LDAPAuthenticator.inc
3.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
require_once("$default->fileSystemRoot/lib/authentication/class.AuthLdap.php");
require_once("$default->fileSystemRoot/lib/authentication/Authenticator.inc");
/**
* $Id$
*
* Perform authentication tasks against LDAP compliant directory server.
*
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* @version $Revision$
* @author Michael Joseph <michael@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
* @package lib.authentication
*/
class LDAPAuthenticator extends Authenticator {
/**
* The LDAP server to connect to
*/
var $sLdapServer;
/**
* The base LDAP DN to perform authentication against
*/
var $sBaseDN;
/**
* The LDAP accessor class
*/
var $oLdap;
/**
* Creates a new instance of the LDAPAuthenticator
*
* @param string the LDAP server to connect to for validation (optional)
* @param string the dn branch to perform the authentication against (optional)
*/
function LDAPAuthenticator($sLdapServer = "", $sLdapDN = "") {
global $default;
$this->sLdapServer = strlen($sLdapServer) > 0 ? $sLdapServer : $default->system->get("ldapServer");
$this->sBaseDN = strlen($sLdapDN) > 0 ? $sLdapDN : $default->system->get("ldapRootDn");
// initialise and setup ldap class
$this->oLdap = new AuthLdap();
$this->oLdap->server = array($this->sLdapServer);
$this->oLdap->dn = $this->sBaseDN;
}
/**
* Checks the user's password against the LDAP directory
*
* @param string the name of the user to check
* @param string the password to check
* @return boolean true if the password is correct, else false
*/
function checkPassword($sUserName, $sPassword) {
global $default;
if ($this->oLdap->connect()) {
// lookup dn from username - must exist in db
$sBindDn = lookupField($default->owl_users_table, "ldap_dn", "username", $sUserName);
if ($sBindDn) {
if ( $this->oLdap->authBind($sBindDn, $sPassword) ) {
return true;
} else {
$_SESSION["errorMessage"] = "LDAP error: (" . $this->oLdap->ldapErrorCode . ") " . $this->oLdap->ldapErrorText;
return false;
}
} else {
// no ldap_dn for this user, so reject this authentication attempt
$_SESSION["errorMessage"] = "Username $sUserName does not not exist in the DMS. Please contact the System Administrator for assistance.";
return false;
}
} else {
$_SESSION["errorMessage"] = "LDAP error: (" . $this->oLdap->ldapErrorCode . ") " . $this->oLdap->ldapErrorText;
return false;
}
}
/**
* Searches the LDAP directory for users matching the supplied search string.
*
* @param string the username to search for
* @param array the attributes to return from the search
* @return array containing the users found
*/
function searchUsers($sUserNameSearch, $aAttributes) {
global $default;
// connect and search
if ( $this->oLdap->connect() ) {
// search for the users
// append and prepend wildcards
$aUserResults = $this->oLdap->getUsers("*" . $sUserNameSearch . "*", $aAttributes);
//return $aUserResults;
if ($aUserResults) {
// return the array
return $aUserResults;
} else {
// the search failed, return empty array
return false;
}
} else {
$_SESSION["errorMessage"] = "LDAP error: (" . $this->oLdap->ldapErrorCode . ") " . $this->oLdap->ldapErrorText;
return false;
}
}
}
?>