/**
* Connect and bind to ldap server.
*
* @throws Ingo_Exception
*/
protected function _connect()
{
if (!($ldapcn = @ldap_connect($this->_params['hostspec'], $this->_params['port']))) {
throw new Ingo_Exception(_("Connection failure"));
}
/* Set the LDAP protocol version. */
if (!empty($this->_params['version'])) {
@ldap_set_option($ldapcn, LDAP_OPT_PROTOCOL_VERSION, $this->_params['version']);
}
/* Start TLS if we're using it. */
if (!empty($this->_params['tls']) && !@ldap_start_tls($ldapcn)) {
throw new Ingo_Exception(sprintf(_("STARTTLS failed: (%s) %s"), ldap_errno($ldapcn), ldap_error($ldapcn)));
}
/* Bind to the server. */
if (isset($this->_params['bind_dn'])) {
$bind_dn = $this->_substUser($this->_params['bind_dn']);
$password = isset($this->_params['bind_password']) ? $this->_params['bind_password'] : $this->_params['password'];
$bind_success = @ldap_bind($ldapcn, $bind_dn, $password);
} else {
$bind_success = @ldap_bind($ldapcn);
}
if ($bind_success) {
return $ldapcn;
}
throw new Ingo_Exception(sprintf(_("Bind failed: (%s) %s"), ldap_errno($ldapcn), ldap_error($ldapcn)));
}
public function __construct()
{
$this->ldap = ldap_connect(QACASConfig::$ldap_server);
if (!$this->ldap) {
throw new LDAPException('ldap_connect() failed');
}
if (!ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3)) {
throw new LDAPException('ldap_set_option(PROTOCOL) failed', $this->ldap);
}
if (!ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, false)) {
throw new LDAPException('ldap_set_option(REFERRALS) failed', $this->ldap);
}
if (QACASConfig::$ldap_starttls) {
if (!ldap_start_tls($this->ldap)) {
throw new LDAPException('ldap_start_tls() failed', $this->ldap);
}
}
if (QACASConfig::$ldap_bind_dn) {
if (!ldap_bind($this->ldap, QACASConfig::$ldap_bind_dn, QACASConfig::$ldap_bind_pass)) {
throw new LDAPException('ldap_bind() failed', $this->ldap);
}
} else {
if (!ldap_bind($this->ldap, QACASConfig::$ldap_bind_dn, QACASConfig::$ldap_bind_pass)) {
throw new LDAPException('ldap_bind() failed', $this->ldap);
}
}
}
/**
* Initiate LDAP connection.
*
* Not done in __construct(), only when a read or write action is
* necessary.
*/
protected function _connect()
{
if ($this->_ds) {
return;
}
if (!($this->_ds = @ldap_connect($this->_params['server'], $this->_params['port']))) {
throw new Turba_Exception(_("Connection failure"));
}
/* Set the LDAP protocol version. */
if (!empty($this->_params['version'])) {
@ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->_params['version']);
}
/* Set the LDAP deref option for dereferencing aliases. */
if (!empty($this->_params['deref'])) {
@ldap_set_option($this->_ds, LDAP_OPT_DEREF, $this->_params['deref']);
}
/* Set the LDAP referrals. */
if (!empty($this->_params['referrals'])) {
@ldap_set_option($this->_ds, LDAP_OPT_REFERRALS, $this->_params['referrals']);
}
/* Start TLS if we're using it. */
if (!empty($this->_params['tls']) && !@ldap_start_tls($this->_ds)) {
throw new Turba_Exception(sprintf(_("STARTTLS failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds)));
}
/* Bind to the server. */
if (isset($this->_params['bind_dn']) && isset($this->_params['bind_password'])) {
$error = !@ldap_bind($this->_ds, $this->_params['bind_dn'], $this->_params['bind_password']);
} else {
$error = !@ldap_bind($this->_ds);
}
if ($error) {
throw new Turba_Exception(sprintf(_("Bind failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds)));
}
}
private function _connectLDAP()
{
global $conf;
# Connect to LDAP
$this->ldap = ldap_connect($conf->auth_ldap->url);
ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, 0);
if ($conf->auth_ldap->starttls && !ldap_start_tls($this->ldap)) {
error_log("LDAP - Unable to use StartTLS");
return false;
} else {
# Bind
if (isset($conf->auth_ldap->binddn) && isset($conf->auth_ldap->bindpw)) {
$bind = ldap_bind($this->ldap, $conf->auth_ldap->binddn, $conf->auth_ldap->bindpw);
} else {
$bind = ldap_bind($this->ldap);
}
$errno = ldap_errno($this->ldap);
if ($errno) {
error_log("LDAP - Bind error {$errno} (" . ldap_error($this->ldap) . ")");
error_log("LDAP - Cannot bind with user " . $conf->auth_ldap->binddn . " and " . $conf->auth_ldap->bindpw);
return false;
}
}
return true;
}
