/**
* Initializes a new connection to CIF LDAP.
* This method is protected to ensure that new CifLdap instances
* can't be created with the `new` keyword.
*/
protected function __construct()
{
if (!putenv('LDAPTLS_CACERT=' . self::TLS_CERT)) {
trigger_error('Unable to set TLS certificate', E_USER_WARNING);
}
$this->log('Connecting to CIF LDAP.');
self::$connection = ldap_connect(self::LDAP_SERVER);
if (!self::$connection) {
$this->log_and_except('Unable to open connection to CIF LDAP.');
}
if (self::DEBUG) {
ldap_set_option(self::$connection, LDAP_OPT_DEBUG_LEVEL, 7);
}
if (!ldap_start_tls(self::$connection)) {
$this->log_and_except('Unable to secure CIF LDAP connection.');
}
ldap_set_option(self::$connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option(self::$connection, LDAP_OPT_REFERRALS, 0);
// Don't follow referals from the server
$this->log('Binding to CIF LDAP.');
if (!ldap_sasl_bind(self::$connection, null, null, 'GSSAPI', null, null, null, 'maxssf=1')) {
$this->log_and_except('Unable to perform SASL bind to CIF LDAP.');
}
}
