2010-02-28 13:04:07 +00:00
|
|
|
<?php
|
|
|
|
|
|
2011-09-21 22:04:05 +00:00
|
|
|
$ds = @ldap_connect($config['auth_ldap_server'],$config['auth_ldap_port']);
|
|
|
|
|
|
2012-02-27 23:36:19 +00:00
|
|
|
if ($config['auth_ldap_starttls'] && ($config['auth_ldap_starttls'] == 'optional' || $config['auth_ldap_starttls'] == 'require')) {
|
|
|
|
|
$tls = ldap_start_tls($ds);
|
|
|
|
|
if ($config['auth_ldap_starttls'] == 'require' && $tls == FALSE) {
|
|
|
|
|
echo("<h2>Fatal error: LDAP TLS required but not successfully negotiated:" . ldap_error($ds) . "</h2>");
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-28 13:04:07 +00:00
|
|
|
function authenticate($username,$password)
|
|
|
|
|
{
|
2011-09-21 22:04:05 +00:00
|
|
|
global $config, $ds;
|
2010-02-28 13:04:07 +00:00
|
|
|
|
|
|
|
|
if ($ds)
|
|
|
|
|
{
|
2010-03-01 01:23:37 +00:00
|
|
|
if ($config['auth_ldap_version'])
|
|
|
|
|
{
|
|
|
|
|
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $config['auth_ldap_version']);
|
|
|
|
|
}
|
2010-02-28 13:04:07 +00:00
|
|
|
if (ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password))
|
|
|
|
|
{
|
|
|
|
|
if (!$config['auth_ldap_group'])
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$username))
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-11-19 22:46:24 +00:00
|
|
|
else
|
|
|
|
|
{
|
2010-11-20 14:04:07 +00:00
|
|
|
echo(ldap_error($ds));
|
2010-11-19 22:46:24 +00:00
|
|
|
}
|
2010-02-28 13:04:07 +00:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
# FIXME return a warning that LDAP couldn't connect?
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-06 00:00:05 +00:00
|
|
|
function passwordscanchange()
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function changepassword($username,$newpassword)
|
|
|
|
|
{
|
|
|
|
|
# Not supported (for now)
|
|
|
|
|
}
|
2010-03-06 01:10:05 +00:00
|
|
|
|
|
|
|
|
function auth_usermanagement()
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function adduser($username, $password, $level, $email = "", $realname = "")
|
|
|
|
|
{
|
|
|
|
|
# Not supported
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2011-03-12 08:50:47 +00:00
|
|
|
|
2010-03-06 01:10:05 +00:00
|
|
|
function user_exists($username)
|
|
|
|
|
{
|
2011-09-21 22:04:05 +00:00
|
|
|
global $config, $ds;
|
|
|
|
|
|
|
|
|
|
$filter = "(" . $config['auth_ldap_prefix'] . $username . ")";
|
|
|
|
|
$search = ldap_search($ds, trim($config['auth_ldap_suffix'],','), $filter);
|
|
|
|
|
$entries = ldap_get_entries($ds, $search);
|
|
|
|
|
if ($entries['count'])
|
|
|
|
|
{
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2011-09-22 15:05:11 +00:00
|
|
|
|
2011-09-21 22:04:05 +00:00
|
|
|
return 0;
|
2010-03-06 01:10:05 +00:00
|
|
|
}
|
2011-03-12 08:50:47 +00:00
|
|
|
|
2010-03-06 01:15:52 +00:00
|
|
|
function get_userlevel($username)
|
|
|
|
|
{
|
2011-09-21 22:04:05 +00:00
|
|
|
global $config, $ds;
|
|
|
|
|
|
|
|
|
|
$userlevel = 0;
|
|
|
|
|
|
|
|
|
|
# Find all defined groups $username is in
|
|
|
|
|
$filter = "(&(|(cn=" . join(")(cn=", array_keys($config['auth_ldap_groups'])) . "))(memberUid=" . $username . "))";
|
|
|
|
|
$search = ldap_search($ds, $config['auth_ldap_groupbase'], $filter);
|
|
|
|
|
$entries = ldap_get_entries($ds, $search);
|
|
|
|
|
|
|
|
|
|
# Loop the list and find the highest level
|
|
|
|
|
foreach ($entries as $entry)
|
|
|
|
|
{
|
|
|
|
|
$groupname = $entry['cn'][0];
|
|
|
|
|
if ($config['auth_ldap_groups'][$groupname]['level'] > $userlevel)
|
|
|
|
|
{
|
|
|
|
|
$userlevel = $config['auth_ldap_groups'][$groupname]['level'];
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-09-22 15:05:11 +00:00
|
|
|
|
2011-09-21 22:04:05 +00:00
|
|
|
return $userlevel;
|
2010-03-06 01:15:52 +00:00
|
|
|
}
|
2010-03-06 01:22:09 +00:00
|
|
|
|
|
|
|
|
function get_userid($username)
|
|
|
|
|
{
|
2011-09-21 22:04:05 +00:00
|
|
|
global $config, $ds;
|
|
|
|
|
|
|
|
|
|
$filter = "(" . $config['auth_ldap_prefix'] . $username . ")";
|
|
|
|
|
$search = ldap_search($ds, trim($config['auth_ldap_suffix'],','), $filter);
|
|
|
|
|
$entries = ldap_get_entries($ds, $search);
|
|
|
|
|
|
|
|
|
|
if ($entries['count'])
|
|
|
|
|
{
|
|
|
|
|
return $entries[0]['uidnumber'][0];
|
|
|
|
|
}
|
2011-09-22 15:05:11 +00:00
|
|
|
|
2011-09-21 22:04:05 +00:00
|
|
|
return -1;
|
2010-03-06 01:22:09 +00:00
|
|
|
}
|
|
|
|
|
|
2011-03-28 10:48:43 +00:00
|
|
|
function deluser($username)
|
|
|
|
|
{
|
|
|
|
|
# Not supported
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-22 16:46:30 +00:00
|
|
|
function get_userlist()
|
|
|
|
|
{
|
|
|
|
|
global $config, $ds;
|
|
|
|
|
|
|
|
|
|
$filter = '(' . $config['auth_ldap_prefix'] . '*)';
|
2011-09-26 16:06:18 +00:00
|
|
|
|
2011-09-22 16:46:30 +00:00
|
|
|
$search = ldap_search($ds, trim($config['auth_ldap_suffix'],','), $filter);
|
|
|
|
|
$entries = ldap_get_entries($ds, $search);
|
2011-09-26 16:06:18 +00:00
|
|
|
|
2011-09-22 16:46:30 +00:00
|
|
|
if ($entries['count'])
|
|
|
|
|
{
|
|
|
|
|
foreach ($entries as $entry)
|
|
|
|
|
{
|
|
|
|
|
$username = $entry['uid'][0];
|
|
|
|
|
$realname = $entry['cn'][0];
|
|
|
|
|
$user_id = $entry['uidnumber'][0];
|
2011-09-26 16:06:18 +00:00
|
|
|
|
2011-09-22 16:46:30 +00:00
|
|
|
if (!isset($config['auth_ldap_group']) || ldap_compare($ds,$config['auth_ldap_group'],'memberUid',$username))
|
|
|
|
|
{
|
|
|
|
|
$userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2011-09-26 16:06:18 +00:00
|
|
|
|
2011-09-22 16:46:30 +00:00
|
|
|
return $userlist;
|
|
|
|
|
}
|
|
|
|
|
|
2011-05-12 22:14:56 +00:00
|
|
|
?>
|
