Files
@ 0260ba63d9cf
Branch filter:
Location: hot67beta/plugins/authentication/ldap.php - annotation
0260ba63d9cf
4.8 KiB
text/x-php
morepad
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 | c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 c7d7e38b2269 | <?php
/**
* @version $Id: ldap.php 10709 2008-08-21 09:58:52Z eddieajau $
* @package Joomla
* @subpackage JFramework
* @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
// Check to ensure this file is included in Joomla!
defined('_JEXEC') or die( 'Restricted access' );
jimport( 'joomla.plugin.plugin' );
/**
* LDAP Authentication Plugin
*
* @package Joomla
* @subpackage JFramework
* @since 1.5
*/
class plgAuthenticationLdap extends JPlugin
{
/**
* Constructor
*
* For php4 compatability we must not use the __constructor as a constructor for plugins
* because func_get_args ( void ) returns a copy of all passed arguments NOT references.
* This causes problems with cross-referencing necessary for the observer design pattern.
*
* @param object $subject The object to observe
* @param array $config An array that holds the plugin configuration
* @since 1.5
*/
function plgAuthenticationLdap(& $subject, $config)
{
parent::__construct($subject, $config);
}
/**
* This method should handle any authentication and report back to the subject
*
* @access public
* @param array $credentials Array holding the user credentials
* @param array $options Array of extra options
* @param object $response Authentication response object
* @return object boolean
* @since 1.5
*/
function onAuthenticate( $credentials, $options, &$response )
{
// Initialize variables
$userdetails = null;
$success = 0;
$userdetails = Array();
// For JLog
$response->type = 'LDAP';
// LDAP does not like Blank passwords (tries to Anon Bind which is bad)
if (empty($credentials['password']))
{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'LDAP can not have blank password';
return false;
}
// load plugin params info
$ldap_email = $this->params->get('ldap_email');
$ldap_fullname = $this->params->get('ldap_fullname');
$ldap_uid = $this->params->get('ldap_uid');
$auth_method = $this->params->get('auth_method');
jimport('joomla.client.ldap');
$ldap = new JLDAP($this->params);
if (!$ldap->connect())
{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Unable to connect to LDAP server';
return;
}
switch($auth_method)
{
case 'search':
{
// Bind using Connect Username/password
// Force anon bind to mitigate misconfiguration like [#7119]
if(strlen($this->params->get('username'))) $bindtest = $ldap->bind();
else $bindtest = $ldap->anonymous_bind();
if($bindtest)
{
// Search for users DN
$binddata = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
if(isset($binddata[0]) && isset($binddata[0]['dn'])) {
// Verify Users Credentials
$success = $ldap->bind($binddata[0]['dn'],$credentials['password'],1);
// Get users details
$userdetails = $binddata;
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Unable to find user';
}
}
else
{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Unable to bind to LDAP';
}
} break;
case 'bind':
{
// We just accept the result here
$success = $ldap->bind($credentials['username'],$credentials['password']);
if($success) {
$userdetails = $ldap->simple_search(str_replace("[search]", $credentials['username'], $this->params->get('search_string')));
} else {
$response->status = JAUTHENTICATE_STATUS_FAILURE;
$response->error_message = 'Failed binding to LDAP server';
}
} break;
}
if(!$success)
{
$response->status = JAUTHENTICATE_STATUS_FAILURE;
if(!strlen($response->error_message)) $response->error_message = 'Incorrect username/password';
}
else
{
// Grab some details from LDAP and return them
if (isset($userdetails[0][$ldap_uid][0])) {
$response->username = $userdetails[0][$ldap_uid][0];
}
if (isset($userdetails[0][$ldap_email][0])) {
$response->email = $userdetails[0][$ldap_email][0];
}
if(isset($userdetails[0][$ldap_fullname][0])) {
$response->fullname = $userdetails[0][$ldap_fullname][0];
} else {
$response->fullname = $credentials['username'];
}
// Were good - So say so.
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message = '';
}
$ldap->close();
}
}
|