/** * Retrieve list of users with all details. * * @return array Rows of user data */ function ldap_auth_user_list($username = NULL) { global $config, $ds; ldap_init(); ldap_bind_dn(); //$filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')'; $filter_params = array(); $filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_objectclass']); if (!empty($username)) { // Filter users by username $filter_params[] = ldap_filter_create($config['auth_ldap_attr']['uid'], $username); } if (count($config['auth_ldap_group']) == 1) { //$filter = '(&'.$filter.'(memberof='.$config['auth_ldap_group'][0].'))'; $filter_params[] = ldap_filter_create('memberOf', $config['auth_ldap_group'][0]); } else { if (count($config['auth_ldap_group']) > 1) { $group_params = array(); foreach ($config['auth_ldap_group'] as $group) { //$group_filter .= '(memberof='.$group.')'; $group_params[] = ldap_filter_create('memberOf', $group); } $filter_params[] = ldap_filter_combine($group_params, '|'); //$filter = '(&'.$filter.'(|'.$group_filter.'))'; } } $filter = ldap_filter_combine($filter_params); print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]"); $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter); print_debug(ldap_error($ds)); $entries = ldap_get_entries($ds, $search); //print_vars($entries); if ($entries['count']) { for ($i = 0; $i < $entries['count']; $i++) { $username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0]; $realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0]; $user_id = ldap_internal_auth_user_id($entries[$i]); $email = $entries[$i]['mail'][0]; $userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username; print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]"); foreach ($config['auth_ldap_group'] as $ldap_group) { $authorized = 0; $compare = ldap_search_user($ldap_group, $userdn); if ($compare === -1) { print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]"); continue; } elseif ($compare === FALSE) { print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]"); } else { // $$compare === TRUE print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]"); $authorized = 1; break; } } if (!isset($config['auth_ldap_group']) || $authorized) { $user_level = ldap_auth_user_level($username); $userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id, 'level' => $user_level, 'email' => $email); } } } return $userlist; }
/** * Function to validate the user and password for a given login. Error messages in $ldap_cache["error"]; * * @param string User login * @param string User password (plain text) * * @return bool True if the login is correct, false in other case */ function ldap_valid_login($login, $password) { global $ldap_cache, $config; if (!function_exists("ldap_connect")) { die("Your installation of PHP does not support LDAP"); } $ret = false; if (!empty($config["auth_methods"]["ldap_port"])) { $ds = @ldap_connect($config["auth_methods"]["ldap_server"], $config["auth_methods"]["ldap_port"]); //Since this is a separate bind, we don't store it global } else { $ds = @ldap_connect($config["auth_methods"]["ldap_server"]); //Since this is a separate bind we don't store it global } if ($ds) { if ($config["auth_methods"]["ldap_version"] > 0) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config["auth_methods"]["ldap_version"]); } if ($config["auth_methods"]["ldap_start_tls"] && !@ldap_start_tls($ds)) { $ldap_cache["error"] .= 'Could not start TLS for LDAP connection'; return $ret; } if (ldap_search_user($login)) { $r = @ldap_bind($ds, $config["auth_methods"]["ldap_login_attr"] . "=" . $login . "," . $config["auth_methods"]["ldap_base_dn"], $password); if (!$r) { $ldap_cache["error"] .= 'Invalid login'; //$ldap_cache["error"] .= ': incorrect password'; // uncomment for debugging } else { $ret = true; } } else { $ldap_cache["error"] .= 'Invalid login'; //$ldap_cache["error"] .= ': no such user'; } @ldap_close($ds); } else { $ldap_cache["error"] .= 'Error connecting to LDAP server'; } return $ret; }