/** * Reload node attributes from LDAP. * * This is an online method. * * @param \Zend\Ldap\Ldap $ldap * @return AbstractNode Provides a fluid interface */ public function reload(Ldap\Ldap $ldap = null) { if ($ldap !== null) { $data = $ldap->getEntry($this->_getDn(), array('*', '+'), true); $this->loadData($data, true); } return $this; }
public function testSearch() { $baseDn = 'ou=example,dc=org'; $filter = '(&(uid=test_username))'; $attributes = array('uid'); $entry = array('dn' => 'uid=test_username,ou=example,dc=org', 'uid' => array('test_username')); $expect = array('count' => 1, $entry); $this->zend = $this->getMockBuilder('Zend\\Ldap\\Ldap')->getMock(); $this->zendLdapDriver = new ZendLdapDriver($this->zend); $this->zend->expects($this->once())->method('searchEntries')->with($this->equalTo($filter), $this->equalTo($baseDn), $this->equalTo(Ldap::SEARCH_SCOPE_SUB), $this->equalTo($attributes))->will($this->returnValue(array($entry))); $this->assertEquals($expect, $this->zendLdapDriver->search($baseDn, $filter, $attributes)); }
public function factory_ldap(ServiceManager $sm) { $config = $sm->get('Config'); $ldapConfig = $config['ldap']; try { $ldap = new Ldap($ldapConfig); $ldap->bind($ldapConfig['username'], $ldapConfig['password']); } catch (LdapException $e) { Debug::dump($e->getMessage()); die; } return $ldap; }
/** * Factory method to create the RootDse. * * @param \Zend\Ldap\Ldap $ldap * @return RootDse */ public static function create(Ldap\Ldap $ldap) { $dn = Ldap\Dn::fromString(''); $data = $ldap->getEntry($dn, ['*', '+'], true); if (isset($data['domainfunctionality'])) { return new RootDse\ActiveDirectory($dn, $data); } elseif (isset($data['dsaname'])) { return new RootDse\eDirectory($dn, $data); } elseif (isset($data['structuralobjectclass']) && $data['structuralobjectclass'][0] === 'OpenLDAProotDSE') { return new RootDse\OpenLdap($dn, $data); } return new static($dn, $data); }
/** * Factory method to create the Schema node. * * @param \Zend\Ldap\Ldap $ldap * @return \Zend\Ldap\Node\Schema * @throws \Zend\Ldap\Exception */ public static function create(Ldap\Ldap $ldap) { $dn = $ldap->getRootDse()->getSchemaDn(); $data = $ldap->getEntry($dn, array('*', '+'), true); switch ($ldap->getRootDse()->getServerType()) { case RootDSE::SERVER_TYPE_ACTIVEDIRECTORY: return new Schema\ActiveDirectory($dn, $data, $ldap); case RootDSE::SERVER_TYPE_OPENLDAP: return new Schema\OpenLdap($dn, $data, $ldap); case RootDSE::SERVER_TYPE_EDIRECTORY: default: return new self($dn, $data, $ldap); } }
/** * {@inheritDoc} */ public function bind(UserInterface $user, $password) { if ($user instanceof LdapUserInterface && $user->getDn()) { $bind_rdn = $user->getDn(); } else { $bind_rdn = $user->getUsername(); } try { $this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn)); $bind = $this->driver->bind($bind_rdn, $password); return $bind instanceof Ldap; } catch (ZendLdapException $exception) { $this->zendExceptionHandler($exception); } return false; }
/** * Authenticate a login request against ldap. * * @return \Application\Model\Zend\Ldap\Exception\LdapException|boolean */ public function authenticate() { $multiOptions = $this->getConfiguration(); $ldap = new Ldap(); foreach ($multiOptions as $options) { $ldap->setOptions($options); try { $ldap->bind($this->sFullIdentity, $this->sPass); $oResult = new Result(Result::SUCCESS, $this->sUser, array('Account is authenticate')); break; } catch (\Zend\Ldap\Exception\LdapException $oExp) { $oResult = new Result(Result::FAILURE_CREDENTIAL_INVALID, $this->sUser, array($oExp->getMessage())); $this->log('Could not authenticate user: '******' reason is ' . $oExp->getMessage()); } } return $oResult; }