private function connect()
{
$host = $this->params['host'];
if (isset($this->params['useSsl']) && (bool) $this->params['useSsl']) {
$host = 'ldaps://' . $host;
}
$ress = @ldap_connect($host, $this->params['port']);
if (isset($this->params['useStartTls']) && (bool) $this->params['useStartTls']) {
ldap_start_tls($ress);
}
if (isset($this->params['version']) && $this->params['version'] !== null) {
ldap_set_option($ress, LDAP_OPT_PROTOCOL_VERSION, $this->params['version']);
}
if (isset($this->params['optReferrals']) && $this->params['optReferrals'] !== null) {
ldap_set_option($ress, LDAP_OPT_REFERRALS, $this->params['optReferrals']);
}
if (isset($this->params['username']) && $this->params['version'] !== null) {
if (!isset($this->params['password'])) {
throw new \Exception('You must uncomment password key');
}
$bindress = @ldap_bind($ress, $this->params['username'], $this->params['password']);
if (!$bindress) {
throw new \Exception('The credentials you have configured are not valid');
}
} else {
$bindress = @ldap_bind($ress);
if (!$bindress) {
throw new \Exception('Unable to connect Ldap');
}
}
$this->ldap_res = $ress;
}
function ldap_init()
{
global $ds, $config;
if (!is_resource($ds)) {
print_debug("LDAP[Connecting to " . implode(",", $config['auth_ldap_server']) . "]");
$ds = @ldap_connect(implode(",", $config['auth_ldap_server']), $config['auth_ldap_port']);
print_debug("LDAP[Connected]");
if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) {
$tls = ldap_start_tls($ds);
if ($config['auth_ldap_starttls'] == 'require' && $tls == FALSE) {
session_logout();
print_error("Fatal error: LDAP TLS required but not successfully negotiated [" . ldap_error($ds) . "]");
exit;
}
}
if ($config['auth_ldap_referrals']) {
ldap_set_option($ds, LDAP_OPT_REFERRALS, $config['auth_ldap_referrals']);
print_debug("LDAP[Referrals][Set to " . $config['auth_ldap_referrals'] . "]");
} else {
ldap_set_option($ds, LDAP_OPT_REFERRALS, FALSE);
print_debug("LDAP[Referrals][Disabled]");
}
if ($config['auth_ldap_version']) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']);
print_debug("LDAP[Version][Set to " . $config['auth_ldap_version'] . "]");
}
}
}
/**
* Creates a secure LDAP connection to the University's LDAP server.
* This is done by authenticating as a current student.
* @param string $uid The student's NetID.
* @param string $password The student's password for their NetID.
*/
public function __construct($uid, $password)
{
if (!putenv('LDAPTLS_CACERTDIR=' . UniversityLdap::CA_CERT_DIR)) {
trigger_error('Unable to set TLS certificate directory.', E_USER_WARNING);
}
$this->dn = "uid={$uid}," . UniversityLdap::NETID_DN_BASE;
$this->log('Connecting to University LDAP.');
$this->connection = ldap_connect(UniversityLdap::NETID_SERVER);
if (!$this->connection) {
throw new Exception('Unable to open connection to University LDAP.');
}
ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->connection, LDAP_OPT_X_TLS_CACERTDIR, UniversityLdap::CA_CERT_DIR);
//
// Output more LDAP information when debugging
if (self::DEBUG) {
ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
}
if (!ldap_start_tls($this->connection)) {
$this->trigger_ldap_error();
throw new Exception('Unable to start TLS Encryption for University LDAP connection.');
}
$this->log('Binding to University LDAP.');
if (!@ldap_bind($this->connection, $this->dn, $password)) {
$this->trigger_ldap_error();
throw new RuntimeException('Unable to bind to University LDAP. Bad username/password?');
}
}
public function __construct($host = UL_LDAP_DEFAULT_HOST, $port = UL_LDAP_DEFAULT_PORT, $enc = UL_LDAP_DEFAULT_ENCRYPTION)
{
$constr = "{$host}:{$port}";
if ($enc == 'SSL') {
if (!ulUtils::BeginsWith($host, 'ldaps:')) {
$constr = "ldaps://{$constr}";
}
} else {
if (!ulUtils::BeginsWith($host, 'ldaps:')) {
$constr = "ldap://{$constr}";
}
}
$this->con = ldap_connect($constr, $port);
if ($this->con === false) {
return;
}
if (!ldap_set_option($this->con, LDAP_OPT_PROTOCOL_VERSION, 3)) {
$this->Fail();
}
if (!ldap_set_option($this->con, LDAP_OPT_REFERRALS, 0)) {
$this->Fail();
}
if ($enc == 'TLS' && !ldap_start_tls($this->con)) {
$this->Fail();
}
}
/**
* Makes a connection to LDAP using the settings in Admin > Settings.
