Source for file ldap.auth.php

Documentation is available at ldap.auth.php

  1. <?php
  2. /**
  3. @package    jelix
  4. @subpackage ldap_driver
  5. @author     Tahina Ramaroson
  6. @contributor Sylvain de Vathaire
  7. @contributor Thibaud Fabre, Laurent Jouanneau
  8. @copyright  2009 Neov, 2010 Thibaud Fabre, 2011 Laurent Jouanneau
  9. @licence  http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
  10. */
  11.  
  12.  
  13. /**
  14. * LDAP authentification driver for authentification information stored in LDAP server
  15. @package    jelix
  16. @subpackage auth_driver
  17. */
  18. class ldapAuthDriver extends jAuthDriverBase implements jIAuthDriver {
  19.  
  20.     /**
  21.     * default user attributes list
  22.     * @var array 
  23.     * @access protected
  24.     */
  25.     protected $_default_attributes = array("cn","distinguishedName","name");
  26.  
  27.     function __construct($params){
  28.  
  29.         if (!extension_loaded('ldap')) {
  30.             throw new jException('jelix~auth.ldap.extension.unloaded');
  31.         }
  32.  
  33.         parent::__construct($params);
  34.  
  35.         // default ldap parameters
  36.         $_default_params array(
  37.             'hostname'      =>  'localhost',
  38.             'port'          =>  389,
  39.             'ldapUser'      =>  null,
  40.             'ldapPassword'      =>  null,
  41.             'protocolVersion'   =>  3,
  42.             'uidProperty'       =>  'cn'
  43.         );
  44.  
  45.         // iterate each default parameter and apply it to actual params if missing in $params.
  46.         foreach($_default_params as $name => $value{
  47.             if (!isset($this->_params[$name]|| $this->_params[$name== ''{
  48.                 $this->_params[$name$value;
  49.             }
  50.         }
  51.  
  52.         if (!isset($this->_params['searchBaseDN']|| $this->_params['searchBaseDN'== ''{
  53.             throw new jException('jelix~auth.ldap.search.base.missing');
  54.         }
  55.  
  56.         if (!isset($this->_params['searchFilter']|| $this->_params['searchFilter'== ''{
  57.             throw new jException('jelix~auth.ldap.search.filter.missing');
  58.         }
  59.  
  60.         if (!isset($this->_params['searchAttributes']|| $this->_params['searchAttributes'== ''{
  61.             $this->_params['searchAttributes'$this->_default_attributes;
  62.         else {
  63.             $this->_params['searchAttributes'explode(","$this->_params['searchAttributes']);
  64.         }
  65.     }
  66.  
  67.     public function saveNewUser($user){
  68.  
  69.         if (!is_object($user|| !($user instanceof jAuthUserLDAP)) {
  70.             throw new jException('jelix~auth.ldap.object.user.unknown');
  71.         }
  72.  
  73.         if (!($user->login != '')) {
  74.             throw new jException('jelix~auth.ldap.user.login.unset');
  75.         }
  76.  
  77.         $entries $this->getAttributesLDAP($user);
  78.  
  79.         $connect $this->_bindLdapUser();
  80.         if ($connect === false{
  81.             return false;
  82.         }
  83.         $result ldap_add($connect$this->_buildUserDn($user->login)$entries);
  84.         ldapd_close($connect);
  85.         return $result;
  86.  
  87.     }
  88.  
  89.     public function removeUser($login){
  90.  
  91.         $connect $this->_bindLdapUser();
  92.         if ($connect === false{
  93.             return false;
  94.         }
  95.         $result ldap_delete($connect$this->_buildUserDn($login));
  96.         ldap_close($connect);
  97.         return $result;
  98.     }
  99.  
  100.     public function updateUser($user){
  101.  
  102.         if (!is_object($user|| !($user instanceof jAuthUserLDAP)) {
  103.             throw new jException('jelix~auth.ldap.object.user.unknown');
  104.         }
  105.  
