[geeklog-hg] geeklog: Merged feature-simple-ldap
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sat Jul 11 18:01:50 EDT 2015
changeset 9613:88ff905f0291
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/88ff905f0291
user: Kenji ITO <mystralkk at gmail.com>
date: Sun Jul 12 07:01:16 2015 +0900
description:
Merged feature-simple-ldap
diffstat:
system/classes/authentication/RemoteAuthAbstract.class.php | 59 +++++++
system/classes/authentication/Simple_LDAP.auth.class.php | 100 +++++++++++++
system/classes/authentication/simple_ldap/config.php | 38 ++++
3 files changed, 197 insertions(+), 0 deletions(-)
diffs (209 lines):
diff -r 111c31d9b07c -r 88ff905f0291 system/classes/authentication/RemoteAuthAbstract.class.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/system/classes/authentication/RemoteAuthAbstract.class.php Sun Jul 12 07:01:16 2015 +0900
@@ -0,0 +1,59 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+// +---------------------------------------------------------------------------+
+// | Geeklog 2.1 |
+// +---------------------------------------------------------------------------+
+// | Remote Authentication Interface |
+// +---------------------------------------------------------------------------+
+// | Copyright (C) 2015 by the following authors: |
+// | |
+// | Authors: Kenji ITO mystralkk AT gmail DOT com |
+// +---------------------------------------------------------------------------+
+// | |
+// | This program is free software; you can redistribute it and/or |
+// | modify it under the terms of the GNU General Public License |
+// | as published by the Free Software Foundation; either version 2 |
+// | of the License, or (at your option) any later version. |
+// | |
+// | This program is distributed in the hope that it will be useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+// | GNU General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
+// | |
+// +---------------------------------------------------------------------------+
+
+abstract class RemoteAuthAbstract
+{
+ /**
+ * @var string $fullname
+ */
+ public $fullname;
+
+ /**
+ * @var string $email
+ */
+ public $email;
+
+ /**
+ * @var string $homepage
+ */
+ public $homepage;
+
+ /**
+ * Authenticate the current user with the user name and password given
+ *
+ * When the user is successfully authenticated, $this->fullname, $this->email,
+ * $this->homepage variables should be filled with the information provided
+ * by the authenticating server.
+ *
+ * @param string $username
+ * @param string $password
+ * @return boolean true = authentication success, false otherwise
+ */
+ abstract public function authenticate($username, $password);
+}
diff -r 111c31d9b07c -r 88ff905f0291 system/classes/authentication/Simple_LDAP.auth.class.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/system/classes/authentication/Simple_LDAP.auth.class.php Sun Jul 12 07:01:16 2015 +0900
@@ -0,0 +1,100 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+// +---------------------------------------------------------------------------+
+// | Geeklog 2.1 |
+// +---------------------------------------------------------------------------+
+// | Simple_LDAP.auth.class.php |
+// | based on LDAP.auth.class.php by Jessica Blank |
+// | jessica.blank AT mtvnmix DOT com |
+// | |
+// | Geeklog Distributed Authentication Module. |
+// +---------------------------------------------------------------------------+
+// | Copyright (C) 2009 by the following authors: |
+// | |
+// | Authors: Markus Guske mg AT guske DOT de |
+// +---------------------------------------------------------------------------+
+// | |
+// | This program is free software; you can redistribute it and/or |
+// | modify it under the terms of the GNU General Public License |
+// | as published by the Free Software Foundation; either version 2 |
+// | of the License, or (at your option) any later version. |
+// | |
+// | This program is distributed in the hope that it will be useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+// | GNU General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
+// | |
+// +---------------------------------------------------------------------------+
+
+require_once dirname(__FILE__) . '/RemoteAuthAbstract.class.php';
+
+/**
+ * Simple_LDAP Remote Authentication class
+ *
+ * BE SURE TO EDIT system/classes/authentication/simple_ldap/config.php first!
