diff --git a/inc/drivers_ldap.php b/inc/drivers_ldap.php new file mode 100644 index 00000000..e775ddb0 --- /dev/null +++ b/inc/drivers_ldap.php @@ -0,0 +1,201 @@ +__construct($config); + } + /** + * Initializes the LDAP connection + * + * @param string $host The name of LDAP server + * @param int $port The port number to use + * + */ + function __construct($config) + { + $host=$config['host']; + $port=$config['port']; + if(!function_exists('ldap_connect')){ + dbg_error_log( "ERROR", "drivers_ldap : function ldap_connect not defined, check your php_ldap module"); + $this->valid=false; + return ; + } + if ($port) $this->connect=ldap_connect($host, $port); + else $this->connect=ldap_connect($host); + if (! $this->connect){ + dbg_error_log( "ERROR", "drivers_ldap : Unable to connect to LDAP with port %s on host %s", $port,$host ); + $this->valid=false; + return ; + } + //connect as root + if (!ldap_bind($this->connect,$config['bindDN'],$config['passDN'])){ + dbg_error_log( "ERROR", "drivers_ldap : Unable to bind to LDAP, check your bindDN >%s< and passDN >%s< of your configuration",$config['bindDN'],$config['passDN'] ); + $this->valid=false; + return ; + } + $this->valid = true; + //root to start search + $this->baseDNUsers = $config['baseDNUsers']; + $this->filterUsers = $config['filterUsers']; + $this->baseDNGroups = $config['baseDNGroups']; + $this->filterGroups = $config['filterGroups']; + } + + /* + function getAllUsers($attributs){ + $entry = ldap_list($this->connect,$this->base_dn,$this->UsrFilter,$attributs); + if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$filter,'arguments'=>print_r($attributs,1), 'dn'=>$this->base_dn)); + for($i=ldap_first_entry($this->connect,$entry); + $i&&$arr=ldap_get_attributes($this->connect,$i); + $i=ldap_next_entry($this->connect,$i) + ) + { + for($j=0;$j<$arr['count'];$j++){ + $row[$arr[$j]] = $arr[$arr[$j]][0]; + } + $ret[]=$row; + } + return $ret; + } + + function getAllDivisions($attributs,$filter=""){ + if($filter == "") $filter=$this->DivFilter; + $entry = ldap_list($this->connect,$this->Divdn,$filter,$attributs); + if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoDivisionsFound",array('filter'=>$filter,'arguments'=>print_r($attributs,1), 'dn'=>$this->Divdn)); + + for($i=ldap_first_entry($this->connect,$entry); + $i&&$arr=ldap_get_attributes($this->connect,$i); + $i=ldap_next_entry($this->connect,$i) + ) + { + for($j=0;$j<$arr['count'];$j++){ + $row[$arr[$j]] = $arr[$arr[$j]][0]; + } + $ret[]=$row; + } + return $ret; + } + + function DivisionOfUser($attributs,$login){ + //first get dn of the user; + $entry = ldap_search($this->connect,$this->base_dn,"uid=$login",array('dn')); + if (!ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.user not found",array('filter'=>"uid=$login",'arguments'=>'dn', 'dn'=>$base_dn)); + $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry)); + try{ + return $this->getAllDivisions($attributs,"(&($this->DivFilter)(uniqueMember=$dnUser))"); + }catch (AppException $e) + { + return array(''); + } + }*/ + /** + * Returns the result of the LDAP query + * + * @param string $filter The filter used to search entries + * @param array $attributs Attributes to be returned + * @param string $passwd password to check + * @return array Contains selected attributes from all entries corresponding to the given filter + */ + function requestUser($filter,$attributs=NULL,$passwd) + { + + $entry=NULL; + // We get the DN of the USER + $entry = ldap_search($this->connect,$this->baseDNUsers,$filter,$attributs); + if (!ldap_first_entry($this->connect,$entry)) + dbg_error_log( "ERROR", "drivers_ldap : Unable to find the user" ); + $dnUser = ldap_get_dn($this->connect, ldap_first_entry($this->connect,$entry)); + if(!