plugins/auth/ldap/LDAPAuthPlugin.inc.php

Go to the documentation of this file.
00001 <?php
00002 
00015 // $Id$
00016 
00017 
00018 import('classes.plugins.AuthPlugin');
00019 
00020 class LDAPAuthPlugin extends AuthPlugin {
00027    function register($category, $path) {
00028       $success = parent::register($category, $path);
00029       $this->addLocaleData();
00030       return $success;
00031    }
00032 
00033    // LDAP-specific configuration settings:
00034    // - hostname
00035    // - port
00036    // - basedn
00037    // - managerdn
00038    // - managerpwd
00039    // - pwhash
00040    // - SASL: sasl, saslmech, saslrealm, saslauthzid, saslprop
00041 
00043    var $conn;
00044 
00049    function getName() {
00050       return 'ldap';
00051    }
00052 
00057    function getDisplayName() {
00058       return __('plugins.auth.ldap.displayName');
00059    }
00060 
00065    function getDescription() {
00066       return __('plugins.auth.ldap.description');
00067    }
00068 
00069 
00070    //
00071    // Core Plugin Functions
00072    // (Must be implemented by every authentication plugin)
00073    //
00074 
00081    function &getInstance($settings, $authId) {
00082       $returner = new LDAPAuthPlugin($settings, $authId);
00083       return $returner;
00084    }
00085 
00092    function authenticate($username, $password) {
00093       $valid = false;
00094       if ($this->open()) {
00095          if ($entry = $this->getUserEntry($username)) {
00096             $userdn = ldap_get_dn($this->conn, $entry);
00097             if ($this->bind($userdn, $password)) {
00098                $valid = true;
00099             }
00100          }
00101          $this->close();
00102       }
00103       return $valid;
00104    }
00105 
00106 
00107    //
00108    // Optional Plugin Functions
00109    //
00110 
00116    function userExists($username) {
00117       $exists = true;
00118       if ($this->open()) {
00119          if ($this->bind()) {
00120             $result = ldap_search($this->conn, $this->settings['basedn'], $this->settings['uid'] . '=' . $username);
00121             $exists = (ldap_count_entries($this->conn, $result) != 0);
00122          }
00123          $this->close();
00124       }
00125       return $exists;
00126    }
00127 
00133    function getUserInfo(&$user) {
00134       $valid = false;
00135       if ($this->open()) {
00136          if ($entry = $this->getUserEntry($user->getUsername())) {
00137             $valid = true;
00138             $attr = ldap_get_attributes($this->conn, $entry);
00139             $this->userFromAttr($user, $attr);
00140          }
00141          $this->close();
00142       }
00143       return $valid;
00144    }
00145 
00151    function setUserInfo(&$user) {
00152       $valid = false;
00153       if ($this->open()) {
00154          if ($entry = $this->getUserEntry($user->getUsername())) {
00155             $userdn = ldap_get_dn($this->conn, $entry);
00156             if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
00157                $attr = array();
00158                $this->userToAttr($user, $attr);
00159                $valid = ldap_modify($this->conn, $userdn, $attr);
00160             }
00161          }
00162          $this->close();
00163       }
00164       return $valid;
00165    }
00166 
00173    function setUserPassword($username, $password) {
00174       if ($this->open()) {
00175          if ($entry = $this->getUserEntry($username)) {
00176             $userdn = ldap_get_dn($this->conn, $entry);
00177             if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
00178                $attr = array('userPassword' => $this->encodePassword($password));
00179                $valid = ldap_modify($this->conn, $userdn, $attr);
00180             }
00181          }
00182          $this->close();
00183       }
00184    }
00185 
00191    function createUser(&$user) {
00192       $valid = false;
00193       if ($this->open()) {
00194          if (!($entry = $this->getUserEntry($user->getUsername()))) {
00195             if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
00196                $userdn = $this->settings['uid'] . '=' . $user->getUsername() . ',' . $this->settings['basedn'];
00197                $attr = array(
00198                   'objectclass' => array('top', 'person', 'organizationalPerson', 'inetorgperson'),
00199                   $this->settings['uid'] => $user->getUsername(),
00200                   'userPassword' => $this->encodePassword($user->getPassword())
00201                );
00202                $this->userToAttr($user, $attr);
00203                $valid = ldap_add($this->conn, $userdn, $attr);
00204             }
00205          }
00206          $this->close();
00207       }
00208       return $valid;
00209    }
00210 
00216    function deleteUser($username) {
00217       $valid = false;
00218       if ($this->open()) {
00219          if ($entry = $this->getUserEntry($username)) {
00220             $userdn = ldap_get_dn($this->conn, $entry);
00221             if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
00222                $valid = ldap_delete($this->conn, $userdn);
00223             }
00224          }
00225          $this->close();
00226       }
00227       return $valid;
00228    }
00229 
00230 
00231    //
00232    // LDAP Helper Functions
