Commit 28e44f9b authored by Dainis Abols's avatar Dainis Abols
Browse files

Moved from GitHub to LU GIT

Version 1.0.3
parents
Pipeline #112 failed with stages
/.idea
/vendor
This diff is collapsed.
# LDAP Authorization Library for University of Latvia
Install via Composer
```
composer require aaxc/lu-ldap-authorization
```
## Usage
``` php
$ldapAuth = new LDAP($ldap_server, $ldap_dc);
$user = $ldapAuth->authorize($request->username, $request->password);
```
Variable $user will containt `false` on failed authorization and `LDAPUser` object on succesfull authorization.
## Requirements
- PHP 7.2
- PHP Extension LDAP
\ No newline at end of file
{
"name": "aaxc/lu-ldap-authorization",
"version": "1.0.2",
"description": "LDAP Authorization Library for University of Latvia",
"type": "library",
"authors": [
{
"name": "Dainis Abols",
"email": "dainis@dainisabols.lv"
}
],
"license": "GPL-3.0-or-later",
"require": {
"php": ">=7.2.0",
"ext-ldap": "*"
},
"require-dev": {
"phpunit/phpunit": "^7"
},
"autoload": {
"psr-4": {
"Aaxc\\LDAPAtuhorization\\": "src/"
}
},
"config": {
"bin-dir": "bin"
}
}
\ No newline at end of file
<?php
namespace Aaxc\LDAPAtuhorization;
/**
* Class LDAP
* Independent model for LDAP Authentications
*
* @author Dainis Abols <dainis.abols@lu.lv>
* @since 18.04.2020
*
* @package App
*/
class LDAP
{
/**
* LDAP server name.
*
* @var mixed
*/
private $server;
/**
* LDAP domain component.
*
* @var string
*/
private $dc;
/**
* LDAP main connection.
*
* @var resource
*/
public $conn;
/**
* Retrieve domain component
*
* @return string
*/
public function getDc()
{
return $this->dc;
}
/**
* Retrieve connection status
*
* @return resource
*/
public function getConnection()
{
return $this->conn;
}
/**
* LDAP constructor.
*/
public function __construct($server, $dc)
{
$this->server = $server;
$this->dc = $dc;
$this->conn = @ldap_connect('ldap://'.$this->server);
ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->conn, LDAP_OPT_REFERRALS, 0);
}
/**
* Bind user, if credentials match and return info array
*
* @param $username
* @param $password
*
* @return array|bool
*/
public function authorize($username, $password)
{
if ($this->bind("uid={$username},{$this->dc}", $password)) {
if ($info = $this->fetchUser("uid={$username},{$this->dc}", "(cn=*)")) {
// Build user object and return
return $this->makeUser($info);
}
}
return false;
}
/**
* Bind LDAP
*
* @param $connection
* @param $uid
* @param $password
*
* @return bool
*/
public function bind($uid, $password)
{
return @ldap_bind($this->conn, $uid, $password);
}
/**
* Search entry and retrieve first result (username should be unique!)
*
* @param $uid
* @param $cn
*
* @return mixed
*/
public function fetchUser($uid, $cn)
{
$search = ldap_search($this->conn, $uid, $cn);
return ldap_get_entries($this->conn, $search)[0];
}
/**
* Build LDAP User object
*
* @param $data
*
* @return \App\LDAPUser
*/
private function makeUser($info)
{
$user = new LDAPUser();
$user->uid = $info['uidnumber'][0];
$user->username = $info['uid'][0];
$user->email = $info['mail']['0'];
$user->phone = $info['telephonenumber']['0'];
$user->givenname = $info['givenname']['0'];
$user->surname = $info['sn']['0'];
$user->cn = $info['cn']['0'];
$user->display_name = $info['displayname']['0'];
$user->password_changed_at = $info['sambapwdlastset']['0'];
$user->dn = $info['dn'];
$user->groups = $this->getGroups($info['edupersonaffiliation']);
return $user;
}
/**
* Retireve groups
*
* @param $group_array
*
* @return array
*/
private function getGroups($group_array)
{
unset($group_array['count']);
return array_values($group_array);
}
}
<?php
namespace Aaxc\LDAPAtuhorization;
/**
* LDAP User
* Dummy class for LDAP User create
*
* @author Dainis Abols <dainis.abols@lu.lv>
* @since 27.07.2020
*
* @package App
*/
class LDAPUser
{
/**
* LDAP server user id
*
* @var integer
*/
public $uid;
/**
* Username
*
* @var string
*/
public $username;
/**
* Contact e-mail
*
* @var string
*/
public $email;
/**
* Phone number
*
* @var string
*/
public $phone;
/**
* Given name or first name
*
* @var string
*/
public $givenname;
/**
* Surname or last name
*
* @var string
*/
public $surname;
/**
* Full name
*
* @var string
*/
public $cn;
/**
* Customized display name or cn if none provided
*
* @var string
*/
public $display_name;
/**
* Access group array
*
* @var array
*/
public $groups;
/**
* Timestamp for last password change
*
* @var integer
*/
public $password_changed_at;
/**
* Privided DN paramneters
*
* @var string
*/
public $dn;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment