Sources for file plugins/auth/activedirectory.php in version 2.0 Release Candidate 1



Click on a comment to hide it. Click here to show all comments.

/*
 * Project:     Onyx: PHP Application Backend
 * File:        plugins/auth/activedirectory.php
 *              Authentication plugin - Authenticate against Active Directory Server
 *
 * Version:     2.0rc1
 * CVS tag:     $Id: activedirectory.php,v 1.9 2002/11/29 07:22:12 bok Exp $
 * Author:      Robert Amos <bok[at]ausmac.net>
 *              Andrew Wellington <proton[at]wiretapped.net>
 * Copyright:   2001,2002 odynia.org.
*/

class auth_activedirectory_plugin {

    function login ($username$password$params)
    {
        // Active Directory Authentication

        // make config stuff
        if (empty($params['server']) || empty($params['domain']) || empty($params['basedn'])) {
            trigger_error('Call to Active Directory auth module failed, insufficient parameters to make
connection. Server, domain and base DN are required.'ERROR);
            return false;
        }
        extract($params);
        $email $username."@".$domain;

        // open the connection
        $fp ldap_connect($server);

        // if no connection, return false
        if (!$fp) {
            return false;
        }

        // bind the user
        $bind = @ldap_bind($fp$email$password);

        // invalid username/password
        if (!$bind) {
            return false;
        }

        // setup search vars
        $search "userPrincipalName=*".$username."*";

        $groups $this->activeDirectorySearch($fp$basedn$search);

        // no groups, error
        if (!$groups) {
            return false;
        }

        return $groups;
    }

    // Search the active directory and pull the group names
    function activeDirectorySearch($fp$basedn$search) {

        // Perform Search
        $sr ldap_search($fp$basedn$search);

        // no matches, bad bad bad
        if (!ldap_count_entries($fp$sr)) {
            return false;
        }

        // get the info
        $info ldap_get_entries($fp$sr);

        // make it a bit cleaner
        $info $info[0];

        // if its a Person category, set that as their full name
        if (preg_match("/CN=Person/i"$info["objectcategory"][0])) {
            $loginname $info["name"][0];
        }

        // loop through and pull out all the groups.
        if (is_array($info["memberof"])) {
            foreach ($info["memberof"] as $key => $var) {
                if (preg_match("/CN=([^,]*?),/i"$var$m)) {
                    $groups[] = $m[1];
                    $moregroups $this->activeDirectorySearch($fp$basedn"name=*".$m[1]."*");
                    if (is_array($moregroups)) {
                        foreach ($moregroups as $v) {
                            $groups[] = $v;
                        }
                    }
                }
            }
        }

        // nice stuff.
        if (isset($loginname)) $groups['loginname'] = $loginname;

        return $groups;

    }

}

/* vim: set expandtab: */

?>


Website is Copyright © Odynia.org 2000-2005 - Xnyo is released under a BSD license.