Source for file ldap.auth.php

Documentation is available at ldap.auth.php

  1. <?php
  2. /**
  3. @package    jelix
  4. @subpackage ldap_driver
  5. @author     Tahina Ramaroson
  6. @contributor Sylvain de Vathaire
  7. @contributor Thibaud Fabre, Laurent Jouanneau
  8. @copyright  2009 Neov, 2010 Thibaud Fabre, 2011 Laurent Jouanneau
  9. @licence  http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
  10. */
  11.  
  12.  
  13. /**
  14. * LDAP authentification driver for authentification information stored in LDAP server
  15. @package    jelix
  16. @subpackage auth_driver
  17. */
  18. class ldapAuthDriver extends jAuthDriverBase implements jIAuthDriver {
  19.  
  20.     /**
  21.     * default user attributes list
  22.     * @var array 
  23.     * @access protected
  24.     */
  25.     protected $_default_attributes = array("cn","distinguishedName","name");
  26.  
  27.     function __construct($params){
  28.  
  29.         if (!extension_loaded('ldap')) {
  30.             throw new jException('jelix~auth.ldap.extension.unloaded');
  31.         }
  32.  
  33.         parent::__construct($params);
  34.  
  35.         // default ldap parameters
  36.         $_default_params array(
  37.             'hostname'      =>  'localhost',
  38.             'port'          =>  389,
  39.             'ldapUser'      =>  null,
  40.             'ldapPassword'      =>  null,
  41.             'protocolVersion'   =>  3,
  42.             'uidProperty'       =>  'cn'
  43.         );
  44.  
  45.         // iterate each default parameter and apply it to actual params if missing in $params.
  46.         foreach($_default_params as $name => $value{
  47.             if (!isset($this->_params[$name]|| $this->_params[$name== ''{
  48.                 $this->_params[$name$value;
  49.             }
  50.         }
  51.  
  52.         if (!isset($this->_params['searchBaseDN']|| $this->_params['searchBaseDN'== ''{
  53.             throw new jException('jelix~auth.ldap.search.base.missing');
  54.         }
  55.  
  56.         if (!isset($this->_params['searchFilter']|| $this->_params['searchFilter'== ''{
  57.             throw new jException('jelix~auth.ldap.search.filter.missing');
  58.         }
  59.  
  60.         if (!isset($this->_params['searchAttributes']|| $this->_params['searchAttributes'== ''{
  61.             $this->_params['searchAttributes'$this->_default_attributes;
  62.         else {
  63.             $this->_params['searchAttributes'explode(","$this->_params['searchAttributes']);
  64.         }
  65.     }
  66.  
  67.     public function saveNewUser($user){
  68.  
  69.         if (!is_object($user|| !($user instanceof jAuthUserLDAP)) {
  70.             throw new jException('jelix~auth.ldap.object.user.unknown');
  71.         }
  72.  
  73.         if (!($user->login != '')) {
  74.             throw new jException('jelix~auth.ldap.user.login.unset');
  75.         }
  76.  
  77.         $entries $this->getAttributesLDAP($user);
  78.  
  79.         $connect $this->_getLinkId();
  80.         $result false;
  81.         if($connect){
  82.  
  83.             if(ldap_bind($connect$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  84.                 $result ldap_add($connect$this->_buildUserDn($user->login)$entries);
  85.             }
  86.             ldap_close($connect);
  87.         }
  88.  
  89.         return $result;
  90.  
  91.     }
  92.  
  93.     public function removeUser($login){
  94.  
  95.         $connect $this->_getLinkId();
  96.         $result false;
  97.         if ($connect{
  98.             if (ldap_bind($connect$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  99.                 $result ldap_delete($connect$this->_buildUserDn($login));
  100.             }
  101.             ldap_close($connect);
  102.         }
  103.         return $result;
  104.     }
  105.  
  106.     public function updateUser($user){
  107.  
  108.         if (!is_object($user|| !($user instanceof jAuthUserLDAP)) {
  109.             throw new jException('jelix~auth.ldap.object.user.unknown');
  110.         }
  111.  
  112.         if (!($user->login != '')) {
  113.             throw new jException('jelix~auth.ldap.user.login.unset');
  114.         }
  115.  
  116.         $entries=$this->getAttributesLDAP($user,true);
  117.  
  118.         $connect $this->_getLinkId();
  119.         $result false;
  120.         if ($connect{
  121.             if (ldap_bind($connect,$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  122.                 $result ldap_modify($connect$this->_buildUserDn($user->login)$entries);
  123.             }
  124.             ldap_close($connect);
  125.         }
  126.  
  127.         return $result;
  128.     }
  129.  
  130.     public function getUser($login){
  131.  
  132.         $connect $this->_getLinkId();
  133.  
  134.         if($connect){
  135.  
  136.             if(ldap_bind($connect$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  137.                 if (($search ldap_search($connect$this->_params['searchBaseDN']$this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
  138.                     if (($entry ldap_first_entry($connect$search))) {
  139.                         $attributes ldap_get_attributes($connect$entry);
  140.                         if($attributes['count']>0){
  141.                             $user new jAuthUserLDAP();
  142.                             $this->setAttributesLDAP($user$attributes);
  143.                             $user->login $login;
  144.                             $user->password '';
  145.                             ldap_close($connect);
  146.                             return $user;
  147.                         }
  148.                     }
  149.                 }
  150.             }
  151.             ldap_close($connect);
  152.         }
  153.  
  154.         return false;
  155.     }
  156.  
  157.     public function createUserObject($login,$password){
  158.  
  159.         $user new jAuthUserLDAP();
  160.  
  161.         $user->login $login;
  162.         $user->password $this->cryptPassword($password);
  163.         foreach ($this->_params['searchAttributes'as $property{
  164.             $user->$property '';
  165.         }
  166.  
  167.         return $user;
  168.     }
  169.  
  170.     public function getUserList($pattern){
  171.  
