; // } // } // $response['proxyCount'] = $num; // // BUG BUG BUG -- Klas? $response[$key] = $proxStr; //} } else { $response[$key] = $value; } // Store the list of groups they are a member of if (strtolower($key) == $this->_ldapMemberKey) { $groups = $value; } } $response['organization'] = $this->_ldapOrg; // Do the authorisation check. User must be a member of a group. $authorisationPassed = TRUE; if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') { $authorisationPassed = FALSE; foreach ($groups as $group) { if (strtolower($group) == $this->_ldapMemberRole) { $authorisationPassed = TRUE; } } } if (!$authorisationPassed) { NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed'); //NSSError('This user is not permitted to use this service.','Authorisation Failed'); // We found the user okay, but he wasn't a group member $result = -69; if ($ldapConn) { ldap_close($ldapConn); } return $result; } // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); if ($ldapConn) { ldap_close($ldapConn); } return $result; } //} else { // if ( $ldapConn ) { // ldap_close($ldapConn); // } // return -69; } } // If we get to here, we managed to contact the server, but couldn't // find them in any of the BaseDNs we were told to search. if ($ldapConn) { ldap_close($ldapConn); } return -69; } else { // NSSError('Invalid username: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error'); if ($ldapConn) { ldap_close($ldapConn); } return -70; } if ($ldapConn) { ldap_close($ldapConn); } return $result; }
public function validUsername($uname, &$response) { global $smarty; $result = FALSE; // Bind to one of our LDAP servers: foreach ($this->_ldapServers as $ldapServer) { //if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;} if ($ldapConn = ldap_connect($ldapServer)) { // Set the protocol to 3 only: ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3); // Connection made, now attempt to start TLS and bind anonymously: // Only do start_tls if ldapUseSSL is false if (!$this->_ldapUseSSL || ldap_start_tls($ldapConn)) { if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapDn, $this->_ldapPass)) { break; } } } } if ($ldapBind) { $ldapSearch = ldap_search($ldapConn, $this->_ldapBase, "uid={$uname}"); if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) { // We got a result and a DN for the user in question, so // that means s/he exists! $result = TRUE; if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) { $response = array(); foreach ($responseArray as $key => $value) { if (is_array($value) && $value['count'] >= 1) { $response[$key] = $value[0]; } else { $response[$key] = $value; } // Store the list of groups they are a member of if (strtolower($key) == $this->_ldapMemberKey) { $groups = $value; } } // Set displayName and cn if not already set if ($this->_ldapFullName != "displayName") { $nameKeys = explode(" ", $this->_ldapFullName); $nameWords = array(); foreach ($nameKeys as $k) { if ($k) { $nameWords[] = $response[$k]; } } $response['displayName'] = implode(' ', $nameWords); } if (!$response['cn']) { $response['cn'] = $response['displayName']; } if (!$response['organization']) { $response['organization'] = $this->_ldapOrg; } // Do the authorisation check. User must be a member of a group. $authorisationPassed = TRUE; if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') { $authorisationPassed = FALSE; foreach ($groups as $group) { if (strtolower($group) == $this->_ldapMemberRole) { $authorisationPassed = TRUE; } } } if (!$authorisationPassed) { NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed'); $result = FALSE; } // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); } } } else { NSSError('Unable to connect to any of the LDAP servers; could not authenticate user.', 'LDAP Error'); } if ($ldapConn) { ldap_close($ldapConn); } return $result; }
public function validUsername($uname, &$response) { $result = FALSE; if (!$this->_imapDomain) { // There is no imapDomain so use the full supplied address as the uname $response = array('uid' => $uname, 'mail' => $uname, 'cn' => $uname, 'displayName' => $uname, 'organization' => $this->_imapOrg); $result = TRUE; // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); } else { // imapDomain is set, so strip out the username if (preg_match($this->_prefs['usernameRegexp'], strtolower($uname), $pieces)) { $response = array('uid' => $pieces[0], 'mail' => $pieces[0] . $this->_imapDomain, 'cn' => $pieces[0] . $this->_imapDomain, 'displayName' => $pieces[0] . $this->_imapDomain, 'organization' => $this->_imapOrg); $result = TRUE; // Chain to the super class for any further properties to be added // to the $response array: parent::validUsername($uname, $response); } } return $result; }