View Issue Details

IDProjectCategoryView StatusLast Update
0026633mantisbtldappublic2020-02-09 07:05
Reporters.sorrentino Assigned Tovboctor  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Product Version2.23.0 
Summary0026633: Ldap connection to multiple domains
Description

Hi Guys, i configured on my main domain a virtual machine Windows with XAMPP and the last version of Mantis.
The Ldap work fine with all the user in the same domain of the virtual machine, but doesn´t work with users with a different domain.
I have 3 Windows domain to manage, are all trusted each other.
I created also a group on the main domain to force the LDAP search on mantis only on a single group and i added the "not main domain" users to this group, but it doesn´t work.
i also worked on the ldap_api.php, in order to duplicate the configuration and search also on other domains, but, as you can immagine doesn´t work at all.

There´s something that i can do? Otherwise i need to search another solution with another product :-( .

TagsNo tags attached.

Relationships

duplicate of 0009954 new More than one ldap-server 

Activities

s.sorrentino

s.sorrentino

2020-01-29 02:18

reporter   ~0063529

Last edited: 2020-01-29 02:23

View 4 revisions

Here below the transcription of my modified ldap_api.php:

<?php
/**

  • LDAP API
  • @package CoreAPI
  • @subpackage LDAPAPI
  • @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
  • @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net
  • @link http://www.mantisbt.org
  • @uses config_api.php
  • @uses constant_inc.php
  • @uses logging_api.php
  • @uses user_api.php
  • @uses utility_api.php
    */

require_api( 'config_api.php' );
require_api( 'constant_inc.php' );
require_api( 'logging_api.php' );
require_api( 'user_api.php' );
require_api( 'utility_api.php' );

/**

  • Logs the most recent LDAP error
  • @param resource $p_ds LDAP resource identifier returned by ldap_connect.
  • @return void
    */
    function ldap_log_error( $p_ds ) {
    log_event( LOG_LDAP, 'ERROR #' . ldap_errno( $p_ds ) . ': ' . ldap_error( $p_ds ) );
    }

/**

  • Connect and bind to the LDAP directory
  • @param string $p_binddn DN to use for LDAP bind.
  • @param string $p_password Password to use for LDAP bind.
  • @return resource|false
    */
    function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
    if( !extension_loaded( 'ldap' ) ) {
    log_event( LOG_LDAP, 'Error: LDAP extension missing in php' );
    trigger_error( ERROR_LDAP_EXTENSION_NOT_LOADED, ERROR );
    }

    $t_ldap_server = config_get( 'ldap_server' );

    log_event( LOG_LDAP, 'Attempting connection to LDAP server/URI \'' . $t_ldap_server . '\'.' );
    $t_ds = @ldap_connect( $t_ldap_server );
    if( $t_ds !== false && $t_ds > 0 ) {
    log_event( LOG_LDAP, 'Connection accepted by LDAP server' );

    $t_network_timeout = config_get( 'ldap_network_timeout' );
    if( $t_network_timeout > 0 ) {
        log_event( LOG_LDAP, &quot;Setting LDAP network timeout to &quot; . $t_network_timeout );
        $t_result = @ldap_set_option( $t_ds, LDAP_OPT_NETWORK_TIMEOUT, $t_network_timeout );
        if( !$t_result ) {
            ldap_log_error( $t_ds );
        }
    }
    
    $t_protocol_version = config_get( 'ldap_protocol_version' );
    if( $t_protocol_version > 0 ) {
        log_event( LOG_LDAP, 'Setting LDAP protocol version to ' . $t_protocol_version );
        $t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
        if( !$t_result ) {
            ldap_log_error( $t_ds );
        }
    }
    
    // Set referrals flag.
    $t_follow_referrals = ON == config_get( 'ldap_follow_referrals' );
    $t_result = @ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, $t_follow_referrals );
    if( !$t_result ) {
        ldap_log_error( $t_ds );
    }
    
