141 lines
5.1 KiB
PHP
141 lines
5.1 KiB
PHP
<?php
|
|
include "../../../include/boot.php";
|
|
include "../../../include/authenticate.php"; if (!checkperm("u")) {exit ("Permission denied.");}
|
|
|
|
|
|
|
|
$simpleldap['domain'] = getval('domain', '');
|
|
$simpleldap['ldapserver'] = getval('ldapserver', '');
|
|
$simpleldap['ldapuser'] = getval('ldapuser', '');
|
|
$simpleldap['ldappassword'] = getval('ldappassword', '');
|
|
$userdomain = getval('userdomain', '');
|
|
$simpleldap['port'] = getval('port', '');
|
|
$simpleldap['ldaptype'] = getval('ldaptype', 1);
|
|
$simpleldap['basedn'] = getval('basedn', '');
|
|
$simpleldap['loginfield'] = getval('loginfield', '');
|
|
$simpleldap['ldapgroupfield'] = getval('ldapgroupfield', '');
|
|
$simpleldap['email_attribute'] = getval('email_attribute', '');
|
|
$simpleldap['phone_attribute'] = getval('phone_attribute', '');
|
|
$simpleldap['emailsuffix'] = getval('emailsuffix','');
|
|
$simpleldap['LDAPTLS_REQCERT_never'] = getval('LDAPTLS_REQCERT_never', 0,true) != 0;
|
|
|
|
$escaped_ldapuser = (function_exists('ldap_escape')) ? ldap_escape($simpleldap['ldapuser'], '', LDAP_ESCAPE_DN) : $simpleldap['ldapuser'];
|
|
|
|
// Test we can connect to domain
|
|
$bindsuccess=false;
|
|
|
|
if($simpleldap['LDAPTLS_REQCERT_never'])
|
|
{
|
|
putenv('LDAPTLS_REQCERT=never');
|
|
}
|
|
// Set LDAP options for all connections
|
|
ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 2);
|
|
ldap_set_option(null, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
|
|
if (substr(strtolower($simpleldap['ldapserver']),0,4) == "ldap") {
|
|
$connstring = $simpleldap['ldapserver'];
|
|
} elseif ($simpleldap['port'] == 636) {
|
|
$connstring = 'ldaps://' . $simpleldap['ldapserver'] . ':636';
|
|
} else {
|
|
$connstring = 'ldap://' . $simpleldap['ldapserver'] . ':' . $simpleldap['port'];
|
|
}
|
|
|
|
$userdetails = false;
|
|
$ds = ldap_connect($connstring);
|
|
if ($ds !== false) {
|
|
if(!isset($simpleldap['ldaptype']) || $simpleldap['ldaptype'] == 1)
|
|
{
|
|
if(strpos($escaped_ldapuser, $userdomain) !== false)
|
|
{
|
|
$binduserstring = $escaped_ldapuser;
|
|
}
|
|
else
|
|
{
|
|
$binduserstring = "{$escaped_ldapuser}@{$userdomain}";
|
|
}
|
|
|
|
debug("LDAP - Attempting to bind to AD server as : " . $binduserstring);
|
|
$GLOBALS["use_error_exception"] = true;
|
|
try
|
|
{
|
|
$login = ldap_bind( $ds, ldap_escape($binduserstring, "", LDAP_ESCAPE_DN), $simpleldap['ldappassword'] );
|
|
}
|
|
catch(Exception $e)
|
|
{
|
|
debug("ERROR: LDAP bind failed " . $e->getMessage());
|
|
$login=false;
|
|
}
|
|
unset($GLOBALS["use_error_exception"]);
|
|
if ($login)
|
|
{
|
|
debug("LDAP - Success binding to AD server as : " . $binduserstring);
|
|
$bindsuccess=true;
|
|
}
|
|
else
|
|
{
|
|
debug("LDAP - Failed binding to AD server as : " . $binduserstring);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$searchdns=explode(";",$simpleldap['basedn']);
|
|
foreach($searchdns as $searchdn)
|
|
{
|
|
$binduserstring = $simpleldap['loginfield'] . "=" . $escaped_ldapuser . "," . $searchdn;
|
|
debug("LDAP - Attempting to bind to AD server as : " . $binduserstring);
|
|
$GLOBALS["use_error_exception"] = true;
|
|
try
|
|
{
|
|
$login = ldap_bind( $ds, $binduserstring, $simpleldap['ldappassword'] );
|
|
}
|
|
catch(Exception $e)
|
|
{
|
|
debug("ERROR: LDAP bind failed " . $e->getMessage());
|
|
$login=false;
|
|
}
|
|
unset($GLOBALS["use_error_exception"]);
|
|
if (!$login)
|
|
{
|
|
debug("LDAP bind failed: " . $searchdn);
|
|
}
|
|
else
|
|
{
|
|
$bindsuccess=true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
ldap_get_option($ds, LDAP_OPT_ERROR_STRING, $last_ldap_error);
|
|
$response['bindsuccess'] = $bindsuccess ? $lang['status-ok'] : "{$lang['status-fail']} - " . ldap_error($ds) . " ( {$last_ldap_error} )";
|
|
$response['memberof'] = array();
|
|
|
|
$userdetails=simpleldap_authenticate($simpleldap['ldapuser'],$simpleldap['ldappassword']);
|
|
|
|
unset($GLOBALS["use_error_exception"]);
|
|
|
|
if ($userdetails) {
|
|
$response['success'] = true;
|
|
$response['message'] = $lang["status-ok"];
|
|
$response['domain'] = $userdetails['domain'];
|
|
$response['binduser'] = $userdetails['binduser'];
|
|
$response['username'] = $userdetails['username'];
|
|
$response['displayname'] = $userdetails['displayname'];
|
|
$response['group'] = $userdetails['group'];
|
|
$response['email'] = $userdetails['email'];
|
|
$response['phone'] = $userdetails['phone'];
|
|
$response['memberof'] = $userdetails['memberof'];
|
|
} else {
|
|
$response['success'] = false;
|
|
$response['message'] = $lang["status-fail"];
|
|
}
|
|
} else {
|
|
$response['success'] = false;
|
|
$response['message'] = "LDAP - Invalid connection URL: '" . $connstring . "'";
|
|
}
|
|
|
|
$response['complete'] = true;
|
|
|
|
echo json_encode($response);
|
|
exit();
|