/** * Gets the username from LDAP given the email address * * @todo Implement caching by retrieving all needed information in one query. * @todo Implement logging to LDAP queries same way like DB queries. * * @param string $p_email_address The email address. * @return string The username or null if not found. * * Based on ldap_get_field_from_username from MantisBT 1.2.14 */ private function ldap_get_username_from_email($p_email_address) { if ($this->_login_method == LDAP) { $t_email_field = 'mail'; $t_ldap_organization = config_get('ldap_organization'); $t_ldap_root_dn = config_get('ldap_root_dn'); $t_ldap_uid_field = config_get('ldap_uid_field'); $c_email_address = ldap_escape_string($p_email_address); log_event(LOG_LDAP, "Retrieving field '{$t_ldap_uid_field}' for '{$p_email_address}'"); # Bind log_event(LOG_LDAP, "Binding to LDAP server"); $t_ds = @ldap_connect_bind(); if ($t_ds === false) { ldap_log_error($t_ds); return null; } # Search $t_search_filter = "(&{$t_ldap_organization}({$t_email_field}={$c_email_address}))"; $t_search_attrs = array($t_ldap_uid_field, $t_email_field, 'dn'); log_event(LOG_LDAP, "Searching for {$t_search_filter}"); $t_sr = @ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs); if ($t_sr === false) { ldap_log_error($t_ds); ldap_unbind($t_ds); log_event(LOG_LDAP, "ldap search failed"); return null; } # Get results $t_info = ldap_get_entries($t_ds, $t_sr); if ($t_info === false) { ldap_log_error($t_ds); log_event(LOG_LDAP, "ldap_get_entries() returned false."); return null; } # Free results / unbind log_event(LOG_LDAP, "Unbinding from LDAP server"); ldap_free_result($t_sr); ldap_unbind($t_ds); # If no matches, return null. if ($t_info['count'] == 0) { log_event(LOG_LDAP, "No matches found."); return null; } # Make sure the requested field exists if (is_array($t_info[0]) && array_key_exists(strtolower($t_ldap_uid_field), $t_info[0])) { $t_value = $t_info[0][strtolower($t_ldap_uid_field)][0]; log_event(LOG_LDAP, "Found value '{$t_value}' for field '{$t_ldap_uid_field}'."); } else { log_event(LOG_LDAP, "WARNING: field '{$t_ldap_uid_field}' does not exist"); return null; } return $t_value; } return null; }
/** * Authenticates the specified user id / password based on the simulation data. * * @param string $p_username The username. * @param string $p_password The password. * @return bool true for authenticated, false otherwise. */ function ldap_simulation_authenticate_by_username($p_username, $p_password) { $c_username = ldap_escape_string($p_username); $t_user = ldap_simulation_get_user($c_username); if ($t_user === null) { log_event(LOG_LDAP, "ldap_simulation_authenticate: user '{$p_username}' not found."); return false; } if ($t_user['password'] != $p_password) { log_event(LOG_LDAP, "ldap_simulation_authenticate: expected password '{$t_user['password']}' and got '{$p_password}'."); return false; } log_event(LOG_LDAP, "ldap_simulation_authenticate: authentication successful for user '{$p_username}'."); return true; }
function GET_ldapFilterSafe_or($name, $default_value) { return isset($_GET[$name]) ? ldap_escape_string($_GET[$name]) : $default_value; }
/** * Authenticates the specified user id / password based on the simulation data. * * @param string $p_username The username. * @param string $p_password The password. * @return boolean true for authenticated, false otherwise. */ function ldap_simulation_authenticate_by_username($p_username, $p_password) { $c_username = ldap_escape_string($p_username); $t_user = ldap_simulation_get_user($c_username); if ($t_user === null) { log_event(LOG_LDAP, 'ldap_simulation_authenticate: user \'' . $p_username . '\' not found.'); return false; } if ($t_user['password'] != $p_password) { log_event(LOG_LDAP, 'ldap_simulation_authenticate: expected password \'' . $t_user['password'] . '\' and got \'' . $p_password . '\'.'); return false; } log_event(LOG_LDAP, 'ldap_simulation_authenticate: authentication successful for user \'' . $p_username . '\'.'); return true; }
/** * CRITICAL - Mantis and TestLink have different return structure from ldap_connect_bind() * * Gets the value of a specific field from LDAP given the user name * and LDAP field name. * * @param string $p_username The user name. * @param string $p_field The LDAP field name. * @return string The field value or null if not found. */ function ldap_get_field_from_username($p_username, $p_field) { $authCfg = config_get('authentication'); $t_ldap_organization = $authCfg['ldap_organization']; $t_ldap_root_dn = $authCfg['ldap_root_dn']; $t_ldap_uid_field = $authCfg['ldap_uid_field']; // 'uid' by default $c_username = ldap_escape_string($p_username); $t_connect = @ldap_connect_bind(); if ($t_connect === false) { return null; } $t_ds = $t_connect->handler; // DIFFERENCE WITH MANTIS # Search $t_search_filter = "(&{$t_ldap_organization}({$t_ldap_uid_field}={$c_username}))"; $t_search_attrs = array($t_ldap_uid_field, $p_field, 'dn'); // log_event( LOG_LDAP, "Searching for $t_search_filter" ); $t_sr = @ldap_search($t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs); if ($t_sr === false) { // ldap_log_error( $t_ds ); ldap_unbind($t_ds); // log_event( LOG_LDAP, "ldap search failed" ); return null; } # Get results $t_info = ldap_get_entries($t_ds, $t_sr); if ($t_info === false) { ldap_log_error($t_ds); // log_event( LOG_LDAP, "ldap_get_entries() returned false." ); return null; } # Free results / unbind // log_event( LOG_LDAP, "Unbinding from LDAP server" ); ldap_free_result($t_sr); ldap_unbind($t_ds); # If no matches, return null. if ($t_info['count'] == 0) { // log_event( LOG_LDAP, "No matches found." ); return null; } # Make sure the requested field exists if (is_array($t_info[0]) && array_key_exists($p_field, $t_info[0])) { $t_value = $t_info[0][$p_field][0]; // log_event( LOG_LDAP, "Found value '{$t_value}' for field '{$p_field}'." ); } else { //log_event( LOG_LDAP, "WARNING: field '$p_field' does not exist" ); return null; } return $t_value; }