本文整理匯總了PHP中ldap_get_option函數的典型用法代碼示例。如果您正苦於以下問題:PHP ldap_get_option函數的具體用法?PHP ldap_get_option怎麽用?PHP ldap_get_option使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了ldap_get_option函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: getOption
public function getOption($name)
{
if (!@ldap_get_option($this->connection, ConnectionOptions::getOption($name), $ret)) {
throw new LdapException(sprintf('Could not retrieve value for option "%s".', $name));
}
return $ret;
}
示例2: getOption
/**
* Gets current value set for an option
*
* @param int $option Ldap option name
*
* @return mixed value set for the option
*
* @throws OptionException if option cannot be retrieved
*/
public function getOption($option)
{
$value = null;
if (!@ldap_get_option($this->connection, $option, $value)) {
$code = @ldap_errno($this->connection);
throw new OptionException(sprintf('Could not retrieve option %s value: Ldap Error Code=%s - %s', $option, $code, ldap_err2str($code)), $code);
}
return $value;
}
示例3: enrolarverificarAction
/**
* @Route("enrolarverificar/")
* @Template()
*/
public function enrolarverificarAction(Request $request)
{
$em = $this->getDoctrine()->getManager();
$Dominio = 'municipiorg.gob.ar';
$Usuario = $request->get('_username');
$Contrasena = $request->get('_password');
$Documento = str_replace(array('.', ' ', '-', ','), '', $request->get('_documento'));
if (!$Documento || !$Usuario || !$Contrasena) {
$this->get('session')->getFlashBag()->add('danger', 'Por favor escriba los datos solicitados.');
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
}
$Persona = $em->getRepository('YacareBaseBundle:Persona')->findBy(array('DocumentoNumero' => $Documento));
if (count($Persona) < 1) {
$this->get('session')->getFlashBag()->add('danger', 'No se encuentra una persona relacionada al DNI Nº ' . $Documento . ' en la base de datos.');
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
} else {
if (count($Persona) > 1) {
$this->get('session')->getFlashBag()->add('danger', 'Hay más de una persona asociada al DNI Nº ' . $Documento . ' en la base de datos.');
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
}
}
$Persona = $Persona[0];
$IdAgente = $Persona->getAgenteId();
if (!$IdAgente) {
$this->get('session')->getFlashBag()->add('danger', 'No se encuentra un agente municipal relacionado al DNI Nº ' . $Documento . '.');
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
}
if ($IdAgente) {
$Agente = $em->getRepository('YacareRecursosHumanosBundle:Agente')->find($IdAgente);
if (!$Agente) {
$this->get('session')->getFlashBag()->add('warning', 'No se encuentra un agente municipal relacionado al DNI Nº ' . $Documento);
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
}
}
$ServidorAd = \ldap_connect('192.168.100.44');
ldap_set_option($ServidorAd, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ServidorAd, LDAP_OPT_REFERRALS, 0);
$UsrBind = @\ldap_bind($ServidorAd, $Usuario . '@' . $Dominio, $Contrasena);
if ($UsrBind) {
return array('agente' => $Agente, 'usuario' => $Usuario, 'contrasena' => $Contrasena, 'documento' => $Documento);
} else {
$extended_error = '';
if (ldap_get_option($ServidorAd, LDAP_OPT_ERROR_STRING, $extended_error)) {
echo "Error Binding to LDAP: {$extended_error}";
} else {
echo "Error Binding to LDAP: No additional information is available.";
}
$this->get('session')->getFlashBag()->add('danger', 'No se puede conectar con la cuenta proporcionada. Verifique el nombre de usuario y la contraseña.');
return $this->redirect($this->generateUrl('yacare_munirg_ldap_enrolarinicio'));
}
}
示例4: authenticate
