dc/d9c/ConfigHelper_8php_source.html

<?php


class sspmod_ldap_ConfigHelper

{

    private $location;


    private $hostname;


    private $enableTLS;


    private $debug;


    private $timeout;


    private $port;


    private $referrals;


    private $searchEnable;


    private $searchUsername;


    private $searchPassword;


    private $searchBase;


    private $searchFilter;


    private $searchAttributes;


    private $dnPattern;


    private $attributes;


    private $privRead;


    private $privUsername;


    private $privPassword;


    public function __construct($config, $location)

    {

        assert('is_array($config)');

        assert('is_string($location)');


        $this->location = $location;


        // Parse configuration

        $config = SimpleSAML_Configuration::loadFromArray($config, $location);


        $this->hostname = $config->getString('hostname');

        $this->enableTLS = $config->getBoolean('enable_tls', false);

        $this->debug = $config->getBoolean('debug', false);

        $this->timeout = $config->getInteger('timeout', 0);

        $this->port = $config->getInteger('port', 389);

        $this->referrals = $config->getBoolean('referrals', true);

        $this->searchEnable = $config->getBoolean('search.enable', false);

        $this->privRead = $config->getBoolean('priv.read', false);


        if ($this->searchEnable) {

            $this->searchUsername = $config->getString('search.username', null);

            if ($this->searchUsername !== null) {

                $this->searchPassword = $config->getString('search.password');

            }


            $this->searchBase = $config->getArrayizeString('search.base');

            $this->searchFilter = $config->getString('search.filter', null);

            $this->searchAttributes = $config->getArray('search.attributes');


        } else {

            $this->dnPattern = $config->getString('dnpattern');

        }


        // Are privs needed to get to the attributes?

        if ($this->privRead) {

            $this->privUsername = $config->getString('priv.username');

            $this->privPassword = $config->getString('priv.password');

        }


        $this->attributes = $config->getArray('attributes', null);

    }


    public function login($username, $password, array $sasl_args = null)

    {

        assert('is_string($username)');

        assert('is_string($password)');


        if (empty($password)) {

            SimpleSAML\Logger::info($this->location . ': Login with empty password disallowed.');

            throw new SimpleSAML_Error_Error('WRONGUSERPASS');

        }


        $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals);


        if (!$this->searchEnable) {

            $ldapusername = addcslashes($username, ',+"\\<>;*');

            $dn = str_replace('%username%', $ldapusername, $this->dnPattern);

        } else {

            if ($this->searchUsername !== null) {

                if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {

                    throw new Exception('Error authenticating using search username & password.');

                }

            }


            $dn = $ldap->searchfordn($this->searchBase, $this->searchAttributes, $username, true, $this->searchFilter);

            if ($dn === null) {

                /* User not found with search. */

                SimpleSAML\Logger::info($this->location . ': Unable to find users DN. username=\'' . $username . '\'');

                throw new SimpleSAML_Error_Error('WRONGUSERPASS');

            }

        }


        if (!$ldap->bind($dn, $password, $sasl_args)) {

            SimpleSAML\Logger::info($this->location . ': '. $username . ' failed to authenticate. DN=' . $dn);

            throw new SimpleSAML_Error_Error('WRONGUSERPASS');

        }


        /* In case of SASL bind, authenticated and authorized DN may differ */

        if (isset($sasl_args)) {

            $dn = $ldap->whoami($this->searchBase, $this->searchAttributes);

        }


        /* Are privs needed to get the attributes? */

        if ($this->privRead) {

            /* Yes, rebind with privs */

            if (!$ldap->bind($this->privUsername, $this->privPassword)) {

                throw new Exception('Error authenticating using privileged DN & password.');

            }

        }


        return $ldap->getAttributes($dn, $this->attributes);

    }


    public function searchfordn($attribute, $value, $allowZeroHits)

    {

        $ldap = new SimpleSAML_Auth_LDAP($this->hostname,

            $this->enableTLS,

            $this->debug,

            $this->timeout,

            $this->port,

            $this->referrals);


        if ($attribute == null) {

            $attribute = $this->searchAttributes;

        }


        if ($this->searchUsername !== null) {

            if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {

                throw new Exception('Error authenticating using search username & password.');

            }

        }


        return $ldap->searchfordn($this->searchBase, $attribute,

            $value, $allowZeroHits, $this->searchFilter);