@ldap_bind($this->connect,$dnUser,$passwd)) + return false; + + $i=ldap_first_entry($this->connect,$entry); + $arr=ldap_get_attributes($this->connect,$i); + for($i=0;$i<$arr['count'];$i++){ + $ret[$arr[$i]]=$arr[$arr[$i]][0]; + } + return $ret; + + } + /*function addToDivision($uid,$usr){ + $userDN = $this->getUserDN($usr); + $divDN = $this->getDivDN($uid); + $group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array + if(!ldap_mod_add($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to add user to group", array('userDN' => $userDN, "DivDN"=>$divDN)); + + } + + function addToTennaxia($usr){ + $userDN = $this->getUserDN($usr); + $entry = ldap_list($this->connect,$this->base_dn,"(&(&($this->DivFilter)(uniqueMember=$userDN))(cn=tennaxia))",array('cn')); + if (!ldap_first_entry($this->connect,$entry)){ + $divDN = "cn=tennaxia,dc=tennaxia,dc=net"; + $group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array + if(!ldap_mod_add($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to add user to Tennaxia", array('userDN' => $userDN, "DivDN"=>$divDN)); + } + } + function removeFromDivision($uid,$usr){ + $userDN = $this->getUserDN($usr); + $divDN = $this->getDivDN($uid); + $group_info['uniqueMember'] = $userDN; // User's DN is added to group's 'member' array + if(!ldap_mod_del($this->connect,$divDN,$group_info)) throw new AppException("technical.ldaptools.unable to remove user from group", array('userDN' => $userDN, "DivDN"=>$divDN)); + + } + function getUserDN($login){ + $entry = ldap_search($this->connect,$this->base_dn,"(&($this->UsrFilter)(uid=$login))",array('dn')); + if (!$i=ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$this->UsrFilter,'arguments'=>print_r($args,1), 'domain'=>$this->base_dn)); + return ldap_get_dn($this->connect, $i); + } + function getDivDN($entryUUID){ + $entry = ldap_search($this->connect,$this->base_dn,"(&($this->DivFilter)(entryUUID=$entryUUID))",array('dn')); + if (!$i=ldap_first_entry($this->connect,$entry)) throw new AppException("technicat.ldaptools.NoUserFound",array('filter'=>$this->UsrFilter,'arguments'=>print_r($args,1), 'domain'=>$this->base_dn)); + return ldap_get_dn($this->connect, $i); + }*/ +} + + +// A generic function to create and fetch static objects +function getStaticLdap() { + global $c; + // Declare a static variable to hold the object instance + static $instance; + + // If the instance is not there, create one + if(!isset($instance)) { + $ldapDrivers =& new ldapDrivers($c->authenticate_hook['config']); + } + return $ldapDrivers; +} +function LDAP_check($username, $password ){ + global $c; + $mapping = $c->authenticate_hook['config']['mapping_field']; + $filter="uid=$username"; + $attributs=array_values($mapping); + $ldapDriver = getStaticLdap(); + if($ldapDriver->valid){ + dbg_error_log( "LDAP", "checking user %s for password %s against LDAP",$username,$password ); + $valid = $ldapDriver->requestUser($filter,$attributs,$password); + //is a valid user or not + if (!$valid) + return false; + //ok it is valid is already exist in db ? + $qry = new PgQuery( "SELECT * FROM usr WHERE lower(username) = ? ", $username ); + if ( $qry->Exec('BasicAuth',__LINE__,__FILE__) && $qry->rows == 1 ) + return $qry->Fetch(); + //it doesn't exist so we create the new user + //$user = new RSCDSUser($user_no); + dbg_error_log( "LDAP", "From LDAP User Name => %s, Full Name => %s ,EMail => %s",$valid[$mapping["User Name"]],$valid[$mapping["Full Name"]],$valid[$mapping["EMail"]]); + + } +} +?> \ No newline at end of file