2 rcs_id('$Id: LDAP.php,v 1.1 2004-11-01 10:43:58 rurban Exp $');
3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
9 * Define the vars LDAP_AUTH_HOST and LDAP_BASE_DN in config/config.ini
11 * Preferences are handled in _PassUser
16 if ($this->_ldap = ldap_connect(LDAP_AUTH_HOST)) { // must be a valid LDAP server!
17 global $LDAP_SET_OPTION;
18 if (!empty($LDAP_SET_OPTION)) {
19 foreach ($LDAP_SET_OPTION as $key => $value) {
20 //if (is_string($key) and defined($key))
21 // $key = constant($key);
22 ldap_set_option($this->_ldap, $key, $value);
26 if (LDAP_AUTH_PASSWORD)
27 // Windows Active Directory Server is strict
28 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER, LDAP_AUTH_PASSWORD);
30 $r = ldap_bind($this->_ldap, LDAP_AUTH_USER);
32 $r = true; // anonymous bind allowed
35 trigger_error(sprintf("Unable to bind LDAP server %s", LDAP_AUTH_HOST),
46 if (isset($this->_sr) and is_resource($this->_sr)) ldap_free_result($this->_sr);
47 if (isset($this->_ldap) and is_resource($this->_ldap)) ldap_close($this->_ldap);
52 function checkPass($submitted_password) {
54 $this->_authmethod = 'LDAP';
55 $userid = $this->_userid;
56 if (!$this->isValidName()) {
57 return $this->_tryNextPass($submitted_password);
59 if (strstr($userid,'*')) {
60 trigger_error(fmt("Invalid username '%s' for LDAP Auth",$userid),
62 return WIKIAUTH_FORBIDDEN;
65 if ($ldap = $this->_init()) {
66 // Need to set the right root search information. See config/config.ini
67 $st_search = LDAP_SEARCH_FIELD
68 ? LDAP_SEARCH_FIELD."=$userid"
70 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
72 return $this->_tryNextPass($submitted_password);
74 $info = ldap_get_entries($ldap, $this->_sr);
75 if (empty($info["count"])) {
77 return $this->_tryNextPass($submitted_password);
79 // There may be more hits with this userid.
80 // Of course it would be better to narrow down the BASE_DN
81 for ($i = 0; $i < $info["count"]; $i++) {
82 $dn = $info[$i]["dn"];
83 // The password is still plain text.
84 // On wrong password the ldap server will return:
85 // "Unable to bind to server: Server is unwilling to perform"
86 // The @ catches this error message.
87 if ($r = @ldap_bind($ldap, $dn, $submitted_password)) {
88 // ldap_bind will return TRUE if everything matches
90 $this->_level = WIKIAUTH_USER;
97 return $this->_tryNextPass($submitted_password);
100 function userExists() {
101 $userid = $this->_userid;
102 if (strstr($userid,'*')) {
103 trigger_error(fmt("Invalid username '%s' for LDAP Auth", $userid),
107 if ($ldap = $this->_init()) {
108 // Need to set the right root search information. see ../index.php
109 $st_search = LDAP_SEARCH_FIELD
110 ? LDAP_SEARCH_FIELD."=$userid"
112 if (!$this->_sr = ldap_search($ldap, LDAP_BASE_DN, $st_search)) {
114 return $this->_tryNextUser();
116 $info = ldap_get_entries($ldap, $this->_sr);
118 if ($info["count"] > 0) {
124 return $this->_tryNextUser();
127 function mayChangePass() {
133 // $Log: not supported by cvs2svn $
139 // c-hanging-comment-ender-p: nil
140 // indent-tabs-mode: nil