diff options
-rw-r--r-- | application/config/config.php | 18 | ||||
-rw-r--r-- | application/libraries/Duser/drivers/Duser_ldap.php | 67 |
2 files changed, 85 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php index 8df4dca9d..639e4e566 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -385,6 +385,24 @@ $config['contact_me_url'] = ''; // ommiting this will remove the "contact me" li // for possible drivers look into ./application/libraries/Duser/drivers/ $config['authentication_driver'] = 'db'; +// This is only used it the driver is set to ldap +if (extension_loaded("ldap")) { + $config['auth_ldap'] = array( + "host" => 'ldaps://ldap.example.com', + "port" => 636, + "basedn" => "dc=example,dc=com", + "scope" => "one", // possible values: base, one, subtree + "options" => array( + // key/values pairs for ldap_set_option + // http://php.net/manual/en/function.ldap-set-option.php + LDAP_OPT_PROTOCOL_VERSION => 3 + ), + // Please note that php-ldap converts attributes to lowercase + "userid_field" => "uidnumber", // This has to be a unique integer + "username_field" => "uid" // This is the value the user supplies on the login form + ); +} + if (file_exists(FCPATH.'application/config/config-local.php')) { include FCPATH.'application/config/config-local.php'; } diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php new file mode 100644 index 000000000..97a593bdc --- /dev/null +++ b/application/libraries/Duser/drivers/Duser_ldap.php @@ -0,0 +1,67 @@ +<?php +/* + * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net> + * Contributions by Hannes Rist + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ +class Duser_ldap extends Duser_Driver { + // none supported + public $optional_functions = array(); + + // Original source: http://code.activestate.com/recipes/101525-ldap-authentication/ + public function login($username, $password) { + $CI =& get_instance(); + + $config = $CI->config->item("auth_ldap"); + + if ($username == "" || $password == "") { + return false; + } + + $ds = ldap_connect($config['host'],$config['port']); + if ($ds === false) { + return false; + } + + switch ($config["scope"]) { + case "base": + $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username); + break; + case "one": + $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username); + break; + case "subtree": + $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username); + break; + default: + show_error("Invalid LDAP scope"); + } + if ($r === false) { + return false; + } + + foreach ($config["options"] as $key => $value) { + if (ldap_set_option($ds, $key, $value) === false) { + return false; + } + } + + $result = ldap_get_entries($ds, $r); + if ($result === false || !isset($result[0])) { + return false; + } + + if (ldap_bind($ds, $result[0]['dn'], $password)) { + ldap_unbind($ds); + return array( + "username" => $result[0][$config["username_field"]][0], + "userid" => $result[0][$config["userid_field"]][0] + ); + } + + return false; + } +} |