/** * Sets a LDAP password. * * @param string $password * @param string $hashType * @param string $attribName * @return Node Provides a fluid interface * @throws Exception\LdapException */ public function setPasswordAttribute($password, $hashType = Attribute::PASSWORD_HASH_MD5, $attribName = 'userPassword') { $this->assertChangeableAttribute($attribName); Attribute::setPassword($this->currentData, $password, $hashType, $attribName); return $this; }
public function testPasswordSettingCustomAttribute() { $data = array(); Attribute::setPassword($data, 'pa$$w0rd', Attribute::PASSWORD_HASH_SHA, 'myAttribute'); $password = Attribute::getAttribute($data, 'myAttribute', 0); $this->assertNotNull($password); }
public function testChangePasswordWithUserAccountActiveDirectory() { if ($this->getLDAP()->getRootDse()->getServerType() !== Node\RootDse::SERVER_TYPE_ACTIVEDIRECTORY) { $this->markTestSkipped('Test can only be run on an ActiveDirectory server'); } $options = $this->getLDAP()->getOptions(); if ($options['useSsl'] !== true && $options['useStartTls'] !== true) { $this->markTestSkipped('Test can only be run on an SSL or TLS secured connection'); } $dn = $this->createDn('cn=New User,'); $data = array(); $password = '******'; Ldap\Attribute::setAttribute($data, 'cn', 'New User', false); Ldap\Attribute::setAttribute($data, 'displayName', 'New User', false); Ldap\Attribute::setAttribute($data, 'sAMAccountName', 'newuser', false); Ldap\Attribute::setAttribute($data, 'userAccountControl', 512, false); Ldap\Attribute::setAttribute($data, 'objectClass', 'person', true); Ldap\Attribute::setAttribute($data, 'objectClass', 'organizationalPerson', true); Ldap\Attribute::setAttribute($data, 'objectClass', 'user', true); Ldap\Attribute::setPassword($data, $password, Ldap\Attribute::PASSWORD_UNICODEPWD, 'unicodePwd'); try { $this->getLDAP()->add($dn, $data); $this->getLDAP()->bind($dn, $password); $newPasswd = 'newpasswd'; $newData = array(); Ldap\Attribute::setPassword($newData, $newPasswd, Ldap\Attribute::PASSWORD_UNICODEPWD); $this->getLDAP()->update($dn, $newData); try { $this->getLDAP()->bind($dn, $password); $this->fail('Expected exception not thrown'); } catch (Exception\LdapException $zle) { $message = $zle->getMessage(); $this->assertTrue(strstr($message, 'Invalid credentials') || strstr($message, 'Server is unwilling to perform')); } $this->assertInstanceOf('\\Zend\\Ldap\\Ldap', $this->getLDAP()->bind($dn, $newPasswd)); $this->getLDAP()->bind(); $this->getLDAP()->delete($dn); } catch (Exception\LdapException $e) { $this->getLDAP()->bind(); if ($this->getLDAP()->exists($dn)) { $this->getLDAP()->delete($dn); } $this->fail($e->getMessage()); } }
public function loginAction() { // if($this->identity()-> $prg = $this->postRedirectGet('login'); if ($prg instanceof Response) { return $prg; } else { /** @var \Zend\Form\Form $form */ $form = $this->getServiceLocator()->get('form\\loginForm'); if ($prg) { $form->setData($prg); if ($form->isValid()) { /** @var \Zend\Authentication\Adapter\Ldap $ldapAdapter */ $ldapAdapter = $this->getServiceLocator()->get('ldap_auth_adapter'); $username = $form->get('username')->getValue(); $password = $form->get('password')->getValue(); $ldapResult = $ldapAdapter->setIdentity($username)->setCredential($password)->authenticate(); if (!$ldapResult->isValid()) { /** @var \Zend\Authentication\Adapter\DbTable\CallbackCheckAdapter $wpAdapter */ $wpAdapter = $this->getServiceLocator()->get('auth_adapter_wordpress'); $wpResult = $wpAdapter->setIdentity($username)->setCredential($password)->authenticate(); if ($wpResult->isValid()) { $wpUser = $wpAdapter->getResultRowObject(null, array('user_pass')); /** @var \Application\Mapper\WPUserMeta $wpMeta */ $wpMeta = $this->getServiceLocator()->get('mapper/wpusermeta'); $groups = unserialize($wpMeta->getMetaForUser($wpUser, 'wp_capabilities')->meta_value); $rfid = $wpMeta->getMetaForUser($wpUser, 'rfid_code')->meta_value; $entry = []; LdapAttribute::setAttribute($entry, 'cn', $wpUser->user_login); LdapAttribute::setAttribute($entry, 'rfidCode', $rfid); LdapAttribute::setAttribute($entry, 'mail', $wpUser->user_email); LdapAttribute::setAttribute($entry, 'objectClass', 'User'); LdapAttribute::setAttribute($entry, 'samAccountName', $wpUser->user_login); LdapAttribute::setPassword($entry, $password, LdapAttribute::PASSWORD_UNICODEPWD); LdapAttribute::setAttribute($entry, 'userAccountControl', 512); // $ldap = $ldapAdapter->getLdap(); /** @var ZendLdap $ldap */ $ldap = $this->getServiceLocator()->get('ldap'); $dn = sprintf('CN=%s,CN=Users,DC=hackspace,DC=internal', $wpUser->user_login); $ldap->add($dn, $entry); $dn = $ldap->getCanonicalAccountName($username, ZendLdap::ACCTNAME_FORM_DN); $ldapPasswordArray = []; LdapAttribute::setPassword($ldapPasswordArray, $password, LdapAttribute::PASSWORD_UNICODEPWD); try { $ldap->update($dn, $ldapPasswordArray); } catch (LdapException $e) { // $ldapAdapter->getLdap()->delete($dn); Debug::dump($e->getMessage()); die; } // Debug::dump($hm); // Debug::dump($hm); // \Zend\Debug\Debug::dump($groups); // \Zend\Debug\Debug::dump($rfid); //$ldapAdapter->getLdap()->add(); } else { $this->flashMessenger()->addMessage('The username and/or password is invalid'); foreach ($ldapResult->getMessages() as $message) { $this->flashMessenger()->addMessage($message); } $this->redirect()->refresh(); } } else { $ldap = $this->getServiceLocator()->get('ldap'); $this->flashMessenger()->addMessage('Logged in via LDAP!'); $dn = sprintf('CN=%s,CN=Users,DC=hackspace,DC=internal', $username); $ldapPasswordArray = []; LdapAttribute::setPassword($ldapPasswordArray, 'Frogs22ontheroof', LdapAttribute::PASSWORD_UNICODEPWD); try { $ldap->update($dn, $ldapPasswordArray); } catch (LdapException $e) { $this->flashMessenger()->addMessage($e->getMessage()); } $this->redirect()->refresh(); } } } return array('loginForm' => $form); } }