123 lines
3.4 KiB
PHP
123 lines
3.4 KiB
PHP
<?php
|
|
/**
|
|
* A class for working with entries in LDAP.
|
|
*
|
|
* This class is written specifically for the City of Bloomington's
|
|
* LDAP layout. If you are going to be doing LDAP authentication
|
|
* with your own LDAP server, you will probably need to customize
|
|
* the fields used in this class.
|
|
*
|
|
* @copyright 2011-2013 City of Bloomington, Indiana
|
|
* @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE.txt
|
|
* @author Cliff Ingham <inghamn@bloomington.in.gov>
|
|
*/
|
|
namespace Blossom\Classes;
|
|
|
|
class Employee implements ExternalIdentity
|
|
{
|
|
private static $connection;
|
|
private $config;
|
|
private $entry;
|
|
|
|
/**
|
|
* @param array $config
|
|
* @param string $username
|
|
* @param string $password
|
|
* @throws Exception
|
|
*/
|
|
public static function authenticate($username,$password)
|
|
{
|
|
global $DIRECTORY_CONFIG;
|
|
$config = $DIRECTORY_CONFIG['Employee'];
|
|
|
|
$bindUser = sprintf(str_replace('{username}','%s',$config['DIRECTORY_USER_BINDING']),$username);
|
|
|
|
$connection = ldap_connect($config['DIRECTORY_SERVER']) or die("Couldn't connect to ADS");
|
|
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
if (ldap_bind($connection,$bindUser,$password)) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Loads an entry from the LDAP server for the given user
|
|
*
|
|
* @param array $config
|
|
* @param string $username
|
|
*/
|
|
public function __construct($username)
|
|
{
|
|
global $DIRECTORY_CONFIG;
|
|
|
|
$this->config = $DIRECTORY_CONFIG['Employee'];
|
|
$this->openConnection();
|
|
|
|
$result = ldap_search(
|
|
self::$connection,
|
|
$this->config['DIRECTORY_BASE_DN'],
|
|
$this->config['DIRECTORY_USERNAME_ATTRIBUTE']."=$username"
|
|
);
|
|
if (ldap_count_entries(self::$connection,$result)) {
|
|
$entries = ldap_get_entries(self::$connection, $result);
|
|
$this->entry = $entries[0];
|
|
}
|
|
else {
|
|
throw new \Exception('ldap/unknownUser');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Creates the connection to the LDAP server
|
|
*/
|
|
private function openConnection()
|
|
{
|
|
if (!self::$connection) {
|
|
if (self::$connection = ldap_connect($this->config['DIRECTORY_SERVER'])) {
|
|
ldap_set_option(self::$connection, LDAP_OPT_PROTOCOL_VERSION,3);
|
|
ldap_set_option(self::$connection, LDAP_OPT_REFERRALS, 0);
|
|
if (!empty($this->config['DIRECTORY_ADMIN_BINDING'])) {
|
|
if (!ldap_bind(
|
|
self::$connection,
|
|
$this->config['DIRECTORY_ADMIN_BINDING'],
|
|
$this->config['DIRECTORY_ADMIN_PASS']
|
|
)) {
|
|
throw new \Exception(ldap_error(self::$connection));
|
|
}
|
|
}
|
|
else {
|
|
if (!ldap_bind(self::$connection)) {
|
|
throw new \Exception(ldap_error(self::$connection));
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
throw new \Exception(ldap_error(self::$connection));
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getUsername() { return $this->get('cn'); }
|
|
public function getFirstname() { return $this->get('givenname'); }
|
|
public function getLastname() { return $this->get('sn'); }
|
|
public function getEmail() { return $this->get('mail'); }
|
|
public function getPhone() { return $this->get('telephonenumber'); }
|
|
public function getAddress() { return $this->get('postaladdress'); }
|
|
public function getCity() { return $this->get('l'); }
|
|
public function getState() { return $this->get('st'); }
|
|
public function getZip() { return $this->get('postalcode'); }
|
|
|
|
/**
|
|
* Returns the first scalar value from the entry's field
|
|
*
|
|
* @param string $field
|
|
* @return string
|
|
*/
|
|
private function get($field) {
|
|
return isset($this->entry[$field][0]) ? $this->entry[$field][0] : '';
|
|
}
|
|
}
|