Context Navigation

source: extensions/Ldap_Login/class.ldap.php @ 28266

Last change on this file since 28266 was 27285, checked in by 22decembre, 10 years ago
added function load_default_config use_ssl -> ld_use_ssl
File size: 5.3 KB

Line
1	<?php
2	global $conf;
3	class Ldap {
4	var $cnx;
5	var $config;
6
7	// for debug
8	public function write_log($message){
9	@file_put_contents('/var/log/ldap_login.log',$message."\n",FILE_APPEND);
10	}
11
12	/**
13	* check ldap configuration
14	*
15	* Dans le cas ou l'acces au ldap est anonyme il faut impérativement faire une recherche
16	* pour tester la connection.
17	*
18	* When OpenLDAP 2.x.x is used, ldap_connect() will always return a resource as it does not actually connect
19	* but just initializes the connecting parameters. The actual connect happens with the next calls
20	* to ldap_* funcs, usually with ldap_bind().
21	*/
22	public function check_ldap(){
23
24	if (!$this->ldap_conn()) {
25	return $this->getErrorString();
26	}
27
28	// test du compte root si renseigné
29	if (!empty($this->config['ld_binddn']) && !empty($this->config['ld_bindpw'])){ // if empty ld_binddn, anonymous search
30	// authentication with rootdn and rootpw for search
31	if (!$this->ldap_bind_as($this->config['ld_binddn'],$this->config['ld_bindpw'])){
32	return $this->getErrorString();
33	}
34	} else {
35	// sinon recherche du basedn (cf comportement ldap_connect avec OpenLDAP)
36	if (!$this->ldap_check_basedn()){ // search userdn
37	return $this->getErrorString();
38	}
39	}
40	return true;
41	}
42
43	public function load_default_config()
44	{
45	$this->config['host'] = 'localhost';
46	$this->config['basedn'] = 'ou=people,dc=example,dc=com'; // racine !
47	$this->config['port'] = ''; // if port is empty, I count on the software to care of it !
48	$this->config['ld_attr'] = 'uid';
49	$this->config['ld_use_ssl'] = False;
50	$this->config['ld_bindpw'] ='';
51	$this->config['ld_binddn'] ='';
52
53	$this->config['allow_newusers'] = False;
54	$this->config['advertise_admin_new_ldapuser'] = False;
55	$this->config['send_password_by_mail_ldap'] = False;
56	}
57
58	function load_config() {
59	// first we load the base config
60	$conf_file = @file_get_contents( LDAP_LOGIN_PATH.'data.dat' );
61	if ($conf_file!==false)
62	{
63	$this->config = unserialize($conf_file);
64	}
65	}
66
67	function save_config()
68	{
69	$file = fopen( LDAP_LOGIN_PATH.'/data.dat', 'w' );
70	fwrite($file, serialize($this->config) );
71	fclose( $file );
72	}
73
74	function ldap_admin_menu($menu)
75	{
76	array_push($menu,
77	array(
78	'NAME' => 'Ldap Login',
79	'URL' => get_admin_plugin_menu_link(LDAP_LOGIN_PATH.'/admin.php') )
80	);
81	return $menu;
82	}
83
84	public function ldap_conn(){
85	if ($this->config['ld_use_ssl'] == 1){
86	if (empty($this->config['port'])){
87	$this->config['uri'] = 'ldaps://'.$this->config['host'];
88	}
89	else {
90	$this->config['uri'] = 'ldaps://'.$this->config['host'].':'.$this->config['port'];
91	}
92	}
93
94	// now, it's without ssl
95	else {
96	if (empty($this->config['port'])){
97	$this->config['uri'] = 'ldap://'.$this->config['host'];
98	}
99	else {
100	$this->config['uri'] = 'ldap://'.$this->config['host'].':'.$this->config['port'];
101	}
102	}
103
104	if ($this->cnx = @ldap_connect($this->config['uri'])){
105	@ldap_set_option($this->cnx, LDAP_OPT_PROTOCOL_VERSION, 3); // LDAPv3 if possible
106	return true;
107	}
108	return false;
109
110	// connect with rootdn in case not anonymous.
111	if (!empty($obj->config['ld_binddn']) && !empty($obj->config['ld_bindpw'])){ // if empty ld_binddn, anonymous work
112
113	// authentication with rootdn and rootpw for dn search
114	// carefull ! rootdn should be in full ldap style ! Nothing is supposed (to be one of the users the plugin auth…).
115	if (@ldap_bind($obj->config['ld_binddn'],$obj->config['ld_bindpw'])){
116	return false;
117	}
118	}
119	}
120
121	// return ldap error
122	public function getErrorString(){
123	return ldap_err2str(ldap_errno($this->cnx));
124	}
125
126	// return the name ldap understand
127	public function ldap_name($name){
128	return $this->config['ld_attr'].'='.$name.','.$this->config['basedn'];
129	}
130
131	// authentication
132	public function ldap_bind_as($user,$user_passwd){
133	if (@ldap_bind($this->cnx,$this->ldap_name($user),$user_passwd)){
134	return true;
135	}
136	return false;
137	}
138
139	public function ldap_mail($name){
140
141	//echo $this->cnx;
142	//echo $this->ldap_name($name);
143	$sr=@ldap_read($this->cnx, $this->ldap_name($name), "(objectclass=*)", array('mail'));
144	$entry = @ldap_get_entries($this->cnx, $sr);
145
146	if (!empty($entry[0]['mail'])) {
147	return $entry[0]['mail'][0];
148	}
149	return False;
150	}
151
152	// return userdn (and username) for authentication
153	/* public function ldap_search_dn($to_search){
154	$filter = str_replace('%s',$to_search,$this->config['ld_filter']);
155	//$this->write_log('$filter '.$filter);
156
157	if ($search = @ldap_search($this->cnx,$this->config['basedn'],$filter,array('dn',$this->config['ld_attr']),0,1)){
158	$entry = @ldap_get_entries($this->cnx, $search);
159	if (!empty($entry[0][strtolower($this->config['ld_attr'])][0])) {
160	return $entry;
161	}
162	}
163	return false;
164	} */
165
166
167	public function getAttr() {
168	$search = @ldap_read($this->cnx, "cn=subschema", "(objectClass=)", array('', 'subschemasubentry'));
169	$entries = @ldap_get_entries($this->cnx, $search);
170	echo count($entries);
171	}
172
173	public function getRootDse() {
174
175	$search = @ldap_read($this->cnx, NULL, 'objectClass=', array("", "+"));
176	$entries = @ldap_get_entries($this->cnx, $search);
177	return $entries[0];
178	}
179
180
181	public function ldap_check_basedn(){
182	if ($read = @ldap_read($this->cnx,$this->config['basedn'],'(objectClass=*)',array('dn'))){
183	$entry = @ldap_get_entries($this->cnx, $read);
184	if (!empty($entry[0]['dn'])) {
185	return true;
186	}
187	}
188	return false;
189	}
190
191	}
192	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: