public function isValidUser()
{
$this->log('%s is called.', __FUNCTION__);
if (empty($this->username) || !isset($this->password)) {
return false;
}
$this->getConnection();
$ret = $this->bindRdn($this->username, $this->password);
//It is not enough only successfull bind.
//It should find the user with the specified credentials.
if ($ret === false) {
$this->log(sprintf("Could not bind LDAP. %s", $this->getLdapError()));
} else {
$attrs = array('dn', 'memberof');
if ($this->config->mailAttribute) {
$mailAttribute = strtolower($this->config->mailAttribute);
$attrs[] = $mailAttribute;
}
if ($this->config->fullNameAttribute) {
$fullNameAttribute = strtolower($this->config->fullNameAttribute);
$attrs[] = $fullNameAttribute;
}
if (preg_match('/(^|,)cn=/i', $this->username) || $this->config->usernameAttribute && preg_match('/' . $this->config->usernameAttribute . '=/i', $this->username)) {
//username is provided as distinguished name.
//We need to make additional query to validate user's password
$filter = sprintf('(&%s(' . $this->config->usernameAttribute . '=*))', $this->config->userFilter);
$query = @ldap_search($this->conn, $this->username, $filter, $attrs, 0, 1);
$this->log("Query baseDn (2):%s filter:%s, attributes: %s - %s", $this->username, $filter, join(', ', $attrs), $query !== false ? 'OK' : 'Failed');
} else {
$filter = sprintf('(&%s(' . $this->config->usernameAttribute . '=%s))', $this->config->userFilter, self::realEscape(strtok($this->username, '@')));
$query = @ldap_search($this->conn, $this->config->baseDn, $filter, $attrs, 0, 1);
$this->log("Query baseDn (1):%s filter:%s, attributes: %s - %s", $this->config->baseDn, $filter, join(', ', $attrs), $query !== false ? 'OK' : 'Failed');
}
if ($query !== false) {
$results = ldap_get_entries($this->conn, $query);
$this->log(sprintf("Query result count: %s", $results['count']));
if ($results['count'] == 1) {
//If it is successful, we should take the DN and bind
//again using that DN and the provided password.
$this->dn = $results[0]['dn'];
$this->memberofDn = $results[0]['memberof'];
if (isset($mailAttribute) && isset($results[0][$mailAttribute])) {
$this->email = (is_array($results[0][$mailAttribute]) ? $results[0][$mailAttribute][0] : $results[0][$mailAttribute]) . '';
$this->log('Email has been retrieved: %s', $this->email);
}
if (isset($fullNameAttribute) && isset($results[0][$fullNameAttribute])) {
$this->fullname = (is_array($results[0][$fullNameAttribute]) ? $results[0][$fullNameAttribute][0] : $results[0][$fullNameAttribute]) . '';
$this->log('Full name has been retrieved: %s', $this->fullname);
}
$this->log(sprintf("Query result memberofDn: %s", count($this->memberofDn['count'])));
if (isset($this->memberofDn['count'])) {
unset($this->memberofDn['count']);
}
$this->log(sprintf("Query result DN: %s", $this->dn));
//Now this should either succeed or fail properly
$ret = $this->bindRdn(self::escape($this->dn), $this->password);
} else {
$ret = false;
}
} else {
$ret = false;
}
}
return $ret;
}