REST_Controller::_perform_ldap_auth PHP Method

REST_Controller Class Documentation Exibir arquivo Open project: chriskacerguis/codeigniter-restserver

_perform_ldap_auth() protected method

Perform LDAP Authentication

protected _perform_ldap_auth ( string $username = '', string $password = NULL ) : boolean
$username	string	The username to validate
$password	string	The password to validate
return	boolean

    protected function _perform_ldap_auth($username = '', $password = NULL)
    {
        if (empty($username)) {
            log_message('debug', 'LDAP Auth: failure, empty username');
            return FALSE;
        }
        log_message('debug', 'LDAP Auth: Loading configuration');
        $this->config->load('ldap.php', TRUE);
        $ldap = ['timeout' => $this->config->item('timeout', 'ldap'), 'host' => $this->config->item('server', 'ldap'), 'port' => $this->config->item('port', 'ldap'), 'rdn' => $this->config->item('binduser', 'ldap'), 'pass' => $this->config->item('bindpw', 'ldap'), 'basedn' => $this->config->item('basedn', 'ldap')];
        log_message('debug', 'LDAP Auth: Connect to ' . (isset($ldaphost) ? $ldaphost : '[ldap not configured]'));
        // Connect to the ldap server
        $ldapconn = ldap_connect($ldap['host'], $ldap['port']);
        if ($ldapconn) {
            log_message('debug', 'Setting timeout to ' . $ldap['timeout'] . ' seconds');
            ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, $ldap['timeout']);
            log_message('debug', 'LDAP Auth: Binding to ' . $ldap['host'] . ' with dn ' . $ldap['rdn']);
            // Binding to the ldap server
            $ldapbind = ldap_bind($ldapconn, $ldap['rdn'], $ldap['pass']);
            // Verify the binding
            if ($ldapbind === FALSE) {
                log_message('error', 'LDAP Auth: bind was unsuccessful');
                return FALSE;
            }
            log_message('debug', 'LDAP Auth: bind successful');
        }
        // Search for user
        if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid={$username}")) === FALSE) {
            log_message('error', 'LDAP Auth: User ' . $username . ' not found in search');
            return FALSE;
        }
        if (ldap_count_entries($ldapconn, $res_id) !== 1) {
            log_message('error', 'LDAP Auth: Failure, username ' . $username . 'found more than once');
            return FALSE;
        }
        if (($entry_id = ldap_first_entry($ldapconn, $res_id)) === FALSE) {
            log_message('error', 'LDAP Auth: Failure, entry of search result could not be fetched');
            return FALSE;
        }
        if (($user_dn = ldap_get_dn($ldapconn, $entry_id)) === FALSE) {
            log_message('error', 'LDAP Auth: Failure, user-dn could not be fetched');
            return FALSE;
        }
        // User found, could not authenticate as user
        if (($link_id = ldap_bind($ldapconn, $user_dn, $password)) === FALSE) {
            log_message('error', 'LDAP Auth: Failure, username/password did not match: ' . $user_dn);
            return FALSE;
        }
        log_message('debug', 'LDAP Auth: Success ' . $user_dn . ' authenticated successfully');
        $this->_user_ldap_dn = $user_dn;
        ldap_close($ldapconn);
        return TRUE;
    }

REST_Controller

__construct

__destruct

_auth_override_check

_check_access

_check_blacklist_auth

_check_cors

_check_limit

_check_login

_check_php_session

_check_whitelist_auth

_detect_api_key