/** * Gets the IP address of the client machine, translates it to a compatiable * eDirectory netadress and queries it against the LDAP server using a filter. * * @return mixed Username of detected user or False. * * @since 1.0 */ public function detectRemoteUser() { // Import languages for frontend errors $this->loadLanguage(); /* * When legacy flag is true, it ensures compatibility with JSSOMySite 1.x by * only returning a string username or false can be returned. This also means * keeping compatibility with Joomla 1.6. * When it is set to False, it can return an array and compatible with Joomla 2.5. */ $legacy = $this->params->get('use_legacy', false); if ($legacy) { // Use legacy way of getting paramters $authParams = new JRegistry(); $authName = $this->params->get('auth_plugin', 'jmapmyldap'); $authPlugin = JPluginHelper::getPlugin('authentication', $authName); $authParams->loadString($authPlugin->params); $ldapUid = $authParams->get('ldap_uid', 'uid'); // Attempt to load up a LDAP instance using the legacy method jimport('shmanic.jldap2'); $ldap = new JLDAP2($authParams); // Lets try to bind using proxy user if (!$ldap->connect() || !$ldap->bind($ldap->connect_username, $ldap->connect_password)) { JError::raiseWarning('SOME_ERROR_CODE', JText::_('PLG_EDIR_ERROR_LDAP_BIND')); return; } // Get IP of client machine $myip = JRequest::getVar('REMOTE_ADDR', 0, 'server'); // Convert this to some net address thing that edir likes $na = JLDAPHelper::ipToNetAddress($myip); // Find the network address and return the uid for it $filter = "(networkAddress={$na})"; $dn = $authParams->get('base_dn'); // Do the LDAP filter search now $result = new JLDAPResult($ldap->search($dn, $filter, array($ldapUid))); $ldap->close(); } else { try { // We will only check the first LDAP config $ldap = SHLdap::getInstance(); $ldap->proxyBind(); $ldapUid = $ldap->getUid; // Get the IP address of this client and convert to netaddress for LDAP searching $input = new JInput($_SERVER); $myIp = $input->get('REMOTE_ADDR', false, 'string'); $na = SHLdapHelper::ipToNetAddress($myIp); $result = $ldap->search(null, "(networkAddress={$na})", array($ldapUid)); } catch (Exception $e) { SHLog::add($e, 16010, JLog::ERROR, 'sso'); return; } } if ($value = $result->getValue(0, $ldapuid, 0)) { // Username was found logged in on this client machine return $value; } }
/** * @covers SHLdap::getInstance */ public function testSlapdGetInstanceAuthFailure() { $this->setExpectedException('SHExceptionInvaliduser', 'LIB_SHLDAP_ERR_10303', 10303); $platform = SHFactory::getConfig('file', array('file' => static::PLATFORM_CONFIG_FILE)); $user = TestsHelper::getUserCreds('shaun.maunder'); $auth = array('authenticate' => SHLdap::AUTH_USER, 'username' => $user['username'], 'password' => $user['password'] . 'asdas'); $ldap = SHLdap::getInstance('', $auth, $platform); $ldap->connect(); }
/** * Gets the Ldap user's distinguished name and optionally authenticate with the password supplied * depending on the parameters specified. * * @param boolean $authenticate True to authenticate with password. * * @return string Distinguished name of user. * * @since 2.0 * @throws Exception * @throws SHLdapException * @throws SHExceptionInvaliduser */ public function getId($authenticate) { try { if ($this->_dn instanceof Exception) { // Do not retry. Ldap configuration or user has problems. throw $this->_dn; } elseif (!is_null($this->_dn)) { // Check if this user should be authenticated if ($authenticate && $this->client->bindStatus !== SHLdap::AUTH_USER) { // Bind with the user now $this->client->getUserDn($this->username, $this->password, true); } // Dn has already been discovered so lets return it return $this->_dn; } /* * If the Ldap parameter override has been set then directly instantiate * the Ldap library otherwise use pre-configured platform configurations * through the Ldap library. */ if (!is_null($this->_config)) { $this->client = new SHLdap($this->_config); $this->client->connect(); $this->_dn = $this->client->getUserDn($this->username, $this->password, $authenticate); } else { $this->client = SHLdap::getInstance( $this->domain, array( 'username' => $this->username, 'password' => $this->password, 'authenticate' => ($authenticate ? SHLdap::AUTH_USER : SHLdap::AUTH_NONE)) ); $this->_dn = $this->client->lastUserDn; } // Emulate dn as an attribute $this->_attributes['dn'] = array($this->_dn); } catch (Exception $e) { // Save the exception for later if required and re-throw $this->_dn = $e; throw $e; } return $this->_dn; }