Updated to the new Employee-style authentication
Fixes issue 4 git-svn-id: https://rosehill.googlecode.com/svn/trunk@71 100bd78a-fc82-11de-b5bc-ffd2847a4b57
This commit is contained in:
parent
c79d78a0b7
commit
aab9b5daf7
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
*/
|
*/
|
||||||
|
@ -11,12 +11,14 @@
|
||||||
<table>
|
<table>
|
||||||
<tr><td><label for="user-authenticationMethod">Authentication</label></td>
|
<tr><td><label for="user-authenticationMethod">Authentication</label></td>
|
||||||
<td><select name="user[authenticationMethod]" id="user-authenticationMethod">
|
<td><select name="user[authenticationMethod]" id="user-authenticationMethod">
|
||||||
<option <?php if(isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']=="LDAP") echo "selected=\"selected\""; ?>>
|
<?php
|
||||||
LDAP
|
foreach (User::getAuthenticationMethods() as $method) {
|
||||||
</option>
|
$selected = (isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']==$method)
|
||||||
<option <?php if(isset($_POST['user']['authenticationMethod']) && $_POST['user']['authenticationMethod']=="local") echo "selected=\"selected\""; ?>>
|
? 'selected="selected"'
|
||||||
local
|
: '';
|
||||||
</option>
|
echo "<option $selected>$method</option>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
</select>
|
</select>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
* @param User $this->user
|
* @param User $this->user
|
||||||
|
@ -13,12 +13,14 @@
|
||||||
<table>
|
<table>
|
||||||
<tr><td><label for="user-authenticationMethod">Authentication</label></td>
|
<tr><td><label for="user-authenticationMethod">Authentication</label></td>
|
||||||
<td><select name="user[authenticationMethod]" id="user-authenticationMethod">
|
<td><select name="user[authenticationMethod]" id="user-authenticationMethod">
|
||||||
<option <?php if ($this->user->getAuthenticationMethod()=='LDAP') echo "selected=\"selected\""; ?>>
|
<?php
|
||||||
LDAP
|
foreach (User::getAuthenticationMethods() as $method) {
|
||||||
</option>
|
$selected = $this->user->getAuthenticationMethod()==$method
|
||||||
<option <?php if ($this->user->getAuthenticationMethod()=='local') echo "selected=\"selected\""; ?>>
|
? 'selected="selected"'
|
||||||
local
|
: '';
|
||||||
</option>
|
echo "<option $selected>$method</option>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
</select>
|
</select>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
*/
|
*/
|
||||||
|
@ -16,6 +16,20 @@ class User extends SystemUser
|
||||||
private $roles = array();
|
private $roles = array();
|
||||||
private $newPassword; // the User's new password, unencrypted
|
private $newPassword; // the User's new password, unencrypted
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Should provide the list of methods supported
|
||||||
|
*
|
||||||
|
* There should always be at least one method, called "local"
|
||||||
|
* Additional methods must match classes that implement External Identities
|
||||||
|
* See: ExternalIdentity.php
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public static function getAuthenticationMethods()
|
||||||
|
{
|
||||||
|
return array('local','Employee');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param int|string $id
|
* @param int|string $id
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
* will include this copyright statement
|
* will include this copyright statement
|
||||||
*/
|
*/
|
||||||
define('COPYRIGHT',"/**
|
define('COPYRIGHT',"/**
|
||||||
* @copyright 2007-2009 City of Bloomington, Indiana
|
* @copyright 2007-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
*/");
|
*/");
|
||||||
|
@ -86,17 +86,25 @@ define('DB_USER',APPLICATION_NAME);
|
||||||
define('DB_PASS','password');
