/** * AD (Active directory) authentication function * * Authenticates users against MS Active Directory * Using library > adLDAP - LDAP Authentication with PHP for Active Directory * http://adldap.sourceforge.net * * @access private * @param mixed $username * @param mixed $password * @return void */ private function auth_AD($username, $password) { # adLDAP script require dirname(__FILE__) . "/../adLDAP/src/adLDAP.php"; # open connection try { $ad = json_decode($this->authmethodparams, true); // parse settings for LDAP connection and store them to array # set controllers $ad['domain_controllers'] = explode(";", str_replace(" ", "", $ad['domain_controllers'])); # Initialize AD class $adldap = new adLDAP(array('base_dn' => @$ad['base_dn'], 'account_suffix' => @$ad['account_suffix'], 'domain_controllers' => @$ad['domain_controllers'], 'use_ssl' => @$ad['use_ssl'], 'use_tls' => @$ad['use_tls'], 'ad_port' => @$ad['ad_port'])); # set OpenLDAP flag if ($this->ldap) { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { $this->Log->write("AD connect error", "Failed to connect to AD: " . $e->getMessage(), 2, $username); $this->Result->show("danger", _("Error: ") . $e->getMessage(), true); } # authenticate if ($adldap->authenticate($username, $password)) { # save to session $this->write_session_parameters(); $this->Log->write("AD login", "User " . $this->user->real_name . " logged in via AD", 0, $username); $this->Result->show("success", _("AD Login successful")); # write last logintime $this->update_login_time(); # remove possible blocked IP $this->block_remove_entry(); } else { if (@$authAD == 'Failed to connect to AD!') { $this->Log->write("AD login", "Failed to connect to AD server", 2, $username); $this->Result->show("danger", _("Failed to connect to AD server"), true); } else { if (@$authAD == 'Failed to authenticate user via AD!') { # add blocked count $this->block_ip(); $this->Log->write("AD login", "User {$username} failed to authenticate against AD", 1, $username); $this->Result->show("danger", _("Failed to authenticate user against AD"), true); } else { # add blocked count $this->block_ip(); $this->Log->write("AD login", "User {$username} failed to authenticate against AD", 1, $username); $this->Result->show("danger", _("Invalid username or password"), true); } } } }
try { if ($server->type == "NetIQ") { $params->account_suffix = ""; } //set options $options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port); //AD $adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //search groups $groups = $adldap->group()->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, true, "*{$_POST['dfilter']}*"); //echo $adldap->getLastError(); } catch (adLDAPException $e) { $Result->show("danger", $adldap->getLastError(), false); $Result->show("danger", $e->getMessage(), true); } //check for found if (sizeof($groups) == 0) { print "<div class='alert alert-info'>"; print _('No groups found') . "!<hr>"; print _('Possible reasons') . ":"; print "<ul>"; print "<li>" . _('Invalid baseDN setting for AD') . "</li>";
/** * Check user against AD */ function checkADLogin($username, $password) { /* get All settings */ $settings = getAllSettings(); # include login script include dirname(__FILE__) . "/adLDAP/src/adLDAP.php"; # open connection try { # get settings for connection $ad = getADSettings(); # AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); # set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { die('<div class="alert alert-danger">' . $e . '</div>'); } # user authentication $authUser = $adldap->authenticate($username, $password); # result if ($authUser == true) { return 'ok'; } else { $err = $adldap->getLastError(); print "<div class='alert alert-danger'>{$err}</div>"; return 'Failed to authenticate user via AD!'; } }
/** * Check user against AD */ function checkADLogin($username, $password) { /* get All settings */ $settings = getAllSettings(); //include login script include dirname(__FILE__) . "/adLDAP/src/adLDAP.php"; //open connection try { //get settings for connection $ad = getADSettings(); //AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); // set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { die('<div class="alert alert-error">' . $e . '</div>'); } //user authentication $authUser = $adldap->authenticate($username, $password); if ($authUser == true) { global $db; $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); $query = "SELECT id FROM users WHERE username = '******';"; $user_id = $database->getRow($query); if (count($user_id) == 0) { $real_name = str_replace('.', ' ', $username); $real_name = ucwords($real_name); $email = $username . "@enovance.com"; $query = "INSERT INTO users (username, role, real_name, email, domainUser, lang) VALUES ('{$username}', 'Administrator', '{$real_name}', '{$email}', 1, 1);"; $database->executeQuery($query); $user_id = $database->insert_id; if (count($user_id) > 0) { updateLogTable('Created user ' . $username . ' successfully', "", 0); } } $database->close(); if (count($user_id) > 0) { updateLogTable('User ' . $username . ' authenticated against AD.', "", 0); return 'ok'; } else { updateLogTable('Failed to create user .' . $username, "", 2); return "Failed to creater user {$username}"; } } else { updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2); $err = $adldap->getLastError(); return 'Failed to authenticate user via AD!'; } }
/** * Check user against AD */ function checkADLogin($username, $password) { /* first checked if it is defined in database - username and ad option */ global $db; # get variables from config file /* global $ad; */ /* check if user exists in local database */ $database = new database($db['host'], $db['user'], $db['pass'], $db['name']); $query = 'select count(*) as count from users where `username` = binary "' . $username . '" and `domainUser` = "1";'; /* execute */ try { $result = $database->getArray($query); } catch (Exception $e) { $error = $e->getMessage(); print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>"; return false; } /* close database connection */ $database->close(); /* get All settings */ $settings = getAllSettings(); /* if yes try with AD */ if ($result[0]['count'] == "1") { //include login script include dirname(__FILE__) . "/adLDAP/src/adLDAP.php"; //open connection try { //get settings for connection $ad = getADSettings(); //AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); // set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } } catch (adLDAPException $e) { die('<div class="alert alert-danger">' . $e . '</div>'); } //user authentication $authUser = $adldap->authenticate($username, $password); if ($authUser == true) { updateLogTable('User ' . $username . ' authenticated against AD.', "", 0); return 'ok'; } else { updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2); $err = $adldap->getLastError(); print "<div class='alert alert-danger'>{$err}</div>"; return 'Failed to authenticate user via AD!'; } } else { return false; } }