2 /** External authentication via LDAP for Gforge
3 * Copyright 2003 Roland Mas <lolando@debian.org>
4 * Copyright 2004 Roland Mas <roland@gnurandal.com>
5 * The Gforge Group, LLC <http://gforgegroup.com/>
6 * Copyright 2004 Christian Bayle <bayle@debian.org>
8 * This file is not part of Gforge
10 * This plugin, like Gforge, is free software; you can redistribute it
11 * and/or modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2 of
13 * the License, or (at your option) any later version.
15 * GForge is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with GForge; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 US
25 require_once 'plugins/ldapextauth/mapping.php' ;
27 class LdapextauthPlugin extends Plugin {
28 function LdapextauthPlugin () {
30 $this->name = "ldapextauth";
31 $this->hooks[] = "session_before_login";
33 $this->ldap_conn = false ;
35 require_once $gfconfig.'plugins/ldapextauth/config.php' ;
36 $this->base_dn = $sys_ldap_dn ;
37 $this->ldap_server = $sys_ldap_server ;
38 $this->ldap_port = $sys_ldap_port ;
40 $this->base_dn = $base_dn ;
43 $this->ldap_server = $ldap_server ;
46 $this->ldap_port = $ldap_port ;
49 $this->ldap_kind = $ldap_kind ;
53 function CallHook ($hookname, $params) {
56 $loginname = $params['loginname'] ;
57 $passwd = $params['passwd'] ;
60 case "session_before_login":
61 // Authenticate against LDAP
62 $this->AuthUser ($loginname, $passwd) ;
72 function AuthUser ($loginname, $passwd) {
75 if (!function_exists ( "ldap_connect" )) {
79 if (!$this->ldap_conn) {
80 $this->ldap_conn = ldap_connect ($this->ldap_server,
83 if ($GLOBALS['sys_ldap_version']) {
84 ldap_set_option ($this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $GLOBALS['sys_ldap_version']);
86 $dn = plugin_ldapextauth_getdn ($this, $loginname) ;
88 $GLOBALS['ldap_auth_failed']=true;
92 $u = user_get_object_by_name ($loginname) ;
95 if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
96 // Password from form is valid in LDAP
97 if (session_login_valid_dbonly ($loginname, $passwd, false)) {
98 // Also according to DB
99 $GLOBALS['ldap_auth_failed']=false;
102 // Passwords mismatch, update DB's
103 $u->setPasswd ($passwd) ;
104 $GLOBALS['ldap_auth_failed']=false;
108 // Wrong password according to LDAP
109 $feedback=_('Invalid Password Or User Name');
110 $GLOBALS['ldap_auth_failed']=true;
114 // User doesn't exist in DB yet
115 if (@ldap_bind($this->ldap_conn, $dn, $passwd)) {
116 // User authenticated
118 if ($this->ldap_kind=="AD"){
119 $res = ldap_search ($this->ldap_conn, $this->base_dn, "sAMAccountName=".$loginname) ;
121 $res = ldap_read ($this->ldap_conn, $dn, "objectclass=*") ;
123 $info = ldap_get_entries ($this->ldap_conn,$res);
124 $ldapentry = $info[0] ;
126 $mappedinfo = plugin_ldapextauth_mapping ($ldapentry) ;
131 $unix_name = $loginname ;
134 $password1 = $passwd ;
135 $password2 = $passwd ;
141 $jabber_address = '' ;
153 if ($mappedinfo['firstname']) {
154 $firstname = $mappedinfo['firstname'] ;
156 if ($mappedinfo['lastname']) {
157 $lastname = $mappedinfo['lastname'] ;
159 if ($mappedinfo['email']) {
160 $email = $mappedinfo['email'] ;
162 if ($mappedinfo['language_id']) {
163 $language_id = $mappedinfo['language_id'] ;
165 if ($mappedinfo['timezone']) {
166 $timezone = $mappedinfo['timezone'] ;
168 if ($mappedinfo['jabber_address']) {
169 $jabber_address = $mappedinfo['jabber_address'] ;
171 if ($mappedinfo['address']) {
172 $address = $mappedinfo['address'] ;
174 if ($mappedinfo['address2']) {
175 $address2 = $mappedinfo['address2'] ;
177 if ($mappedinfo['phone']) {
178 $phone = $mappedinfo['phone'] ;
180 if ($mappedinfo['fax']) {
181 $fax = $mappedinfo['fax'] ;
183 if ($mappedinfo['title']) {
184 $title = $mappedinfo['title'] ;
186 if ($mappedinfo['ccode']) {
187 $ccode = $mappedinfo['ccode'] ;
189 if ($mappedinfo['themeid']) {
190 $theme_id = $mappedinfo['themeid'] ;
193 if (!$u->create ($unix_name,$firstname,$lastname,$password1,$password2,$email,
194 $mail_site,$mail_va,$language_id,$timezone,$jabber_address,$jabber_only,$theme_id,
195 $unix_box, $address, $address2, $phone, $fax, $title, $ccode, $send_mail)) {
196 $GLOBALS['ldap_auth_failed']=true;
197 $feedback = "<br>Error Creating User: ".$u->getErrorMessage();
201 if (!$u->setStatus ('A')) {
202 $GLOBALS['ldap_auth_failed']=true;
203 $feedback = "<br>Error Activating User: ".$u->getErrorMessage();
206 $GLOBALS['ldap_auth_failed']=false;
207 $GLOBALS['ldap_first_login']=true;
210 $GLOBALS['ldap_auth_failed']=true;
211 $feedback=_('Invalid Password Or User Name');
212 return false ; // Probably ignored, but just in case
220 // c-file-style: "bsd"