    // If no Bind DN and Password is set, attempt to login as the configured
    //  Bind DN.
    if( is_blank( $p_binddn ) && is_blank( $p_password ) ) {
        $p_binddn = config_get( 'ldap_bind_dn', '' );
        $p_password = config_get( 'ldap_bind_passwd', '' );
    }
    
    if( !is_blank( $p_binddn ) && !is_blank( $p_password ) ) {
        log_event( LOG_LDAP, 'Attempting bind to ldap server with username and password' );
        $t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
    } else {
        // Either the Bind DN or the Password are empty, so attempt an anonymous bind.
        log_event( LOG_LDAP, 'Attempting anonymous bind to ldap server' );
        $t_br = @ldap_bind( $t_ds );
    }
    
    if( !$t_br ) {
        ldap_log_error( $t_ds );
        log_event( LOG_LDAP, 'Bind to ldap server failed' );
        trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
    } else {
        log_event( LOG_LDAP, 'Bind to ldap server successful' );
    }

    } else {
    log_event( LOG_LDAP, 'Connection to ldap server failed' );
    trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
    }

    return $t_ds;
    }

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// MODIFICA STS 2020.01.28
// TEST MULTI LDAP Binding

function ldap_connect_bind_2( $p_binddn_2 = '', $p_password_2 = '' ) {
if( !extension_loaded( 'ldap' ) ) {
log_event( LOG_LDAP, 'Error: LDAP extension missing in php' );
trigger_error( ERROR_LDAP_EXTENSION_NOT_LOADED, ERROR );
}

$t_ldap_server_2 = config_get( 'ldap_server_2' );

log_event( LOG_LDAP, 'Attempting connection to LDAP server/URI \'' . $t_ldap_server_2 . '\'.' );
$t_ds_2 = @ldap_connect( $t_ldap_server_2 );
if( $t_ds_2 !== false && $t_ds_2 > 0 ) {
    log_event( LOG_LDAP, 'Connection accepted by LDAP server' );

    $t_network_timeout_2 = config_get( 'ldap_network_timeout_2' );
    if( $t_network_timeout_2 > 0 ) {
        log_event( LOG_LDAP, &quot;Setting LDAP network timeout to &quot; . $t_network_timeout_2 );
        $t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_NETWORK_TIMEOUT, $t_network_timeout_2 );
        if( !$t_result_2 ) {
            ldap_log_error( $t_ds_2 );
        }
    }

    $t_protocol_version_2 = config_get( 'ldap_protocol_version_2' );
    if( $t_protocol_version_2 > 0 ) {
        log_event( LOG_LDAP, 'Setting LDAP protocol version to ' . $t_protocol_version_2 );
        $t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version_2 );
        if( !$t_result_2 ) {
            ldap_log_error( $t_ds_2 );
        }
    }

    ///Set referrals flag.
    $t_follow_referrals_2 = ON == config_get( 'ldap_follow_referrals_2' );
    $t_result_2 = @ldap_set_option( $t_ds_2, LDAP_OPT_REFERRALS, $t_follow_referrals_2 );
    if( !$t_result_2 ) {
        ldap_log_error( $t_ds_2 );
    }

    // If no Bind DN and Password is set, attempt to login as the configured
    // Bind DN.
    if( is_blank( $p_binddn_2 ) && is_blank( $p_password_2 ) ) {
        $p_binddn_2 = config_get( 'ldap_bind_dn_2', '' );
        $p_password_2 = config_get( 'ldap_bind_passwd_2', '' );
    }

    if( !is_blank( $p_binddn_2 ) && !is_blank( $p_password_2 ) ) {
        log_event( LOG_LDAP, 'Attempting bind to ldap server with username and password' );
        $t_br_2 = @ldap_bind( $t_ds_2, $p_binddn_2, $p_password_2 );
    } else {
        // Either the Bind DN or the Password are empty, so attempt an anonymous bind.
        log_event( LOG_LDAP, 'Attempting anonymous bind to ldap server' );
        $t_br_2 = @ldap_bind( $t_ds_2 );
    }

    if( !$t_br_2 ) {
        ldap_log_error( $t_ds_2 );
        log_event( LOG_LDAP, 'Bind to ldap server failed' );
        trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
    } else {
        log_event( LOG_LDAP, 'Bind to ldap server successful' );
    }
} else {
    log_event( LOG_LDAP, 'Connection to ldap server failed' );
    trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
}

return $t_ds_2;

