public static function lookup($query, $type) { $person_array = array(); $x500 = ldap_connect('ldap.utexas.edu'); $bind = ldap_bind($x500); $dn = "ou=people,dc=directory,dc=utexas,dc=edu"; $filter = "{$type}={$query}"; $ldap_result = @ldap_search($x500, $dn, $filter); $attributes = array('eid' => 'uid', 'email' => 'mail', 'name' => 'cn', 'firstname' => 'givenname', 'lastname' => 'sn', 'office' => 'utexasedupersonofficelocation', 'phone' => 'telephonenumber', 'title' => 'title', 'unit' => 'ou'); if ($ldap_result) { $entry_array = ldap_get_entries($x500, $ldap_result); for ($i = 0; $i < count($entry_array) - 1; $i++) { $person = array(); if ($entry_array[$i]) { $eid = $entry_array[$i]['uid'][0]; foreach ($attributes as $label => $att) { if (isset($entry_array[$i][$att])) { $person[$label] = $entry_array[$i][$att][0]; } else { $person[$label] = ''; } } } $person_array[] = $person; } ldap_close($x500); } return $person_array; }
public function connect() { // basic sequence with LDAP is connect, bind, search, interpret search // result, close connection $ds = ldap_connect("192.168.0.111"); // must be a valid LDAP server! if ($ds) { $r = ldap_bind($ds, "portalusr01", "tbs4portal"); // this is an "anonymous" bind, typically if (!$r) { echo "Unable to connect to LDAP server"; die; } // Search surname entry // $dn = "OU=Users,OU=PT. Monica Hijau Lestari,DC=thebodyshop,DC=co,DC=id"; $dn = "OU=Users,OU=ho-bintaro,DC=thebodyshop,DC=co,DC=id"; $filter = "(|(SN=*)(CN=*))"; $sr = ldap_search($ds, $dn, $filter); $info = ldap_get_entries($ds, $sr); $dn = "OU=user,OU=warehouse-bsd,DC=thebodyshop,DC=co,DC=id"; $filter = "(|(SN=*)(CN=*))"; $sr = ldap_search($ds, $dn, $filter); $infoDc = ldap_get_entries($ds, $sr); $this->parseUsers($info, $infoDc); ldap_close($ds); } else { echo "Unable to connect to LDAP server"; } }
private function disconnect() { if ($this->connection && is_resource($this->connection)) { ldap_close($this->connection); } $this->connection = null; }
/** * This function take user-provided login and password, and tries * an to authenticate this user using the LDAP server set in * config.php. * * @param login the login provided by the user * @param password the password provided by the user * @returns false if the authentification fails, or the username if * it succeeds. */ function validate($login, $password) { //echo "\$login : $login<br />\n"; //echo "\$password : $password<br />\n"; // Connect to the ldap server $this->connectionID = ldap_connect($this->ldapServer); // First, bind anonymously and retrieve the full DN corresponding to // the login provided by the user, as well as the user name to display. $success = ldap_bind($this->connectionID); $searchString = "(&(objectClass=person)({$this->ldapSearchAttribute}={$login}))"; $result = ldap_search($this->connectionID, $this->ldapBase, $searchString, array("dn", $this->userNameAttribute)); $entries = ldap_get_entries($this->connectionID, $result); // Keep only the first entry $userFullDN = $entries[0]["dn"]; $userNameToDisplay = $entries[0]["{$this->userNameAttribute}"][0]; // If $userNameToDisplay retrievial failed, we won't authenticate, so // set it to true to save things. if (empty($userNameToDisplay)) { $userNameToDisplay = true; } // TODO GESTION D'ERREUR ! // Now we can authenticate : Bind to the ldap server $success = ldap_bind($this->connectionID, $userFullDN, $password); ldap_close($this->connectionID); // If bind was successful, then authentification succeeded too, and return // the user name to display. if ($success == true) { return $userNameToDisplay; } else { return false; } }