    }


    public function getAttributes($dn, $attributes = null)

    {

        if ($attributes == null) {

            $attributes = $this->attributes;

        }


        $ldap = new SimpleSAML_Auth_LDAP($this->hostname,

            $this->enableTLS,

            $this->debug,

            $this->timeout,

            $this->port,

            $this->referrals);


        /* Are privs needed to get the attributes? */

        if ($this->privRead) {

            /* Yes, rebind with privs */

            if (!$ldap->bind($this->privUsername, $this->privPassword)) {

                throw new Exception('Error authenticating using privileged DN & password.');

            }

        }

        return $ldap->getAttributes($dn, $attributes);

    }


}

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

SimpleSAML_Auth_LDAP
Definition: LDAP.php:26

SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:269

SimpleSAML_Error_Error
Definition: Error.php:11

sspmod_ldap_ConfigHelper
Definition: ConfigHelper.php:12

sspmod_ldap_ConfigHelper\$privPassword
$privPassword
The password we should bind with before we can get the attributes.
Definition: ConfigHelper.php:121

sspmod_ldap_ConfigHelper\$hostname
$hostname
The hostname of the LDAP server.
Definition: ConfigHelper.php:23

sspmod_ldap_ConfigHelper\__construct
__construct($config, $location)
Constructor for this configuration parser.
Definition: ConfigHelper.php:130

sspmod_ldap_ConfigHelper\$port
$port
Definition: ConfigHelper.php:52

sspmod_ldap_ConfigHelper\$referrals
$referrals
Whether to follow referrals.
Definition: ConfigHelper.php:57

sspmod_ldap_ConfigHelper\$searchAttributes
$searchAttributes
The attributes which should match the username.
Definition: ConfigHelper.php:91

sspmod_ldap_ConfigHelper\$searchBase
$searchBase
Array with the base DN(s) for the search.
Definition: ConfigHelper.php:81

sspmod_ldap_ConfigHelper\getAttributes
getAttributes($dn, $attributes=null)
Definition: ConfigHelper.php:281

sspmod_ldap_ConfigHelper\$searchUsername
$searchUsername
The username we should bind with before we can search for the user.
Definition: ConfigHelper.php:69

sspmod_ldap_ConfigHelper\$privUsername
$privUsername
The DN we should bind with before we can get the attributes.
Definition: ConfigHelper.php:115

sspmod_ldap_ConfigHelper\$timeout
$timeout
Definition: ConfigHelper.php:45

sspmod_ldap_ConfigHelper\$privRead
$privRead
The user cannot get all attributes, privileged reader required.
Definition: ConfigHelper.php:109

sspmod_ldap_ConfigHelper\searchfordn
searchfordn($attribute, $value, $allowZeroHits)
Search for a DN.
Definition: ConfigHelper.php:258

sspmod_ldap_ConfigHelper\$attributes
$attributes
The attributes we should fetch.
Definition: ConfigHelper.php:103

sspmod_ldap_ConfigHelper\login
login($username, $password, array $sasl_args=null)
Attempt to log in using the given username and password.
Definition: ConfigHelper.php:184

sspmod_ldap_ConfigHelper\$enableTLS
$enableTLS
Whether we should use TLS/SSL when contacting the LDAP server.
Definition: ConfigHelper.php:29

sspmod_ldap_ConfigHelper\$dnPattern
$dnPattern
The DN pattern we should use to create the DN from the username.
Definition: ConfigHelper.php:97

sspmod_ldap_ConfigHelper\$searchFilter
$searchFilter
Additional LDAP filter fields for the search.
Definition: ConfigHelper.php:86

sspmod_ldap_ConfigHelper\$searchEnable
$searchEnable
Whether we need to search for the users DN.
Definition: ConfigHelper.php:63

sspmod_ldap_ConfigHelper\$location
$location
String with the location of this configuration.
Definition: ConfigHelper.php:17

sspmod_ldap_ConfigHelper\$searchPassword
$searchPassword
The password we should bind with before we can search for the user.
Definition: ConfigHelper.php:75

sspmod_ldap_ConfigHelper\$debug
$debug
Definition: ConfigHelper.php:37

$config
$config
Definition: flush-definition-cache.php:23

$password
$password
Definition: pwgen.php:17