Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*********************************************
- *
- * Library to authenticate to LDAP servers
- * and retrieve user information from LDAP
- * Written by Elmü 2008
- *
- *********************************************/
- function ldapConnectServer()
- {
- global $AUTHCFG;
- $conn = @ldap_connect($AUTHCFG['ldap_host'],$AUTHCFG['ldap_port']);
- @ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // Try version 3. Will fail and default to v2.
- if (!empty($AUTHCFG['ldap_username']))
- {
- if (!@ldap_bind($conn, $AUTHCFG['ldap_username'], $AUTHCFG['ldap_pass']))
- return NULL;
- }
- else
- {
- if (!@ldap_bind($conn)) //attempt an anonymous bind if no user/pass specified in config.php
- return NULL;
- }
- return $conn;
- }
- /**
- * Function to authenticate users via LDAP
- *
- * @param string $authUser - Username to authenticate
- * @param string $authPW - Cleartext password
- * @return NULL on failure, user's info (in an array) on bind
- */
- function ldapAuthenticate($authUser, $authPW)
- {
- /*
- global $AUTHCFG;
- if (empty($authUser) || empty($authPW))
- return false;
- $conn = ldapConnectServer();
- if ($conn == NULL)
- return false;
- print 'conn: '.$conn;
- $retval = false;
- $filter = $AUTHCFG['ldap_account'] . '=' . $authUser;
- $ident = @ldap_search($conn, $AUTHCFG['ldap_basedn'], $filter);
- var_dump($ident);
- exit;
- if ($ident)
- {
- $result = @ldap_get_entries($conn, $ident);
- if ($result[0])
- {
- // dn is the LDAP path where the user was fond. This attribute is always returned.
- if (@ldap_bind( $conn, $result[0]["dn"], $authPW) )
- $retval = true;
- }
- @ldap_free_result($ident);
- }
- @ldap_unbind($conn);
- return $retval;
- */
- global $AUTHCFG;
- if ($authUser != "" && $authPW != "") {
- $ds=@ldap_connect($AUTHCFG['ldap_host'],$AUTHCFG['ldap_port']);
- @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //Try version 3. Will fail and default to v2.
- $bind = false;
- if (!empty($AUTHCFG['ldap_username'])) {
- $bind = @ldap_bind($ds, $AUTHCFG['ldap_username'], $AUTHCFG['ldap_pass']);
- } else {
- $bind = @ldap_bind($ds); //attempt an anonymous bind if no user/pass specified in config.php
- }
- if (!$bind) {
- return NULL; //bind failed
- }
- $r = @ldap_search( $ds, $AUTHCFG['ldap_basedn'], $AUTHCFG['ldap_uid'] . '=' . $authUser);
- if ($r) {
- $result = @ldap_get_entries( $ds, $r);
- if ($result[0]) {
- if (@ldap_bind($ds, $result[0]['dn'], $authPW )) {
- return $result[0];
- }
- }
- }
- }
- return NULL;
- }
- // Search a user by the given filter and returns the attributes defined in the array $required
- function ldapSearchUser($filter, $required)
- {
- global $AUTHCFG;
- $conn = ldapConnectServer();
- if ($conn == NULL)
- return NULL;
- $ident = @ldap_search($conn, $AUTHCFG['ldap_basedn'], $filter, $required);
- if ($ident)
- {
- $result = @ldap_get_entries($conn, $ident);
- @ldap_free_result($ident);
- }
- @ldap_unbind($conn);
- return $result;
- }
- // Searches for a user's fullname
- // returns a hashtable with Account => FullName of all matching users
- function ldapSearchUserAccountAndName($user)
- {
- global $AUTHCFG;
- $fldaccount = strtolower($AUTHCFG['ldap_account']);
- $fldname = strtolower($AUTHCFG['ldap_fullname']);
- $fldclass = strtolower($AUTHCFG['ldap_objclass']);
- $usrfilter = explode("|", $AUTHCFG['ldap_userfilter']);
- $required = array($fldaccount,$fldname,$fldclass);
- $ldapArray = ldapSearchUser("$fldname=*$user*", $required);
- // copy from LDAP specific array to a standardized hashtable
- // Skip Groups and Organizational Units. Copy only users.
- for ($i=0; $i<$ldapArray["count"]; $i++)
- {
- $isuser = false;
- foreach($usrfilter as $filt)
- {
- if (array_search($filt, $ldapArray[$i][$fldclass]))
- {
- $isuser = true;
- break;
- }
- }
- if ($isuser)
- {
- $account = $ldapArray[$i][$fldaccount][0];
- $name = $ldapArray[$i][$fldname] [0];
- $userArray[$account] = $name;
- }
- }
- return $userArray;
- }
- // retrieve all requested LDAP values for the given user account
- // $fields = array("ldap_forename", "ldap_email",...)
- // returns a hashtable with "ldap_forename" => "John"
- function ldapGetUserValues($account, $fields)
- {
- global $AUTHCFG;
- foreach ($fields as $key)
- {
- $required[] = $AUTHCFG[$key];
- }
- $filter = $AUTHCFG['ldap_account'] . "=" .$account;
- $ldapArray = ldapSearchUser($filter, $required);
- // copy from LDAP specific array to a standardized hashtable
- foreach ($fields as $key)
- {
- $attr = strtolower($AUTHCFG[$key]);
- $value = $ldapArray[0][$attr][0];
- $valueArray[$key] = $value;
- }
- return $valueArray;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement