/** * Check the username / password against the LDAP server */ function LDAP_check($username, $password) { global $c; $ldapDriver = getStaticLdap(); if (!$ldapDriver->valid) { sleep(1); // Sleep very briefly to try and survive intermittent issues $ldapDriver = getStaticLdap(); if (!$ldapDriver->valid) { dbg_error_log("ERROR", "Couldn't contact LDAP server for authentication"); foreach ($c->messages as $msg) { dbg_error_log("ERROR", "-> " . $msg); } header(sprintf("HTTP/1.1 %d %s", 503, translate("Authentication server unavailable."))); exit(0); } } $mapping = $c->authenticate_hook['config']['mapping_field']; if (isset($mapping['active']) && !isset($mapping['user_active'])) { // Backward compatibility: now 'user_active' $mapping['user_active'] = $mapping['active']; unset($mapping['active']); } if (isset($mapping['updated']) && !isset($mapping['modified'])) { // Backward compatibility: now 'modified' $mapping['modified'] = $mapping['updated']; unset($mapping['updated']); } $attributes = array_values_mapping($mapping); /** * If the config contains a filter that starts with a ( then believe * them and don't modify it, otherwise wrap the filter. */ $filter_munge = ""; if (preg_match('/^\\(/', $ldapDriver->filterUsers)) { $filter_munge = $ldapDriver->filterUsers; } else { if (isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers != '') { $filter_munge = "({$ldapDriver->filterUsers})"; } } $filter = "(&{$filter_munge}(" . $mapping['username'] . "={$username}))"; $valid = $ldapDriver->requestUser($filter, $attributes, $username, $password); // is a valid user or not if (!$valid) { dbg_error_log("LDAP", "user %s is not a valid user", $username); return false; } $ldap_timestamp = $valid[$mapping['modified']]; /** * This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S */ foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) { ${$k} = substr($ldap_timestamp, $v[0], $v[1]); } $ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}"; $valid[$mapping['modified']] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}"; $principal = new Principal('username', $username); if ($principal->Exists()) { // should we update it ? $db_timestamp = $principal->modified; $db_timestamp = substr(strtr($db_timestamp, array(':' => '', ' ' => '', '-' => '')), 0, 14); if ($ldap_timestamp <= $db_timestamp) { return $principal; // no need to update } // we will need to update the user record } else { dbg_error_log("LDAP", "user %s doesn't exist in local DB, we need to create it", $username); } $principal->setUsername($username); // The local cached user doesn't exist, or is older, so we create/update their details sync_user_from_LDAP($principal, $mapping, $valid); return $principal; }