[geeklog-cvs] Auth_Enterprise/Enterprise/Server LDAP.php,NONE,1.1

tony at iowaoutdoors.org tony at iowaoutdoors.org
Fri Jul 16 15:12:36 EDT 2004 

Update of /var/cvs/Auth_Enterprise/Enterprise/Server
In directory www:/tmp/cvs-serv17018

Added Files:
	LDAP.php 
Log Message:
This use to be LDAPProvider.php.  I've moved into this directory and renamed the file only.  As a result, LDAP support is more than likely broken but will be fixed shortly.


--- NEW FILE: LDAP.php ---
<?php

/**
* Auth_Enterprise
*
* This source file is subject to version 2.02 of the PHP license, that is bundled with this package
* in the file LICENSE, and is available at through the world-wide-web at
* http://www.php.net/license/2_02.txt. If you did not receive a copy of the PHP license and are
* unable to obtain it through the world-wide-web, please send a note to license at php.net so we can
* mail you a copy immediately.
*
* @author Ozzyie Chen <ozzyie at doit.wisc.edu>
* @author Tony Bibbs <tony at geeklog.net>
* @copyright 2004
* @version $Id: LDAP.php,v 1.1 2004/07/16 19:12:32 tony Exp $
*
*/

/**
* Bring in the base Auth_Enterprise provider
*/
require_once 'Auth/Enterprise/Server/providers/BasePearDBProvider.php';

/**
* The Auth_Enterprise server configuration file
*/
require_once 'Auth/Enterprise/Server/ServerConfig.php';

/**
* Auth_Enteprise LDAP database provider
*
* This extends the base PEAR::DB server provider and simply implements the authenticate() and
* createAccount() and change password methods against the LDAP datasource.
*
* @author Ozzyie Chen <ozzyie at doit.wisc.edu>
* @author Tony Bibbs <tony at geeklog.net>
* @package net.geeklog.auth_enterprise.server
* 
*/
class Enterprise_LDAPProvider extends Enterprise_BasePearDBProvider {
    /**
    * Handle to an LDAP connection
    */
    protected $ldapConn = null;
    
    /**
    * Sets app ID and establish LDAP connection
    *
    * @author Ozzyie Chen <ozzyie at doit.wisc.edu>
    * @param string $appId Application ID
    *
    */
    public function __construct($appId)
    {
        global $gConf;
        
        // Call constructor on parent first
        parent::__construct($appId);
        
        // Try connecting to the LDAP server
        $this->ldapConn = ldap_connect($gConf[AE_PROVIDER_LDAP]['ldapHost'],
            $gConf[AE_PROVIDER_LDAP]['ldapPort']);
            
        if (!$this->ldapConn) {
           // Throw LDAP connection exception
           throw new AEUnableToConnect('Unable to connect to LDAP server');
        }
        
        // Set LDAP protocol version
        ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, $gConf[AE_PROVIDER_LDAP]['ldapProtocolVersion']);
    }

    /**
    * Binds to the LDAP server with a specific set of credentials
    *
    * @author Tony Bibbs <tony at geeklog.net>
    * @access protected
    * @param string $dn
    * @param string $userPassword Password to bind with
    */
    protected function doBind($dn, $userPassword)
    {
        if (empty($userPassword)) {
           if (!ldap_bind($this->ldapConn, $dn)) {
              // Throw LDAP bind exception
              throw new AELDAPBindError('LDAP bind failed');
           }
        } else {
           //print "$dn"; exit;
           //print_r($this->ldapConn); exit;
           if (!ldap_bind($this->ldapConn, $dn, $userPassword)) {
              // Throw LDAP bind exception
              throw new AELDAPBindError('LDAP bind failed');
           }
        }
    }

    /**
    * Authenticates user against an LDAP repository
    *
    * @author Ozzyie Chen <ozzyie at doit.wisc.edu>
    * @access protected
    * @param string $userName User to authenticate
    * @param string $password Password to authenticate with
    * 
    */
    public function authenticate($userName, $password)
    {
        global $gConf;
        
        try {
           $this->doBind("cn=$userName,ou=people,{$gConf[AE_PROVIDER_LDAP]['ldapDC']}", $password);
        } catch (AELDAPBindError $e) {
           throw new AEInvalidUserCredentials($e->getMessage());
        } catch (Exception $e) {
           throw $e;
        }
        
        // OK, authentication worked, get data for the user
        $prepStmt = $this->db->prepare('SELECT user_name,user_password,user_account_locked,
            user_failed_attempts,user_pwd_last_set FROM ae_user
            WHERE user_name = ?');
        $result = $this->db->execute($prepStmt, array($userName));
        
        if (DB::isError($result)) {
            throw new AESQLException($result->toString());
        }
        
        $this->isAuthenticated = true;
        
        if ($result->numRows() > 0) {
            $user = $this->mapResultToUserObject($result);
            
            // Ensure the account hasn't been locked
            // Do we need to do this for LDAP or can LDAP
            // report this?
            if ($user->getAccountLocked()) {
                throw new AEAccountLocked();
            }
            
            // Check to see if password has expired.
            if ($user->isPasswordExpired()) {
                throw new AEPasswordExpired();
            }
            
            $user->setAppId($appId);
            
            try {
                // We get the groups as those will be sent back in user object
                $user->setGroups($this->getGroups($user->getUserName()));
                $user->setPrivileges($this->getPrivileges($user->getUserName()));
            } catch (AESQLException $e) {
                throw $e;
            } catch (Exception $e) {
                throw $e;
            }
               
            return $user;
        } else {
            // Hrm no data for the user exists.  This is an obvious error
            throw new AEUnknownException('LDAP authenticated fine but the user is not in the database');
        }
    }
}
?>

More information about the geeklog-cvs mailing list