[Sommaire] [Imprimer]

   1  <?php
   2  # Mantis - a php based bugtracking system
   3  
   4  # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
   5  # Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
   6  
   7  # Mantis is free software: you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation, either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Mantis is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
  19  
  20      # --------------------------------------------------------
  21      # $Id: ldap_api.php,v 1.20.2.1 2007-10-13 22:35:33 giallu Exp $
  22      # --------------------------------------------------------
  23  
  24      ###########################################################################
  25      # LDAP API
  26      ###########################################################################
  27  
  28       # --------------------
  29      # Connect and bind to the LDAP directory
  30  	function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
  31          $t_ldap_server    = config_get( 'ldap_server' );
  32          $t_ldap_port    = config_get( 'ldap_port' );
  33  
  34          if (!extension_loaded('ldap')) {
  35              trigger_error(ERROR_LDAP_EXTENSION_NOT_LOADED,ERROR);
  36          }
  37          
  38          $t_ds = @ldap_connect ( $t_ldap_server, $t_ldap_port );
  39          if ( $t_ds > 0 ) {
  40              $t_protocol_version = config_get( 'ldap_protocol_version' );
  41  
  42              if ( $t_protocol_version > 0 ) {
  43                  ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
  44              }
  45  
  46              # If no Bind DN and Password is set, attempt to login as the configured
  47              #  Bind DN.
  48              if ( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
  49                  $p_binddn    = config_get( 'ldap_bind_dn', '' );
  50                  $p_password    = config_get( 'ldap_bind_passwd', '' );
  51              }
  52  
  53              if ( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
  54                  $t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
  55              } else {
  56                  # Either the Bind DN or the Password are empty, so attempt an anonymous bind.
  57                  $t_br = @ldap_bind( $t_ds );
  58              }
  59              if ( !$t_br ) {
  60                  trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
  61              }
  62          } else {
  63              trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
  64          }
  65  
  66          return $t_ds;
  67      }
  68  
  69       # --------------------
  70      # Return an email address from LDAP, given a userid
  71  	function ldap_email( $p_user_id ) {
  72          $t_username = user_get_field( $p_user_id, 'username' );
  73          return ldap_email_from_username($t_username);
  74      }
  75  
  76       # --------------------
  77      # Return an email address from LDAP, given a username
  78  	function ldap_email_from_username( $p_username ) {
  79          $t_ldap_organization    = config_get( 'ldap_organization' );
  80          $t_ldap_root_dn            = config_get( 'ldap_root_dn' );
  81  
  82          $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' ) ;
  83          $t_search_filter    = "(&$t_ldap_organization($t_ldap_uid_field=$p_username))";
  84          $t_search_attrs        = array( $t_ldap_uid_field, 'mail', 'dn' );
  85          $t_ds               = ldap_connect_bind();
  86  
  87          $t_sr    = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
  88          $t_info    = ldap_get_entries( $t_ds, $t_sr );
  89          ldap_free_result( $t_sr );
  90          ldap_unbind( $t_ds );
  91  
  92          return $t_info[0]['mail'][0];
  93      }
  94  
  95      # --------------------
  96      # Return true if the $uid has an assigngroup=$p_group tag, false otherwise
  97  	function ldap_has_group( $p_user_id, $p_group ) {
  98          $t_ldap_organization    = config_get( 'ldap_organization' );
  99          $t_ldap_root_dn            = config_get( 'ldap_root_dn' );
 100  
 101          $t_username          = user_get_field( $p_user_id, 'username' );
 102          $t_ldap_uid_field    = config_get( 'ldap_uid_field', 'uid' ) ;
 103          $t_search_filter     = "(&$t_ldap_organization($t_ldap_uid_field=$t_username)(assignedgroup=$p_group))";
 104          $t_search_attrs         = array( $t_ldap_uid_field, 'dn', 'assignedgroup' );
 105          $t_ds                = ldap_connect_bind();
 106  
 107          $t_sr         = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
 108          $t_entries    = ldap_count_entries( $t_ds, $t_sr );
 109          ldap_free_result( $t_sr );
 110          ldap_unbind( $t_ds );
 111  
 112          if ( $t_entries > 0 ) {
 113              return true;
 114          } else {
 115              return false;
 116          }
 117      }
 118  
 119      # --------------------
 120      # Attempt to authenticate the user against the LDAP directory
 121      #  return true on successful authentication, false otherwise
 122  	function ldap_authenticate( $p_user_id, $p_password ) {
 123          # if password is empty and ldap allows anonymous login, then
 124          # the user will be able to login, hence, we need to check
 125          # for this special case.
 126          if ( is_blank( $p_password ) ) {
 127              return false;
 128          }
 129  
 130          $t_ldap_organization    = config_get( 'ldap_organization' );
 131          $t_ldap_root_dn            = config_get( 'ldap_root_dn' );
 132  
 133          $t_username          = user_get_field( $p_user_id, 'username' );
 134          $t_ldap_uid_field    = config_get( 'ldap_uid_field', 'uid' ) ;
 135          $t_search_filter     = "(&$t_ldap_organization($t_ldap_uid_field=$t_username))";
 136          $t_search_attrs      = array( $t_ldap_uid_field, 'dn' );
 137          $t_ds                = ldap_connect_bind();
 138  
 139          # Search for the user id
 140          $t_sr    = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
 141          $t_info    = ldap_get_entries( $t_ds, $t_sr );
 142  
 143          $t_authenticated = false;
 144  
 145          if ( $t_info ) {
 146              # Try to authenticate to each until we get a match
 147              for ( $i = 0 ; $i < $t_info['count'] ; $i++ ) {
 148                  $t_dn = $t_info[$i]['dn'];
 149  
 150                  # Attempt to bind with the DN and password
 151                  if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
 152                      $t_authenticated = true;
 153                      break; # Don't need to go any further
 154                  }
 155              }
 156          }
 157  
 158          ldap_free_result( $t_sr );
 159          ldap_unbind( $t_ds );
 160  
 161          return $t_authenticated;
 162      }
 163  
 164      # --------------------
 165      # Create a new user account in the LDAP Directory.
 166  
 167      # --------------------
 168      # Update the user's account in the LDAP Directory
 169  
 170      # --------------------
 171      # Change the user's password in the LDAP Directory
 172  ?>