Commit b84983bf authored by Ad Schellevis's avatar Ad Schellevis

(auth) extend ldap connector to comply to IAuthConnector interface

parent 5d42af9d
...@@ -33,7 +33,7 @@ namespace OPNsense\Auth; ...@@ -33,7 +33,7 @@ namespace OPNsense\Auth;
* Class LDAP connector * Class LDAP connector
* @package OPNsense\Auth * @package OPNsense\Auth
*/ */
class LDAP class LDAP implements IAuthConnector
{ {
/** /**
* @var int ldap version to use * @var int ldap version to use
...@@ -55,6 +55,36 @@ class LDAP ...@@ -55,6 +55,36 @@ class LDAP
*/ */
private $ldapSearchAttr = array(); private $ldapSearchAttr = array();
/**
* @var null|string ldap configuration property set.
*/
private $ldapBindURL = null;
/**
* @var null|string ldap administrative bind dn
*/
private $ldapBindDN = null ;
/**
* @var null|string ldap administrative bind passwd
*/
private $ldapBindPassword = null ;
/**
* @var null|string user attribute
*/
private $ldapAttributeUser = null;
/**
* @var null|string ldap extended query
*/
private $ldapExtendedQuery = null;
/**
* @var array list of already known usernames vs distinguished names
*/
private $userDNmap = array();
/** /**
* close ldap handle if open * close ldap handle if open
*/ */
...@@ -126,6 +156,40 @@ class LDAP ...@@ -126,6 +156,40 @@ class LDAP
$this->addSearchAttribute("name"); $this->addSearchAttribute("name");
} }
/**
* set connector properties
* @param array $config connection properties
*/
public function setProperties($config)
{
$confMap = array("ldap_protver" => "ldapVersion",
"ldap_basedn" => "baseSearchDN",
"ldap_binddn" => "ldapBindDN",
"ldap_bindpw" => "ldapBindPassword",
"ldap_attr_user" => "ldapAttributeUser",
"ldap_extended_query" => "ldapExtendedQuery",
"local_users" => "userDNmap"
) ;
// map properties 1-on-1
foreach ($confMap as $confSetting => $objectProperty) {
if (!empty($config[$confSetting]) && property_exists($this, $objectProperty)) {
$this->$objectProperty = $config[$confSetting];
}
}
// translate config settings
if (strstr($config['ldap_urltype'], "Standard")) {
$this->ldapBindURL = "ldap://";
} else {
$this->ldapBindURL = "ldaps://";
}
$this->ldapBindURL .= strpos($config['host'], "::") !== false ? "[{$config['host']}]" : $config['host'];
if (!empty($config['ldap_port'])) {
$this->ldapBindURL .= ":{$config['ldap_port']}";
}
}
/** /**
* close ldap handle on destruction * close ldap handle on destruction
*/ */
...@@ -219,4 +283,33 @@ class LDAP ...@@ -219,4 +283,33 @@ class LDAP
return false; return false;
} }
/**
* authenticate user against ldap server
* @param $username username to authenticate
* @param $password user password
* @return bool authentication status
*/
public function authenticate($username, $password)
{
// todo: implement SSL parts (legacy : ldap_setup_caenv)
// authenticate user
if (array_key_exists($username, $this->userDNmap)) {
// we can map $username to distinguished name, just feed to connect
$ldap_is_connected = $this->connect($this->ldapBindURL, $this->userDNmap[$username], $password);
return $ldap_is_connected;
} else {
// we don't know this users distinguished name, try to find it
$ldap_is_connected = $this->connect($this->ldapBindURL, $this->ldapBindDN, $this->ldapBindPassword);
if ($ldap_is_connected) {
$result = $this->searchUsers($username, $this->ldapAttributeUser, $this->ldapExtendedQuery);
if (count($result) > 0) {
$ldap_is_connected = $this->connect($this->ldapBindURL, $result[0]['dn'], $password);
return $ldap_is_connected;
}
}
return false;
}
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment