Open Journal Systems  3.3.0
LDAPAuthPlugin.inc.php
1 <?php
2 
16 import('lib.pkp.classes.plugins.AuthPlugin');
17 
18 class LDAPAuthPlugin extends AuthPlugin {
22  function register($category, $path, $mainContextId = null) {
23  $success = parent::register($category, $path, $mainContextId);
24  $this->addLocaleData();
25  return $success;
26  }
27 
28  // LDAP-specific configuration settings:
29  // - hostname
30  // - port
31  // - basedn
32  // - managerdn
33  // - managerpwd
34  // - pwhash
35  // - SASL: sasl, saslmech, saslrealm, saslauthzid, saslprop
36 
38  var $conn;
39 
44  function getName() {
45  return 'ldap';
46  }
47 
52  function getDisplayName() {
53  return __('plugins.auth.ldap.displayName');
54  }
55 
60  function getDescription() {
61  return __('plugins.auth.ldap.description');
62  }
63 
64 
65  //
66  // Core Plugin Functions
67  // (Must be implemented by every authentication plugin)
68  //
69 
76  function getInstance($settings, $authId) {
77  return new LDAPAuthPlugin($settings, $authId);
78  }
79 
86  function authenticate($username, $password) {
87  $valid = false;
88  if ($password != null) {
89  if ($this->open()) {
90  if ($entry = $this->getUserEntry($username)) {
91  $userdn = ldap_get_dn($this->conn, $entry);
92  if ($this->bind($userdn, $password)) {
93  $valid = true;
94  }
95  }
96  $this->close();
97  }
98  return $valid;
99  }
100  }
101 
102 
103  //
104  // Optional Plugin Functions
105  //
106 
112  function userExists($username) {
113  $exists = true;
114  if ($this->open()) {
115  if ($this->bind()) {
116  $result = ldap_search($this->conn, $this->settings['basedn'], $this->settings['uid'] . '=' . $username);
117  $exists = (ldap_count_entries($this->conn, $result) != 0);
118  }
119  $this->close();
120  }
121  return $exists;
122  }
123 
129  function getUserInfo($user) {
130  $valid = false;
131  if ($this->open()) {
132  if ($entry = $this->getUserEntry($user->getUsername())) {
133  $valid = true;
134  $attr = ldap_get_attributes($this->conn, $entry);
135  $this->userFromAttr($user, $attr);
136  }
137  $this->close();
138  }
139  return $valid;
140  }
141 
147  function setUserInfo($user) {
148  $valid = false;
149  if ($this->open()) {
150  if ($entry = $this->getUserEntry($user->getUsername())) {
151  $userdn = ldap_get_dn($this->conn, $entry);
152  if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
153  $attr = array();
154  $this->userToAttr($user, $attr);
155  $valid = ldap_modify($this->conn, $userdn, $attr);
156  }
157  }
158  $this->close();
159  }
160  return $valid;
161  }
162 
169  function setUserPassword($username, $password) {
170  if ($this->open()) {
171  if ($entry = $this->getUserEntry($username)) {
172  $userdn = ldap_get_dn($this->conn, $entry);
173  if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
174  $attr = array('userPassword' => $this->encodePassword($password));
175  $valid = ldap_modify($this->conn, $userdn, $attr);
176  }
177  }
178  $this->close();
179  }
180  }
181 
187  function createUser($user) {
188  $valid = false;
189  if ($this->open()) {
190  if (!($entry = $this->getUserEntry($user->getUsername()))) {
191  if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
192  $userdn = $this->settings['uid'] . '=' . $user->getUsername() . ',' . $this->settings['basedn'];
193  $attr = array(
194  'objectclass' => array('top', 'person', 'organizationalPerson', 'inetorgperson'),
195  $this->settings['uid'] => $user->getUsername(),
196  'userPassword' => $this->encodePassword($user->getPassword())
197  );
198  $this->userToAttr($user, $attr);
199  $valid = ldap_add($this->conn, $userdn, $attr);
200  }
201  }
202  $this->close();
203  }
204  return $valid;
205  }
206 
212  function deleteUser($username) {
213  $valid = false;
214  if ($this->open()) {
215  if ($entry = $this->getUserEntry($username)) {
216  $userdn = ldap_get_dn($this->conn, $entry);
217  if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
218  $valid = ldap_delete($this->conn, $userdn);
219  }
220  }
221  $this->close();
222  }
223  return $valid;
224  }
225 
226 
227  //
228  // LDAP Helper Functions
229  //
230 
234  function open() {
235  $this->conn = ldap_connect($this->settings['hostname'], (int)$this->settings['port']);
236  ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
237  return $this->conn;
238  }
239 
243  function close() {
244  ldap_close($this->conn);
245  $this->conn = null;
246  }
247 
253  function bind($binddn = null, $password = null) {
254  if (isset($this->settings['sasl'])) {
255  // FIXME ldap_sasl_bind requires PHP5, haven't tested this
256  return @ldap_sasl_bind($this->conn, $binddn, $password, $this->settings['saslmech'], $this->settings['saslrealm'], $this->settings['saslauthzid'], $this->settings['saslprop']);
257  }
258  return @ldap_bind($this->conn, $binddn, $password);
259  }
260 
265  function getUserEntry($username) {
266  $entry = false;
267  if ($this->bind($this->settings['managerdn'], $this->settings['managerpwd'])) {
268  $result = ldap_search($this->conn, $this->settings['basedn'], $this->settings['uid'] . '=' . $username);
269  if (ldap_count_entries($this->conn, $result) == 1) {
270  $entry = ldap_first_entry($this->conn, $result);
271  }
272  }
273  return $entry;
274  }
275 
284  function userFromAttr(&$user, &$uattr) {
285  $siteDao = DAORegistry::getDAO('SiteDAO'); /* @var $siteDao SiteDAO */
286  $site = $siteDao->getSite();
287 
288  $attr = array_change_key_case($uattr, CASE_LOWER); // Note: array_change_key_case requires PHP >= 4.2.0
289  $givenName = @$attr['givenname'][0];
290  $familyName = @$attr['sn'][0];
291  if (!isset($familyName))
292  $familyName = @$attr['surname'][0];
293  $affiliation = @$attr['o'][0];
294  if (!isset($affiliation))
295  $affiliation = @$attr['organizationname'][0];
296  $email = @$attr['mail'][0];
297  if (!isset($email))
298  $email = @$attr['email'][0];
299  $phone = @$attr['telephonenumber'][0];
300  $mailingAddress = @$attr['postaladdress'][0];
301  if (!isset($mailingAddress))
302  $mailingAddress = @$attr['registeredAddress'][0];
303  $biography = null;
304  $interests = null;
305 
306  // Only update fields that exist
307  if (isset($givenName))
308  $user->setGivenName($givenName, AppLocale::getLocale());
309  if (isset($familyName))
310  $user->setFamilyName($familyName, AppLocale::getLocale());
311  if (isset($affiliation))
312  $user->setAffiliation($affiliation, AppLocale::getLocale());
313  if (isset($email))
314  $user->setEmail($email);
315  if (isset($phone))
316  $user->setPhone($phone);
317  if (isset($mailingAddress))
318  $user->setMailingAddress($mailingAddress);
319  if (isset($biography))
320  $user->setBiography($biography, AppLocale::getLocale());
321  if (isset($interests))
322  $user->setInterests($interests, AppLocale::getLocale());
323  }
324 
331  function userToAttr(&$user, &$attr) {
332  $siteDao = DAORegistry::getDAO('SiteDAO'); /* @var $siteDao SiteDAO */
333  $site = $siteDao->getSite();
334  // FIXME empty strings for unset fields?
335  if ($user->getFullName())
336  $attr['cn'] = $user->getFullName();
337  if ($user->getLocalizedGivenName())
338  $attr['givenName'] = $user->getLocalizedGivenName();
339  if ($user->getLocalizedFamilyName())
340  $attr['sn'] = $user->getLocalizedFamilyName();
341  if ($user->getLocalizedAffiliation())
342  $attr['organizationName'] = $user->getLocalizedAffiliation();
343  if ($user->getEmail())
344  $attr['mail'] = $user->getEmail();
345  if ($user->getPhone())
346  $attr['telephoneNumber'] = $user->getPhone();
347  if ($user->getMailingAddress())
348  $attr['postalAddress'] = $user->getMailingAddress();
349  }
350 
356  function encodePassword($password) {
357  switch ($this->settings['pwhash']) {
358  case 'md5':
359  return '{MD5}' . base64_encode(pack('H*', md5($password)));
360  case 'smd5':
361  $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
362  return '{SMD5}' . base64_encode(pack('H*', md5($password . $salt)) . $salt);
363  case 'sha':
364  return '{SHA}' . base64_encode(pack('H*', sha1($password))); // Note: sha1 requres PHP >= 4.3.0
365  case 'ssha':
366  $salt = pack('C*', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand());
367  return '{SSHA}' . base64_encode(pack('H*', sha1($password . $salt)) . $salt);
368  case 'crypt':
369  return '{CRYPT}' . crypt($password);
370  default:
371  //return '{CLEARTEXT}'. $password;
372  return $password;
373  }
374  }
375 }
376 
377 
AuthPlugin\$settings
$settings
Definition: AuthPlugin.inc.php:28
LDAPAuthPlugin\close
close()
Definition: LDAPAuthPlugin.inc.php:246
LDAPAuthPlugin\userFromAttr
userFromAttr(&$user, &$uattr)
Definition: LDAPAuthPlugin.inc.php:287
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
AuthPlugin\$authId
$authId
Definition: AuthPlugin.inc.php:34
LDAPAuthPlugin\createUser
createUser($user)
Definition: LDAPAuthPlugin.inc.php:190
LDAPAuthPlugin\getName
getName()
Definition: LDAPAuthPlugin.inc.php:47
LDAPAuthPlugin\setUserPassword
setUserPassword($username, $password)
Definition: LDAPAuthPlugin.inc.php:172
LDAPAuthPlugin
LDAP authentication plugin.
Definition: LDAPAuthPlugin.inc.php:18
LDAPAuthPlugin\getUserEntry
getUserEntry($username)
Definition: LDAPAuthPlugin.inc.php:268
LDAPAuthPlugin\deleteUser
deleteUser($username)
Definition: LDAPAuthPlugin.inc.php:215
LDAPAuthPlugin\encodePassword
encodePassword($password)
Definition: LDAPAuthPlugin.inc.php:359
LDAPAuthPlugin\authenticate
authenticate($username, $password)
Definition: LDAPAuthPlugin.inc.php:89
LDAPAuthPlugin\$conn
$conn
Definition: LDAPAuthPlugin.inc.php:41
LDAPAuthPlugin\open
open()
Definition: LDAPAuthPlugin.inc.php:237
LDAPAuthPlugin\userExists
userExists($username)
Definition: LDAPAuthPlugin.inc.php:115
LDAPAuthPlugin\getDescription
getDescription()
Definition: LDAPAuthPlugin.inc.php:63
LDAPAuthPlugin\getDisplayName
getDisplayName()
Definition: LDAPAuthPlugin.inc.php:55
LDAPAuthPlugin\setUserInfo
setUserInfo($user)
Definition: LDAPAuthPlugin.inc.php:150
Plugin\addLocaleData
addLocaleData($locale=null)
Definition: Plugin.inc.php:454
LDAPAuthPlugin\bind
bind($binddn=null, $password=null)
Definition: LDAPAuthPlugin.inc.php:256
LDAPAuthPlugin\getUserInfo
getUserInfo($user)
Definition: LDAPAuthPlugin.inc.php:132
AppLocale\getLocale
static getLocale()
Definition: env1/MockAppLocale.inc.php:40
LDAPAuthPlugin\getInstance
getInstance($settings, $authId)
Definition: LDAPAuthPlugin.inc.php:79
AuthPlugin
Abstract class for authentication plugins.
Definition: AuthPlugin.inc.php:22
LDAPAuthPlugin\userToAttr
userToAttr(&$user, &$attr)
Definition: LDAPAuthPlugin.inc.php:334