function ldap_call($connection, $bind_user, $bind_pass, $filter) { $ds = ldap_connect($connection); if ($ds) { $r = ldap_bind($ds, $bind_user, $bind_pass); //$filter="(|(mail= null)(objectCategory=group))"; $sr = ldap_search($ds, "ou=LMC, dc=lamontanita, dc=local", $filter); ldap_sort($ds, $sr, "cn"); $info = ldap_get_entries($ds, $sr); //echo $info["count"] . " results returned:<p>"; /* echo "<table id='ldaptable' border=1><tr><th>Name</th><th>E-mail</th></tr>"; for ($i=0; $i<$info["count"]; $i++) { if($info[$i]["mail"][0]!=null){ echo "<td>". $info[$i]["cn"][0] . "</td>"; echo "<td>" . $info[$i]["mail"][0] . "</td></tr>"; } } echo "</table>";*/ echo '<pre>'; print_r($info); return $info; ldap_close($ds); } else { echo "<h4>LDAP_CALL unable to connect to LDAP server</h4>"; } }
/** * Closing the connection */ function close() { if ($this->_connection !== null) { ldap_close($this->_connection); $this->_connection = null; } }
/** * Authenticates a user to LDAP * * @param $username * @param $password * @param bool|false $returnUser * @return bool true if the username and/or password provided are valid * false if the username and/or password provided are invalid * array of ldap_attributes if $returnUser is true */ function ldap($username, $password, $returnUser = false) { $ldaphost = Setting::getSettings()->ldap_server; $ldaprdn = Setting::getSettings()->ldap_uname; $ldappass = Crypt::decrypt(Setting::getSettings()->ldap_pword); $baseDn = Setting::getSettings()->ldap_basedn; $filterQuery = Setting::getSettings()->ldap_auth_filter_query . $username; $ldapversion = Setting::getSettings()->ldap_version; // Connecting to LDAP $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}"); // Needed for AD ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldapversion); try { if ($connection) { // binding to ldap server $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass); if (($results = @ldap_search($connection, $baseDn, $filterQuery)) != false) { $entry = ldap_first_entry($connection, $results); if (($userDn = @ldap_get_dn($connection, $entry)) !== false) { if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") { return $returnUser ? array_change_key_case(ldap_get_attributes($connection, $entry), CASE_LOWER) : true; } } } } } catch (Exception $e) { LOG::error($e->getMessage()); } ldap_close($connection); return false; }
public function close() { if ($this->handle && !$this->data_result) { ldap_close($this->handle); } $this->conn_open = false; }
private function getOrganizations() { // Common functions $common = new common(); // Ldap Connections $ldap = $common->ldapConnect($this->ldap_host, $this->ldap_root_dn, $this->ldap_root_pw); if ($ldap) { $filter = "objectClass=organizationalUnit"; $justthese = array("ou"); $search = ldap_list($ldap, $this->ldap_context, $filter, $justthese); $entry = ldap_get_entries($ldap, $search); } if ($entry['count'] > 0) { foreach ($entry as $tmp) { if ($tmp['ou'][0] != "") { $result_ou[] = $tmp['ou'][0]; } } } else { $result_ou[] = $this->ldap_context; } natcasesort($result_ou); ldap_close($ldap); return $result_ou ? $result_ou : ''; }
function is_prof($login) { global $ldap_server, $ldap_port, $dn; global $error; $error = ""; $filter = "(&(cn=profs*)(memberUid={$login}))"; $ldap_groups_attr = array("cn", "memberUid"); /*-----------------------------------------------------*/ $ds = @ldap_connect($ldap_server, $ldap_port); if ($ds) { $r = @ldap_bind($ds); if (!$r) { $error = "Echec du bind anonyme"; } else { // Recherche du groupe d'appartenance de l'utilisateur connecte $result = @ldap_list($ds, $dn["groups"], $filter, $ldap_groups_attr); if ($result) { $info = @ldap_get_entries($ds, $result); if ($info["count"]) { $is_prof = true; } else { $is_prof = false; } } } } @ldap_unbind($ds); @ldap_close($ds); return $is_prof; }
/** * * Verifies a username handle and password. * * @return mixed An array of verified user information, or boolean false * if verification failed. * * */ protected function _processLogin() { // connect $conn = @ldap_connect($this->_config['uri']); // did the connection work? if (!$conn) { throw $this->_exception('ERR_CONNECTION_FAILED', $this->_config); } // upgrade to LDAP3 when possible @ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // filter the handle to prevent LDAP injection $regex = '/[^' . $this->_config['filter'] . ']/'; $this->_handle = preg_replace($regex, '', $this->_handle); // bind to the server $rdn = sprintf($this->_config['format'], $this->_handle); $bind = @ldap_bind($conn, $rdn, $this->_passwd); // did the bind succeed? if ($bind) { ldap_close($conn); return array('handle' => $this->_handle); } else { $this->_err = @ldap_errno($conn) . " " . @ldap_error($conn); ldap_close($conn); return false; } }
function checkAdLoginAuth($user_id, $login_passwd) { //接続開始 $ldap_conn = ldap_connect(LDAP_HOST_1, LDAP_PORT); if (!$ldap_conn) { $ldap_conn = ldap_connect("ldaps://" . LDAP_HOST_2); } else { print_r("OK" . PHP_EOL); } if (!$ldap_conn) { Debug_Trace("接続失敗"); return false; } if ($ldap_conn) { ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3); $ldap_bind = ldap_bind($ldap_conn, "CN=" . $user_id . "," . LDAP_DN, $login_passwd); if ($ldap_bind) { Debug_Trace("ADの認証に成功しました", 3); return true; } else { Debug_Trace("ADの認証に失敗しました", 3); Debug_Trace($user_id, 3); return false; } } else { Debug_Trace('ADサーバへの接続に失敗しました'); return false; } ldap_close($ldap_conn); return true; }
function DoTest($testname, $param, $hostname, $timeout, $params) { global $NATS; $url = $params[0]; $bind = $params[1]; $pasw = $params[2]; $base = $params[3]; $filter = $params[4]; $ds = ldap_connect($url); if (!$ds) { return -2; } $ldap = $bind && $pasw ? ldap_bind($ds, $bind, $pasw) : ldap_bind($ds); if (!$ldap) { return -1; } if ($base && $filter) { $search = ldap_search($ds, $base, $filter); $val = ldap_count_entries($ds, $search); } else { $val = 1; } ldap_close($ds); return $val; }
function ldap_auth() { $ldap_server = 'ldap://127.0.0.1/'; $ldap_domain = 'dc=rugion,dc=ru'; //$ldap_userbase = 'ou=users,ou=chelyabinsk,' . $ldap_domain; //$ldap_user = '******' . $_SERVER['PHP_AUTH_USER'] . ',' . $ldap_userbase; $ldap_user = '******'; $ldap_pass = $_SERVER['PHP_AUTH_PW']; $ldapconn_s = ldap_connect($ldap_server) or die("Could not connect to LDAP server."); ldap_set_option($ldapconn_s, LDAP_OPT_PROTOCOL_VERSION, 3); if ($ldapconn_s) { $ldapbind_s = @ldap_bind($ldapconn_s); $result = ldap_search($ldapconn_s, $ldap_domain, "(&(uid=" . $_SERVER['PHP_AUTH_USER'] . ")(objectClass=sambaSamAccount)(!(sambaAcctFlags=[DU ])))"); $info = ldap_get_entries($ldapconn_s, $result); $ldap_user = $info[0]["dn"]; } ldap_close($ldapconn_s); // connect to ldap server $ldapconn = ldap_connect($ldap_server) or die("Could not connect to LDAP server."); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); if ($ldapconn) { // try to bind/authenticate against ldap $ldapbind = @ldap_bind($ldapconn, $ldap_user, $ldap_pass) || forbidden(); // "LDAP bind successful..."; error_log("success: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER']); } ldap_close($ldapconn); }
