/** * {@inheritdoc} */ public function bindUsingKerberos($kerberosCredentials) { $key = 'KRB5CCNAME='; putenv($key . $kerberosCredentials); if ($this->connection->bind(null, null, true) === false) { $error = $this->connection->getLastError(); $message = "Bind to Active Directory failed. AD said: {$error}"; throw new BindException($message); } }
/** * Binds to the LDAP server as the configured administrator. * * @throws AdldapException */ protected function bindAsAdministrator() { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $this->bindUsingCredentials($adminUsername, $adminPassword); if ($this->connection->isBound() === false) { $error = $this->connection->getLastError(); throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}"); } }
/** * {@inheritdoc} */ public function bind($username, $password, $prefix = null, $suffix = null) { // We'll allow binding with a null username and password // if their empty. This will allow us to anonymously // bind to our servers if needed. $username = $username ?: null; $password = $password ?: null; if ($username) { // If the username isn't empty, we'll append the configured // account prefix and suffix to bind to the LDAP server. $prefix = $prefix ?: $this->configuration->get('account_prefix'); $suffix = $suffix ?: $this->configuration->get('account_suffix'); $username = $prefix . $username . $suffix; } // We'll mute any exceptions / warnings here. All we need to know // is if binding failed and we'll throw our own exception. if (!@$this->connection->bind($username, $password)) { throw new BindException($this->connection->getLastError(), $this->connection->errNo()); } }
/** * Binds to the LDAP server as the configured administrator. * * @throws AdldapException * * @return bool */ protected function bindAsAdministrator() { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $adminSuffix = $this->configuration->getAdminAccountSuffix(); if (empty($adminSuffix)) { // If the admin suffix is empty, we'll use the default account suffix. $adminSuffix = $this->configuration->getAccountSuffix(); } $this->bindUsingCredentials($adminUsername, $adminPassword, $adminSuffix); if ($this->connection->isBound() === false) { $error = $this->connection->getLastError(); throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}"); } return true; }
/** * Binds to the current connection using the * inserted credentials. * * @param string $username * @param string $password * * @returns bool * * @throws AdldapException */ private function bindUsingCredentials($username, $password) { // Allow binding with null credentials if (empty($username)) { $username = null; } else { $username .= $this->configuration->getAccountSuffix(); } if (empty($password)) { $password = null; } if (!$this->connection->bind($username, $password)) { $error = $this->connection->getLastError(); if ($this->connection->isUsingSSL() && !$this->connection->isUsingTLS()) { $message = 'Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $error; } else { $message = 'Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $error; } throw new AdldapException($message); } return true; }