|
define('DB_PASS','password');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* LDAP Configuration
|
* Directory Configuration
|
||||||
* This is required in order to use the LDAP authentication
|
*
|
||||||
* If you do not want to use LDAP authentication, you can comment this out
|
* This is required in order to use the LDAP or ADS authentication
|
||||||
|
* If you do not want to use external authentication, you can comment this out
|
||||||
*/
|
*/
|
||||||
define('LDAP_DOMAIN','ldap.domain.somewhere');
|
// Example for ADS style authentication
|
||||||
define('LDAP_DN','ou=people,o='.LDAP_DOMAIN);
|
define('DIRECTORY_SERVER','ldaps://example.org:636');
|
||||||
define('LDAP_USERNAME_ATTRIBUTE','uid');
|
define('DIRECTORY_BASE_DN','OU=Department,DC=example,DC=org');
|
||||||
define('LDAP_ADMIN_USER','username');
|
define('DIRECTORY_USERNAME_ATTRIBUTE', 'CN');
|
||||||
define('LDAP_ADMIN_PASS','password');
|
define('DIRECTORY_USER_BINDING','{username}@bloomington.in.gov');
|
||||||
define('LDAP_SERVER','ldap.somewhere.com');
|
define('DIRECTORY_ADMIN_BINDING', 'admin@bloomington.in.gov');
|
||||||
define('LDAP_PASSWORD_ATTRIBUTE','userpassword');
|
define('DIRECTORY_ADMIN_PASS','password');
|
||||||
|
// Example for LDAP style authentication
|
||||||
|
//define('DIRECTORY_SERVER','ldaps://example.org:636');
|
||||||
|
//define('DIRECTORY_BASE_DN','ou=people,o=ldap.domain.somewhere');
|
||||||
|
//define('DIRECTORY_USERNAME_ATTRIBUTE', 'uid');
|
||||||
|
//define('DIRECTORY_USER_BINDING','uid={username},'.DIRECTORY_BASE_DN);
|
||||||
|
//define('DIRECTORY_ADMIN_BINDING', 'uid=admin,'.DIRECTORY_BASE_DN);
|
||||||
|
//define('DIRECTORY_ADMIN_PASS','password');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Import global functions that we use for many applications we write
|
* Import global functions that we use for many applications we write
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
/**
|
/**
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
* @param GET person_id
|
* @param GET person_id
|
||||||
|
@ -32,18 +32,19 @@ if (isset($_POST['user'])) {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// Load their information from LDAP
|
// Load their information from LDAP
|
||||||
// Delete this statement if you're not using LDAP
|
if ($user->getAuthenticationMethod() != 'local') {
|
||||||
if ($user->getAuthenticationMethod() == 'LDAP') {
|
|
||||||
try {
|
try {
|
||||||
$ldap = new LDAPEntry($user->getUsername());
|
$externalIdentity = $user->getAuthenticationMethod();
|
||||||
|
$identity = new $externalIdentity($user->getUsername());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$person = new Person($ldap->getEmail());
|
$person = new Person($identity->getEmail());
|
||||||
}
|
}
|
||||||
catch (Exception $e) {
|
catch (Exception $e) {
|
||||||
$person = new Person();
|
$person = new Person();
|
||||||
$person->setFirstname($ldap->getFirstname());
|
$person->setFirstname($identity->getFirstname());
|
||||||
$person->setLastname($ldap->getLastname());
|
$person->setLastname($identity->getLastname());
|
||||||
$person->setEmail($ldap->getEmail());
|
$person->setEmail($identity->getEmail());
|
||||||
$person->save();
|
$person->save();
|
||||||
}
|
}
|
||||||
$user->setPerson($person);
|
$user->setPerson($person);
|
||||||
|
|
|
@ -0,0 +1,112 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* A class for working with entries in LDAP.
|
||||||
|
*
|
||||||
|
* This class is written specifically for the City of Bloomington's
|
||||||
|
* LDAP layout. If you are going to be doing LDAP authentication
|
||||||
|
* with your own LDAP server, you will probably need to customize
|
||||||
|
* the fields used in this class.
