Lines Matching +full:check +full:- +full:pass -(+path:inc +path:lang) -(+path:lib +path:plugins +path:lang) -(+path:lib +path:tpl +path:dokuwiki +path:lang)
13 * @author Jan Schumann <js@schumann-it.com>
38 $this->debug("LDAP err: PHP LDAP extension not found.", -1, __LINE__, __FILE__);
39 $this->success = false;
44 $this->cando['modPass'] = $this->getConf('modPass');
48 * Check user+password
55 * @param string $pass
59 public function checkPass($user, $pass)
62 if (empty($pass)) return false;
63 if (!$this->openLDAP()) return false;
66 if ($this->getConf('binddn') && $this->getConf('bindpw')) {
68 if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
69 $this->debug('LDAP bind as superuser: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
72 $this->bound = 2;
74 $this->getConf('binddn') &&
75 $this->getConf('usertree') &&
76 $this->getConf('userfilter')
79 $dn = $this->makeFilter(
80 $this->getConf('binddn'),
81 ['user' => $user, 'server' => $this->getConf('server')]
83 } elseif (strpos($this->getConf('usertree'), '%{user}')) {
85 $dn = $this->makeFilter(
86 $this->getConf('usertree'),
87 ['user' => $user, 'server' => $this->getConf('server')]
89 } elseif (!@ldap_bind($this->con)) {
91 msg("LDAP: can not bind anonymously", -1);
92 $this->debug('LDAP anonymous bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
99 if (!@ldap_bind($this->con, $dn, $pass)) {
100 $this->debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__);
101 $this->debug('LDAP user dn bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
104 $this->bound = 1;
108 $info = $this->fetchUserData($user, true);
116 if (!@ldap_bind($this->con, $dn, $pass)) {
117 $this->debug("LDAP: bind with $dn failed", -1, __LINE__, __FILE__);
118 $this->debug('LDAP user bind: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
121 $this->bound = 1;
141 * inbind bool for internal use - avoid loop in binding
144 * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin
156 return $this->fetchUserData($user);
167 if (!$this->openLDAP()) return [];
170 if ($this->getConf('binddn') && $this->getConf('bindpw') && $this->bound < 2) {
172 if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
173 $this->debug('LDAP bind as superuser: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
176 $this->bound = 2;
177 } elseif ($this->bound == 0 && !$inbind) {
184 $this->checkPass($loginuser, $loginpass);
190 $this->debug('LDAP user to find: ' . hsc($info['user']), 0, __LINE__, __FILE__);
192 $info['server'] = $this->getConf('server');
193 $this->debug('LDAP Server: ' . hsc($info['server']), 0, __LINE__, __FILE__);
196 $base = $this->makeFilter($this->getConf('usertree'), $info);
197 if ($this->getConf('userfilter')) {
198 $filter = $this->makeFilter($this->getConf('userfilter'), $info);
203 $this->debug('LDAP Filter: ' . hsc($filter), 0, __LINE__, __FILE__);
205 $this->debug('LDAP search at: ' . hsc($base . ' ' . $filter), 0, __LINE__, __FILE__);
206 $sr = $this->ldapSearch($this->con, $base, $filter, $this->getConf('userscope'), $this->getConf('attributes'));
207 $this->debug('LDAP user search: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
209 $this->debug('User ldap_search failed. Check configuration.', 0, __LINE__, __FILE__);
213 $result = @ldap_get_entries($this->con, $sr);
218 $this->debug('LDAP search returned non-array result: ' . hsc(print($result)), -1, __LINE__, __FILE__);
224 $this->debug(
226 -1,
231 //$this->_debug('result: '.hsc(print_r($result[$i])), 0, __LINE__, __FILE__);
236 $this->debug('LDAP search found single result !', 0, __LINE__, __FILE__);
249 if (is_array($this->getConf('mapping'))) {
250 foreach ($this->getConf('mapping') as $localkey => $key) {
253 // $key = array($key=>$regexp), only handles the first key-value
273 if ($this->getConf('grouptree') || $this->getConf('groupfilter')) {
274 $base = $this->makeFilter($this->getConf('grouptree'), $user_result);
275 $filter = $this->makeFilter($this->getConf('groupfilter'), $user_result);
276 $sr = $this->ldapSearch(
277 $this->con,
280 $this->getConf('groupscope'),
281 [$this->getConf('groupkey')]
