/** * @param string $username The username for authenticating the bind * @param string $password The password for authenticating the bind * @return Ldap Provides a fluent interface * @throws Exception\LdapException */ public function bind($username = null, $password = null) { $moreCreds = true; if ($username === null) { $username = $this->getUsername(); $password = $this->getPassword(); $moreCreds = false; } if (empty($username)) { /* Perform anonymous bind */ $username = null; $password = null; } else { /* Check to make sure the username is in DN form. */ if (!Dn::checkDn($username)) { if ($this->getBindRequiresDn()) { /* moreCreds stops an infinite loop if getUsername does not * return a DN and the bind requires it */ if ($moreCreds) { try { $username = $this->getAccountDn($username); } catch (Exception\LdapException $zle) { switch ($zle->getCode()) { case Exception\LdapException::LDAP_NO_SUCH_OBJECT: case Exception\LdapException::LDAP_X_DOMAIN_MISMATCH: case Exception\LdapException::LDAP_X_EXTENSION_NOT_LOADED: throw $zle; } throw new Exception\LdapException(null, 'Failed to retrieve DN for account: ' . $username . ' [' . $zle->getMessage() . ']', Exception\LdapException::LDAP_OPERATIONS_ERROR); } } else { throw new Exception\LdapException(null, 'Binding requires username in DN form'); } } else { $username = $this->getCanonicalAccountName($username, $this->getAccountCanonicalForm()); } } } if (!is_resource($this->resource)) { $this->connect(); } if ($username !== null && $password === '' && $this->getAllowEmptyPassword() !== true) { $zle = new Exception\LdapException(null, 'Empty password not allowed - see allowEmptyPassword option.'); } else { ErrorHandler::start(E_WARNING); $bind = ldap_bind($this->resource, $username, $password); ErrorHandler::stop(); if ($bind) { $this->boundUser = $username; return $this; } $message = $username === null ? $this->connectString : $username; switch ($this->getLastErrorCode()) { case Exception\LdapException::LDAP_SERVER_DOWN: /* If the error is related to establishing a connection rather than binding, * the connect string is more informative than the username. */ $message = $this->connectString; } $zle = new Exception\LdapException($this, $message); } $this->disconnect(); throw $zle; }
public function testCoreExplodeDnWithMultiValuedRdn() { $dn = 'cn=name1+uid=user,cn=name2,dc=example,dc=org'; $k = array(); $v = array(); $this->assertTrue(Ldap\Dn::checkDn($dn, $k, $v)); $ke = array(array('cn', 'uid'), 'cn', 'dc', 'dc'); $ve = array(array('name1', 'user'), 'name2', 'example', 'org'); $this->assertEquals($ke, $k); $this->assertEquals($ve, $v); $dn = 'cn=name11+cn=name12,cn=name2,dc=example,dc=org'; $this->assertFalse(Ldap\Dn::checkDn($dn)); $dn = 'CN=name11+Cn=name12,cn=name2,dc=example,dc=org'; $this->assertFalse(Ldap\Dn::checkDn($dn)); }