Exemplo n.º 1
0
function _initLDAP($secure = true, $rdn = null, $pwd = null, $ldapError = null)
{
    if (!is_null($ldapError)) {
        call_user_func_array($ldapError, array(null, null));
        // clear ldap error state
    }
    $ldap = ApplicationConfiguration::service('egi.ldap.host');
    $ds = ldap_connect($ldap);
    if ($ds === false) {
        if (!is_null($ldapError)) {
            call_user_func_array($ldapError, array(null, "Could not initialize connection to the EGI SSO server"));
        }
        return null;
    }
    if (!@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
        if (!is_null($ldapError)) {
            call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options"));
        }
        return null;
    }
    if (!@ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
        if (!is_null($ldapError)) {
            call_user_func_array($ldapError, array($ds, "Could not set EGI SSO server connection options"));
        }
        return null;
    }
    if ($secure) {
        if (!@ldap_start_tls($ds)) {
            if (!is_null($ldapError)) {
                call_user_func_array($ldapError, array($ds, "Could not establish a secure connection to the EGI SSO server"));
            }
            return null;
        }
    }
    if (!isset($rdn) && !isset($pwd)) {
        $ok = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password'));
    } else {
        $ok = @ldap_bind($ds, $rdn, $pwd);
    }
    if (ldap_errno($ds) !== 0) {
        if (!is_null($ldapError)) {
            call_user_func_array($ldapError, array($ds, "Could not bind to the EGI SSO server"));
        }
        @ldap_close($ds);
        return null;
    } else {
        if ($ok === false) {
            @ldap_close($ds);
            return false;
        }
    }
    return $ds;
}
Exemplo n.º 2
0
 public function updateallAction()
 {
     $this->_helper->layout->disableLayout();
     $this->_helper->viewRenderer->setNoRender();
     return;
     $ldap = ApplicationConfiguration::service('egi.ldap.host');
     $ldapbind = false;
     $ds = ldap_connect($ldap);
     if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
         if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
             $ldapbind = @ldap_bind($ds, ApplicationConfiguration::service('egi.ldap.username'), ApplicationConfiguration::service('egi.ldap.password'));
         }
     }
     if ($ldapbind) {
         $users = new Default_Model_Researchers();
         $users->refresh();
         for ($i = 0; $i < $users->count(); $i++) {
             $u = $users->items[$i];
             if (!isnull($u->username)) {
                 $sr = ldap_search($ds, "ou=people,dc=egi,dc=eu", "(uid=" . $u->username . ")");
                 $info = ldap_get_entries($ds, $sr);
                 if ($info["count"] > 0) {
                     if (array_key_exists('destinationindicator', $info[0])) {
                         $gender = $info[0]['destinationindicator'][0];
                         $u->gender = $gender;
                         $u->save();
                     }
                 }
             }
         }
         ldap_close($ds);
     }
 }
Exemplo n.º 3
0
 private function BuildQuery()
 {
     $this->api->view->isAuthenticated = false;
     $this->api->view->isAdmin = false;
     $q = array();
     $flt = "";
     $ignore = AppdbAPIHelper::GetIgnoreParameterList();
     //Collect query related parameters
     foreach ($this->routeParams as $k => $v) {
         if (in_array($k, $ignore)) {
             continue;
         }
         $q[$k] = $v;
         //Clear retreived parameters from request parameters
         unset($this->routeParams[$k]);
         unset($_GET[$k]);
     }
     if (array_key_exists('userid', $q)) {
         //user ID with hashed password, matched against hash in database
         if (array_key_exists('passwd', $q)) {
             $u = new Default_Model_Researchers();
             $u->filter->id->equals($q["userid"]);
             if (count($u->items) > 0) {
                 if ($u->items[0]->password === $q["passwd"]) {
                     $this->api->view->isAuthenticated = true;
                     $this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified;
                     $_GET["userid"] = $q["userid"];
                     //									error_log('API call authenticated');
                 }
             }
         }
     } elseif (array_key_exists('username', $q)) {
         //username and real password, matched against LDAP
         error_log('Trying to authenticate user via LDAP');
         $u = new Default_Model_Researchers();
         $u->filter->username->equals($q["username"]);
         if (count($u->items) > 0) {
             $username = $q["username"];
             $userid = $u->items[0]->id;
         } else {
             $username = null;
         }
         if ($username !== null) {
             if (array_key_exists('passwd', $q)) {
                 $ldap = ApplicationConfiguration::service('egi.ldap.host');
                 $username = "******" . $username . ",ou=people,dc=egi,dc=eu";
                 $password = $q['passwd'];
                 $ldapbind = false;
                 $ds = ldap_connect($ldap);
                 if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
                     if (ldap_set_option($ds, LDAP_OPT_REFERRALS, 0)) {
                         if (APPLICATION_ENV == 'production') {
                             if (ldap_start_tls($ds)) {
                                 $ldapbind = @ldap_bind($ds, $username, $password);
                             }
                         } else {
                             $ldapbind = @ldap_bind($ds, $username, $password);
                         }
                     }
                 }
                 ldap_close($ds);
                 if ($ldapbind) {
                     //login info was valid
                     $_GET["userid"] = $userid;
                     $this->api->view->isAuthenticated = true;
                     $this->api->view->isAdmin = ($u->items[0]->positionTypeID == 5 || $u->items[0]->positionTypeID == 7) && $u->items[0]->roleVerified;
                 } else {
                     error_log('API call authentication failed');
                 }
             }
         }
     }
     //Remove unwanted fields from flt
     foreach (array("orderbyOp", "orderby", "userid", "passwd", "username", "id") as $ign) {
         if (array_key_exists($ign, $q)) {
             $_GET[$ign] = $q[$ign];
             unset($q[$ign]);
         }
     }
     if (array_key_exists('flt', $q) && count($this->routeModelQuery) === 0) {
         $_GET['flt'] = $q['flt'];
         if (isset($q['fuzzySearch'])) {
             $_GET['fuzzySearch'] = $q['fuzzySearch'];
         }
     } else {
         $q = AppdbAPIRequestProcessor::Transform($this->routeXslt, $this->version, $q);
         if ($q === null) {
             $this->api->view->Error = "Invalid query parameter";
             return;
         }
         if (count($this->routeModelQuery) > 0) {
             $mq = $this->routeModelQuery;
             $this->routeModelQuery = array();
             foreach ($mq as $m) {
                 if (isset($q[$m])) {
                     $this->routeModelQuery[$m] = $q[$m];
                 }
             }
         } else {
             if (count($q) > 0) {
                 //Create json query object for FILTER query
                 $flt = "";
                 foreach ($q as $k => $v) {
                     if (strpos($k, "id") > 0) {
                         $flt .= "+=" . $k . ":" . $v . " ";
                     } else {
                         $flt .= "+" . $k . ":" . $v . " ";
                     }
                 }
             }
         }
         if ($flt != "") {
             $_GET[AppdbAPIHelper::GetQueryKey()] = $flt;
         }
     }
 }