diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-01-19 21:42:11 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-01-19 21:42:11 -0500 |
| commit | 525d31d1bf485552330222049b630345814c9b44 (patch) | |
| tree | 4f0ad2156e11f0e9e1db2691e4959faa4c472c1e /app/Auth/Ldap.php | |
| parent | a5b6ac2b6a5277ec0bbb5ec73078330ed5043877 (diff) | |
| parent | 969d60ab416c075db27f7a0247f0c48ab519afa6 (diff) | |
Merge pull-request #524
Diffstat (limited to 'app/Auth/Ldap.php')
| -rw-r--r-- | app/Auth/Ldap.php | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index b3440614..22c9fb88 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -206,4 +206,52 @@ class Ldap extends Base return false; } + + /** + * Retrieve info on LDAP user. + * + * @param resource $ldap LDAP connection + * @param string $username Username + * @param string $email Email address + */ + public function lookup($username = null, $email = null) + { + if ($username && $email) + $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')'; + else if ($username) + $query = sprintf(LDAP_USER_PATTERN, $username); + else if ($email) + $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')'; + else + return false; + + // Connect and attempt anonymous bind + $ldap = $this->connect(); + if (!is_resource($ldap) || !$this->bind($ldap, null, null)) + return false; + + // Try to find user + $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID)); + if ($sr === false) { + return false; + } + + $info = ldap_get_entries($ldap, $sr); + + // User not found + if (count($info) == 0 || $info['count'] == 0) { + return false; + } + + // User id not retrieved: LDAP_ACCOUNT_ID not properly configured + if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) { + return false; + } + + return array( + 'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username, + 'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '', + 'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email, + ); + } } |