function _encrypt($str_userpswd) { echo '<h3>Prueba de consulta LDAP</h3>'; echo 'Conectando ...'; $ds = ldap_connect('localhost'); echo 'El resultado de la conexión es ' . $ds . '<p>'; if ($ds) { echo 'Autentificándose ...'; $r = ldap_bind($ds); echo 'El resultado de la autentificación es ' . $r . '<p>'; echo 'Buscando (sn=P*) ...'; $sr = ldap_search($ds, 'o=halys, c=halys', 'sn=h*'); echo 'El resultado de la búsqueda es ' . $sr . '<p>'; echo 'El número de entradas devueltas es ' . ldap_count_entries($ds, $sr) . '<p>'; echo 'Recuperando entradas ...<p>'; $info = ldap_get_entries($ds, $sr); echo 'Devueltos datos de ' . $info['count'] . ' entradas:<p>'; for ($i = 0; $i < $info['count']; $i++) { echo 'dn es: ' . $info[$i]['dn'] . '<br>'; echo 'La primera entrada cn es: ' . $info[$i]['cn'][0] . '<br>'; } echo 'Cerrando conexión'; ldap_close($ds); } else { echo '<h4>Ha sido imposible conectar al servidor LDAP</h4>'; } }
function search_uidspip ($filter,$ldap_server, $ldap_port, $dn) { global $ldap_grp_attr; // LDAP attributs $ldap_grp_attr = array ( "cn", "memberuid" ); $ds = @ldap_connect ( $ldap_server, $ldap_port ); if ( $ds ) { $r = @ldap_bind ( $ds ); // Bind anonyme if ($r) { $result=@ldap_list ($ds, $dn["groups"], $filter, $ldap_grp_attr); if ($result) { $info = ldap_get_entries( $ds, $result ); if ($info["count"]) { // Stockage des logins des membres des classes // dans le tableau $ret $init=0; for ($loop=0; $loop < $info["count"]; $loop++) { $group=split ("[\_\]",$info[$loop]["cn"][0],2); for ( $i = 0; $i < $info[$loop]["memberuid"]["count"]; $i++ ) { $ret[$init]["uid"] = $info[$loop]["memberuid"][$i]; $ret[$init]["cat"] = $group[0]; $init++; } } } ldap_free_result ( $result ); } } @ldap_close ( $ds ); } return $ret; }
/** * Disconnect */ public function disconnect() { \GO::debug("LDAP::disconnect()"); if ($this->_link) { ldap_close($this->_link); } }
function __destruct() { if ($this->ds) { @ldap_close($this->ds); $this->root_binded = FALSE; } }
function my_session_login($username, $password) { $domain = $GLOBALS['config']['my_ad_domain']; if (strpos($username, "\\")) { list($domain, $username) = explode("\\", $username, 2); } $domain = preg_replace("/[^0-9A-Za-z \\-\\.]/", "", $domain); $username = preg_replace("/[^0-9A-Za-z \\-\\.]/", "", $username); $ldap = ldap_connect($GLOBALS['config']['my_ad_server']); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); $bind = @ldap_bind($ldap, $domain . "\\" . $username, $password); if (!$bind) { show_error("Invalid username and/or password."); } $result = ldap_search($ldap, $GLOBALS['config']['my_ad_basedn'], "(sAMAccountName={$username})"); $info = ldap_get_entries($ldap, $result); @ldap_close($ldap); if ($info['count'] != 1) { show_error("Account not found."); } $_SESSION['username'] = my_encrypt($info[0]["samaccountname"][0]); $_SESSION['fullname'] = my_encrypt($info[0]["displayname"][0]); $_SESSION['last_seen'] = my_encrypt(time()); $_SESSION['user_agent'] = my_encrypt($_SERVER['HTTP_USER_AGENT']); $action = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '/'; header("Location: " . $action); }
