/**
* Check the username / password against the LDAP server
*/
function LDAP_check($username, $password)
{
global $c;
$ldapDriver = getStaticLdap();
if (!$ldapDriver->valid) {
sleep(1);
// Sleep very briefly to try and survive intermittent issues
$ldapDriver = getStaticLdap();
if (!$ldapDriver->valid) {
dbg_error_log("ERROR", "Couldn't contact LDAP server for authentication");
foreach ($c->messages as $msg) {
dbg_error_log("ERROR", "-> " . $msg);
}
header(sprintf("HTTP/1.1 %d %s", 503, translate("Authentication server unavailable.")));
exit(0);
}
}
$mapping = $c->authenticate_hook['config']['mapping_field'];
if (isset($mapping['active']) && !isset($mapping['user_active'])) {
// Backward compatibility: now 'user_active'
$mapping['user_active'] = $mapping['active'];
unset($mapping['active']);
}
if (isset($mapping['updated']) && !isset($mapping['modified'])) {
// Backward compatibility: now 'modified'
$mapping['modified'] = $mapping['updated'];
unset($mapping['updated']);
}
$attributes = array_values_mapping($mapping);
/**
* If the config contains a filter that starts with a ( then believe
* them and don't modify it, otherwise wrap the filter.
*/
$filter_munge = "";
if (preg_match('/^\\(/', $ldapDriver->filterUsers)) {
$filter_munge = $ldapDriver->filterUsers;
} else {
if (isset($ldapDriver->filterUsers) && $ldapDriver->filterUsers != '') {
$filter_munge = "({$ldapDriver->filterUsers})";
}
}
$filter = "(&{$filter_munge}(" . $mapping['username'] . "={$username}))";
$valid = $ldapDriver->requestUser($filter, $attributes, $username, $password);
// is a valid user or not
if (!$valid) {
dbg_error_log("LDAP", "user %s is not a valid user", $username);
return false;
}
$ldap_timestamp = $valid[$mapping['modified']];
/**
* This splits the LDAP timestamp apart and assigns values to $Y $m $d $H $M and $S
*/
foreach ($c->authenticate_hook['config']['format_updated'] as $k => $v) {
${$k} = substr($ldap_timestamp, $v[0], $v[1]);
}
$ldap_timestamp = "{$Y}" . "{$m}" . "{$d}" . "{$H}" . "{$M}" . "{$S}";
$valid[$mapping['modified']] = "{$Y}-{$m}-{$d} {$H}:{$M}:{$S}";
$principal = new Principal('username', $username);
if ($principal->Exists()) {
// should we update it ?
$db_timestamp = $principal->modified;
$db_timestamp = substr(strtr($db_timestamp, array(':' => '', ' ' => '', '-' => '')), 0, 14);
if ($ldap_timestamp <= $db_timestamp) {
return $principal;
// no need to update
}
// we will need to update the user record
} else {
dbg_error_log("LDAP", "user %s doesn't exist in local DB, we need to create it", $username);
}
$principal->setUsername($username);
// The local cached user doesn't exist, or is older, so we create/update their details
sync_user_from_LDAP($principal, $mapping, $valid);
return $principal;
}
