|
16 |
* A LDAP configuration object. |
16 |
* A LDAP configuration object. |
17 |
*/ |
17 |
*/ |
18 |
private $ldapConfig; |
18 |
private $ldapConfig; |
|
|
19 |
private $ldap; |
20 |
private $config; |
19 |
|
21 |
|
20 |
|
22 |
|
21 |
/** |
23 |
/** |
|
33 |
|
35 |
|
34 |
$this->ldapConfig = new sspmod_ldap_ConfigHelper($config, |
36 |
$this->ldapConfig = new sspmod_ldap_ConfigHelper($config, |
35 |
'Authentication source ' . var_export($this->authId, TRUE)); |
37 |
'Authentication source ' . var_export($this->authId, TRUE)); |
|
|
38 |
$this->ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enableTLS'], $config['debug'], $config['timeout']); |
39 |
$this->ldap->bind($config['search.username'], $config['search.password']); |
40 |
$this->config = $config; |
36 |
} |
41 |
} |
37 |
|
42 |
|
38 |
|
43 |
|
39 |
/** |
44 |
/** |
40 |
* Attempt to log in using the given username and password. |
45 |
* Check if login might be possible. |
41 |
* |
46 |
* |
42 |
* @param string $username The username the user wrote. |
47 |
* @param string $username The username the user wrote. |
43 |
* @param string $password The password the user wrote. |
|
|
44 |
* param array $sasl_arg Associative array of SASL options |
45 |
* @return array Associative array with the users attributes. |
46 |
*/ |
48 |
*/ |
47 |
protected function login($username, $password, array $sasl_args = NULL) { |
49 |
private function is_login_possible($username) { |
48 |
assert('is_string($username)'); |
50 |
assert('is_string($username)'); |
49 |
assert('is_string($password)'); |
51 |
|
50 |
|
52 |
$user_dn = $this->ldap->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE); |
51 |
$attributes = $this->ldapConfig->login($username, $password, $sasl_args); |
53 |
$attributes = $this->ldap->getAttributes($user_dn); |
52 |
SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true)); |
54 |
SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true)); |
53 |
|
55 |
|
54 |
$the_time = time(); |
56 |
$the_time = time(); |
|
123 |
} |
125 |
} |
124 |
// ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway |
126 |
// ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway |
125 |
|
127 |
|
|
|
128 |
return TRUE; |
129 |
} |
130 |
|
131 |
|
132 |
/** |
133 |
* Attempt to log in using the given username and password. |
134 |
* |
135 |
* @param string $username The username the user wrote. |
136 |
* @param string $password The password the user wrote. |
137 |
* param array $sasl_arg Associative array of SASL options |
138 |
* @return array Associative array with the users attributes. |
139 |
*/ |
140 |
protected function login($username, $password, array $sasl_args = NULL) { |
141 |
assert('is_string($username)'); |
142 |
assert('is_string($password)'); |
143 |
|
144 |
$this->is_login_possible($username); |
145 |
|
146 |
$attributes = $this->ldapConfig->login($username, $password, $sasl_args); |
147 |
|
126 |
return $attributes; |
148 |
return $attributes; |
127 |
} |
149 |
} |
128 |
|
150 |
|