public function validUsername($uname, &$response)
{
if ($uname == NSS_STATIC_UID) {
$response = array('uid' => NSS_STATIC_UID, 'mail' => NSS_STATIC_UID . '@nowhere.org', 'cn' => 'Test User', 'displayName' => 'Test User');
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
return TRUE;
}
return FALSE;
}
public function validUsername($uname, &$response)
{
$result = FALSE;
if (preg_match($this->_prefs['usernameRegexp'], strtolower($uname), $pieces)) {
$q = $this->_db->DBReadLocalUser($uname);
if ($q) {
$response = array('uid' => $q[0]['username'], 'mail' => $q[0]['mail'], 'cn' => $q[0]['displayname'], 'displayName' => $q[0]['displayname'], 'organization' => $q[0]['organization']);
$result = TRUE;
} else {
$result = FALSE;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
}
return $result;
}
public function Tryvalid($uname, &$response)
{
global $smarty;
$result = FALSE;
// Bind to one of our LDAP servers:
foreach ($this->_ldapServers as $ldapServer) {
if ($this->_ldapUseSSL) {
$ldapServer = "ldaps://" . $ldapServer;
}
if ($ldapConn = ldap_connect($ldapServer)) {
// Set the protocol to 3 only:
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0);
// Connection made, now attempt to start TLS and bind anonymously:
if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapBindUser, $this->_ldapBindPass)) {
break;
}
}
}
if ($ldapBind) {
if (!is_array($this->_ldapBase)) {
$this->_ldapBase = array($this->_ldapBase);
}
foreach ($this->_ldapBase as $ldapBase) {
$ldapSearch = ldap_search($ldapConn, $ldapBase, "sAMAccountName={$uname}");
if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) {
// We got a result and a DN for the user in question, so
// that means s/he exists!
$result = TRUE;
if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) {
$response = array();
foreach ($responseArray as $key => $value) {
if (is_array($value) && array_key_exists('count', $value) && $value['count'] >= 1) {
$response[$key] = $value[0];
// For Klas Elmby and his AD "proxyAddresses" attribute
// containing alternate email addresses for this user
//if ($key=="proxyAddresses") {
// $num = 0;
// $response['proxyAdd'] = array();
// for ($n=0; $n<$value['count']; $n++) {
// if (strncasecmp($value[$n],"smtp:",5)==0) {
// $response['proxyAdd'][$num] = substr($value[$n],5);
// $num++;
// }
// }
// $response['proxyCount'] = $num;
// // BUG BUG BUG -- Klas? $response[$key] = $proxStr;
//}
} else {
$response[$key] = $value;
}
// Store the list of groups they are a member of
if (strtolower($key) == $this->_ldapMemberKey) {
$groups = $value;
}
}
$response['organization'] = $this->_ldapOrg;
// Do the authorisation check. User must be a member of a group.
$authorisationPassed = TRUE;
if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') {
$authorisationPassed = FALSE;
foreach ($groups as $group) {
if (strtolower($group) == $this->_ldapMemberRole) {
$authorisationPassed = TRUE;
}
}
}
if (!$authorisationPassed) {
NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed');
//NSSError('This user is not permitted to use this service.','Authorisation Failed');
// We found the user okay, but he wasn't a group member
$result = -69;
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
//} else {
// if ( $ldapConn ) {
// ldap_close($ldapConn);
// }
// return -69;
}
}
// If we get to here, we managed to contact the server, but couldn't
// find them in any of the BaseDNs we were told to search.
if ($ldapConn) {
ldap_close($ldapConn);
}
return -69;
} else {
// NSSError('Invalid username: Unable to connect to any of the LDAP servers; could not authenticate user.','LDAP Error');
if ($ldapConn) {
ldap_close($ldapConn);
}
return -70;
}
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
public function validUsername($uname, &$response)
{
global $smarty;
$result = FALSE;
// Bind to one of our LDAP servers:
foreach ($this->_ldapServers as $ldapServer) {
//if($this->_ldapUseSSL){$ldapServer="ldaps://".$ldapServer;}
if ($ldapConn = ldap_connect($ldapServer)) {
// Set the protocol to 3 only:
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
// Connection made, now attempt to start TLS and bind anonymously:
// Only do start_tls if ldapUseSSL is false
if (!$this->_ldapUseSSL || ldap_start_tls($ldapConn)) {
if ($ldapBind = @ldap_bind($ldapConn, $this->_ldapDn, $this->_ldapPass)) {
break;
}
}
}
}
if ($ldapBind) {
$ldapSearch = ldap_search($ldapConn, $this->_ldapBase, "uid={$uname}");
if ($ldapSearch && ($ldapEntry = ldap_first_entry($ldapConn, $ldapSearch)) && ($ldapDN = ldap_get_dn($ldapConn, $ldapEntry))) {
// We got a result and a DN for the user in question, so
// that means s/he exists!
$result = TRUE;
if ($responseArray = ldap_get_attributes($ldapConn, ldap_first_entry($ldapConn, $ldapSearch))) {
$response = array();
foreach ($responseArray as $key => $value) {
if (is_array($value) && $value['count'] >= 1) {
$response[$key] = $value[0];
} else {
$response[$key] = $value;
}
// Store the list of groups they are a member of
if (strtolower($key) == $this->_ldapMemberKey) {
$groups = $value;
}
}
// Set displayName and cn if not already set
if ($this->_ldapFullName != "displayName") {
$nameKeys = explode(" ", $this->_ldapFullName);
$nameWords = array();
foreach ($nameKeys as $k) {
if ($k) {
$nameWords[] = $response[$k];
}
}
$response['displayName'] = implode(' ', $nameWords);
}
if (!$response['cn']) {
$response['cn'] = $response['displayName'];
}
if (!$response['organization']) {
$response['organization'] = $this->_ldapOrg;
}
// Do the authorisation check. User must be a member of a group.
$authorisationPassed = TRUE;
if ($this->_ldapMemberKey != '' && $this->_ldapMemberRole != '') {
$authorisationPassed = FALSE;
foreach ($groups as $group) {
if (strtolower($group) == $this->_ldapMemberRole) {
$authorisationPassed = TRUE;
}
}
}
if (!$authorisationPassed) {
NSSError($smarty->getConfigVariable('ErrorUnauthorizedUser'), 'Authorisation Failed');
$result = FALSE;
}
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
}
}
} else {
NSSError('Unable to connect to any of the LDAP servers; could not authenticate user.', 'LDAP Error');
}
if ($ldapConn) {
ldap_close($ldapConn);
}
return $result;
}
public function validUsername($uname, &$response)
{
$result = FALSE;
if (!$this->_imapDomain) {
// There is no imapDomain so use the full supplied address as the uname
$response = array('uid' => $uname, 'mail' => $uname, 'cn' => $uname, 'displayName' => $uname, 'organization' => $this->_imapOrg);
$result = TRUE;
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
} else {
// imapDomain is set, so strip out the username
if (preg_match($this->_prefs['usernameRegexp'], strtolower($uname), $pieces)) {
$response = array('uid' => $pieces[0], 'mail' => $pieces[0] . $this->_imapDomain, 'cn' => $pieces[0] . $this->_imapDomain, 'displayName' => $pieces[0] . $this->_imapDomain, 'organization' => $this->_imapOrg);
$result = TRUE;
// Chain to the super class for any further properties to be added
// to the $response array:
parent::validUsername($uname, $response);
}
}
return $result;
}
