/** * Connect and bind to ldap server. * * @throws Ingo_Exception */ protected function _connect() { if (!($ldapcn = @ldap_connect($this->_params['hostspec'], $this->_params['port']))) { throw new Ingo_Exception(_("Connection failure")); } /* Set the LDAP protocol version. */ if (!empty($this->_params['version'])) { @ldap_set_option($ldapcn, LDAP_OPT_PROTOCOL_VERSION, $this->_params['version']); } /* Start TLS if we're using it. */ if (!empty($this->_params['tls']) && !@ldap_start_tls($ldapcn)) { throw new Ingo_Exception(sprintf(_("STARTTLS failed: (%s) %s"), ldap_errno($ldapcn), ldap_error($ldapcn))); } /* Bind to the server. */ if (isset($this->_params['bind_dn'])) { $bind_dn = $this->_substUser($this->_params['bind_dn']); $password = isset($this->_params['bind_password']) ? $this->_params['bind_password'] : $this->_params['password']; $bind_success = @ldap_bind($ldapcn, $bind_dn, $password); } else { $bind_success = @ldap_bind($ldapcn); } if ($bind_success) { return $ldapcn; } throw new Ingo_Exception(sprintf(_("Bind failed: (%s) %s"), ldap_errno($ldapcn), ldap_error($ldapcn))); }
public function __construct() { $this->ldap = ldap_connect(QACASConfig::$ldap_server); if (!$this->ldap) { throw new LDAPException('ldap_connect() failed'); } if (!ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3)) { throw new LDAPException('ldap_set_option(PROTOCOL) failed', $this->ldap); } if (!ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, false)) { throw new LDAPException('ldap_set_option(REFERRALS) failed', $this->ldap); } if (QACASConfig::$ldap_starttls) { if (!ldap_start_tls($this->ldap)) { throw new LDAPException('ldap_start_tls() failed', $this->ldap); } } if (QACASConfig::$ldap_bind_dn) { if (!ldap_bind($this->ldap, QACASConfig::$ldap_bind_dn, QACASConfig::$ldap_bind_pass)) { throw new LDAPException('ldap_bind() failed', $this->ldap); } } else { if (!ldap_bind($this->ldap, QACASConfig::$ldap_bind_dn, QACASConfig::$ldap_bind_pass)) { throw new LDAPException('ldap_bind() failed', $this->ldap); } } }
/** * Initiate LDAP connection. * * Not done in __construct(), only when a read or write action is * necessary. */ protected function _connect() { if ($this->_ds) { return; } if (!($this->_ds = @ldap_connect($this->_params['server'], $this->_params['port']))) { throw new Turba_Exception(_("Connection failure")); } /* Set the LDAP protocol version. */ if (!empty($this->_params['version'])) { @ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->_params['version']); } /* Set the LDAP deref option for dereferencing aliases. */ if (!empty($this->_params['deref'])) { @ldap_set_option($this->_ds, LDAP_OPT_DEREF, $this->_params['deref']); } /* Set the LDAP referrals. */ if (!empty($this->_params['referrals'])) { @ldap_set_option($this->_ds, LDAP_OPT_REFERRALS, $this->_params['referrals']); } /* Start TLS if we're using it. */ if (!empty($this->_params['tls']) && !@ldap_start_tls($this->_ds)) { throw new Turba_Exception(sprintf(_("STARTTLS failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds))); } /* Bind to the server. */ if (isset($this->_params['bind_dn']) && isset($this->_params['bind_password'])) { $error = !@ldap_bind($this->_ds, $this->_params['bind_dn'], $this->_params['bind_password']); } else { $error = !@ldap_bind($this->_ds); } if ($error) { throw new Turba_Exception(sprintf(_("Bind failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds))); } }
private function _connectLDAP() { global $conf; # Connect to LDAP $this->ldap = ldap_connect($conf->auth_ldap->url); ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, 0); if ($conf->auth_ldap->starttls && !ldap_start_tls($this->ldap)) { error_log("LDAP - Unable to use StartTLS"); return false; } else { # Bind if (isset($conf->auth_ldap->binddn) && isset($conf->auth_ldap->bindpw)) { $bind = ldap_bind($this->ldap, $conf->auth_ldap->binddn, $conf->auth_ldap->bindpw); } else { $bind = ldap_bind($this->ldap); } $errno = ldap_errno($this->ldap); if ($errno) { error_log("LDAP - Bind error {$errno} (" . ldap_error($this->ldap) . ")"); error_log("LDAP - Cannot bind with user " . $conf->auth_ldap->binddn . " and " . $conf->auth_ldap->bindpw); return false; } } return true; }