function authenticate($username, $password)
{
global $config, $ldap_connection, $auth_error;
if ($ldap_connection) {
// bind with sAMAccountName instead of full LDAP DN
if ($username && $password && ldap_bind($ldap_connection, "{$username}@{$config['auth_ad_domain']}", $password)) {
// group membership in one of the configured groups is required
if (isset($config['auth_ad_require_groupmembership']) && $config['auth_ad_require_groupmembership']) {
$search = ldap_search($ldap_connection, $config['auth_ad_base_dn'], get_auth_ad_user_filter($username), array('memberOf'));
$entries = ldap_get_entries($ldap_connection, $search);
unset($entries[0]['memberof']['count']);
//remove the annoying count
foreach ($entries[0]['memberof'] as $entry) {
$group_cn = get_cn($entry);
if (isset($config['auth_ad_groups'][$group_cn]['level'])) {
// user is in one of the defined groups
adduser($username);
return 1;
}
}
if (isset($config['auth_ad_debug']) && $config['auth_ad_debug']) {
if ($entries['count'] == 0) {
$auth_error = 'No groups found for user, check base dn';
} else {
$auth_error = 'User is not in one of the required groups';
}
} else {
$auth_error = 'Invalid credentials';
}
return 0;
} else {
// group membership is not required and user is valid
adduser($username);
return 1;
}
}
}
if (!isset($password) || $password == '') {
$auth_error = "A password is required";
} elseif (isset($config['auth_ad_debug']) && $config['auth_ad_debug']) {
ldap_get_option($ldap_connection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
$auth_error = ldap_error($ldap_connection) . '<br />' . $extended_error;
} else {
$auth_error = ldap_error($ldap_connection);
}
return 0;
}
示例5: authenticate
public function authenticate($ps_username, $ps_password = '', $pa_options = null)
{
$vo_bind = $this->bindToDirectory($ps_username, $ps_password);
if (!$vo_bind) {
if (ldap_get_option($this->getLinkIdentifier(), 0x32, $extended_error)) {
$vs_bind_rdn = $this->getProcessedConfigValue("ldap_bind_rdn_format", $ps_username, "", "");
caLogEvent("ERR", "LDAP ERROR (" . ldap_errno($this->getLinkIdentifier()) . ") {$extended_error} [{$vs_bind_rdn}]", "OpenLDAP::Authenticate");
}
return false;
}
// check group membership
if (!$this->hasRequiredGroupMembership($ps_username)) {
return false;
}
// user role and group membership syncing with directory
$this->syncWithDirectory($ps_username);
return true;
}
示例6: getOption
function getOption($option)
{
$ret = '';
switch ($option) {
case 'sid':
$ret = $this->sid;
break;
case 'version':
$ret = -1;
ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $ret);
break;
case 'name':
$ret = $this->name;
break;
case 'port':
$ret = $this->port;
break;
case 'tls':
$ret = $this->tls;
break;
case 'encrypted':
$ret = $this->encrypted;
break;
case 'user_attr':
$ret = isset($this->user_attr) ? $this->user_attr : NULL;
break;
case 'attr_filter':
$ret = isset($this->attr_filter) ? $this->attr_filter : NULL;
break;
case 'basedn':
$ret = isset($this->basedn) ? $this->basedn : NULL;
break;
case 'mail_attr':
$ret = isset($this->mail_attr) ? $this->mail_attr : NULL;
break;
case 'binddn':
$ret = isset($this->binddn) ? $this->binddn : NULL;
break;
case 'bindpw':
$ret = isset($this->bindpw) ? $this->bindpw : NULL;
break;
}
return $ret;
}
示例7: getLdapData
public static function getLdapData($userLogin)
{
//Соединяемся с каталогом
global $app;
$ldapconn = ldap_connect($app->ldap->addr);
//Выставляем опции
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_get_option($ldapconn, LDAP_OPT_ERROR_STRING, $err);
//авторизуемся в каталоге
$ldap_bind = ldap_bind($ldapconn, $app->ldap->uname, $app->ldap->pass);