  172.         $users array();
  173.  
  174.         $connect $this->_getLinkId();
  175.  
  176.         if ($connect{
  177.  
  178.             if (ldap_bind($connect$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  179.                 $filter ($pattern != '' && $pattern != '%'"(&".$this->_params['searchFilter'"({$this->_params['uidProperty']}={$pattern}))$this->_params['searchFilter';
  180.  
  181.                 if (($search ldap_search($connect$this->_params['searchBaseDN']$filter$this->_params['searchAttributes']))) {
  182.                     ldap_sort($connect$search$this->_params['uidProperty']);
  183.                     $entry ldap_first_entry($connect$search);
  184.                     while ($entry{
  185.                         $attributes ldap_get_attributes($connect$entry);
  186.                         if ($attributes['count']>0{
  187.                             $user new jAuthUserLDAP();
  188.                             $this->setAttributesLDAP($user$attributes);
  189.                             $user->password '';
  190.                             $users[$user;
  191.                         }
  192.                         $entry ldap_next_entry($connect$entry);
  193.                     }
  194.                 }
  195.             }
  196.             ldap_close($connect);
  197.         }
  198.  
  199.         return $users;
  200.     }
  201.  
  202.     public function changePassword($login$newpassword{
  203.  
  204.         $entries array();
  205.         $entries["userpassword"][0$this->cryptPassword($newpassword);
  206.  
  207.         $connect $connect $this->_getLinkId();
  208.         $result false;
  209.         if ($connect{
  210.             if (ldap_bind($connect,$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  211.                 $result ldap_mod_replace($connect$this->_buildUserDn($login)$entries);
  212.             }
  213.             ldap_close($connect);
  214.         }
  215.         return $result;
  216.     }
  217.  
  218.     public function verifyPassword($login$password{
  219.  
  220.         $connect $this->_getLinkId();
  221.  
  222.         if ($connect{
  223.             //authenticate user
  224.             $bind @ldap_bind($connect$this->_buildUserDn($login)$this->cryptPassword($password));
  225.  
  226.             if ($bind{
  227.                 //get connected user infos
  228.                 if (ldap_bind($connect,$this->_params['ldapUser']$this->_params['ldapPassword'])) {
  229.                     if (($search ldap_search($connect$this->_params['searchBaseDN']$this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
  230.                         if (($entry ldap_first_entry($connect,$search))) {
  231.                             $attributes ldap_get_attributes($connect,$entry);
  232.                             if($attributes['count']>0){
  233.                                 $user new jAuthUserLDAP();
  234.                                 $this->setAttributesLDAP($user$attributes);
  235.                                 $user->login $login;
  236.                                 $user->password '';
  237.                                 ldap_close($connect);
  238.                                 return $user;
  239.                             }
  240.                         }
  241.                     }
  242.                 }
  243.             }
  244.             ldap_close($connect);
  245.         }
  246.         return false;
  247.     }
  248.  
  249.     protected function getAttributesLDAP($user$update=false{
  250.  
  251.         $entries array();
  252.         $entries["objectclass"][0"user";
  253.         $properties get_object_vars($user);
  254.         foreach ($properties as $property=>$value{
  255.             switch(strtolower($property)) {
  256.                 case 'login':
  257.                     if (!$update{
  258.                         $entries[$this->_params['uidProperty']][0$value;
  259.                         $entries["name"][0$value;
  260.                     }
  261.                     break;
  262.                 case 'password':
  263.                     if ($value != ''{
  264.                         $entries["userpassword"][0$value;
  265.                     }
  266.                     break;
  267.                 case 'email':
  268.                     if ($value != ''{
  269.                         $entries["mail"][0$value;
  270.                     }
  271.                     break;
  272.                 default:
  273.                     if ($value != ''{
  274.                         $entries[$property][0$value;
  275.                     }
  276.                     break;
  277.             }
  278.         }
  279.         return $entries;
  280.     }
  281.  
  282.     protected function setAttributesLDAP(&$user$attributes{
  283.  
  284.         foreach($this->_params['searchAttributes'as $attribute{
  285.             if (isset($attributes[$attribute])) {
  286.                 array_shift($attributes[$attribute]);
  287.                 switch(strtolower($attribute)) {
  288.                     case 'mail':
  289.                         $user->email $attributes[$attribute];
  290.                         break;
  291.                     case $this->_params['uidProperty']:
  292.                         $user->login $attributes[$attribute];
  293.                         break;
  294.                     default:
  295.                         $user->$attribute $attributes[$attribute];
  296.                         break;
  297.                 }
  298.             }
  299.         }
  300.     }
  301.  
  302.     protected function _buildUserDn($login{
  303.         if ($login{
  304.             return $this->_params['uidProperty'].'='.$login.",".$this->_params['searchBaseDN'];
  305.         }
  306.         return '';
  307.     }
  308.  
  309.     protected function _getLinkId({
  310.         if ($connect ldap_connect($this->_params['hostname']$this->_params['port'])) {
  311.             ldap_set_option($connectLDAP_OPT_PROTOCOL_VERSION$this->_params['protocolVersion']);
  312.             ldap_set_option($connectLDAP_OPT_REFERRALS0);
  313.             return $connect;
  314.         }
  315.         return false;
  316.     }
  317.  
  318. }

Documentation generated on Thu, 19 Sep 2013 00:08:15 +0200 by phpDocumentor 1.4.3