protected function _authenticate($userId, $credentials)
{
if (!strlen($credentials['password'])) {
throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
}
/* Search for the user's full DN. */
$this->_ldap->bind();
try {
$dn = $this->_ldap->findUserDN($userId);
} catch (Horde_Exception_NotFound $e) {
throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
} catch (Horde_Exception_Ldap $e) {
throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE);
}
/* Attempt to bind to the LDAP server as the user. */
try {
$this->_ldap->bind($dn, $credentials['password']);
// Be sure we rebind as the configured user.
$this->_ldap->bind();
} catch (Horde_Ldap_Exception $e) {
// Be sure we rebind as the configured user.
$this->_ldap->bind();
if (Horde_Ldap::errorName($e->getCode() == 'LDAP_INVALID_CREDENTIALS')) {
throw new Horde_Auth_Exception('', Horde_Auth::REASON_BADLOGIN);
}
throw new Horde_Auth_Exception($e->getMessage(), Horde_Auth::REASON_MESSAGE);
}
if ($this->_params['password_expiration'] == 'yes') {
$shadow = $this->_lookupShadow($dn);
if ($shadow['shadowmax'] && $shadow['shadowlastchange'] && $shadow['shadowwarning']) {
$today = floor(time() / 86400);
$toexpire = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $today;
$warnday = $shadow['shadowlastchange'] + $shadow['shadowmax'] - $shadow['shadowwarning'];
if ($today >= $warnday) {
$this->setCredential('expire', $toexpire);
}
if ($toexpire == 0) {
$this->setCredential('change', true);
} elseif ($toexpire < 0) {
throw new Horde_Auth_Exception('', Horde_Auth::REASON_EXPIRED);
}
}
}
}