//ищем в каталоге
$reslultsrh = ldap_search($ldapconn, 'dc=ab,dc=SRB,dc=local ', "(samaccountname={$userLogin}*)", array("cn", "userprincipalname", "telephonenumber"));
$get_Res = ldap_get_entries($ldapconn, $reslultsrh);
$res = array();
@($res['cn'] = $get_Res['0']['cn']['0']);
@($res['userprincipalname'] = $get_Res['0']['userprincipalname']['0']);
@($res['telephonenumber'] = $get_Res['0']['telephonenumber']['0']);
ldap_unbind($ldapconn);
return $res;
}
示例8: __construct
public function __construct(Ldap $link, $result = null)
{
$this->result = $result;
if (is_resource($result)) {
// Get the status code, matched DN and referrals from the response
ldap_parse_result($link->resource(), $result, $this->code, $this->matchedDN, $this->message, $this->referrals);
// Get the string representation of the status code
$this->message = ldap_err2str($this->code);
// Extract the data from the resource
$this->data = ldap_get_entries($link->resource(), $result);
$this->data = $this->cleanup_result($this->data);
// Remove the referrals array if there's nothing inside
count($this->referrals) == 0 && ($this->referrals = null);
// Try to extract pagination cookie and estimated number of objects to be returned
// Since there's no way to tell if pagination has been enabled or not, I am suppressing php errors
@ldap_control_paged_result_response($link->resource(), $result, $this->cookie, $this->estimated);
} else {
$this->code = ldap_errno($link->resource());
$this->message = ldap_error($link->resource());
}
// Active Directory conceals some additional error codes in the ErrorMessage of the response
// that we cannot get to with ldap_errno() in authentication failures - let's try to
// extract them!
if ($this->code == 49) {
$message = null;
ldap_get_option($link->resource(), Option::ErrorString, $message);
if (stripos($message, 'AcceptSecurityContext') !== false) {
$message = explode(', ', $message);
end($message);
$message = prev($message);
$this->code = explode(' ', $message)[1];
// For compatibility reasons with standard ldap, if the error code
// is 52e let's replace it with 49 ( their meanings are equal, it's just
// Microsoft doing it its own way again )
if ($this->code == '52e') {
$this->code = ResponseCode::InvalidCredentials;
}
}
}
}
示例9: user_login_ldap
function user_login_ldap($username, $password)
{
$ldapsrv = '';
// set your LDAP servers IP address (ex.192.168.0.1)
$ldapsrv_domain = '';
// set your LDAP servers Domain
$ldaperr['525'] = 'User not found';
$ldaperr['52e'] = 'Invalid credentials';
$ldaperr['530'] = 'Not permitted to logon at this time';
$ldaperr['531'] = 'Not permitted to logon at this workstation';
$ldaperr['532'] = 'Password expired';
$ldaperr['533'] = 'Account disabled';
$ldaperr['701'] = 'Account expired';
$ldaperr['773'] = 'User must reset password';
$ldaperr['775'] = 'User account locked';
if (!($ds = ldap_connect($ldapsrv))) {
return 'Unable to connect to LDAP server';
} else {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ger = @ldap_bind($ds, $username . '@' . $ldapsrv_domain, $password)) {
return true;
} else {
ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $diagmsg);
if (isset($diagmsg)) {
$diagmsg2 = explode(',', $diagmsg);
}
if (isset($diagmsg2) and preg_match('/data (.*)/i', trim($diagmsg2[2]), $res2) and isset($ldaperr[$res2[1]])) {
return $ldaperr[$res2[1]];
} else {
return ldap_error($ds);
}
}
ldap_close($ds);
}
}
示例10: ServerInfo
function ServerInfo()
{
if (is_array($this->version)) {
return $this->version;
}
$version = array();
/*
Determines how aliases are handled during search.
