summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/Auth/Ldap.php76
-rw-r--r--app/Auth/ReverseProxy.php1
2 files changed, 42 insertions, 35 deletions
diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php
index 262c5cd7..cc1b3f95 100644
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -109,9 +109,11 @@ class Ldap extends Base
* LDAP connection
*
* @access public
+ * @param string $ldap_hostname
+ * @param integer $ldap_port
* @return resource|boolean
*/
- public function connect()
+ public function connect($ldap_hostname = LDAP_SERVER, $ldap_port = LDAP_PORT)
{
if (! function_exists('ldap_connect')) {
$this->logger->error('The PHP LDAP extension is required');
@@ -123,12 +125,13 @@ class Ldap extends Base
putenv('LDAPTLS_REQCERT=never');
}
- $ldap = ldap_connect(LDAP_SERVER, LDAP_PORT);
+ $ldap = ldap_connect($ldap_hostname, $ldap_port);
if ($ldap === false) {
$this->logger->error('Unable to connect to the LDAP server: "'.LDAP_SERVER.'"');
return false;
}
+
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 1);
@@ -143,7 +146,7 @@ class Ldap extends Base
}
/**
- * LDAP bind
+ * LDAP authentication
*
* @access public
* @param resource $ldap
@@ -179,33 +182,34 @@ class Ldap extends Base
/**
* LDAP user lookup
*
- * @access private
- * @param resource $ldap LDAP connection
- * @param string $username Username
- * @param string $password Password
+ * @access public
+ * @param resource $ldap
+ * @param string $username
+ * @param string $password
+ * @param string $base_dn
+ * @param string $user_pattern
+ * @param array $attributes
* @return boolean|array
*/
- private function search($ldap, $username, $password)
+ public function search($ldap, $username, $password, $base_dn = LDAP_ACCOUNT_BASE, $user_pattern = LDAP_USER_PATTERN, array $attributes = array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL))
{
- $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, sprintf(LDAP_USER_PATTERN, $username), array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL));
+ $sr = ldap_search($ldap, $base_dn, sprintf($user_pattern, $username), $attributes);
if ($sr === false) {
return false;
}
- $info = ldap_get_entries($ldap, $sr);
+ $entries = ldap_get_entries($ldap, $sr);
- // User not found
- if (count($info) === 0 || $info['count'] == 0) {
+ if ($entries === false || count($entries) === 0 || $entries['count'] == 0) {
return false;
}
- // We got our user
- if (@ldap_bind($ldap, $info[0]['dn'], $password)) {
+ if (@ldap_bind($ldap, $entries[0]['dn'], $password)) {
return array(
'username' => $username,
- 'name' => $this->getFromInfo($info, LDAP_ACCOUNT_FULLNAME),
- 'email' => $this->getFromInfo($info, LDAP_ACCOUNT_EMAIL),
+ 'name' => $this->getEntry($entries, LDAP_ACCOUNT_FULLNAME),
+ 'email' => $this->getEntry($entries, LDAP_ACCOUNT_EMAIL),
);
}
@@ -215,24 +219,26 @@ class Ldap extends Base
/**
* Retrieve info on LDAP user
*
- * @param string $username Username
- * @param string $email Email address
+ * @access public
+ * @param string $username Username
+ * @param string $email Email address
+ * @return boolean|array
*/
public function lookup($username = null, $email = null)
{
$query = $this->getQuery($username, $email);
- if ($query === false) {
+ if ($query === '') {
return false;
}
// Connect and attempt anonymous bind
$ldap = $this->connect();
- if (! is_resource($ldap) || ! $this->bind($ldap, null, null)) {
+ if ($ldap === false || ! $this->bind($ldap, null, null, 'anonymous')) {
return false;
}
// Try to find user
- $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID));
+ $sr = ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID));
if ($sr === false) {
return false;
}
@@ -250,17 +256,19 @@ class Ldap extends Base
}
return array(
- 'username' => $this->getFromInfo($info, LDAP_ACCOUNT_ID, $username),
- 'name' => $this->getFromInfo($info, LDAP_ACCOUNT_FULLNAME),
- 'email' => $this->getFromInfo($info, LDAP_ACCOUNT_EMAIL, $email),
+ 'username' => $this->getEntry($info, LDAP_ACCOUNT_ID, $username),
+ 'name' => $this->getEntry($info, LDAP_ACCOUNT_FULLNAME),
+ 'email' => $this->getEntry($info, LDAP_ACCOUNT_EMAIL, $email),
);
}
/**
* Get the LDAP query to find a user
*
- * @param string $username Username
- * @param string $email Email address
+ * @access private
+ * @param string $username Username
+ * @param string $email Email address
+ * @return string
*/
private function getQuery($username, $email)
{
@@ -273,21 +281,21 @@ class Ldap extends Base
else if ($email) {
return '('.LDAP_ACCOUNT_EMAIL.'='.$email.')';
}
- else {
- return false;
- }
+
+ return '';
}
/**
* Return a value from the LDAP info
*
- * @param array $info LDAP info
- * @param string $key Key
- * @param string $default Default value if key not set in entry
+ * @access private
+ * @param array $entries LDAP entries
+ * @param string $key Key
+ * @param string $default Default value if key not set in entry
* @return string
*/
- private function getFromInfo($info, $key, $default = '')
+ private function getEntry(array $entries, $key, $default = '')
{
- return isset($info[0][$key][0]) ? $info[0][$key][0] : $default;
+ return isset($entries[0][$key][0]) ? $entries[0][$key][0] : $default;
}
}
diff --git a/app/Auth/ReverseProxy.php b/app/Auth/ReverseProxy.php
index c8fd5eec..7818254c 100644
--- a/app/Auth/ReverseProxy.php
+++ b/app/Auth/ReverseProxy.php
@@ -28,7 +28,6 @@ class ReverseProxy extends Base
public function authenticate()
{
if (isset($_SERVER[REVERSE_PROXY_USER_HEADER])) {
-
$login = $_SERVER[REVERSE_PROXY_USER_HEADER];
$user = $this->user->getByUsername($login);