/** * @return void */ public function testInvalidOptionResultsInException() { $optionName = 'invalid'; try { $this->_ldap->setOptions(array($optionName => 'irrelevant')); $this->fail('Expected Zend_Ldap_Exception not thrown'); } catch (Zend_Ldap_Exception $e) { $this->assertEquals("Unknown Zend_Ldap option: $optionName", $e->getMessage()); } }
public function testSetOptionsConnect() { $ldap = new Zend_Ldap(); $ldap->setOptions($this->_options); try { $ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored'); $this->fail('Expected exception for invalid username'); } catch (Zend_Ldap_Exception $zle) { $this->assertContains('Invalid credentials', $zle->getMessage()); } }
/** * Sets the LDAP specific options on the Zend_Ldap instance * * @param Zend_Ldap $ldap * @param array $options * @return array of auth-adapter specific options */ protected function _prepareOptions(Zend_Ldap $ldap, array $options) { $adapterOptions = array('group' => null, 'groupDn' => $ldap->getBaseDn(), 'groupScope' => Zend_Ldap::SEARCH_SCOPE_SUB, 'groupAttr' => 'cn', 'groupFilter' => 'objectClass=groupOfUniqueNames', 'memberAttr' => 'uniqueMember', 'memberIsDn' => true); foreach ($adapterOptions as $key => $value) { if (array_key_exists($key, $options)) { $value = $options[$key]; unset($options[$key]); switch ($key) { case 'groupScope': $value = (int) $value; if (in_array($value, array(Zend_Ldap::SEARCH_SCOPE_BASE, Zend_Ldap::SEARCH_SCOPE_ONE, Zend_Ldap::SEARCH_SCOPE_SUB), true)) { $adapterOptions[$key] = $value; } break; case 'memberIsDn': $adapterOptions[$key] = $value === true || $value === '1' || strcasecmp($value, 'true') == 0; break; default: $adapterOptions[$key] = trim($value); break; } } } $ldap->setOptions($options); return $adapterOptions; }
/** * gets userdata from LDAP * * @return array data of currently logged in user */ public static function getUserdata() { // get usernumber from session // if session has not been defined return false $user = new Zend_Session_Namespace('loggedin'); if (isset($user->usernumber) === false) { return false; } $return = array(); $config = new Zend_Config_Ini('../application/configs/config.ini', 'production'); $log_path = $config->ldap->log_path; $multiOptions = $config->ldap->toArray(); $mappingSettings = $config->ldapmappings->toArray(); unset($multiOptions['log_path']); unset($multiOptions['admin_accounts']); $ldap = new Zend_Ldap(); foreach ($multiOptions as $name => $options) { $mappingFirstName = $mappingSettings[$name]['firstName']; $mappingLastName = $mappingSettings[$name]['lastName']; $mappingEMail = $mappingSettings[$name]['EMail']; $permanentId = $mappingSettings[$name]['personId']; $ldap->setOptions($options); try { $ldap->bind(); $ldapsearch = $ldap->search('(uid=' . $user->usernumber . ')', 'dc=tub,dc=tu-harburg,dc=de', Zend_Ldap::SEARCH_SCOPE_ONE); if ($ldapsearch->count() > 0) { $searchresult = $ldapsearch->getFirst(); if (is_array($searchresult[$mappingFirstName]) === true) { $return['firstName'] = $searchresult[$mappingFirstName][0]; } else { $return['firstName'] = $searchresult[$mappingFirstName]; } if (is_array($searchresult[$mappingLastName]) === true) { $return['lastName'] = $searchresult[$mappingLastName][0]; } else { $return['lastName'] = $searchresult[$mappingLastName]; } if (is_array($searchresult[$mappingEMail]) === true) { $return['email'] = $searchresult[$mappingEMail][0]; } else { $return['email'] = $searchresult[$mappingEMail]; } if (is_array($searchresult[$permanentId]) === true) { $return['personId'] = $searchresult[$permanentId][0]; } else { $return['personId'] = $searchresult[$permanentId]; } return $return; } } catch (Zend_Ldap_Exception $zle) { echo ' ' . $zle->getMessage() . "\n"; if ($zle->getCode() === Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH) { continue; } } } return $return; }
public function testAccountCanonization() { $options = $this->_options; $ldap = new Zend_Ldap($options); $canonDn = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_DN); $this->assertEquals(TESTS_ZEND_LDAP_ALT_DN, $canonDn); $canonUsername = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canonUsername); $canonBackslash = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_BACKSLASH); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canonBackslash); $canonPrincipal = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME, Zend_Ldap::ACCTNAME_FORM_PRINCIPAL); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canonPrincipal); $options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_USERNAME; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_BACKSLASH; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_PRINCIPAL; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon); unset($options['accountCanonicalForm']); unset($options['accountDomainName']); $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME_SHORT . '\\' . TESTS_ZEND_LDAP_ALT_USERNAME, $canon); unset($options['accountDomainNameShort']); $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME, $canon); $options['accountDomainName'] = TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME; $ldap->setOptions($options); $canon = $ldap->getCanonicalAccountName(TESTS_ZEND_LDAP_ALT_USERNAME); $this->assertEquals(TESTS_ZEND_LDAP_ALT_USERNAME . '@' . TESTS_ZEND_LDAP_ACCOUNT_DOMAIN_NAME, $canon); }