/** * Connect to LDAP * @param string $domain * @return bool */ public function connect($domain = '') { $this->printDebug("Entering Connect", NONSENSITIVE); if (!function_exists('ldap_connect')) { $this->printDebug("It looks like you are missing LDAP support; please ensure you have either compiled LDAP " . "support in, or have enabled the module. If the authentication is working for you, the plugin isn't properly " . "detecting the LDAP module, and you can safely ignore this message.", NONSENSITIVE); return false; } // Set the server string depending on whether we use ssl or not $encryptionType = $this->getConf('EncryptionType', $domain); switch ($encryptionType) { case "ldapi": $this->printDebug("Using ldapi", SENSITIVE); $serverpre = "ldapi://"; break; case "ssl": $this->printDebug("Using SSL", SENSITIVE); $serverpre = "ldaps://"; break; default: $this->printDebug("Using TLS or not using encryption.", SENSITIVE); $serverpre = "ldap://"; } // Make a space separated list of server strings with the connection type // string added. $servers = ""; $tmpservers = $this->getConf('ServerNames', $domain); $tok = strtok($tmpservers, " "); while ($tok) { $servers = $servers . " " . $serverpre . $tok . ":" . $this->getConf('Port', $domain); $tok = strtok(" "); } $servers = rtrim($servers); $this->printDebug("Using servers: {$servers}", SENSITIVE); // Connect and set options $this->ldapconn = LdapAuthenticationPlugin::ldap_connect($servers); if (!$this->ldapconn) { $this->printDebug("PHP's LDAP connect method returned null, this likely implies a misconfiguration of the plugin.", NONSENSITIVE); return false; } ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0); foreach ($this->getConf('Options') as $key => $value) { if (!ldap_set_option($this->ldapconn, constant($key), $value)) { $this->printDebug("Can't set option to LDAP! Option code and value: " . $key . "=" . $value, 1); } } // TLS needs to be started after the connection resource is available if ($encryptionType == "tls") { $this->printDebug("Using TLS", SENSITIVE); if (!ldap_start_tls($this->ldapconn)) { $this->printDebug("Failed to start TLS.", SENSITIVE); return false; } } $this->printDebug("PHP's LDAP connect method returned true (note, this does not imply it connected to the server).", NONSENSITIVE); return true; }