Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
O
OpnSense
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kulya
OpnSense
Commits
b84983bf
Commit
b84983bf
authored
Sep 24, 2015
by
Ad Schellevis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
(auth) extend ldap connector to comply to IAuthConnector interface
parent
5d42af9d
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
94 additions
and
1 deletion
+94
-1
LDAP.php
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
+94
-1
No files found.
src/opnsense/mvc/app/library/OPNsense/Auth/LDAP.php
View file @
b84983bf
...
@@ -33,7 +33,7 @@ namespace OPNsense\Auth;
...
@@ -33,7 +33,7 @@ namespace OPNsense\Auth;
* Class LDAP connector
* Class LDAP connector
* @package OPNsense\Auth
* @package OPNsense\Auth
*/
*/
class
LDAP
class
LDAP
implements
IAuthConnector
{
{
/**
/**
* @var int ldap version to use
* @var int ldap version to use
...
@@ -55,6 +55,36 @@ class LDAP
...
@@ -55,6 +55,36 @@ class LDAP
*/
*/
private
$ldapSearchAttr
=
array
();
private
$ldapSearchAttr
=
array
();
/**
* @var null|string ldap configuration property set.
*/
private
$ldapBindURL
=
null
;
/**
* @var null|string ldap administrative bind dn
*/
private
$ldapBindDN
=
null
;
/**
* @var null|string ldap administrative bind passwd
*/
private
$ldapBindPassword
=
null
;
/**
* @var null|string user attribute
*/
private
$ldapAttributeUser
=
null
;
/**
* @var null|string ldap extended query
*/
private
$ldapExtendedQuery
=
null
;
/**
* @var array list of already known usernames vs distinguished names
*/
private
$userDNmap
=
array
();
/**
/**
* close ldap handle if open
* close ldap handle if open
*/
*/
...
@@ -126,6 +156,40 @@ class LDAP
...
@@ -126,6 +156,40 @@ class LDAP
$this
->
addSearchAttribute
(
"name"
);
$this
->
addSearchAttribute
(
"name"
);
}
}
/**
* set connector properties
* @param array $config connection properties
*/
public
function
setProperties
(
$config
)
{
$confMap
=
array
(
"ldap_protver"
=>
"ldapVersion"
,
"ldap_basedn"
=>
"baseSearchDN"
,
"ldap_binddn"
=>
"ldapBindDN"
,
"ldap_bindpw"
=>
"ldapBindPassword"
,
"ldap_attr_user"
=>
"ldapAttributeUser"
,
"ldap_extended_query"
=>
"ldapExtendedQuery"
,
"local_users"
=>
"userDNmap"
)
;
// map properties 1-on-1
foreach
(
$confMap
as
$confSetting
=>
$objectProperty
)
{
if
(
!
empty
(
$config
[
$confSetting
])
&&
property_exists
(
$this
,
$objectProperty
))
{
$this
->
$objectProperty
=
$config
[
$confSetting
];
}
}
// translate config settings
if
(
strstr
(
$config
[
'ldap_urltype'
],
"Standard"
))
{
$this
->
ldapBindURL
=
"ldap://"
;
}
else
{
$this
->
ldapBindURL
=
"ldaps://"
;
}
$this
->
ldapBindURL
.=
strpos
(
$config
[
'host'
],
"::"
)
!==
false
?
"[
{
$config
[
'host'
]
}
]"
:
$config
[
'host'
];
if
(
!
empty
(
$config
[
'ldap_port'
]))
{
$this
->
ldapBindURL
.=
":
{
$config
[
'ldap_port'
]
}
"
;
}
}
/**
/**
* close ldap handle on destruction
* close ldap handle on destruction
*/
*/
...
@@ -219,4 +283,33 @@ class LDAP
...
@@ -219,4 +283,33 @@ class LDAP
return
false
;
return
false
;
}
}
/**
* authenticate user against ldap server
* @param $username username to authenticate
* @param $password user password
* @return bool authentication status
*/
public
function
authenticate
(
$username
,
$password
)
{
// todo: implement SSL parts (legacy : ldap_setup_caenv)
// authenticate user
if
(
array_key_exists
(
$username
,
$this
->
userDNmap
))
{
// we can map $username to distinguished name, just feed to connect
$ldap_is_connected
=
$this
->
connect
(
$this
->
ldapBindURL
,
$this
->
userDNmap
[
$username
],
$password
);
return
$ldap_is_connected
;
}
else
{
// we don't know this users distinguished name, try to find it
$ldap_is_connected
=
$this
->
connect
(
$this
->
ldapBindURL
,
$this
->
ldapBindDN
,
$this
->
ldapBindPassword
);
if
(
$ldap_is_connected
)
{
$result
=
$this
->
searchUsers
(
$username
,
$this
->
ldapAttributeUser
,
$this
->
ldapExtendedQuery
);
if
(
count
(
$result
)
>
0
)
{
$ldap_is_connected
=
$this
->
connect
(
$this
->
ldapBindURL
,
$result
[
0
][
'dn'
],
$password
);
return
$ldap_is_connected
;
}
}
return
false
;
}
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment