Guest User

Untitled

a guest
Oct 13th, 2015
134
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. /*********************************************
  4. *
  5. * Library to authenticate to LDAP servers
  6. * and retrieve user information from LDAP
  7. * Written by Elmü 2008
  8. *
  9. *********************************************/
  10.  
  11. function ldapConnectServer()
  12. {
  13. global $AUTHCFG;
  14.  
  15. $conn = @ldap_connect($AUTHCFG['ldap_host'],$AUTHCFG['ldap_port']);
  16. @ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); // Try version 3. Will fail and default to v2.
  17.  
  18. if (!empty($AUTHCFG['ldap_username']))
  19. {
  20. if (!@ldap_bind($conn, $AUTHCFG['ldap_username'], $AUTHCFG['ldap_pass']))
  21. return NULL;
  22. }
  23. else
  24. {
  25. if (!@ldap_bind($conn)) //attempt an anonymous bind if no user/pass specified in config.php
  26. return NULL;
  27. }
  28. return $conn;
  29.  
  30. }
  31.  
  32. /**
  33. * Function to authenticate users via LDAP
  34. *
  35. * @param string $authUser - Username to authenticate
  36. * @param string $authPW - Cleartext password
  37. * @return NULL on failure, user's info (in an array) on bind
  38. */
  39. function ldapAuthenticate($authUser, $authPW)
  40. {
  41. /*
  42. global $AUTHCFG;
  43.  
  44. if (empty($authUser) || empty($authPW))
  45. return false;
  46.  
  47. $conn = ldapConnectServer();
  48. if ($conn == NULL)
  49. return false;
  50. print 'conn: '.$conn;
  51. $retval = false;
  52. $filter = $AUTHCFG['ldap_account'] . '=' . $authUser;
  53. $ident = @ldap_search($conn, $AUTHCFG['ldap_basedn'], $filter);
  54.  
  55. var_dump($ident);
  56. exit;
  57. if ($ident)
  58. {
  59. $result = @ldap_get_entries($conn, $ident);
  60. if ($result[0])
  61. {
  62. // dn is the LDAP path where the user was fond. This attribute is always returned.
  63. if (@ldap_bind( $conn, $result[0]["dn"], $authPW) )
  64. $retval = true;
  65. }
  66. @ldap_free_result($ident);
  67. }
  68.  
  69. @ldap_unbind($conn);
  70. return $retval;
  71. */
  72.  
  73. global $AUTHCFG;
  74.  
  75. if ($authUser != "" && $authPW != "") {
  76.  
  77.  
  78. $ds=@ldap_connect($AUTHCFG['ldap_host'],$AUTHCFG['ldap_port']);
  79.  
  80. @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); //Try version 3. Will fail and default to v2.
  81.  
  82.  
  83. $bind = false;
  84.  
  85. if (!empty($AUTHCFG['ldap_username'])) {
  86. $bind = @ldap_bind($ds, $AUTHCFG['ldap_username'], $AUTHCFG['ldap_pass']);
  87. } else {
  88. $bind = @ldap_bind($ds); //attempt an anonymous bind if no user/pass specified in config.php
  89. }
  90.  
  91. if (!$bind) {
  92. return NULL; //bind failed
  93. }
  94.  
  95. $r = @ldap_search( $ds, $AUTHCFG['ldap_basedn'], $AUTHCFG['ldap_uid'] . '=' . $authUser);
  96. if ($r) {
  97. $result = @ldap_get_entries( $ds, $r);
  98.  
  99.  
  100.  
  101.  
  102. if ($result[0]) {
  103.  
  104. if (@ldap_bind($ds, $result[0]['dn'], $authPW )) {
  105.  
  106. return $result[0];
  107. }
  108. }
  109. }
  110. }
  111. return NULL;
  112.  
  113.  
  114. }
  115.  
  116. // Search a user by the given filter and returns the attributes defined in the array $required
  117. function ldapSearchUser($filter, $required)
  118. {
  119. global $AUTHCFG;
  120.  
  121. $conn = ldapConnectServer();
  122. if ($conn == NULL)
  123. return NULL;
  124.  
  125. $ident = @ldap_search($conn, $AUTHCFG['ldap_basedn'], $filter, $required);
  126. if ($ident)
  127. {
  128. $result = @ldap_get_entries($conn, $ident);
  129. @ldap_free_result($ident);
  130. }
  131. @ldap_unbind($conn);
  132.  
  133. return $result;
  134. }
  135. // Searches for a user's fullname
  136. // returns a hashtable with Account => FullName of all matching users
  137. function ldapSearchUserAccountAndName($user)
  138. {
  139. global $AUTHCFG;
  140.  
  141. $fldaccount = strtolower($AUTHCFG['ldap_account']);
  142. $fldname = strtolower($AUTHCFG['ldap_fullname']);
  143. $fldclass = strtolower($AUTHCFG['ldap_objclass']);
  144.  
  145. $usrfilter = explode("|", $AUTHCFG['ldap_userfilter']);
  146.  
  147. $required = array($fldaccount,$fldname,$fldclass);
  148. $ldapArray = ldapSearchUser("$fldname=*$user*", $required);
  149.  
  150. // copy from LDAP specific array to a standardized hashtable
  151. // Skip Groups and Organizational Units. Copy only users.
  152. for ($i=0; $i<$ldapArray["count"]; $i++)
  153. {
  154. $isuser = false;
  155. foreach($usrfilter as $filt)
  156. {
  157. if (array_search($filt, $ldapArray[$i][$fldclass]))
  158. {
  159. $isuser = true;
  160. break;
  161. }
  162. }
  163. if ($isuser)
  164. {
  165. $account = $ldapArray[$i][$fldaccount][0];
  166. $name = $ldapArray[$i][$fldname] [0];
  167.  
  168. $userArray[$account] = $name;
  169. }
  170. }
  171. return $userArray;
  172. }
  173. // retrieve all requested LDAP values for the given user account
  174. // $fields = array("ldap_forename", "ldap_email",...)
  175. // returns a hashtable with "ldap_forename" => "John"
  176. function ldapGetUserValues($account, $fields)
  177. {
  178. global $AUTHCFG;
  179.  
  180. foreach ($fields as $key)
  181. {
  182. $required[] = $AUTHCFG[$key];
  183. }
  184.  
  185. $filter = $AUTHCFG['ldap_account'] . "=" .$account;
  186. $ldapArray = ldapSearchUser($filter, $required);
  187.  
  188. // copy from LDAP specific array to a standardized hashtable
  189. foreach ($fields as $key)
  190. {
  191. $attr = strtolower($AUTHCFG[$key]);
  192. $value = $ldapArray[0][$attr][0];
  193. $valueArray[$key] = $value;
  194. }
  195. return $valueArray;
  196. }
  197.  
  198.  
  199. ?>
RAW Paste Data