/** * @return void */ public function testExplodeDnOperation() { $inputs = array('CN=Alice Baker,CN=Users,DC=example,DC=com' => true, 'CN=Baker\\, Alice,CN=Users,DC=example,DC=com' => true, 'OU=Sales,DC=local' => true, 'OU=Sales;DC=local' => true, 'OU=Sales ,DC=local' => true, 'OU=Sales, dC=local' => true, 'ou=Sales , DC=local' => true, 'OU=Sales ; dc=local' => true, 'DC=local' => true, ' DC=local' => true, 'DC= local ' => true, 'username' => false, '*****@*****.**' => false, 'EXAMPLE\\username' => false, 'CN=,Alice Baker,CN=Users,DC=example,DC=com' => false, 'CN=Users,DC==example,DC=com' => false, 'O=ACME' => true, '' => false, ' ' => false); foreach ($inputs as $dn => $expected) { $ret = Zend_Ldap::explodeDn($dn); $this->assertTrue($ret === $expected); } }
/** * @param string $username The username for authenticating the bind * @param string $password The password for authenticating the bind * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function bind($username = null, $password = null) { $moreCreds = true; if ($username === null) { $username = $this->_getUsername(); $password = $this->_getPassword(); $moreCreds = false; } if ($username === NULL) { /* Perform anonymous bind */ $password = NULL; } else { /* Check to make sure the username is in DN form. */ if (!Zend_Ldap::explodeDn($username)) { if ($this->_options['bindRequiresDn']) { /* moreCreds stops an infinite loop if _getUsername does not * return a DN and the bind requires it */ if ($moreCreds) { try { $username = $this->_getAccountDn($username); } catch (Zend_Ldap_Exception $zle) { /** * @todo Temporary measure to deal with exception thrown for ldap extension not loaded */ if (strpos($zle->getMessage(), 'LDAP extension not loaded') !== false) { throw $zle; } // end temporary measure switch ($zle->getCode()) { case Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT: case Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH: throw $zle; } throw new Zend_Ldap_Exception(null, 'Failed to retrieve DN for account: ' . $zle->getMessage(), Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR); } } else { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Binding requires username in DN form'); } } else { $username = $this->getCanonicalAccountName($username, Zend_Ldap::ACCTNAME_FORM_PRINCIPAL); } } } if (!is_resource($this->_resource)) { $this->connect(); } if ($username !== null && $password === '' && $this->_options['allowEmptyPassword'] !== true) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; $zle = new Zend_Ldap_Exception(null, 'Empty password not allowed - see allowEmptyPassword option.'); } else { if (@ldap_bind($this->_resource, $username, $password)) { return $this; } $message = $username === null ? $this->_connectString : $username; /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; switch (Zend_Ldap_Exception::getLdapCode($this)) { case Zend_Ldap_Exception::LDAP_SERVER_DOWN: /* If the error is related to establishing a connection rather than binding, * the connect string is more informative than the username. */ $message = $this->_connectString; } $zle = new Zend_Ldap_Exception($this->_resource, $message); } $this->disconnect(); throw $zle; }