29 require_once
"Auth/Container.php";
33 require_once
"PEAR.php";
232 if (
false === extension_loaded(
'ldap')) {
239 if (is_array($params)) {
280 if (isset($this->options[
'url']) && $this->options[
'url'] !=
'') {
282 $conn_params = array($this->options[
'url']);
285 $conn_params = array($this->options[
'host'], $this->options[
'port']);
288 if (($this->conn_id = @call_user_func_array(
'ldap_connect', $conn_params)) ===
false) {
290 $this->
log(
'LDAP ERROR: '.ldap_errno($this->conn_id).
': '.ldap_error($this->conn_id),
AUTH_LOG_DEBUG);
291 return PEAR::raiseError(
'Auth_Container_LDAP: Could not connect to server.', 41);
296 if (is_numeric($this->options[
'version']) && $this->options[
'version'] > 2) {
297 $this->
log(
"Switching to LDAP version {$this->options['version']}",
AUTH_LOG_DEBUG);
298 @ldap_set_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, $this->options[
'version']);
301 if (isset($this->options[
'start_tls']) && $this->options[
'start_tls']) {
303 if (@ldap_start_tls($this->conn_id) ===
false) {
305 $this->
log(
'LDAP ERROR: '.ldap_errno($this->conn_id).
': '.ldap_error($this->conn_id),
AUTH_LOG_DEBUG);
312 if (is_bool($this->options[
'referrals'])) {
313 $this->
log(
"Switching LDAP referrals to " . (($this->options[
'referrals']) ?
'true' :
'false'),
AUTH_LOG_DEBUG);
314 if (@ldap_set_option($this->conn_id, LDAP_OPT_REFERRALS, $this->options[
'referrals']) ===
false) {
316 $this->
log(
'LDAP ERROR: '.ldap_errno($this->conn_id).
': '.ldap_error($this->conn_id),
AUTH_LOG_DEBUG);
321 if (strlen($this->options[
'binddn']) && strlen($this->options[
'bindpw'])) {
323 $bind_params = array($this->conn_id, $this->options[
'binddn'], $this->options[
'bindpw']);
326 $bind_params = array($this->conn_id);
330 if ((@call_user_func_array(
'ldap_bind', $bind_params)) ===
false) {
332 $this->
log(
'LDAP ERROR: '.ldap_errno($this->conn_id).
': '.ldap_error($this->conn_id),
AUTH_LOG_DEBUG);
334 return PEAR::raiseError(
"Auth_Container_LDAP: Could not bind to LDAP server.", 41);
353 $this->
log(
'disconnecting from server');
354 @ldap_unbind($this->conn_id);
374 if ($this->options[
'basedn'] ==
"" && $this->
_isValidLink()) {
377 $result_id = @ldap_read($this->conn_id,
"",
"(objectclass=*)", array(
"namingContexts"));
379 if (@ldap_count_entries($this->conn_id, $result_id) == 1) {
383 $entry_id = @ldap_first_entry($this->conn_id, $result_id);
384 $attrs = @ldap_get_attributes($this->conn_id, $entry_id);
385 $basedn = $attrs[
'namingContexts'][0];
389 $this->options[
'basedn'] = $basedn;
392 @ldap_free_result($result_id);
396 if ($this->options[
'basedn'] ==
"") {
397 return PEAR::raiseError(
"Auth_Container_LDAP: LDAP search base not specified!", 41);
413 if (is_resource($this->conn_id)) {
414 if (get_resource_type($this->conn_id) ==
'ldap link') {
431 $this->options[
'url'] =
'';
432 $this->options[
'host'] =
'localhost';
433 $this->options[
'port'] =
'389';
434 $this->options[
'version'] = 2;
435 $this->options[
'referrals'] =
true;
436 $this->options[
'binddn'] =
'';
437 $this->options[
'bindpw'] =
'';
438 $this->options[
'basedn'] =
'';
439 $this->options[
'userdn'] =
'';
440 $this->options[
'userscope'] =
'sub';
441 $this->options[
'userattr'] =
'uid';
442 $this->options[
'userfilter'] =
'(objectClass=posixAccount)';
443 $this->options[
'attributes'] = array(
'');
444 $this->options[
'attrformat'] =
'AUTH';
445 $this->options[
'group'] =
'';
446 $this->options[
'groupdn'] =
'';
447 $this->options[
'groupscope'] =
'sub';
448 $this->options[
'groupattr'] =
'cn';
449 $this->options[
'groupfilter'] =
'(objectClass=groupOfUniqueNames)';
450 $this->options[
'memberattr'] =
'uniqueMember';
451 $this->options[
'memberisdn'] =
true;
452 $this->options[
'start_tls'] =
false;
453 $this->options[
'debug'] =
false;
454 $this->options[
'try_all'] =
false;
470 foreach ($array as $key => $value) {
471 if (array_key_exists($key, $this->options)) {
472 if ($key ==
'attributes') {
473 if (is_array($value)) {
474 $this->options[$key] = $value;
476 $this->options[$key] = explode(
',', $value);
479 $this->options[$key] = $value;
498 if (isset($array[
'useroc']))
499 $array[
'userfilter'] =
"(objectClass=".$array[
'useroc'].
