/** * Load thumbnail and save it's base64 in userdata * @param Manager $ldap * @param array $userData * @return string|false */ public static function getThumbnail(Manager $ldap, array $userData) { $raw = $ldap->search(null, Utils::getUserLookup($userData['username']), true, array('thumbnailphoto')); if (!$raw->current() instanceof Node) { return false; } /** @var NodeAttribute[] $attrs */ $attrs = $raw->current()->getAttributes(); // Load user image if (empty($attrs['thumbnailPhoto']) !== true && $attrs['thumbnailPhoto']->getValues()) { $img = $attrs['thumbnailPhoto']->getValues(); return 'data:image/jpg' . ';base64,' . base64_encode($img[0]); } return false; }
/** * Asserts binding parameters * * @param array $params Given parameters * @param boolean $isBound Expected hostname * @param boolean $isAnonymous Expected port * @param string $dn Bind dn (Default: null) * @param string $password Bind password (Default: null) * * @return void */ protected function assertBinding($params, $isBound, $isAnonymous, $dn = null, $password = null) { $manager = new Manager($params, $this->driver); $manager->connect(); $manager->bind(); $instance = $this->driver->getConnection(); $this->assertEquals($isBound, $instance->isBound()); if ($isAnonymous) { $this->assertNull($instance->getBindDn(), 'Anonymous bind Dn'); $this->assertNull($instance->getBindPassword(), 'Anonymous bind Password'); } else { $this->assertEquals($dn, $instance->getBindDn(), 'Privileged bind Dn'); $this->assertEquals($password, $instance->getBindPassword(), 'Privileged bind Password'); } }
/** * Load data as per constructor instance * * @param Manager $ldap * @param array $userData * @return array */ public function getUserInfo(Manager $ldap, array $userData) { // Load $raw = $ldap->search(NULL, Utils::getUserLookup($userData['username']), TRUE, array_keys($this->loadInfo)); if (!$raw->current() instanceof Node) { return array(); } $attributes = $raw->current()->getAttributes(); // Post process & return $return = array(); foreach ($attributes as $key => $value) { /** @var NodeAttribute $value */ $newKey = $this->loadInfo[$key]; if ($key == 'objectSid') { $return[$newKey] = array($this->getObjectSidFromBinary($value->getValues()[0])); } else { $return[$newKey] = $value->getValues(); } if (count($return[$newKey]) === 1) { $return[$newKey] = reset($return[$newKey]); } } return $return; }
/** * Perform auth against ldap * * @param array $credentials * @return Identity|\Nette\Security\IIdentity * @throws \Nette\Security\AuthenticationException */ public function authenticate(array $credentials) { list($username, $password) = $credentials; $username = call_user_func_array($this->usernameGenerator, array($this->ldap, $username)); // Auth try { $this->ldap->connect(); // @todo: Pullrequest to toyota, to check whether we're already connected $this->ldap->bind($username, $password); $data = array('username' => $username, 'fqdn' => $this->fqdn); } catch (BindException $e) { throw new AuthenticationException('Username or password is not valid', $e->getCode(), $e); } // Success handlers foreach ($this->onSuccess as $key => $handler) { $data[$key] = call_user_func_array($handler, array($this->ldap, $data)); } // Allow/refuse login based on groups $this->assertHasGroupAccess($data); // Get & return the identity return call_user_func_array($this->identityGenerator, array($this->ldap, $data)); }
/** * Tests alternative binding * * @return void */ public function testAlternativeBinding() { $params = $this->minimal; $params['bind_dn'] = 'default_dn'; $params['bind_password'] = '******'; $manager = new Manager($params, $this->driver); $manager->connect(); $instance = $this->driver->getConnection(); $manager->bind(); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used'); $this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used'); $manager->bind(null, ''); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used'); $this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used'); $manager->bind(null, 'alt_pass'); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used'); $this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used'); $manager->bind('', 'alt_pass'); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('default_dn', $instance->getBindDn(), 'Default credential got used'); $this->assertEquals('default_password', $instance->getBindPassword(), 'Default credential got used'); $manager->bind('alt_dn', 'alt_pass'); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs'); $this->assertEquals('alt_pass', $instance->getBindPassword(), 'Alternative password got used'); $manager->bind('alt_dn', ''); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs'); $this->assertEquals('', $instance->getBindPassword(), 'Alternative password got used'); $manager->bind('alt_dn'); $this->assertTrue($instance->isBound(), 'Binding occured'); $this->assertEquals('alt_dn', $instance->getBindDn(), 'Now alternative binding occurs'); $this->assertEquals('', $instance->getBindPassword(), 'Default empty password got used'); }
/** * Tests complex updates with changeset merging when saving * * @return void */ public function testSaveMergesChanges() { $manager = new Manager($this->minimal, $this->driver); $manager->connect(); $manager->bind(); $entry = new Entry('test_dn', array('a' => array('a1', 'a2'), 'b' => array('b1', 'b2'), 'c' => array('c1', 'c2'), 'd' => array('d1', 'd2'), 'e' => array('e1', 'e2'))); $this->driver->getConnection()->stackResults(array($entry)); $node = new Node(); $node->setDn('test_dn'); $node->get('a', true)->add(array('a2', 'a4')); $node->get('b', true)->add(array('b1', 'b3')); $node->get('c', true)->add(array('c1', 'c3')); $node->get('d', true)->add(array('d1', 'd2', 'd3', 'd4')); $node->get('g', true)->add('g1'); $node->get('h', true)->add(array('h1', 'h2')); $node->get('i', true)->add(array('i1', 'i2')); $node->snapshot(false); $node->get('a')->add(array('a1', 'a3')); $node->removeAttribute('b'); $node->get('c')->set(array('c4', 'c5')); $node->get('d')->remove('d2'); $node->get('d')->remove('d3'); $node->get('d')->add('d5'); $node->get('f', true)->add(array('f1', 'f2')); $node->removeAttribute('g'); $node->get('h')->set(array('h1', 'h3')); $node->get('i')->remove('i2'); $this->assertFalse($manager->save($node), 'Node persistence resulted in an update'); $this->assertSearchLog($this->driver->getConnection()->shiftLog(), 'test_dn', '(objectclass=*)', SearchInterface::SCOPE_BASE, null, array($entry)); $this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_add', 'test_dn', array('a' => array('a3'), 'd' => array('d5'), 'f' => array('f1', 'f2'), 'h' => array('h1', 'h3'))); $this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_del', 'test_dn', array('b' => array(), 'd' => array('d2'))); $this->assertActionLog($this->driver->getConnection()->shiftLog(), 'attr_rep', 'test_dn', array('c' => array('c4', 'c5'))); $this->assertNull($this->driver->getConnection()->shiftLog(), 'All logs have been parsed'); $this->assertSnapshot($node, 'A node is snapshot after update'); }
/** * @param Manager $ldap * @param $groupDn * @return Node[]|false */ protected function getGroupMemberOf(Manager $ldap, $groupDn) { return $ldap->search(null, str_replace(':group:', ldap_escape($groupDn, null, LDAP_ESCAPE_DN), self::$GroupMemberOfLookup)); }