private function connect() { $host = $this->params['host']; if (isset($this->params['useSsl']) && (bool) $this->params['useSsl']) { $host = 'ldaps://' . $host; } $ress = @ldap_connect($host, $this->params['port']); if (isset($this->params['useStartTls']) && (bool) $this->params['useStartTls']) { ldap_start_tls($ress); } if (isset($this->params['version']) && $this->params['version'] !== null) { ldap_set_option($ress, LDAP_OPT_PROTOCOL_VERSION, $this->params['version']); } if (isset($this->params['optReferrals']) && $this->params['optReferrals'] !== null) { ldap_set_option($ress, LDAP_OPT_REFERRALS, $this->params['optReferrals']); } if (isset($this->params['username']) && $this->params['version'] !== null) { if (!isset($this->params['password'])) { throw new \Exception('You must uncomment password key'); } $bindress = @ldap_bind($ress, $this->params['username'], $this->params['password']); if (!$bindress) { throw new \Exception('The credentials you have configured are not valid'); } } else { $bindress = @ldap_bind($ress); if (!$bindress) { throw new \Exception('Unable to connect Ldap'); } } $this->ldap_res = $ress; }
function ldap_init() { global $ds, $config; if (!is_resource($ds)) { print_debug("LDAP[Connecting to " . implode(",", $config['auth_ldap_server']) . "]"); $ds = @ldap_connect(implode(",", $config['auth_ldap_server']), $config['auth_ldap_port']); print_debug("LDAP[Connected]"); if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) { $tls = ldap_start_tls($ds); if ($config['auth_ldap_starttls'] == 'require' && $tls == FALSE) { session_logout(); print_error("Fatal error: LDAP TLS required but not successfully negotiated [" . ldap_error($ds) . "]"); exit; } } if ($config['auth_ldap_referrals']) { ldap_set_option($ds, LDAP_OPT_REFERRALS, $config['auth_ldap_referrals']); print_debug("LDAP[Referrals][Set to " . $config['auth_ldap_referrals'] . "]"); } else { ldap_set_option($ds, LDAP_OPT_REFERRALS, FALSE); print_debug("LDAP[Referrals][Disabled]"); } if ($config['auth_ldap_version']) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']); print_debug("LDAP[Version][Set to " . $config['auth_ldap_version'] . "]"); } } }
/** * Creates a secure LDAP connection to the University's LDAP server. * This is done by authenticating as a current student. * @param string $uid The student's NetID. * @param string $password The student's password for their NetID. */ public function __construct($uid, $password) { if (!putenv('LDAPTLS_CACERTDIR=' . UniversityLdap::CA_CERT_DIR)) { trigger_error('Unable to set TLS certificate directory.', E_USER_WARNING); } $this->dn = "uid={$uid}," . UniversityLdap::NETID_DN_BASE; $this->log('Connecting to University LDAP.'); $this->connection = ldap_connect(UniversityLdap::NETID_SERVER); if (!$this->connection) { throw new Exception('Unable to open connection to University LDAP.'); } ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->connection, LDAP_OPT_X_TLS_CACERTDIR, UniversityLdap::CA_CERT_DIR); // // Output more LDAP information when debugging if (self::DEBUG) { ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7); } if (!ldap_start_tls($this->connection)) { $this->trigger_ldap_error(); throw new Exception('Unable to start TLS Encryption for University LDAP connection.'); } $this->log('Binding to University LDAP.'); if (!@ldap_bind($this->connection, $this->dn, $password)) { $this->trigger_ldap_error(); throw new RuntimeException('Unable to bind to University LDAP. Bad username/password?'); } }
