/** * @param string $username * @param string $password * @param null|User $user * * @return boolean */ public function authenticate($username, $password, &$user) { if ($this->ad === null) { $this->ad = new Adldap($this->adConfig); } $authSuccess = false; if ($this->ad->authenticate($username, $password, true)) { $adUser = $this->ad->users()->find($username); $sid = \Adldap\Classes\Utilities::binarySidToText($adUser->getObjectSID()); if ($user === null and $this->hasAutoAddUser($adUser)) { $user = $this->createUserFromAd($adUser); } if ($user !== null) { if ($this->autoUpdateRole) { $this->updateRole($user, $adUser); } $user->addAuthDriver($this->getName(), $sid); $authSuccess = true; } } return $authSuccess; }
/** * Grants membership to local groups for each LDAP/AD group that the user * is a member of. See the option "LDAP_RECURSIVE_GROUPS" to enable * deep LDAP/AD group probe. * NOTE: This will not maintain the hierarchical structure of the groups, * instead the structure will be 'flattened'. If you want to maintain * the hierarchical structure, set the option "LDAP_RECURSIVE_GROUPS" * to false, and build a group structure that mirrors the LDAP/AD * structure. * * @param $user The user to replicate group membership for. * @throws Exception */ private function replicateMembershipFromLDAP($user) { $adldap = false; try { $groupModel = $this->createGroupModel(); $ldapConOp = $this->GetLDAPConnectionOptions(); // // Set LDAP debug log level - useful in DEV, dangerous in PROD!! // ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connect to AD/LDAP $adldap = new Adldap($ldapConOp); // Request the user's group membership. $adldapGroups = $adldap->users()->find($user->username)->getGroups(); foreach ($adldapGroups as $adldapGroup) { try { $adldapGroupName = $adldapGroup->getName(); $localGroup = null; $localGroup = $groupModel->where('name', $adldapGroupName)->firstOrFail(); if (!$user->isMemberOf($adldapGroupName)) { $user->membershipList()->attach($localGroup->id); } } catch (ModelNotFoundException $e) { // Mute the exception as we expect not to find all groups. } } } catch (\Exception $ex) { Log::error('Exception replicating group membership for user: '******', Exception message: ' . $ex->getMessage()); Log::error($ex->getTraceAsString()); $this->handleLDAPError($adldap); } // Close connection. if (isset($adldap)) { unset($adldap); } }