Exemple #1
0
/**
 * lookup the user's realname
 *
 * @param integer $p_user_id A valid user identifier.
 * @return string
 */
function user_get_realname($p_user_id)
{
    $t_realname = '';
    if (LDAP == config_get('login_method') && ON == config_get('use_ldap_realname')) {
        $t_realname = ldap_realname($p_user_id);
    }
    if (is_blank($t_realname)) {
        $t_realname = user_get_field($p_user_id, 'realname');
    }
    return $t_realname;
}
Exemple #2
0
/**
 * Authenticates an user via LDAP given the username and password.
 *
 * @param string $p_username The user name.
 * @param string $p_password The password.
 * @return true: authenticated, false: failed to authenticate.
 */
function ldap_authenticate_by_username($p_username, $p_password)
{
    if (ldap_simulation_is_enabled()) {
        log_event(LOG_LDAP, "Authenticating via LDAP simulation");
        $t_authenticated = ldap_simulation_authenticate_by_username($p_username, $p_password);
    } else {
        $c_username = ldap_escape_string($p_username);
        $t_ldap_organization = config_get('ldap_organization');
        $t_ldap_root_dn = config_get('ldap_root_dn');
        $t_ldap_uid_field = config_get('ldap_uid_field', 'uid');
        $t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$c_username}))";
        $t_search_attrs = array($t_ldap_uid_field, 'dn');
        # Bind
        log_event(LOG_LDAP, "Binding to LDAP server");
        $t_ds = ldap_connect_bind();
        if ($t_ds === false) {
            ldap_log_error($t_ds);
            trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
        }
        # Search for the user id
        log_event(LOG_LDAP, "Searching for {$t_search_filter}");
        $t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs);
        if ($t_sr === false) {
            ldap_log_error($t_ds);
            ldap_unbind($t_ds);
            log_event(LOG_LDAP, "ldap search failed");
            trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
        }
        $t_info = @ldap_get_entries($t_ds, $t_sr);
        if ($t_info === false) {
            ldap_log_error($t_ds);
            ldap_free_result($t_sr);
            ldap_unbind($t_ds);
            trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
        }
        $t_authenticated = false;
        if ($t_info['count'] > 0) {
            # Try to authenticate to each until we get a match
            for ($i = 0; $i < $t_info['count']; $i++) {
                $t_dn = $t_info[$i]['dn'];
                log_event(LOG_LDAP, "Checking {$t_info[$i]['dn']}");
                # Attempt to bind with the DN and password
                if (@ldap_bind($t_ds, $t_dn, $p_password)) {
                    $t_authenticated = true;
                    break;
                }
            }
        } else {
            log_event(LOG_LDAP, "No matching entries found");
        }
        log_event(LOG_LDAP, "Unbinding from LDAP server");
        ldap_free_result($t_sr);
        ldap_unbind($t_ds);
    }
    # If user authenticated successfully then update the local DB with information
    # from LDAP.  This will allow us to use the local data after login without
    # having to go back to LDAP.  This will also allow fallback to DB if LDAP is down.
    if ($t_authenticated) {
        $t_user_id = user_get_id_by_name($p_username);
        if (false !== $t_user_id) {
            $t_fields_to_update = array('password' => md5($p_password));
            if (ON == config_get('use_ldap_realname')) {
                $t_fields_to_update['realname'] = ldap_realname($t_user_id);
            }
            if (ON == config_get('use_ldap_email')) {
                $t_fields_to_update['email'] = ldap_email_from_username($p_username);
            }
            user_set_fields($t_user_id, $t_fields_to_update);
        }
        log_event(LOG_LDAP, "User '{$p_username}' authenticated");
    } else {
        log_event(LOG_LDAP, "Authentication failed");
    }
    return $t_authenticated;
}