/**
* Gets the IP address of the client machine, translates it to a compatiable
* eDirectory netadress and queries it against the LDAP server using a filter.
*
* @return mixed Username of detected user or False.
*
* @since 1.0
*/
public function detectRemoteUser()
{
// Import languages for frontend errors
$this->loadLanguage();
/*
* When legacy flag is true, it ensures compatibility with JSSOMySite 1.x by
* only returning a string username or false can be returned. This also means
* keeping compatibility with Joomla 1.6.
* When it is set to False, it can return an array and compatible with Joomla 2.5.
*/
$legacy = $this->params->get('use_legacy', false);
if ($legacy) {
// Use legacy way of getting paramters
$authParams = new JRegistry();
$authName = $this->params->get('auth_plugin', 'jmapmyldap');
$authPlugin = JPluginHelper::getPlugin('authentication', $authName);
$authParams->loadString($authPlugin->params);
$ldapUid = $authParams->get('ldap_uid', 'uid');
// Attempt to load up a LDAP instance using the legacy method
jimport('shmanic.jldap2');
$ldap = new JLDAP2($authParams);
// Lets try to bind using proxy user
if (!$ldap->connect() || !$ldap->bind($ldap->connect_username, $ldap->connect_password)) {
JError::raiseWarning('SOME_ERROR_CODE', JText::_('PLG_EDIR_ERROR_LDAP_BIND'));
return;
}
// Get IP of client machine
$myip = JRequest::getVar('REMOTE_ADDR', 0, 'server');
// Convert this to some net address thing that edir likes
$na = JLDAPHelper::ipToNetAddress($myip);
// Find the network address and return the uid for it
$filter = "(networkAddress={$na})";
$dn = $authParams->get('base_dn');
// Do the LDAP filter search now
$result = new JLDAPResult($ldap->search($dn, $filter, array($ldapUid)));
$ldap->close();
} else {
try {
// We will only check the first LDAP config
$ldap = SHLdap::getInstance();
$ldap->proxyBind();
$ldapUid = $ldap->getUid;
// Get the IP address of this client and convert to netaddress for LDAP searching
$input = new JInput($_SERVER);
$myIp = $input->get('REMOTE_ADDR', false, 'string');
$na = SHLdapHelper::ipToNetAddress($myIp);
$result = $ldap->search(null, "(networkAddress={$na})", array($ldapUid));
} catch (Exception $e) {
SHLog::add($e, 16010, JLog::ERROR, 'sso');
return;
}
}
if ($value = $result->getValue(0, $ldapuid, 0)) {
// Username was found logged in on this client machine
return $value;
}
}
/**
* @covers SHLdap::getInstance
*/
public function testSlapdGetInstanceAuthFailure()
{
$this->setExpectedException('SHExceptionInvaliduser', 'LIB_SHLDAP_ERR_10303', 10303);
$platform = SHFactory::getConfig('file', array('file' => static::PLATFORM_CONFIG_FILE));
$user = TestsHelper::getUserCreds('shaun.maunder');
$auth = array('authenticate' => SHLdap::AUTH_USER, 'username' => $user['username'], 'password' => $user['password'] . 'asdas');
$ldap = SHLdap::getInstance('', $auth, $platform);
$ldap->connect();
}
/**
* Gets the Ldap user's distinguished name and optionally authenticate with the password supplied
* depending on the parameters specified.
*
* @param boolean $authenticate True to authenticate with password.
*
* @return string Distinguished name of user.
*
* @since 2.0
* @throws Exception
* @throws SHLdapException
* @throws SHExceptionInvaliduser
*/
public function getId($authenticate)
{
try
{
if ($this->_dn instanceof Exception)
{
// Do not retry. Ldap configuration or user has problems.
throw $this->_dn;
}
elseif (!is_null($this->_dn))
{
// Check if this user should be authenticated
if ($authenticate && $this->client->bindStatus !== SHLdap::AUTH_USER)
{
// Bind with the user now
$this->client->getUserDn($this->username, $this->password, true);
}
// Dn has already been discovered so lets return it
return $this->_dn;
}
/*
* If the Ldap parameter override has been set then directly instantiate
* the Ldap library otherwise use pre-configured platform configurations
* through the Ldap library.
*/
if (!is_null($this->_config))
{
$this->client = new SHLdap($this->_config);
$this->client->connect();
$this->_dn = $this->client->getUserDn($this->username, $this->password, $authenticate);
}
else
{
$this->client = SHLdap::getInstance(
$this->domain, array(
'username' => $this->username,
'password' => $this->password,
'authenticate' => ($authenticate ? SHLdap::AUTH_USER : SHLdap::AUTH_NONE))
);
$this->_dn = $this->client->lastUserDn;
}
// Emulate dn as an attribute
$this->_attributes['dn'] = array($this->_dn);
}
catch (Exception $e)
{
// Save the exception for later if required and re-throw
$this->_dn = $e;
throw $e;
}
return $this->_dn;
}
