/**
* Initiliaze internal parameters from configuration.
*/
function initializeFromConfiguration ()
{
global $lemonldap_config;
if (array_key_exists('soap', $lemonldap_config) !== false)
{
$this->_isSoap = $lemonldap_config['soap'];
}
//
// If SOAP is configured, then launched NuSOAP PHp library.
// Default path is defined into LemonLDAP_Constants.php.
//
if ($this->_isSoap && !class_exists('nusoap_base', false))
{
require_once DEFAULT_NUSOAP_PATH;
}
parent::initializeFromConfiguration();
}
/**
* This function retrieve information from headers, and starts a session
* automatically for the user found.
* @return boolean
*/
public function auth_validatelogin ()
{
global $obm;
//
// First of all, we have to check if headers are set.
//
$user = $this->_engine->getUserLogin();
$domain = $this->_engine->getUserDomain();
//
// If headers are not found, use normal authentication process.
// The method auth_validatelogin() corresponding to class defined
// by the constant DEFAULT_LEMONLDAP_SECONDARY_AUTHCLASS will be
// automatically called. We can not use auth_preauth function instead,
// because it does not the job correctly for us.
//
if (strlen($user) == 0)
{
$this->_logger->debug('Proceed to non-SSO authentication');
$d_auth_class_name = DEFAULT_LEMONLDAP_SECONDARY_AUTHCLASS;
$d_auth_object = new $d_auth_class_name ();
return $d_auth_object->auth_validatelogin();
}
//
// Trace SSO Headers, and check if the request is correct.
//
//
$this->_logger->debug("Headers: "
. var_export($this->_engine->getHeaders(), true));
if (!$this->checkLemonldapRequest())
{
$this->_logger->warn('Not a valid Lemonldap request, stop authentication');
return false;
}
//
// Search for ID corresponding to the user and the domain. If the user
// does not exists, user_id will be false.
//
$domain_id = $this->_engine->getDomainID($domain);
$user_id = $this->_engine->isUserExists($user, $domain_id);
$user_id = $user_id !== false ? $user_id : null;
//
// Then, we try to update/create the account, only if the synchronization
// is allowed. The synchronization could be failed, and the function could
// return false. In this case, it means that there is something wrong
// during the synchronization.
//
$sync = new LemonLDAP_Sync($this->_engine);
if ($sync->isEnabled())
{
$user_id_sync = $sync->syncUser($user_id, $domain_id, $user, $domain);
if ($user_id_sync !== false)
{
$user_id = $user_id_sync;
}
}
//
// The synchronization task have to return the user_id: the one
// created or the one found during an update. Even if the synchronization
// fails, we authenticate the user.
// A flag that indicates that user is logged through LemonLDAP is stored.
// This flag could be then used to personnalize OBM modules, and lock some
// functionnalities (such as changing OBM password).
//
$user_auth = false;
$user_data = $this->_engine->getUserDataFromId($user_id, $domain_id);
if (is_array($user_data) && array_key_exists('user_id', $user_data))
{
if (global_unfreeze_user($user_data['user_id']))
{
$obm['login'] = $user_data['login'];
$obm['profile'] = $user_data['profile'];
$obm['domain_id'] = $domain_id;
$obm['delegation'] = $user_data['delegation_target'];
$user_auth = $user_data['user_id'];
$this->_logged = true;
}
}
$this->_logger->info("authentication for $user@$domain: "
. ($this->_logged ? "SUCCEED" : "FAILED"));
return $user_auth;
}
