LDAP.php 3.3 KB
Newer Older
Dainis Abols's avatar
Dainis Abols committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?php

namespace Aaxc\LDAPAtuhorization;

/**
 * Class LDAP
 * Independent model for LDAP Authentications
 *
 * @author  Dainis Abols <dainis.abols@lu.lv>
 * @since   18.04.2020
 *
 * @package App
 */
class LDAP
{
    /**
     * LDAP server name.
     *
     * @var mixed
     */
    private $server;

    /**
     * LDAP domain component.
     *
     * @var string
     */
    private $dc;

    /**
     * LDAP main connection.
     *
     * @var resource
     */
    public $conn;

    /**
     * Retrieve domain component
     *
     * @return string
     */
    public function getDc()
    {
        return $this->dc;
    }

    /**
     * Retrieve connection status
     *
     * @return resource
     */
    public function getConnection()
    {
        return $this->conn;
    }

    /**
     * LDAP constructor.
     */
    public function __construct($server, $dc)
    {
        $this->server = $server;
        $this->dc     = $dc;

        $this->conn = @ldap_connect('ldap://'.$this->server);
        ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($this->conn, LDAP_OPT_REFERRALS, 0);
    }

    /**
     * Bind user, if credentials match and return info array
     *
     * @param $username
     * @param $password
     *
     * @return array|bool
     */
    public function authorize($username, $password)
    {
        if ($this->bind("uid={$username},{$this->dc}", $password)) {
            if ($info = $this->fetchUser("uid={$username},{$this->dc}", "(cn=*)")) {
                // Build user object and return
                return $this->makeUser($info);
            }
        }

        return false;
    }

    /**
     * Bind LDAP
     *
     * @param $connection
     * @param $uid
     * @param $password
     *
     * @return bool
     */
    public function bind($uid, $password)
    {
        return @ldap_bind($this->conn, $uid, $password);
    }

    /**
     * Search entry and retrieve first result (username should be unique!)
     *
     * @param $uid
     * @param $cn
     *
     * @return mixed
     */
    public function fetchUser($uid, $cn)
    {
        $search = ldap_search($this->conn, $uid, $cn);
        return ldap_get_entries($this->conn, $search)[0];
    }

    /**
     * Build LDAP User object
     *
     * @param $data
     *
     * @return \App\LDAPUser
     */
    private function makeUser($info)
    {
        $user = new LDAPUser();

        $user->uid                 = $info['uidnumber'][0];
        $user->username            = $info['uid'][0];
        $user->email               = $info['mail']['0'];
        $user->phone               = $info['telephonenumber']['0'];
        $user->givenname           = $info['givenname']['0'];
        $user->surname             = $info['sn']['0'];
        $user->cn                  = $info['cn']['0'];
        $user->display_name        = $info['displayname']['0'];
        $user->password_changed_at = $info['sambapwdlastset']['0'];
        $user->dn                  = $info['dn'];
        $user->groups              = $this->getGroups($info['edupersonaffiliation']);

        return $user;
    }

    /**
     * Retireve groups
     *
     * @param $group_array
     *
     * @return array
     */
    private function getGroups($group_array)
    {
        unset($group_array['count']);

        return array_values($group_array);
    }
}