/** * @param $username string * @param $password string * @param $filter string * @return bool */ public function Authenticate($username, $password, $filter) { $this->PopulateUser($username, $filter); if ($this->user == null) { return false; } Log::Debug('Trying to authenticate user %s against ldap with dn %s', $username, $this->user->GetDn()); $result = $this->ldap->bind($this->user->GetDn(), $password); if ($result === true) { Log::Debug('Authentication was successful'); return true; } if (Net_LDAP2::isError($result)) { $message = 'Could not authenticate user against ldap %s: ' . $result->getMessage(); Log::Error($message, $username); } return false; }
/** * * @internal * * @param Capall_Ldaper_LdapUser $ldapUser * @param string $password * * @return bool */ public function authenticateUser($ldapUser, $password) { $bindResult = $this->ldapConnection->bind($ldapUser->getDn(), $password); if (PEAR::isError($bindResult)) { // Authentication failed. return false; } return true; }
private function validatePassword($uid, $password) { $errors = array(); foreach (explode('|', $this->getUserDNstring($uid)) as $userDNstring) { // Connecting using the configuration try { $res = $this->conn->bind($userDNstring, $password); if (Misc::isError($res)) { throw new AuthException($res->getMessage(), $res->getCode()); } return $res; } catch (AuthException $e) { $errors[] = $e; } } foreach ($errors as $e) { /** @var Exception $e */ Auth::saveLoginAttempt($uid, 'failure', $e->getMessage()); } return false; }
function get_ldap_connection($config = null) { if ($config == null) { $config = $this->ldap_config; } $config_id = crc32(serialize($config)); if (array_key_exists($config_id, self::$ldap_connections)) { $ldap = self::$ldap_connections[$config_id]; } else { //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. $ldap = new Net_LDAP2($config); $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err = $ldap->bind(); if (Net_LDAP2::isError($err)) { // if we were called with a config, assume caller will handle // incorrect username/password (LDAP_INVALID_CREDENTIALS) if (isset($config) && $err->getCode() == 0x31) { throw new LdapInvalidCredentialsException('Could not connect to LDAP server: ' . $err->getMessage()); } throw new Exception('Could not connect to LDAP server: ' . $err->getMessage()); } $c = common_memcache(); if (!empty($c)) { $cacheObj = new MemcacheSchemaCache(array('c' => $c, 'cacheKey' => common_cache_key('ldap_schema:' . $config_id))); $ldap->registerSchemaCache($cacheObj); } self::$ldap_connections[$config_id] = $ldap; } return $ldap; }
/** * Configure Net_LDAP2, connect and bind * * Use this method as starting point of using Net_LDAP2 * to establish a connection to your LDAP server. * * Static function that returns either an error object or the new Net_LDAP2 * object. Something like a factory. Takes a config array with the needed * parameters. * * @param array $config Configuration array * * @access public * @return Net_LDAP2_Error|Net_LDAP2 Net_LDAP2_Error or Net_LDAP2 object */ public static function &connect($config = array()) { $ldap_check = self::checkLDAPExtension(); if (self::iserror($ldap_check)) { return $ldap_check; } @($obj = new Net_LDAP2($config)); // todo? better errorhandling for setConfig()? // connect and bind with credentials in config $err = $obj->bind(); if (self::isError($err)) { return $err; } return $obj; }
function getConnection() { require_once 'include/Net/LDAP2.php'; // Set reasonable timeout limits $defaults = array('options' => array('LDAP_OPT_TIMELIMIT' => 5, 'LDAP_OPT_NETWORK_TIMEOUT' => 5)); if ($this->getConfig()->get('tls')) { $defaults['starttls'] = true; } if ($this->getConfig()->get('schema') == 'msad') { // Special options for Active Directory (2000+) servers //$defaults['starttls'] = true; $defaults['options'] += array('LDAP_OPT_PROTOCOL_VERSION' => 3, 'LDAP_OPT_REFERRALS' => 0); // Active Directory servers almost always use self-signed certs putenv('LDAPTLS_REQCERT=never'); } foreach ($this->getServers() as $s) { $params = $defaults + $s; $c = new Net_LDAP2($params); $r = $c->bind(); if (!PEAR::isError($r)) { return $c; } var_dump($r); } }
function pre_save(&$config, &$errors) { require_once 'include/Net/LDAP2.php'; global $ost; if ($ost && !extension_loaded('ldap')) { $ost->setWarning('LDAP extension is not available'); return; } if ($config['domain'] && !$config['servers']) { if (!($servers = LDAPAuthentication::autodiscover($config['domain'], preg_split('/,?\\s+/', $config['dns'])))) { $this->getForm()->getField('servers')->addError("Unable to find LDAP servers for this domain. Try giving\n an address of one of the DNS servers or manually specify\n the LDAP servers for this domain below."); } } else { if (!$config['servers']) { $this->getForm()->getField('servers')->addError("No servers specified. Either specify a Active Directory\n domain or a list of servers"); } else { $servers = array(); foreach (preg_split('/\\s+/', $config['servers']) as $host) { $servers[] = array('host' => $host); } } } $connection_error = false; foreach ($servers as $info) { // Assume MSAD $info['options']['LDAP_OPT_REFERRALS'] = 0; if ($config['tls']) { $info['starttls'] = true; // Don't require a certificate here putenv('LDAPTLS_REQCERT=never'); } if ($config['bind_dn']) { $info['binddn'] = $config['bind_dn']; $info['bindpw'] = $config['bind_pw'] ? $config['bind_pw'] : Crypto::decrypt($this->get('bind_pw'), SECRET_SALT, $this->getNamespace()); } // Set reasonable timeouts so we dont exceed max_execution_time $info['options'] = array('LDAP_OPT_TIMELIMIT' => 5, 'LDAP_OPT_NETWORK_TIMEOUT' => 5); $c = new Net_LDAP2($info); $r = $c->bind(); if (PEAR::isError($r)) { $connection_error = $r->getMessage() . ': Unable to bind to ' . $info['host']; } else { $connection_error = false; break; } } if ($connection_error) { $this->getForm()->getField('servers')->addError($connection_error); $errors['err'] = 'Unable to connect any listed LDAP servers'; } if (!$errors && $config['bind_pw']) { $config['bind_pw'] = Crypto::encrypt($config['bind_pw'], SECRET_SALT, $this->getNamespace()); } else { $config['bind_pw'] = $this->get('bind_pw'); } global $msg; if (!$errors) { $msg = 'LDAP configuration updated successfully'; } return !$errors; }
function ldap_get_connection($config = null) { if ($config == null && isset($this->default_ldap)) { return $this->default_ldap; } //cannot use Net_LDAP2::connect() as StatusNet uses //PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); //PEAR handling can be overridden on instance objects, so we do that. $ldap = new Net_LDAP2(isset($config) ? $config : $this->ldap_get_config()); $ldap->setErrorHandling(PEAR_ERROR_RETURN); $err = $ldap->bind(); if (Net_LDAP2::isError($err)) { // if we were called with a config, assume caller will handle // incorrect username/password (LDAP_INVALID_CREDENTIALS) if (isset($config) && $err->getCode() == 0x31) { return null; } throw new Exception('Could not connect to LDAP server: ' . $err->getMessage()); return false; } if ($config == null) { $this->default_ldap = $ldap; } return $ldap; }