This function binds with the given DN and password to the
server. In case no connection has been made yet, it will be
started and STARTTLS issued if appropiate.
The internal bind configuration is not being updated, so if you
call bind() without parameters, you can rebind with the
credentials provided at first connecting to the server.
/** * Rebinds to the LDAP server. * * @param boolean $write Whether to rebind for write access. Use false * after finishing write actions. * * @throws Horde_Ldap_Exception */ protected function _rebind($write) { if ($write) { $this->_ldap->bind($this->_params['writedn'], $this->_params['writepw']); } else { $this->_ldap->bind(); } }
/** * Find out if the given set of login credentials are valid. * * @param string $userId The userId to check. * @param array $credentials An array of login credentials. * * @throws Horde_Auth_Exception */ protected function _authenticate($userId, $credentials) { if (!strlen($credentials['password'])) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } /* Search for the user's full DN. */ $this->_ldap->bind(); try { $dn = $this->_ldap->findUserDN($userId); } catch (Horde_Exception_NotFound $e) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } catch (Horde_Exception_Ldap $e) { throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE); } /* Attempt to bind to the LDAP server as the user. */ try { $this->_ldap->bind($dn, $credentials['password']); // Be sure we rebind as the configured user. $this->_ldap->bind(); } catch (Horde_Ldap_Exception $e) { // Be sure we rebind as the configured user. $this->_ldap->bind(); if (Horde_Ldap::errorName($e->getCode() == 'LDAP_INVALID_CREDENTIALS')) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN); } throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE); } if ($this->_params['password_expiration'] == 'yes') { $shadow = $this->_lookupShadow($dn); if ($shadow['shadowmax'] && $shadow['shadowlastchange'] && $shadow['shadowwarning']) { $today = floor(time() / 86400); $toexpire = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $today; $warnday = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $shadow['shadowwarning']; if ($today >= $warnday) { $this->setCredential('expire', $toexpire); } if ($toexpire == 0) { $this->setCredential('change', true); } elseif ($toexpire < 0) { throw new Horde_Auth_Exception('', Horde_Auth::REASON_EXPIRED); } } } }
/** * Tests if the server can connect and bind, but not rebind with empty * password. * * @expectedException Horde_Ldap_Exception */ public function testConnectAndEmptyRebind() { // Simple working connect and privileged bind. $ldap = new Horde_Ldap(self::$ldapcfg['server']); $ldap->bind(self::$ldapcfg['server']['binddn'], ''); }