public function __construct($host = UL_LDAP_DEFAULT_HOST, $port = UL_LDAP_DEFAULT_PORT, $enc = UL_LDAP_DEFAULT_ENCRYPTION) { $constr = "{$host}:{$port}"; if ($enc == 'SSL') { if (!ulUtils::BeginsWith($host, 'ldaps:')) { $constr = "ldaps://{$constr}"; } } else { if (!ulUtils::BeginsWith($host, 'ldaps:')) { $constr = "ldap://{$constr}"; } } $this->con = ldap_connect($constr, $port); if ($this->con === false) { return; } if (!ldap_set_option($this->con, LDAP_OPT_PROTOCOL_VERSION, 3)) { $this->Fail(); } if (!ldap_set_option($this->con, LDAP_OPT_REFERRALS, 0)) { $this->Fail(); } if ($enc == 'TLS' && !ldap_start_tls($this->con)) { $this->Fail(); } }
/** * Makes a connection to LDAP using the settings in Admin > Settings. * * @author [A. Gianotto] [<*****@*****.**>] * @since [v3.0] * @return connection */ public static function connectToLdap() { $ldap_host = Setting::getSettings()->ldap_server; $ldap_version = Setting::getSettings()->ldap_version; $ldap_server_cert_ignore = Setting::getSettings()->ldap_server_cert_ignore; $ldap_use_tls = Setting::getSettings()->ldap_tls; // If we are ignoring the SSL cert we need to setup the environment variable // before we create the connection if ($ldap_server_cert_ignore == '1') { putenv('LDAPTLS_REQCERT=never'); } // If the user specifies where CA Certs are, make sure to use them if (env("LDAPTLS_CACERT")) { putenv("LDAPTLS_CACERT=" . env("LDAPTLS_CACERT")); } $connection = @ldap_connect($ldap_host); if (!$connection) { throw new Exception('Could not connect to LDAP server at ' . $ldap_host . '. Please check your LDAP server name and port number in your settings.'); } // Needed for AD ldap_set_option($connection, LDAP_OPT_REFERRALS, 0); ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_version); if ($ldap_use_tls == '1') { ldap_start_tls($connection); } return $connection; }
public function connect() { // connection already established if ($this->ds) { return true; } $this->bound = 0; if (!($this->ds = ldap_connect($this->cnf['host'], $this->cnf['port']))) { error('LDAP: couldn\'t connect to LDAP server.'); return false; } // set protocol version and dependend options if ($this->cnf['version']) { if (!ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->cnf['version'])) { error('Setting LDAP Protocol version ' . $this->cnf['version'] . ' failed.'); } else { // use TLS (needs version 3) if (isset($this->cnf['starttls']) && !ldap_start_tls($this->ds)) { error('Starting TLS failed.'); } // needs version 3 if (!zbx_empty($this->cnf['referrals']) && !ldap_set_option($this->ds, LDAP_OPT_REFERRALS, $this->cnf['referrals'])) { error('Setting LDAP referrals to off failed.'); } } } // set deref mode if (isset($this->cnf['deref']) && !ldap_set_option($this->ds, LDAP_OPT_DEREF, $this->cnf['deref'])) { error('Setting LDAP Deref mode ' . $this->cnf['deref'] . ' failed.'); } return true; }
function ldap_getCnx($server_id = null) { global $ldap_server; if (is_null($server_id)) { return False; } else { if ($ldap_server[$server_id]['protoversion'] == 'ldapv3' && $ldap_server[$server_id]['encrypt'] != 'ldaps') { $ds = ldap_connect($ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); if (!$ldap_server[$server_id]['referrals']) { ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); } if ($ldap_server[$server_id]['encrypt'] == 'start-tls') { ldap_start_tls($ds); } } elseif ($ldap_server[$server_id]['protoversion'] == 'ldapv2') { if ($ldap_server[$server_id]['encrypt'] == 'ldaps') { $ds = ldap_connect("ldaps://" . $ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']); } else { $ds = ldap_connect($ldap_server[$server_id]['server'], $ldap_server[$server_id]['port']); } if (!$ldap_server[$server_id]['referrals']) { ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); } } return $ds; } }
/** * * * @param string $username * @param string $password * @param string $company_file * @param integer $wait_before_next_update * @param integer $min_run_every_n_seconds * @return boolean */ public function authenticate($username, $password, &$company_file, &$wait_before_next_update, &$min_run_every_n_seconds) { if (!strlen(trim($username)) or !strlen(trim($password))) { return false; } if ($ds = ldap_connect($this->_ldap_host, $this->_ldap_port)) { if ($this->_ldap_version) { if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, (int) $this->_ldap_version)) { return false; } } if ($this->_ldap_tls) { if (!ldap_start_tls($ds)) { return false; } } if ($r = ldap_search($ds, $this->_ldap_basedn, $this->_ldap_attribute . '=' . $username)) { $entries = ldap_get_entries($ds, $r); if (!empty($entries[0])) { return @ldap_bind($ds, $entries[0]['dn'], $password); } } } return false; }