")";
500 if (isset($array[
'groupoc']))
501 $array[
'groupfilter'] =
"(objectClass=".$array[
'groupoc'].
")";
502 if (isset($array[
'scope']))
503 $array[
'userscope'] = $array[
'scope'];
521 $function =
'ldap_list';
524 $function =
'ldap_read';
527 $function =
'ldap_search';
561 if (@ldap_get_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, $ver) && $ver == 3) {
563 $username = utf8_encode($username);
567 $filter = sprintf(
'(&(%s=%s)%s)',
568 $this->options[
'userattr'],
570 $this->options[
'userfilter']);
573 $search_basedn = $this->options[
'userdn'];
574 if ($search_basedn !=
'' && substr($search_basedn, -1) !=
',') {
575 $search_basedn .=
',';
577 $search_basedn .= $this->options[
'basedn'];
580 $searchAttributes = $this->options[
'attributes'];
583 $func_params = array($this->conn_id, $search_basedn, $filter, $searchAttributes);
588 $this->
log(
"Searching with $func_name and filter $filter in $search_basedn",
AUTH_LOG_DEBUG);
591 if (($result_id = @call_user_func_array($func_name, $func_params)) ===
false) {
593 } elseif (@ldap_count_entries($this->conn_id, $result_id) >= 1) {
604 $entry_id = @ldap_first_entry($this->conn_id, $result_id);
607 $entry_id = @ldap_next_entry($this->conn_id, $entry_id);
608 if ($entry_id ===
false)
611 $user_dn = @ldap_get_dn($this->conn_id, $entry_id);
614 if (is_array($searchAttributes) && in_array(
'dn', $searchAttributes)) {
616 $this->_auth_obj->setAuthData(
'dn', $user_dn);
620 if ($attributes = @ldap_get_attributes($this->conn_id, $entry_id)) {
622 if (is_array($attributes) && isset($attributes[
'count']) &&
623 $attributes[
'count'] > 0) {
638 if ( strtoupper($this->options[
'attrformat']) ==
'AUTH' ) {
640 unset ($attributes[
'count']);
641 foreach ($attributes as $attributeName => $attributeValue ) {
642 if (is_int($attributeName))
continue;
643 if (is_array($attributeValue) && isset($attributeValue[
'count'])) {
644 unset ($attributeValue[
'count']);
646 if (count($attributeValue)<=1) $attributeValue = $attributeValue[0];
648 $this->_auth_obj->setAuthData($attributeName, $attributeValue);
654 $this->_auth_obj->setAuthData(
'attributes', $attributes);
658 @ldap_free_result($result_id);
662 if ($password !=
"") {
666 if (@ldap_bind($this->conn_id, $user_dn, $password)) {
670 if (strlen($this->options[
'group'])) {
673 $return = $this->
checkGroup(($this->options[
'memberisdn']) ? $user_dn : $username);
683 }
while ($this->options[
'try_all'] ==
true);
713 $filter = sprintf(
'(&(%s=%s)(%s=%s)%s)',
714 $this->options[
'groupattr'],
715 $this->options[
'group'],
716 $this->options[
'memberattr'],
718 $this->options[
'groupfilter']);
721 $search_basedn = $this->options[
'groupdn'];
722 if ($search_basedn !=
'' && substr($search_basedn, -1) !=
',') {
723 $search_basedn .=
',';
725 $search_basedn .= $this->options[
'basedn'];
727 $func_params = array($this->conn_id, $search_basedn, $filter,
728 array($this->options[
'memberattr']));
731 $this->
log(
"Searching with $func_name and filter $filter in $search_basedn",
AUTH_LOG_DEBUG);
734 if (($result_id = @call_user_func_array($func_name, $func_params)) !=
false) {
735 if (@ldap_count_entries($this->conn_id, $result_id) == 1) {
736 @ldap_free_result($result_id);
757 $metas = array(
'\\',
'*',
'(',
')',
"\x00");
758 $quoted_metas = array(
'\\\\',
'\*',
'\(',
'\)',
"\\\x00");
759 return str_replace($metas, $quoted_metas, $filter_str);