<?php/* * This file is part of the Symfony package. * * (c) Fabien Pot

1. <?php
2.  
3. /*
4.  * This file is part of the Symfony package.
5.  *
6.  * (c) Fabien Potencier <fabien@symfony.com>
7.  *
8.  * For the full copyright and license information, please view the LICENSE
9.  * file that was distributed with this source code.
10.  */
11.  
12. namespace Symfony\Component\Security\Core\User;
13.  
14. use Symfony\Component\Ldap\Entry;
15. use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
16. use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
17. use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
18. use Symfony\Component\Ldap\Exception\ConnectionException;
19. use Symfony\Component\Ldap\LdapInterface;
20.  
21. /**
22.  * LdapUserProvider is a simple user provider on top of ldap.
23.  *
24.  * @author Grégoire Pineau <lyrixx@lyrixx.info>
25.  * @author Charles Sarrazin <charles@sarraz.in>
26.  */
27. class LdapUserProvider implements UserProviderInterface
28. {
29.     private $ldap;
30.     private $baseDn;
31.     private $searchDn;
32.     private $searchPassword;
33.     private $defaultRoles;
34.     private $uidKey;
35.     private $defaultSearch;
36.     private $passwordAttribute;
37.  
38.     /**
39.      * @param LdapInterface $ldap
40.      * @param string        $baseDn
41.      * @param string        $searchDn
42.      * @param string        $searchPassword
43.      * @param array         $defaultRoles
44.      * @param string        $uidKey
45.      * @param string        $filter
46.      * @param string        $passwordAttribute
47.      */
48.     public function __construct(LdapInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})', $passwordAttribute = null)
49.     {
50.         if (null === $uidKey) {
51.             $uidKey = 'sAMAccountName';
52.         }
53.  
54.         $this->ldap = $ldap;
55.         $this->baseDn = $baseDn;
56.         $this->searchDn = $searchDn;
57.         $this->searchPassword = $searchPassword;
58.         $this->defaultRoles = $defaultRoles;
59.         $this->uidKey = $uidKey;
60.         $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
61.         $this->passwordAttribute = $passwordAttribute;
62.     }
63.  
64.     /**
65.      * {@inheritdoc}
66.      */
67.     public function loadUserByUsername($username)
68.     {
69.         try {
70.             $this->ldap->bind($this->searchDn, $this->searchPassword);
71.             $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
72.             $query = str_replace('{username}', $username, $this->defaultSearch);
73.             $search = $this->ldap->query($this->baseDn, $query);
74.         } catch (ConnectionException $e) {
75.             throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
76.         }
77.  
78.         $entries = $search->execute();
79.         $count = count($entries);
80.  
81.         if (!$count) {
82.             throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
83.         }
84.  
85.         if ($count > 1) {
86.             throw new UsernameNotFoundException('More than one user found');
87.         }
88.  
89.         $entry = $entries[0];
90.  
91.         try {
92.             if (null !== $this->uidKey) {
93.                 $username = $this->getAttributeValue($entry, $this->uidKey);
94.             }
95.         } catch (InvalidArgumentException $e) {
96.         }
97.  
98.         return $this->loadUser($username, $entry);
99.     }
100.  
101.     /**
102.      * {@inheritdoc}
103.      */
104.     public function refreshUser(UserInterface $user)
105.     {
106.         if (!$user instanceof User) {
107.             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
108.         }
109.  
110.         return new User($user->getUsername(), null, $user->getRoles());
111.     }
112.  
113.     /**
114.      * {@inheritdoc}
115.      */
116.     public function supportsClass($class)
117.     {
118.         return 'Symfony\Component\Security\Core\User\User' === $class;
119.     }
120.  
121.     /**
122.      * Loads a user from an LDAP entry.
123.      *
124.      * @param string $username
125.      * @param Entry  $entry
126.      *
127.      * @return User
128.      */
129.     protected function loadUser($username, Entry $entry)
130.     {
131.         $password = null;
132.  
133.         if (null !== $this->passwordAttribute) {
134.             $password = $this->getAttributeValue($entry, $this->passwordAttribute);
135.         }
136.  
137.         return new User($username, $password, $this->defaultRoles);
138.     }
139.  
140.     /**
141.      * Fetches a required unique attribute value from an LDAP entry.
142.      *
143.      * @param null|Entry $entry
144.      * @param string     $attribute
145.      */
146.     private function getAttributeValue(Entry $entry, $attribute)
147.     {
148.         if (!$entry->hasAttribute($attribute)) {
149.             throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn()));
150.         }
151.  
152.         $values = $entry->getAttribute($attribute);
153.  
154.         if (1 !== count($values)) {
155.             throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
156.         }
157.  
158.         return $values[0];
159.     }
160. }