public function authenticateLdap() { if (!($settings = YumSettings::model()->find('is_active'))) { throw new ExceptionClass('No active YUM-Settings profile found'); } $ds = @ldap_connect($settings->ldap_host, $settings->ldap_port); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $settings->ldap_protocol); if ($settings->ldap_tls == 1) { ldap_start_tls($ds); } if (!@ldap_bind($ds)) { throw new Exception('OpenLDAP: Could not connect to LDAP-Server'); } if ($r = ldap_search($ds, $settings->ldap_basedn, '(uid=' . $this->username . ')')) { $result = @ldap_get_entries($ds, $r); if ($result[0] && @ldap_bind($ds, $result[0]['dn'], $this->password)) { $user = YumUser::model()->find('username=:username', array(':username' => $this->username)); if ($user == NULL) { if ($settings->ldap_autocreate == 1) { $user = new YumUser(); $user->username = $this->username; if ($settings->ldap_transfer_pw == 1) { $user->password = YumEncrypt::encrypt($this->password); } $user->lastpasswordchange = 0; $user->activationKey = ''; $user->superuser = 0; $user->createtime = time(); $user->status = 1; if ($user->save(false)) { if (Yum::module()->enableProfiles) { $profile = new YumProfile(); $profile->user_id = $user->id; $profile->privacy = 'protected'; if ($settings->ldap_transfer_attr == 1) { $profile->email = $result[0]['mail'][0]; $profile->lastname = $result[0]['sn'][0]; $profile->firstname = $result[0]['givenname'][0]; $profile->street = $result[0]['postaladdress'][0]; $profile->city = $result[0]['l'][0]; } $profile->save(false); } } else { return !($this->errorCode = self::ERROR_PASSWORD_INVALID); } } else { return !($this->errorCode = self::ERROR_PASSWORD_INVALID); } } $this->id = $user->id; $this->setState('id', $user->id); $this->username = $user->username; $this->user = $user; return !($this->errorCode = self::ERROR_NONE); } } return !($this->errorCode = self::ERROR_PASSWORD_INVALID); }
function authenticateToUMLDAP($accountName, $credential, $ldapServer = 'ldap.missouri.edu', $ldapPort = 3268, &$errorMsg = "", $requireSecure = true) { $error = array(); $query_result = array(); $attributes = array("samaccountname", "proxyAddresses", "mail", "displayName"); $formatted_result = array(); $connection = ldap_connect($ldapServer, $ldapPort); if (!$connection) { $errorMsg = "Failed to connect to {$ldapServer}:{$ldapPort}"; return false; } if (!ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3)) { $errorMsg = "Failed to Set Protocol version 3"; return false; } if (!ldap_set_option($connection, LDAP_OPT_REFERRALS, 0)) { $errorMsg = "Failed to connect disable referrals from server"; return false; } if (!ldap_start_tls($connection) && $requireSecure) { $errorMsg = "Unable to get a TLS connection, are you using the correct port?"; return false; } // Try one until we connect $valid_domains = array("tig.mizzou.edu", "col.missouri.edu", "umsystem.umsystem.edu"); foreach ($valid_domains as $domain) { if ($bind_status = ldap_bind($connection, $accountName . "@" . $domain, $credential)) { break; } } // A break above leaves $bind_status = true; if ($bind_status) { $ldapresults = ldap_search($connection, 'dc=edu', "(samaccountname={$accountName})", $attributes); if (!$ldapresults) { $errorMsg = "Failed to look up after bind"; return false; } else { // THIS VALUE IS CHECK BELOW $result_count = ldap_count_entries($connection, $ldapresults); $query_result = ldap_get_entries($connection, $ldapresults); ldap_close($connection); } } else { ldap_close($connection); $errorMsg = "Failed to bind to ({$connection}) as: {$username}"; return false; } if ($result_count == 0) { $formatted_result['result'] = '0'; $formatted_result['message'] = 'Invalid Username or Password'; } else { $formatted_result['result'] = $result_count; $formatted_result['user']['fullname'] = $query_result[0]["displayname"][0]; $formatted_result['user']['username'] = $query_result[0]["samaccountname"][0]; $formatted_result['user']['emails'] = get_email($query_result); } return $formatted_result; }