283 $this->debug('LDAP group search: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
284 $this->debug('LDAP search at: ' . hsc($base . ' ' . $filter), 0, __LINE__, __FILE__);
287 msg("LDAP: Reading group memberships failed", -1);
290 $result = ldap_get_entries($this->con, $sr);
294 if (!empty($grp[$this->getConf('groupkey')])) {
295 $group = $grp[$this->getConf('groupkey')];
299 $this->debug('groupkey did not return a detailled result', 0, __LINE__, __FILE__);
303 $this->debug('LDAP usergroup: ' . hsc($group), 0, __LINE__, __FILE__);
327 if (!$this->openLDAP()) {
328 $this->debug('LDAP cannot connect: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
333 $info = $this->getUserData($user, true);
335 $this->debug('LDAP cannot find your user dn', 0, __LINE__, __FILE__);
344 $pass = auth_decrypt($loginpass, $secret);
347 if (!@ldap_bind($this->con, $dn, $pass)) {
348 $this->debug(
349 'LDAP user bind failed: ' . hsc($dn) . ': ' . hsc(ldap_error($this->con)),
356 } elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
359 if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
360 $this->debug('LDAP bind as superuser: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
369 $hash = $phash->hash_ssha($changes['pass']);
372 if (!@ldap_mod_replace($this->con, $dn, ['userpassword' => $hash])) {
373 $this->debug(
374 'LDAP mod replace failed: ' . hsc($dn) . ': ' . hsc(ldap_error($this->con)),
386 * Most values in LDAP are case-insensitive
406 if (!$this->openLDAP()) return [];
408 if (is_null($this->users)) {
410 if ($this->getConf('userfilter')) {
411 $all_filter = str_replace('%{user}', '*', $this->getConf('userfilter'));
415 $sr = ldap_search($this->con, $this->getConf('usertree'), $all_filter);
416 $entries = ldap_get_entries($this->con, $sr);
418 $userkey = $this->getConf('userkey');
425 $this->users = array_fill_keys($result, false);
429 $this->constructPattern($filter);
432 foreach ($this->users as $user => &$info) {
437 $info = $this->getUserData($user);
439 if ($this->filter($user, $info)) {
469 $value = $this->filterEscape($value);
486 foreach ($this->pattern as $item => $pattern) {
508 $this->pattern = [];
510 $this->pattern[$item] = '/' . str_replace('/', '\/', $pattern) . '/i'; // allow regex characters
527 '/([\x00-\x1F\*\(\)\\\\])/',
541 if ($this->con) return true; // connection already established
543 if ($this->getConf('debug')) {
547 $this->bound = 0;
549 $port = $this->getConf('port');
551 $servers = explode(',', $this->getConf('server'));
554 $this->con = @ldap_connect($server, $port);
555 if (!$this->con) {
564 * So we should try to bind to server in order to check its availability.
568 if ($this->getConf('version')) {
571 $this->con,
573 $this->getConf('version')
576 msg('Setting LDAP Protocol version ' . $this->getConf('version') . ' failed', -1);
577 $this->debug('LDAP version set: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
580 if ($this->getConf('starttls')) {
581 if (!@ldap_start_tls($this->con)) {
582 msg('Starting TLS failed', -1);
583 $this->debug('LDAP TLS set: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
587 if ($this->getConf('referrals') > -1) {
590 $this->con,
592 $this->getConf('referrals')
595 msg('Setting LDAP referrals failed', -1);
596 $this->debug('LDAP referal set: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
603 if ($this->getConf('deref')) {
604 if (!@ldap_set_option($this->con, LDAP_OPT_DEREF, $this->getConf('deref'))) {
605 msg('Setting LDAP Deref mode ' . $this->getConf('deref') . ' failed', -1);
606 $this->debug('LDAP deref set: ' . hsc(ldap_error($this->con)), 0, __LINE__, __FILE__);
611 ldap_set_option($this->con, LDAP_OPT_NETWORK_TIMEOUT, 1);
614 if ($this->getConf('binddn') && $this->getConf('bindpw')) {
615 $bound = @ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')));
616 $this->bound = 2;
618 $bound = @ldap_bind($this->con);
626 msg("LDAP: couldn't connect to LDAP server", -1);
627 $this->debug(ldap_error($this->con), 0, __LINE__, __FILE__);
631 $this->cando['getUsers'] = true;
700 if (!$this->getConf('debug')) return;