|
|
|---|
| 16 |
* A LDAP configuration object. |
16 |
* A LDAP configuration object. |
| 17 |
*/ |
17 |
*/ |
| 18 |
private $ldapConfig; |
18 |
private $ldapConfig; |
|
|
19 |
private $ldap; |
| 20 |
private $config; |
| 19 |
|
21 |
|
| 20 |
|
22 |
|
| 21 |
/** |
23 |
/** |
|
|
|---|
| 33 |
|
35 |
|
| 34 |
$this->ldapConfig = new sspmod_ldap_ConfigHelper($config, |
36 |
$this->ldapConfig = new sspmod_ldap_ConfigHelper($config, |
| 35 |
'Authentication source ' . var_export($this->authId, TRUE)); |
37 |
'Authentication source ' . var_export($this->authId, TRUE)); |
|
|
38 |
$this->ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enableTLS'], $config['debug'], $config['timeout']); |
| 39 |
$this->ldap->bind($config['search.username'], $config['search.password']); |
| 40 |
$this->config = $config; |
| 36 |
} |
41 |
} |
| 37 |
|
42 |
|
| 38 |
|
43 |
|
| 39 |
/** |
44 |
/** |
| 40 |
* Attempt to log in using the given username and password. |
45 |
* Check if login might be possible. |
| 41 |
* |
46 |
* |
| 42 |
* @param string $username The username the user wrote. |
47 |
* @param string $username The username the user wrote. |
| 43 |
* @param string $password The password the user wrote. |
|
|
| 44 |
* param array $sasl_arg Associative array of SASL options |
| 45 |
* @return array Associative array with the users attributes. |
| 46 |
*/ |
48 |
*/ |
| 47 |
protected function login($username, $password, array $sasl_args = NULL) { |
49 |
private function is_login_possible($username) { |
| 48 |
assert('is_string($username)'); |
50 |
assert('is_string($username)'); |
| 49 |
assert('is_string($password)'); |
51 |
|
| 50 |
|
52 |
$user_dn = $this->ldap->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE); |
| 51 |
$attributes = $this->ldapConfig->login($username, $password, $sasl_args); |
53 |
$attributes = $this->ldap->getAttributes($user_dn); |
| 52 |
SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true)); |
54 |
SimpleSAML_Logger::debug('got LDAP attributes:' . var_export($attributes, true)); |
| 53 |
|
55 |
|
| 54 |
$the_time = time(); |
56 |
$the_time = time(); |
|
|
|---|
| 123 |
} |
125 |
} |
| 124 |
// ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway |
126 |
// ldap: locking ldap is done by modifying password > but then ldap bind has failed anyway |
| 125 |
|
127 |
|
|
|
128 |
return TRUE; |
| 129 |
} |
| 130 |
|
| 131 |
|
| 132 |
/** |
| 133 |
* Attempt to log in using the given username and password. |
| 134 |
* |
| 135 |
* @param string $username The username the user wrote. |
| 136 |
* @param string $password The password the user wrote. |
| 137 |
* param array $sasl_arg Associative array of SASL options |
| 138 |
* @return array Associative array with the users attributes. |
| 139 |
*/ |
| 140 |
protected function login($username, $password, array $sasl_args = NULL) { |
| 141 |
assert('is_string($username)'); |
| 142 |
assert('is_string($password)'); |
| 143 |
|
| 144 |
$this->is_login_possible($username); |
| 145 |
|
| 146 |
$attributes = $this->ldapConfig->login($username, $password, $sasl_args); |
| 147 |
|
| 126 |
return $attributes; |
148 |
return $attributes; |
| 127 |
} |
149 |
} |
| 128 |
|
150 |
|