| 765 |
765 |
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
|
| 766 |
766 |
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
| 767 |
767 |
|
|
768 |
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
|
769 |
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
| 768 |
770 |
if ($ldapanon == true) {
|
| 769 |
771 |
if (!($res = @ldap_bind($ldap))) {
|
| 770 |
772 |
@ldap_close($ldap);
|
| ... | ... | |
| 836 |
838 |
ldap_set_option($ldap, LDAP_OPT_DEREF, LDAP_DEREF_SEARCHING);
|
| 837 |
839 |
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
| 838 |
840 |
|
|
841 |
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
|
842 |
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
| 839 |
843 |
if ($ldapanon == true) {
|
| 840 |
844 |
if (!($res = @ldap_bind($ldap))) {
|
| 841 |
845 |
log_error(sprintf(gettext("ERROR! ldap_get_user_ous() could not bind anonymously to server %s."), $ldapname));
|
| ... | ... | |
| 885 |
889 |
if(!$username)
|
| 886 |
890 |
return false;
|
| 887 |
891 |
|
| 888 |
|
if(stristr($username, "@")) {
|
|
892 |
if(!isset($authcfg['ldap_nostrip_at']) && stristr($username, "@")) {
|
| 889 |
893 |
$username_split = explode("@", $username);
|
| 890 |
894 |
$username = $username_split[0];
|
| 891 |
895 |
}
|
| ... | ... | |
| 948 |
952 |
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$ldapver);
|
| 949 |
953 |
|
| 950 |
954 |
/* bind as user that has rights to read group attributes */
|
|
955 |
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
|
956 |
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
| 951 |
957 |
if ($ldapanon == true) {
|
| 952 |
958 |
if (!($res = @ldap_bind($ldap))) {
|
| 953 |
959 |
log_error(sprintf(gettext("ERROR! ldap_get_groups() could not bind anonymously to server %s."), $ldapname));
|
| ... | ... | |
| 1007 |
1013 |
if(!function_exists("ldap_connect"))
|
| 1008 |
1014 |
return;
|
| 1009 |
1015 |
|
| 1010 |
|
if(stristr($username, "@")) {
|
|
1016 |
if(!isset($authcfg['ldap_nostrip_at']) && stristr($username, "@")) {
|
| 1011 |
1017 |
$username_split = explode("@", $username);
|
| 1012 |
1018 |
$username = $username_split[0];
|
| 1013 |
1019 |
}
|
| ... | ... | |
| 1083 |
1089 |
|
| 1084 |
1090 |
/* ok, its up. now, lets bind as the bind user so we can search it */
|
| 1085 |
1091 |
$error = false;
|
|
1092 |
$ldapbindun = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindun) : $ldapbindun;
|
|
1093 |
$ldapbindpw = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapbindpw) : $ldapbindpw;
|
| 1086 |
1094 |
if ($ldapanon == true) {
|
| 1087 |
1095 |
if (!($res = @ldap_bind($ldap)))
|
| 1088 |
1096 |
$error = true;
|
| ... | ... | |
| 1112 |
1120 |
log_auth(sprintf(gettext("Now Searching for %s in directory."), $username));
|
| 1113 |
1121 |
/* Iterate through the user containers for search */
|
| 1114 |
1122 |
foreach ($ldac_splits as $i => $ldac_split) {
|
|
1123 |
$ldac_split = isset($authcfg['ldap_utf8']) ? utf8_encode($ldac_split) : $ldac_split;
|
|
1124 |
$ldapfilter = isset($authcfg['ldap_utf8']) ? utf8_encode($ldapfilter) : $ldapfilter;
|
|
1125 |
$ldapsearchbasedn = isset($authcfg['ldap_utf8']) ? utf8_encode("{$ldac_split},{$ldapbasedn}") : "{$ldac_split},{$ldapbasedn}";
|
| 1115 |
1126 |
/* Make sure we just use the first user we find */
|
| 1116 |
1127 |
if ($debug)
|
| 1117 |
|
log_auth(sprintf(gettext('Now Searching in server %1$s, container %2$s with filter %3$s.'), $ldapname, $ldac_split, $ldapfilter));
|
|
1128 |
log_auth(sprintf(gettext('Now Searching in server %1$s, container %2$s with filter %3$s.'), $ldapname, utf8_decode($ldac_split), utf8_decode($ldapfilter)));
|
| 1118 |
1129 |
if ($ldapscope == "one")
|
| 1119 |
1130 |
$ldapfunc = "ldap_list";
|
| 1120 |
1131 |
else
|
| ... | ... | |
| 1123 |
1134 |
if (stristr($ldac_split, "DC=") || empty($ldapbasedn))
|
| 1124 |
1135 |
$search = @$ldapfunc($ldap,$ldac_split,$ldapfilter);
|
| 1125 |
1136 |
else
|
| 1126 |
|
$search = @$ldapfunc($ldap,"{$ldac_split},{$ldapbasedn}",$ldapfilter);
|
|
1137 |
$search = @$ldapfunc($ldap,$ldapsearchbasedn,$ldapfilter);
|
| 1127 |
1138 |
if (!$search) {
|
| 1128 |
1139 |
log_error(sprintf(gettext("Search resulted in error: %s"), ldap_error($ldap)));
|
| 1129 |
1140 |
continue;
|
| ... | ... | |
| 1146 |
1157 |
}
|
| 1147 |
1158 |
|
| 1148 |
1159 |
/* Now lets bind as the user we found */
|
|
1160 |
$passwd = isset($authcfg['ldap_utf8']) ? utf8_encode($passwd) : $passwd;
|
| 1149 |
1161 |
if (!($res = @ldap_bind($ldap, $userdn, $passwd))) {
|
| 1150 |
1162 |
log_error(sprintf(gettext('ERROR! Could not login to server %1$s as user %2$s: %3$s'), $ldapname, $username, ldap_error($ldap)));
|
| 1151 |
1163 |
@ldap_unbind($ldap);
|
| 1152 |
1164 |
return false;
|
| 1153 |
1165 |
}
|
| 1154 |
1166 |
|
| 1155 |
|
if ($debug)
|
|
1167 |
if ($debug) {
|
|
1168 |
$userdn = isset($authcfg['ldap_utf8']) ? utf8_decode($userdn) : $userdn;
|
| 1156 |
1169 |
log_auth(sprintf(gettext('Logged in successfully as %1$s via LDAP server %2$s with DN = %3$s.'), $username, $ldapname, $userdn));
|
|
1170 |
}
|
| 1157 |
1171 |
|
| 1158 |
1172 |
/* At this point we are bound to LDAP so the user was auth'd okay. Close connection. */
|
| 1159 |
1173 |
@ldap_unbind($ldap);
|
Added by Jim Pingle about 12 years ago
Add LDAP server options to control UTF8-encoding of parameters. Fixes #2227. While I'm here, add a checkbox to prevent the stripping of @ from the LDAP username if the user wants the full name transmitted.