*
* @author [A. Gianotto] [<*****@*****.**>]
* @since [v3.0]
* @return connection
*/
public static function connectToLdap()
{
$ldap_host = Setting::getSettings()->ldap_server;
$ldap_version = Setting::getSettings()->ldap_version;
$ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore;
$ldap_use_tls = Setting::getSettings()->ldap_tls;
// If we are ignoring the SSL cert we need to setup the environment variable
// before we create the connection
if ($ldap_server_cert_ignore == '1') {
putenv('LDAPTLS_REQCERT=never');
}
// If the user specifies where CA Certs are, make sure to use them
if (env("LDAPTLS_CACERT")) {
putenv("LDAPTLS_CACERT=" . env("LDAPTLS_CACERT"));
}
$connection = @ldap_connect($ldap_host);
if (!$connection) {
throw new Exception('Could not connect to LDAP server at ' . $ldap_host . '. Please check your LDAP server name and port number in your settings.');
}
// Needed for AD
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version);
if ($ldap_use_tls == '1') {
ldap_start_tls($connection);
}
return $connection;
}
public function connect()
{
// connection already established
if ($this->ds) {
return true;
}
$this->bound = 0;
if (!($this->ds = ldap_connect($this->cnf['host'], $this->cnf['port']))) {
error('LDAP: couldn\'t connect to LDAP server.');
return false;
}
// set protocol version and dependend options
if ($this->cnf['version']) {
if (!ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->cnf['version'])) {
error('Setting LDAP Protocol version ' . $this->cnf['version'] . ' failed.');
} else {
// use TLS (needs version 3)
if (isset($this->cnf['starttls']) && !ldap_start_tls($this->ds)) {
error('Starting TLS failed.');
}
// needs version 3
if (!zbx_empty($this->cnf['referrals']) && !ldap_set_option($this->ds, LDAP_OPT_REFERRALS, $this->cnf['referrals'])) {
error('Setting LDAP referrals to off failed.');
}
}
}
// set deref mode
if (isset($this->cnf['deref']) && !ldap_set_option($this->ds, LDAP_OPT_DEREF, $this->cnf['deref'])) {
error('Setting LDAP Deref mode ' . $this->cnf['deref'] . ' failed.');
}
return true;
}
function ldap_getCnx($server_id = null)
{
global $ldap_server;
if (is_null($server_id)) {
return False;
} else {
if ($ldap_server[$server_id]['protoversion'] == 'ldapv3' && $ldap_server[$server_id]['encrypt'] != 'ldaps') {
$ds = ldap_connect($ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$ldap_server[$server_id]['referrals']) {
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
}
if ($ldap_server[$server_id]['encrypt'] == 'start-tls') {
ldap_start_tls($ds);
}
} elseif ($ldap_server[$server_id]['protoversion'] == 'ldapv2') {
if ($ldap_server[$server_id]['encrypt'] == 'ldaps') {
$ds = ldap_connect("ldaps://" . $ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']);
} else {
$ds = ldap_connect($ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']);
}
if (!$ldap_server[$server_id]['referrals']) {
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
}
}
return $ds;
}
}
/**
*
*
* @param string $username
* @param string $password
* @param string $company_file
* @param integer $wait_before_next_update
* @param integer $min_run_every_n_seconds
* @return boolean
*/
public function authenticate($username, $password, &$company_file, &$wait_before_next_update, &$min_run_every_n_seconds)
{
if (!strlen(trim($username)) or !strlen(trim($password))) {
return false;
}
if ($ds = ldap_connect($this->_ldap_host, $this->_ldap_port)) {
if ($this->_ldap_version) {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, (int) $this->_ldap_version)) {
return false;
}
}
if ($this->_ldap_tls) {
if (!ldap_start_tls($ds)) {
return false;
}
}