}

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

$g_cache_ldap_email = array();
/////////////////////////////////////
$g_cache_ldap_email_2 = array();

/**

  • returns an email address from LDAP, given a userid
  • @param integer $p_user_id A valid user identifier.
  • @return string
    */
    function ldap_email( $p_user_id ) {
    global $g_cache_ldap_email;

    if( isset( $g_cache_ldap_email[(int)$p_user_id] ) ) {
    return $g_cache_ldap_email[(int)$p_user_id];
    }

    $t_username = user_get_username( $p_user_id );
    $t_email = ldap_email_from_username( $t_username );

    $g_cache_ldap_email[(int)$p_user_id] = $t_email;
    return $t_email;
    }
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_email_2( $p_user_id_2 ) {
    global $g_cache_ldap_email_2;

    if( isset( $g_cache_ldap_email_2[(int)$p_user_id_2] ) ) {
    return $g_cache_ldap_email_2[(int)$p_user_id_2];
    }

    $t_username_2 = user_get_username( $p_user_id_2 );
    $t_email_2 = ldap_email_from_username_2( $t_username_2 );

    $g_cache_ldap_email_2[(int)$p_user_id_2] = $t_email_2;
    return $t_email_2;
    }

/**

  • Return an email address from LDAP, given a username
  • @param string $p_username The username of a user to lookup.
  • @return string
    */
    function ldap_email_from_username( $p_username ) {
    if( ldap_simulation_is_enabled() ) {
    return ldap_simulation_email_from_username( $p_username );
    }

    $t_email = ldap_get_field_from_username( $p_username, 'mail' );
    if( $t_email === null ) {
    return '';
    }

    return $t_email;
    }
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_email_from_username_2( $p_username_2 ) {
    if( ldap_simulation_is_enabled_2() ) {
    return ldap_simulation_email_from_username_2( $p_username_2 );
    }

    $t_email_2 = ldap_get_field_from_username_2( $p_username_2, 'mail' );
    if( $t_email_2 === null ) {
    return '';
    }

    return $t_email_2;
    }
    /**

  • Gets a user's real name (common name) given the id.
  • @param integer $p_user_id The user id.
  • @return string real name.
    */
    function ldap_realname( $p_user_id ) {
    $t_username = user_get_username( $p_user_id );
    return ldap_realname_from_username( $t_username );
    }
    /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_realname_2( $p_user_id_2 ) {
    $t_username_2 = user_get_username( $p_user_id_2 );
    return ldap_realname_from_username( $t_username_2 );
    }
    /**
  • Gets a user real name given their user name.
  • @param string $p_username The user's name.
  • @return string The user's real name.
    */
    function ldap_realname_from_username( $p_username ) {
    if( ldap_simulation_is_enabled() ) {
    return ldap_simulatiom_realname_from_username( $p_username );
    }

    $t_ldap_realname_field = config_get( 'ldap_realname_field' );
    $t_realname = ldap_get_field_from_username( $p_username, $t_ldap_realname_field );
    if( $t_realname === null ) {
    return '';
    }

    return $t_realname;
    }

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_realname_from_username_2( $p_username_2 ) {
if( ldap_simulation_is_enabled_2() ) {
return ldap_simulatiom_realname_from_username_2( $p_username_2 );
}

$t_ldap_realname_field_2    = config_get( 'ldap_realname_field' );
$t_realname_2 = ldap_get_field_from_username( $p_username_2, $t_ldap_realname_field_2 );
if( $t_realname_2 === null ) {
    return '';
}

return $t_realname_2;