00233    //
00234 
00238    function open() {
00239       $this->conn = ldap_connect($this->settings['hostname'], (int)$this->settings['port']);
00240       ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
00241       return $this->conn;
00242    }
00243 
00247    function close() {
00248       ldap_close($this->conn);
00249       $this->conn = null;
00250    }
00251 
00257    function bind($binddn = null, $password = null) {
00258       if (isset($this->settings['sasl'])) {
00259          // FIXME ldap_sasl_bind requires PHP5, haven't tested this
00260          return @ldap_sasl_bind($this->conn, $binddn, $password, $this->settings['saslmech'], $this->settings['saslrealm'], $this->settings['saslauthzid'], $this->settings['saslprop']);
00261       }
00262       return @ldap_bind($this->conn, $binddn, $password);
00263    }
00264 
00269    function getUserEntry($username) {
00270       $entry = false;
00271       if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
00272          $result = ldap_search($this->conn, $this->settings['basedn'], $this->settings['uid'] . '=' . $username);
00273          if (ldap_count_entries($this->conn, $result) == 1) {
00274             $entry = ldap_first_entry($this->conn, $result);
00275          }
00276       }
00277       return $entry;
00278    }
00279 
00288    function userFromAttr(&$user, &$uattr) {
00289       $attr = array_change_key_case($uattr, CASE_LOWER); // Note:  array_change_key_case requires PHP >= 4.2.0
00290       $firstName = @$attr['givenname'][0];
00291       $middleName = null;
00292       $initials = null;
00293       $lastName = @$attr['sn'][0];
00294       if (!isset($lastName))
00295          $lastName = @$attr['surname'][0];
00296       $affiliation = @$attr['o'][0];
00297       if (!isset($affiliation))
00298          $affiliation = @$attr['organizationname'][0];
00299       $email = @$attr['mail'][0];
00300       if (!isset($email))
00301          $email = @$attr['email'][0];
00302       $phone = @$attr['telephonenumber'][0];
00303       $fax = @$attr['facsimiletelephonenumber'][0];
00304       if (!isset($fax))
00305          $fax = @$attr['fax'][0];
00306       $mailingAddress = @$attr['postaladdress'][0];
00307       if (!isset($mailingAddress))
00308          $mailingAddress = @$attr['registeredAddress'][0];
00309       $biography = null;
00310       $interests = null;
00311 
00312       // Only update fields that exist
00313       if (isset($firstName))
00314          $user->setFirstName($firstName);
00315       if (isset($middleName))
00316          $user->setMiddleName($middleName);
00317       if (isset($initials))
00318          $user->setInitials($initials);
00319       if (isset($lastName))
00320          $user->setLastName($lastName);
00321       if (isset($affiliation))
00322          $user->setAffiliation($affiliation);
00323       if (isset($email))
00324          $user->setEmail($email);
00325       if (isset($phone))
00326          $user->setPhone($phone);
00327       if (isset($fax))
00328          $user->setFax($fax);
00329       if (isset($mailingAddress))
00330          $user->setMailingAddress($mailingAddress);
00331       if (isset($biography))
00332          $user->setBiography($biography, AppLocale::getLocale());
00333       if (isset($interests))
00334          $user->setInterests($interests, AppLocale::getLocale());
00335    }
00336 
00343    function userToAttr(&$user, &$attr) {
00344       // FIXME empty strings for unset fields?
00345       if ($user->getFullName())
00346          $attr['cn'] = $user->getFullName();
00347       if ($user->getFirstName())
00348          $attr['givenName'] = $user->getFirstName();
00349       if ($user->getLastName())
00350          $attr['sn'] = $user->getLastName();
00351       if ($user->getAffiliation())
00352          $attr['organizationName'] = $user->getAffiliation();
00353       if ($user->getEmail())
00354          $attr['mail'] = $user->getEmail();
00355       if ($user->getPhone())
00356          $attr['telephoneNumber'] = $user->getPhone();
00357       if ($user->getFax())
00358          $attr['facsimileTelephoneNumber'] = $user->getFax();
00359       if ($user->getMailingAddress())
00360          $attr['postalAddress'] = $user->getMailingAddress();
00361    }
00362 
00368    function encodePassword($password) {
00369       switch ($this->settings['pwhash']) {
00370          case 'md5':
00371             return '{MD5}' . base64_encode(pack('H*', md5($password)));
00372          case 'smd5':
00373             $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
00374             return '{SMD5}' . base64_encode(pack('H*', md5($password . $salt)) . $salt);
00375          case 'sha':
00376             return '{SHA}' . base64_encode(pack('H*', sha1($password))); // Note: sha1 requres PHP >= 4.3.0
00377          case 'ssha':
00378             $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
00379             return '{SSHA}' . base64_encode(pack('H*', sha1($password . $salt)) . $salt);
00380          case 'crypt':
00381             return '{CRYPT}' . crypt($password);
00382          default:
00383             //return '{CLEARTEXT}'. $password;
00384             return $password;
00385       }
00386    }
00387 }
00388 
00389 ?>

Generated on 25 Jul 2013 for Open Conference Systems by  doxygen 1.4.7