/**
* Validate a user against the given credentials.
*
* @param UserContract $user
* @param array $credentials
*
* @throws adLDAP\adLDAPException
*
* @return bool
*/
public function validateCredentials(UserContract $user, array $credentials)
{
$userDN = $this->ad->search(true, $credentials['username']);
if (count($userDN) != 0) {
$userDN = $userDN[$credentials['username']][3];
return $this->ad->authenticate($userDN, $credentials['password']);
}
}
/**
* Fetches the user data via adLDAP and stores it in the provided $user.
*
* @param AdUser|User $user
* @param TokenInterface $token
* @param adLDAP $adLdap
* @return bool
* @throws \Exception
*/
public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $userCollection */
$userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*'));
if ($userCollection) {
$user->setDisplayName($userCollection->displayName);
$user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid));
$user->setEmail($userCollection->mail);
$user->setPassword($token->getCredentials());
$roles = ['ROLE_USER'];
if (in_array($userCollection->mail, $this->config['admin_emails'], true)) {
$roles[] = 'ROLE_ADMIN';
}
$user->setRoles($roles);
$this->userService->saveLDAPUserData($user);
return true;
}
return false;
}
To test any of the functions, just change the 0 to a 1.
*/
//error_reporting(E_ALL ^ E_NOTICE);
include dirname(__FILE__) . '/../lib/adLDAP/adLDAP.php';
try {
$adldap = new adLDAP($options);
} catch (adLDAPException $e) {
echo $e;
exit;
}
//var_dump($ldap);
echo "<pre>\n";
// authenticate a username/password
if (0) {
$result = $adldap->authenticate('username', 'password');
var_dump($result);
}
// add a group to a group
if (0) {
$result = $adldap->group()->addGroup('Parent Group Name', 'Child Group Name');
var_dump($result);
}
// add a user to a group
if (0) {
$result = $adldap->group()->addUser('Group Name', 'username');
var_dump($result);
}
// create a group
if (0) {
$attributes = array('group_name' => 'Test Group', 'description' => 'Just Testing', 'container' => array('Groups', 'A Container'));
/**
* Validate a user's login credentials
*
* @param string $username A user's AD username
* @param string $password A user's AD password
* @param bool optional $prevent_rebind
* @return bool
*/
public function authenticate($username, $password, $preventRebind = false)
{
return $this->adldap->authenticate($username, $password, $preventRebind);
}
/**
* Validate a user against the given credentials.
*
* @param UserContract $user
* @param array $credentials
*
* @throws adLDAP\adLDAPException
*
* @return bool
*/
public function validateCredentials(UserContract $user, array $credentials)
{
return $this->ad->authenticate($credentials['username'], $credentials['password']);
}
/**
* Validate a user against the given credentials.
*
* @param Illuminate\Auth\UserInterface $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(Auth\UserInterface $user, array $credentials)
{
return $this->ad->authenticate($credentials['username'], $credentials['password']);
}
public function authenticate($username, $password)
{
return $this->adServer->authenticate($username, $password);
}
/**
* Fetches the user data via adLDAP and stores it in the provided $user.
*
* @param AdUser|User $user
* @param TokenInterface $token
* @param adLDAP $adLdap
* @return bool
* @throws \Exception
*/
public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $userCollection */
$userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*'));
if ($userCollection) {
$groups = $adLdap->user()->groups($user->getUsername(), $this->recursiveGrouproles);
$sfRoles = array();
$sfRolesTemp = array();
foreach ($groups as $r) {
if (in_array($r, $sfRolesTemp) === false) {
$sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
$sfRolesTemp[] = $r;
}
}
$user->setRoles($sfRoles);
unset($sfRolesTemp);
$user->setDisplayName($userCollection->displayName);
$user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid));
$user->setEmail($userCollection->mail);
$user->setRoles(['ROLE_USER']);
$user->setPassword($token->getCredentials());
return true;
}
return false;
}
/**
* @param Authenticatable $user
* @param array $credentials
* @return bool
*/
public function validateCredentials(Authenticatable $user, array $credentials)
{
$username = $credentials['username'];
$password = $credentials['password'];
return $this->adldap->authenticate($username, $password);
}
To test any of the functions, just change the 0 to a 1.
*/
//error_reporting(E_ALL ^ E_NOTICE);
include dirname(__FILE__) . "/../lib/adLDAP/adLDAP.php";
try {
$adldap = new adLDAP($options);
} catch (adLDAPException $e) {
echo $e;
exit;
}
//var_dump($ldap);
echo "<pre>\n";
// authenticate a username/password
if (0) {
$result = $adldap->authenticate("username", "password");
var_dump($result);
}
// add a group to a group
if (0) {
$result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name");
var_dump($result);
}
// add a user to a group
if (0) {
$result = $adldap->group()->addUser("Group Name", "username");
var_dump($result);
}
// create a group
if (0) {
$attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container"));
public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('ztec.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $user */
$user = $adLdap->user()->infoCollection($adUser->getUsername());
//$userInfo = $adLdap->user_info($this->username);
if ($user) {
$groups = array();
//$allGroups = $adLdap->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP,true);
$groups = $adLdap->user()->groups($adUser->getUsername(), $this->recursiveGrouproles);
/*if ($this->recursiveGrouproles == true) {
// get recursive groups via adLdap
$groups = $adLdap->user()->groups($adUser->getUsername(), true);
} else {
foreach ($user->memberOf as $k => $group) {
if ($k !== 'count' && $group) {
$reg = '#CN=([^,]*)#';
preg_match_all($reg, $group, $out);
$groups[] = $out[1][0];
/* if(array_key_exists($out[1][0],$allGroups)){
$groups[$out[1][0]] = $allGroups[$out[1][0]];
}*/
/*}
}
}*/
/** End Fetching */
$sfRoles = array();
$sfRolesTemp = array();
foreach ($groups as $r) {
if (in_array($r, $sfRolesTemp) === false) {
$sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
$sfRolesTemp[] = $r;
}
}
$adUser->setRoles($sfRoles);
unset($sfRolesTemp);
$adUser->setDisplayName($user->displayName);
$adUser->setEmail($user->mail);
return true;
}
}
if (isset($_POST[$optName])) {
$options[$optName] = $_POST[$optName];
}
}
$options['domain_controllers'] = array_filter($options['domain_controllers']);
$adldap = false;
$exception = false;
if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) {
try {
$adldap = new adLDAP($options);
$options['base_dn'] = $adldap->getBaseDn();
$options['ad_port'] = $adldap->getPort();
} catch (adLDAPException $e) {
$exception = $e;
}
}
$username = !empty($_POST['username']) ? $_POST['username'] : '';
$info = false;
if ($adldap && !empty($username)) {
$password = $_POST['password'];
try {
$adldap->authenticate($username, $password);
$info = $adldap->user()->info($username, ['*']);
if (isset($info[0])) {
$info = $info[0];
}
} catch (\adLDAP\Exceptions\adLDAPException $e) {
$exception = $e;
}
}
require 'view.html.php';