public function __construct($userKey) { $config = new Configuration(); //try to connect to ldap if the settings are entered if ($config->ldap->host) { //If you are using OpenLDAP 2.x.x you can specify a URL instead of the hostname. To use LDAP with SSL, compile OpenLDAP 2.x.x with SSL support, configure PHP with SSL, and set this parameter as ldaps://hostname/. //note that connect happens regardless if host is valid $ds = ldap_connect($config->ldap->host); //may need ldap_bind( $ds, $username, $password ) $bd = ldap_bind($ds) or die("<br /><h3>" . _("Could not connect to ") . $config->ldap->host . "</h3>"); if ($bd) { $filter = $config->ldap->search_key . "=" . $userKey; $sr = ldap_search($ds, $config->ldap->base_dn, $filter); if ($entries = ldap_get_entries($ds, $sr)) { $entry = $entries[0]; $fieldNames = array('fname', 'lname', 'email', 'phone', 'department', 'title', 'address'); foreach ($fieldNames as $fieldName) { $configName = $fieldName . '_field'; $this->{$fieldName} = $entry[$config->ldap->{$configName}][0]; } $this->fullname = addslashes($this->fname . ' ' . $this->lname); } ldap_close($ds); } } }
function auth_ldap($uid, $pwd) { global $ldap_accessible, $charset, $ldap_encoding_utf8; if (!$ldap_accessible) { return 0; } $ret = 0; if ($pwd) { //Gestion encodage if ($ldap_encoding_utf8 && $charset != "utf-8") { $uid = utf8_encode($uid); $pwd = utf8_encode($pwd); } elseif (!$ldap_encoding_utf8 && $charset == "utf-8") { $uid = utf8_decode($uid); $pwd = utf8_decode($pwd); } $dn = str_replace('UID', $uid, LDAP_BINDDN); $conn = @ldap_connect(LDAP_SERVER, LDAP_PORT); // must be a valid LDAP server! ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTO); if ($conn) { $ret = @ldap_bind($conn, $dn, $pwd); ldap_close($conn); } } return $ret; }
function get_ldap_cn($user, $debug = 0) { try { if (!($ds = get_ldap_connection())) { throw new Exception('Unable to connect to LDAP Server'); } $dn = "mail={$user}, o=com, dc=mozilla"; //the object itself instead of the top search level as in ldap_search $filter = "(objectclass=inetOrgPerson)"; // this command requires some filter $justthese = array("cn"); //the attributes to pull, which is much more efficient than pulling all attributes if you don't do this if (!($sr = ldap_read($ds, $dn, $filter, $justthese))) { throw new Exception('Incorrect Username or filter'); } if (!($entry = ldap_get_entries($ds, $sr))) { throw new Exception('Unable to find LDAP entry for ' . $user); } if ($debug != 0) { echo $entry[0]["cn"][0] . " is the name in LDAP for " . $user; } ldap_close($ds); return $entry[0]["cn"][0]; } catch (Exception $e) { echo 'Oops! I countered the following error: ', $e->getMessage(), "\n"; } }
/** * Authenticates a user to LDAP * * @return true if the username and/or password provided are valid * false if the username and/or password provided are invalid * */ function ldap($username, $password) { $ldaphost = Config::get('ldap.url'); $ldaprdn = Config::get('ldap.username'); $ldappass = Config::get('ldap.password'); $baseDn = Config::get('ldap.basedn'); $filterQuery = Config::get('ldap.authentication.filter.query') . $username; // Connecting to LDAP $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}"); // Needed for AD ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); try { if ($connection) { // binding to ldap server $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass); if (($results = @ldap_search($connection, $baseDn, $filterQuery)) !== false) { $entry = ldap_first_entry($connection, $results); if (($userDn = @ldap_get_dn($connection, $entry)) !== false) { if (($isBound = ldap_bind($connection, $userDn, $password)) == "true") { return true; } } } } } catch (Exception $e) { LOG::error($e->getMessage()); } ldap_close($connection); return false; }
