summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <machniak@kolabsys.com>2012-03-26 13:43:34 (GMT)
committerAleksander Machniak <machniak@kolabsys.com>2012-03-26 13:43:34 (GMT)
commit3a269be5be0e73d7f7da0c8779208024c6a2c61a (patch)
tree09ec2f58bc725cdd0758d086a55c34a627a2b86c
parent74cc5b91fa5f61dfa695c80ae82562fe5dc4ad4c (diff)
downloadkolab-wap-3a269be5be0e73d7f7da0c8779208024c6a2c61a.tar.gz
Improved LDAP connection handling
-rw-r--r--lib/Auth/LDAP.php183
1 files changed, 95 insertions, 88 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b5a94bf..3c2e96e 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -107,7 +107,10 @@ class LDAP
public function authenticate($username, $password)
{
error_log("LDAP authentication request for $username");
- $this->_connect();
+
+ if (!$this->_connect()) {
+ return false;
+ }
// Attempt to explode the username to see if it is in fact a DN,
// such as would be the case for 'cn=Directory Manager' or
@@ -146,12 +149,6 @@ class LDAP
}
}
- public function connect()
- {
- // Apply some routines for access control to this function here.
- return $this->_connect();
- }
-
public function domain_add($domain, $domain_alias = false, $prepopulate = true)
{
// Apply some routines for access control to this function here.
@@ -163,54 +160,6 @@ class LDAP
}
}
- /*
- Translate a domain name into it's corresponding root dn.
- */
- public function domain_root_dn($domain = '')
- {
- $conf = Conf::get_instance();
-
- if ($domain == '') {
- return false;
- }
-
- error_log("Searching for domain $domain");
-
- $this->_connect();
-
- error_log("From domain to root dn");
-
- if (($this->_bind($conf->get('ldap', 'bind_dn'), $conf->get('ldap', 'bind_pw'))) == false) {
- error_log("WARNING: Invalid Service bind credentials supplied");
- $this->_bind($conf->manager_bind_dn, $conf->manager_bind_pw);
- }
-
- // TODO: Get domain_attr from config
- if (($results = ldap_search($this->conn, $conf->get('domain_base_dn'), '(associatedDomain=' . $domain . ')')) == false) {
- error_log("No results?");
- return false;
- }
-
- $domain = ldap_first_entry($this->conn, $results);
- $domain_info = ldap_get_attributes($this->conn, $domain);
-
-// echo "<pre>"; print_r($domain_info); echo "</pre>";
-
- // TODO: Also very 389 specific
- if (isset($domain_info['inetDomainBaseDN'][0])) {
- $domain_rootdn = $domain_info['inetDomainBaseDN'][0];
- }
- else {
- $domain_rootdn = $this->_standard_root_dn($domain_info['associatedDomain']);
- }
-
- $this->_unbind();
-
- error_log("Using $domain_rootdn");
-
- return $domain_rootdn;
- }
-
public function effective_rights($subject_dn)
{
$attributes = array();
@@ -533,9 +482,57 @@ class LDAP
return $this->_list_group_members($group_dn);
}
+ /*
+ Translate a domain name into it's corresponding root dn.
+ */
+ private function domain_root_dn($domain = '')
+ {
+ $conf = Conf::get_instance();
+
+ if ($domain == '') {
+ return false;
+ }
+
+ if (!$this->_connect()) {
+ return false;
+ }
+
+ error_log("Searching for domain $domain");
+ error_log("From domain to root dn");
+
+ if (($this->_bind($conf->get('ldap', 'bind_dn'), $conf->get('ldap', 'bind_pw'))) == false) {
+ error_log("WARNING: Invalid Service bind credentials supplied");
+ $this->_bind($conf->manager_bind_dn, $conf->manager_bind_pw);
+ }
+
+ // TODO: Get domain_attr from config
+ if (($results = ldap_search($this->conn, $conf->get('domain_base_dn'), '(associatedDomain=' . $domain . ')')) == false) {
+ error_log("No results?");
+ return false;
+ }
+
+ $domain = ldap_first_entry($this->conn, $results);
+ $domain_info = ldap_get_attributes($this->conn, $domain);
+
+// echo "<pre>"; print_r($domain_info); echo "</pre>";
+
+ // TODO: Also very 389 specific
+ if (isset($domain_info['inetDomainBaseDN'][0])) {
+ $domain_rootdn = $domain_info['inetDomainBaseDN'][0];
+ }
+ else {
+ $domain_rootdn = $this->_standard_root_dn($domain_info['associatedDomain']);
+ }
+
+ $this->_unbind();
+
+ error_log("Using $domain_rootdn");
+
+ return $domain_rootdn;
+ }
+
private function search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
{
- error_log("Searching $base_dn with filter '$search_filter'");
return $this->_search($base_dn, $search_filter, $attributes);
}
@@ -613,10 +610,14 @@ class LDAP
public static function normalize_result($__result)
