diff options
Diffstat (limited to 'app/Auth/Ldap.php')
-rw-r--r-- | app/Auth/Ldap.php | 89 |
1 files changed, 67 insertions, 22 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index 97d4d0e3..63d495fa 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -69,6 +69,28 @@ class Ldap extends Base } /** + * Create a new local user after the LDAP authentication + * + * @access public + * @param string $username Username + * @param string $name Name of the user + * @param string $email Email address + * @return bool + */ + public function createUser($username, $name, $email) + { + $values = array( + 'username' => $username, + 'name' => $name, + 'email' => $email, + 'is_admin' => 0, + 'is_ldap_user' => 1, + ); + + return $this->user->create($values); + } + + /** * Find the user from the LDAP server * * @access public @@ -78,6 +100,23 @@ class Ldap extends Base */ public function findUser($username, $password) { + $ldap = $this->connect(); + + if ($this->bind($ldap, $username, $password)) { + return $this->search($ldap, $username, $password); + } + + return false; + } + + /** + * LDAP connection + * + * @access private + * @return resource $ldap LDAP connection + */ + private function connect() + { if (! function_exists('ldap_connect')) { die('The PHP LDAP extension is required'); } @@ -96,6 +135,20 @@ class Ldap extends Base ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + return $ldap; + } + + /** + * LDAP bind + * + * @access private + * @param resource $ldap LDAP connection + * @param string $username Username + * @param string $password Password + * @return boolean + */ + private function bind($ldap, $username, $password) + { if (LDAP_BIND_TYPE === 'user') { $ldap_username = sprintf(LDAP_USERNAME, $username); $ldap_password = $password; @@ -113,6 +166,20 @@ class Ldap extends Base return false; } + return true; + } + + /** + * LDAP user lookup + * + * @access private + * @param resource $ldap LDAP connection + * @param string $username Username + * @param string $password Password + * @return boolean|array + */ + private function search($ldap, $username, $password) + { $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, sprintf(LDAP_USER_PATTERN, $username), array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL)); if ($sr === false) { @@ -138,26 +205,4 @@ class Ldap extends Base return false; } - - /** - * Create a new local user after the LDAP authentication - * - * @access public - * @param string $username Username - * @param string $name Name of the user - * @param string $email Email address - * @return bool - */ - public function createUser($username, $name, $email) - { - $values = array( - 'username' => $username, - 'name' => $name, - 'email' => $email, - 'is_admin' => 0, - 'is_ldap_user' => 1, - ); - - return $this->user->create($values); - } } |