nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-04-27 15:31:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Basic driver for handling LDAP authentication.

Browse Source
This commit is contained in:
Maxime Delorme 2007-05-05 11:08:12 +12:00
parent c9fb3d8d01
commit 011740a8da
1 changed files with 201 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

201
inc/drivers_ldap.php Normal file
View File

@ -0,0 +1,201 @@
<?php
/**
* Manages LDAP repository connection
*
* @category Technical
*/
class ldapDrivers
{
/**
* Holds the LDAP connection parametters
*/
protected $connect;
function ldapDrivers($config){
$this->__construct($config);
}
/**
* Initializes the LDAP connection
*
* @param string $host The name of LDAP server
* @param int $port The port number to use
*
*/
function __construct($config)
{
$host=$config['host'];
$port=$config['port'];
if(!function_exists('ldap_connect')){
dbg_error_log( "ERROR", "drivers_ldap : function ldap_connect not defined, check your php_ldap module");
$this->valid=false;
return ;
}
if ($port) $this->connect=ldap_connect($host, $port);
else $this->connect=ldap_connect($host);
if (! $this->connect){
dbg_error_log( "ERROR", "drivers_ldap : Unable to connect to LDAP with port %s on host %s", $port,$host );
$this->valid=false;
return ;
}
//connect as root
if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){
dbg_error_log( "ERROR", "drivers_ldap : Unable to bind to LDAP, check your bindDN >%s< and passDN >%s< of your configuration",$config['bindDN'],$config['passDN'] );
$this->valid=false;
return ;
}
$this->valid = true;
//root to start search
$this->baseDNUsers = $config['baseDNUsers'];
$this->filterUsers = $config['filterUsers'];
$this->baseDNGroups = $config['baseDNGroups'];
$this->filterGroups = $config['filterGroups'];
}
/*
function getAllUsers($attributs){
$entry = ldap_list($this->connect,$this->base_dn,$this->UsrFilter,$attributs);
if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$filter,'arguments'=>print_r($attributs,1), 'dn'=>$this->base_dn));
for($i=ldap_first_entry($this->connect,$entry);
$i&&$arr=ldap_get_attributes($this->connect,$i);
$i=ldap_next_entry($this->connect,$i)
)
{
for($j=0;$j<$arr['count'];$j++){
$row[$arr[$j]] = $arr[$arr[$j]][0];
}
$ret[]=$row;
}
return $ret;
}
function getAllDivisions($attributs,$filter=""){
if($filter == "") $filter=$this->DivFilter;
$entry = ldap_list($this->connect,$this->Divdn,$filter,$attributs);
if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoDivisionsFound",array('filter'=>$filter,'arguments'=>print_r($attributs,1), 'dn'=>$this->Divdn));
for($i=ldap_first_entry($this->connect,$entry);
$i&&$arr=ldap_get_attributes($this->connect,$i);
$i=ldap_next_entry($this->connect,$i)
)
{
for($j=0;$j<$arr['count'];$j++){
$row[$arr[$j]] = $arr[$arr[$j]][0];
}
$ret[]=$row;
}
return $ret;
}
function DivisionOfUser($attributs,$login){
//first get dn of the user;
$entry = ldap_search($this->connect,$this->base_dn,"uid=$login",array('dn'));
if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.user not found",array('filter'=>"uid=$login",'arguments'=>'dn', 'dn'=>$base_dn));
$dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
try{
return $this->getAllDivisions($attributs,"(&($this->DivFilter)(uniqueMember=$dnUser))");
}catch (AppException $e)
{
return array('');
}
}*/
/**
* Returns the result of the LDAP query
*
* @param string $filter The filter used to search entries
* @param array $attributs Attributes to be returned
* @param string $passwd password to check
* @return array Contains selected attributes from all entries corresponding to the given filter
*/
function requestUser($filter,$attributs=NULL,$passwd)
{
$entry=NULL;
// We get the DN of the USER
$entry = ldap_search($this->connect,$this->baseDNUsers,$filter,$attributs);
if (!ldap_first_entry($this->connect,$entry))
dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user" );
$dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry));
if(!@ldap_bind($this->connect,$dnUser,$passwd))
return false;
$i=ldap_first_entry($this->connect,$entry);
$arr=ldap_get_attributes($this->connect,$i);
for($i=0;$i<$arr['count'];$i++){
$ret[$arr[$i]]=$arr[$arr[$i]][0];
}
return $ret;
}
/*function addToDivision($uid,$usr){
$userDN = $this->getUserDN($usr);
$divDN = $this->getDivDN($uid);
$group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array
if(!ldap_mod_add($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to add user to group", array('userDN' => $userDN, "DivDN"=>$divDN));
}
function addToTennaxia($usr){
$userDN = $this->getUserDN($usr);
$entry = ldap_list($this->connect,$this->base_dn,"(&(&($this->DivFilter)(uniqueMember=$userDN))(cn=tennaxia))",array('cn'));
if (!ldap_first_entry($this->connect,$entry)){
$divDN = "cn=tennaxia,dc=tennaxia,dc=net";
$group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array
if(!ldap_mod_add($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to add user to Tennaxia", array('userDN' => $userDN, "DivDN"=>$divDN));
}
}
function removeFromDivision($uid,$usr){
$userDN = $this->getUserDN($usr);
$divDN = $this->getDivDN($uid);
$group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array
if(!ldap_mod_del($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to remove user from group", array('userDN' => $userDN, "DivDN"=>$divDN));
}
function getUserDN($login){
$entry = ldap_search($this->connect,$this->base_dn,"(&($this->UsrFilter)(uid=$login))",array('dn'));
if (!$i=ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$this->UsrFilter,'arguments'=>print_r($args,1), 'domain'=>$this->base_dn));
return ldap_get_dn($this->connect, $i);
}
function getDivDN($entryUUID){
$entry = ldap_search($this->connect,$this->base_dn,"(&($this->DivFilter)(entryUUID=$entryUUID))",array('dn'));
if (!$i=ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$this->UsrFilter,'arguments'=>print_r($args,1), 'domain'=>$this->base_dn));
return ldap_get_dn($this->connect, $i);
}*/
}
// A generic function to create and fetch static objects
function getStaticLdap() {
global $c;
// Declare a static variable to hold the object instance
static $instance;
// If the instance is not there, create one
if(!isset($instance)) {
$ldapDrivers =& new ldapDrivers($c->authenticate_hook['config']);
}
return $ldapDrivers;
}
function LDAP_check($username, $password ){
global $c;
$mapping = $c->authenticate_hook['config']['mapping_field'];
$filter="uid=$username";
$attributs=array_values($mapping);
$ldapDriver = getStaticLdap();
if($ldapDriver->valid){
dbg_error_log( "LDAP", "checking user %s for password %s against LDAP",$username,$password );
$valid = $ldapDriver->requestUser($filter,$attributs,$password);
//is a valid user or not
if (!$valid)
return false;
//ok it is valid is already exist in db ?
$qry = new PgQuery( "SELECT * FROM usr WHERE lower(username) = ? ", $username );
if ( $qry->Exec('BasicAuth',__LINE__,__FILE__) && $qry->rows == 1 )
return $qry->Fetch();
//it doesn't exist so we create the new user
//$user = new RSCDSUser($user_no);
dbg_error_log( "LDAP", "From LDAP User Name => %s, Full Name => %s ,EMail => %s",$valid[$mapping["User Name"]],$valid[$mapping["Full Name"]],$valid[$mapping["EMail"]]);
}
}
?>