Source for file ldap.auth.php

Documentation is available at ldap.auth.php

<?php
/**
* @package jelix
* @subpackage ldap_driver
* @author Tahina Ramaroson
* @contributor Sylvain de Vathaire
* @contributor Thibaud Fabre, Laurent Jouanneau
* @licence http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
*/
/**
* LDAP authentification driver for authentification information stored in LDAP server
* @package jelix
* @subpackage auth_driver
*/
class ldapAuthDriver extends jAuthDriverBase implements jIAuthDriver {
/**
* default user attributes list
* @var array
* @access protected
*/
protected $_default_attributes = array("cn","distinguishedName","name");
function __construct($params){
if (!extension_loaded('ldap')) {
throw new jException('jelix~auth.ldap.extension.unloaded');
}
parent::__construct($params);
// default ldap parameters
$_default_params = array(
'hostname' => 'localhost',
'port' => 389,
'ldapUser' => null,
'ldapPassword' => null,
'protocolVersion' => 3,
'uidProperty' => 'cn'
);
// iterate each default parameter and apply it to actual params if missing in $params.
foreach($_default_params as $name => $value) {
if (!isset($this->_params[$name]) || $this->_params[$name] == '') {
$this->_params[$name] = $value;
}
}
if (!isset($this->_params['searchBaseDN']) || $this->_params['searchBaseDN'] == '') {
throw new jException('jelix~auth.ldap.search.base.missing');
}
if (!isset($this->_params['searchFilter']) || $this->_params['searchFilter'] == '') {
throw new jException('jelix~auth.ldap.search.filter.missing');
}
if (!isset($this->_params['searchAttributes']) || $this->_params['searchAttributes'] == '') {
$this->_params['searchAttributes'] = $this->_default_attributes;
} else {
$this->_params['searchAttributes'] = explode(",", $this->_params['searchAttributes']);
}
}
public function saveNewUser($user){
if (!is_object($user) || !($user instanceof jAuthUserLDAP)) {
throw new jException('jelix~auth.ldap.object.user.unknown');
}
if (!($user->login != '')) {
throw new jException('jelix~auth.ldap.user.login.unset');
}
$entries = $this->getAttributesLDAP($user);
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
$result = ldap_add($connect, $this->_buildUserDn($user->login), $entries);
ldap_close($connect);
return $result;
}
public function removeUser($login){
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
$result = ldap_delete($connect, $this->_buildUserDn($login));
ldap_close($connect);
return $result;
}
public function updateUser($user){
if (!is_object($user) || !($user instanceof jAuthUserLDAP)) {
throw new jException('jelix~auth.ldap.object.user.unknown');
}
if (!($user->login != '')) {
throw new jException('jelix~auth.ldap.user.login.unset');
}
$entries = $this->getAttributesLDAP($user,true);
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
$result = ldap_modify($connect, $this->_buildUserDn($user->login), $entries);
ldap_close($connect);
return $result;
}
public function getUser($login){
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
if (($search = ldap_search($connect, $this->_params['searchBaseDN'], $this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
if (($entry = ldap_first_entry($connect, $search))) {
$attributes = ldap_get_attributes($connect, $entry);
if($attributes['count']>0){
$user = new jAuthUserLDAP();
$this->setAttributesLDAP($user, $attributes);
$user->login = $login;
$user->password = '';
ldap_close($connect);
return $user;
}
}
}
ldap_close($connect);
return false;
}
public function createUserObject($login,$password){
$user = new jAuthUserLDAP();
$user->login = $login;
$user->password = $this->cryptPassword($password);
foreach ($this->_params['searchAttributes'] as $property) {
$user->$property = '';
}
return $user;
}
public function getUserList($pattern){
$users = array();
$connect = $this->_bindLdapUser();
if ($connect === false) {
return $users;
}
$filter = ($pattern != '' && $pattern != '%') ? "(&".$this->_params['searchFilter'] . "({$this->_params['uidProperty']}={$pattern}))" : $this->_params['searchFilter'] ;
if (($search = ldap_search($connect, $this->_params['searchBaseDN'], $filter, $this->_params['searchAttributes']))) {
ldap_sort($connect, $search, $this->_params['uidProperty']);
$entry = ldap_first_entry($connect, $search);
while ($entry) {
$attributes = ldap_get_attributes($connect, $entry);
if ($attributes['count']>0) {
$user = new jAuthUserLDAP();
$this->setAttributesLDAP($user, $attributes);
$user->password = '';
$users[] = $user;
}
$entry = ldap_next_entry($connect, $entry);
}
}
ldap_close($connect);
return $users;
}
public function changePassword($login, $newpassword) {
$entries = array();
$entries["userpassword"][0] = $this->cryptPassword($newpassword);
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
$result = ldap_mod_replace($connect, $this->_buildUserDn($login), $entries);
ldap_close($connect);
return $result;
}
public function verifyPassword($login, $password) {
$connect = $this->_getLinkId();
if ($connect) {
//authenticate user
$bind = @ldap_bind($connect, $this->_buildUserDn($login), $this->cryptPassword($password));
if ($bind) {
//get connected user infos
if ($this->_params['ldapUser'] == '') {
$bind = ldap_bind($connect);
}
else {
$bind = ldap_bind($connect,$this->_params['ldapUser'], $this->_params['ldapPassword']);
}
if ($bind) {
if (($search = ldap_search($connect, $this->_params['searchBaseDN'], $this->_params['uidProperty'].'='.$login,$this->_params['searchAttributes']))) {
if (($entry = ldap_first_entry($connect,$search))) {
$attributes = ldap_get_attributes($connect,$entry);
if($attributes['count']>0){
$user = new jAuthUserLDAP();
$this->setAttributesLDAP($user, $attributes);
$user->login = $login;
$user->password = '';
ldap_close($connect);
return $user;
}
}
}
}
}
ldap_close($connect);
}
return false;
}
protected function getAttributesLDAP($user, $update=false) {
$entries = array();
$entries["objectclass"][0] = "user";
$properties = get_object_vars($user);
foreach ($properties as $property=>$value) {
switch(strtolower($property)) {
case 'login':
if (!$update) {
$entries[$this->_params['uidProperty']][0] = $value;
$entries["name"][0] = $value;
}
break;
case 'password':
if ($value != '') {
$entries["userpassword"][0] = $value;
}
break;
case 'email':
if ($value != '') {
$entries["mail"][0] = $value;
}
break;
default:
if ($value != '') {
$entries[$property][0] = $value;
}
break;
}
}
return $entries;
}
protected function setAttributesLDAP(&$user, $attributes) {
foreach($this->_params['searchAttributes'] as $attribute) {
if (isset($attributes[$attribute])) {
array_shift($attributes[$attribute]);
switch(strtolower($attribute)) {
case 'mail':
$user->email = $attributes[$attribute];
break;
case $this->_params['uidProperty']:
$user->login = $attributes[$attribute];
break;
default:
$user->$attribute = $attributes[$attribute];
break;
}
}
}
}
protected function _buildUserDn($login) {
if ($login) {
return $this->_params['uidProperty'].'='.$login.",".$this->_params['searchBaseDN'];
}
return '';
}
protected function _getLinkId() {
if ($connect = ldap_connect($this->_params['hostname'], $this->_params['port'])) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, $this->_params['protocolVersion']);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
return $connect;
}
return false;
}
protected function _bindLdapUser() {
$connect = $this->_getLinkId();
if (!$connect)
return false;
if ($this->_params['ldapUser'] == '') {
$bind = ldap_bind($connect);
}
else {
$bind = ldap_bind($connect, $this->_params['ldapUser'], $this->_params['ldapPassword']);
}
if (!$bind) {
ldap_close($connect);
return false;
}
return $connect;
}
}

Documentation generated on Wed, 04 Jan 2017 22:57:29 +0100 by phpDocumentor 1.4.3