2 rcs_id('$Id: LDAP.php,v 1.2 2004-12-19 00:58:02 rurban Exp $');
3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
9 * Define the vars LDAP_AUTH_HOST and LDAP_BASE_DN in config/config.ini
11 * Preferences are handled in _PassUser
15 if ($this->_ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server!
16 global $LDAP_SET_OPTION;
17 if (!empty($LDAP_SET_OPTION)) {
18 foreach ($LDAP_SET_OPTION as $key => $value) {
19 //if (is_string($key) and defined($key))
20 // $key = constant($key);
21 ldap_set_option($this->_ldap, $key, $value);
25 if (LDAP_AUTH_PASSWORD)
26 // Windows Active Directory Server is strict
27 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD);
29 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER);
31 $r = true; // anonymous bind allowed
34 trigger_error(sprintf("Unable to bind LDAP server %s", LDAP_AUTH_HOST),
45 if (isset($this->_sr) and is_resource($this->_sr)) ldap_free_result($this->_sr);
46 if (isset($this->_ldap) and is_resource($this->_ldap)) ldap_close($this->_ldap);
51 function checkPass($submitted_password) {
53 $this->_authmethod = 'LDAP';
54 $userid = $this->_userid;
55 if (!$this->isValidName()) {
56 trigger_error(_("Invalid username"),E_USER_WARNING);
57 return $this->_tryNextPass($submitted_password);
59 if (!$this->_checkPassLength($submitted_password)) {
60 return WIKIAUTH_FORBIDDEN;
62 if (strstr($userid,'*')) {
63 trigger_error(fmt("Invalid username '%s' for LDAP Auth",$userid),
65 return WIKIAUTH_FORBIDDEN;
68 if ($ldap = $this->_init()) {
69 // Need to set the right root search information. See config/config.ini
70 $st_search = LDAP_SEARCH_FIELD
71 ? LDAP_SEARCH_FIELD."=$userid"
73 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
75 return $this->_tryNextPass($submitted_password);
77 $info = ldap_get_entries($ldap, $this->_sr);
78 if (empty($info["count"])) {
80 return $this->_tryNextPass($submitted_password);
82 // There may be more hits with this userid.
83 // Of course it would be better to narrow down the BASE_DN
84 for ($i = 0; $i < $info["count"]; $i++) {
85 $dn = $info[$i]["dn"];
86 // The password is still plain text.
87 // On wrong password the ldap server will return:
88 // "Unable to bind to server: Server is unwilling to perform"
89 // The @ catches this error message.
90 if ($r = @ldap_bind($ldap, $dn, $submitted_password)) {
91 // ldap_bind will return TRUE if everything matches
93 $this->_level = WIKIAUTH_USER;
100 return $this->_tryNextPass($submitted_password);
103 function userExists() {
104 $userid = $this->_userid;
105 if (strstr($userid, '*')) {
106 trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid),
110 if ($ldap = $this->_init()) {
111 // Need to set the right root search information. see ../index.php
112 $st_search = LDAP_SEARCH_FIELD
113 ? LDAP_SEARCH_FIELD."=$userid"
115 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
117 return $this->_tryNextUser();
119 $info = ldap_get_entries($ldap, $this->_sr);
121 if ($info["count"] > 0) {
127 return $this->_tryNextUser();
130 function mayChangePass() {
136 // $Log: not supported by cvs2svn $
137 // Revision 1.1 2004/11/01 10:43:58 rurban
138 // seperate PassUser methods into seperate dir (memory usage)
139 // fix WikiUser (old) overlarge data session
140 // remove wikidb arg from various page class methods, use global ->_dbi instead
148 // c-hanging-comment-ender-p: nil
149 // indent-tabs-mode: nil