/**
* Gets the DN of a user based upon settings for the domain.
* This function will set $this->LDAPUsername
*
* @param string $username
* @return string
* @access private
*/
function getUserDN($username, $bind = false)
{
$this->printDebug("Entering getUserDN", NONSENSITIVE);
if ($bind) {
// This is a proxy bind, or an anonymous bind with a search
$proxyagent = $this->getConf('ProxyAgent');
if ($proxyagent) {
// This is a proxy bind
$this->printDebug("Doing a proxy bind", NONSENSITIVE);
$bind = $this->bindAs($proxyagent, $this->getConf('ProxyAgentPassword'));
} else {
// This is an anonymous bind
$this->printDebug("Doing an anonymous bind", NONSENSITIVE);
$bind = $this->bindAs();
}
if (!$bind) {
$this->printDebug("Failed to bind", NONSENSITIVE);
return '';
}
}
$searchattr = $this->getConf('SearchAttribute');
// we need to do a subbase search for the entry
$filter = "(" . $searchattr . "=" . $this->getLdapEscapedString($username) . ")";
$this->printDebug("Created a regular filter: {$filter}", SENSITIVE);
// We explicitly put memberof here because it's an operational attribute in some servers.
$attributes = array("*", "memberof");
$base = $this->getBaseDN(USERDN);
$this->printDebug("Using base: {$base}", SENSITIVE);
$entry = LdapAuthenticationPlugin::ldap_search($this->ldapconn, $base, $filter, $attributes);
if (LdapAuthenticationPlugin::ldap_count_entries($this->ldapconn, $entry) == 0) {
$this->printDebug("Couldn't find an entry", NONSENSITIVE);
$this->fetchedUserInfo = false;
return '';
}
$this->userInfo = LdapAuthenticationPlugin::ldap_get_entries($this->ldapconn, $entry);
$this->fetchedUserInfo = true;
if (isset($this->userInfo[0][$searchattr])) {
$username = $this->userInfo[0][$searchattr][0];
$this->printDebug("Setting the LDAPUsername based on fetched wgLDAPSearchAttributes: {$username}", NONSENSITIVE);
$this->LDAPUsername = $username;
}
$userdn = $this->userInfo[0]["dn"];
return $userdn;
}