|
||||||
|
*
|
||||||
|
* @copyright 2011 City of Bloomington, Indiana
|
||||||
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
|
*/
|
||||||
|
class Employee implements ExternalIdentity
|
||||||
|
{
|
||||||
|
private static $connection;
|
||||||
|
private $entry;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $username
|
||||||
|
* @param string $password
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
public static function authenticate($username,$password)
|
||||||
|
{
|
||||||
|
$bindUser = sprintf(str_replace('{username}','%s',DIRECTORY_USER_BINDING),$username);
|
||||||
|
|
||||||
|
$connection = ldap_connect(DIRECTORY_SERVER) or die("Couldn't connect to ADS");
|
||||||
|
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||||
|
if (ldap_bind($connection,$bindUser,$password)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Loads an entry from the LDAP server for the given user
|
||||||
|
*
|
||||||
|
* @param string $username
|
||||||
|
*/
|
||||||
|
public function __construct($username)
|
||||||
|
{
|
||||||
|
$this->openConnection();
|
||||||
|
|
||||||
|
$result = ldap_search(
|
||||||
|
self::$connection,
|
||||||
|
DIRECTORY_BASE_DN,
|
||||||
|
DIRECTORY_USERNAME_ATTRIBUTE."=$username"
|
||||||
|
);
|
||||||
|
if (ldap_count_entries(self::$connection,$result)) {
|
||||||
|
$entries = ldap_get_entries(self::$connection, $result);
|
||||||
|
$this->entry = $entries[0];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getUsername()
|
||||||
|
{
|
||||||
|
return $this->entry['uid'];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getFirstname()
|
||||||
|
{
|
||||||
|
return $this->entry['givenname'][0];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getLastname()
|
||||||
|
{
|
||||||
|
return $this->entry['sn'][0];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getEmail()
|
||||||
|
{
|
||||||
|
return $this->entry['mail'][0];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates the connection to the LDAP server
|
||||||
|
*/
|
||||||
|
private function openConnection()
|
||||||
|
{
|
||||||
|
if (!self::$connection) {
|
||||||
|
if (self::$connection = ldap_connect(DIRECTORY_SERVER)) {
|
||||||
|
ldap_set_option(self::$connection,LDAP_OPT_PROTOCOL_VERSION,3);
|
||||||
|
if (defined(DIRECTORY_ADMIN_BINDING) && DIRECTORY_ADMIN_BINDING) {
|
||||||
|
if (!ldap_bind(self::$connection,DIRECTORY_ADMIN_BINDING,DIRECTORY_ADMIN_PASS)) {
|
||||||
|
throw new Exception(ldap_error(self::$connection));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if (!ldap_bind(self::$connection)) {
|
||||||
|
throw new Exception(ldap_error(self::$connection));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
throw new Exception(ldap_error(self::$connection));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,12 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* @copyright 2008 City of Bloomington, Indiana
|
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
|
||||||
*/
|
|
||||||
|
|
||||||
interface ExternalAuthentication
|
|
||||||
{
|
|
||||||
public static function authenticate($username,$password);
|
|
||||||
public static function savePassword($username,$password);
|
|
||||||
}
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* @copyright 20011 City of Bloomington, Indiana
|
||||||
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
|
*/
|
||||||
|
|
||||||
|
interface ExternalIdentity
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Should load user data from storage
|
||||||
|
*/
|
||||||
|
public function __construct($username);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return whether the username, password combo is valid
|
||||||
|
*
|
||||||
|
* @param string $username
|
||||||
|
* @param string $password The unencrypted password
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function authenticate($username,$password);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getFirstname();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getLastname();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getEmail();
|
||||||
|
|
||||||
|
}
|
|
@ -1,87 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* @copyright 2008 City of Bloomington, Indiana
|
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
|
||||||
*/
|
|
||||||
class LDAP implements ExternalAuthentication
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* @param string $username
|
|
||||||
