First release of domframework
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@1207 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
125
authldap.php
Normal file
125
authldap.php
Normal file
@@ -0,0 +1,125 @@
|
||||
<?php
|
||||
/** User authentication against LDAP server */
|
||||
class authldap extends auth
|
||||
{
|
||||
/** LDAP server : can be ldaps://server.domain.tld if LDAPS */
|
||||
public $ldapserver="localhost";
|
||||
public $ldapport=389;
|
||||
public $ldaptimeout=5;
|
||||
/** LDAP authentication to search user */
|
||||
public $ldapauth = "";
|
||||
public $ldappwd = "";
|
||||
public $ldapbase = "";
|
||||
/** Filter used to search user */
|
||||
public $ldapfilter = "(mail=%s)";
|
||||
public $ldapfield = "mail";
|
||||
/** Filter used to find the available datas of an authenticated user */
|
||||
public $ldapfiltersearch = "(objectClass=inetOrgPerson)";
|
||||
|
||||
private $ldapconn = NULL;
|
||||
private $ldapdnuser = NULL;
|
||||
|
||||
function __construct ()
|
||||
{
|
||||
if (!function_exists ("ldap_connect"))
|
||||
throw new Exception ("LDAP support unavailable in PHP", 500);
|
||||
}
|
||||
|
||||
/** Establish a connection to a LDAP server
|
||||
$server can be "ldaps://ldap.domain:636"
|
||||
If $user is "", there is no authentication (anonymous mode) */
|
||||
public function connect ()
|
||||
{
|
||||
$this->ldapconn = ldap_connect ($this->ldapserver, $this->ldapport);
|
||||
if (!$this->ldapconn)
|
||||
throw new Exception ("Can't contact LDAP server", 500);
|
||||
|
||||
ldap_set_option ($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($this->ldapconn, LDAP_OPT_TIMELIMIT, $this->ldaptimeout);
|
||||
$ldapbind = ldap_bind ($this->ldapconn, $this->ldapauth, $this->ldappwd);
|
||||
if (ldap_errno ($this->ldapconn) !== 0)
|
||||
throw new Exception ("Authentication error in pre-auth LDAP", 500);
|
||||
}
|
||||
|
||||
/** Try to authenticate the email/password of the user */
|
||||
public function authentication ($email, $password)
|
||||
{
|
||||
$filter = sprintf ($this->ldapfilter, $email, $email, $email, $email);
|
||||
$search = ldap_search ($this->ldapconn, $this->ldapbase, $filter,
|
||||
array ($this->ldapfield));
|
||||
if ($search === FALSE)
|
||||
throw new Exception ("Unable to search in LDAP", 500);
|
||||
$info = ldap_get_entries ($this->ldapconn, $search);
|
||||
if (!isset ($info["count"]) || $info["count"] !== 1 || !isset ($info[0]) ||
|
||||
!isset ($info[0]["dn"]))
|
||||
throw new Exception ("Unable to find the user : '$email'", 401);
|
||||
$dn = $info[0]["dn"];
|
||||
$ldapbind2 = @ldap_bind ($this->ldapconn, $dn, $password);
|
||||
if ($ldapbind2 !== TRUE)
|
||||
throw new Exception ("Bad password for '$email'", 401);
|
||||
$this->ldapdnuser = $dn;
|
||||
}
|
||||
|
||||
/** Return all the parameters recorded for the authenticate user */
|
||||
public function getdetails ()
|
||||
{
|
||||
if ($this->ldapdnuser === NULL)
|
||||
throw new Exception ("No user authenticated !", 401);
|
||||
$search = ldap_search ($this->ldapconn, $this->ldapdnuser,
|
||||
$this->ldapfiltersearch);
|
||||
if ($search === FALSE)
|
||||
throw new Exception ("Can not found the details for user", 401);
|
||||
$datas = ldap_get_entries ($this->ldapconn, $search);
|
||||
$res = array ();
|
||||
if (isset ($datas[0]))
|
||||
{
|
||||
$res = array ("lastname"=>$datas[0]["sn"][0],
|
||||
"firstname"=>$datas[0]["givenname"][0],
|
||||
"email"=>$datas[0]["mail"][0]);
|
||||
}
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
||||
/** Method to change the password */
|
||||
public function changepassword ($oldpassword, $newpassword)
|
||||
{
|
||||
throw new Exception (_("The password can't be change for LDAP users"), 405);
|
||||
}
|
||||
|
||||
/** List all the users available in the database
|
||||
Return firstname, lastname, mail, with mail is an array */
|
||||
public function listusers ()
|
||||
{
|
||||
if ($this->ldapconn === NULL)
|
||||
throw new Exception ("No established LDAP connection", 500);
|
||||
$search = ldap_search ($this->ldapconn,$this->ldapbase,
|
||||
$this->ldapfiltersearch,
|
||||
array ("mail","sn","givenname"));
|
||||
if ($search === FALSE)
|
||||
throw new Exception ("Unable to search the users in LDAP", 500);
|
||||
$info = ldap_get_entries ($this->ldapconn, $search);
|
||||
$datas = array ();
|
||||
foreach ($info as $key=>$vals)
|
||||
{
|
||||
if ($key === "count") continue;
|
||||
if (isset ($vals["sn"][0]) && isset ($vals["givenname"][0]) &&
|
||||
isset ($vals["mail"]))
|
||||
{
|
||||
$datas[$key] = array ("lastname"=>$vals["sn"][0],
|
||||
"firstname"=>$vals["givenname"][0],
|
||||
"email"=>$vals["mail"][0]);
|
||||
}
|
||||
|
||||
unset ($datas[$key]["mail"]["count"]);
|
||||
}
|
||||
|
||||
return $datas;
|
||||
}
|
||||
|
||||
function __destruct ()
|
||||
{
|
||||
if (isset ($this->ldapconn))
|
||||
ldap_close ($this->ldapconn);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user