if ($r = ldap_search($ds, $this->_ldap_basedn, $this->_ldap_attribute . '=' . $username)) {
$entries = ldap_get_entries($ds, $r);
if (!empty($entries[0])) {
return @ldap_bind($ds, $entries[0]['dn'], $password);
}
}
}
return false;
}
public function authenticateLdap()
{
if (!($settings = YumSettings::model()->find('is_active'))) {
throw new ExceptionClass('No active YUM-Settings profile found');
}
$ds = @ldap_connect($settings->ldap_host, $settings->ldap_port);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $settings->ldap_protocol);
if ($settings->ldap_tls == 1) {
ldap_start_tls($ds);
}
if (!@ldap_bind($ds)) {
throw new Exception('OpenLDAP: Could not connect to LDAP-Server');
}
if ($r = ldap_search($ds, $settings->ldap_basedn, '(uid=' . $this->username . ')')) {
$result = @ldap_get_entries($ds, $r);
if ($result[0] && @ldap_bind($ds, $result[0]['dn'], $this->password)) {
$user = YumUser::model()->find('username=:username', array(':username' => $this->username));
if ($user == NULL) {
if ($settings->ldap_autocreate == 1) {
$user = new YumUser();
$user->username = $this->username;
if ($settings->ldap_transfer_pw == 1) {
$user->password = YumEncrypt::encrypt($this->password);
}
$user->lastpasswordchange = 0;
$user->activationKey = '';
$user->superuser = 0;
$user->createtime = time();
$user->status = 1;
if ($user->save(false)) {
if (Yum::module()->enableProfiles) {
$profile = new YumProfile();
$profile->user_id = $user->id;
$profile->privacy = 'protected';
if ($settings->ldap_transfer_attr == 1) {
$profile->email = $result[0]['mail'][0];
$profile->lastname = $result[0]['sn'][0];
$profile->firstname = $result[0]['givenname'][0];
$profile->street = $result[0]['postaladdress'][0];
$profile->city = $result[0]['l'][0];
}
$profile->save(false);
}
} else {
return !($this->errorCode = self::ERROR_PASSWORD_INVALID);
}
} else {
return !($this->errorCode = self::ERROR_PASSWORD_INVALID);
}
}
$this->id = $user->id;
$this->setState('id', $user->id);
$this->username = $user->username;
$this->user = $user;
return !($this->errorCode = self::ERROR_NONE);
}
}
return !($this->errorCode = self::ERROR_PASSWORD_INVALID);
}
function authenticateToUMLDAP($accountName, $credential, $ldapServer = 'ldap.missouri.edu', $ldapPort = 3268, &$errorMsg = "", $requireSecure = true)
{
$error = array();
$query_result = array();
$attributes = array("samaccountname", "proxyAddresses", "mail", "displayName");
$formatted_result = array();
$connection = ldap_connect($ldapServer, $ldapPort);
if (!$connection) {
$errorMsg = "Failed to connect to {$ldapServer}:{$ldapPort}";
return false;
}
if (!ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3)) {
$errorMsg = "Failed to Set Protocol version 3";
return false;
}
if (!ldap_set_option($connection, LDAP_OPT_REFERRALS, 0)) {
$errorMsg = "Failed to connect disable referrals from server";
return false;
}
if (!ldap_start_tls($connection) && $requireSecure) {
$errorMsg = "Unable to get a TLS connection, are you using the correct port?";
return false;
}
// Try one until we connect
$valid_domains = array("tig.mizzou.edu", "col.missouri.edu", "umsystem.umsystem.edu");
foreach ($valid_domains as $domain) {
if ($bind_status = ldap_bind($connection, $accountName . "@" . $domain, $credential)) {
break;
}
}
// A break above leaves $bind_status = true;
if ($bind_status) {
$ldapresults = ldap_search($connection, 'dc=edu', "(samaccountname={$accountName})", $attributes);
if (!$ldapresults) {
$errorMsg = "Failed to look up after bind";
return false;
} else {
// THIS VALUE IS CHECK BELOW
$result_count = ldap_count_entries($connection, $ldapresults);