* @param string $password
|
|
||||||
* @throws Exception
|
|
||||||
*/
|
|
||||||
public static function authenticate($username,$password)
|
|
||||||
{
|
|
||||||
$connection = ldap_connect(LDAP_SERVER) or die("Couldn't connect to LDAP");
|
|
||||||
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
||||||
ldap_bind($connection);
|
|
||||||
|
|
||||||
$result = ldap_search($connection,LDAP_DN,LDAP_USERNAME_ATTRIBUTE."=$username");
|
|
||||||
if (ldap_count_entries($connection,$result)) {
|
|
||||||
$entries = ldap_get_entries($connection, $result);
|
|
||||||
|
|
||||||
if (preg_match("/^\{crypt\}(.+)/i",$entries[0][LDAP_PASSWORD_ATTRIBUTE][0],$matches)) {
|
|
||||||
$ldapPassword = $matches[1];
|
|
||||||
$salt = substr($ldapPassword,0,2);
|
|
||||||
|
|
||||||
$encryptedPassword = crypt($password,$salt);
|
|
||||||
if ($encryptedPassword === $ldapPassword) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Exception('wrongPassword');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Exception("passwordIsCorrupted");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Exception("unknownUser");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Saves a user's password to the LDAP server
|
|
||||||
*
|
|
||||||
* @param string $username
|
|
||||||
* @param string $password
|
|
||||||
*/
|
|
||||||
public static function savePassword($username,$password)
|
|
||||||
{
|
|
||||||
$connection = ldap_connect(LDAP_SERVER);
|
|
||||||
ldap_set_option($connection,LDAP_OPT_PROTOCOL_VERSION,3);
|
|
||||||
ldap_bind($connection,
|
|
||||||
LDAP_USERNAME_ATTRIBUTE."=".LDAP_ADMIN_USER.",o=".LDAP_DOMAIN,
|
|
||||||
LDAP_ADMIN_PASS) or die(ldap_error($connection));
|
|
||||||
|
|
||||||
$result = ldap_search($connection,LDAP_DN,LDAP_USERNAME_ATTRIBUTE."=$username");
|
|
||||||
$entries = ldap_get_entries($connection, $result);
|
|
||||||
|
|
||||||
$dn = LDAP_USERNAME_ATTRIBUTE."=$username,ou=people,o=".LDAP_DOMAIN;
|
|
||||||
if ($this->getPassword()) {
|
|
||||||
$salt = substr(md5(time()),0,2);
|
|
||||||
$encryptedPassword = "{CRYPT}".crypt($password,$salt);
|
|
||||||
|
|
||||||
$password = array(LDAP_PASSWORD_ATTRIBUTE=>$encryptedPassword);
|
|
||||||
|
|
||||||
if (isset($entries[0][LDAP_PASSWORD_ATTRIBUTE])) {
|
|
||||||
// Modify
|
|
||||||
ldap_mod_replace($connection,$dn,$password)
|
|
||||||
or die(print_r($password).ldap_error($connection));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// Add
|
|
||||||
ldap_mod_add($connection,$dn,$password)
|
|
||||||
or die(print_r($password).ldap_error($connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// Delete
|
|
||||||
$password = array();
|
|
||||||
ldap_mod_del($connection,$dn,$password)
|
|
||||||
or die(print_r($password).ldap_error($connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,526 +0,0 @@
|
||||||
<?php
|
|
||||||
/**
|
|
||||||
* A class for working with entries in LDAP.
|
|
||||||
*
|
|
||||||
* This class is written specifically for the City of Bloomington's
|
|
||||||
* LDAP layout. If you are going to be doing LDAP authentication
|
|
||||||
* with your own LDAP server, you will probably need to customize
|
|
||||||
* the fields used in this class.
|
|
||||||
*
|
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
|
||||||
*/
|
|
||||||
class LDAPEntry
|
|
||||||
{
|
|
||||||
private static $connection;
|
|
||||||
|
|
||||||
private $ou;
|
|
||||||
|
|
||||||
private $uid;
|
|
||||||
private $userPassword;
|
|
||||||
|
|
||||||
private $givenName;
|
|
||||||
private $sn;
|
|
||||||
private $cn;
|
|
||||||
private $displayName;
|
|
||||||
|
|
||||||
private $businessCategory;
|
|
||||||
private $departmentNumber;
|
|
||||||
private $physicalDeliveryOfficeName;
|
|
||||||
private $title;
|
|
||||||
|
|
||||||
private $mail;
|
|
||||||
private $telephoneNumber;
|
|
||||||
private $preferredTelephoneNumber;
|
|
||||||
private $webTelephoneNumber;
|
|
||||||
private $facsimileTelephoneNumber;
|
|
||||||
private $homePhone;
|
|
||||||
private $mobile;
|
|
||||||
private $dialupAccess;
|
|
||||||
|
|
||||||
private $jpegPhoto;
|
|
||||||
|
|
||||||
private $sambaLMPassword;
|
|
||||||
private $sambaNTPassword;
|
|
||||||
private $sambaSID;
|
|
||||||
|
|
||||||
private $objectClasses = array();
|
|
||||||
|
|
||||||
// Used to keep track of changes we make to this entry. This is because LDAP
|
|
||||||
// requires us to send seperate modify, add, and delete commands.
