public function test_with_working_credentials()
{
$_POST['username'] = $this->username;
$_POST['password'] = $this->password;
$authN = new LDAPAuthentication();
$this->assertTrue($authN->authenticate() instanceof User);
}
protected function defaultFieldMap() {
return array_merge(parent::defaultFieldMap(), array(
'uid'=>'samaccountname',
'email'=>'mail',
'firstname'=>'givenname',
'lastname'=>'sn',
'groupname'=>'cn',
'members'=>'member',
'memberuid'=>'dn',
'gid'=>'objectGUID'
));
}
function pre_save(&$config, &$errors)
{
require_once 'class.AuthLdap.php';
list($__, $_N) = self::translate();
global $ost;
if ($ost && !extension_loaded('ldap')) {
$ost->setWarning($__('LDAP extension is not available'));
$errors['err'] = $__('LDAP extension is not available. Please
install or enable the `php-ldap` extension on your web
server');
return;
}
if (!$config['basedn']) {
if (!($servers = LDAPAuthentication::connectcheck($config['servers']))) {
$this->getForm()->getField('basedn')->addError($__("No basedn specified. Example of DN attributes 'dc=foo,dc=com'."));
}
}
if (!$config['shortdomain']) {
$this->getForm()->getField('shortdomain')->addError($__("No Domain Netbios names specified."));
} else {
if (!$config['servers']) {
$this->getForm()->getField('servers')->addError($__("No servers specified. Either specify a FQDN\n or ip address of servers"));
} else {
$servers = array();
foreach (preg_split('/\\s+/', $config['servers']) as $server) {
$server = trim($server);
$servers[] = array($server);
}
}
}
$ldapdata = array();
foreach (preg_split('/\\n/', $config['basedn']) as $i => $dn) {
$dn = trim($dn);
$servers = preg_split('/\\s+/', $config['servers']);
$sd = preg_split('/;|,/', $config['shortdomain']);
$ldapdata[] = array('dn' => $dn, 'sd' => $sd[$i], 'servers' => $servers[$i]);
}
$connection_error = LDAPMultiAuthentication::connectcheck($ldapdata);
foreach ($connection_error as $i => $connerror) {
//LDAPAuthentication::console($connerror);
if (!$connerror['bool']) {
$this->getForm()->getField('servers')->addError($connerror['msg']);
$errors['err'] = $__('Unable to connect any listed LDAP servers');
}
}
global $msg;
if (!$errors) {
$msg = $__('LDAP configuration updated successfully');
}
return !$errors;
}
function pre_save(&$config, &$errors)
{
require_once 'include/Net/LDAP2.php';
global $ost;
if ($ost && !extension_loaded('ldap')) {
$ost->setWarning('LDAP extension is not available');
return;
}
if ($config['domain'] && !$config['servers']) {
if (!($servers = LDAPAuthentication::autodiscover($config['domain'], preg_split('/,?\\s+/', $config['dns'])))) {
$this->getForm()->getField('servers')->addError("Unable to find LDAP servers for this domain. Try giving\n an address of one of the DNS servers or manually specify\n the LDAP servers for this domain below.");
}
} else {
if (!$config['servers']) {
$this->getForm()->getField('servers')->addError("No servers specified. Either specify a Active Directory\n domain or a list of servers");
} else {
$servers = array();
foreach (preg_split('/\\s+/', $config['servers']) as $host) {
$servers[] = array('host' => $host);
}
}
}
$connection_error = false;
foreach ($servers as $info) {
// Assume MSAD
$info['options']['LDAP_OPT_REFERRALS'] = 0;
if ($config['tls']) {
$info['starttls'] = true;
// Don't require a certificate here
putenv('LDAPTLS_REQCERT=never');
}
if ($config['bind_dn']) {
$info['binddn'] = $config['bind_dn'];
$info['bindpw'] = $config['bind_pw'] ? $config['bind_pw'] : Crypto::decrypt($this->get('bind_pw'), SECRET_SALT, $this->getNamespace());
}
// Set reasonable timeouts so we dont exceed max_execution_time
$info['options'] = array('LDAP_OPT_TIMELIMIT' => 5, 'LDAP_OPT_NETWORK_TIMEOUT' => 5);
$c = new Net_LDAP2($info);
$r = $c->bind();
if (PEAR::isError($r)) {
$connection_error = $r->getMessage() . ': Unable to bind to ' . $info['host'];
} else {
$connection_error = false;
break;
}
}
if ($connection_error) {
$this->getForm()->getField('servers')->addError($connection_error);
$errors['err'] = 'Unable to connect any listed LDAP servers';
}
if (!$errors && $config['bind_pw']) {
$config['bind_pw'] = Crypto::encrypt($config['bind_pw'], SECRET_SALT, $this->getNamespace());
} else {
$config['bind_pw'] = $this->get('bind_pw');
}
global $msg;
if (!$errors) {
$msg = 'LDAP configuration updated successfully';
}
return !$errors;
}
/**
* Verify that bad credentials cause failure.
*
* @return void
* @access public
*/
public function testWithWrongCredentials()
{
try {
$_POST['username'] = $this->_username;
$_POST['password'] = $this->_password . 'badpass';
$authN = new LDAPAuthentication();
$this->assertTrue(PEAR::isError($authN->authenticate()));
} catch (IOException $unexpected) {
$this->fail('Unexpected Exception with: ' . $unexpected->getMessage());
}
}
