[Sommaire] [Imprimer]

   1  <?php
   2  // $Id: auth_ads.php 933 2007-08-04 17:05:27Z pemen $

   3  // auth_ads.php - Authentification class for Active Directory

   4  //  ------------------------------------------------------------------------ //

   5  //                XOOPS - PHP Content Management System                      //

   6  //                    Copyright (c) 2000 XOOPS.org                           //

   7  //                       <http://www.xoops.org/>                             //

   8  //  ------------------------------------------------------------------------ //

   9  //  This program is free software; you can redistribute it and/or modify     //

  10  //  it under the terms of the GNU General Public License as published by     //

  11  //  the Free Software Foundation; either version 2 of the License, or        //

  12  //  (at your option) any later version.                                      //

  13  //                                                                           //

  14  //  You may not change or alter any portion of this comment or credits       //

  15  //  of supporting developers from this source code or any supporting         //

  16  //  source code which is considered copyrighted (c) material of the          //

  17  //  original comment or credit authors.                                      //

  18  //                                                                           //

  19  //  This program is distributed in the hope that it will be useful,          //

  20  //  but WITHOUT ANY WARRANTY; without even the implied warranty of           //

  21  //  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //

  22  //  GNU General Public License for more details.                             //

  23  //                                                                           //

  24  //  You should have received a copy of the GNU General Public License        //

  25  //  along with this program; if not, write to the Free Software              //

  26  //  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //

  27  //  ------------------------------------------------------------------------ //

  28  /**

  29   * @package     kernel

  30   * @subpackage  auth

  31   * @description    Authentification class for Active Directory

  32   * @author        Pierre-Eric MENUET    <pemphp@free.fr>

  33   * @copyright    copyright (c) 2000-2003 XOOPS.org

  34   */
  35  include_once XOOPS_ROOT_PATH . '/class/auth/auth_ldap.php';
  36   
  37  class XoopsAuthAds extends XoopsAuthLdap {
  38         /**

  39       * Authentication Service constructor

  40       */
  41      function XoopsAuthAds (&$dao) {
  42          parent::XoopsAuthLdap($dao);
  43      }
  44  
  45      /**

  46       *  Authenticate  user again LDAP directory (Bind)

  47       *  2 options : 

  48       *         Authenticate directly with uname in the DN

  49       *         Authenticate with manager, search the dn

  50       *

  51       * @param string $uname Username

  52       * @param string $pwd Password

  53       *

  54       * @return bool

  55       */    
  56      function authenticate($uname, $pwd = null) {
  57          $authenticated = false;
  58          if (!extension_loaded('ldap')) {
  59              $this->setErrors(0, _AUTH_LDAP_EXTENSION_NOT_LOAD);
  60              return $authenticated;
  61          }
  62          $this->_ds = ldap_connect($this->ldap_server, $this->ldap_port);
  63          if ($this->_ds) {
  64              ldap_set_option($this->_ds, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_version);
  65              ldap_set_option($this->_ds, LDAP_OPT_REFERRALS, 0);
  66              if ($this->ldap_use_TLS) { // We use TLS secure connection
  67                     if (!ldap_start_tls($this->_ds))
  68                      $this->setErrors(0, _AUTH_LDAP_START_TLS_FAILED);
  69              }            
  70              // If the uid is not in the DN we proceed to a search

  71              // The uid is not always in the dn

  72              $userUPN = $this->getUPN($uname);
  73              if (!$userUPN) return false;
  74              // We bind as user to test the credentials         

  75              $authenticated = ldap_bind($this->_ds, $userUPN, $this->cp1252_to_utf8(stripslashes($pwd)));
  76              if ($authenticated) {
  77                  // We load the Xoops User database

  78                  $dn = $this->getUserDN($uname);
  79                  if ($dn)
  80                      return $this->loadXoopsUser($dn, $uname, $pwd);
  81                  else return false;                
  82              } else $this->setErrors(ldap_errno($this->_ds), ldap_err2str(ldap_errno($this->_ds)) . '(' . $userUPN . ')');
  83          }
  84          else {
  85              $this->setErrors(0, _AUTH_LDAP_SERVER_NOT_FOUND);              
  86          }
  87          @ldap_close($this->_ds);
  88          return $authenticated;
  89      }
  90      
  91      
  92      /**

  93       *  Return the UPN = userPrincipalName (Active Directory)

  94       *  userPrincipalName = guyt@CP.com    Often abbreviated to UPN, and 

  95       *  looks like an email address.  Very useful for logging on especially in 

  96       *  a large Forest.   Note UPN must be unique in the forest.

  97       * 

  98       *  @return userDN or false

  99       */        
 100      function getUPN($uname) {
 101          $userDN = false;
 102          $userDN = $uname."@".$this->ldap_domain_name;
 103          return $userDN;
 104      }
 105        
 106  } // end class

 107  
 108  
 109  ?>