summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php18
-rw-r--r--application/libraries/Duser/drivers/Duser_ldap.php67
2 files changed, 85 insertions, 0 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 8df4dca9d..639e4e566 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -385,6 +385,24 @@ $config['contact_me_url'] = ''; // ommiting this will remove the "contact me" li
// for possible drivers look into ./application/libraries/Duser/drivers/
$config['authentication_driver'] = 'db';
+// This is only used it the driver is set to ldap
+if (extension_loaded("ldap")) {
+ $config['auth_ldap'] = array(
+ "host" => 'ldaps://ldap.example.com',
+ "port" => 636,
+ "basedn" => "dc=example,dc=com",
+ "scope" => "one", // possible values: base, one, subtree
+ "options" => array(
+ // key/values pairs for ldap_set_option
+ // http://php.net/manual/en/function.ldap-set-option.php
+ LDAP_OPT_PROTOCOL_VERSION => 3
+ ),
+ // Please note that php-ldap converts attributes to lowercase
+ "userid_field" => "uidnumber", // This has to be a unique integer
+ "username_field" => "uid" // This is the value the user supplies on the login form
+ );
+}
+
if (file_exists(FCPATH.'application/config/config-local.php')) {
include FCPATH.'application/config/config-local.php';
}
diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php
new file mode 100644
index 000000000..97a593bdc
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_ldap.php
@@ -0,0 +1,67 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ * Contributions by Hannes Rist
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+class Duser_ldap extends Duser_Driver {
+ // none supported
+ public $optional_functions = array();
+
+ // Original source: http://code.activestate.com/recipes/101525-ldap-authentication/
+ public function login($username, $password) {
+ $CI =& get_instance();
+
+ $config = $CI->config->item("auth_ldap");
+
+ if ($username == "" || $password == "") {
+ return false;
+ }
+
+ $ds = ldap_connect($config['host'],$config['port']);
+ if ($ds === false) {
+ return false;
+ }
+
+ switch ($config["scope"]) {
+ case "base":
+ $r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ case "one":
+ $r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ case "subtree":
+ $r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
+ break;
+ default:
+ show_error("Invalid LDAP scope");
+ }
+ if ($r === false) {
+ return false;
+ }
+
+ foreach ($config["options"] as $key => $value) {
+ if (ldap_set_option($ds, $key, $value) === false) {
+ return false;
+ }
+ }
+
+ $result = ldap_get_entries($ds, $r);
+ if ($result === false || !isset($result[0])) {
+ return false;
+ }
+
+ if (ldap_bind($ds, $result[0]['dn'], $password)) {
+ ldap_unbind($ds);
+ return array(
+ "username" => $result[0][$config["username_field"]][0],
+ "userid" => $result[0][$config["userid_field"]][0]
+ );
+ }
+
+ return false;
+ }
+}