public function bind($dn, $password, array $sasl_args = null)
{
$authz_id = null;
if ($sasl_args != null) {
if (!function_exists('ldap_sasl_bind')) {
$ex_msg = 'Library - missing SASL support';
throw $this->makeException($ex_msg);
}
// SASL Bind, with error handling
$authz_id = $sasl_args['authz_id'];
$error = @ldap_sasl_bind($this->ldap, $dn, $password, $sasl_args['mech'], $sasl_args['realm'], $sasl_args['authc_id'], $sasl_args['authz_id'], $sasl_args['props']);
} else {
// Simple Bind, with error handling
$authz_id = $dn;
$error = @ldap_bind($this->ldap, $dn, $password);
}
if ($error === true) {
// Good
$this->authz_id = $authz_id;
SimpleSAML\Logger::debug('Library - LDAP bind(): Bind successful with DN \'' . $dn . '\'');
return true;
}
/* Handle errors
* LDAP_INVALID_CREDENTIALS
* LDAP_INSUFFICIENT_ACCESS */
switch (ldap_errno($this->ldap)) {
case 32:
// LDAP_NO_SUCH_OBJECT
// no break
// LDAP_NO_SUCH_OBJECT
// no break
case 47:
// LDAP_X_PROXY_AUTHZ_FAILURE
// no break
// LDAP_X_PROXY_AUTHZ_FAILURE
// no break
case 48:
// LDAP_INAPPROPRIATE_AUTH
// no break
// LDAP_INAPPROPRIATE_AUTH
// no break
case 49:
// LDAP_INVALID_CREDENTIALS
// no break
// LDAP_INVALID_CREDENTIALS
// no break
case 50:
// LDAP_INSUFFICIENT_ACCESS
return false;
default:
break;
}
// Bad
throw $this->makeException('Library - LDAP bind(): Bind failed with DN \'' . $dn . '\'');
}