From 969d60ab416c075db27f7a0247f0c48ab519afa6 Mon Sep 17 00:00:00 2001
From: Francois Ferrand <thetypz@gmail.com>
Date: Fri, 16 Jan 2015 17:08:48 +0100
Subject: Add Json API to create LDAP user.

This allows setting up permissions before the LDAP users actually connect
to Kanboard, and even importing the permissions from other tools.
---
 app/Auth/Ldap.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

(limited to 'app/Auth')

diff --git a/app/Auth/Ldap.php b/app/Auth/Ldap.php
index b3440614..22c9fb88 100644
--- a/app/Auth/Ldap.php
+++ b/app/Auth/Ldap.php
@@ -206,4 +206,52 @@ class Ldap extends Base
 
         return false;
     }
+
+    /**
+     * Retrieve info on LDAP user.
+     *
+     * @param resource $ldap      LDAP connection
+     * @param string   $username  Username
+     * @param string   $email     Email address
+     */
+    public function lookup($username = null, $email = null)
+    {
+        if ($username && $email)
+            $query = '(&('.sprintf(LDAP_USER_PATTERN, $username).')('.sprintf(LDAP_ACCOUNT_EMAIL, $email).')';
+        else if ($username)
+            $query = sprintf(LDAP_USER_PATTERN, $username);
+        else if ($email)
+            $query = '('.LDAP_ACCOUNT_EMAIL.'='.$email.')';
+        else
+            return false;
+
+        // Connect and attempt anonymous bind
+        $ldap = $this->connect();
+        if (!is_resource($ldap) || !$this->bind($ldap, null, null))
+            return false;
+
+        // Try to find user
+        $sr = @ldap_search($ldap, LDAP_ACCOUNT_BASE, $query, array(LDAP_ACCOUNT_FULLNAME, LDAP_ACCOUNT_EMAIL, LDAP_ACCOUNT_ID));
+        if ($sr === false) {
+            return false;
+        }
+
+        $info = ldap_get_entries($ldap, $sr);
+
+        // User not found
+        if (count($info) == 0 || $info['count'] == 0) {
+            return false;
+        }
+
+        // User id not retrieved: LDAP_ACCOUNT_ID not properly configured
+        if (!$username && !isset($info[0][LDAP_ACCOUNT_ID][0])) {
+            return false;
+        }
+
+        return array(
+            'username' => isset($info[0][LDAP_ACCOUNT_ID][0]) ? $info[0][LDAP_ACCOUNT_ID][0] : $username,
+            'name' => isset($info[0][LDAP_ACCOUNT_FULLNAME][0]) ? $info[0][LDAP_ACCOUNT_FULLNAME][0] : '',
+            'email' => isset($info[0][LDAP_ACCOUNT_EMAIL][0]) ? $info[0][LDAP_ACCOUNT_EMAIL][0] : $email,
+        );
+    }
 }
-- 
cgit v1.2.3