}

/**

  • Escapes the LDAP string to disallow injection.
  • @param string $p_string The string to escape.
  • @return string The escaped string.
    /
    function ldap_escape_string( $p_string ) {
    $t_find = array( '\', '
    ', '(', ')', '/', "\x00" );
    $t_replace = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );

    $t_string = str_replace( $t_find, $t_replace, $p_string );

    return $t_string;
    }
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_escape_string_2( $p_string_2 ) {
    $t_find_2 = array( '\', '*', '(', ')', '/', "\x00" );
    $t_replace_2 = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );

    $t_string_2 = str_replace( $t_find_2, $t_replace_2, $p_string_2 );

    return $t_string_2;
    }

/**

  • Gets the value of a specific field from LDAP given the user name
  • and LDAP field name.
  • @todo Implement caching by retrieving all needed information in one query.
  • @todo Implement logging to LDAP queries same way like DB queries.
  • @param string $p_username The user name.
  • @param string $p_field The LDAP field name.
  • @return string The field value or null if not found.
    */
    function ldap_get_field_from_username( $p_username, $p_field ) {
    $t_ldap_organization = config_get( 'ldap_organization' );
    $t_ldap_root_dn = config_get( 'ldap_root_dn' );
    $t_ldap_uid_field = config_get( 'ldap_uid_field' );

    $c_username = ldap_escape_string( $p_username );

    log_event( LOG_LDAP, 'Retrieving field \'' . $p_field . '\' for \'' . $p_username . '\'' );

    // Bind
    log_event( LOG_LDAP, 'Binding to LDAP server' );
    $t_ds = @ldap_connect_bind();
    if( $t_ds === false ) {
    ldap_log_error( $t_ds );
    return null;
    }

    // Search
    $t_search_filter = '(&' . $t_ldap_organization . '(' . $t_ldap_uid_field . '=' . $c_username . '))';
    $t_search_attrs = array( $t_ldap_uid_field, $p_field, 'dn' );

    log_event( LOG_LDAP, 'Searching for ' . $t_search_filter );
    $t_sr = @ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
    if( $t_sr === false ) {
    ldap_log_error( $t_ds );
    ldap_unbind( $t_ds );
    log_event( LOG_LDAP, 'ldap search failed' );
    return null;
    }

    // Get results
    $t_info = ldap_get_entries( $t_ds, $t_sr );
    if( $t_info === false ) {
    ldap_log_error( $t_ds );
    log_event( LOG_LDAP, 'ldap_get_entries() returned false.' );
    return null;
    }

    // Free results / unbind
    log_event( LOG_LDAP, 'Unbinding from LDAP server' );
    ldap_free_result( $t_sr );
    ldap_unbind( $t_ds );

    // If no matches, return null.
    if( $t_info['count'] == 0 ) {
    log_event( LOG_LDAP, 'No matches found.' );
    return null;
    }

    // Make sure the requested field exists
    $t_field_lowercase = strtolower( $p_field );
    if( is_array( $t_info[0] ) && array_key_exists( $t_field_lowercase, $t_info[0] ) ) {
    $t_value = $t_info[0][$t_field_lowercase][0];
    log_event( LOG_LDAP, 'Found value \'' . $t_value . '\' for field \'' . $p_field . '\'.' );
    } else {
    log_event( LOG_LDAP, 'WARNING: field \'' . $p_field . '\' does not exist' );
    return null;
    }

    return $t_value;
    }

/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_get_field_from_username_2( $p_username_2, $p_field_2 ) {
$t_ldap_organization_2 = config_get( 'ldap_organization_2' );
$t_ldap_root_dn_2 = config_get( 'ldap_root_dn_2' );
$t_ldap_uid_field_2 = config_get( 'ldap_uid_field_2' );

$c_username_2 = ldap_escape_string( $p_username_2 );

log_event( LOG_LDAP, 'Retrieving field \'' . $p_field_2 . '\' for \'' . $p_username_2 . '\'' );

