/** * {@inheritdoc} */ public function authenticate($username, $password, $preventRebind = false) { $auth = false; try { if ($this->configuration->getUseSSO()) { // If SSO is enabled, we'll try binding over kerberos $remoteUser = $this->getRemoteUserInput(); $kerberos = $this->getKerberosAuthInput(); // If the remote user input equals the username we're // trying to authenticate, we'll perform the bind if ($remoteUser == $username) { $auth = $this->bindUsingKerberos($kerberos); } } else { // Looks like SSO isn't enabled, we'll bind regularly instead $auth = $this->bindUsingCredentials($username, $password); } } catch (AdldapException $e) { if ($preventRebind === true) { // Binding failed and we're not allowed // to rebind, we'll return false return $auth; } } // If we're allowed to rebind, we'll rebind as administrator if ($preventRebind === false) { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $this->bindUsingCredentials($adminUsername, $adminPassword); if (!$this->connection->isBound()) { throw new AdldapException('Rebind to Active Directory failed. AD said: ' . $this->connection->getLastError()); } } return $auth; }
/** * {@inheritdoc} */ public function auth() { // Make sure the connection we've been given // is bound before we try to binding to it. if (!$this->connection->isBound()) { throw new ConnectionException('No connection to an LDAP server is present.'); } return $this->getGuard(); }
/** * Binds to the LDAP server as the configured administrator. * * @throws AdldapException */ protected function bindAsAdministrator() { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $this->bindUsingCredentials($adminUsername, $adminPassword); if ($this->connection->isBound() === false) { $error = $this->connection->getLastError(); throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}"); } }
/** * Binds to the LDAP server as the configured administrator. * * @throws AdldapException * * @return bool */ protected function bindAsAdministrator() { $adminUsername = $this->configuration->getAdminUsername(); $adminPassword = $this->configuration->getAdminPassword(); $adminSuffix = $this->configuration->getAdminAccountSuffix(); if (empty($adminSuffix)) { // If the admin suffix is empty, we'll use the default account suffix. $adminSuffix = $this->configuration->getAccountSuffix(); } $this->bindUsingCredentials($adminUsername, $adminPassword, $adminSuffix); if ($this->connection->isBound() === false) { $error = $this->connection->getLastError(); throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}"); } return true; }
/** * {@inheritdoc} */ public function __destruct() { if ($this->connection instanceof ConnectionInterface && $this->connection->isBound()) { $this->connection->close(); } }