$query_result = ldap_get_entries($connection, $ldapresults);
ldap_close($connection);
}
} else {
ldap_close($connection);
$errorMsg = "Failed to bind to ({$connection}) as: {$username}";
return false;
}
if ($result_count == 0) {
$formatted_result['result'] = '0';
$formatted_result['message'] = 'Invalid Username or Password';
} else {
$formatted_result['result'] = $result_count;
$formatted_result['user']['fullname'] = $query_result[0]["displayname"][0];
$formatted_result['user']['username'] = $query_result[0]["samaccountname"][0];
$formatted_result['user']['emails'] = get_email($query_result);
}
return $formatted_result;
}
function logIn($param)
{
$ds = @ldap_connect(LDAP_HOST, LDAP_PORT);
$_SESSION['loggedin'] = "-1";
// Set LDAP Version, Default is Version 2
@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION ? LDAP_VERSION : 2);
// Referrals are disabled
@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
// Enable TLS Encryption
if (LDAP_ENCRYPTION == "tls") {
// Documentation says - set to never
putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env');
@ldap_start_tls($ds);
}
if (defined('LDAP_BIND_USER') && defined('LDAP_ADMIN_USER')) {
if (!@ldap_bind($ds, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) {
return array();
}
}
$r = @ldap_search($ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN . $param['username'] . LDAP_USERNAME_ATTRIBUTE_CLOSE);
if ($r) {
$result = @ldap_get_entries($ds, $r);
if ($result[0]) {
if (@ldap_bind($ds, $result[0]['dn'], $param['password'])) {
if ($result[0] != NULL) {
if (defined("LDAP_GROUPDN")) {
if (!$this->check_filegroup_membership($ds, $result[0]['dn'])) {
return false;
}
}
// Default each user has normal User Privs
$_SESSION['loggedin'] = $param['username'];
$_SESSION['userlevel'] = LDAP_USERLEVEL;
$user['uid'] = 1;
$user['username'] = $param['username'];
$user['gid'] = 10;
$user['grp'] = "users";
$user['firstname'] = $param['username'];
$user['lastname'] = $param['username'];
$user['email'] = $param['username'];
$user['lastvisit'] = $param['username'];
$_SESSION['data'] = $user;
// Assigne Admin Privs, should be read from the LDAP Directory in the future
$ADMIN_USER = split(",", LDAP_ADMIN_USER);
foreach ($ADMIN_USER as &$value) {
if ($value == $param['username']) {
$_SESSION['userlevel'] = 1;
# LDAP_ADMINLEVEL;
$user['grp'] = "users,admins";
}
}
return $user;
}
}
}
}
return array();
}
/**
* Establish a connection to the LDAP server
*/
function connect()
{
global $RCMAIL;
if (!function_exists('ldap_connect')) {
raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "No ldap support in this installation of PHP"), true);
}
if (is_resource($this->conn)) {
return true;
}
if (!is_array($this->prop['hosts'])) {
$this->prop['hosts'] = array($this->prop['hosts']);
}
if (empty($this->prop['ldap_version'])) {
$this->prop['ldap_version'] = 3;
}
foreach ($this->prop['hosts'] as $host) {
if ($lc = @ldap_connect($host, $this->prop['port'])) {
if ($this->prop['use_tls'] === true) {
if (!ldap_start_tls($lc)) {
continue;
}
}
ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->prop['ldap_version']);
$this->prop['host'] = $host;
$this->conn = $lc;
break;
}
}
if (is_resource($this->conn)) {
$this->ready = true;
// User specific access, generate the proper values to use.
if ($this->prop["user_specific"]) {
// No password set, use the session password
if (empty($this->prop['bind_pass'])) {
$this->prop['bind_pass'] = $RCMAIL->decrypt_passwd($_SESSION["password"]);
}
// Get the pieces needed for variable replacement.
$fu = $RCMAIL->user->get_username();
list($u, $d) = explode('@', $fu);
// Replace the bind_dn and base_dn variables.
