/**
* {@inheritdoc}
*/
public function authenticate($username, $password, $preventRebind = false)
{
$auth = false;
try {
if ($this->configuration->getUseSSO()) {
// If SSO is enabled, we'll try binding over kerberos
$remoteUser = $this->getRemoteUserInput();
$kerberos = $this->getKerberosAuthInput();
// If the remote user input equals the username we're
// trying to authenticate, we'll perform the bind
if ($remoteUser == $username) {
$auth = $this->bindUsingKerberos($kerberos);
}
} else {
// Looks like SSO isn't enabled, we'll bind regularly instead
$auth = $this->bindUsingCredentials($username, $password);
}
} catch (AdldapException $e) {
if ($preventRebind === true) {
// Binding failed and we're not allowed
// to rebind, we'll return false
return $auth;
}
}
// If we're allowed to rebind, we'll rebind as administrator
if ($preventRebind === false) {
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
if (!$this->connection->isBound()) {
throw new AdldapException('Rebind to Active Directory failed. AD said: ' . $this->connection->getLastError());
}
}
return $auth;
}
