diff options
| author | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-04-20 19:24:40 -0400 |
|---|---|---|
| committer | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-04-20 19:24:40 -0400 |
| commit | dea5f99363d4cf8e9ffff967c8cbdb38c8c50507 (patch) | |
| tree | cadeb605c8c4f919dd3e1f8d43cfec6fe980ec6d /models/ldap.php | |
| parent | 1b05f20d58474f053ee8a09343389b34a7f39fb7 (diff) | |
Add LDAP authentication
Diffstat (limited to 'models/ldap.php')
| -rw-r--r-- | models/ldap.php | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/models/ldap.php b/models/ldap.php new file mode 100644 index 00000000..95401211 --- /dev/null +++ b/models/ldap.php @@ -0,0 +1,81 @@ +<?php + +namespace Model; + +require_once __DIR__.'/base.php'; + +/** + * LDAP model + * + * @package model + * @author Frederic Guillot + */ +class Ldap extends Base +{ + /** + * Authenticate a user + * + * @access public + * @param string $username Username + * @param string $password Password + * @return bool + */ + public function authenticate($username, $password) + { + if (! function_exists('ldap_connect')) { + die('The PHP LDAP extension is required'); + } + + $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT); + + if (! is_resource($ldap)) { + die('Unable to connect to the LDAP server: "'.LDAP_SERVER.'"'); + } + + ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); + ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + + if (@ldap_bind($ldap, sprintf(LDAP_USER_DN, $username), $password)) { + return $this->create($username); + } + + return false; + } + + /** + * Create automatically a new local user after the LDAP authentication + * + * @access public + * @param string $username Username + * @return bool + */ + public function create($username) + { + $userModel = new User($this->db, $this->event); + $user = $userModel->getByUsername($username); + + // There is an existing user account + if ($user) { + + if ($user['is_ldap_user'] == 1) { + + // LDAP user already created + return true; + } + else { + + // There is already a local user with that username + return false; + } + } + + // Create a LDAP user + $values = array( + 'username' => $username, + 'is_admin' => 0, + 'is_ldap_user' => 1, + ); + + return $userModel->create($values); + } +} |