protected function _perform_ldap_auth($username = '', $password = NULL)
{
if (empty($username)) {
log_message('debug', 'LDAP Auth: failure, empty username');
return FALSE;
}
log_message('debug', 'LDAP Auth: Loading configuration');
$this->config->load('ldap.php', TRUE);
$ldap = ['timeout' => $this->config->item('timeout', 'ldap'), 'host' => $this->config->item('server', 'ldap'), 'port' => $this->config->item('port', 'ldap'), 'rdn' => $this->config->item('binduser', 'ldap'), 'pass' => $this->config->item('bindpw', 'ldap'), 'basedn' => $this->config->item('basedn', 'ldap')];
log_message('debug', 'LDAP Auth: Connect to ' . (isset($ldaphost) ? $ldaphost : '[ldap not configured]'));
// Connect to the ldap server
$ldapconn = ldap_connect($ldap['host'], $ldap['port']);
if ($ldapconn) {
log_message('debug', 'Setting timeout to ' . $ldap['timeout'] . ' seconds');
ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, $ldap['timeout']);
log_message('debug', 'LDAP Auth: Binding to ' . $ldap['host'] . ' with dn ' . $ldap['rdn']);
// Binding to the ldap server
$ldapbind = ldap_bind($ldapconn, $ldap['rdn'], $ldap['pass']);
// Verify the binding
if ($ldapbind === FALSE) {
log_message('error', 'LDAP Auth: bind was unsuccessful');
return FALSE;
}
log_message('debug', 'LDAP Auth: bind successful');
}
// Search for user
if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid={$username}")) === FALSE) {
log_message('error', 'LDAP Auth: User ' . $username . ' not found in search');
return FALSE;
}
if (ldap_count_entries($ldapconn, $res_id) !== 1) {
log_message('error', 'LDAP Auth: Failure, username ' . $username . 'found more than once');
return FALSE;
}
if (($entry_id = ldap_first_entry($ldapconn, $res_id)) === FALSE) {
log_message('error', 'LDAP Auth: Failure, entry of search result could not be fetched');
return FALSE;
}
if (($user_dn = ldap_get_dn($ldapconn, $entry_id)) === FALSE) {
log_message('error', 'LDAP Auth: Failure, user-dn could not be fetched');
return FALSE;
}
// User found, could not authenticate as user
if (($link_id = ldap_bind($ldapconn, $user_dn, $password)) === FALSE) {
log_message('error', 'LDAP Auth: Failure, username/password did not match: ' . $user_dn);
return FALSE;
}
log_message('debug', 'LDAP Auth: Success ' . $user_dn . ' authenticated successfully');
$this->_user_ldap_dn = $user_dn;
ldap_close($ldapconn);
return TRUE;
}