function validate_user_ldap($user, $pass)
{
if (!$pass) { // An LDAP password cannot be empty. Treat specially so that Tiki does *NOT* unintentionally request an unauthenticated bind.
return PASSWORD_INCORRECT;
}
global $prefs;
global $logslib;
// First connection on the ldap server in anonymous, now we can search the real name of the $user
// It's required to pass in param the username & password because the username is used to determine the realname (dn)
$this->init_ldap($user, $pass);
$err = $this->ldap->bind();
if (is_int($err)) {
$err=Net_LDAP2::errorMessage($err);
}
// Change the default bind_type to use the full, call get_user_attributes function to use the realname (dn) in the credentials test
$this->ldap->setOption('bind_type', 'full');
$this->ldap->get_user_attributes();
// Credentials test! To test it we force the reconnection.
$err = $this->ldap->bind(true);
if (is_int($err)) {
$err = Net_LDAP2::errorMessage($err);
}
switch($err) {
case 'LDAP_INVALID_CREDENTIALS':
return PASSWORD_INCORRECT;
case 'LDAP_INVALID_SYNTAX':
case 'LDAP_NO_SUCH_OBJECT':
case 'LDAP_INVALID_DN_SYNTAX':
if ($prefs['auth_ldap_debug'] == 'y')
$logslib->add_log('ldap', 'Error'.$err);
return USER_NOT_FOUND;
case 'LDAP_SUCCESS':
if ($prefs['auth_ldap_debug'] == 'y')
$logslib->add_log('ldap', 'Bind successful.');
return USER_VALID;
default:
if ($prefs['auth_ldap_debug'] == 'y')
$logslib->add_log('ldap', 'Error'.$err);
return SERVER_ERROR;
}
// this should never happen
die('Assertion failed ' . __FILE__ . ':' . __LINE__);
}
/**
* Net_LDAP2_Error constructor.
*
* @param string $message String with error message.
* @param integer $code Net_LDAP2 error code
* @param integer $mode what "error mode" to operate in
* @param mixed $level what error level to use for $mode & PEAR_ERROR_TRIGGER
* @param mixed $debuginfo additional debug info, such as the last query
*
* @access public
* @see PEAR_Error
*/
public function __construct($message = 'Net_LDAP2_Error', $code = NET_LDAP2_ERROR, $mode = PEAR_ERROR_RETURN, $level = E_USER_NOTICE, $debuginfo = null)
{
if (is_int($code)) {
$this->PEAR_Error($message . ': ' . Net_LDAP2::errorMessage($code), $code, $mode, $level, $debuginfo);
} else {
$this->PEAR_Error("{$message}: {$code}", NET_LDAP2_ERROR, $mode, $level, $debuginfo);
}
}
