Last active
November 8, 2016 02:00
-
-
Save ghostsf/5af841ce1aec6a64a87d4349481aeb94 to your computer and use it in GitHub Desktop.
php openldap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * simple class for LDAP authentification | |
| * | |
| * Created by ghostsf | |
| * Date: 2016/4/9 | |
| */ | |
| class openldap | |
| { | |
| protected $ldap_host; | |
| protected $ldap_port; | |
| protected $ldap_user; | |
| protected $ldap_pwd; | |
| protected $base_dn; | |
| protected $ldap; | |
| protected $filterattr = "uid"; | |
| protected $userinfo; | |
| /** | |
| * Exeptions code constants | |
| */ | |
| const ERROR_WRONG_USERDN = 4; | |
| const ERROR_CANT_AUTH = 5; | |
| const ERROR_CANT_SEARCH = 3; | |
| const ERROR_CANT_LDAP_BIND = 2; | |
| const ERROR_CANT_CONNECT = 0; | |
| const ERROR_CANT_DISCONNECT = 1; | |
| const SUCCESS_INIT = -1; | |
| const SUCCESS_AUTH = 6; | |
| /** | |
| * __construct | |
| * openldap constructor. | |
| * @param $ldap_host | |
| * @param $ldap_port | |
| * @param $ldap_user | |
| * @param $ldap_pwd | |
| * @param $base_dn | |
| */ | |
| function __construct($ldap_host, $ldap_port, $ldap_user, $ldap_pwd, $base_dn) | |
| { | |
| $this->ldap_host = $ldap_host; | |
| $this->ldap_port = $ldap_port; | |
| $this->ldap_user = $ldap_user; | |
| $this->ldap_pwd = $ldap_pwd; | |
| $this->base_dn = $base_dn; | |
| } | |
| /** | |
| * init_connection | |
| * @return int | |
| */ | |
| protected function init_connection() | |
| { | |
| $this->ldap = ldap_connect($this->ldap_host, $this->ldap_port); | |
| if ($this->ldap) { | |
| ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, 3); | |
| ldap_set_option($this->ldap, LDAP_OPT_REFERRALS, 0); | |
| $ldap_bind = ldap_bind($this->ldap, $this->ldap_user, $this->ldap_pwd); | |
| if ($ldap_bind) | |
| return self::SUCCESS_INIT; | |
| else | |
| return self::ERROR_CANT_LDAP_BIND; | |
| } else | |
| return self::ERROR_CANT_CONNECT; | |
| } | |
| /** | |
| * authenticate | |
| * @param null $user | |
| * @param null $password | |
| * @return int | |
| */ | |
| public function authenticate($user = null, $password = null) | |
| { | |
| $returnCode = $this->init_connection(); | |
| if ($returnCode != self::SUCCESS_INIT) { | |
| return $returnCode; | |
| } | |
| $filter = $this->filterattr . "=" . $user; | |
| $result = ldap_search($this->ldap, $this->base_dn, $filter); | |
| $entry = ldap_get_entries($this->ldap, $result); | |
| $count = $entry['count']; | |
| if ($count != 0) { | |
| $entry = $entry[0]; | |
| $userdn = $entry['dn']; | |
| if ($userdn != null) { | |
| $r = ldap_bind($this->ldap, $userdn, $password); | |
| if ($r) { | |
| $name = $entry['displayname'][0]; | |
| $this->userinfo['name'] = $name; | |
| $email = $entry['mail2'][0]; | |
| $this->userinfo['email'] = $email; | |
| ldap_unbind($this->ldap); | |
| return self::SUCCESS_AUTH; | |
| } | |
| ldap_unbind($this->ldap); | |
| return self::ERROR_CANT_AUTH; | |
| } | |
| return self::ERROR_WRONG_USERDN; | |
| } | |
| return self::ERROR_CANT_SEARCH; | |
| } | |
| /** | |
| * getUserinfo | |
| * @return mixed | |
| */ | |
| public function getUserinfo() | |
| { | |
| return $this->userinfo; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
maybe my first gist code .