/** * @return void */ public function testInvalidOptionResultsInException() { $optionName = 'invalid'; try { $this->ldap->setOptions(array($optionName => 'irrelevant')); $this->fail('Expected Zend\\Ldap\\Exception\\LdapException not thrown'); } catch (Exception\LdapException $e) { $this->assertEquals("Unknown Zend\\Ldap\\Ldap option: {$optionName}", $e->getMessage()); } }
/** * Authenticate a login request against ldap. * * @return \Application\Model\Zend\Ldap\Exception\LdapException|boolean */ public function authenticate() { $multiOptions = $this->getConfiguration(); $ldap = new Ldap(); foreach ($multiOptions as $options) { $ldap->setOptions($options); try { $ldap->bind($this->sFullIdentity, $this->sPass); $oResult = new Result(Result::SUCCESS, $this->sUser, array('Account is authenticate')); break; } catch (\Zend\Ldap\Exception\LdapException $oExp) { $oResult = new Result(Result::FAILURE_CREDENTIAL_INVALID, $this->sUser, array($oExp->getMessage())); $this->log('Could not authenticate user: '******' reason is ' . $oExp->getMessage()); } } return $oResult; }
/** * Sets the LDAP specific options on the Zend_Ldap instance * * @param Zend_Ldap $ldap * @param array $options * @return array of auth-adapter specific options */ protected function _prepareOptions(\Zend\Ldap\Ldap $ldap, array $options) { $adapterOptions = array('group' => null, 'groupDn' => $ldap->getBaseDn(), 'groupScope' => \Zend\Ldap\Ldap::SEARCH_SCOPE_SUB, 'groupAttr' => 'cn', 'groupFilter' => 'objectClass=groupOfUniqueNames', 'memberAttr' => 'uniqueMember', 'memberIsDn' => true); foreach ($adapterOptions as $key => $value) { if (array_key_exists($key, $options)) { $value = $options[$key]; unset($options[$key]); switch ($key) { case 'groupScope': $value = (int) $value; if (in_array($value, array(\Zend\Ldap\Ldap::SEARCH_SCOPE_BASE, \Zend\Ldap\Ldap::SEARCH_SCOPE_ONE, \Zend\Ldap\Ldap::SEARCH_SCOPE_SUB), true)) { $adapterOptions[$key] = $value; } break; case 'memberIsDn': $adapterOptions[$key] = $value === true || $value === '1' || strcasecmp($value, 'true') == 0; break; default: $adapterOptions[$key] = trim($value); break; } } } $ldap->setOptions($options); return $adapterOptions; }
public function testSetOptionsConnect() { $ldap = new Ldap\Ldap(); $ldap->setOptions($this->options); try { $ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored'); $this->fail('Expected exception for invalid username'); } catch (Exception\LdapException $zle) { $this->assertContains('Invalid credentials', $zle->getMessage()); } }
public function testAccountCanonization() { $options = $this->options; $ldap = new Ldap\Ldap($options); $canonDn = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Ldap\Ldap::ACCTNAME_FORM_DN); $this->assertEquals(TESTS_ZEND_LDAP_ALT_DN, $canonDn); $canonUsername = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Ldap\Ldap::ACCTNAME_FORM_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canonUsername); $canonBackslash = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Ldap\Ldap::ACCTNAME_FORM_BACKSLASH); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canonBackslash); $canonPrincipal = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canonPrincipal); $options['accountCanonicalForm'] = Ldap\Ldap::ACCTNAME_FORM_USERNAME; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountCanonicalForm'] = Ldap\Ldap::ACCTNAME_FORM_BACKSLASH; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountCanonicalForm'] = Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon); unset($options['accountCanonicalForm']); unset($options['accountDomainName']); $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon); unset($options['accountDomainNameShort']); $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountDomainName'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon); }