dc/d9c/ConfigHelper_8php_source.html

 <?php

 class sspmod_ldap_ConfigHelper
 {
     private $location;


     private $hostname;


     private $enableTLS;


     private $debug;


     private $timeout;

     private $port;

     private $referrals;

     private $searchEnable;

     private $searchUsername;

     private $searchPassword;

     private $searchBase;

     private $searchScope;

     private $searchFilter;

     private $searchAttributes;

     private $dnPattern;

     private $attributes;

     private $privRead;

     private $privUsername;

     private $privPassword;


     public function __construct($config, $location)
     {
         assert(is_array($config));
         assert(is_string($location));

         $this->location = $location;

         // Parse configuration
         $config = SimpleSAML_Configuration::loadFromArray($config, $location);

         $this->hostname = $config->getString('hostname');
         $this->enableTLS = $config->getBoolean('enable_tls', false);
         $this->debug = $config->getBoolean('debug', false);
         $this->timeout = $config->getInteger('timeout', 0);
         $this->port = $config->getInteger('port', 389);
         $this->referrals = $config->getBoolean('referrals', true);
         $this->searchEnable = $config->getBoolean('search.enable', false);
         $this->privRead = $config->getBoolean('priv.read', false);

         if ($this->searchEnable) {
             $this->searchUsername = $config->getString('search.username', null);
             if ($this->searchUsername !== null) {
                 $this->searchPassword = $config->getString('search.password');
             }

             $this->searchBase = $config->getArrayizeString('search.base');
             $this->searchScope = $config->getString('search.scope', 'subtree');
             $this->searchFilter = $config->getString('search.filter', null);
             $this->searchAttributes = $config->getArray('search.attributes');

         } else {
             $this->dnPattern = $config->getString('dnpattern');
         }

         // Are privs needed to get to the attributes?
         if ($this->privRead) {
             $this->privUsername = $config->getString('priv.username');
             $this->privPassword = $config->getString('priv.password');
         }

         $this->attributes = $config->getArray('attributes', null);
     }


     public function login($username, $password, array $sasl_args = null)
     {
         assert(is_string($username));
         assert(is_string($password));

         if (empty($password)) {
             SimpleSAML\Logger::info($this->location.': Login with empty password disallowed.');
             throw new SimpleSAML_Error_Error('WRONGUSERPASS');
         }

         $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals);

         if (!$this->searchEnable) {
             $ldapusername = addcslashes($username, ',+"\\<>;*');
             $dn = str_replace('%username%', $ldapusername, $this->dnPattern);
         } else {
             if ($this->searchUsername !== null) {
                 if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
                     throw new Exception('Error authenticating using search username & password.');
                 }
             }

             $dn = $ldap->searchfordn($this->searchBase, $this->searchAttributes, $username, true, $this->searchFilter, $this->searchScope);
             if ($dn === null) {
                 /* User not found with search. */
                 SimpleSAML\Logger::info($this->location.': Unable to find users DN. username=\''.$username.'\'');
                 throw new SimpleSAML_Error_Error('WRONGUSERPASS');
             }
         }

         if (!$ldap->bind($dn, $password, $sasl_args)) {
             SimpleSAML\Logger::info($this->location.': '.$username.' failed to authenticate. DN='.$dn);
             throw new SimpleSAML_Error_Error('WRONGUSERPASS');
         }

         /* In case of SASL bind, authenticated and authorized DN may differ */
         if (isset($sasl_args)) {
             $dn = $ldap->whoami($this->searchBase, $this->searchAttributes);
         }

         /* Are privs needed to get the attributes? */
         if ($this->privRead) {
             /* Yes, rebind with privs */
             if (!$ldap->bind($this->privUsername, $this->privPassword)) {
                 throw new Exception('Error authenticating using privileged DN & password.');
             }
         }

         return $ldap->getAttributes($dn, $this->attributes);
     }


     public function searchfordn($attribute, $value, $allowZeroHits)
     {
         $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
             $this->enableTLS,
             $this->debug,
             $this->timeout,
             $this->port,
             $this->referrals);

         if ($attribute == null) {
             $attribute = $this->searchAttributes;
         }

         if ($this->searchUsername !== null) {
             if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
                 throw new Exception('Error authenticating using search username & password.');
             }
         }

         return $ldap->searchfordn($this->searchBase, $attribute,
             $value, $allowZeroHits, $this->searchFilter, $this->searchScope);
     }

     public function getAttributes($dn, $attributes = null)
     {
         if ($attributes == null) {
             $attributes = $this->attributes;
         }