|
|
||||||
private $modifiedAttributes = array();
|
|
||||||
private $addedAttributes = array();
|
|
||||||
private $deletedAttributes = array();
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Loads an entry from the LDAP server for the given user
|
|
||||||
* @param string $username
|
|
||||||
*/
|
|
||||||
public function __construct($username=null)
|
|
||||||
{
|
|
||||||
$this->openConnection();
|
|
||||||
|
|
||||||
if ($username) {
|
|
||||||
$result = ldap_search(LDAPEntry::$connection,LDAP_DN,
|
|
||||||
LDAP_USERNAME_ATTRIBUTE."=$username");
|
|
||||||
if (ldap_count_entries(LDAPEntry::$connection,$result)) {
|
|
||||||
$entries = ldap_get_entries(LDAPEntry::$connection, $result);
|
|
||||||
$this->uid = $username;
|
|
||||||
if (isset($entries[0]['ou'])) {
|
|
||||||
$this->ou = $entries[0]['ou'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['givenname'])) {
|
|
||||||
$this->givenName = $entries[0]['givenname'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['sn'])) {
|
|
||||||
$this->sn = $entries[0]['sn'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['cn'])) {
|
|
||||||
$this->cn = $entries[0]['cn'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['displayname'])) {
|
|
||||||
$this->displayName = $entries[0]['displayname'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['businesscategory'])) {
|
|
||||||
$this->businessCategory = $entries[0]['businesscategory'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['departmentnumber'])) {
|
|
||||||
$this->departmentNumber = $entries[0]['departmentnumber'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['physicaldeliveryofficename'])) {
|
|
||||||
$this->physicalDeliveryOfficeName = $entries[0]['physicaldeliveryofficename'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['title'])) {
|
|
||||||
$this->title = $entries[0]['title'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['mail'])) {
|
|
||||||
$this->mail = $entries[0]['mail'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['telephonenumber'])) {
|
|
||||||
$this->telephoneNumber = $entries[0]['telephonenumber'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['preferredtelephonenumber'])) {
|
|
||||||
$this->preferredTelephoneNumber = $entries[0]['preferredtelephonenumber'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['webtelephonenumber'])) {
|
|
||||||
$this->webTelephoneNumber = $entries[0]['webtelephonenumber'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['facsimiletelephonenumber'])) {
|
|
||||||
$this->facsimileTelephoneNumber = $entries[0]['facsimiletelephonenumber'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['homephone'])) {
|
|
||||||
$this->homePhone = $entries[0]['homephone'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['mobile'])) {
|
|
||||||
$this->mobile = $entries[0]['mobile'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['dialupaccess'])) {
|
|
||||||
$this->dialupAccess = $entries[0]['dialupaccess'][0];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['objectclass'])) {
|
|
||||||
$this->objectClasses = $entries[0]['objectclass'];
|
|
||||||
}
|
|
||||||
if (isset($entries[0]['jpegphoto'])) {
|
|
||||||
$photo = ldap_get_values_len(LDAPEntry::$connection,
|
|
||||||
ldap_first_entry(LDAPEntry::$connection,$result),
|
|
||||||
'jpegphoto');
|
|
||||||
$this->jpegPhoto = $photo[0];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Exception("ldap/unknownUser");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates the connection to the LDAP server
|
|
||||||
*/
|
|
||||||
private function openConnection()
|
|
||||||
{
|
|
||||||
if (!LDAPEntry::$connection) {
|
|
||||||
if (LDAPEntry::$connection = ldap_connect(LDAP_SERVER)) {
|
|
||||||
ldap_set_option(LDAPEntry::$connection,LDAP_OPT_PROTOCOL_VERSION,3);
|
|
||||||
if (LDAP_ADMIN_USER) {
|
|
||||||
if (!ldap_bind(LDAPEntry::$connection,
|
|
||||||
LDAP_USERNAME_ATTRIBUTE."=".LDAP_ADMIN_USER.",o=".LDAP_DOMAIN,
|
|
||||||
LDAP_ADMIN_PASS)) {
|
|
||||||
throw new Exception(ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if (!ldap_bind(LDAPEntry::$connection)) {
|
|
||||||
throw new Exception(ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
throw new Exception(ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Saves any changed information back to the LDAP server
|
|
||||||
*/
|
|
||||||
public function save()
|
|
||||||
{
|
|
||||||
$dn = "uid={$this->uid},ou=people,o=".LDAP_DOMAIN;
|
|
||||||
if (count($this->modifiedAttributes)) {
|
|
||||||
ldap_mod_replace(LDAPEntry::$connection,$dn,$this->modifiedAttributes)
|
|
||||||
or die(print_r($this->modifiedAttributes).ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
