Subversion Repositories php_utils

Compare Revisions

Regard whitespace Rev 10 → Rev 11

/trunk/VtsLDAPUtils.class.php
0,0 → 1,115
<?php
 
/*
* VtsLDAPUtils - Simple LDAP helper functions
* Copyright 2021 Daniel Marschall, ViaThinkSoft
* Revision: 2021-06-11
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
 
class VtsLDAPUtils {
 
protected $conn = null;
 
private static function _L($str, ...$sprintfArgs) {
if (function_exists('_L')) {
return _L($str, $sprintfArgs);
} else {
return my_vsprintf($str, $sprintfArgs);
}
}
 
public static function getString($ldap_userinfo, $attributeName) {
$ary = self::getArray($ldap_userinfo, $attributeName);
return implode("\n", $ary);
}
 
public static function getArray($ldap_userinfo, $attributeName) {
$ary = array();
if (isset($ldap_userinfo[$attributeName])) {
$cnt = $ldap_userinfo[$attributeName]['count'];
for ($i=0; $i<$cnt; $i++) {
$ary[] = $ldap_userinfo[$attributeName][$i];
}
}
return $ary;
}
 
public function isMemberOfRec($userDN, $groupDN) {
 
if (isset($userDN['dn'])) $userDN = $userDN['dn'];
if (isset($groupDN['dn'])) $groupDN = $groupDN['dn'];
 
if (!$this->conn) throw new Exception('LDAP not connected');
$res = ldap_read($this->conn, $groupDN, "(objectClass=*)");
if (!$res) return false;
$entries = ldap_get_entries($this->conn, $res);
if (!isset($entries[0])) return false;
if (!isset($entries[0]['member'])) return false;
if (!isset($entries[0]['member']['count'])) return false;
$cntMember = $entries[0]['member']['count'];
for ($iMember=0; $iMember<$cntMember; $iMember++) {
$groupOrUser = $entries[0]['member'][$iMember];
if (strtolower($groupOrUser) == strtolower($userDN)) return true;
if ($this->isMemberOfRec($userDN, $groupOrUser)) return true;
}
return false;
}
 
public function __destruct() {
$this->disconnect();
}
 
public function disconnect() {
if ($this->conn) {
//ldap_unbind($this->conn); // commented out because ldap_unbind() kills the link descriptor
ldap_close($this->conn);
$this->conn = null;
}
}
 
public function connect($cfg_ldap_server, $cfg_ldap_port) {
$this->disconnect();
 
// Connect to the server
if (!empty($cfg_ldap_port)) {
if (!($ldapconn = @ldap_connect($cfg_ldap_server, $cfg_ldap_port))) throw new Exception(self::_L('Cannot connect to LDAP server'));
} else {
if (!($ldapconn = @ldap_connect($cfg_ldap_server))) throw new Exception(self::_L('Cannot connect to LDAP server'));
}
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
 
$this->conn = $ldapconn;
}
 
public function login($username, $password) {
return @ldap_bind($this->conn, $username, $password);
}
 
public function getUserInfo($userPrincipalName, $cfg_ldap_base_dn) {
$cfg_ldap_user_filter = "(&(objectClass=user)(objectCategory=person)(userPrincipalName=".ldap_escape($userPrincipalName, '', LDAP_ESCAPE_FILTER)."))";
 
if (!($result = @ldap_search($this->conn,$cfg_ldap_base_dn, $cfg_ldap_user_filter))) throw new Exception(self::_L('Error in search query: %1', ldap_error($this->conn)));
$data = ldap_get_entries($this->conn, $result);
$ldap_userinfo = array();
 
if ($data['count'] == 0) return false;
$ldap_userinfo = $data[0];
 
// empty($ldap_userinfo) can happen if the user did not log-in using their correct userPrincipalName (e.g. "username@domainname" instead of "username@domainname.local")
return empty($ldap_userinfo) ? false : $ldap_userinfo;
}
 
}