function logIn($param) { $ds = @ldap_connect(LDAP_HOST, LDAP_PORT); $_SESSION['loggedin'] = "-1"; // Set LDAP Version, Default is Version 2 @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION ? LDAP_VERSION : 2); // Referrals are disabled @ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); // Enable TLS Encryption if (LDAP_ENCRYPTION == "tls") { // Documentation says - set to never putenv('LDAPTLS_REQCERT=never') or die('Failed to setup the env'); @ldap_start_tls($ds); } if (defined('LDAP_BIND_USER') && defined('LDAP_ADMIN_USER')) { if (!@ldap_bind($ds, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) { return array(); } } $r = @ldap_search($ds, LDAP_BASEDN, LDAP_USERNAME_ATTRIBUTE_OPEN . $param['username'] . LDAP_USERNAME_ATTRIBUTE_CLOSE); if ($r) { $result = @ldap_get_entries($ds, $r); if ($result[0]) { if (@ldap_bind($ds, $result[0]['dn'], $param['password'])) { if ($result[0] != NULL) { if (defined("LDAP_GROUPDN")) { if (!$this->check_filegroup_membership($ds, $result[0]['dn'])) { return false; } } // Default each user has normal User Privs $_SESSION['loggedin'] = $param['username']; $_SESSION['userlevel'] = LDAP_USERLEVEL; $user['uid'] = 1; $user['username'] = $param['username']; $user['gid'] = 10; $user['grp'] = "users"; $user['firstname'] = $param['username']; $user['lastname'] = $param['username']; $user['email'] = $param['username']; $user['lastvisit'] = $param['username']; $_SESSION['data'] = $user; // Assigne Admin Privs, should be read from the LDAP Directory in the future $ADMIN_USER = split(",", LDAP_ADMIN_USER); foreach ($ADMIN_USER as &$value) { if ($value == $param['username']) { $_SESSION['userlevel'] = 1; # LDAP_ADMINLEVEL; $user['grp'] = "users,admins"; } } return $user; } } } } return array(); }
/** * Establish a connection to the LDAP server */ function connect() { global $RCMAIL; if (!function_exists('ldap_connect')) { raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "No ldap support in this installation of PHP"), true); } if (is_resource($this->conn)) { return true; } if (!is_array($this->prop['hosts'])) { $this->prop['hosts'] = array($this->prop['hosts']); } if (empty($this->prop['ldap_version'])) { $this->prop['ldap_version'] = 3; } foreach ($this->prop['hosts'] as $host) { if ($lc = @ldap_connect($host, $this->prop['port'])) { if ($this->prop['use_tls'] === true) { if (!ldap_start_tls($lc)) { continue; } } ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->prop['ldap_version']); $this->prop['host'] = $host; $this->conn = $lc; break; } } if (is_resource($this->conn)) { $this->ready = true; // User specific access, generate the proper values to use. if ($this->prop["user_specific"]) { // No password set, use the session password if (empty($this->prop['bind_pass'])) { $this->prop['bind_pass'] = $RCMAIL->decrypt_passwd($_SESSION["password"]); } // Get the pieces needed for variable replacement. $fu = $RCMAIL->user->get_username(); list($u, $d) = explode('@', $fu); // Replace the bind_dn and base_dn variables. $replaces = array('%fu' => $fu, '%u' => $u, '%d' => $d); $this->prop['bind_dn'] = strtr($this->prop['bind_dn'], $replaces); $this->prop['base_dn'] = strtr($this->prop['base_dn'], $replaces); } if (!empty($this->prop['bind_dn']) && !empty($this->prop['bind_pass'])) { $this->ready = $this->bind($this->prop['bind_dn'], $this->prop['bind_pass']); } } else { raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "Could not connect to any LDAP server, tried {$host}:{$this->prop[port]} last"), true); } // See if the directory is writeable. if ($this->prop['writable']) { $this->readonly = false; } // end if }