+ *
+ */
+class Simple_LDAP extends RemoteAuthAbstract
+{
+ public function authenticate($username, $password)
+ {
+ require_once dirname(__FILE__) . '/simple_ldap/config.php';
+
+ if (!is_callable('ldap_connect')) {
+ COM_errorLog('Simple_LDAP Error: LDAP extension is disabled');
+ return false;
+ }
+
+ $ldap_connection = ldap_connect($_SIMPLE_LDAP_CONF['ldap_host']);
+
+ if ($ldap_connection === false) {
+ COM_errorLog("Simple_LDAP Error: Cannot connect to LDAP server " . $_SIMPLE_LDAP_CONF['ldap_host']);
+ return false;
+ }
+
+ if (!ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+ COM_errorLog("Simple_LDAP Error: Cannot set LDAP protocol version to 3");
+ return false;
+ }
+
+ $ldap_result = ldap_search($ldap_connection, $_SIMPLE_LDAP_CONF['base_dn'], "uid={$username}");
+
+ if ($ldap_result === false) {
+ COM_errorLog('Simple_LDAP Error: Search for user ' . $username . ' failed');
+ return false;
+ }
+
+ $A = ldap_get_entries($ldap_connection, $ldap_result);
+
+ if (($A === false) || ($A['count'] == 0)) {
+ COM_errorLog('Simple_LDAP Error: User ' . $username . ' does not exist.');
+ return false;
+ }
+
+ // Trying to bind against LDAP given username and password
+ $ldap_found_user_dn = $A[0]['dn'];
+ $ldap_bind = @ldap_bind($ldap_connection, $ldap_found_user_dn, $password);
+
+ if ($ldap_bind === false) {
+ COM_errorLog('Simple_LDAP Error: Cannot bind to LDAP directory: ' . ldap_error($ldap_connection));
+ return false;
+ }
+
+ // Bind successful, get some more infos from LDAP
+ $this->fullname = $A[0]['cn'][0];
+ $this->email = $A[0]['mail'][0];
+ $this->homepage = $A[0]['labeleduri'][0];
+
+ if (ldap_unbind($ldap_connection)) {
+ return true;
+ } else {
+ COM_errorLog('Simple_LDAP Error: Could not unbind from LDAP directory');
+ return false;
+ }
+ }
+}
diff -r 111c31d9b07c -r 88ff905f0291 system/classes/authentication/simple_ldap/config.php
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/system/classes/authentication/simple_ldap/config.php Sun Jul 12 07:01:16 2015 +0900
@@ -0,0 +1,38 @@
+<?php
+
+/* Reminder: always indent with 4 spaces (no tabs). */
+// +---------------------------------------------------------------------------+
+// | Geeklog 2.1 |
+// +---------------------------------------------------------------------------+
+// | config.php |
+// | |
+// | LDAP configuration file. |
+// +---------------------------------------------------------------------------+
+// | Copyright (C) 2009-2015 by the following authors: |
+// | |
+// | Authors: Markus Guske mg AT guske DOT de |
+// +---------------------------------------------------------------------------+
+// | |
+// | This program is free software; you can redistribute it and/or |
+// | modify it under the terms of the GNU General Public License |
+// | as published by the Free Software Foundation; either version 2 |
+// | of the License, or (at your option) any later version. |
+// | |
+// | This program is distributed in the hope that it will be useful, |
+// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+// | GNU General Public License for more details. |
+// | |
+// | You should have received a copy of the GNU General Public License |
+// | along with this program; if not, write to the Free Software Foundation, |
+// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
+// | |
+// +---------------------------------------------------------------------------+
+
+global $_SIMPLE_LDAP_CONF;
+
+// LDAP Settings
+// this example uses localhost as LDAP server
+// and hostname.homeunix.org possible DynDNS definition
+$_SIMPLE_LDAP_CONF['ldap_host'] = 'localhost';
+$_SIMPLE_LDAP_CONF['base_dn'] = 'dc=hostname,dc=homeunix,dc=org';
More information about the geeklog-cvs
mailing list