179f39653SAndreas Gohr<?php 21078ec26SAndreas Gohr 31078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\ADClient; 41078ec26SAndreas Gohruse dokuwiki\plugin\pureldap\classes\Client; 51078ec26SAndreas Gohr 679f39653SAndreas Gohr/** 779f39653SAndreas Gohr * DokuWiki Plugin pureldap (Auth Component) 879f39653SAndreas Gohr * 979f39653SAndreas Gohr * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html 1079f39653SAndreas Gohr * @author Andreas Gohr <andi@splitbrain.org> 1179f39653SAndreas Gohr */ 1279f39653SAndreas Gohrclass auth_plugin_pureldap extends DokuWiki_Auth_Plugin 1379f39653SAndreas Gohr{ 141078ec26SAndreas Gohr /** @var Client */ 15*0f498d06SAndreas Gohr public $client; 1679f39653SAndreas Gohr 1779f39653SAndreas Gohr /** 1879f39653SAndreas Gohr * Constructor. 1979f39653SAndreas Gohr */ 2079f39653SAndreas Gohr public function __construct() 2179f39653SAndreas Gohr { 221078ec26SAndreas Gohr global $conf; 2379f39653SAndreas Gohr parent::__construct(); // for compatibility 2479f39653SAndreas Gohr 251078ec26SAndreas Gohr // prepare the base client 261078ec26SAndreas Gohr $this->loadConfig(); 271078ec26SAndreas Gohr $this->conf['admin_password'] = conf_decodeString($this->conf['admin_password']); 281078ec26SAndreas Gohr $this->conf['defaultgroup'] = $conf['defaultgroup']; 291078ec26SAndreas Gohr 301078ec26SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 3122654fdeSAndreas Gohr 3222654fdeSAndreas Gohr // set capabilities 3322654fdeSAndreas Gohr $this->cando['getUsers'] = true; 3422654fdeSAndreas Gohr $this->cando['getGroups'] = true; 3522654fdeSAndreas Gohr $this->cando['logout'] = !$this->client->getConf('sso'); 3608ace392SAndreas Gohr if($this->client->getConf('encryption') !== 'none') { 3708ace392SAndreas Gohr // with encryption passwords can be changed 3808ace392SAndreas Gohr // for resetting passwords a privileged user is needed 3908ace392SAndreas Gohr $this->cando['modPass'] = true; 4008ace392SAndreas Gohr } 4108ace392SAndreas Gohr 4222654fdeSAndreas Gohr 4379f39653SAndreas Gohr $this->success = true; 4479f39653SAndreas Gohr } 4579f39653SAndreas Gohr 461078ec26SAndreas Gohr /** @inheritDoc */ 4779f39653SAndreas Gohr public function checkPass($user, $pass) 4879f39653SAndreas Gohr { 49bf69b89cSAndreas Gohr global $INPUT; 50bf69b89cSAndreas Gohr 51bf69b89cSAndreas Gohr // when SSO is enabled, the login is autotriggered and we simply trust the environment 52bf69b89cSAndreas Gohr if ( 5322654fdeSAndreas Gohr $this->client->getConf('sso') && 54bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') !== '' && 55bf69b89cSAndreas Gohr $INPUT->server->str('REMOTE_USER') == $user 56bf69b89cSAndreas Gohr ) { 57bf69b89cSAndreas Gohr return true; 58bf69b89cSAndreas Gohr } 59bf69b89cSAndreas Gohr 6008ace392SAndreas Gohr // try to bind with the user credentials, client will stay authenticated as user 6108ace392SAndreas Gohr $this->client = new ADClient($this->conf); // FIXME decide class on config 6208ace392SAndreas Gohr return $this->client->authenticate($user, $pass); 6379f39653SAndreas Gohr } 6479f39653SAndreas Gohr 651078ec26SAndreas Gohr /** @inheritDoc */ 6679f39653SAndreas Gohr public function getUserData($user, $requireGroups = true) 6779f39653SAndreas Gohr { 685a3b9122SAndreas Gohr $info = $this->client->getCachedUser($user, $requireGroups); 691078ec26SAndreas Gohr return $info ?: false; 7079f39653SAndreas Gohr } 7179f39653SAndreas Gohr 7249b4734aSAndreas Gohr /** 7349b4734aSAndreas Gohr * @inheritDoc 7449b4734aSAndreas Gohr */ 75b21740b4SAndreas Gohr public function retrieveUsers($start = 0, $limit = 0, $filter = null) 76b21740b4SAndreas Gohr { 7785916a2dSAndreas Gohr return array_slice( 7885916a2dSAndreas Gohr $this->client->getFilteredUsers( 7985916a2dSAndreas Gohr $filter, 8049b4734aSAndreas Gohr Client::FILTER_CONTAINS 8185916a2dSAndreas Gohr ), 8285916a2dSAndreas Gohr $start, 8385916a2dSAndreas Gohr $limit); 84b21740b4SAndreas Gohr } 8579f39653SAndreas Gohr 86b21740b4SAndreas Gohr /** @inheritDoc */ 87b21740b4SAndreas Gohr public function retrieveGroups($start = 0, $limit = 0) 88b21740b4SAndreas Gohr { 89b21740b4SAndreas Gohr return array_slice($this->client->getCachedGroups(), $start, $limit); 90b21740b4SAndreas Gohr } 9179f39653SAndreas Gohr 926d90d5c8SAndreas Gohr /** @inheritDoc */ 9379f39653SAndreas Gohr public function isCaseSensitive() 9479f39653SAndreas Gohr { 956d90d5c8SAndreas Gohr return false; 9679f39653SAndreas Gohr } 9779f39653SAndreas Gohr 985da7f46bSAndreas Gohr /** @inheritDoc */ 9979f39653SAndreas Gohr public function cleanUser($user) 10079f39653SAndreas Gohr { 101a1128cc0SAndreas Gohr return $this->client->cleanUser($user); 10279f39653SAndreas Gohr } 10379f39653SAndreas Gohr 1045da7f46bSAndreas Gohr /** @inheritDoc */ 10579f39653SAndreas Gohr public function cleanGroup($group) 10679f39653SAndreas Gohr { 10779f39653SAndreas Gohr return $group; 10879f39653SAndreas Gohr } 10979f39653SAndreas Gohr 1106d90d5c8SAndreas Gohr /** @inheritDoc */ 1111078ec26SAndreas Gohr public function useSessionCache($user) 1121078ec26SAndreas Gohr { 1136d90d5c8SAndreas Gohr return true; 1141078ec26SAndreas Gohr } 11508ace392SAndreas Gohr 11608ace392SAndreas Gohr /** 11708ace392SAndreas Gohr * Support password changing 11808ace392SAndreas Gohr * @inheritDoc 11908ace392SAndreas Gohr */ 12008ace392SAndreas Gohr public function modifyUser($user, $changes) 12108ace392SAndreas Gohr { 12208ace392SAndreas Gohr if (empty($changes['pass'])) { 12308ace392SAndreas Gohr $this->client->error('Only password changes are supported', __FILE__, __LINE__); 12408ace392SAndreas Gohr return false; 12508ace392SAndreas Gohr } 12608ace392SAndreas Gohr 12708ace392SAndreas Gohr global $INPUT; 12808ace392SAndreas Gohr return $this->client->setPassword($user, $changes['pass'], $INPUT->str('oldpass', null, true)); 12908ace392SAndreas Gohr } 13008ace392SAndreas Gohr 131b21740b4SAndreas Gohr} 132