dc/d9c/ConfigHelper_8php_source.html

 <?php

 class sspmod_ldap_ConfigHelper
 {
     private $location;


     private $hostname;


     private $enableTLS;


     private $debug;


     private $timeout;

     private $port;

     private $referrals;


     private $searchEnable;


     private $searchUsername;


     private $searchPassword;


     private $searchBase;

     private $searchFilter;

     private $searchAttributes;


     private $dnPattern;


     private $attributes;


     private $privRead;


     private $privUsername;


     private $privPassword;


     public function __construct($config, $location)
     {
         assert('is_array($config)');
         assert('is_string($location)');

         $this->location = $location;

         // Parse configuration
         $config = SimpleSAML_Configuration::loadFromArray($config, $location);

         $this->hostname = $config->getString('hostname');
         $this->enableTLS = $config->getBoolean('enable_tls', false);
         $this->debug = $config->getBoolean('debug', false);
         $this->timeout = $config->getInteger('timeout', 0);
         $this->port = $config->getInteger('port', 389);
         $this->referrals = $config->getBoolean('referrals', true);
         $this->searchEnable = $config->getBoolean('search.enable', false);
         $this->privRead = $config->getBoolean('priv.read', false);

         if ($this->searchEnable) {
             $this->searchUsername = $config->getString('search.username', null);
             if ($this->searchUsername !== null) {
                 $this->searchPassword = $config->getString('search.password');
             }

             $this->searchBase = $config->getArrayizeString('search.base');
             $this->searchFilter = $config->getString('search.filter', null);
             $this->searchAttributes = $config->getArray('search.attributes');

         } else {
             $this->dnPattern = $config->getString('dnpattern');
         }

         // Are privs needed to get to the attributes?
         if ($this->privRead) {
             $this->privUsername = $config->getString('priv.username');
             $this->privPassword = $config->getString('priv.password');
         }

         $this->attributes = $config->getArray('attributes', null);
     }


     public function login($username, $password, array $sasl_args = null)
     {
         assert('is_string($username)');
         assert('is_string($password)');

         if (empty($password)) {
             SimpleSAML\Logger::info($this->location . ': Login with empty password disallowed.');
             throw new SimpleSAML_Error_Error('WRONGUSERPASS');
         }

         $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals);

         if (!$this->searchEnable) {
             $ldapusername = addcslashes($username, ',+"\\<>;*');
             $dn = str_replace('%username%', $ldapusername, $this->dnPattern);
         } else {
             if ($this->searchUsername !== null) {
                 if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
                     throw new Exception('Error authenticating using search username & password.');
                 }
             }

             $dn = $ldap->searchfordn($this->searchBase, $this->searchAttributes, $username, true, $this->searchFilter);
             if ($dn === null) {
                 /* User not found with search. */
                 SimpleSAML\Logger::info($this->location . ': Unable to find users DN. username=\'' . $username . '\'');
                 throw new SimpleSAML_Error_Error('WRONGUSERPASS');
             }
         }

         if (!$ldap->bind($dn, $password, $sasl_args)) {
             SimpleSAML\Logger::info($this->location . ': '. $username . ' failed to authenticate. DN=' . $dn);
             throw new SimpleSAML_Error_Error('WRONGUSERPASS');
         }

         /* In case of SASL bind, authenticated and authorized DN may differ */
         if (isset($sasl_args)) {
             $dn = $ldap->whoami($this->searchBase, $this->searchAttributes);
         }

         /* Are privs needed to get the attributes? */
         if ($this->privRead) {
             /* Yes, rebind with privs */
             if (!$ldap->bind($this->privUsername, $this->privPassword)) {
                 throw new Exception('Error authenticating using privileged DN & password.');
             }
         }

         return $ldap->getAttributes($dn, $this->attributes);
     }


     public function searchfordn($attribute, $value, $allowZeroHits)
     {
         $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
             $this->enableTLS,
             $this->debug,
             $this->timeout,
             $this->port,
             $this->referrals);

         if ($attribute == null) {
             $attribute = $this->searchAttributes;
         }

         if ($this->searchUsername !== null) {
             if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
                 throw new Exception('Error authenticating using search username & password.');
             }
         }

         return $ldap->searchfordn($this->searchBase, $attribute,
             $value, $allowZeroHits, $this->searchFilter);
     }

     public function getAttributes($dn, $attributes = null)
     {
         if ($attributes == null) {
             $attributes = $this->attributes;
         }

