diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-11-27 09:15:12 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-11-27 09:15:12 -0500 |
| commit | 2451706316f08db2aa4b79730c02d297a5f5d59b (patch) | |
| tree | 6fb8570e9a699f9838f481dfbd8c11302ddb2d7a /app/Core/Ldap/Client.php | |
| parent | f837e70a2d74eb37c4c5de7e4f54c8bf8ec78db7 (diff) | |
Add generic LDAP client library
Diffstat (limited to 'app/Core/Ldap/Client.php')
| -rw-r--r-- | app/Core/Ldap/Client.php | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/app/Core/Ldap/Client.php b/app/Core/Ldap/Client.php new file mode 100644 index 00000000..a523428c --- /dev/null +++ b/app/Core/Ldap/Client.php @@ -0,0 +1,84 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP Client + * + * @package ldap + * @author Frederic Guillot + */ +class Client +{ + /** + * Get server connection + * + * @access public + * @param string $server LDAP server hostname or IP + * @param integer $port LDAP port + * @param boolean $tls Start TLS + * @param boolean $verify Skip SSL certificate verification + * @return resource + */ + public function getConnection($server, $port = LDAP_PORT, $tls = LDAP_START_TLS, $verify = LDAP_SSL_VERIFY) + { + if (! function_exists('ldap_connect')) { + throw new ClientException('LDAP: The PHP LDAP extension is required'); + } + + if (! $verify) { + putenv('LDAPTLS_REQCERT=never'); + } + + $ldap = ldap_connect($server, $port); + + if ($ldap === false) { + throw new ClientException('LDAP: Unable to connect to the LDAP server'); + } + + ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 1); + ldap_set_option($ldap, LDAP_OPT_TIMELIMIT, 1); + + if ($tls && ! @ldap_start_tls($ldap)) { + throw new ClientException('LDAP: Unable to start TLS'); + } + + return $ldap; + } + + /** + * Anonymous authentication + * + * @access public + * @param resource $ldap + * @return boolean + */ + public function useAnonymousAuthentication($ldap) + { + if (! ldap_bind($ldap)) { + throw new ClientException('Unable to perform anonymous binding'); + } + + return true; + } + + /** + * Authentication with username/password + * + * @access public + * @param resource $ldap + * @param string $username + * @param string $password + * @return boolean + */ + public function authenticate($ldap, $username, $password) + { + if (! ldap_bind($ldap, $username, $password)) { + throw new ClientException('Unable to perform anonymous binding'); + } + + return true; + } +} |