/**
* Reload node attributes from LDAP.
*
* This is an online method.
*
* @param \Zend\Ldap\Ldap $ldap
* @return AbstractNode Provides a fluid interface
*/
public function reload(Ldap\Ldap $ldap = null)
{
if ($ldap !== null) {
$data = $ldap->getEntry($this->_getDn(), array('*', '+'), true);
$this->loadData($data, true);
}
return $this;
}
public function testSearch()
{
$baseDn = 'ou=example,dc=org';
$filter = '(&(uid=test_username))';
$attributes = array('uid');
$entry = array('dn' => 'uid=test_username,ou=example,dc=org', 'uid' => array('test_username'));
$expect = array('count' => 1, $entry);
$this->zend = $this->getMockBuilder('Zend\\Ldap\\Ldap')->getMock();
$this->zendLdapDriver = new ZendLdapDriver($this->zend);
$this->zend->expects($this->once())->method('searchEntries')->with($this->equalTo($filter), $this->equalTo($baseDn), $this->equalTo(Ldap::SEARCH_SCOPE_SUB), $this->equalTo($attributes))->will($this->returnValue(array($entry)));
$this->assertEquals($expect, $this->zendLdapDriver->search($baseDn, $filter, $attributes));
}
public function factory_ldap(ServiceManager $sm)
{
$config = $sm->get('Config');
$ldapConfig = $config['ldap'];
try {
$ldap = new Ldap($ldapConfig);
$ldap->bind($ldapConfig['username'], $ldapConfig['password']);
} catch (LdapException $e) {
Debug::dump($e->getMessage());
die;
}
return $ldap;
}
/**
* Factory method to create the RootDse.
*
* @param \Zend\Ldap\Ldap $ldap
* @return RootDse
*/
public static function create(Ldap\Ldap $ldap)
{
$dn = Ldap\Dn::fromString('');
$data = $ldap->getEntry($dn, ['*', '+'], true);
if (isset($data['domainfunctionality'])) {
return new RootDse\ActiveDirectory($dn, $data);
} elseif (isset($data['dsaname'])) {
return new RootDse\eDirectory($dn, $data);
} elseif (isset($data['structuralobjectclass']) && $data['structuralobjectclass'][0] === 'OpenLDAProotDSE') {
return new RootDse\OpenLdap($dn, $data);
}
return new static($dn, $data);
}
/**
* Factory method to create the Schema node.
*
* @param \Zend\Ldap\Ldap $ldap
* @return \Zend\Ldap\Node\Schema
* @throws \Zend\Ldap\Exception
*/
public static function create(Ldap\Ldap $ldap)
{
$dn = $ldap->getRootDse()->getSchemaDn();
$data = $ldap->getEntry($dn, array('*', '+'), true);
switch ($ldap->getRootDse()->getServerType()) {
case RootDSE::SERVER_TYPE_ACTIVEDIRECTORY:
return new Schema\ActiveDirectory($dn, $data, $ldap);
case RootDSE::SERVER_TYPE_OPENLDAP:
return new Schema\OpenLdap($dn, $data, $ldap);
case RootDSE::SERVER_TYPE_EDIRECTORY:
default:
return new self($dn, $data, $ldap);
}
}
/**
* {@inheritDoc}
*/
public function bind(UserInterface $user, $password)
{
if ($user instanceof LdapUserInterface && $user->getDn()) {
$bind_rdn = $user->getDn();
} else {
$bind_rdn = $user->getUsername();
}
try {
$this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn));
$bind = $this->driver->bind($bind_rdn, $password);
return $bind instanceof Ldap;
} catch (ZendLdapException $exception) {
$this->zendExceptionHandler($exception);
}
return false;
}
/**
* Authenticate a login request against ldap.
*
* @return \Application\Model\Zend\Ldap\Exception\LdapException|boolean
*/
public function authenticate()
{
$multiOptions = $this->getConfiguration();
$ldap = new Ldap();
foreach ($multiOptions as $options) {
$ldap->setOptions($options);
try {
$ldap->bind($this->sFullIdentity, $this->sPass);
$oResult = new Result(Result::SUCCESS, $this->sUser, array('Account is authenticate'));
break;
} catch (\Zend\Ldap\Exception\LdapException $oExp) {
$oResult = new Result(Result::FAILURE_CREDENTIAL_INVALID, $this->sUser, array($oExp->getMessage()));
$this->log('Could not authenticate user: '******' reason is ' . $oExp->getMessage());
}
}
return $oResult;
}
/**
* Returns Zend LDAP
*
* @return \Zend\Ldap\Ldap
*/
public function getLdap()
{
if ($this->_ldap === null) {
$options = array('host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'), 'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'), 'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'), 'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'), 'useStartTls' => Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls', 'useSsl' => Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl', 'bindRequiresDn' => true, 'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'), 'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter'));
$this->_ldap = new \Zend\Ldap\Ldap($options);
$this->_ldap->bind();
}
return $this->_ldap;
}
/**
* Rewind the Iterator to the first result item
* Implements Iterator
*
* @throws \Zend\Ldap\Exception
*/
public function rewind()
{
if (is_resource($this->_resultId)) {
$this->_current = @ldap_first_entry($this->_ldap->getResource(), $this->_resultId);
if ($this->_current === false && $this->_ldap->getLastErrorCode() > Ldap\Exception::LDAP_SUCCESS) {
throw new Ldap\Exception($this->_ldap, 'getting first entry');
}
}
}
public function testBindUserInterfaceByUsernameSuccessful()
{
$username = '******';
$password = '******';
$user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface');
$user->expects($this->once())->method('getUsername')->will($this->returnValue($username));
$this->zend->expects($this->once())->method('bind')->with($this->equalTo($username), $this->equalTo($password))->will($this->returnValue($this->zend));
$this->assertTrue($this->zendLdapDriver->bind($user, $password));
}
protected function cleanupLDAPServer()
{
if (!constant('TESTS_ZEND_LDAP_ONLINE_ENABLED')) {
return;
}
$ldap = $this->ldap->getResource();
foreach (array_reverse($this->nodes) as $dn => $entry) {
ldap_delete($ldap, $dn);
}
}
/**
* Rewind the Iterator to the first result item
* Implements Iterator
*
*
* @throws \Zend\Ldap\Exception\LdapException
*/
public function rewind()
{
if (is_resource($this->resultId)) {
ErrorHandler::start();
$this->current = ldap_first_entry($this->ldap->getResource(), $this->resultId);
ErrorHandler::stop();
if ($this->current === false && $this->ldap->getLastErrorCode() > Exception\LdapException::LDAP_SUCCESS) {
throw new Exception\LdapException($this->ldap, 'getting first entry');
}
}
}
public function find($name, $value, $attr_name)
{
$this->bind();
$filter = "{$attr_name}={$value}";
$base_dn = $this->active_server['baseDn'];
$this->log("Attempting to search for {$name}={$value} using basedn={$base_dn}");
try {
$hm = $this->ldap->search($filter, $base_dn, $this->scope);
$this->log("Raw Ldap Object: " . var_export($hm, true), 7);
if ($hm->count() == 0) {
$this->log("Could not find an account for {$name}={$value}", 5);
return false;
} elseif ($hm->count() > 1) {
$this->log("Found more than one user account for {$name}={$value}", 1);
return false;
}
$this->user = $hm->current();
$this->log("User entry response: " . var_export($this->user, true), 7);
return $this->user;
} catch (LdapException $exc) {
return $exc->getMessage();
}
}
/**
* Fix a bug, ex. CN=Alice Baker,CN=Users,DC=example,DC=com
*
* @param string $acctname
* @return string - Account DN
*/
protected function getAccountDn($acctname)
{
$baseDn = $this->getBaseDn();
if ($this->getBindRequiresDn() && isset($baseDn)) {
try {
return parent::getAccountDn($acctname);
} catch (\Zend\Ldap\Exception\LdapException $zle) {
if ($zle->getCode() != \Zend\Ldap\Exception\LdapException::LDAP_NO_SUCH_OBJECT) {
throw $zle;
}
}
$acctname = $this->usernameAttribute . '=' . \Zend\Ldap\Filter\AbstractFilter::escapeValue($acctname) . ',' . $baseDn;
}
return parent::getAccountDn($acctname);
}
private function findUnit(Identity $identity)
{
if (null === $this->unit) {
$filter = Filter::equals('mail', $identity->mail);
$baseDn = Dn::factory($this->ldap->getBaseDn())->prepend(['ou' => 'people']);
$result = $this->ldap->search($filter, $baseDn, Ldap::SEARCH_SCOPE_ONE, ['l']);
if (1 !== $result->count()) {
return;
}
$result = $result->current();
$unitDn = $result['l'][0];
$this->unit = $this->ldap->getNode($unitDn);
}
return $this->unit;
}
/**
* Sort the iterator
*
* Sorting is done using the set sortFunction which is by default strnatcasecmp.
*
* The attribute is determined by lowercasing everything.
*
* The sort-value will be the first value of the attribute.
*
* @param string $sortAttribute The attribute to sort by. If not given the
* value set via setSortAttribute is used.
*
* @return void
*/
public function sort($sortAttribute)
{
foreach ($this->entries as $key => $entry) {
$attributes = ldap_get_attributes($this->ldap->getResource(), $entry['resource']);
$attributes = array_change_key_case($attributes, CASE_LOWER);
if (isset($attributes[$sortAttribute][0])) {
$this->entries[$key]['sortValue'] = $attributes[$sortAttribute][0];
}
}
$sortFunction = $this->sortFunction;
$sorted = usort($this->entries, function ($a, $b) use($sortFunction) {
return $sortFunction($a['sortValue'], $b['sortValue']);
});
if (!$sorted) {
throw new Exception\LdapException($this, 'sorting result-set');
}
}
public function findById($id)
{
$this->bind();
$this->log("Attempting to search ldap by uidnumber for {$id} against the active ldap server");
try {
$hm = $this->ldap->search("uidnumber={$id}", $this->active_server['baseDn'], ZendLdap::SEARCH_SCOPE_ONE);
$this->log("Raw Ldap Object: " . var_export($hm, true), 7);
foreach ($hm as $item) {
$this->log($item);
return $item;
}
return false;
} catch (LdapException $exc) {
$msg = $exc->getMessage();
$this->log($msg);
}
}
/**
* @expectedException InvalidArgumentException
*/
public function testPrepareLDAPEntryArrayObjectData()
{
$class = new \stdClass();
$class->a = 'b';
$data = array('a1' => array($class));
Ldap\Ldap::prepareLDAPEntryArray($data);
}
public function getComputers($computerService)
{
$domain = $this->options['accountDomainName'];
$ldap = new Ldap($this->options);
$ldap->bind();
$result = $ldap->search('(&(objectCategory=computer))', 'dc=wr,dc=local', Ldap::SEARCH_SCOPE_SUB);
foreach ($result as $item) {
if ($item['name'][0] != '') {
$hostname = $item['name'][0];
$computer = $computerService->findByDNSName($hostname, $domain);
if (!$computer) {
$computer = new Computer();
$computerService->setType($computer, 'Computer');
$computerService->setStatus($computer, 'In Use');
$computerService->setManufacturer($computer, 'Dell');
$computer->setHostname($hostname)->setDomain($domain);
}
// Operating system
if (array_key_exists('operatingsystem', $item)) {
$computer->setOsName($item['operatingsystem'][0]);
}
// Operating system service pack
if (array_key_exists('operatingsystemservicepack', $item)) {
$computer->setOsServicePack($item['operatingsystemservicepack'][0]);
}
// Operating system version.
if (array_key_exists('operatingsystemversion', $item)) {
$computer->setOsVersion($item['operatingsystemversion'][0]);
}
// die(var_dump($computer->getStatus()));
$computerService->persist($computer);
}
}
}
/**
* Checks the group membership of the bound user
*
* @param Zend_Ldap $ldap
* @param string $canonicalName
* @param string $dn
* @param array $adapterOptions
* @return string|true
*/
protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, $dn, array $adapterOptions)
{
if ($adapterOptions['group'] === null) {
return true;
}
if ($adapterOptions['memberIsDn'] === false) {
$user = $canonicalName;
} else {
$user = $dn;
}
$groupName = \Zend\Ldap\Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']);
$membership = \Zend\Ldap\Filter::equals($adapterOptions['memberAttr'], $user);
$group = \Zend\Ldap\Filter::andFilter($groupName, $membership);
$groupFilter = $adapterOptions['groupFilter'];
if (!empty($groupFilter)) {
$group = $group->addAnd($groupFilter);
}
$result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']);
if ($result === 1) {
return true;
} else {
return 'Failed to verify group membership with ' . $group->toString();
}
}
/**
* @param Ldap $ldap Zend\Ldap\Ldap object
* @param string $str Informative exception message
* @param int $code LDAP error code
*/
public function __construct(Ldap $ldap = null, $str = null, $code = 0)
{
$errorMessages = array();
$message = '';
if ($ldap !== null) {
$oldCode = $code;
$message = $ldap->getLastError($code, $errorMessages) . ': ';
if ($code === 0) {
$message = '';
$code = $oldCode;
}
}
if (empty($message)) {
if ($code > 0) {
$message = '0x' . dechex($code) . ': ';
}
}
if (!empty($str)) {
$message .= $str;
} else {
$message .= 'no exception message';
}
parent::__construct($message, $code);
}
/**
* Factory method to create an attached Zend\Ldap\Node for a given DN.
