| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare API - Auth from LDAP * 4 * This file written by Lars Kneschke <lkneschke@linux-at-work.de> * 5 * and Joseph Engo <jengo@phpgroupware.org> * 6 * Authentication based on LDAP Server * 7 * Copyright (C) 2000, 2001 Joseph Engo * 8 * Copyright (C) 2002, 2003 Lars Kneschke * 9 * ------------------------------------------------------------------------ * 10 * This library is part of the eGroupWare API * 11 * http://www.egroupware.org/api * 12 * ------------------------------------------------------------------------ * 13 * This library is free software; you can redistribute it and/or modify it * 14 * under the terms of the GNU Lesser General Public License as published by * 15 * the Free Software Foundation; either version 2.1 of the License, * 16 * or any later version. * 17 * This library is distributed in the hope that it will be useful, but * 18 * WITHOUT ANY WARRANTY; without even the implied warranty of * 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * 20 * See the GNU Lesser General Public License for more details. * 21 * You should have received a copy of the GNU Lesser General Public License * 22 * along with this library; if not, write to the Free Software Foundation, * 23 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * 24 \**************************************************************************/ 25 26 /* $Id: class.auth_ldap.inc.php 20295 2006-02-15 12:31:25Z $ */ 27 28 class auth_ 29 { 30 var $previous_login = -1; 31 32 /** 33 * authentication against LDAP 34 * 35 * @param string $username username of account to authenticate 36 * @param string $passwd corresponding password 37 * @return boolean true if successful authenticated, false otherwise 38 */ 39 function authenticate($username, $passwd) 40 { 41 if (ereg('[()|&=*,<>!~]',$username)) 42 { 43 return False; 44 } 45 46 if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host'])) 47 { 48 $GLOBALS['egw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped'); 49 $GLOBALS['egw']->log->commit(); 50 return False; 51 } 52 53 if($GLOBALS['egw_info']['server']['ldap_version3']) 54 { 55 ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); 56 } 57 58 /* Login with the LDAP Admin. User to find the User DN. */ 59 if(!@ldap_bind($ldap, $GLOBALS['egw_info']['server']['ldap_root_dn'], $GLOBALS['egw_info']['server']['ldap_root_pw'])) 60 { 61 return False; 62 } 63 /* find the dn for this uid, the uid is not always in the dn */ 64 $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber'); 65 66 $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; 67 $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); 68 69 if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') 70 { 71 $filter = "(&$filter(phpgwaccountstatus=A))"; 72 } 73 74 $sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes); 75 $allValues = ldap_get_entries($ldap, $sri); 76 77 if ($allValues['count'] > 0) 78 { 79 if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true) 80 { 81 if($allValues[0]['uid'][0] != $username) 82 { 83 return false; 84 } 85 } 86 /* we only care about the first dn */ 87 $userDN = $allValues[0]['dn']; 88 /* 89 generate a bogus password to pass if the user doesn't give us one 90 this gets around systems that are anonymous search enabled 91 */ 92 if (empty($passwd)) 93 { 94 $passwd = crypt(microtime()); 95 } 96 /* try to bind as the user with user suplied password */ 97 if (@ldap_bind($ldap, $userDN, $passwd)) 98 { 99 if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') 100 { 101 $account =& CreateObject('phpgwapi.accounts',$username,'u'); 102 if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct']) 103 { 104 // create a global array with all availible info about that account 105 $GLOBALS['auto_create_acct'] = array(); 106 foreach(array( 107 'givenname' => 'firstname', 108 'sn' => 'lastname', 109 'uidnumber' => 'id', 110 'mail' => 'email', 111 'gidnumber' => 'primary_group', 112 ) as $ldap_name => $acct_name) 113 { 114 $GLOBALS['auto_create_acct'][$acct_name] = 115 $GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); 116 } 117 return True; 118 } 119 $data = $account->read_repository(); 120 return $data['status'] == 'A'; 121 } 122 return True; 123 } 124 } 125 /* dn not found or password wrong */ 126 return False; 127 } 128 129 /** 130 * changes password in LDAP 131 * 132 * @param string $old_passwd must be cleartext or empty to not to be checked 133 * @param string $new_passwd must be cleartext 134 * @param int $account_id account id of user whose passwd should be changed 135 * @return boolean true if password successful changed, false otherwise 136 */ 137 function change_password($old_passwd, $new_passwd, $account_id=0) 138 { 139 if (!$account_id) 140 { 141 $username = $GLOBALS['egw_info']['user']['account_lid']; 142 } 143 else 144 { 145 $username = $GLOBALS['egw']->accounts->id2name($account_id); 146 } 147 //echo "<p>auth_ldap::change_password('$old_password','$new_passwd',$account_id) username='$username'</p>\n"; 148 149 $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; 150 $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); 151 152 $ds = $GLOBALS['egw']->common->ldapConnect(); 153 $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); 154 $allValues = ldap_get_entries($ds, $sri); 155 156 $entry['userpassword'] = $this->encrypt_password($new_passwd); 157 $dn = $allValues[0]['dn']; 158 159 if (!@ldap_modify($ds, $dn, $entry)) 160 { 161 return false; 162 } 163 if($old_passwd) // if old password given (not called by admin) update the password in the session 164 { 165 $GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd); 166 } 167 return $entry['userpassword']; 168 } 169 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |