/** * Validate a user against the given credentials. * * @param UserContract $user * @param array $credentials * * @throws adLDAP\adLDAPException * * @return bool */ public function validateCredentials(UserContract $user, array $credentials) { $userDN = $this->ad->search(true, $credentials['username']); if (count($userDN) != 0) { $userDN = $userDN[$credentials['username']][3]; return $this->ad->authenticate($userDN, $credentials['password']); } }
/** * Fetches the user data via adLDAP and stores it in the provided $user. * * @param AdUser|User $user * @param TokenInterface $token * @param adLDAP $adLdap * @return bool * @throws \Exception */ public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $userCollection */ $userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*')); if ($userCollection) { $user->setDisplayName($userCollection->displayName); $user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid)); $user->setEmail($userCollection->mail); $user->setPassword($token->getCredentials()); $roles = ['ROLE_USER']; if (in_array($userCollection->mail, $this->config['admin_emails'], true)) { $roles[] = 'ROLE_ADMIN'; } $user->setRoles($roles); $this->userService->saveLDAPUserData($user); return true; } return false; }
To test any of the functions, just change the 0 to a 1. */ //error_reporting(E_ALL ^ E_NOTICE); include dirname(__FILE__) . '/../lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($options); } catch (adLDAPException $e) { echo $e; exit; } //var_dump($ldap); echo "<pre>\n"; // authenticate a username/password if (0) { $result = $adldap->authenticate('username', 'password'); var_dump($result); } // add a group to a group if (0) { $result = $adldap->group()->addGroup('Parent Group Name', 'Child Group Name'); var_dump($result); } // add a user to a group if (0) { $result = $adldap->group()->addUser('Group Name', 'username'); var_dump($result); } // create a group if (0) { $attributes = array('group_name' => 'Test Group', 'description' => 'Just Testing', 'container' => array('Groups', 'A Container'));
/** * Validate a user's login credentials * * @param string $username A user's AD username * @param string $password A user's AD password * @param bool optional $prevent_rebind * @return bool */ public function authenticate($username, $password, $preventRebind = false) { return $this->adldap->authenticate($username, $password, $preventRebind); }
/** * Validate a user against the given credentials. * * @param UserContract $user * @param array $credentials * * @throws adLDAP\adLDAPException * * @return bool */ public function validateCredentials(UserContract $user, array $credentials) { return $this->ad->authenticate($credentials['username'], $credentials['password']); }
/** * Validate a user against the given credentials. * * @param Illuminate\Auth\UserInterface $user * @param array $credentials * @return bool */ public function validateCredentials(Auth\UserInterface $user, array $credentials) { return $this->ad->authenticate($credentials['username'], $credentials['password']); }
public function authenticate($username, $password) { return $this->adServer->authenticate($username, $password); }
/** * Fetches the user data via adLDAP and stores it in the provided $user. * * @param AdUser|User $user * @param TokenInterface $token * @param adLDAP $adLdap * @return bool * @throws \Exception */ public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $userCollection */ $userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*')); if ($userCollection) { $groups = $adLdap->user()->groups($user->getUsername(), $this->recursiveGrouproles); $sfRoles = array(); $sfRolesTemp = array(); foreach ($groups as $r) { if (in_array($r, $sfRolesTemp) === false) { $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r)); $sfRolesTemp[] = $r; } } $user->setRoles($sfRoles); unset($sfRolesTemp); $user->setDisplayName($userCollection->displayName); $user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid)); $user->setEmail($userCollection->mail); $user->setRoles(['ROLE_USER']); $user->setPassword($token->getCredentials()); return true; } return false; }
/** * @param Authenticatable $user * @param array $credentials * @return bool */ public function validateCredentials(Authenticatable $user, array $credentials) { $username = $credentials['username']; $password = $credentials['password']; return $this->adldap->authenticate($username, $password); }
To test any of the functions, just change the 0 to a 1. */ //error_reporting(E_ALL ^ E_NOTICE); include dirname(__FILE__) . "/../lib/adLDAP/adLDAP.php"; try { $adldap = new adLDAP($options); } catch (adLDAPException $e) { echo $e; exit; } //var_dump($ldap); echo "<pre>\n"; // authenticate a username/password if (0) { $result = $adldap->authenticate("username", "password"); var_dump($result); } // add a group to a group if (0) { $result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name"); var_dump($result); } // add a user to a group if (0) { $result = $adldap->group()->addUser("Group Name", "username"); var_dump($result); } // create a group if (0) { $attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container"));
public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('ztec.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $user */ $user = $adLdap->user()->infoCollection($adUser->getUsername()); //$userInfo = $adLdap->user_info($this->username); if ($user) { $groups = array(); //$allGroups = $adLdap->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP,true); $groups = $adLdap->user()->groups($adUser->getUsername(), $this->recursiveGrouproles); /*if ($this->recursiveGrouproles == true) { // get recursive groups via adLdap $groups = $adLdap->user()->groups($adUser->getUsername(), true); } else { foreach ($user->memberOf as $k => $group) { if ($k !== 'count' && $group) { $reg = '#CN=([^,]*)#'; preg_match_all($reg, $group, $out); $groups[] = $out[1][0]; /* if(array_key_exists($out[1][0],$allGroups)){ $groups[$out[1][0]] = $allGroups[$out[1][0]]; }*/ /*} } }*/ /** End Fetching */ $sfRoles = array(); $sfRolesTemp = array(); foreach ($groups as $r) { if (in_array($r, $sfRolesTemp) === false) { $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r)); $sfRolesTemp[] = $r; } } $adUser->setRoles($sfRoles); unset($sfRolesTemp); $adUser->setDisplayName($user->displayName); $adUser->setEmail($user->mail); return true; } }
if (isset($_POST[$optName])) { $options[$optName] = $_POST[$optName]; } } $options['domain_controllers'] = array_filter($options['domain_controllers']); $adldap = false; $exception = false; if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) { try { $adldap = new adLDAP($options); $options['base_dn'] = $adldap->getBaseDn(); $options['ad_port'] = $adldap->getPort(); } catch (adLDAPException $e) { $exception = $e; } } $username = !empty($_POST['username']) ? $_POST['username'] : ''; $info = false; if ($adldap && !empty($username)) { $password = $_POST['password']; try { $adldap->authenticate($username, $password); $info = $adldap->user()->info($username, ['*']); if (isset($info[0])) { $info = $info[0]; } } catch (\adLDAP\Exceptions\adLDAPException $e) { $exception = $e; } } require 'view.html.php';