/** * Open the LDAP connection * * @author Alessandro De Zorzi <adezorzi AT rhx DOT it> **/ static function phamm_connect() { // Open LDAP connection to server $connect = @ldap_connect(LDAP_HOST_NAME, LDAP_PORT) or die("LDAP connection Failed!"); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTOCOL_VERSION); // Start TLS session if (LDAP_TLS == 1) { @ldap_start_tls($connect) or die("Could not start TLS. Please check your LDAP server configuration."); } return $connect; }
public function __construct() { if (!($this->ldap_conn = ldap_connect(LDAP_SERVER, LDAP_PORT))) { throw new Exception("No connection to " . LDAP_SERVER . " on port " . LDAP_PORT, E_CONNECTION); } if (!ldap_set_option($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3)) { throw new Exception("LDAP protocol version 3 not supported", E_CONF); } if (!ldap_start_tls($this->ldap_conn)) { throw new Exception("LDAP TLS not started", E_CONNECTION); } }
private function connect() { if ($this->connection) { return; } $host = $this->config['host']; ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->config['version']); ldap_set_option($this->connection, LDAP_OPT_REFERRALS, $this->config['optReferrals']); $this->connection = ldap_connect($host, $this->config['port']); if ($this->config['useStartTls']) { ldap_start_tls($this->connection); } }
function authenticateLDAP($username, $password) { global $ldapConfig; @ldap_set_options($conn, LDAP_OPT_PROTOCOL_VERSION, 3); @ldap_start_tls($conn); $rdn = "uid={$username}," . $ldapConfig['baseDN']; $result = @ldap_bind($conn, $rdn, $passwd); /* if ($result) { $this->saveUser(null, $username, $password, 1, 0); } */ @ldap_close($conn); return $result; }
/** * Binds LDAP connection to the server * * @param $username * @param $password * * @return bool * * @throws ConnectionException */ public function bind($username, $password) { // Tries to run the LDAP Connection as TLS if ($this->tls) { if (!ldap_start_tls($this->connection)) { throw new ConnectionException('Unable to Connect to LDAP using TLS.'); } } try { $this->bound = ldap_bind($this->connection, $username, $password); } catch (ErrorException $e) { $this->bound = false; } return $this->bound; }
public function __construct() { Config::load(); $this->ldapconn = ldap_connect(Config::get('ldap_host')) or die("Não foi possível conectar com o LDAP server."); if ($this->ldapconn) { ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); if (Config::get('ldap_tls') && !ldap_start_tls($this->ldapconn)) { echo "start_tls fail"; ldap_close($this->ldapconn); return; } $this->ldapbind = ldap_bind($this->ldapconn, Config::get('ldap_admin'), Config::get('ldap_passwd')); } else { echo "Unable to connect to LDAP server"; } }
private function connect() { if ($this->connection) { return; } $host = $this->config['host']; ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->config['version']); ldap_set_option($this->connection, LDAP_OPT_REFERRALS, $this->config['optReferrals']); $this->connection = ldap_connect($host, $this->config['port']); if (false === $this->connection) { throw new LdapException(sprintf('Could not connect to Ldap server: %s', ldap_error($this->connection))); } if ($this->config['useStartTls'] && false === ldap_start_tls($this->connection)) { throw new LdapException(sprintf('Could not initiate TLS connection: %s', ldap_error($this->connection))); } }
/** * Establish the LDAP connection * * @return boolean */ public function connect() { if (!$this->_link) { \GO::debug('LDAP::connect() to ' . $this->_host . ' on port ' . $this->_port); $this->_link = ldap_connect($this->_host, $this->_port); if (!$this->_link) { throw new \Exception("LDAP connection to " . $this->_host . " on " . $this->_port . " failed"); } ldap_set_option($this->_link, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->_link, LDAP_OPT_REFERRALS, 0); if ($this->_tls) { \GO::debug('LDAP: Starting LDAP TLS'); ldap_start_tls($this->_link); } } return true; }
