summaryrefslogtreecommitdiff
path: root/app/Auth
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2015-10-11 14:44:16 -0400
committerFrederic Guillot <fred@kanboard.net>2015-10-11 14:44:16 -0400
commitdc0749ecce232a5a68d83fbde965ee4ee8e36d00 (patch)
tree9d9b3aa1ef09470553f1469f409803297e138b80 /app/Auth
parentcf6d4d1c0a04b5816865818b9b6ab121071b870f (diff)
Improve LDAP auth
Diffstat (limited to 'app/Auth')
-rw-r--r--app/Auth/Ldap.php39
1 files changed, 29 insertions, 10 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php
index a3c7522c..3a48c402 100644
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -31,6 +31,17 @@ class Ldap extends Base
}
/**
+ * Get LDAP bind type
+ *
+ * @access public
+ * @return integer
+ */
+ public function getLdapBindType()
+ {
+ return LDAP_BIND_TYPE;
+ }
+
+ /**
* Get LDAP server port
*
* @access public
@@ -265,7 +276,7 @@ class Ldap extends Base
public function connect()
{
if (! function_exists('ldap_connect')) {
- $this->logger->error('The PHP LDAP extension is required');
+ $this->logger->error('LDAP: The PHP LDAP extension is required');
return false;
}
@@ -277,7 +288,7 @@ class Ldap extends Base
$ldap = ldap_connect($this->getLdapServer(), $this->getLdapPort());
if ($ldap === false) {
- $this->logger->error('Unable to connect to the LDAP server');
+ $this->logger->error('LDAP: Unable to connect to the LDAP server');
return false;
}
@@ -287,7 +298,7 @@ class Ldap extends Base
ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 1);
if (LDAP_START_TLS && ! @ldap_start_tls($ldap)) {
- $this->logger->error('Unable to use ldap_start_tls()');
+ $this->logger->error('LDAP: Unable to use ldap_start_tls()');
return false;
}
@@ -301,16 +312,15 @@ class Ldap extends Base
* @param resource $ldap
* @param string $username
* @param string $password
- * @param string $ldap_type
* @return boolean
*/
- public function bind($ldap, $username, $password, $ldap_type = LDAP_BIND_TYPE)
+ public function bind($ldap, $username, $password)
{
- if ($ldap_type === 'user') {
- $ldap_username = $this->getLdapUserPattern($username);
+ if ($this->getLdapBindType() === 'user') {
+ $ldap_username = sprintf($this->getLdapUsername(), $username);
$ldap_password = $password;
}
- else if ($ldap_type === 'proxy') {
+ else if ($this->getLdapBindType() === 'proxy') {
$ldap_username = $this->getLdapUsername();
$ldap_password = $this->getLdapPassword();
}
@@ -320,6 +330,8 @@ class Ldap extends Base
}
if (! @ldap_bind($ldap, $ldap_username, $ldap_password)) {
+ $this->logger->error('LDAP: Unable to bind to server with: '.$ldap_username);
+ $this->logger->error('LDAP: bind type='.$this->getLdapBindType());
return false;
}
@@ -337,8 +349,11 @@ class Ldap extends Base
*/
public function getProfile($ldap, $username, $password)
{
- $entries = $this->executeQuery($ldap, $this->getLdapUserPattern($username));
+ $user_pattern = $this->getLdapUserPattern($username);
+ $entries = $this->executeQuery($ldap, $user_pattern);
+
if ($entries === false) {
+ $this->logger->error('LDAP: Unable to get user profile: '.$user_pattern);
return false;
}
@@ -346,6 +361,10 @@ class Ldap extends Base
return $this->prepareProfile($ldap, $entries, $username);
}
+ if (DEBUG) {
+ $this->logger->debug('LDAP: wrong password for '.$entries[0]['dn']);
+ }
+
return false;
}
@@ -442,7 +461,7 @@ class Ldap extends Base
*/
private function executeQuery($ldap, $query)
{
- $sr = ldap_search($ldap, $this->getLdapBaseDn(), $query, $this->getProfileAttributes());
+ $sr = @ldap_search($ldap, $this->getLdapBaseDn(), $query, $this->getProfileAttributes());
if ($sr === false) {
return false;
}