summaryrefslogtreecommitdiff
path: root/app/Model
diff options
context:
space:
mode:
authorFrancois Ferrand <thetypz@gmail.com>2014-06-30 17:49:32 +0200
committerFrancois Ferrand <thetypz@gmail.com>2014-06-30 18:15:51 +0200
commit98bd694e2bd47b0c4ed8247546b1903c762ffdde (patch)
tree9427c2b2347a353e35234ee43d9526bdbf278e67 /app/Model
parente5e355d06890b324df2ded707ca491f9539dd171 (diff)
Implement LDAP user lookup.
This is required to improve compatibility when the DN cannot be easily computed from the user name. Additionally, this allows automatically getting the full name and email address from LDAP.
Diffstat (limited to 'app/Model')
-rw-r--r--app/Model/Ldap.php22
1 files changed, 19 insertions, 3 deletions
diff --git a/app/Model/Ldap.php b/app/Model/Ldap.php
index 3359318c..9e7d0445 100644
--- a/app/Model/Ldap.php
+++ b/app/Model/Ldap.php
@@ -33,8 +33,20 @@ class Ldap extends Base
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
- if (@ldap_bind($ldap, sprintf(LDAP_USER_DN, $username), $password)) {
- return $this->create($username);
+ if (!@ldap_bind($ldap, LDAP_USERNAME, LDAP_PASSWORD)) {
+ die('Unable to bind to the LDAP server: "'.LDAP_SERVER.'"');
+ }
+
+ $sr = ldap_search($ldap, LDAP_ACCOUNT_BASE, sprintf(LDAP_USER_PATTERN, $username), array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL));
+ $info = ldap_get_entries($ldap, $sr);
+ if (count($info) == 0 || $info['count'] == 0) {
+ //User not found
+ return false;
+ }
+
+ if (@ldap_bind($ldap, $info[0]['dn'], $password)) {
+ error_log("Bind to user OK");
+ return $this->create($username, $info[0][LDAP_ACCOUNT_FULLNAME][0], $info[0][LDAP_ACCOUNT_EMAIL][0]);
}
return false;
@@ -45,9 +57,11 @@ class Ldap extends Base
*
* @access public
* @param string $username Username
+ * @param string $name Name of the user
+ * @param string $email Email address
* @return bool
*/
- public function create($username)
+ public function create($username, $name, $email)
{
$userModel = new User($this->db, $this->event);
$user = $userModel->getByUsername($username);
@@ -70,6 +84,8 @@ class Ldap extends Base
// Create a LDAP user
$values = array(
'username' => $username,
+ 'name' => $name,
+ 'email' => $email,
'is_admin' => 0,
'is_ldap_user' => 1,
);