132        assert(
'is_array($config)');
 
  133        assert(
'is_string($location)');
 
  140        $this->hostname = 
$config->getString(
'hostname');
 
  141        $this->enableTLS = 
$config->getBoolean(
'enable_tls', 
false);
 
  142        $this->debug = 
$config->getBoolean(
'debug', 
false);
 
  143        $this->timeout = 
$config->getInteger(
'timeout', 0);
 
  144        $this->port = 
$config->getInteger(
'port', 389);
 
  145        $this->referrals = 
$config->getBoolean(
'referrals', 
true);
 
  146        $this->searchEnable = 
$config->getBoolean(
'search.enable', 
false);
 
  147        $this->privRead = 
$config->getBoolean(
'priv.read', 
false);
 
  149        if ($this->searchEnable) {
 
  150            $this->searchUsername = 
$config->getString(
'search.username', 
null);
 
  151            if ($this->searchUsername !== 
null) {
 
  152                $this->searchPassword = 
$config->getString(
'search.password');
 
  155            $this->searchBase = 
$config->getArrayizeString(
'search.base');
 
  156            $this->searchFilter = 
$config->getString(
'search.filter', 
null);
 
  157            $this->searchAttributes = 
$config->getArray(
'search.attributes');
 
  160            $this->dnPattern = 
$config->getString(
'dnpattern');
 
  164        if ($this->privRead) {
 
  165            $this->privUsername = 
$config->getString(
'priv.username');
 
  166            $this->privPassword = 
$config->getString(
'priv.password');
 
  169        $this->attributes = 
$config->getArray(
'attributes', 
null);
 
  186        assert(
'is_string($username)');
 
  187        assert(
'is_string($password)');
 
  194        $ldap = 
new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals);
 
  196        if (!$this->searchEnable) {
 
  197            $ldapusername = addcslashes($username, 
',+"\\<>;*');
 
  198            $dn = str_replace(
'%username%', $ldapusername, $this->dnPattern);
 
  200            if ($this->searchUsername !== 
null) {
 
  201                if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
 
  202                    throw new Exception(
'Error authenticating using search username & password.');
 
  206            $dn = $ldap->searchfordn($this->searchBase, $this->searchAttributes, $username, 
true, $this->searchFilter);
 
  214        if (!$ldap->bind($dn, 
$password, $sasl_args)) {
 
  220        if (isset($sasl_args)) {
 
  221            $dn = $ldap->whoami($this->searchBase, $this->searchAttributes);
 
  225        if ($this->privRead) {
 
  227            if (!$ldap->bind($this->privUsername, $this->privPassword)) {
 
  228                throw new Exception(
'Error authenticating using privileged DN & password.');
 
  232        return $ldap->getAttributes($dn, $this->attributes);
 
  267        if ($attribute == 
null) {
 
  271        if ($this->searchUsername !== 
null) {
 
  272            if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
 
  273                throw new Exception(
'Error authenticating using search username & password.');
 
  277        return $ldap->searchfordn($this->searchBase, $attribute,
 
  278            $value, $allowZeroHits, $this->searchFilter);
 
  295        if ($this->privRead) {
 
  297            if (!$ldap->bind($this->privUsername, $this->privPassword)) {
 
  298                throw new Exception(
'Error authenticating using privileged DN & password.');
 
An exception for terminatinating execution or to throw for unit testing.
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
$privPassword
The password we should bind with before we can get the attributes.
$hostname
The hostname of the LDAP server.
__construct($config, $location)
Constructor for this configuration parser.
$referrals
Whether to follow referrals.
$searchAttributes
The attributes which should match the username.
$searchBase
Array with the base DN(s) for the search.
getAttributes($dn, $attributes=null)
$searchUsername
The username we should bind with before we can search for the user.
$privUsername
The DN we should bind with before we can get the attributes.
$privRead
The user cannot get all attributes, privileged reader required.
searchfordn($attribute, $value, $allowZeroHits)
Search for a DN.
$attributes
The attributes we should fetch.
login($username, $password, array $sasl_args=null)
Attempt to log in using the given username and password.
$enableTLS
Whether we should use TLS/SSL when contacting the LDAP server.
$dnPattern
The DN pattern we should use to create the DN from the username.
$searchFilter
Additional LDAP filter fields for the search.
$searchEnable
Whether we need to search for the users DN.
$location
String with the location of this configuration.
$searchPassword
The password we should bind with before we can search for the user.