/** * Returns Zend LDAP * * @return \Zend\Ldap\Ldap */ public function getLdap() { if ($this->_ldap === null) { $options = array('host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'), 'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'), 'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'), 'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'), 'useStartTls' => Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls', 'useSsl' => Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl', 'bindRequiresDn' => true, 'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'), 'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter')); $this->_ldap = new \Zend\Ldap\Ldap($options); $this->_ldap->bind(); } return $this->_ldap; }
/** * Rewind the Iterator to the first result item * Implements Iterator * * @throws \Zend\Ldap\Exception */ public function rewind() { if (is_resource($this->_resultId)) { $this->_current = @ldap_first_entry($this->_ldap->getResource(), $this->_resultId); if ($this->_current === false && $this->_ldap->getLastErrorCode() > Ldap\Exception::LDAP_SUCCESS) { throw new Ldap\Exception($this->_ldap, 'getting first entry'); } } }
public function testBindUserInterfaceByUsernameSuccessful() { $username = '******'; $password = '******'; $user = $this->getMock('Symfony\\Component\\Security\\Core\\User\\UserInterface'); $user->expects($this->once())->method('getUsername')->will($this->returnValue($username)); $this->zend->expects($this->once())->method('bind')->with($this->equalTo($username), $this->equalTo($password))->will($this->returnValue($this->zend)); $this->assertTrue($this->zendLdapDriver->bind($user, $password)); }
protected function cleanupLDAPServer() { if (!constant('TESTS_ZEND_LDAP_ONLINE_ENABLED')) { return; } $ldap = $this->ldap->getResource(); foreach (array_reverse($this->nodes) as $dn => $entry) { ldap_delete($ldap, $dn); } }
/** * Rewind the Iterator to the first result item * Implements Iterator * * * @throws \Zend\Ldap\Exception\LdapException */ public function rewind() { if (is_resource($this->resultId)) { ErrorHandler::start(); $this->current = ldap_first_entry($this->ldap->getResource(), $this->resultId); ErrorHandler::stop(); if ($this->current === false && $this->ldap->getLastErrorCode() > Exception\LdapException::LDAP_SUCCESS) { throw new Exception\LdapException($this->ldap, 'getting first entry'); } } }
public function find($name, $value, $attr_name) { $this->bind(); $filter = "{$attr_name}={$value}"; $base_dn = $this->active_server['baseDn']; $this->log("Attempting to search for {$name}={$value} using basedn={$base_dn}"); try { $hm = $this->ldap->search($filter, $base_dn, $this->scope); $this->log("Raw Ldap Object: " . var_export($hm, true), 7); if ($hm->count() == 0) { $this->log("Could not find an account for {$name}={$value}", 5); return false; } elseif ($hm->count() > 1) { $this->log("Found more than one user account for {$name}={$value}", 1); return false; } $this->user = $hm->current(); $this->log("User entry response: " . var_export($this->user, true), 7); return $this->user; } catch (LdapException $exc) { return $exc->getMessage(); } }
/** * Fix a bug, ex. CN=Alice Baker,CN=Users,DC=example,DC=com * * @param string $acctname * @return string - Account DN */ protected function getAccountDn($acctname) { $baseDn = $this->getBaseDn(); if ($this->getBindRequiresDn() && isset($baseDn)) { try { return parent::getAccountDn($acctname); } catch (\Zend\Ldap\Exception\LdapException $zle) { if ($zle->getCode() != \Zend\Ldap\Exception\LdapException::LDAP_NO_SUCH_OBJECT) { throw $zle; } } $acctname = $this->usernameAttribute . '=' . \Zend\Ldap\Filter\AbstractFilter::escapeValue($acctname) . ',' . $baseDn; } return parent::getAccountDn($acctname); }
private function findUnit(Identity $identity) { if (null === $this->unit) { $filter = Filter::equals('mail', $identity->mail); $baseDn = Dn::factory($this->ldap->getBaseDn())->prepend(['ou' => 'people']); $result = $this->ldap->search($filter, $baseDn, Ldap::SEARCH_SCOPE_ONE, ['l']); if (1 !== $result->count()) { return; } $result = $result->current(); $unitDn = $result['l'][0]; $this->unit = $this->ldap->getNode($unitDn); } return $this->unit; }
