/** * Find out if the given set of login credentials are valid. * * @param string $userId The userId to check. * @param array $credentials An array of login credentials. * * @throws Horde_Auth_Exception */ protected function _authenticate($userId, $credentials) { if (!strlen($credentials['password'])) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } /* Search for the user's full DN. */ $this->_ldap->bind(); try { $dn = $this->_ldap->findUserDN($userId); } catch (Horde_Exception_NotFound $e) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } catch (Horde_Exception_Ldap $e) { throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE); } /* Attempt to bind to the LDAP server as the user. */ try { $this->_ldap->bind($dn, $credentials['password']); // Be sure we rebind as the configured user. $this->_ldap->bind(); } catch (Horde_Ldap_Exception $e) { // Be sure we rebind as the configured user. $this->_ldap->bind(); if (Horde_Ldap::errorName($e->getCode() == 'LDAP_INVALID_CREDENTIALS')) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE); } if ($this->_params['password_expiration'] == 'yes') { $shadow = $this->_lookupShadow($dn); if ($shadow['shadowmax'] && $shadow['shadowlastchange'] && $shadow['shadowwarning']) { $today = floor(time() / 86400); $toexpire = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $today; $warnday = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $shadow['shadowwarning']; if ($today >= $warnday) { $this->setCredential('expire', $toexpire); } if ($toexpire == 0) { $this->setCredential('change', true); } elseif ($toexpire < 0) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_EXPIRED); } } } }
/** * Basic deletion is tested in testAdd(), so here we just test if * advanced deletion tasks work properly. */ public function testDelete() { $ldap = new Horde_Ldap(self::$ldapcfg['server']); // Some parameter checks. try { $ldap->delete(1234); $this->fail('Horde_Ldap_Exception expected.'); } catch (Horde_Ldap_Exception $e) { } try { $ldap->delete($ldap); $this->fail('Horde_Ldap_Exception expected.'); } catch (Horde_Ldap_Exception $e) { } // In order to test subtree deletion, we need some little tree // which we need to establish first. $base = self::$ldapcfg['server']['basedn']; $testdn = 'ou=Horde_Ldap_Test_subdelete,' . $base; $ou = Horde_Ldap_Entry::createFresh($testdn, array('objectClass' => array('top', 'organizationalUnit'), 'ou' => 'Horde_Ldap_Test_subdelete')); $ou_1 = Horde_Ldap_Entry::createFresh('ou=test1,' . $testdn, array('objectClass' => array('top', 'organizationalUnit'), 'ou' => 'test1')); $ou_1_l1 = Horde_Ldap_Entry::createFresh('l=subtest,ou=test1,' . $testdn, array('objectClass' => array('top', 'locality'), 'l' => 'test1')); $ou_2 = Horde_Ldap_Entry::createFresh('ou=test2,' . $testdn, array('objectClass' => array('top', 'organizationalUnit'), 'ou' => 'test2')); $ou_3 = Horde_Ldap_Entry::createFresh('ou=test3,' . $testdn, array('objectClass' => array('top', 'organizationalUnit'), 'ou' => 'test3')); $ldap->add($ou); $ldap->add($ou_1); $ldap->add($ou_1_l1); $ldap->add($ou_2); $ldap->add($ou_3); $this->assertTrue($ldap->exists($ou->dn())); $this->assertTrue($ldap->exists($ou_1->dn())); $this->assertTrue($ldap->exists($ou_1_l1->dn())); $this->assertTrue($ldap->exists($ou_2->dn())); $this->assertTrue($ldap->exists($ou_3->dn())); // Tree established now. We can run some tests now :D // Try to delete some non existent entry inside that subtree (fails). try { $ldap->delete('cn=not_existent,ou=test1,' . $testdn); $this->fail('Horde_Ldap_Exception expected.'); } catch (Horde_Ldap_Exception $e) { $this->assertEquals('LDAP_NO_SUCH_OBJECT', Horde_Ldap::errorName($e->getCode())); } // Try to delete main test ou without recursive set (fails too). try { $ldap->delete($testdn); $this->fail('Horde_Ldap_Exception expected.'); } catch (Horde_Ldap_Exception $e) { $this->assertEquals('LDAP_NOT_ALLOWED_ON_NONLEAF', Horde_Ldap::errorName($e->getCode())); } // Retry with subtree delete, this should work. $ldap->delete($testdn, true); // The DN is not allowed to exist anymore. $this->assertFalse($ldap->exists($testdn)); }