/** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $currentUser = $token->getUser(); if ($currentUser instanceof LdapUserInterface) { if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) { throw new BadCredentialsException('The credentials were changed from another session.'); } } else { if (!$user->getDn()) { $userLdap = $this->ldapManager->findUserByUsername($user->getUsername()); if (!$userLdap) { throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername())); } $user->setDn($userLdap->getDn()); } if (!($presentedPassword = $token->getCredentials())) { throw new BadCredentialsException('The presented password cannot be empty.'); } if (!$this->ldapManager->bind($user, $presentedPassword)) { throw new BadCredentialsException('The presented password is invalid.'); } } }
/** * Hydrates an user entity with ldap attributes. * * @param UserInterface $user user to hydrate * @param array $entry ldap result * * @return UserInterface */ protected function hydrate(UserInterface $user, array $entry) { $user->setPassword(''); if ($user instanceof AdvancedUserInterface) { $user->setEnabled(true); } foreach ($this->params['attributes'] as $attr) { if (!array_key_exists($attr['ldap_attr'], $entry)) { continue; } $ldapValue = $entry[$attr['ldap_attr']]; $value = null; if (!array_key_exists('count', $ldapValue) || $ldapValue['count'] == 1) { $value = $ldapValue[0]; } else { $value = array_slice($ldapValue, 1); } call_user_func(array($user, $attr['user_method']), $value); } if ($user instanceof LdapUserInterface) { $user->setDn($entry['dn']); } }