/**
* Gets the Ldap user's distinguished name and optionally authenticate with the password supplied
* depending on the parameters specified.
*
* @param boolean $authenticate True to authenticate with password.
*
* @return string Distinguished name of user.
*
* @since 2.0
* @throws Exception
* @throws SHLdapException
* @throws SHExceptionInvaliduser
*/
public function getId($authenticate)
{
try
{
if ($this->_dn instanceof Exception)
{
// Do not retry. Ldap configuration or user has problems.
throw $this->_dn;
}
elseif (!is_null($this->_dn))
{
// Check if this user should be authenticated
if ($authenticate && $this->client->bindStatus !== SHLdap::AUTH_USER)
{
// Bind with the user now
$this->client->getUserDn($this->username, $this->password, true);
}
// Dn has already been discovered so lets return it
return $this->_dn;
}
/*
* If the Ldap parameter override has been set then directly instantiate
* the Ldap library otherwise use pre-configured platform configurations
* through the Ldap library.
*/
if (!is_null($this->_config))
{
$this->client = new SHLdap($this->_config);
$this->client->connect();
$this->_dn = $this->client->getUserDn($this->username, $this->password, $authenticate);
}
else
{
$this->client = SHLdap::getInstance(
$this->domain, array(
'username' => $this->username,
'password' => $this->password,
'authenticate' => ($authenticate ? SHLdap::AUTH_USER : SHLdap::AUTH_NONE))
);
$this->_dn = $this->client->lastUserDn;
}
// Emulate dn as an attribute
$this->_attributes['dn'] = array($this->_dn);
}
catch (Exception $e)
{
// Save the exception for later if required and re-throw
$this->_dn = $e;
throw $e;
}
return $this->_dn;
}
/**
* Class constructor.
*
* @param array $credentials Ldap credentials to use for this object (this is not a proxy user).
* @param mixed $config Ldap configuration options such as host, proxy user and core attributes.
* @param array $options Extra options such as isNew.
*
* @since 2.0
*/
public function __construct(array $credentials, $config = null, array $options = array())
{
parent::__construct($credentials, $config, $options);
// Register a callback for validating LDAP parameters
SHUtilValidate::getInstance()->register(__CLASS__ . '::validate');
if (is_array($config) && count($config)) {
// Check if Ldap plugins should be disabled when collecting attributes later
if (isset($config['disable_use_of_plugins'])) {
$this->_usePlugins = false;
unset($config['disable_use_of_plugins']);
}
// Override the Ldap parameters with this later on
$this->_config = $config;
}
// If the user is new then the user creation script needs to provide a dn for the new object
if ($this->isNew) {
$this->_dn = JArrayHelper::getValue($credentials, 'dn');
/*
* If the Ldap parameter override has been set then directly instantiate
* the Ldap library otherwise use pre-configured platform configurations
* through the Ldap library.
*/
$client = SHFactory::getLdapClient($this->domain, $this->_config);
$this->client = $client[0];
$this->client->connect();
$this->client->proxyBind();
// We need to check that this ldap client config has the required user based parameters
$this->_userParams = (array) $this->client->userParams;
// Check whether the user already exists
if ($this->_checkUserExists()) {
$this->state = self::STATE_EXISTS;
throw new RuntimeException(JText::sprintf('LIB_SHUSERADAPTERSLDAP_ERR_10909', $this->username), 10909);
}
// Emulate dn as an attribute
$this->_attributes['dn'] = array($this->_dn);
$this->state = self::STATE_NEW;
}
}
/**
* @covers SHLdap::__get
*/
public function testMagicGetMethod()
{
$user = TestsHelper::getUserCreds('shaun.maunder');
$ldap = new SHLdap(TestsHelper::getLdapConfig(214));
$ldap->connect();
// Test Bind Status
$this->assertEquals(SHLdap::AUTH_NONE, $ldap->bindStatus);
$ldap->proxyBind();
$this->assertEquals(SHLdap::AUTH_PROXY, $ldap->bindStatus);
$ldap->bind('asdasdas', 'asdasdas');
$this->assertEquals(SHLdap::AUTH_NONE, $ldap->bindStatus);
$ldap->bind($user['dn'], $user['password']);
$this->assertEquals(SHLdap::AUTH_USER, $ldap->bindStatus);
// Rinse and Go
$ldap = new SHLdap(TestsHelper::getLdapConfig(214));
$ldap->connect();
// Test Last User DN
$this->assertNull($ldap->lastUserDn);
$ldap->getUserDn($user['username'], $user['password']);
$this->assertEquals($user['dn'], $ldap->lastUserDn);
// Test All user Filter
$this->assertEquals('(objectclass=user)', $ldap->allUserFilter);
// Rinse and Go
$ldap = new SHLdap(TestsHelper::getLdapConfig(216));
$ldap->connect();
// Test Key for Name Attribute
$this->assertEquals('cn', $ldap->keyName);
$this->assertEquals('mail', $ldap->keyEmail);
$this->assertEquals('uid', $ldap->keyUid);
$this->assertEquals('uid', $ldap->ldap_uid);
// Test Information
$this->assertEquals('ldap1.shmanic.net:389', $ldap->info);
// Test something that doesn't exist
$this->assertNull($ldap->doesntexist);
}
/**
* Gets all the LDAP configs and attempts to bind with each.
* This is presented on the dashboard.
*
* @return array Array of objects containing LDAP config information.
*
* @since 2.0
*/
public function getBinds()
{
try {
$results = array();
// Get all the Ldap config IDs and Names
$ids = SHLdapHelper::getConfigIDs();
foreach ($ids as $name) {
// Get this specific Ldap configuration based on name
$config = SHLdapHelper::getConfig($name);
$result = new stdClass();
$result->name = $name;
$result->host = $config->get('host');
$result->port = $config->get('port');
$result->connect = false;
$ldap = new SHLdap($config);
// Need to process the ldap formatting for the host configuration ready for a fsockopen
$processed = str_replace(array('ldap://', 'ldaps://'), '', $config->get('host'));
if ($pos = strpos($processed, chr(32))) {
$processed = substr($processed, 0, $pos);
}
// Check if we can open a socket to the LDAP server:port to check the connection
if (@fsockopen($processed, $config->get('port'))) {
$result->connect = true;
}
// Attempt to connect and bind and record the result
if ($ldap->connect()) {
if ($ldap->proxyBind()) {
$result->bind = true;
}
}
// Lets add this config to our results pool
$results[] = $result;
}
return $results;
} catch (Exception $e) {
// We need to look for a string instead of an array on error
return $e->getMessage();
}
}