// Bind
log_event( LOG_LDAP, 'Binding to LDAP server' );
$t_ds_2 = @ldap_connect_bind();
if( $t_ds_2 === false ) {
    ldap_log_error( $t_ds_2 );
    return null;
}

// Search
$t_search_filter_2        = '(&' . $t_ldap_organization_2 . '(' . $t_ldap_uid_field_2 . '=' . $c_username_2 . '))';
$t_search_attrs_2         = array( $t_ldap_uid_field_2, $p_field_2, 'dn' );

log_event( LOG_LDAP, 'Searching for ' . $t_search_filter_2 );
$t_sr_2 = @ldap_search( $t_ds_2, $t_ldap_root_dn_2, $t_search_filter_2, $t_search_attrs_2 );
if( $t_sr_2 === false ) {
    ldap_log_error( $t_ds_2 );
    ldap_unbind( $t_ds_2 );
    log_event( LOG_LDAP, 'ldap search failed' );
    return null;
}

// Get results
$t_info_2 = ldap_get_entries( $t_ds_2, $t_sr_2 );
if( $t_info_2 === false ) {
    ldap_log_error( $t_ds_2 );
    log_event( LOG_LDAP, 'ldap_get_entries() returned false.' );
    return null;
}

// Free results / unbind
log_event( LOG_LDAP, 'Unbinding from LDAP server' );
ldap_free_result( $t_sr_2 );
ldap_unbind( $t_ds_2 );

// If no matches, return null.
if( $t_info_2['count'] == 0 ) {
    log_event( LOG_LDAP, 'No matches found.' );
    return null;
}

// Make sure the requested field exists
$t_field_lowercase_2 = strtolower( $p_field_2 );
if( is_array( $t_info_2[0] ) && array_key_exists( $t_field_lowercase_2, $t_info_2[0] ) ) {
    $t_value_2 = $t_info_2[0][$t_field_lowercase_2][0];
    log_event( LOG_LDAP, 'Found value \'' . $t_value_2 . '\' for field \'' . $p_field_2 . '\'.' );
} else {
    log_event( LOG_LDAP, 'WARNING: field \'' . $p_field_2 . '\' does not exist' );
    return null;
}

return $t_value_2;

}

/**

  • Attempt to authenticate the user against the LDAP directory
  • return true on successful authentication, false otherwise
  • @param integer $p_user_id A valid user identifier.
  • @param string $p_password A password to test against the user user.
  • @return boolean
    */
    function ldap_authenticate( $p_user_id, $p_password ) {
    // if password is empty and ldap allows anonymous login, then
    // the user will be able to login, hence, we need to check
    // for this special case.
    if( is_blank( $p_password ) ) {
    return false;
    }

    $t_username = user_get_username( $p_user_id );

    return ldap_authenticate_by_username( $t_username, $p_password );
    }

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
function ldap_authenticate_2( $p_user_id_2, $p_password_2 ) {
// if password is empty and ldap allows anonymous login, then
// the user will be able to login, hence, we need to check
// for this special case.
if( is_blank( $p_password_2 ) ) {
return false;
}

$t_username_2 = user_get_username( $p_user_id_2 );

return ldap_authenticate_by_username_2( $t_username_2, $p_password_2 );

}

/**

  • Authenticates an user via LDAP given the username and password.
  • @param string $p_username The user name.
  • @param string $p_password The password.
  • @return true: authenticated, false: failed to authenticate.
    */
    function ldap_authenticate_by_username( $p_username, $p_password ) {
    goto chance2;
    if( ldap_simulation_is_enabled() ) {
    log_event( LOG_LDAP, 'Authenticating via LDAP simulation' );
    $t_authenticated = ldap_simulation_authenticate_by_username( $p_username, $p_password );
    } else {
    $c_username = ldap_escape_string( $p_username );

    $t_ldap_organization = config_get( 'ldap_organization' );
    $t_ldap_root_dn = config_get( 'ldap_root_dn' );
    
