Add LDAP Auth backend
This commit is contained in:
116
source/lib/SihnonFramework/Auth/Plugin/LDAP.class.php
Normal file
116
source/lib/SihnonFramework/Auth/Plugin/LDAP.class.php
Normal file
@@ -0,0 +1,116 @@
|
||||
<?php
|
||||
|
||||
class SihnonFramework_Auth_Plugin_LDAP
|
||||
extends Sihnon_PluginBase
|
||||
implements Sihnon_Auth_IPlugin,
|
||||
Sihnon_Auth_IPermissionable,
|
||||
Sihnon_Auth_IFinelyPermissionable {
|
||||
|
||||
protected $config;
|
||||
protected $ldap;
|
||||
|
||||
protected function __construct($config) {
|
||||
$this->config = $config;
|
||||
|
||||
$this->initInstance();
|
||||
}
|
||||
|
||||
protected function initInstance() {
|
||||
$this->ldap = ldap_connect($this->config->get('auth.LDAP.servers'), $this->config->get('auth.LDAP.port', 389));
|
||||
if ( ! $this->ldap) {
|
||||
throw new SihnonFramework_Exception_LDAPConnectionFailed();
|
||||
}
|
||||
|
||||
if ($this->config->get('auth.LDAP.start-tls', false)) {
|
||||
if ( ! ldap_start_tls($this->ldap)) {
|
||||
throw new Sihnon_Exception_LDAPSecureConnectionFailed();
|
||||
}
|
||||
}
|
||||
|
||||
$search_dn = $this->config->get('auth.LDAP.search-dn', null);
|
||||
$search_password = $this->config->get('auth.LDAP.search-password', null);
|
||||
if ( ! ldap_bind($this->ldap, $search_dn, $search_password)) {
|
||||
var_dump("Failed to bind as", $search_dn, $search_password);
|
||||
throw new SihnonFramework_Exception_LDAPBindFailed();
|
||||
}
|
||||
|
||||
Sihnon_Auth_Plugin_LDAP_User::init(
|
||||
$this->ldap,
|
||||
$this->config->get('auth.LDAP.user-base-dn'),
|
||||
$this->config->get('auth.LDAP.group-base-dn'),
|
||||
$this->config->get('auth.LDAP.recursive-search', false)
|
||||
);
|
||||
}
|
||||
|
||||
/*
|
||||
* IPlugin methods
|
||||
*/
|
||||
|
||||
public static function create(Sihnon_Config $config) {
|
||||
return new self($config);
|
||||
}
|
||||
|
||||
public function userExists($username) {
|
||||
return Sihnon_Auth_Plugin_LDAP_User::exists($username);
|
||||
}
|
||||
|
||||
public function listUsers() {
|
||||
return Sihnon_Auth_Plugin_LDAP_User::all();
|
||||
}
|
||||
|
||||
public function authenticate($username, $password) {
|
||||
$user = Sihnon_Auth_Plugin_LDAP_User::load($username);
|
||||
|
||||
if ( ! $user->checkPassword($password)) {
|
||||
throw new Sihnon_Exception_IncorrectPassword();
|
||||
}
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
public function authenticateSession($username) {
|
||||
return Sihnon_Auth_Plugin_LDAP_User::load($username);
|
||||
}
|
||||
|
||||
/*
|
||||
* IPermissionable methods
|
||||
*/
|
||||
|
||||
public function isAdministrator(Sihnon_Auth_IUser $user) {
|
||||
return $user->isAdministrator();
|
||||
}
|
||||
|
||||
public function hasPermission(Sihnon_Auth_IUser $user, $permission) {
|
||||
return $user->hasPermission($permission);
|
||||
}
|
||||
public static function ldapEscape($input_str, $for_dn = false) {
|
||||
// Taken from Douglas Davis at http://php.sihnon.net/manual/en/function.ldap-search.php#90158
|
||||
// see:
|
||||
// RFC2254
|
||||
// http://msdn.microsoft.com/en-us/library/ms675768(VS.85).aspx
|
||||
// http://www-03.ibm.com/systems/i/software/ldap/underdn.html
|
||||
|
||||
$str = $input_str;
|
||||
if ( ! is_array($str)) {
|
||||
$str = array($str);
|
||||
}
|
||||
|
||||
if ($for_dn) {
|
||||
$metaChars = array(',', '=', '+', '<', '>', ';', '\\', '"', '#');
|
||||
}
|
||||
else {
|
||||
$metaChars = array('*', '(', ')', '\\', chr(0));
|
||||
}
|
||||
|
||||
$quotedMetaChars = array();
|
||||
foreach ($metaChars as $key => $value) {
|
||||
$quotedMetaChars[$key] = '\\'.str_pad(dechex(ord($value)), 2, '0');
|
||||
}
|
||||
$str = str_replace($metaChars,$quotedMetaChars,$str); //replace them
|
||||
|
||||
return is_array($input_str) ? $str : $str[0];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user