$replaces = array('%fu' => $fu, '%u' => $u, '%d' => $d);
$this->prop['bind_dn'] = strtr($this->prop['bind_dn'], $replaces);
$this->prop['base_dn'] = strtr($this->prop['base_dn'], $replaces);
}
if (!empty($this->prop['bind_dn']) && !empty($this->prop['bind_pass'])) {
$this->ready = $this->bind($this->prop['bind_dn'], $this->prop['bind_pass']);
}
} else {
raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "Could not connect to any LDAP server, tried {$host}:{$this->prop[port]} last"), true);
}
// See if the directory is writeable.
if ($this->prop['writable']) {
$this->readonly = false;
}
// end if
}
/**
* Open the LDAP connection
*
* @author Alessandro De Zorzi <adezorzi AT rhx DOT it>
**/
static function phamm_connect()
{
// Open LDAP connection to server
$connect = @ldap_connect(LDAP_HOST_NAME, LDAP_PORT) or die("LDAP connection Failed!");
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTOCOL_VERSION);
// Start TLS session
if (LDAP_TLS == 1) {
@ldap_start_tls($connect) or die("Could not start TLS. Please check your LDAP server configuration.");
}
return $connect;
}
public function __construct()
{
if (!($this->ldap_conn = ldap_connect(LDAP_SERVER, LDAP_PORT))) {
throw new Exception("No connection to " . LDAP_SERVER . " on port " . LDAP_PORT, E_CONNECTION);
}
if (!ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
throw new Exception("LDAP protocol version 3 not supported", E_CONF);
}
if (!ldap_start_tls($this->ldap_conn)) {
throw new Exception("LDAP TLS not started", E_CONNECTION);
}
}
private function connect()
{
if ($this->connection) {
return;
}
$host = $this->config['host'];
ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->config['version']);
ldap_set_option($this->connection, LDAP_OPT_REFERRALS, $this->config['optReferrals']);
$this->connection = ldap_connect($host, $this->config['port']);
if ($this->config['useStartTls']) {
ldap_start_tls($this->connection);
}
}
function authenticateLDAP($username, $password)
{
global $ldapConfig;
@ldap_set_options($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_start_tls($conn);
$rdn = "uid={$username}," . $ldapConfig['baseDN'];
$result = @ldap_bind($conn, $rdn, $passwd);
/*
if ($result) {
$this->saveUser(null, $username, $password, 1, 0);
}
*/
@ldap_close($conn);
return $result;
}
/**
* Binds LDAP connection to the server
*
* @param $username
* @param $password
*
* @return bool
*
* @throws ConnectionException
*/
public function bind($username, $password)
{
// Tries to run the LDAP Connection as TLS
if ($this->tls) {
if (!ldap_start_tls($this->connection)) {
throw new ConnectionException('Unable to Connect to LDAP using TLS.');
}
}
try {
$this->bound = ldap_bind($this->connection, $username, $password);
} catch (ErrorException $e) {
$this->bound = false;
}
return $this->bound;
}
public function __construct()
{
Config::load();
$this->ldapconn = ldap_connect(Config::get('ldap_host')) or die("Não foi possível conectar com o LDAP server.");
if ($this->ldapconn) {
ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if (Config::get('ldap_tls') && !ldap_start_tls($this->ldapconn)) {
echo "start_tls fail";
ldap_close($this->ldapconn);
return;
}
$this->ldapbind = ldap_bind($this->ldapconn, Config::get('ldap_admin'), Config::get('ldap_passwd'));
} else {
echo "Unable to connect to LDAP server";
}
}
private function connect()
{
if ($this->connection) {
return;
}
$host = $this->config['host'];
ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->config['version']);
ldap_set_option($this->connection, LDAP_OPT_REFERRALS, $this->config['optReferrals']);
$this->connection = ldap_connect($host, $this->config['port']);
if (false === $this->connection) {
throw new LdapException(sprintf('Could not connect to Ldap server: %s', ldap_error($this->connection)));
}
if ($this->config['useStartTls'] && false === ldap_start_tls($this->connection)) {
throw new LdapException(sprintf('Could not initiate TLS connection: %s', ldap_error($this->connection)));
}
}
/**
* Establish the LDAP connection
*
* @return boolean
*/
public function connect()
{
if (!$this->_link) {
\GO::debug('LDAP::connect() to ' . $this->_host . ' on port ' . $this->_port);
$this->_link = ldap_connect($this->_host, $this->_port);
if (!$this->_link) {
throw new \Exception("LDAP connection to " . $this->_host . " on " . $this->_port . " failed");
}
ldap_set_option($this->_link, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->_link, LDAP_OPT_REFERRALS, 0);
if ($this->_tls) {
\GO::debug('LDAP: Starting LDAP TLS');
ldap_start_tls($this->_link);
}
}
return true;
}
private function bindUser()
{
$ldapConnectionParameter = $this->ldapConfigurationParameter->getParameter();
// Try to connect to LDAP and die if we can't; note that some LDAP setups
// will successfully return a resource from ldap_connect even if the server
// is unavailable -- we need to check for bad return values again at search
// time!