    $t_ldap_uid_field = config_get( 'ldap_uid_field', 'uid' );
    $t_search_filter = '(&' . $t_ldap_organization . '(' . $t_ldap_uid_field . '=' . $c_username . '))';
    $t_search_attrs = array(
        $t_ldap_uid_field,
        'dn',
    );
    
    // Bind
    log_event( LOG_LDAP, 'Binding to LDAP server' );
    $t_ds = ldap_connect_bind();
    if( $t_ds === false ) {
        ldap_log_error( $t_ds );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
    }
    
    // Search for the user id
    log_event( LOG_LDAP, 'Searching for ' . $t_search_filter );
    $t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
    if( $t_sr === false ) {
        ldap_log_error( $t_ds );
        ldap_unbind( $t_ds );
        log_event( LOG_LDAP, 'ldap search failed' );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
        log_event( LOG_LDAP, 'Riga 565' );
    }
    
    $t_info = @ldap_get_entries( $t_ds, $t_sr );
    if( $t_info === false ) {
        ldap_log_error( $t_ds );
        ldap_free_result( $t_sr );
        ldap_unbind( $t_ds );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
    }
    
    $t_authenticated = false;
    
    if( $t_info['count'] > 0 ) {
        // Try to authenticate to each until we get a match
        for( $i = 0; $i &lt; $t_info['count']; $i++ ) {
            $t_dn = $t_info[$i]['dn'];
            log_event( LOG_LDAP, 'Checking ' . $t_info[$i]['dn'] );
    
            // Attempt to bind with the DN and password
            if( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
                $t_authenticated = true;
                break;
            }
        }
    } else {

    ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    //2020.01.28

    log_event( LOG_LDAP, 'Authentication failed' );
    
    } //close else row 589
    chance2:
    function ldap_authenticate_by_username_2( $p_username_2, $p_password_2 ) {

    if( ldap_simulation_is_enabled_2() ) {
    log_event( LOG_LDAP, 'Authenticating via LDAP simulation' );
    $t_authenticated_2 = ldap_simulation_authenticate_by_username_2( $p_username_2, $p_password_2 );
    } else {
    $c_username_2 = ldap_escape_string_2( $p_username_2 );

    $t_ldap_organization_2 = config_get( 'ldap_organization_2' );
    $t_ldap_root_dn_2 = config_get( 'ldap_root_dn_2' );
    
    $t_ldap_uid_field_2 = config_get( 'ldap_uid_field_2', 'uid' ); // check uid if works
    $t_search_filter_2 = '(&' . $t_ldap_organization_2 . '(' . $t_ldap_uid_field_2 . '=' . $c_username_2 . '))';
    $t_search_attrs_2 = array(
        $t_ldap_uid_field_2,
        'dn',
    );
    
    // Bind
    log_event( LOG_LDAP, 'Binding to LDAP server' );
    $t_ds_2 = ldap_connect_bind_2();
    if( $t_ds_2 === false ) {
        ldap_log_error( $t_ds_2 );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
    }
    
    // Search for the user id
    log_event( LOG_LDAP, 'Searching for ' . $t_search_filter_2 );
    $t_sr_2 = ldap_search( $t_ds_2, $t_ldap_root_dn_2, $t_search_filter_2, $t_search_attrs_2 );
    if( $t_sr_2 === false ) {
        ldap_log_error( $t_ds_2 );
        ldap_unbind( $t_ds_2 );
        log_event( LOG_LDAP, 'ldap search failed' );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
    }
    
    $t_info_2 = @ldap_get_entries( $t_ds_2, $t_sr_2 );
    if( $t_info_2 === false ) {
        ldap_log_error( $t_ds_2 );
        ldap_free_result( $t_sr_2 );
        ldap_unbind( $t_ds_2 );
        trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR );
    }
    
    $t_authenticated_2 = false;
    
    if( $t_info_2['count'] > 0 ) {
        // Try to authenticate to each until we get a match
        for( $i = 0; $i &lt; $t_info_2['count']; $i++ ) {
            $t_dn_2 = $t_info_2[$i]['dn'];
            log_event( LOG_LDAP, 'Checking ' . $t_info_2[$i]['dn'] );
    