         $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
             $this->enableTLS,
             $this->debug,
             $this->timeout,
             $this->port,
             $this->referrals);

         /* Are privs needed to get the attributes? */
         if ($this->privRead) {
             /* Yes, rebind with privs */
             if (!$ldap->bind($this->privUsername, $this->privPassword)) {
                 throw new Exception('Error authenticating using privileged DN & password.');
             }
         }
         return $ldap->getAttributes($dn, $attributes);
     }

 }
sspmod_ldap_ConfigHelper\getAttributes
getAttributes($dn, $attributes=null)
Definition: ConfigHelper.php:281

$config
$config
Definition: flush-definition-cache.php:23

SimpleSAML_Auth_LDAP
Definition: LDAP.php:25

sspmod_ldap_ConfigHelper\$port
$port
Definition: ConfigHelper.php:52

sspmod_ldap_ConfigHelper
Definition: ConfigHelper.php:11

sspmod_ldap_ConfigHelper\login
login($username, $password, array $sasl_args=null)
Attempt to log in using the given username and password.
Definition: ConfigHelper.php:184

sspmod_ldap_ConfigHelper\$privUsername
$privUsername
The DN we should bind with before we can get the attributes.
Definition: ConfigHelper.php:115

sspmod_ldap_ConfigHelper\$searchBase
$searchBase
Array with the base DN(s) for the search.
Definition: ConfigHelper.php:81

$password
$password
Definition: pwgen.php:17

sspmod_ldap_ConfigHelper\$searchAttributes
$searchAttributes
The attributes which should match the username.
Definition: ConfigHelper.php:91

sspmod_ldap_ConfigHelper\$searchUsername
$searchUsername
The username we should bind with before we can search for the user.
Definition: ConfigHelper.php:69

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

sspmod_ldap_ConfigHelper\$dnPattern
$dnPattern
The DN pattern we should use to create the DN from the username.
Definition: ConfigHelper.php:97

sspmod_ldap_ConfigHelper\$enableTLS
$enableTLS
Whether we should use TLS/SSL when contacting the LDAP server.
Definition: ConfigHelper.php:29

sspmod_ldap_ConfigHelper\__construct
__construct($config, $location)
Constructor for this configuration parser.
Definition: ConfigHelper.php:130

sspmod_ldap_ConfigHelper\$timeout
$timeout
Definition: ConfigHelper.php:45

sspmod_ldap_ConfigHelper\$searchEnable
$searchEnable
Whether we need to search for the users DN.
Definition: ConfigHelper.php:63

sspmod_ldap_ConfigHelper\$searchFilter
$searchFilter
Additional LDAP filter fields for the search.
Definition: ConfigHelper.php:86

SimpleSAML_Error_Error
Definition: Error.php:10

sspmod_ldap_ConfigHelper\$privPassword
$privPassword
The password we should bind with before we can get the attributes.
Definition: ConfigHelper.php:121

sspmod_ldap_ConfigHelper\searchfordn
searchfordn($attribute, $value, $allowZeroHits)
Search for a DN.
Definition: ConfigHelper.php:258

array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

sspmod_ldap_ConfigHelper\$referrals
$referrals
Whether to follow referrals.
Definition: ConfigHelper.php:57

sspmod_ldap_ConfigHelper\$attributes
$attributes
The attributes we should fetch.
Definition: ConfigHelper.php:103

sspmod_ldap_ConfigHelper\$debug
$debug
Definition: ConfigHelper.php:37

sspmod_ldap_ConfigHelper\$location
$location
String with the location of this configuration.
Definition: ConfigHelper.php:17

sspmod_ldap_ConfigHelper\$privRead
$privRead
The user cannot get all attributes, privileged reader required.
Definition: ConfigHelper.php:109

SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:269

sspmod_ldap_ConfigHelper\$searchPassword
$searchPassword
The password we should bind with before we can search for the user.
Definition: ConfigHelper.php:75

Exception

sspmod_ldap_ConfigHelper\$hostname
$hostname
The hostname of the LDAP server.
Definition: ConfigHelper.php:23