ldapbaseauthenticationprovider.inc.php.tmp

来自「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」· TMP 代码 · 共 1,041 行 · 第 1/3 页

TMP
1,041
字号
123
     */    var $oLdap;    function KTLDAPBaseAuthenticator($oSource) {        $this->oSource =& KTUtil::getObject('KTAuthenticationSource', $oSource);        $aConfig = unserialize($this->oSource->getConfig());        $this->sLdapServer = $aConfig['servername'];        $this->iLdapPort = $aConfig['serverport'];        $this->sBaseDN = $aConfig['basedn'];        $this->sSearchUser = $aConfig['searchuser'];        $this->sSearchPassword = $aConfig['searchpassword'];        $this->aObjectClasses = KTUtil::arrayGet($aConfig, 'objectclasses');        if (empty($this->aObjectClasses)) {            $this->aObjectClasses = array('user', 'inetOrgPerson', 'posixAccount');        }        $this->aSearchAttributes = KTUtil::arrayGet($aConfig, 'searchattributes');        if (empty($this->aSearchAttributes)) {            $this->aSearchAttributes = array('cn', 'samaccountname');        }        $this->bTls = KTUtil::arrayGet($aConfig, 'tls', false);        if ($this->iLdapPort + 0 == 0) $this->iLdapPort=389; // some basic validation in case port is blank or 0        require_once('Net/LDAP.php');        $config = array(            'dn' => $this->sSearchUser,            'password' => $this->sSearchPassword,            'host' => $this->sLdapServer,            'base' => $this->sBaseDN,            'options' => array('LDAP_OPT_REFERRALS' => 0),            'tls' => $this->bTls,            'port'=> $this->iLdapPort        );        $this->oLdap =& Net_LDAP::connect($config);        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }    }    /**     * Authenticate the user against the LDAP directory     *     * @param string the user to authenticate     * @param string the password to check     * @return boolean true if the password is correct, else false     */    function checkPassword($oUser, $sPassword) {        $dn = $oUser->getAuthenticationDetails();        $config = array(            'host' => $this->sLdapServer,            'base' => $this->sBaseDN,            'tls' => $this->bTls,            'port'=> $this->iLdapPort        );        $this->oLdap =& Net_LDAP::connect($config);        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $res = $this->oLdap->reBind($dn, $sPassword);        if(PEAR::isError($res)){            // If bind returns false, do a search on the user using the SAMAccountName which should be unique            $res = $this->authenticateOnLDAPUsername($oUser, $sPassword);        }        return $res;    }    /**     * Search for the user on the username / sAMAccountName and authenticate.     * If authentication is successful then update the users authentication details (dn)     *     * @param object $oUser     * @param string $sPassword     * @return unknown     */    function authenticateOnLDAPUsername($oUser, $sPassword){        // Reconnect for the search.        $config = array(            'dn' => $this->sSearchUser,            'password' => $this->sSearchPassword,            'host' => $this->sLdapServer,            'base' => $this->sBaseDN,            'options' => array('LDAP_OPT_REFERRALS' => 0),            'tls' => $this->bTls,            'port'=> $this->iLdapPort        );        $this->oLdap =& Net_LDAP::connect($config);        if (PEAR::isError($this->oLdap)) {            return $res;        }        // Get the users sAMAccountName and search LDAP        $sName = $oUser->getAuthenticationDetails2();        if(empty($sName)){            return false;        }        $aResults = $this->searchUsers($sName);        if(PEAR::isError($aResults) || empty($aResults)){            return $aResults;        }        foreach($aResults as $aEntry){            if($aEntry['sAMAccountName'] == $sName){                $newDn = $aEntry['dn'];                break;            }        }        $res = $this->oLdap->reBind($newDn, $sPassword);        if(!PEAR::isError($res) && $res){            // If the connection is successful, update the users authentication details with the new dn.            $oUser->setAuthenticationDetails($newDn);            $oUser->update();        }        return $res;    }    function checkSignupPassword($sUsername, $sPassword) {        if(empty($sPassword) || empty($sUsername)) {            return false;        }        $aUsers = $this->findUser($sUsername);        if (empty($aUsers) || PEAR::isError($aUsers)) {            return false;        }        if (count($aUsers) !== 1) {            return false;        }        $dn = $aUsers[0]['dn'];        $config = array(            'host' => $this->sLdapServer,            'base' => $this->sBaseDN,            'tls' => $this->bTls,            'port'=> $this->iLdapPort        );        $this->oLdap =& Net_LDAP::connect($config);        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $res = $this->oLdap->reBind($dn, $sPassword);        if ($res === true) {            return $dn;        }        return $res;    }    function getGroups($dn) {        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $oEntry = $this->oLdap->getEntry($dn, array('memberOf'));        if (PEAR::isError($oEntry)) {            return $oEntry;        }        $aAttr = $oEntry->attributes();        return $aAttr['memberOf'];    }    /**     * Searched the directory for a specific user     *     * @param string the username to search for     * @param array the attributes to return from the search     * @return array containing the users found     */    function getUser($dn) {        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $oEntry = $this->oLdap->getEntry($dn, $this->aAttributes);        if (PEAR::isError($oEntry)) {            return $oEntry;        }        $aAttr = $oEntry->attributes();        $aAttr['dn'] = $oEntry->dn();        global $default;        foreach ($aAttr as $k => $v) {            $default->log->info(sprintf("LDAP: For DN %s, attribute %s value is %s", $dn, $k, print_r($v, true)));            if (is_array($v)) {                $v = array_shift($v);            }            $aRet[strtolower($k)] = $v;        }        return $aRet;    }    /**     * Searches the LDAP directory for users matching the supplied search string.     *     * @param string the username to search for     * @param array the attributes to return from the search     * @return array containing the users found     */    function searchUsers($sSearch) {        global $default;        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $aParams = array(            'scope' => 'sub',            'attributes' => array('cn', 'dn', 'samaccountname'),        );        $rootDn = $this->sBaseDN;        if (is_array($rootDn)) {            $rootDn = join(",", $rootDn);        }        $sObjectClasses = "|";        foreach ($this->aObjectClasses as $sObjectClass) {            $sObjectClasses .= sprintf('(objectClass=%s)', trim($sObjectClass));        }        $sSearchAttributes = "|";        foreach ($this->aSearchAttributes as $sSearchAttribute) {            $sSearchAttributes .= sprintf('(%s=*%s*)', trim($sSearchAttribute), $sSearch);        }        $sFilter = !empty($sSearch) ? sprintf('(&(%s)(%s))', $sObjectClasses, $sSearchAttributes) : null;        $default->log->debug("Search filter is: " . $sFilter);        $oResult = $this->oLdap->search($rootDn, $sFilter, $aParams);        if (PEAR::isError($oResult)) {            return $oResult;        }        $aRet = array();        foreach($oResult->entries() as $oEntry) {            $aAttr = $oEntry->attributes();            $aAttr['dn'] = $oEntry->dn();            $aRet[] = $aAttr;        }        return $aRet;    }    function findUser($sUsername) {        global $default;        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $aParams = array(            'scope' => 'sub',            'attributes' => array('cn', 'dn', 'samaccountname'),        );        $rootDn = $this->sBaseDN;        if (is_array($rootDn)) {            $rootDn = join(",", $rootDn);        }        $sObjectClasses = "|";        foreach ($this->aObjectClasses as $sObjectClass) {            $sObjectClasses .= sprintf('(objectClass=%s)', trim($sObjectClass));        }        $sSearchAttributes = "|";        foreach ($this->aSearchAttributes as $sSearchAttribute) {            $sSearchAttributes .= sprintf('(%s=%s)', trim($sSearchAttribute), $sUsername);        }        $sFilter = sprintf('(&(%s)(%s))', $sObjectClasses, $sSearchAttributes);        $default->log->debug("Search filter is: " . $sFilter);        $oResult = $this->oLdap->search($rootDn, $sFilter, $aParams);        if (PEAR::isError($oResult)) {            return $oResult;        }        $aRet = array();        foreach($oResult->entries() as $oEntry) {            $aAttr = $oEntry->attributes();            $aAttr['dn'] = $oEntry->dn();            $aRet[] = $aAttr;        }        return $aRet;    }    function searchGroups($sSearch) {        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $aParams = array(            'scope' => 'sub',            'attributes' => array('cn', 'dn', 'displayName'),        );        $rootDn = $oAuthenticator->sBaseDN;        if (is_array($rootDn)) {            $rootDn = join(",", $rootDn);        }        $sFilter = sprintf('(&(objectClass=group)(cn=*%s*))', $sSearch);        $oResults = $this->oLdap->search($rootDn, $sFilter, $aParams);        if(PEAR::isError($oResults)){            return $oResults;        }        $aRet = array();        foreach($oResults->entries() as $oEntry) {            $aAttr = $oEntry->attributes();            $aAttr['dn'] = $oEntry->dn();            $aRet[] = $aAttr;        }        return $aRet;    }    function getGroup($dn, $aAttributes = null) {        if (empty($aAttributes)) {            $aAttributes = array('cn');        }        if (PEAR::isError($this->oLdap)) {            return $this->oLdap;        }        $oEntry = $this->oLdap->getEntry($dn, $aAttributes);        if (PEAR::isError($oEntry)) {            return $oEntry;        }        $aAttr = $oEntry->attributes();        $aAttr['dn'] = $oEntry->dn();        return $aAttr;    }    function synchroniseGroup($oGroup) {        $oGroup =& KTUtil::getObject('Group', $oGroup);        $dn = $oGroup->getAuthenticationDetails();        $aAttr = $this->getGroup($dn, array('member'));        if (PEAR::isError($aAttr)) {            return $aAttr;        }        $aMembers = KTUtil::arrayGet($aAttr, 'member', array());        if (!is_array($aMembers)) {            $aMembers = array($aMembers);        }        $aUserIds = array();        foreach ($aMembers as $sMember) {            $iUserId = User::getByAuthenticationSourceAndDetails($this->oSource, $sMember, array('ids' => true));            if (PEAR::isError($iUserId)) {                continue;            }            $aUserIds[] = $iUserId;        }        $oGroup->setMembers($aUserIds);    }}?>
123

ldapbaseauthenticationprovider.inc.php.tmp - 源码说明

本页面展示了「PHP 知识管理系统(基于树结构的知识管理系统), 英文原版的PHP源码。」中的 ldapbaseauthenticationprovider.inc.php.tmp 源码文件,采用 TMP 编程语言编写,共 1,041 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与PHP相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?