            // Attempt to bind with the DN and password
            if( @ldap_bind( $t_ds_2, $t_dn_2, $p_password_2 ) ) {
                $t_authenticated_2 = true;
                break;
            }
        }
    } else {
    
    log_event( LOG_LDAP, 'Authentication failed' );
    }

    }

    return $t_authenticated_2;
    }

    }//close function row 532

    return $t_authenticated;
    }

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

/**

  • Checks if the LDAP simulation mode is enabled.
  • @return boolean true if enabled, false otherwise.
    */
    function ldap_simulation_is_enabled() {
    $t_filename = config_get_global( 'ldap_simulation_file_path' );
    return !is_blank( $t_filename );
    }
    ////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_simulation_is_enabled_2() {
    $t_filename_2 = config_get_global( 'ldap_simulation_file_path_2' );
    return !is_blank( $t_filename_2 );
    }

/**

  • Gets a user from LDAP simulation mode given the username.
  • @param string $p_username The user name.
  • @return array|null An associate array with user information or null if not found.
    */
    function ldap_simulation_get_user( $p_username ) {
    $t_filename = config_get_global( 'ldap_simulation_file_path' );
    $t_lines = file( $t_filename );
    if( $t_lines === false ) {
    log_event( LOG_LDAP, 'ldap_simulation_get_user: could not read simulation data from ' . $t_filename );
    trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
    }

    foreach ( $t_lines as $t_line ) {
    $t_line = trim( $t_line, " \t\r\n" );
    $t_row = explode( ',', $t_line );

    if( $t_row[0] != $p_username ) {
        continue;
    }
    
    $t_user = array();
    
    $t_user['username'] = $t_row[0];
    $t_user['realname'] = $t_row[1];
    $t_user['email'] = $t_row[2];
    $t_user['password'] = $t_row[3];
    
    return $t_user;

    }

    log_event( LOG_LDAP, 'ldap_simulation_get_user: user \'' . $p_username . '\' not found.' );
    return null;
    }
    ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_simulation_get_user_2( $p_username_2 ) {
    $t_filename_2 = config_get_global( 'ldap_simulation_file_path_2' );
    $t_lines_2 = file( $t_filename_2 );
    if( $t_lines_2 === false ) {
    log_event( LOG_LDAP, 'ldap_simulation_get_user: could not read simulation data from ' . $t_filename_2 );
    trigger_error( ERROR_LDAP_SERVER_CONNECT_FAILED, ERROR );
    }

    foreach ( $t_lines_2 as $t_line_2 ) {
    $t_line_2 = trim( $t_line_2, " \t\r\n" );
    $t_row_2 = explode( ',', $t_line_2 );

    if( $t_row_2[0] != $p_username_2 ) {
        continue;
    }
    
    $t_user_2 = array();
    
    $t_user_2['username'] = $t_row_2[0];
    $t_user_2['realname'] = $t_row_2[1];
    $t_user_2['email'] = $t_row_2[2];
    $t_user_2['password'] = $t_row_2[3];
    
    return $t_user_2;

    }

    log_event( LOG_LDAP, 'ldap_simulation_get_user: user \'' . $p_username_2 . '\' not found.' );
    return null;
    }

/**

  • Given a username, gets the email address or empty address if user is not found.
  • @param string $p_username The user name.
  • @return string The email address or blank if user is not found.
    */
    function ldap_simulation_email_from_username( $p_username ) {
    $t_user = ldap_simulation_get_user( $p_username );
    if( $t_user === null ) {
    log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username . '\' not found.' );
    return '';
    }

    log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username . '\' has email \'' . $t_user['email'] .'\'.' );
    return $t_user['email'];
    }
    ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_simulation_email_from_username_2( $p_username_2 ) {
    $t_user_2 = ldap_simulation_get_user_2( $p_username_2 );
    if( $t_user_2 === null ) {
    log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username_2 . '\' not found.' );
    return '';
    }

    log_event( LOG_LDAP, 'ldap_simulation_email_from_username: user \'' . $p_username_2 . '\' has email \'' . $t_user_2['email'] .'\'.' );
    return $t_user_2['email'];
    }
    /**