*
* @param string|array|Dn $dn
* @param Ldap $ldap
* @return Node|null
* @throws Exception\LdapException
*/
public static function fromLdap($dn, Ldap $ldap)
{
if (is_string($dn) || is_array($dn)) {
$dn = Dn::factory($dn);
} elseif ($dn instanceof Dn) {
$dn = clone $dn;
} else {
throw new Exception\LdapException(null, '$dn is of a wrong data type.');
}
$data = $ldap->getEntry($dn, ['*', '+'], true);
if ($data === null) {
return;
}
$entry = new static($dn, $data, true, $ldap);
return $entry;
}
/**
* @group ZF-8274
*/
public function testConnectWithUri()
{
$host = TESTS_ZEND_LDAP_HOST;
$port = 0;
if (defined('TESTS_ZEND_LDAP_PORT') && TESTS_ZEND_LDAP_PORT != 389) {
$port = TESTS_ZEND_LDAP_PORT;
}
$useSsl = false;
if (defined('TESTS_ZEND_LDAP_USE_SSL')) {
$useSsl = TESTS_ZEND_LDAP_USE_SSL;
}
if ($useSsl) {
$host = 'ldaps://' . $host;
} else {
$host = 'ldap://' . $host;
}
if ($port) {
$host = $host . ':' . $port;
}
$ldap = new Ldap\Ldap();
try {
$ldap->connect($host)->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for invalid username');
} catch (Exception\LdapException $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
}
}
/**
* @group ZF-8259
*/
public function testResourceIsAlwaysReturned()
{
$ldap = new Ldap\Ldap($this->_options);
$this->assertNotNull($ldap->getResource());
$this->assertTrue(is_resource($ldap->getResource()));
$this->assertEquals(TESTS_ZEND_LDAP_USERNAME, $ldap->getBoundUser());
}
/**
* ZF-4495
*/
public function testSpecialCharacterInUsername()
{
$options = $this->options;
$options['accountDomainName'] = 'example.com';
$options['accountDomainNameShort'] = 'EXAMPLE';
$ldap = new Ldap\Ldap($options);
$this->assertEquals('schäfer', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_USERNAME));
$this->assertEquals('schäfer', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_USERNAME));
$this->assertEquals('schäfer', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_USERNAME));
$this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL));
$this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL));
$this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL));
$this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH));
$this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH));
$this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH));
}
public function testConfigObject()
{
$config = new Config\Config(array('host' => TESTS_ZEND_LDAP_HOST, 'username' => TESTS_ZEND_LDAP_USERNAME, 'password' => TESTS_ZEND_LDAP_PASSWORD, 'baseDn' => TESTS_ZEND_LDAP_BASE_DN));
$ldap = new Ldap\Ldap($config);
$this->assertEquals(array('host' => TESTS_ZEND_LDAP_HOST, 'port' => 0, 'useSsl' => false, 'username' => TESTS_ZEND_LDAP_USERNAME, 'password' => TESTS_ZEND_LDAP_PASSWORD, 'bindRequiresDn' => false, 'baseDn' => TESTS_ZEND_LDAP_BASE_DN, 'accountCanonicalForm' => null, 'accountDomainName' => null, 'accountDomainNameShort' => null, 'accountFilterFormat' => null, 'allowEmptyPassword' => false, 'useStartTls' => false, 'optReferrals' => false, 'tryUsernameSplit' => true, 'networkTimeout' => null), $ldap->getOptions());
}
