/**
* {@inheritDoc}
*
* @uses connect()
*
* @throws LdapDriverException
*/
public function bind(UserInterface $user, $password)
{
if ($user instanceof LdapUserInterface && $user->getDn()) {
$bind_rdn = $user->getDn();
} elseif (isset($this->params['bindRequiresDn']) && $this->params['bindRequiresDn']) {
if (!isset($this->params['baseDn']) || !isset($this->params['accountFilterFormat'])) {
throw new LdapDriverException('Param baseDn and accountFilterFormat is required if bindRequiresDn is true');
}
$bind_rdn = $this->search($this->params['baseDn'], sprintf($this->params['accountFilterFormat'], $user->getUsername()));
if (1 == $bind_rdn['count']) {
$bind_rdn = $bind_rdn[0]['dn'];
} else {
return false;
}
} else {
$bind_rdn = $user->getUsername();
}
if (null === $this->ldap_res) {
$this->connect();
}
$this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn));
ErrorHandler::start(E_WARNING);
$bind = ldap_bind($this->ldap_res, $bind_rdn, $password);
ErrorHandler::stop();
return $bind;
}
public function isEqualTo(UserInterface $user)
{
if (!$user instanceof LdapUser || $user->getUsername() !== $this->username || $user->getEmail() !== $this->email || count(array_diff($user->getRoles(), $this->roles)) > 0 || $user->getDn() !== $this->dn) {
return false;
}
return true;
}
/**
* {@inheritDoc}
*/
public function bind(UserInterface $user, $password)
{
if ($user instanceof LdapUserInterface && $user->getDn()) {
$bind_rdn = $user->getDn();
} else {
$bind_rdn = $user->getUsername();
}
try {
$this->logDebug(sprintf('ldap_bind(%s, ****)', $bind_rdn));
$bind = $this->driver->bind($bind_rdn, $password);
return $bind instanceof Ldap;
} catch (ZendLdapException $exception) {
$this->zendExceptionHandler($exception);
}
return false;
}
public function equals(UserInterface $user)
{
if (!$user instanceof LdapUser) {
return false;
}
if ($user->getUsername() !== $this->username) {
return false;
}
if ($user->getEmail() !== $this->email) {
return false;
}
if ($user->getRoles() !== $this->roles) {
return false;
}
if ($user->getDn() !== $this->dn) {
return false;
}
return true;
}
/**
* {@inheritdoc}
*/
protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$currentUser = $token->getUser();
if ($currentUser instanceof LdapUserInterface) {
if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) {
throw new BadCredentialsException('The credentials were changed from another session.');
}
} else {
if (!$user->getDn()) {
$userLdap = $this->ldapManager->findUserByUsername($user->getUsername());
if (!$userLdap) {
throw new BadCredentialsException(sprintf('User "%s" not found', $user->getUsername()));
}
$user->setDn($userLdap->getDn());
}
if (!($presentedPassword = $token->getCredentials())) {
throw new BadCredentialsException('The presented password cannot be empty.');
}
if (!$this->ldapManager->bind($user, $presentedPassword)) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