function get_ldap_members($group, $user, $password) { global $ldap_host; global $ldap_dn; $LDAPFieldsToFind = array("member"); print "{$ldap_host} {$ldap_dn}\n"; $ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP"); // OPTIONS TO AD ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP"); //check if group is just a name or an ldap string $group_cn = preg_match("/cn=/i", $group) ? $group : "cn={$group}"; $results = ldap_search($ldap, $ldap_dn, $group_cn, $LDAPFieldsToFind); $member_list = ldap_get_entries($ldap, $results); $group_member_details = array(); if (is_array($member_list[0])) { foreach ($member_list[0] as $list) { if (is_array($list)) { foreach ($list as $member) { $member_dn = explode_dn($member); $member_cn = str_replace("CN=", "", $member_dn[0]); $member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")"); $member_details = ldap_get_entries($ldap, $member_search); $group_member_details[] = array($member_details[0]['samaccountname'][0], $member_details[0]['displayname'][0], $member_details[0]['useraccountcontrol'][0]); } } } } ldap_close($ldap); array_shift($group_member_details); return $group_member_details; ldap_unbind($ldap); }
function ad_test() { global $ad_conn; if (!$ad_conn) { $ad_host = variable_get('adsync_server_ad'); $ad_conn = ldap_connect($ad_host, 389); } ldap_set_option($ad_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ad_conn, LDAP_OPT_REFERRALS, 0); if ($ad_conn) { $ad_user = variable_get('adsync_server_ad_admin'); $ad_pass = variable_get('adsync_server_ad_pass'); $ad_bind = ldap_bind($ad_conn, $ad_user, $ad_pass); if ($ad_bind) { ldap_close($ad_conn); $ad_conn = ad_admin(); if (empty($ad_conn)) { return 3; } else { return 0; } } else { return 2; } } else { return 1; } }
function checkldapuser($username, $password) { require 'config.php'; $username = strtolower($username); $connect = ldap_connect($ldapServer); if ($connect != false) { ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // enlace a la conexión $bind = ldap_bind($connect, $usrLDAP, $pwdLDAP); if ($bind == false) { $mensajeError = "Falla la conexión con el servidor LDAP con el usuario \n{$usrLDAP}"; return $mensajeError; } // active directory - pch $bind = @ldap_bind($connect, "{$campoBusqLDAP}=" . $username . ",{$cadenaBusqLDAP}", $password); if ($bind == false) { $mensajeError = "Usuario o contraseña incorrecta"; return $mensajeError; } // busca el usuario - pch if (($res_id = ldap_search($connect, $cadenaBusqLDAP, "{$campoBusqLDAP}=" . $username)) == false) { $mensajeError = "No encontrado el usuario en el LDAP"; return $mensajeError; } $cant = ldap_count_entries($connect, $res_id); if ($cant == 0) { $mensajeError = "El usuario {$username} NO se encuentra en el A.D. {$bind} HLPHLP"; return $mensajeError; } if ($cant > 1) { $mensajeError = "El usuario {$username} se encuentra {$cant} veces en el A.D."; return $mensajeError; } $entry_id = ldap_first_entry($connect, $res_id); if ($entry_id == false) { $mensajeError = "No se obtuvieron resultados"; return $mensajeError; } if (($user_dn = ldap_get_dn($connect, $entry_id)) == false) { $mensajeError = "No se puede obtener el dn del usuario"; return $mensajeError; } error_reporting(0); /* Autentica el usuario */ if (($link_id = ldap_bind($connect, "{$user_dn}", $password)) == false) { error_reporting(0); $mensajeError = "USUARIO O CONTRASEÑA INCORRECTOS"; return $mensajeError; } return ''; @ldap_close($connect); } else { $mensajeError = "no hay conexión a '{$ldap_server}'"; return $mensajeError; } @ldap_close($connect); return false; }