private function bindUser() { $ldapConnectionParameter = $this->ldapConfigurationParameter->getParameter(); // Try to connect to LDAP and die if we can't; note that some LDAP setups // will successfully return a resource from ldap_connect even if the server // is unavailable -- we need to check for bad return values again at search // time! $ldapConnection = @ldap_connect($ldapConnectionParameter['host'], $ldapConnectionParameter['port']); if (!$ldapConnection) { return new PEAR_ERROR('authentication_error_technical'); } // Set LDAP options -- use protocol version 3 and then initiate TLS so we // can have a secure connection over the standard LDAP port. @ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); if (!@ldap_start_tls($ldapConnection)) { return new PEAR_ERROR('authentication_error_technical'); } // If bind_username and bind_password were supplied in the config file, use // them to access LDAP before proceeding. In some LDAP setups, these // settings can be excluded in order to skip this step. if (isset($ldapConnectionParameter['bind_username']) && isset($ldapConnectionParameter['bind_password'])) { $ldapBind = @ldap_bind($ldapConnection, $ldapConnectionParameter['bind_username'], $ldapConnectionParameter['bind_password']); if (!$ldapBind) { return new PEAR_ERROR('authentication_error_technical'); } } // Search for username $ldapFilter = $ldapConnectionParameter['username'] . '=' . $this->username; $ldapSearch = @ldap_search($ldapConnection, $ldapConnectionParameter['basedn'], $ldapFilter); if (!$ldapSearch) { return new PEAR_ERROR('authentication_error_technical'); } $info = ldap_get_entries($ldapConnection, $ldapSearch); if ($info['count']) { // Validate the user credentials by attempting to bind to LDAP: $ldapBind = @ldap_bind($ldapConnection, $info[0]['dn'], $this->password); if ($ldapBind) { // If the bind was successful, we can look up the full user info: $ldapSearch = ldap_search($ldapConnection, $ldapConnectionParameter['basedn'], $ldapFilter); $data = ldap_get_entries($ldapConnection, $ldapSearch); return $this->processLDAPUser($data, $ldapConnectionParameter); } } return new PEAR_ERROR('authentication_error_invalid'); }
/** * Authenticate user again LDAP directory (Bind) * 2 options : * Authenticate directly with uname in the DN * Authenticate with manager, search the dn * * @param string $uname Username * @param string $pwd Password * * @return bool */ public function authenticate($uname, $pwd = null) { $authenticated = false; if (!extension_loaded('ldap')) { $this->setErrors(0, \XoopsLocale::E_EXTENSION_PHP_LDAP_NOT_LOADED); return $authenticated; } $this->ds = ldap_connect($this->ldap_server, $this->ldap_port); if ($this->ds) { ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version); ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0); if ($this->ldap_use_TLS) { // We use TLS secure connection if (!ldap_start_tls($this->ds)) { $this->setErrors(0, \XoopsLocale::E_TLS_CONNECTION_NOT_OPENED); } } // remove the domain name prefix from the username $uname = explode("\\", $uname); $uname = sizeof($uname) > 0 ? $uname[sizeof($uname) - 1] : ($uname = $uname[0]); // If the uid is not in the DN we proceed to a search // The uid is not always in the dn $userUPN = $this->getUPN($uname); if (!$userUPN) { return false; } // We bind as user to test the credentials $authenticated = ldap_bind($this->ds, $userUPN, stripslashes($pwd)); if ($authenticated) { // We load the Xoops User database $dn = $this->getUserDN($uname); if ($dn) { return $this->loadXoopsUser($dn, $uname, $pwd); } else { return false; } } else { $this->setErrors(ldap_errno($this->ds), ldap_err2str(ldap_errno($this->ds)) . '(' . $userUPN . ')'); } } else { $this->setErrors(0, \XoopsLocale::E_CANNOT_CONNECT_TO_SERVER); } @ldap_close($this->ds); return $authenticated; }