  106.         if (!($user->login != '')) {
  107.             throw new jException('jelix~auth.ldap.user.login.unset');
  108.         }
  109.  
  110.         $entries $this->getAttributesLDAP($user,true);
  111.  
  112.         $connect $this->_bindLdapUser();
  113.         if ($connect === false{
  114.             return false;
  115.         }
  116.         $result ldap_modify($connect$this->_buildUserDn($user->login)$entries);
  117.         ldap_close($connect);
  118.  
  119.         return $result;
  120.     }
  121.  
  122.     public function getUser($login){
  123.  
  124.         $connect $this->_bindLdapUser();
  125.         if ($connect === false{
  126.             return false;
  127.         }
  128.  
  129.         if (($search ldap_search($connect$this->_params['searchBaseDN']$this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
  130.             if (($entry ldap_first_entry($connect$search))) {
  131.                 $attributes ldap_get_attributes($connect$entry);
  132.                 if($attributes['count']>0){
  133.                     $user new jAuthUserLDAP();
  134.                     $this->setAttributesLDAP($user$attributes);
  135.                     $user->login $login;
  136.                     $user->password '';
  137.                     ldap_close($connect);
  138.                     return $user;
  139.                 }
  140.             }
  141.         }
  142.         ldap_close($connect);
  143.  
  144.         return false;
  145.     }
  146.  
  147.     public function createUserObject($login,$password){
  148.  
  149.         $user new jAuthUserLDAP();
  150.  
  151.         $user->login $login;
  152.         $user->password $this->cryptPassword($password);
  153.         foreach ($this->_params['searchAttributes'as $property{
  154.             $user->$property '';
  155.         }
  156.  
  157.         return $user;
  158.     }
  159.  
  160.     public function getUserList($pattern){
  161.  
  162.         $users array();
  163.  
  164.         $connect $this->_bindLdapUser();
  165.         if ($connect === false{
  166.             return $users;
  167.         }
  168.         $filter ($pattern != '' && $pattern != '%'"(&".$this->_params['searchFilter'"({$this->_params['uidProperty']}={$pattern}))$this->_params['searchFilter';
  169.  
  170.         if (($search ldap_search($connect$this->_params['searchBaseDN']$filter$this->_params['searchAttributes']))) {
  171.             ldap_sort($connect$search$this->_params['uidProperty']);
  172.             $entry ldap_first_entry($connect$search);
  173.             while ($entry{
  174.                 $attributes ldap_get_attributes($connect$entry);
  175.                 if ($attributes['count']>0{
  176.                     $user new jAuthUserLDAP();
  177.                     $this->setAttributesLDAP($user$attributes);
  178.                     $user->password '';
  179.                     $users[$user;
  180.                 }
  181.                 $entry ldap_next_entry($connect$entry);
  182.             }
  183.         }
  184.         ldap_close($connect);
  185.  
  186.         return $users;
  187.     }
  188.  
  189.     public function changePassword($login$newpassword{
  190.  
  191.         $entries array();
  192.         $entries["userpassword"][0$this->cryptPassword($newpassword);
  193.  
  194.         $connect $this->_bindLdapUser();
  195.         if ($connect === false{
  196.             return false;
  197.         }
  198.         $result ldap_mod_replace($connect$this->_buildUserDn($login)$entries);
  199.         ldap_close($connect);
  200.         return $result;
  201.     }
  202.  
  203.     public function verifyPassword($login$password{
  204.  
  205.         $connect $this->_getLinkId();
  206.  
  207.         if ($connect{
  208.             //authenticate user
  209.             $bind @ldap_bind($connect$this->_buildUserDn($login)$this->cryptPassword($password));
  210.  