{
+ if (!is_array($__result)) {
+ return array();
+ }
+
$conf = Conf::get_instance();
$dn_attr = $conf->get($conf->get('kolab', 'auth_mechanism'), 'domain_name_attribute');
- $result = array();
+ $result = array();
for ($x = 0; $x < $__result["count"]; $x++) {
$dn = $__result[$x]['dn'];
@@ -764,20 +765,16 @@ class LDAP
return $search_filter;
}
- /*
-
- Shortcut functions
-
- */
+ /***********************************************************
+ ************ Shortcut functions ****************
+ ***********************************************************/
/*
Shortcut to ldap_add()
*/
-
private function _add($entry_dn, $attributes)
{
// Always bind with the session credentials
- $this->_connect();
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
if (($add_result = ldap_add($this->conn, $entry_dn, $attributes)) == false) {
@@ -823,23 +820,26 @@ class LDAP
*/
private function _connect()
{
- if (!$this->conn) {
- // TODO: Debug logging
- error_log("Connecting to " . $this->_ldap_server . " on port " . $this->_ldap_port);
- $connection = ldap_connect($this->_ldap_server, $this->_ldap_port);
+ if ($this->conn) {
+ return true;
+ }
- if ($connection == false) {
- $this->conn = null;
- // TODO: Debug logging
- error_log("Not connected: " . ldap_err2str() . "(no.) " . ldap_errno());
- }
- else {
- $this->conn = $connection;
- }
+ // TODO: Debug logging
+ error_log("Connecting to " . $this->_ldap_server . " on port " . $this->_ldap_port);
+ $connection = ldap_connect($this->_ldap_server, $this->_ldap_port);
+ if ($connection == false) {
+ $this->conn = null;
// TODO: Debug logging
- error_log("Connected!");
+ error_log("Not connected: " . ldap_err2str() . "(no.) " . ldap_errno());
+ return false;
}
+
+ $this->conn = $connection;
+ // TODO: Debug logging
+ error_log("Connected!");
+
+ return true;
}
/**
@@ -847,7 +847,6 @@ class LDAP
*/
private function _delete($entry_dn)
{
- $this->_connect();
// Always bind with the session credentials
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
@@ -903,6 +902,10 @@ class LDAP
*/
private function _list($base_dn, $filter)
{
+ if (!$this->conn) {
+ return null;
+ }
+
$ldap_entries = array( "count" => 0 );
if (($ldap_list = @ldap_list($this->conn, $base_dn, $filter)) == false) {
@@ -922,7 +925,13 @@ class LDAP
*/
private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
{
- error_log("Searching with user " . $_SESSION['user']->user_bind_dn);
+ if (!$this->_connect()) {
+ return false;
+ }
+
+ error_log("Searching $base_dn with filter: $search_filter");
+ error_log("Searching with user: " . $_SESSION['user']->user_bind_dn);
+
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
if (($search_results = @ldap_search($this->conn, $base_dn, $search_filter, $attributes)) == false) {
@@ -988,7 +997,9 @@ class LDAP
private function _unbind($yes = false, $really = false)
{
if ($yes && $really) {
- ldap_unbind($this->conn);
+ if ($this->conn) {
+ ldap_unbind($this->conn);
+ }
$this->conn = null;
$this->bind_dn = null;
@@ -1080,14 +1091,12 @@ class LDAP
private function _get_group_dn($root_dn, $search_filter)
{
- error_log("Searching for a group dn in $root_dn, with search filter: $search_filter");
-
- $this->_connect();
-
if (($this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'))) == false) {
$this->_bind($this->conf->get('manager_bind_dn'), $this->conf->get('manager_bind_pw'));
}
+ error_log("Searching for a group dn in $root_dn, with search filter: $search_filter");
+
$search_results = ldap_search($this->conn, $root_dn, $search_filter);
if (ldap_count_entries($this->conn, $search_results) == 0) {
@@ -1104,15 +1113,13 @@ class LDAP
private function _get_user_dn($root_dn, $search_filter)
{
- error_log("Searching for a user dn in $root_dn, with search filter: $search_filter");
-
- $this->_connect();
-
if (($this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'))) == false) {
//message("WARNING: Invalid Service bind credentials supplied");
$this->_bind($this->conf->get('manager_bind_dn'), $this->conf->get('manager_bind_pw'));
}
+ error_log("Searching for a user dn in $root_dn, with search filter: $search_filter");
+
$search_results = ldap_search($this->conn, $root_dn, $search_filter);
if (ldap_count_entries($this->conn, $search_results) == 0) {