if (count($this->addedAttributes)) {
|
|
||||||
ldap_mod_add(LDAPEntry::$connection,$dn,$this->addedAttributes)
|
|
||||||
or die(print_r($this->addedAttributes).ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
if (count($this->deletedAttributes)) {
|
|
||||||
ldap_mod_del(LDAPEntry::$connection,$dn,$this->deletedAttributes)
|
|
||||||
or die(print_r($this->deletedAttributes).ldap_error(LDAPEntry::$connection));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Escapes any problematic characters
|
|
||||||
* @param string $str
|
|
||||||
*/
|
|
||||||
private function sanitize($str)
|
|
||||||
{
|
|
||||||
$tmp = trim($str);
|
|
||||||
$tmp = str_replace('\\', '\\\\', $tmp);
|
|
||||||
$tmp = str_replace('(', '\(', $tmp);
|
|
||||||
$tmp = str_replace(')', '\)', $tmp);
|
|
||||||
$tmp = str_replace('*', '\*', $tmp);
|
|
||||||
return $tmp;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Keeps track of what properties have been changed
|
|
||||||
*
|
|
||||||
* All setters should call this function. Otherwise, we won't
|
|
||||||
* know what's been changed in order to do the appropriate calls in LDAP
|
|
||||||
* @param string $property
|
|
||||||
* @param string $value
|
|
||||||
*/
|
|
||||||
private function changeProperty($property,$value)
|
|
||||||
{
|
|
||||||
if ($value) {
|
|
||||||
if ($value != $this->{$property}) {
|
|
||||||
if ($this->{$property}) {
|
|
||||||
$this->modifiedAttributes[$property] = $value;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$this->addedAttributes[$property] = $value;
|
|
||||||
}
|
|
||||||
$this->{$property} = $value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
if ($this->{$property}) {
|
|
||||||
$this->{$property} = '';
|
|
||||||
$this->deletedAttributes[$property] = array();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getOU()
|
|
||||||
{
|
|
||||||
return $this->ou;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getUID()
|
|
||||||
{
|
|
||||||
return $this->uid;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getUsername()
|
|
||||||
{
|
|
||||||
return $this->uid;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getFirstname()
|
|
||||||
{
|
|
||||||
return $this->givenName;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getLastname()
|
|
||||||
{
|
|
||||||
return $this->sn;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getCommonName()
|
|
||||||
{
|
|
||||||
return $this->cn;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getDisplayName()
|
|
||||||
{
|
|
||||||
return $this->displayName;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getBusinessCategory()
|
|
||||||
{
|
|
||||||
return $this->businessCategory;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getDepartment()
|
|
||||||
{
|
|
||||||
return $this->departmentNumber;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getOffice()
|
|
||||||
{
|
|
||||||
return $this->physicalDeliveryOfficeName;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getTitle()
|
|
||||||
{
|
|
||||||
return $this->title;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getEmail()
|
|
||||||
{
|
|
||||||
return $this->mail;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getPhone()
|
|
||||||
{
|
|
||||||
return $this->telephoneNumber;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getPreferredPhone()
|
|
||||||
{
|
|
||||||
return $this->preferredTelephoneNumber;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getWebPhone()
|
|
||||||
{
|
|
||||||
return $this->webTelephoneNumber;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getFax()
|
|
||||||
{
|
|
||||||
return $this->facsimileTelephoneNumber;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getHomePhone()
|
|
||||||
{
|
|
||||||
return $this->homePhone;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getCellPhone()
|
|
||||||
{
|
|
||||||
return $this->mobile;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getDialup()
|
|
||||||
{
|
|
||||||
return $this->dialupAccess;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getSambaLMPassword()
|
|
||||||
{
|
|
||||||
return $this->sambaLMPassword;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getSambaNTPassword()
|
|
||||||
{
|
|
||||||
return $this->sambaNTPassword;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getSambaSID()
|
|
||||||
{
|
|
||||||
return $this->sambaSID;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
public function getObjectClasses()
|
|
||||||
{
|
|
||||||
return $this->objectClasses;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @return raw
|
|
||||||
*/
|
|
||||||
public function getPhoto()
|
|
||||||
{
|
|
||||||
