From 0c4677bf9bcbf6aa00981313551b30374e73f7ba Mon Sep 17 00:00:00 2001 From: hydrian Date: Mon, 18 Mar 2013 23:50:09 -0400 Subject: [PATCH 1/2] Initial release of auth_ldap --- plugins/auth_ldap/init.php | 135 +++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 plugins/auth_ldap/init.php diff --git a/plugins/auth_ldap/init.php b/plugins/auth_ldap/init.php new file mode 100644 index 00000000..1985e38e --- /dev/null +++ b/plugins/auth_ldap/init.php @@ -0,0 +1,135 @@ +link = $host->get_link(); + $this->host = $host; + $this->base = new Auth_Base($this->link); + + $host->add_hook($host::HOOK_AUTH_USER, $this); + } + + private function _log($msg) { + trigger_error($msg, E_USER_WARN); + } + + function authenticate($login, $password) { + if ($login && $password) { + if (!function_exists('ldap_connect')) { + trigger_error('auth_ldap requires PHP\'s PECL LDAP package installed.'); + return FALSE; + } + if (!require_once('Net/LDAP2.php')) { + trigger_error('auth_ldap requires the PEAR package Net::LDAP2'); + return FALSE; + } + $parsedURI=parse_url(LDAP_AUTH_SERVER_URI); + if ($parsedURI === FALSE) { + $this->_log('Could not parse LDAP_AUTH_SERVER_URI in config.php'); + return FALSE; + } + $ldapConnParams=array( + 'host'=>$parsedURI['scheme'].'://'.$parsedURI['host'], + 'basedn'=>LDAP_AUTH_BASEDN, + 'options' => array('LDAP_OPT_REFERRALS' => 0) + ); + $ldapConnParams['starttls']= defined('LDAP_AUTH_USETLS') ? + LDAP_AUTH_USETLS : FALSE; + + if (is_int($parsedURI['port'])) { + $ldapConnParams['port']=$parsedURI['port']; + } + // Making connection to LDAP server + if (LDAP_AUTH_ALLOW_UNTRUSTED_CERT === TRUE) { + putenv('LDAPTLS_REQCERT=never'); + } + $ldapConn = Net_LDAP2::connect($ldapConnParams); + if (Net_LDAP2::isError($ldapConn)) { + $this->_log('Could not connect to LDAP Server: '.$ldapConn->getMessage()); + return FALSE; + } + // Bind with service account + $binding=$ldapConn->bind(LDAP_AUTH_BINDDN, LDAP_AUTH_BINDPW); + if (Net_LDAP2::isError($binding)) { + $this->_log('Cound not bind service account: '.$binding->getMessage()); + return FALSE; + } + //Searching for user + $completedSearchFiler=str_replace('???',$login,LDAP_AUTH_SEARCHFILTER); + $filterObj=Net_LDAP2_Filter::parse($completedSearchFiler); + $searchResults=$ldapConn->search(LDAP_AUTH_BASEDN, $filterObj); + if (Net_LDAP2::isError($searchResults)) { + $this->_log('LDAP Search Failed: '.$searchResults->getMessage()); + return FALSE; + } elseif ($searchResults->count() === 0) { + return FALSE; + } elseif ($searchResults->count() > 1 ) { + $this->_log('Multiple DNs found for username '.$login); + return FALSE; + } + //Getting user's DN from search + $userEntry=$searchResults->shiftEntry(); + $userDN=$userEntry->dn(); + //Binding with user's DN. + $loginAttempt=$ldapConn->bind($userDN, $password); + $ldapConn->disconnect(); + if ($loginAttempt === TRUE) { + return $this->base->auto_create_user($login); + } elseif ($loginAttempt->getCode() == 49) { + return FALSE; + } else { + $this->_log('Unknown Error: Code: '.$loginAttempt->getCode(). + ' Message: '.$loginAttempt->getMessage()); + return FALSE; + } + } + return false; + } + +} + +?> From 8d0da886420d5ac7d62e600a996891e9bdc43840 Mon Sep 17 00:00:00 2001 From: hydrian Date: Tue, 19 Mar 2013 00:16:42 -0400 Subject: [PATCH 2/2] comment --- plugins/auth_ldap/init.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/auth_ldap/init.php b/plugins/auth_ldap/init.php index 1985e38e..e1a4c49f 100644 --- a/plugins/auth_ldap/init.php +++ b/plugins/auth_ldap/init.php @@ -21,7 +21,7 @@ */ /** - * Notes + * Notes - * LDAP search does not support follow ldap referals. Referals are disabled to * allow proper login. This is particular to Active Directory. *