public function Validate($username, $password) { $this->password = $password; $username = $this->CleanUsername($username); $connected = $this->ldap->Connect(); if (!$connected) { throw new Exception("Could not connect to LDAP server. Please check your LDAP configuration settings"); } $filter = $this->options->Filter(); $isValid = $this->ldap->Authenticate($username, $password, $filter); Log::Debug("Result of LDAP Authenticate for user %s: %d", $username, $isValid); if ($isValid) { $this->user = $this->ldap->GetLdapUser($username); $userLoaded = $this->LdapUserExists(); if (!$userLoaded) { Log::Error("Could not load user details from LDAP. Check your ldap settings. User: %s", $username); } return $userLoaded; } else { if ($this->options->RetryAgainstDatabase()) { return $this->authToDecorate->Validate($username, $password); } } return false; }
/** * @param $username string * @param $configFilter string * @return void */ private function PopulateUser($username, $configFilter) { $uidAttribute = $this->options->GetUserIdAttribute(); Log::Debug('LDAP - uid attribute: %s', $uidAttribute); $RequiredGroup = $this->options->GetRequiredGroup(); $filter = Net_LDAP2_Filter::create($uidAttribute, 'equals', $username); if ($configFilter) { $configFilter = Net_LDAP2_Filter::parse($configFilter); if (Net_LDAP2::isError($configFilter)) { $message = 'Could not parse search filter %s: ' . $configFilter->getMessage(); Log::Error($message, $username); } $filter = Net_LDAP2_Filter::combine('and', array($filter, $configFilter)); } $attributes = $this->options->Attributes(); Log::Debug('LDAP - Loading user attributes: %s', implode(', ', $attributes)); $options = array('attributes' => $attributes); Log::Debug('Searching ldap for user %s', $username); $searchResult = $this->ldap->search(null, $filter, $options); if (Net_LDAP2::isError($searchResult)) { $message = 'Could not search ldap for user %s: ' . $searchResult->getMessage(); Log::Error($message, $username); } $currentResult = $searchResult->current(); if ($searchResult->count() == 1 && $currentResult !== false) { Log::Debug('Found user %s', $username); if (!empty($RequiredGroup)) { Log::Debug('LDAP - Required Group: %s', $RequiredGroup); $group_filter = Net_LDAP2_Filter::create('uniquemember', 'equals', $currentResult->dn()); $group_searchResult = $this->ldap->search($RequiredGroup, $group_filter, null); if (Net_LDAP2::isError($group_searchResult) && !empty($RequiredGroup)) { $message = 'Could not match Required Group %s: ' . $group_searchResult->getMessage(); Log::Error($message, $username); } if ($group_searchResult->count() == 1 && $group_searchResult !== false) { Log::Debug('Matched Required Group %s', $RequiredGroup); /** @var Net_LDAP2_Entry $entry */ $this->user = new LdapUser($currentResult, $this->options->AttributeMapping()); } } else { /** @var Net_LDAP2_Entry $entry */ $this->user = new LdapUser($currentResult, $this->options->AttributeMapping()); } } else { Log::Debug('Could not find user %s', $username); } }
public function testGetsDefaultUserIdAttribute() { $configFile = new FakeConfigFile(); $configFile->SetKey(LdapConfig::USER_ID_ATTRIBUTE, ''); $this->fakeConfig->SetFile(LdapConfig::CONFIG_ID, $configFile); $options = new LdapOptions(); $this->assertEquals('uid', $options->GetUserIdAttribute()); }