/**
* Authenticates a user against ldap server.
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
try {
$serverType = Yii::app()->authenticationHelper->ldapServerType;
$host = Yii::app()->authenticationHelper->ldapHost;
$port = Yii::app()->authenticationHelper->ldapPort;
$baseDomain = Yii::app()->authenticationHelper->ldapBaseDomain;
$bindPassword = Yii::app()->authenticationHelper->ldapBindPassword;
$bindRegisteredDomain = Yii::app()->authenticationHelper->ldapBindRegisteredDomain;
$ldapConnection = LdapUtil::establishConnection($serverType, $host, $port, $bindRegisteredDomain, $bindPassword, $baseDomain);
if ($ldapConnection) {
if ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_OPEN_LDAP) {
$ldapFilter = '(|(cn=' . $this->username . ')(&(uid=' . $this->username . ')))';
} elseif ($serverType == ZurmoAuthenticationHelper::SERVER_TYPE_ACTIVE_DIRECTORY) {
$ldapFilter = '(sAMAccountName=' . $this->username . ')';
} else {
throw new NotSupportedException();
}
$ldapResults = ldap_search($ldapConnection, $baseDomain, $ldapFilter);
$ldapResultsCount = ldap_count_entries($ldapConnection, $ldapResults);
if ($ldapResultsCount > 0) {
$result = @ldap_get_entries($ldapConnection, $ldapResults);
$zurmoLogin = parent::authenticate();
if (!$zurmoLogin) {
if ($result[0] && @ldap_bind($ldapConnection, $result[0]['dn'], $this->password)) {
if ($this->errorCode != 1) {
$this->setState('username', $this->username);
$this->errorCode = self::ERROR_NONE;
return true;
}
}
} else {
$this->setState('username', $this->username);
$this->errorCode = self::ERROR_NONE;
return true;
}
} else {
return parent::authenticate();
}
} else {
return parent::authenticate();
}
} catch (NotFoundException $e) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} catch (BadPasswordException $e) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} catch (NoRightWebLoginException $e) {
$this->errorCode = self::ERROR_NO_RIGHT_WEB_LOGIN;
}
return false;
}
public function testResolveBindRegisteredDomain()
{
Yii::app()->user->userModel = User::getByUsername('super');
if (!ZurmoTestHelper::isAuthenticationLdapTestConfigurationSet()) {
$this->markTestSkipped(Zurmo::t('ZurmoModule', 'Test Ldap settings are not configured in perInstanceTest.php file.'));
}
//to show the fix for resolveBindRegisteredDomain with incorrect Base Domain
$bindRegisteredDomain = LdapUtil::resolveBindRegisteredDomain('testUser', 'test');
$this->assertEquals('testUser', $bindRegisteredDomain);
//to show the fix for resolveBindRegisteredDomain with correct Base Domain
$bindRegisteredDomain = LdapUtil::resolveBindRegisteredDomain('test', 'dc=server,dc=local');
// Not Coding Standard
$this->assertEquals('*****@*****.**', $bindRegisteredDomain);
}
public function actionTestConnection()
{
$configurationForm = LdapConfigurationFormAdapter::makeFormFromGlobalConfiguration();
$postVariableName = get_class($configurationForm);
if (isset($_POST[$postVariableName]) || isset($_POST['LdapConfigurationForm'])) {
if (isset($_POST[$postVariableName])) {
$configurationForm->setAttributes($_POST[$postVariableName]);
} else {
$configurationForm->serverType = $_POST['LdapConfigurationForm']['serverType'];
$configurationForm->host = $_POST['LdapConfigurationForm']['host'];
$configurationForm->port = $_POST['LdapConfigurationForm']['port'];
$configurationForm->bindRegisteredDomain = $_POST['LdapConfigurationForm']['bindRegisteredDomain'];
$configurationForm->bindPassword = $_POST['LdapConfigurationForm']['bindPassword'];
$configurationForm->baseDomain = $_POST['LdapConfigurationForm']['baseDomain'];
$configurationForm->enabled = $_POST['LdapConfigurationForm']['enabled'];
}
if ($configurationForm->host != null && $configurationForm->port != null && $configurationForm->bindRegisteredDomain != null && $configurationForm->bindPassword != null && $configurationForm->baseDomain != null && $configurationForm->serverType != null) {
$authenticationHelper = new ZurmoAuthenticationHelper();
$authenticationHelper->ldapServerType = $configurationForm->serverType;
$authenticationHelper->ldapHost = $configurationForm->host;
$authenticationHelper->ldapPort = $configurationForm->port;
$authenticationHelper->ldapBindRegisteredDomain = $configurationForm->bindRegisteredDomain;
$authenticationHelper->ldapBindPassword = $configurationForm->bindPassword;
$authenticationHelper->ldapBaseDomain = $configurationForm->baseDomain;
$authenticationHelper->ldapEnabled = $configurationForm->enabled;
$serverType = $configurationForm->serverType;
$host = $configurationForm->host;
$port = $configurationForm->port;
$bindRegisteredDomain = $configurationForm->bindRegisteredDomain;
$bindPassword = $configurationForm->bindPassword;
$baseDomain = $configurationForm->baseDomain;
$testConnectionResults = LdapUtil::establishConnection($serverType, $host, $port, $bindRegisteredDomain, $bindPassword, $baseDomain);
if ($testConnectionResults) {
$messageContent = Zurmo::t('ZurmoModule', 'Successfully Connected to Ldap Server') . "\n";
} else {
$messageContent = Zurmo::t('ZurmoModule', 'Unable to connect to Ldap server') . "\n";
}
} else {
$messageContent = Zurmo::t('ZurmoModule', 'All fields are required') . "\n";
}
Yii::app()->getClientScript()->setToAjaxMode();
$messageView = new TestConnectionView($messageContent);
$view = new ModalView($this, $messageView);
echo $view->render();
} else {
throw new NotSupportedException();
}
}