LDAP_DEREF_NEVER (0x00)
LDAP_DEREF_SEARCHING (0x01)
LDAP_DEREF_FINDING (0x02)
LDAP_DEREF_ALWAYS (0x03)
The LDAP_DEREF_SEARCHING value means aliases are dereferenced during the search but
not when locating the base object of the search. The LDAP_DEREF_FINDING value means
aliases are dereferenced when locating the base object but not during the search.
Default: LDAP_DEREF_NEVER
*/
ldap_get_option($this->_connectionID, LDAP_OPT_DEREF, $version['LDAP_OPT_DEREF']);
switch ($version['LDAP_OPT_DEREF']) {
case 0:
$version['LDAP_OPT_DEREF'] = 'LDAP_DEREF_NEVER';
case 1:
$version['LDAP_OPT_DEREF'] = 'LDAP_DEREF_SEARCHING';
case 2:
$version['LDAP_OPT_DEREF'] = 'LDAP_DEREF_FINDING';
case 3:
$version['LDAP_OPT_DEREF'] = 'LDAP_DEREF_ALWAYS';
}
/*
A limit on the number of entries to return from a search.
LDAP_NO_LIMIT (0) means no limit.
Default: LDAP_NO_LIMIT
*/
ldap_get_option($this->_connectionID, LDAP_OPT_SIZELIMIT, $version['LDAP_OPT_SIZELIMIT']);
if ($version['LDAP_OPT_SIZELIMIT'] == 0) {
$version['LDAP_OPT_SIZELIMIT'] = 'LDAP_NO_LIMIT';
}
/*
A limit on the number of seconds to spend on a search.
LDAP_NO_LIMIT (0) means no limit.
Default: LDAP_NO_LIMIT
*/
ldap_get_option($this->_connectionID, LDAP_OPT_TIMELIMIT, $version['LDAP_OPT_TIMELIMIT']);
if ($version['LDAP_OPT_TIMELIMIT'] == 0) {
$version['LDAP_OPT_TIMELIMIT'] = 'LDAP_NO_LIMIT';
}
/*
Determines whether the LDAP library automatically follows referrals returned by LDAP servers or not.
LDAP_OPT_ON
LDAP_OPT_OFF
Default: ON
*/
ldap_get_option($this->_connectionID, LDAP_OPT_REFERRALS, $version['LDAP_OPT_REFERRALS']);
if ($version['LDAP_OPT_REFERRALS'] == 0) {
$version['LDAP_OPT_REFERRALS'] = 'LDAP_OPT_OFF';
} else {
$version['LDAP_OPT_REFERRALS'] = 'LDAP_OPT_ON';
}
/*
Determines whether LDAP I/O operations are automatically restarted if they abort prematurely.
LDAP_OPT_ON
LDAP_OPT_OFF
Default: OFF
*/
ldap_get_option($this->_connectionID, LDAP_OPT_RESTART, $version['LDAP_OPT_RESTART']);
if ($version['LDAP_OPT_RESTART'] == 0) {
$version['LDAP_OPT_RESTART'] = 'LDAP_OPT_OFF';
} else {
$version['LDAP_OPT_RESTART'] = 'LDAP_OPT_ON';
}
/*
This option indicates the version of the LDAP protocol used when communicating with the primary LDAP server.
LDAP_VERSION2 (2)
LDAP_VERSION3 (3)
Default: LDAP_VERSION2 (2)
*/
ldap_get_option($this->_connectionID, LDAP_OPT_PROTOCOL_VERSION, $version['LDAP_OPT_PROTOCOL_VERSION']);
if ($version['LDAP_OPT_PROTOCOL_VERSION'] == 2) {
$version['LDAP_OPT_PROTOCOL_VERSION'] = 'LDAP_VERSION2';
} else {
$version['LDAP_OPT_PROTOCOL_VERSION'] = 'LDAP_VERSION3';
}
/* The host name (or list of hosts) for the primary LDAP server. */
ldap_get_option($this->_connectionID, LDAP_OPT_HOST_NAME, $version['LDAP_OPT_HOST_NAME']);
ldap_get_option($this->_connectionID, OPT_ERROR_NUMBER, $version['OPT_ERROR_NUMBER']);
ldap_get_option($this->_connectionID, OPT_ERROR_STRING, $version['OPT_ERROR_STRING']);
ldap_get_option($this->_connectionID, LDAP_OPT_MATCHED_DN, $version['LDAP_OPT_MATCHED_DN']);
return $this->version = $version;
}
示例11: _findUser
/**
* Find a user record using the username and password provided.
