/**
* @param string $username The username for authenticating the bind
* @param string $password The password for authenticating the bind
* @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function bind($username = null, $password = null)
{
$moreCreds = true;
if ($username === null) {
$username = $this->_getUsername();
$password = $this->_getPassword();
$moreCreds = false;
}
if (!$username) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Cannot determine username for binding');
}
/* Check to make sure the username is in DN form.
*/
if (!$this->_isDnString($username)) {
if ($this->_bindRequiresDn) {
/* moreCreds stops an infinite loop if _getUsername does not
* return a DN and the bind requires it
*/
if ($moreCreds) {
try {
$username = $this->_getAccountDn($username);
} catch (Zend_Ldap_Exception $zle) {
/**
* @todo Temporary measure to deal with exception thrown for ldap extension not loaded
*/
if (strpos($zle->getMessage(), 'LDAP extension not loaded') !== false) {
throw $zle;
}
// end temporary measure
switch ($zle->getCode()) {
case Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT:
case Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH:
throw $zle;
}
throw new Zend_Ldap_Exception(null,
'Failed to retrieve DN for account: ' . $zle->getMessage(),
Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR);
}
} else {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Binding requires username in DN form');
}
} else {
$username = $this->getCanonicalAccountName($username,
Zend_Ldap::ACCTNAME_FORM_PRINCIPAL);
}
}
if (!is_resource($this->_resource))
$this->connect();
if (@ldap_bind($this->_resource, $username, $password))
return $this;
$message = $username;
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
switch (Zend_Ldap_Exception::getLdapCode($this)) {
case Zend_Ldap_Exception::LDAP_SERVER_DOWN:
/* If the error is related to establishing a connection rather than binding,
* the connect string is more informative than the username.
*/
$message = $this->_connectString;
}
$zle = new Zend_Ldap_Exception($this->_resource, $message);
$this->disconnect();
throw $zle;
}
public function testGetErrorCode()
{
$ldap = new Zend_Ldap($this->_options);
try {
// Connect doesn't actually try to connect until bind is called
// but if we get 'Invalid credentials' then we know the connect
// succeeded.
$ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for invalid username');
} catch (Zend_Ldap_Exception $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
$this->assertEquals(0x31, $zle->getCode());
$this->assertEquals(0x0, Zend_Ldap_Exception::getLdapCode($ldap));
$this->assertEquals(0x0, Zend_Ldap_Exception::getLdapCode(null));
}
}
/**
* @param mixed $ldap A Zend_Ldap object or raw LDAP context resource
* @param string $str An informtive exception message
* @param int $code An LDAP error code
*/
public function __construct($ldap = null, $str = null, $code = 0)
{
$resource = null;
if (is_resource($ldap)) {
$resource = $ldap;
} else {
if (is_object($ldap)) {
$resource = $ldap->getResource();
}
}
$message = '';
if ($code === 0) {
$code = Zend_Ldap_Exception::getLdapCode($resource);
}
if ($code) {
$message .= '0x' . dechex($code);
}
if (is_resource($resource)) {
/* The various error retrieval functions can return
* different things so we just try to collect what we
* can and eliminate dupes.
*/
$estr1 = @ldap_error($resource);
if ($code !== 0 && $estr1 === 'Success') {
$estr1 = @ldap_err2str($code);
}
if ($estr1 !== $str) {
$this->_append($message, $estr1);
}
@ldap_get_option($resource, LDAP_OPT_ERROR_STRING, $estr2);
if ($estr2 !== $str && $estr2 !== $estr1) {
$this->_append($message, $estr2);
}
}
$this->_append($message, $str);
parent::__construct($message, $code);
}