/** * Authenticates a user against ldap server. * @return boolean whether authentication succeeds. */ public function authenticate() { try { $serverType = Yii::app()->authenticationHelper->ldapServerType; $host = Yii::app()->authenticationHelper->ldapHost; $port = Yii::app()->authenticationHelper->ldapPort; $baseDomain = Yii::app()->authenticationHelper->ldapBaseDomain; $bindPassword = Yii::app()->authenticationHelper->ldapBindPassword; $bindRegisteredDomain = Yii::app()->authenticationHelper->ldapBindRegisteredDomain; $ldapConnection = LdapUtil::establishConnection($serverType, $host, $port, $bindRegisteredDomain, $bindPassword, $baseDomain); if ($ldapConnection) { if ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_OPEN_LDAP) { $ldapFilter = '(|(cn=' . $this->username . ')(&(uid=' . $this->username . ')))'; } elseif ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_ACTIVE_DIRECTORY) { $ldapFilter = '(sAMAccountName=' . $this->username . ')'; } else { throw new NotSupportedException(); } $ldapResults = ldap_search($ldapConnection, $baseDomain, $ldapFilter); $ldapResultsCount = ldap_count_entries($ldapConnection, $ldapResults); if ($ldapResultsCount > 0) { $result = @ldap_get_entries($ldapConnection, $ldapResults); $zurmoLogin = parent::authenticate(); if (!$zurmoLogin) { if ($result[0] && @ldap_bind($ldapConnection, $result[0]['dn'], $this->password)) { if ($this->errorCode != 1) { $this->setState('username', $this->username); $this->errorCode = self::ERROR_NONE; return true; } } } else { $this->setState('username', $this->username); $this->errorCode = self::ERROR_NONE; return true; } } else { return parent::authenticate(); } } else { return parent::authenticate(); } } catch (NotFoundException $e) { $this->errorCode = self::ERROR_USERNAME_INVALID; } catch (BadPasswordException $e) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } catch (NoRightWebLoginException $e) { $this->errorCode = self::ERROR_NO_RIGHT_WEB_LOGIN; } return false; }
public function testResolveBindRegisteredDomain() { Yii::app()->user->userModel = User::getByUsername('super'); if (!ZurmoTestHelper::isAuthenticationLdapTestConfigurationSet()) { $this->markTestSkipped(Zurmo::t('ZurmoModule', 'Test Ldap settings are not configured in perInstanceTest.php file.')); } //to show the fix for resolveBindRegisteredDomain with incorrect Base Domain $bindRegisteredDomain = LdapUtil::resolveBindRegisteredDomain('testUser', 'test'); $this->assertEquals('testUser', $bindRegisteredDomain); //to show the fix for resolveBindRegisteredDomain with correct Base Domain $bindRegisteredDomain = LdapUtil::resolveBindRegisteredDomain('test', 'dc=server,dc=local'); // Not Coding Standard $this->assertEquals('*****@*****.**', $bindRegisteredDomain); }
public function actionTestConnection() { $configurationForm = LdapConfigurationFormAdapter::makeFormFromGlobalConfiguration(); $postVariableName = get_class($configurationForm); if (isset($_POST[$postVariableName]) || isset($_POST['LdapConfigurationForm'])) { if (isset($_POST[$postVariableName])) { $configurationForm->setAttributes($_POST[$postVariableName]); } else { $configurationForm->serverType = $_POST['LdapConfigurationForm']['serverType']; $configurationForm->host = $_POST['LdapConfigurationForm']['host']; $configurationForm->port = $_POST['LdapConfigurationForm']['port']; $configurationForm->bindRegisteredDomain = $_POST['LdapConfigurationForm']['bindRegisteredDomain']; $configurationForm->bindPassword = $_POST['LdapConfigurationForm']['bindPassword']; $configurationForm->baseDomain = $_POST['LdapConfigurationForm']['baseDomain']; $configurationForm->enabled = $_POST['LdapConfigurationForm']['enabled']; } if ($configurationForm->host != null && $configurationForm->port != null && $configurationForm->bindRegisteredDomain != null && $configurationForm->bindPassword != null && $configurationForm->baseDomain != null && $configurationForm->serverType != null) { $authenticationHelper = new ZurmoAuthenticationHelper(); $authenticationHelper->ldapServerType = $configurationForm->serverType; $authenticationHelper->ldapHost = $configurationForm->host; $authenticationHelper->ldapPort = $configurationForm->port; $authenticationHelper->ldapBindRegisteredDomain = $configurationForm->bindRegisteredDomain; $authenticationHelper->ldapBindPassword = $configurationForm->bindPassword; $authenticationHelper->ldapBaseDomain = $configurationForm->baseDomain; $authenticationHelper->ldapEnabled = $configurationForm->enabled; $serverType = $configurationForm->serverType; $host = $configurationForm->host; $port = $configurationForm->port; $bindRegisteredDomain = $configurationForm->bindRegisteredDomain; $bindPassword = $configurationForm->bindPassword; $baseDomain = $configurationForm->baseDomain; $testConnectionResults = LdapUtil::establishConnection($serverType, $host, $port, $bindRegisteredDomain, $bindPassword, $baseDomain); if ($testConnectionResults) { $messageContent = Zurmo::t('ZurmoModule', 'Successfully Connected to Ldap Server') . "\n"; } else { $messageContent = Zurmo::t('ZurmoModule', 'Unable to connect to Ldap server') . "\n"; } } else { $messageContent = Zurmo::t('ZurmoModule', 'All fields are required') . "\n"; } Yii::app()->getClientScript()->setToAjaxMode(); $messageView = new TestConnectionView($messageContent); $view = new ModalView($this, $messageView); echo $view->render(); } else { throw new NotSupportedException(); } }