1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
<?php
/*
* Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
* Contributions by Hannes Rist
*
* Licensed under AGPLv3
* (see COPYING for full license text)
*
*/
class Duser_ldap extends Duser_Driver {
// none supported
public $optional_functions = array();
// Original source: http://code.activestate.com/recipes/101525-ldap-authentication/
public function login($username, $password) {
$CI =& get_instance();
$config = $CI->config->item("auth_ldap");
if ($username == "" || $password == "") {
return false;
}
$ds = ldap_connect($config['host'],$config['port']);
if ($ds === false) {
return false;
}
switch ($config["scope"]) {
case "base":
$r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
break;
case "one":
$r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
break;
case "subtree":
$r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
break;
default:
throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope");
}
if ($r === false) {
return false;
}
foreach ($config["options"] as $key => $value) {
if (ldap_set_option($ds, $key, $value) === false) {
return false;
}
}
$result = ldap_get_entries($ds, $r);
if ($result === false || !isset($result[0])) {
return false;
}
// ignore errors from ldap_bind as it will throw an error if the password is incorrect
if (@ldap_bind($ds, $result[0]['dn'], $password)) {
ldap_unbind($ds);
return array(
"username" => $result[0][$config["username_field"]][0],
"userid" => $result[0][$config["userid_field"]][0]
);
}
return false;
}
}
|
