LDAP Support

system/api/sessionmanager.inc.php

@@ -76,32 +76,37 @@ public function login( $login, $password, $newPassword = null )
                 $hash = $user[ 'user_passwd' ];
                 $isTemp = $user[ 'passwd_temp' ];
 
-                $passwordHash = new System_Core_PasswordHash();
+                $ldapHelper = new System_Api_TkLDAPHelper();
+                if ( $ldapHelper->checkPassword( $login, $password ) == false) {
+                    $passwordHash = new System_Core_PasswordHash();
 
-                if ( $passwordHash->checkPassword( $password, $hash ) ) {
-                    if ( $newPassword != null ) {
-                        if ( $newPassword == $password )
-                            throw new System_Api_Error( System_Api_Error::CannotReusePassword );
+                    if ( $passwordHash->checkPassword( $password, $hash ) ) {
+                        if ( $newPassword != null ) {
+                            if ( $newPassword == $password )
+                                throw new System_Api_Error( System_Api_Error::CannotReusePassword );
 
-                        if ( System_Core_Application::getInstance()->getSite()->getConfig( 'demo_mode' ) ) {
-                            if ( $user[ 'user_access' ] != System_Const::AdministratorAccess )
-                                throw new System_Api_Error( System_Api_Error::AccessDenied );
-                        }
+                            if ( System_Core_Application::getInstance()->getSite()->getConfig( 'demo_mode' ) ) {
+                                if ( $user[ 'user_access' ] != System_Const::AdministratorAccess )
+                                    throw new System_Api_Error( System_Api_Error::AccessDenied );
+                            }
 
-                        $newHash = $passwordHash->hashPassword( $newPassword );
+                            $newHash = $passwordHash->hashPassword( $newPassword );
 
-                        $query = 'UPDATE {users} SET user_passwd = %s, passwd_temp = 0 WHERE user_id = %d';
-                        $this->connection->execute( $query, $newHash, $userId );
+                            $query = 'UPDATE {users} SET user_passwd = %s, passwd_temp = 0 WHERE user_id = %d';
+                            $this->connection->execute( $query, $newHash, $userId );
 
-                        $isTemp = false;
-                    } else if ( $passwordHash->isNewHashNeeeded( $hash ) ) {
-                        $newHash = $passwordHash->hashPassword( $password );
+                            $isTemp = false;
+                        } else if ( $passwordHash->isNewHashNeeeded( $hash ) ) {
+                            $newHash = $passwordHash->hashPassword( $password );
 
-                        $query = 'UPDATE {users} SET user_passwd = %s WHERE user_id = %d';
-                        $this->connection->execute( $query, $newHash, $userId );
+                            $query = 'UPDATE {users} SET user_passwd = %s WHERE user_id = %d';
+                            $this->connection->execute( $query, $newHash, $userId );
+                        }
+                    } else {
+                        $user = null;
                     }
                 } else {
-                    $user = null;
+                    $isTemp = false;
                 }
             }
 

system/api/tkldaphelper.inc.php

@@ -0,0 +1,58 @@
+<?php
+
+//  File Location: /system/api/tkldaphelper.inc.php
+
+if ( !defined( 'WI_VERSION' ) ) die( -1 );
+
+class System_Api_TkLDAPHelper
+{
+    private static $ldapDomain = '';           // set here your ldap domain
+    private static $ldapHost = '';    // set here your ldap host
+    private static $ldapPort = '';                      // ldap Port (default 389)
+    private static $ldapUser  = '';                        // ldap User (rdn or dn)
+    private static $ldapPassword = '';                     // ldap associated Password  
+
+    public function __construct(  )
+    {
+    }
+
+   /**
+    * Validate given password against the stored hash.
+    * @param $password The plain text password.
+    * @param $storedHash The stored hash.
+    * @return @c true if the password is valid, @c false otherwise.
+    */
+    public function checkPassword( $user, $password )
+    {
+        if ( $user == null )
+            return false;
+
+        if ( $password == null )
+            return false;
+
+        $serverManager = new System_Api_ServerManager();
+
+        self::$ldapDomain = '@' . $serverManager->getSetting( 'ldap_domain' );
+        self::$ldapHost = 'ldap://' . $serverManager->getSetting( 'ldap_host' );
+        self::$ldapPort = $serverManager->getSetting( 'ldap_port' );
+
+        $ldapConnection = ldap_connect(self::$ldapHost, self::$ldapPort);
+
+        if ($ldapConnection) {
+            self::$ldapUser = addslashes(trim($user));
+            self::$ldapPassword = addslashes(trim($password));
+
+            ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+            ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
+            $ldapbind = @ldap_bind($ldapConnection, self::$ldapUser . self::$ldapDomain, self::$ldapPassword);
+
+            // verify binding
+            if ($ldapbind) {
+                ldap_close($ldapConnection);    // close ldap connection
+                return true;
+            } 
+        }
+        return false;
+    }
+}
+?>