$ldapConnection = @ldap_connect($ldapConnectionParameter['host'], $ldapConnectionParameter['port']);
if (!$ldapConnection) {
return new PEAR_ERROR('authentication_error_technical');
}
// Set LDAP options -- use protocol version 3 and then initiate TLS so we
// can have a secure connection over the standard LDAP port.
@ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!@ldap_start_tls($ldapConnection)) {
return new PEAR_ERROR('authentication_error_technical');
}
// If bind_username and bind_password were supplied in the config file, use
// them to access LDAP before proceeding. In some LDAP setups, these
// settings can be excluded in order to skip this step.
if (isset($ldapConnectionParameter['bind_username']) && isset($ldapConnectionParameter['bind_password'])) {
$ldapBind = @ldap_bind($ldapConnection, $ldapConnectionParameter['bind_username'], $ldapConnectionParameter['bind_password']);
if (!$ldapBind) {
return new PEAR_ERROR('authentication_error_technical');
}
}
// Search for username
$ldapFilter = $ldapConnectionParameter['username'] . '=' . $this->username;
$ldapSearch = @ldap_search($ldapConnection, $ldapConnectionParameter['basedn'], $ldapFilter);
if (!$ldapSearch) {
return new PEAR_ERROR('authentication_error_technical');
}
$info = ldap_get_entries($ldapConnection, $ldapSearch);
if ($info['count']) {
// Validate the user credentials by attempting to bind to LDAP:
$ldapBind = @ldap_bind($ldapConnection, $info[0]['dn'], $this->password);
if ($ldapBind) {
// If the bind was successful, we can look up the full user info:
$ldapSearch = ldap_search($ldapConnection, $ldapConnectionParameter['basedn'], $ldapFilter);
$data = ldap_get_entries($ldapConnection, $ldapSearch);
return $this->processLDAPUser($data, $ldapConnectionParameter);
}
}
return new PEAR_ERROR('authentication_error_invalid');
}
/**
* Authenticate user again LDAP directory (Bind)
* 2 options :
* Authenticate directly with uname in the DN
* Authenticate with manager, search the dn
*
* @param string $uname Username
* @param string $pwd Password
*
* @return bool
*/
public function authenticate($uname, $pwd = null)
{
$authenticated = false;
if (!extension_loaded('ldap')) {
$this->setErrors(0, \XoopsLocale::E_EXTENSION_PHP_LDAP_NOT_LOADED);
return $authenticated;
}
$this->ds = ldap_connect($this->ldap_server, $this->ldap_port);
if ($this->ds) {
ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0);
if ($this->ldap_use_TLS) {
// We use TLS secure connection
if (!ldap_start_tls($this->ds)) {
$this->setErrors(0, \XoopsLocale::E_TLS_CONNECTION_NOT_OPENED);
}
}
// remove the domain name prefix from the username
$uname = explode("\\", $uname);
$uname = sizeof($uname) > 0 ? $uname[sizeof($uname) - 1] : ($uname = $uname[0]);
// If the uid is not in the DN we proceed to a search
// The uid is not always in the dn
$userUPN = $this->getUPN($uname);
if (!$userUPN) {
return false;
}
// We bind as user to test the credentials
$authenticated = ldap_bind($this->ds, $userUPN, stripslashes($pwd));
if ($authenticated) {
// We load the Xoops User database
$dn = $this->getUserDN($uname);
if ($dn) {
return $this->loadXoopsUser($dn, $uname, $pwd);
} else {
return false;
}
} else {
$this->setErrors(ldap_errno($this->ds), ldap_err2str(ldap_errno($this->ds)) . '(' . $userUPN . ')');
}
} else {
$this->setErrors(0, \XoopsLocale::E_CANNOT_CONNECT_TO_SERVER);
}
@ldap_close($this->ds);
return $authenticated;
}
/**
* Connects to a specified server
*
* @param int $configId
* @return bool
* @throws \AP\ApLdap\Exception\ConnectionException
*/
public function connect($configId = 0)
{
$this->initConfig($configId);
if (!($this->connection = @ldap_connect($this->getConfig()->getLdapHost(), $this->getConfig()->getLdapPort()))) {
throw new ConnectionException($this->connection, 'Can\'t connect to LDAP server ' . $this->getConfig()->getLdapHost());
}
@ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->getConfig()->getLdapProtocol());
// Active Directory (User@Domain) configuration.