/** * Connects to a specified server * * @param int $configId * @return bool * @throws \AP\ApLdap\Exception\ConnectionException */ public function connect($configId = 0) { $this->initConfig($configId); if (!($this->connection = @ldap_connect($this->getConfig()->getLdapHost(), $this->getConfig()->getLdapPort()))) { throw new ConnectionException($this->connection, 'Can\'t connect to LDAP server ' . $this->getConfig()->getLdapHost()); } @ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->getConfig()->getLdapProtocol()); // Active Directory (User@Domain) configuration. if ($this->getConfig()->getLdapType() == Config::LDAP_TYPE_ACTIVEDIRECTORY) { @ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0); } if ($this->getConfig()->getLdapUseTls()) { if (!@ldap_start_tls($this->connection)) { throw new ConnectionException($this->connection, 'Start TLS failed'); } } return true; }
function install_etape_ldap2_dist() { echo install_debut_html('AUTO', ' onload="document.getElementById(\'suivant\').focus();return false;"'); $adresse_ldap = _request('adresse_ldap'); $port_ldap = _request('port_ldap'); $tls_ldap = _request('tls_ldap'); $protocole_ldap = _request('protocole_ldap'); $login_ldap = _request('login_ldap'); $pass_ldap = _request('pass_ldap'); $port_ldap = intval($port_ldap); $tls = false; if ($tls_ldap == 'oui') { if ($port_ldap == 636) { $adresse_ldap = "ldaps://{$adresse_ldap}"; } else { $tls = true; } } $ldap_link = ldap_connect($adresse_ldap, $port_ldap); $erreur = "ldap_connect({$adresse_ldap}, {$port_ldap})"; if ($ldap_link) { if (!ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, $protocole_ldap)) { $protocole_ldap = 2; ldap_set_option($ldap_link, LDAP_OPT_PROTOCOL_VERSION, $protocole_ldap); } if ($tls === true) { if (!ldap_start_tls($ldap_link)) { $erreur = "ldap_start_tls({$ldap_link}) {$adresse_ldap}, {$port_ldap}"; $ldap_link = false; } } if ($ldap_link) { $ldap_link = ldap_bind($ldap_link, $login_ldap, $pass_ldap); $erreur = "ldap_bind('{$ldap_link}', '{$login_ldap}', '{$pass_ldap}'): {$adresse_ldap}, {$port_ldap}"; } } if ($ldap_link) { echo info_etape(_T('titre_connexion_ldap'), info_progression_etape(2, 'etape_ldap', 'install/')), _T('info_connexion_ldap_ok'); echo generer_form_ecrire('install', "\n<input type='hidden' name='etape' value='ldap3' />" . "\n<input type='hidden' name='adresse_ldap' value=\"{$adresse_ldap}\" />" . "\n<input type='hidden' name='port_ldap' value=\"{$port_ldap}\" />" . "\n<input type='hidden' name='login_ldap' value=\"{$login_ldap}\" />" . "\n<input type='hidden' name='pass_ldap' value=\"{$pass_ldap}\" />" . "\n<input type='hidden' name='protocole_ldap' value=\"{$protocole_ldap}\" />" . "\n<input type='hidden' name='tls_ldap' value=\"{$tls_ldap}\" />" . bouton_suivant()); } else { echo info_etape(_T('titre_connexion_ldap')), info_progression_etape(1, 'etape_ldap', 'install/', true), "<div class='error'><p>" . _T('avis_connexion_ldap_echec_1') . "</p>", "<p>" . _T('avis_connexion_ldap_echec_2') . "<br />\n" . _T('avis_connexion_ldap_echec_3') . '<br /><br />' . $erreur . '<b> ?</b></p></div>'; } echo install_fin_html(); }
function ldap_init() { global $ds, $config; if (!is_resource($ds)) { $ds = @ldap_connect($config['auth_ldap_server'], $config['auth_ldap_port']); print_debug("LDAP[Connect]"); if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) { $tls = ldap_start_tls($ds); if ($config['auth_ldap_starttls'] == 'require' && $tls == FALSE) { session_logout(); print_error("Fatal error: LDAP TLS required but not successfully negotiated [" . ldap_error($ds) . "]"); exit; } } if ($config['auth_ldap_version']) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']); } } }
private function getDs() { if (!$this->ds) { $this->ds = ldap_connect($this->ldap_host, $this->ldap_port); if (ldap_set_option($this->ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { if (ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0)) { ldap_start_tls($this->ds); } } } // login if (!empty($this->ldap_dn)) { $ldap_login = @ldap_bind($this->ds, $this->ldap_dn, $this->ldap_password); if (!$ldap_login) { return false; } } return $this->ds; }