  • Given a username, this methods gets the realname or empty string if not found.
  • @param string $p_username The username.
  • @return string The real name or an empty string if not found.
    */
    function ldap_simulatiom_realname_from_username( $p_username ) {
    $t_user = ldap_simulation_get_user( $p_username );
    if( $t_user === null ) {
    log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username . '\' not found.' );
    return '';
    }

    log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username . '\' has email \'' . $t_user['realname'] . '\'.' );
    return $t_user['realname'];
    }
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_simulatiom_realname_from_username_2( $p_username_2 ) {
    $t_user_2 = ldap_simulation_get_user_2( $p_username_2 );
    if( $t_user_2 === null ) {
    log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username_2 . '\' not found.' );
    return '';
    }

    log_event( LOG_LDAP, 'ldap_simulatiom_realname_from_username: user \'' . $p_username_2 . '\' has email \'' . $t_user_2['realname'] . '\'.' );
    return $t_user_2['realname'];
    }
    /**

  • Authenticates the specified user id / password based on the simulation data.
  • @param string $p_username The username.
  • @param string $p_password The password.
  • @return boolean true for authenticated, false otherwise.
    */
    function ldap_simulation_authenticate_by_username( $p_username, $p_password ) {
    $c_username = ldap_escape_string( $p_username );

    $t_user = ldap_simulation_get_user( $c_username );
    if( $t_user === null ) {
    log_event( LOG_LDAP, 'ldap_simulation_authenticate: user \'' . $p_username . '\' not found.' );
    return false;
    }

    if( $t_user['password'] != $p_password ) {
    log_event( LOG_LDAP, 'ldap_simulation_authenticate: expected password \'' . $t_user['password'] . '\' and got \'' . $p_password . '\'.' );
    return false;
    }

    log_event( LOG_LDAP, 'ldap_simulation_authenticate: authentication successful for user \'' . $p_username . '\'.' );
    return true;
    }
    //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    function ldap_simulation_authenticate_by_username_2( $p_username_2, $p_password_2 ) {
    $c_username_2 = ldap_escape_string_2( $p_username_2 );

    $t_user_2 = ldap_simulation_get_user_2( $c_username_2 );
    if( $t_user_2 === null ) {
    log_event( LOG_LDAP, 'ldap_simulation_authenticate: user \'' . $p_username_2 . '\' not found.' );
    return false;
    }

    if( $t_user_2['password'] != $p_password_2 ) {
    log_event( LOG_LDAP, 'ldap_simulation_authenticate: expected password \'' . $t_user_2['password'] . '\' and got \'' . $p_password_2 . '\'.' );
    return false;
    }

    log_event( LOG_LDAP, 'ldap_simulation_authenticate: authentication successful for user \'' . $p_username_2 . '\'.' );
    return true;
    }

Issue History

Date Modified Username Field Change
2020-01-28 10:26 s.sorrentino New Issue
2020-01-29 02:18 s.sorrentino Note Added: 0063529
2020-01-29 02:18 s.sorrentino Note Edited: 0063529 View Revisions
2020-01-29 02:20 s.sorrentino Note Edited: 0063529 View Revisions
2020-01-29 02:23 s.sorrentino Note Edited: 0063529 View Revisions
2020-01-29 02:48 vboctor Assigned To => vboctor
2020-01-29 02:48 vboctor Status new => resolved
2020-01-29 02:48 vboctor Resolution open => duplicate
2020-01-29 02:48 vboctor Relationship added duplicate of 0009954
2020-01-29 02:49 vboctor Category authentication => ldap
2020-02-09 07:05 atrol Status resolved => closed