/** * Sort the iterator * * Sorting is done using the set sortFunction which is by default strnatcasecmp. * * The attribute is determined by lowercasing everything. * * The sort-value will be the first value of the attribute. * * @param string $sortAttribute The attribute to sort by. If not given the * value set via setSortAttribute is used. * * @return void */ public function sort($sortAttribute) { foreach ($this->entries as $key => $entry) { $attributes = ldap_get_attributes($this->ldap->getResource(), $entry['resource']); $attributes = array_change_key_case($attributes, CASE_LOWER); if (isset($attributes[$sortAttribute][0])) { $this->entries[$key]['sortValue'] = $attributes[$sortAttribute][0]; } } $sortFunction = $this->sortFunction; $sorted = usort($this->entries, function ($a, $b) use($sortFunction) { return $sortFunction($a['sortValue'], $b['sortValue']); }); if (!$sorted) { throw new Exception\LdapException($this, 'sorting result-set'); } }
public function findById($id) { $this->bind(); $this->log("Attempting to search ldap by uidnumber for {$id} against the active ldap server"); try { $hm = $this->ldap->search("uidnumber={$id}", $this->active_server['baseDn'], ZendLdap::SEARCH_SCOPE_ONE); $this->log("Raw Ldap Object: " . var_export($hm, true), 7); foreach ($hm as $item) { $this->log($item); return $item; } return false; } catch (LdapException $exc) { $msg = $exc->getMessage(); $this->log($msg); } }
/** * @expectedException InvalidArgumentException */ public function testPrepareLDAPEntryArrayObjectData() { $class = new \stdClass(); $class->a = 'b'; $data = array('a1' => array($class)); Ldap\Ldap::prepareLDAPEntryArray($data); }
public function getComputers($computerService) { $domain = $this->options['accountDomainName']; $ldap = new Ldap($this->options); $ldap->bind(); $result = $ldap->search('(&(objectCategory=computer))', 'dc=wr,dc=local', Ldap::SEARCH_SCOPE_SUB); foreach ($result as $item) { if ($item['name'][0] != '') { $hostname = $item['name'][0]; $computer = $computerService->findByDNSName($hostname, $domain); if (!$computer) { $computer = new Computer(); $computerService->setType($computer, 'Computer'); $computerService->setStatus($computer, 'In Use'); $computerService->setManufacturer($computer, 'Dell'); $computer->setHostname($hostname)->setDomain($domain); } // Operating system if (array_key_exists('operatingsystem', $item)) { $computer->setOsName($item['operatingsystem'][0]); } // Operating system service pack if (array_key_exists('operatingsystemservicepack', $item)) { $computer->setOsServicePack($item['operatingsystemservicepack'][0]); } // Operating system version. if (array_key_exists('operatingsystemversion', $item)) { $computer->setOsVersion($item['operatingsystemversion'][0]); } // die(var_dump($computer->getStatus())); $computerService->persist($computer); } } }
/** * Checks the group membership of the bound user * * @param Zend_Ldap $ldap * @param string $canonicalName * @param string $dn * @param array $adapterOptions * @return string|true */ protected function _checkGroupMembership(\Zend\Ldap\Ldap $ldap, $canonicalName, $dn, array $adapterOptions) { if ($adapterOptions['group'] === null) { return true; } if ($adapterOptions['memberIsDn'] === false) { $user = $canonicalName; } else { $user = $dn; } $groupName = \Zend\Ldap\Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']); $membership = \Zend\Ldap\Filter::equals($adapterOptions['memberAttr'], $user); $group = \Zend\Ldap\Filter::andFilter($groupName, $membership); $groupFilter = $adapterOptions['groupFilter']; if (!empty($groupFilter)) { $group = $group->addAnd($groupFilter); } $result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']); if ($result === 1) { return true; } else { return 'Failed to verify group membership with ' . $group->toString(); } }
