ldap.php
来自「Bug tracker, and reporter.」· PHP 代码 · 共 708 行 · 第 1/2 页
PHP
708 行
if ($dname === null) return true; $accountDomainName = $this->_options['accountDomainName']; $accountDomainNameShort = $this->_options['accountDomainNameShort']; if ($accountDomainName === null && $accountDomainNameShort === null) return true; if (strcasecmp($dname, $accountDomainName) == 0) return true; if (strcasecmp($dname, $accountDomainNameShort) == 0) return true; return false; } /** * @param string $acctname The name to canonicalize * @param int $type The desired form of canonicalization * @return string The canonicalized name in the desired form * @throws Zend_Ldap_Exception */ public function getCanonicalAccountName($acctname, $form = 0) { $this->_splitName($acctname, $dname, $uname); if (!$this->_isPossibleAuthority($dname)) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, "Binding domain is not an authority for user: $acctname", Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH); } if ($form === Zend_Ldap::ACCTNAME_FORM_DN) return $this->_getAccountDn($acctname); if (!$uname) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, "Invalid account name syntax: $acctname"); } $uname = strtolower($uname); if ($form === 0) $form = $this->_getAccountCanonicalForm(); switch ($form) { case Zend_Ldap::ACCTNAME_FORM_USERNAME: return $uname; case Zend_Ldap::ACCTNAME_FORM_BACKSLASH: $accountDomainNameShort = $this->_options['accountDomainNameShort']; if (!$accountDomainNameShort) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Option required: accountDomainNameShort'); } return "$accountDomainNameShort\\$uname"; case Zend_Ldap::ACCTNAME_FORM_PRINCIPAL: $accountDomainName = $this->_options['accountDomainName']; if (!$accountDomainName) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Option required: accountDomainName'); } return "$uname@$accountDomainName"; default: /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, "Unknown canonical name form: $form"); } } /** * @param array $attrs An array of names of desired attributes * @return array An array of the attributes representing the account * @throws Zend_Ldap_Exception */ private function _getAccount($acctname, array $attrs = null) { $baseDn = $this->_getBaseDn(); if (!$baseDn) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Base DN not set'); } $accountFilter = $this->_getAccountFilter($acctname); if (!$accountFilter) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Invalid account filter'); } if (!is_resource($this->_resource)) $this->bind(); $resource = $this->_resource; $str = $accountFilter; $code = 0; /** * @todo break out search operation into simple function (private for now) */ if (!extension_loaded('ldap')) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'LDAP extension not loaded'); } $result = @ldap_search($resource, $baseDn, $accountFilter, $attrs); if (is_resource($result) === true) { $count = @ldap_count_entries($resource, $result); if ($count == 1) { $entry = @ldap_first_entry($resource, $result); if ($entry) { $acct = array('dn' => @ldap_get_dn($resource, $entry)); $name = @ldap_first_attribute($resource, $entry, $berptr); while ($name) { $data = @ldap_get_values_len($resource, $entry, $name); $acct[$name] = $data; $name = @ldap_next_attribute($resource, $entry, $berptr); } @ldap_free_result($result); return $acct; } } else if ($count == 0) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; $code = Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT; } else { /** * @todo limit search to 1 record and remove some of this logic? */ $resource = null; $str = "$accountFilter: Unexpected result count: $count"; /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; $code = Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR; } @ldap_free_result($result); } /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception($resource, $str, $code); } /** * @return Zend_Ldap Provides a fluent interface */ public function disconnect() { if (is_resource($this->_resource)) { if (!extension_loaded('ldap')) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'LDAP extension not loaded'); } @ldap_unbind($this->_resource); } $this->_resource = null; return $this; } /** * @param string $host The hostname of the LDAP server to connect to * @param int $port The port number of the LDAP server to connect to * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function connect($host = null, $port = 0, $useSsl = false) { if ($host === null) $host = $this->_getHost(); if ($port === 0) $port = $this->_getPort(); if ($useSsl === false) $useSsl = $this->_getUseSsl(); if (!$host) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'A host parameter is required'); } /* To connect using SSL it seems the client tries to verify the server * certificate by default. One way to disable this behavior is to set * 'TLS_REQCERT never' in OpenLDAP's ldap.conf and restarting Apache. Or, * if you really care about the server's cert you can put a cert on the * web server. */ $url = $useSsl ? "ldaps://$host" : "ldap://$host"; if ($port) { $url .= ":$port"; } /* Because ldap_connect doesn't really try to connect, any connect error * will actually occur during the ldap_bind call. Therefore, we save the * connect string here for reporting it in error handling in bind(). */ $this->_connectString = $url; $this->disconnect(); if (!extension_loaded('ldap')) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'LDAP extension not loaded'); } $resource = @ldap_connect($url); if (is_resource($resource) === true) { if (@ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3) && @ldap_set_option($resource, LDAP_OPT_REFERRALS, 0)) { $this->_resource = $resource; return $this; } /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception($resource, "$host:$port"); } /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception("Failed to connect to LDAP server: $host:$port"); } /** * @param string $username The username for authenticating the bind * @param string $password The password for authenticating the bind * @return Zend_Ldap Provides a fluent interface * @throws Zend_Ldap_Exception */ public function bind($username = null, $password = null) { $moreCreds = true; if ($username === null) { $username = $this->_getUsername(); $password = $this->_getPassword(); $moreCreds = false; } if (!$username) { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Cannot determine username for binding'); } /* Check to make sure the username is in DN form. */ if (!Zend_Ldap::explodeDn($username)) { if ($this->_options['bindRequiresDn']) { /* moreCreds stops an infinite loop if _getUsername does not * return a DN and the bind requires it */ if ($moreCreds) { try { $username = $this->_getAccountDn($username); } catch (Zend_Ldap_Exception $zle) { /** * @todo Temporary measure to deal with exception thrown for ldap extension not loaded */ if (strpos($zle->getMessage(), 'LDAP extension not loaded') !== false) { throw $zle; } // end temporary measure switch ($zle->getCode()) { case Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT: case Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH: throw $zle; } throw new Zend_Ldap_Exception(null, 'Failed to retrieve DN for account: ' . $zle->getMessage(), Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR); } } else { /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; throw new Zend_Ldap_Exception(null, 'Binding requires username in DN form'); } } else { $username = $this->getCanonicalAccountName($username, Zend_Ldap::ACCTNAME_FORM_PRINCIPAL); } } if (!is_resource($this->_resource)) $this->connect(); if (@ldap_bind($this->_resource, $username, $password)) return $this; $message = $username; /** * @see Zend_Ldap_Exception */ require_once 'Zend/Ldap/Exception.php'; switch (Zend_Ldap_Exception::getLdapCode($this)) { case Zend_Ldap_Exception::LDAP_SERVER_DOWN: /* If the error is related to establishing a connection rather than binding, * the connect string is more informative than the username. */ $message = $this->_connectString; } $zle = new Zend_Ldap_Exception($this->_resource, $message); $this->disconnect(); throw $zle; }}⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?