         $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
             $this->enableTLS,
             $this->debug,
             $this->timeout,
             $this->port,
             $this->referrals);

         /* Are privs needed to get the attributes? */
         if ($this->privRead) {
             /* Yes, rebind with privs */
             if (!$ldap->bind($this->privUsername, $this->privPassword)) {
                 throw new Exception('Error authenticating using privileged DN & password.');
             }
         }
         return $ldap->getAttributes($dn, $attributes);
     }

 }
sspmod_ldap_ConfigHelper\getAttributes
getAttributes($dn, $attributes=null)
Definition: ConfigHelper.php:278

SimpleSAML_Auth_LDAP
Definition: LDAP.php:25

$config
$config
Definition: bootstrap.php:15

sspmod_ldap_ConfigHelper\$port
$port
Definition: ConfigHelper.php:52

sspmod_ldap_ConfigHelper
Definition: ConfigHelper.php:11

sspmod_ldap_ConfigHelper\login
login($username, $password, array $sasl_args=null)
Attempt to log in using the given username and password.
Definition: ConfigHelper.php:181

sspmod_ldap_ConfigHelper\$searchScope
$searchScope
The scope of the search.
Definition: ConfigHelper.php:82

sspmod_ldap_ConfigHelper\$privUsername
$privUsername
The DN we should bind with before we can get the attributes.
Definition: ConfigHelper.php:112

sspmod_ldap_ConfigHelper\$searchBase
$searchBase
Array with the base DN(s) for the search.
Definition: ConfigHelper.php:77

sspmod_ldap_ConfigHelper\$searchAttributes
$searchAttributes
The attributes which should match the username.
Definition: ConfigHelper.php:92

sspmod_ldap_ConfigHelper\$searchUsername
$searchUsername
The username we should bind with before we can search for the user.
Definition: ConfigHelper.php:67

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199

sspmod_ldap_ConfigHelper\$dnPattern
$dnPattern
The DN pattern we should use to create the DN from the username.
Definition: ConfigHelper.php:97

sspmod_ldap_ConfigHelper\$enableTLS
$enableTLS
Whether we should use TLS/SSL when contacting the LDAP server.
Definition: ConfigHelper.php:29

sspmod_ldap_ConfigHelper\__construct
__construct($config, $location)
Constructor for this configuration parser.
Definition: ConfigHelper.php:126

sspmod_ldap_ConfigHelper\$timeout
$timeout
Definition: ConfigHelper.php:45

sspmod_ldap_ConfigHelper\$searchEnable
$searchEnable
Whether we need to search for the users DN.
Definition: ConfigHelper.php:62

sspmod_ldap_ConfigHelper\$searchFilter
$searchFilter
Additional LDAP filter fields for the search.
Definition: ConfigHelper.php:87

SimpleSAML_Error_Error
Definition: Error.php:10

sspmod_ldap_ConfigHelper\$privPassword
$privPassword
The password we should bind with before we can get the attributes.
Definition: ConfigHelper.php:117

sspmod_ldap_ConfigHelper\searchfordn
searchfordn($attribute, $value, $allowZeroHits)
Search for a DN.
Definition: ConfigHelper.php:255

sspmod_ldap_ConfigHelper\$referrals
$referrals
Whether to follow referrals.
Definition: ConfigHelper.php:57

sspmod_ldap_ConfigHelper\$attributes
$attributes
The attributes we should fetch.
Definition: ConfigHelper.php:102

$password
$password
Definition: cron.php:14

sspmod_ldap_ConfigHelper\$debug
$debug
Definition: ConfigHelper.php:37

sspmod_ldap_ConfigHelper\$location
$location
String with the location of this configuration.
Definition: ConfigHelper.php:17

sspmod_ldap_ConfigHelper\$privRead
$privRead
The user cannot get all attributes, privileged reader required.
Definition: ConfigHelper.php:107

php

SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:297

sspmod_ldap_ConfigHelper\$searchPassword
$searchPassword
The password we should bind with before we can search for the user.
Definition: ConfigHelper.php:72

Exception

sspmod_ldap_ConfigHelper\$hostname
$hostname
The hostname of the LDAP server.
Definition: ConfigHelper.php:23