/** * @param Ldap $ldap Zend\Ldap\Ldap object * @param string $str Informative exception message * @param int $code LDAP error code */ public function __construct(Ldap $ldap = null, $str = null, $code = 0) { $errorMessages = array(); $message = ''; if ($ldap !== null) { $oldCode = $code; $message = $ldap->getLastError($code, $errorMessages) . ': '; if ($code === 0) { $message = ''; $code = $oldCode; } } if (empty($message)) { if ($code > 0) { $message = '0x' . dechex($code) . ': '; } } if (!empty($str)) { $message .= $str; } else { $message .= 'no exception message'; } parent::__construct($message, $code); }
/** * Factory method to create an attached Zend\Ldap\Node for a given DN. * * @param string|array|Dn $dn * @param Ldap $ldap * @return Node|null * @throws Exception\LdapException */ public static function fromLdap($dn, Ldap $ldap) { if (is_string($dn) || is_array($dn)) { $dn = Dn::factory($dn); } elseif ($dn instanceof Dn) { $dn = clone $dn; } else { throw new Exception\LdapException(null, '$dn is of a wrong data type.'); } $data = $ldap->getEntry($dn, ['*', '+'], true); if ($data === null) { return; } $entry = new static($dn, $data, true, $ldap); return $entry; }
/** * @group ZF-8274 */ public function testConnectWithUri() { $host = TESTS_ZEND_LDAP_HOST; $port = 0; if (defined('TESTS_ZEND_LDAP_PORT') && TESTS_ZEND_LDAP_PORT != 389) { $port = TESTS_ZEND_LDAP_PORT; } $useSsl = false; if (defined('TESTS_ZEND_LDAP_USE_SSL')) { $useSsl = TESTS_ZEND_LDAP_USE_SSL; } if ($useSsl) { $host = 'ldaps://' . $host; } else { $host = 'ldap://' . $host; } if ($port) { $host = $host . ':' . $port; } $ldap = new Ldap\Ldap(); try { $ldap->connect($host)->bind('CN=ignored,DC=example,DC=com', 'ignored'); $this->fail('Expected exception for invalid username'); } catch (Exception\LdapException $zle) { $this->assertContains('Invalid credentials', $zle->getMessage()); } }
/** * @group ZF-8259 */ public function testResourceIsAlwaysReturned() { $ldap = new Ldap\Ldap($this->_options); $this->assertNotNull($ldap->getResource()); $this->assertTrue(is_resource($ldap->getResource())); $this->assertEquals(TESTS_ZEND_LDAP_USERNAME, $ldap->getBoundUser()); }
/** * ZF-4495 */ public function testSpecialCharacterInUsername() { $options = $this->options; $options['accountDomainName'] = 'example.com'; $options['accountDomainNameShort'] = 'EXAMPLE'; $ldap = new Ldap\Ldap($options); $this->assertEquals('schäfer', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_USERNAME)); $this->assertEquals('schäfer', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_USERNAME)); $this->assertEquals('schäfer', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_USERNAME)); $this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL)); $this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL)); $this->assertEquals('schäfer@example.com', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_PRINCIPAL)); $this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('SCHÄFER@example.com', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH)); $this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('EXAMPLE\\SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH)); $this->assertEquals('EXAMPLE\\schäfer', $ldap->getCanonicalAccountName('SCHÄFER', Ldap\Ldap::ACCTNAME_FORM_BACKSLASH)); }
public function testConfigObject() { $config = new Config\Config(array('host' => TESTS_ZEND_LDAP_HOST, 'username' => TESTS_ZEND_LDAP_USERNAME, 'password' => TESTS_ZEND_LDAP_PASSWORD, 'baseDn' => TESTS_ZEND_LDAP_BASE_DN)); $ldap = new Ldap\Ldap($config); $this->assertEquals(array('host' => TESTS_ZEND_LDAP_HOST, 'port' => 0, 'useSsl' => false, 'username' => TESTS_ZEND_LDAP_USERNAME, 'password' => TESTS_ZEND_LDAP_PASSWORD, 'bindRequiresDn' => false, 'baseDn' => TESTS_ZEND_LDAP_BASE_DN, 'accountCanonicalForm' => null, 'accountDomainName' => null, 'accountDomainNameShort' => null, 'accountFilterFormat' => null, 'allowEmptyPassword' => false, 'useStartTls' => false, 'optReferrals' => false, 'tryUsernameSplit' => true, 'networkTimeout' => null), $ldap->getOptions()); }