-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathldap_auth.php
More file actions
90 lines (86 loc) · 3.88 KB
/
ldap_auth.php
File metadata and controls
90 lines (86 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); // This Prevents browsers from directly accessing this PHP file.
/*
|--------------------------------------------------------------------------
| LICENSE
|--------------------------------------------------------------------------
|
| This program is free software: you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation, either version 3 of the License, or
| (at your option) any later version.
|
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
|
| You should have received a copy of the GNU General Public License
| along with this program. If not, see <http://www.gnu.org/licenses/>.
|-----------------------------------------------------------------------------
| INFORMATIONAL
|-----------------------------------------------------------------------------
| ldap_auth - user authentication using AD/ldap suitable for site wide passwords
| Author: Dwayne Hale
| Library Requirements: CodeIgniter >= v2.0.3
| ldap_auth_config.php config file.
| Methods:
| * authenticate - authenticate user name and pass word
| * info - ldap information about a user
|
| Usage:
| load the library by calling:
| $this->load->library('ldap_auth');
| somewhere in your controller of your CodeIgniter app before trying to call these functions:
| $this->ldap_auth->auth($user, $pass);
| OR
| $this->ldap_auth->info($user);
*/
class LDAP_auth{
//takes username and password, returns:
//true if user could bind to ldap server
//false if not.
public function auth($username, $password)
{
// No need to check if they are populated, CodeIgniter has a built-in validation class for this.
/* try to bind to the ldap server using the following
* username and password, if we can't bind then the user
* typed the wrong username or the wrong password.
*/
//get CodeIgniter stuffs.
$CI =& get_instance();
$CI->config->load('ldap_auth');
$ds = $CI->config->item('ds');
$server = $CI->config->item('ldap_server'); //using domain, If the DC is down DNS will route to another DC.
$user_prefix = $CI->config->item('user_prefix'); //checking for domain. e.g. YOUDOMAIN\YOUNAME
$user_suffix = $CI->config->item('user_suffix');
$dc = $CI->config->item('dc');
// Have to turn off errors or ldap_bind issues stack trace
$bind = @ldap_bind($ds,$user_prefix.$username.$user_suffix, $password);
//if we can bind we can grind.
if ($bind){
return TRUE;
}
else{
return FALSE;
}
}//END authenticate
// search ldap for given user
// if found return entries (as array), else return null
public function info($username) {
//get CodeIgniter stuffs.
$CI =& get_instance();
$CI->config->load('ldap_auth');
$ds = $CI->config->item('ds');
$server = $CI->config->item('ldap_server'); //using domain, If the DC is down DNS will route to another DC.
$user_prefix = $CI->config->item('user_prefix'); //checking for domain.
$user_suffix = $CI->config->item('user_suffix');
$dc = $CI->config->item('dc');
$sr = @ldap_search($ds, $dc,
"(&(objectCategory=user)(samAccountName=$username))");
$info = null;
if ($sr){
$info = @ldap_get_entries($ds, $sr);
}
return $info;
}//END info
}//END ldap_auth.php