*
* @param string $username The username/identifier.
* @param string|null $password The password
* @return bool|array Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password = null)
{
if (!empty($this->_config['domain']) && !empty($username) && strpos($username, '@') === false) {
$username .= '@' . $this->_config['domain'];
}
set_error_handler(function ($errorNumber, $errorText, $errorFile, $errorLine) {
throw new ErrorException($errorText, 0, $errorNumber, $errorFile, $errorLine);
}, E_ALL);
try {
$ldapBind = ldap_bind($this->ldapConnection, isset($this->_config['bindDN']) ? $this->_config['bindDN']($username, $this->_config['domain']) : $username, $password);
if ($ldapBind === true) {
$searchResults = ldap_search($this->ldapConnection, $this->_config['baseDN']($username, $this->_config['domain']), '(' . $this->_config['search'] . '=' . $username . ')');
$entry = ldap_first_entry($this->ldapConnection, $searchResults);
return ldap_get_attributes($this->ldapConnection, $entry);
}
} catch (ErrorException $e) {
if ($this->logErrors === true) {
$this->log($e->getMessage());
}
if (ldap_get_option($this->ldapConnection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extendedError)) {
if (!empty($extendedError)) {
foreach ($this->_config['errors'] as $error => $errorMessage) {
if (strpos($extendedError, $error) !== false) {
$messages[] = ['message' => $errorMessage, 'key' => $this->_config['flash']['key'], 'element' => $this->_config['flash']['element'], 'params' => $this->_config['flash']['params']];
}
}
}
}
}
restore_error_handler();
if (!empty($messages)) {
$controller = $this->_registry->getController();
$controller->request->session()->write('Flash.' . $this->_config['flash']['key'], $messages);
}
return false;
}
示例12: fetchData
/**
* Fetch data from LDAP server
*
* Searches the LDAP server for the given username/password
* combination. Escapes all LDAP meta characters in username
* before performing the query.
*
* @param string Username
* @param string Password
* @return boolean
*/
function fetchData($username, $password)
{
$this->log('Auth_Container_LDAP::fetchData() called.', AUTH_LOG_DEBUG);
$err = $this->_prepare();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
$err = $this->_getBaseDN();
if ($err !== true) {
return PEAR::raiseError($err->getMessage(), $err->getCode());
}
// UTF8 Encode username for LDAPv3
if (@ldap_get_option($this->conn_id, LDAP_OPT_PROTOCOL_VERSION, $ver) && $ver == 3) {
$this->log('UTF8 encoding username for LDAPv3', AUTH_LOG_DEBUG);
$username = utf8_encode($username);
}
// make search filter
$filter = sprintf('(&(%s=%s)%s)', $this->options['userattr'], $this->_quoteFilterString($username), $this->options['userfilter']);
// make search base dn
$search_basedn = $this->options['userdn'];
if ($search_basedn != '' && substr($search_basedn, -1) != ',') {
$search_basedn .= ',';
}
$search_basedn .= $this->options['basedn'];
// attributes
$searchAttributes = $this->options['attributes'];
// make functions params array
$func_params = array($this->conn_id, $search_basedn, $filter, $searchAttributes);
// search function to use
$func_name = $this->_scope2function($this->options['userscope']);
$this->log("Searching with {$func_name} and filter {$filter} in {$search_basedn}", AUTH_LOG_DEBUG);
// search
if (($result_id = @call_user_func_array($func_name, $func_params)) === false) {
$this->log('User not found', AUTH_LOG_DEBUG);
} elseif (@ldap_count_entries($this->conn_id, $result_id) >= 1) {
// did we get some possible results?