if ($this->getConfig()->getLdapType() == Config::LDAP_TYPE_ACTIVEDIRECTORY) {
@ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
}
if ($this->getConfig()->getLdapUseTls()) {
if (!@ldap_start_tls($this->connection)) {
throw new ConnectionException($this->connection, 'Start TLS failed');
}
}
return true;
}
function install_etape_ldap2_dist()
{
echo install_debut_html('AUTO', ' onload="document.getElementById(\'suivant\').focus();return false;"');
$adresse_ldap = _request('adresse_ldap');
$port_ldap = _request('port_ldap');
$tls_ldap = _request('tls_ldap');
$protocole_ldap = _request('protocole_ldap');
$login_ldap = _request('login_ldap');
$pass_ldap = _request('pass_ldap');
$port_ldap = intval($port_ldap);
$tls = false;
if ($tls_ldap == 'oui') {
if ($port_ldap == 636) {
$adresse_ldap = "ldaps://{$adresse_ldap}";
} else {
$tls = true;
}
}
$ldap_link = ldap_connect($adresse_ldap, $port_ldap);
$erreur = "ldap_connect({$adresse_ldap}, {$port_ldap})";
if ($ldap_link) {
if (!ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, $protocole_ldap)) {
$protocole_ldap = 2;
ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, $protocole_ldap);
}
if ($tls === true) {
if (!ldap_start_tls($ldap_link)) {
$erreur = "ldap_start_tls({$ldap_link}) {$adresse_ldap}, {$port_ldap}";
$ldap_link = false;
}
}
if ($ldap_link) {
$ldap_link = ldap_bind($ldap_link, $login_ldap, $pass_ldap);
$erreur = "ldap_bind('{$ldap_link}', '{$login_ldap}', '{$pass_ldap}'): {$adresse_ldap}, {$port_ldap}";
}
}
if ($ldap_link) {
echo info_etape(_T('titre_connexion_ldap'), info_progression_etape(2, 'etape_ldap', 'install/')), _T('info_connexion_ldap_ok');
echo generer_form_ecrire('install', "\n<input type='hidden' name='etape' value='ldap3' />" . "\n<input type='hidden' name='adresse_ldap' value=\"{$adresse_ldap}\" />" . "\n<input type='hidden' name='port_ldap' value=\"{$port_ldap}\" />" . "\n<input type='hidden' name='login_ldap' value=\"{$login_ldap}\" />" . "\n<input type='hidden' name='pass_ldap' value=\"{$pass_ldap}\" />" . "\n<input type='hidden' name='protocole_ldap' value=\"{$protocole_ldap}\" />" . "\n<input type='hidden' name='tls_ldap' value=\"{$tls_ldap}\" />" . bouton_suivant());
} else {
echo info_etape(_T('titre_connexion_ldap')), info_progression_etape(1, 'etape_ldap', 'install/', true), "<div class='error'><p>" . _T('avis_connexion_ldap_echec_1') . "</p>", "<p>" . _T('avis_connexion_ldap_echec_2') . "<br />\n" . _T('avis_connexion_ldap_echec_3') . '<br /><br />' . $erreur . '<b> ?</b></p></div>';
}
echo install_fin_html();
}
function ldap_init()
{
global $ds, $config;
if (!is_resource($ds)) {
$ds = @ldap_connect($config['auth_ldap_server'], $config['auth_ldap_port']);
print_debug("LDAP[Connect]");
if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) {
$tls = ldap_start_tls($ds);
if ($config['auth_ldap_starttls'] == 'require' && $tls == FALSE) {
session_logout();
print_error("Fatal error: LDAP TLS required but not successfully negotiated [" . ldap_error($ds) . "]");
exit;
}
}
if ($config['auth_ldap_version']) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']);
}
}
}
private function getDs()
{
if (!$this->ds) {
$this->ds = ldap_connect($this->ldap_host, $this->ldap_port);
if (ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if (ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0)) {
ldap_start_tls($this->ds);
}
}
}
// login
if (!empty($this->ldap_dn)) {
$ldap_login = @ldap_bind($this->ds, $this->ldap_dn, $this->ldap_password);
if (!$ldap_login) {
return false;
}
}
return $this->ds;
}