/** * LDAP storage handler * @return bool * @param $id string * @param $pw string **/ protected function _ldap($id, $pw) { $dc = @ldap_connect($this->args['dc']); if ($dc && ldap_set_option($dc, LDAP_OPT_PROTOCOL_VERSION, 3) && ldap_set_option($dc, LDAP_OPT_REFERRALS, 0) && ldap_bind($dc, $this->args['rdn'], $this->args['pw']) && ($result = ldap_search($dc, $this->args['base_dn'], 'uid=' . $id)) && ldap_count_entries($dc, $result) && ($info = ldap_get_entries($dc, $result)) && @ldap_bind($dc, $info[0]['dn'], $pw) && @ldap_close($dc)) { return $info[0]['uid'][0] == $id; } user_error(self::E_LDAP, E_USER_ERROR); }
function __construct($username, $password) { $this->authenticated = false; $this->expirydate = 0; $this->error = null; /* Connect to LDAP */ $ldap = ldap_connect(LDAP_HOST, LDAP_PORT); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); /* Retry bind up to 10 times. */ for ($i = 0; $i < 10 && !($rv = @ldap_bind($ldap)); $i++) { sleep(1); } if (!$rv) { $this->error = "Anonymous bind failed"; return; } /* Look for the user */ $res = ldap_search($ldap, LDAP_BASE, "(&(objectclass=posixAccount)(uid=" . $this->ldap_escape($_POST['username']) . "))"); $entries = ldap_get_entries($ldap, $res); if ($entries['count'] != 1) { $this->error = "Incorrect entry count"; return; } /* Close the old LDAP connection */ ldap_close($ldap); unset($ldap); /* Reconnect and bind as supplied user */ $ldap = ldap_connect(LDAP_HOST, LDAP_PORT); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); for ($i = 0; $i < 10 && !($rv = @ldap_bind($ldap, $entries[0]['dn'], $_POST['password'])); $i++) { sleep(1); } if (!$rv) { $this->error = "Failed to bind as user."; return; } /* Check if the user has the right attributes */ $res = ldap_search($ldap, LDAP_BASE, "(&(objectclass=posixAccount)(uid=" . $this->ldap_escape($_POST['username']) . "))"); $entries = ldap_get_entries($ldap, $res); if ($entries['count'] != 1) { $this->error = "Incorrect entry count"; return; } if (!in_array("schacuserstatus", $entries[0]) || !in_array("urn:mace:terena.org:schac:userStatus:nikhef.nl:affiliation:active", $entries[0]['schacuserstatus'])) { $this->error = "User is not active."; return; } if (!in_array("edupersonaffiliation", $entries[0]) || !in_array("member", $entries[0]['edupersonaffiliation'])) { $this->error = "User is not a member."; return; } if (!in_array("schacexpirydate", $entries[0]) || !($ts = strptime($entries[0]['schacexpirydate'][0], "%Y%m%d%H%M%SZ")) || !($expiry_date = gmmktime($ts['tm_hour'], $ts['tm_min'], $ts['tm_sec'], $ts['tm_mon'] + 1, $ts['tm_mday'], $ts['tm_year'] + 1900))) { $this->error = "User has invalid expiry date"; return; } $this->authenticated = true; $this->expiry_date = $expiry_date; }
function kill_ldap() { global $ldapcon, $ldapstatus; if (!$ldapstatus) { return; } $ldapstatus = false; ldap_close($ldapcon); }
function close() { if ($this->isConnected()) { ldap_close($this->_ldap_server); $this->_ldap_server = null; $this->_ldap_bind = null; $this->_ldap_search = null; } }