$this->log('User(s) found', AUTH_LOG_DEBUG);
$first = true;
$entry_id = null;
do {
// then get the user dn
if ($first) {
$entry_id = @ldap_first_entry($this->conn_id, $result_id);
$first = false;
} else {
$entry_id = @ldap_next_entry($this->conn_id, $entry_id);
if ($entry_id === false) {
break;
}
}
$user_dn = @ldap_get_dn($this->conn_id, $entry_id);
// as the dn is not fetched as an attribute, we save it anyway
if (is_array($searchAttributes) && in_array('dn', $searchAttributes)) {
$this->log('Saving DN to AuthData', AUTH_LOG_DEBUG);
$this->_auth_obj->setAuthData('dn', $user_dn);
}
// fetch attributes
if ($attributes = @ldap_get_attributes($this->conn_id, $entry_id)) {
if (is_array($attributes) && isset($attributes['count']) && $attributes['count'] > 0) {
// ldap_get_attributes() returns a specific multi dimensional array
// format containing all the attributes and where each array starts
// with a 'count' element providing the number of attributes in the
// entry, or the number of values for attribute. For compatibility
// reasons, it remains the default format returned by LDAP container
// setAuthData().
// The code below optionally returns attributes in another format,
// more compliant with other Auth containers, where each attribute
// element are directly set in the 'authData' list. This option is
// enabled by setting 'attrformat' to
// 'AUTH' in the 'options' array.
// eg. $this->options['attrformat'] = 'AUTH'
if (strtoupper($this->options['attrformat']) == 'AUTH') {
$this->log('Saving attributes to Auth data in AUTH format', AUTH_LOG_DEBUG);
unset($attributes['count']);
foreach ($attributes as $attributeName => $attributeValue) {
if (is_int($attributeName)) {
continue;
}
if (is_array($attributeValue) && isset($attributeValue['count'])) {
unset($attributeValue['count']);
}
if (count($attributeValue) <= 1) {
$attributeValue = $attributeValue[0];
}
$this->log('Storing additional field: ' . $attributeName, AUTH_LOG_DEBUG);
$this->_auth_obj->setAuthData($attributeName, $attributeValue);
}
} else {
$this->log('Saving attributes to Auth data in LDAP format', AUTH_LOG_DEBUG);
//.........這裏部分代碼省略.........
示例13: testExplicitNetworkTimeoutConnect
public function testExplicitNetworkTimeoutConnect()
{
$networkTimeout = 1;
$host = TESTS_ZEND_LDAP_HOST;
$port = 0;
if (defined('TESTS_ZEND_LDAP_PORT') && TESTS_ZEND_LDAP_PORT != 389) {
$port = TESTS_ZEND_LDAP_PORT;
}
$useSsl = false;
if (defined('TESTS_ZEND_LDAP_USE_SSL')) {
$useSsl = TESTS_ZEND_LDAP_USE_SSL;
}
$ldap = new Ldap\Ldap();
$ldap->connect($host, $port, $useSsl, null, $networkTimeout);
ldap_get_option($ldap->getResource(), LDAP_OPT_NETWORK_TIMEOUT, $actual);
$this->assertEquals($networkTimeout, $actual);
}
示例14: user_login
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username (without system magic quotes)
* @param string $password The password (without system magic quotes)
*
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
if (!function_exists('ldap_bind')) {
print_error('auth_ldapnotinstalled', 'auth_ldap');
return false;
}
if (!$username or !$password) {
// Don't allow blank usernames or passwords
return false;
}
$extusername = core_text::convert($username, 'utf-8', $this->config->ldapencoding);
$extpassword = core_text::convert($password, 'utf-8', $this->config->ldapencoding);
// Before we connect to LDAP, check if this is an AD SSO login
// if we succeed in this block, we'll return success early.