  211.             if ($bind{
  212.                 //get connected user infos
  213.                 if ($this->_params['ldapUser'== ''{
  214.                     $bind ldap_bind($connect);
  215.                 }
  216.                 else {
  217.                     $bind ldap_bind($connect,$this->_params['ldapUser']$this->_params['ldapPassword']);
  218.                 }
  219.                 if ($bind{
  220.                     if (($search ldap_search($connect$this->_params['searchBaseDN']$this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
  221.                         if (($entry ldap_first_entry($connect,$search))) {
  222.                             $attributes ldap_get_attributes($connect,$entry);
  223.                             if($attributes['count']>0){
  224.                                 $user new jAuthUserLDAP();
  225.                                 $this->setAttributesLDAP($user$attributes);
  226.                                 $user->login $login;
  227.                                 $user->password '';
  228.                                 ldap_close($connect);
  229.                                 return $user;
  230.                             }
  231.                         }
  232.                     }
  233.                 }
  234.             }
  235.             ldap_close($connect);
  236.         }
  237.         return false;
  238.     }
  239.  
  240.     protected function getAttributesLDAP($user$update=false{
  241.  
  242.         $entries array();
  243.         $entries["objectclass"][0"user";
  244.         $properties get_object_vars($user);
  245.         foreach ($properties as $property=>$value{
  246.             switch(strtolower($property)) {
  247.                 case 'login':
  248.                     if (!$update{
  249.                         $entries[$this->_params['uidProperty']][0$value;
  250.                         $entries["name"][0$value;
  251.                     }
  252.                     break;
  253.                 case 'password':
  254.                     if ($value != ''{
  255.                         $entries["userpassword"][0$value;
  256.                     }
  257.                     break;
  258.                 case 'email':
  259.                     if ($value != ''{
  260.                         $entries["mail"][0$value;
  261.                     }
  262.                     break;
  263.                 default:
  264.                     if ($value != ''{
  265.                         $entries[$property][0$value;
  266.                     }
  267.                     break;
  268.             }
  269.         }
  270.         return $entries;
  271.     }
  272.  
  273.     protected function setAttributesLDAP(&$user$attributes{
  274.  
  275.         foreach($this->_params['searchAttributes'as $attribute{
  276.             if (isset($attributes[$attribute])) {
  277.                 array_shift($attributes[$attribute]);
  278.                 switch(strtolower($attribute)) {
  279.                     case 'mail':
  280.                         $user->email $attributes[$attribute];
  281.                         break;
  282.                     case $this->_params['uidProperty']:
  283.                         $user->login $attributes[$attribute];
  284.                         break;
  285.                     default:
  286.                         $user->$attribute $attributes[$attribute];
  287.                         break;
  288.                 }
  289.             }
  290.         }
  291.     }
  292.  
  293.     protected function _buildUserDn($login{
  294.         if ($login{
  295.             return $this->_params['uidProperty'].'='.$login.",".$this->_params['searchBaseDN'];
  296.         }
  297.         return '';
  298.     }
  299.  
  300.     protected function _getLinkId({
  301.         if ($connect ldap_connect($this->_params['hostname']$this->_params['port'])) {
  302.             ldap_set_option($connectLDAP_OPT_PROTOCOL_VERSION$this->_params['protocolVersion']);
  303.             ldap_set_option($connectLDAP_OPT_REFERRALS0);
  304.             return $connect;
  305.         }
  306.         return false;
  307.     }
  308.  
  309.     protected function _bindLdapUser({
  310.         $connect $this->_getLinkId();
  311.         if (!$connect)
  312.             return false;
  313.         if ($this->_params['ldapUser'== ''{
  314.             $bind ldap_bind($connect);
  315.         }
  316.         else {
  317.             $bind ldap_bind($connect$this->_params['ldapUser']$this->_params['ldapPassword']);
  318.         }
  319.         if (!$bind{
  320.             ldap_close($connect);
  321.             return false;
  322.         }
  323.         return $connect;
  324.     }
  325. }

Documentation generated on Wed, 24 Sep 2014 22:03:10 +0200 by phpDocumentor 1.4.3