public function Validate($username, $password)
{
$this->password = $password;
$username = $this->CleanUsername($username);
$connected = $this->ldap->Connect();
if (!$connected) {
throw new Exception("Could not connect to LDAP server. Please check your LDAP configuration settings");
}
$filter = $this->options->Filter();
$isValid = $this->ldap->Authenticate($username, $password, $filter);
Log::Debug("Result of LDAP Authenticate for user %s: %d", $username, $isValid);
if ($isValid) {
$this->user = $this->ldap->GetLdapUser($username);
$userLoaded = $this->LdapUserExists();
if (!$userLoaded) {
Log::Error("Could not load user details from LDAP. Check your ldap settings. User: %s", $username);
}
return $userLoaded;
} else {
if ($this->options->RetryAgainstDatabase()) {
return $this->authToDecorate->Validate($username, $password);
}
}
return false;
}
/**
* @param $username string
* @param $configFilter string
* @return void
*/
private function PopulateUser($username, $configFilter)
{
$uidAttribute = $this->options->GetUserIdAttribute();
Log::Debug('LDAP - uid attribute: %s', $uidAttribute);
$RequiredGroup = $this->options->GetRequiredGroup();
$filter = Net_LDAP2_Filter::create($uidAttribute, 'equals', $username);
if ($configFilter) {
$configFilter = Net_LDAP2_Filter::parse($configFilter);
if (Net_LDAP2::isError($configFilter)) {
$message = 'Could not parse search filter %s: ' . $configFilter->getMessage();
Log::Error($message, $username);
}
$filter = Net_LDAP2_Filter::combine('and', array($filter, $configFilter));
}
$attributes = $this->options->Attributes();
Log::Debug('LDAP - Loading user attributes: %s', implode(', ', $attributes));
$options = array('attributes' => $attributes);
Log::Debug('Searching ldap for user %s', $username);
$searchResult = $this->ldap->search(null, $filter, $options);
if (Net_LDAP2::isError($searchResult)) {
$message = 'Could not search ldap for user %s: ' . $searchResult->getMessage();
Log::Error($message, $username);
}
$currentResult = $searchResult->current();
if ($searchResult->count() == 1 && $currentResult !== false) {
Log::Debug('Found user %s', $username);
if (!empty($RequiredGroup)) {
Log::Debug('LDAP - Required Group: %s', $RequiredGroup);
$group_filter = Net_LDAP2_Filter::create('uniquemember', 'equals', $currentResult->dn());
$group_searchResult = $this->ldap->search($RequiredGroup, $group_filter, null);
if (Net_LDAP2::isError($group_searchResult) && !empty($RequiredGroup)) {
$message = 'Could not match Required Group %s: ' . $group_searchResult->getMessage();
Log::Error($message, $username);
}
if ($group_searchResult->count() == 1 && $group_searchResult !== false) {
Log::Debug('Matched Required Group %s', $RequiredGroup);
/** @var Net_LDAP2_Entry $entry */
$this->user = new LdapUser($currentResult, $this->options->AttributeMapping());
}
} else {
/** @var Net_LDAP2_Entry $entry */
$this->user = new LdapUser($currentResult, $this->options->AttributeMapping());
}
} else {
Log::Debug('Could not find user %s', $username);
}
}
public function testGetsDefaultUserIdAttribute()
{
$configFile = new FakeConfigFile();
$configFile->SetKey(LdapConfig::USER_ID_ATTRIBUTE, '');
$this->fakeConfig->SetFile(LdapConfig::CONFIG_ID, $configFile);
$options = new LdapOptions();
$this->assertEquals('uid', $options->GetUserIdAttribute());
}