//
$key = sesskey();
if (!empty($this->config->ntlmsso_enabled) && $key === $password) {
$cf = get_cache_flags($this->pluginconfig . '/ntlmsess');
// We only get the cache flag if we retrieve it before
// it expires (AUTH_NTLMTIMEOUT seconds).
if (!isset($cf[$key]) || $cf[$key] === '') {
return false;
}
$sessusername = $cf[$key];
if ($username === $sessusername) {
unset($sessusername);
unset($cf);
// Check that the user is inside one of the configured LDAP contexts
$validuser = false;
$ldapconnection = $this->ldap_connect();
// if the user is not inside the configured contexts,
// ldap_find_userdn returns false.
if ($this->ldap_find_userdn($ldapconnection, $extusername)) {
$validuser = true;
}
$this->ldap_close();
// Shortcut here - SSO confirmed
return $validuser;
}
}
// End SSO processing
unset($key);
$ldapconnection = $this->ldap_connect();
$ldap_user_dn = $this->ldap_find_userdn($ldapconnection, $extusername);
// If ldap_user_dn is empty, user does not exist
if (!$ldap_user_dn) {
$this->ldap_close();
return false;
}
// Try to bind with current username and password
$ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, $extpassword);
// If login fails and we are using MS Active Directory, retrieve the diagnostic
// message to see if this is due to an expired password, or that the user is forced to
// change the password on first login. If it is, only proceed if we can change
// password from Moodle (otherwise we'll get stuck later in the login process).
if (!$ldap_login && $this->config->user_type == 'ad' && $this->can_change_password() && (!empty($this->config->expiration) and $this->config->expiration == 1)) {
// We need to get the diagnostic message right after the call to ldap_bind(),
// before any other LDAP operation.
ldap_get_option($ldapconnection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $diagmsg);
if ($this->ldap_ad_pwdexpired_from_diagmsg($diagmsg)) {
// If login failed because user must change the password now or the
// password has expired, let the user in. We'll catch this later in the
// login process when we explicitly check for expired passwords.
$ldap_login = true;
}
}
$this->ldap_close();
return $ldap_login;
}
示例15: ConnectToAD
function ConnectToAD($username, $password)
{
$ChilliConf = unserialize(base64_decode(@file_get_contents("/etc/artica-postfix/settings/Daemons/ChilliConf")));
if ($ChilliConf["EnableActiveDirectory"] == 0) {
return false;
}
$AD_DOMAIN = $ChilliConf["AD_DOMAIN"];
define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x32);
events("ldap_connect({$ChilliConf["AD_SERVER"]},{$ChilliConf["AD_PORT"]})...");
$cnx = @ldap_connect($ChilliConf["AD_SERVER"], $ChilliConf["AD_PORT"]);
if (!$cnx) {
events("Fatal: ldap_connect({$ChilliConf["AD_SERVER"]},{$ChilliConf["AD_PORT"]} ) Check your configuration...");
@ldap_close();
return false;
}
events("OK: ldap_connect({$ChilliConf["AD_SERVER"]},{$ChilliConf["AD_PORT"]} ) SUCCESS");
@ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0);
@ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3);
// on passe le LDAP en version 3, necessaire pour travailler avec le AD
@ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0);
events("Check ident {$username}@{$AD_DOMAIN} {$password}");
$bind = @ldap_bind($cnx, "{$username}@{$AD_DOMAIN}", $password);
if (!$bind) {
$errn = ldap_errno($cnx);
$error = "Error {$errn}: " . ldap_err2str($errn);
if (@ldap_get_option($cnx, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
$error = $error . " {$extended_error}";
}
events("{$error}");
return false;
}
events("Active Directory session SUCCESS");
return true;
}