diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/Auth/Ldap.php | 48 | ||||
-rw-r--r-- | app/constants.php | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php index b3440614..22c9fb88 100644 --- a/app/Auth/Ldap.php +++ b/app/Auth/Ldap.php @@ -206,4 +206,52 @@ class Ldap extends Base return false; } + + /** + * Retrieve info on LDAP user. + * + * @param resource $ldap LDAP connection + * @param string $username Username + * @param string $email Email address + */ + public function lookup($username = null, $email = null) + { + if ($username && $email) + $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')'; + else if ($username) + $query = sprintf(LDAP_USER_PATTERN, $username); + else if ($email) + $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')'; + else + return false; + + // Connect and attempt anonymous bind + $ldap = $this->connect(); + if (!is_resource($ldap) || !$this->bind($ldap, null, null)) + return false; + + // Try to find user + $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID)); + if ($sr === false) { + return false; + } + + $info = ldap_get_entries($ldap, $sr); + + // User not found + if (count($info) == 0 || $info['count'] == 0) { + return false; + } + + // User id not retrieved: LDAP_ACCOUNT_ID not properly configured + if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) { + return false; + } + + return array( + 'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username, + 'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '', + 'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email, + ); + } } diff --git a/app/constants.php b/app/constants.php index a8d8f56e..f0384d30 100644 --- a/app/constants.php +++ b/app/constants.php @@ -34,6 +34,7 @@ defined('LDAP_ACCOUNT_BASE') or define('LDAP_ACCOUNT_BASE', ''); defined('LDAP_USER_PATTERN') or define('LDAP_USER_PATTERN', ''); defined('LDAP_ACCOUNT_FULLNAME') or define('LDAP_ACCOUNT_FULLNAME', 'displayname'); defined('LDAP_ACCOUNT_EMAIL') or define('LDAP_ACCOUNT_EMAIL', 'mail'); +defined('LDAP_ACCOUNT_ID') or define('LDAP_ACCOUNT_ID', ''); // Google authentication defined('GOOGLE_AUTH') or define('GOOGLE_AUTH', false); |