/**
* lookup the user's realname
*
* @param integer $p_user_id A valid user identifier.
* @return string
*/
function user_get_realname($p_user_id)
{
$t_realname = '';
if (LDAP == config_get('login_method') && ON == config_get('use_ldap_realname')) {
$t_realname = ldap_realname($p_user_id);
}
if (is_blank($t_realname)) {
$t_realname = user_get_field($p_user_id, 'realname');
}
return $t_realname;
}
/**
* Authenticates an user via LDAP given the username and password.
*
* @param string $p_username The user name.
* @param string $p_password The password.
* @return true: authenticated, false: failed to authenticate.
*/
function ldap_authenticate_by_username($p_username, $p_password)
{
if (ldap_simulation_is_enabled()) {
log_event(LOG_LDAP, "Authenticating via LDAP simulation");
$t_authenticated = ldap_simulation_authenticate_by_username($p_username, $p_password);
} else {
$c_username = ldap_escape_string($p_username);
$t_ldap_organization = config_get('ldap_organization');
$t_ldap_root_dn = config_get('ldap_root_dn');
$t_ldap_uid_field = config_get('ldap_uid_field', 'uid');
$t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$c_username}))";
$t_search_attrs = array($t_ldap_uid_field, 'dn');
# Bind
log_event(LOG_LDAP, "Binding to LDAP server");
$t_ds = ldap_connect_bind();
if ($t_ds === false) {
ldap_log_error($t_ds);
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
# Search for the user id
log_event(LOG_LDAP, "Searching for {$t_search_filter}");
$t_sr = ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs);
if ($t_sr === false) {
ldap_log_error($t_ds);
ldap_unbind($t_ds);
log_event(LOG_LDAP, "ldap search failed");
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
$t_info = @ldap_get_entries($t_ds, $t_sr);
if ($t_info === false) {
ldap_log_error($t_ds);
ldap_free_result($t_sr);
ldap_unbind($t_ds);
trigger_error(ERROR_LDAP_AUTH_FAILED, ERROR);
}
$t_authenticated = false;
if ($t_info['count'] > 0) {
# Try to authenticate to each until we get a match
for ($i = 0; $i < $t_info['count']; $i++) {
$t_dn = $t_info[$i]['dn'];
log_event(LOG_LDAP, "Checking {$t_info[$i]['dn']}");
# Attempt to bind with the DN and password
if (@ldap_bind($t_ds, $t_dn, $p_password)) {
$t_authenticated = true;
break;
}
}
} else {
log_event(LOG_LDAP, "No matching entries found");
}
log_event(LOG_LDAP, "Unbinding from LDAP server");
ldap_free_result($t_sr);
ldap_unbind($t_ds);
}
# If user authenticated successfully then update the local DB with information
# from LDAP. This will allow us to use the local data after login without
# having to go back to LDAP. This will also allow fallback to DB if LDAP is down.
if ($t_authenticated) {
$t_user_id = user_get_id_by_name($p_username);
if (false !== $t_user_id) {
$t_fields_to_update = array('password' => md5($p_password));
if (ON == config_get('use_ldap_realname')) {
$t_fields_to_update['realname'] = ldap_realname($t_user_id);
}
if (ON == config_get('use_ldap_email')) {
$t_fields_to_update['email'] = ldap_email_from_username($p_username);
}
user_set_fields($t_user_id, $t_fields_to_update);
}
log_event(LOG_LDAP, "User '{$p_username}' authenticated");
} else {
log_event(LOG_LDAP, "Authentication failed");
}
return $t_authenticated;
}