return $this->jpegPhoto;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setUsername($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("uid",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setFirstname($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("givenName",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setLastname($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("sn",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setCommonName($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("cn",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setDisplayName($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("displayName",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setBusinessCategory($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("businessCategory",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setDepartment($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("departmentNumber",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setOffice($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("physicalDeliveryOfficeName",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setTitle($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("title",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setEmail($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("mail",$this->sanitize($string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setPhone($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty("telephoneNumber",preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setPreferredPhone($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('preferredTelephoneNumber',
|
|
||||||
preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setWebPhone($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('webTelephoneNumber',
|
|
||||||
preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setFax($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('facsimileTelephoneNumber',
|
|
||||||
preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setHomePhone($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('homePhone',preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setCellPhone($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('mobile',preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $string
|
|
||||||
*/
|
|
||||||
public function setDialup($string)
|
|
||||||
{
|
|
||||||
$this->changeProperty('dialupAccess',preg_replace('/[^0-9ext\-\s]/','',$string));
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* @param string $filePath
|
|
||||||
*/
|
|
||||||
public function setPhoto($filePath)
|
|
||||||
{
|
|
||||||
$this->changeProperty("jpegPhoto",file_get_contents($filePath));
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -6,7 +6,7 @@
|
||||||
* a city employee will have the same username and password on all applications.
|
* a city employee will have the same username and password on all applications.
|
||||||
* Applications should use these public functions for their own users.
|
* Applications should use these public functions for their own users.
|
||||||
*
|
*
|
||||||
* @copyright 2006-2009 City of Bloomington, Indiana
|
* @copyright 2006-2012 City of Bloomington, Indiana
|
||||||
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
||||||
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
||||||
*/
|
*/
|
||||||
|
@ -57,7 +57,7 @@ abstract class SystemUser
|
||||||
|
|
||||||
default:
|
default:
|
||||||
$type = $this->getAuthenticationMethod();
|
$type = $this->getAuthenticationMethod();
|
||||||
return call_user_func(array($type,'authenticate'),$this->getUsername(),$password);
|
return $type::authenticate($this->getUsername(),$password);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,8 +74,10 @@ abstract class SystemUser
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines which authentication method is being used, and sends the password to the
|
* Used to save passwords to the database
|
||||||
* appropriate method
|
*
|
||||||
|
* Only local passwords should be saved. External Identities should have
|
||||||
|
* their own methods for users to change passwords
|
||||||
*/
|
*/
|
||||||
public function savePassword()
|
public function savePassword()
|
||||||
{
|
{
|
||||||
|
@ -83,10 +85,6 @@ abstract class SystemUser
|
||||||
case "local":
|
case "local":
|
||||||
$this->saveLocalPassword();
|
$this->saveLocalPassword();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
|
||||||
$type = $this->getAuthenticationMethod();
|
|
||||||
call_user_func(array($type,'savePassword'),$this->getUsername(),$password);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
update users set authenticationMethod='Employee' where authenticationMethod='LDAP';
|
Loading…
Reference in New Issue