summaryrefslogtreecommitdiffstats
path: root/application/libraries/Duser/drivers/Duser_ldap.php
blob: f30257364ce61b913e2c684076afdfbae716315a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
/*
 * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
 * Contributions by Hannes Rist
 *
 * Licensed under AGPLv3
 * (see COPYING for full license text)
 *
 */
class Duser_ldap extends Duser_Driver {
	// none supported
	public $optional_functions = array();

	// Original source: http://code.activestate.com/recipes/101525-ldap-authentication/
	public function login($username, $password) {
		$CI =& get_instance();

		$config = $CI->config->item("auth_ldap");

		if ($username == "" || $password == "") {
			return false;
		}

		$ds = ldap_connect($config['host'],$config['port']);
		if ($ds === false) {
			return false;
		}

		if (isset($config['bind_rdn']) && isset($config['bind_password'])) {
			ldap_bind($ds, $config['bind_rdn'], $config['bind_password']);
		}
		
		switch ($config["scope"]) {
			case "base":
				$r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
				break;
			case "one":
				$r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
				break;
			case "subtree":
				$r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
				break;
			default:
				throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope");
		}
		if ($r === false) {
			return false;
		}

		foreach ($config["options"] as $key => $value) {
			if (ldap_set_option($ds, $key, $value) === false) {
				return false;
			}
		}

		$result = ldap_get_entries($ds, $r);
		if ($result === false || !isset($result[0])) {
			return false;
		}

		// ignore errors from ldap_bind as it will throw an error if the password is incorrect
		if (@ldap_bind($ds, $result[0]['dn'], $password)) {
			ldap_unbind($ds);
			return array(
				"username" => $result[0][$config["username_field"]][0],
				"userid" => $result[0][$config["userid_field"]][0]
			);
		}

		return false;
	}
}