2 rcs_id('$Id: LDAP.php,v 1.4 2004-12-26 17:11:17 rurban Exp $');
3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
10 * Define the vars LDAP_AUTH_HOST and LDAP_BASE_DN in config/config.ini
12 * Preferences are handled in _PassUser
16 if ($this->_ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server!
17 global $LDAP_SET_OPTION;
18 if (!empty($LDAP_SET_OPTION)) {
19 foreach ($LDAP_SET_OPTION as $key => $value) {
20 //if (is_string($key) and defined($key))
21 // $key = constant($key);
22 ldap_set_option($this->_ldap, $key, $value);
26 if (LDAP_AUTH_PASSWORD)
27 // Windows Active Directory Server is strict
28 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD);
30 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER);
32 $r = true; // anonymous bind allowed
35 trigger_error(sprintf("Unable to bind LDAP server %s", LDAP_AUTH_HOST),
46 if (isset($this->_sr) and is_resource($this->_sr)) ldap_free_result($this->_sr);
47 if (isset($this->_ldap) and is_resource($this->_ldap)) ldap_close($this->_ldap);
52 function checkPass($submitted_password) {
54 $this->_authmethod = 'LDAP';
55 $userid = $this->_userid;
56 if (!$this->isValidName()) {
57 trigger_error(_("Invalid username."),E_USER_WARNING);
58 return $this->_tryNextPass($submitted_password);
60 if (!$this->_checkPassLength($submitted_password)) {
61 return WIKIAUTH_FORBIDDEN;
63 if (strstr($userid,'*')) {
64 trigger_error(fmt("Invalid username '%s' for LDAP Auth",$userid),
66 return WIKIAUTH_FORBIDDEN;
69 if ($ldap = $this->_init()) {
70 // Need to set the right root search information. See config/config.ini
71 $st_search = LDAP_SEARCH_FIELD
72 ? LDAP_SEARCH_FIELD."=$userid"
74 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
76 return $this->_tryNextPass($submitted_password);
78 $info = ldap_get_entries($ldap, $this->_sr);
79 if (empty($info["count"])) {
81 return $this->_tryNextPass($submitted_password);
83 // There may be more hits with this userid.
84 // Of course it would be better to narrow down the BASE_DN
85 for ($i = 0; $i < $info["count"]; $i++) {
86 $dn = $info[$i]["dn"];
87 // The password is still plain text.
88 // On wrong password the ldap server will return:
89 // "Unable to bind to server: Server is unwilling to perform"
90 // The @ catches this error message.
91 if ($r = @ldap_bind($ldap, $dn, $submitted_password)) {
92 // ldap_bind will return TRUE if everything matches
94 $this->_level = WIKIAUTH_USER;
101 return $this->_tryNextPass($submitted_password);
104 function userExists() {
105 $userid = $this->_userid;
106 if (strstr($userid, '*')) {
107 trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid),
111 if ($ldap = $this->_init()) {
112 // Need to set the right root search information. see ../index.php
113 $st_search = LDAP_SEARCH_FIELD
114 ? LDAP_SEARCH_FIELD."=$userid"
116 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
118 return $this->_tryNextUser();
120 $info = ldap_get_entries($ldap, $this->_sr);
122 if ($info["count"] > 0) {
128 return $this->_tryNextUser();
131 function mayChangePass() {
137 // $Log: not supported by cvs2svn $
138 // Revision 1.3 2004/12/20 16:05:01 rurban
139 // gettext msg unification
141 // Revision 1.2 2004/12/19 00:58:02 rurban
142 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
143 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
144 // Simplify httpauth logout handling and set sessions for all methods.
145 // fix main.php unknown index "x" getLevelDescription() warning.
147 // Revision 1.1 2004/11/01 10:43:58 rurban
148 // seperate PassUser methods into seperate dir (memory usage)
149 // fix WikiUser (old) overlarge data session
150 // remove wikidb arg from various page class methods, use global ->_dbi instead
158 // c-hanging-comment-ender-p: nil
159 // indent-tabs-mode: nil