diff --git a/auth/ldap/lib.php b/auth/ldap/lib.php index 1ef9509b44e..d6a441d17eb 100644 --- a/auth/ldap/lib.php +++ b/auth/ldap/lib.php @@ -1,181 +1,215 @@ -ldap_host_url"); - return false ; + @ldap_close($ldap_connection); + error("LDAP-module cannot connect to server: $CFG->ldap_host_url"); + return false ; } } + function auth_get_userinfo($username){ - global $CFG; - //reads userinformation from ldap and return it in array() +/// reads userinformation from ldap and return it in array() + global $CFG; - $config = (array)$CFG; - $fields = array("firstname", "lastname", "email", "phone1", "phone2", - "department", "address", "city", "country", "description", - "idnumber", "lang"); + $config = (array)$CFG; + $fields = array("firstname", "lastname", "email", "phone1", "phone2", + "department", "address", "city", "country", "description", + "idnumber", "lang"); - $moodleattributes = array(); - foreach ($fields as $field) { - if ($config["auth_user_$field"]) { - $moodleattributes[$field] = $config["auth_user_$field"]; - } - } + $moodleattributes = array(); + foreach ($fields as $field) { + if ($config["auth_user_$field"]) { + $moodleattributes[$field] = $config["auth_user_$field"]; + } + } - $ldap_connection=auth_ldap_connect(); + $ldap_connection=auth_ldap_connect(); - $result = array(); - $search_attribs = array(); - - foreach ($moodleattributes as $key=>$value) { - array_push($search_attribs, $value); - } - - $user_dn = auth_ldap_find_userdn($ldap_connection, $username); - if (! isset($CFG->ldap_objectclass)) { - $CFG->ldap_objectclass="objectClass=*"; - } + $result = array(); + $search_attribs = array(); - $user_info_result = ldap_read($ldap_connection,$user_dn,$CFG->ldap_objectclass, $search_attribs); - if ($user_info_result) { - $user_entry = ldap_get_entries($ldap_connection, $user_info_result); - foreach ($moodleattributes as $key=>$value){ - if(isset($user_entry[0][$value][0])){ - $result[$key]=$user_entry[0][$value][0]; - } - } - } - @ldap_close($ldap_connection); + foreach ($moodleattributes as $key=>$value) { + array_push($search_attribs, $value); + } - return $result; + $user_dn = auth_ldap_find_userdn($ldap_connection, $username); + + if (! isset($CFG->ldap_objectclass)) { + $CFG->ldap_objectclass="objectClass=*"; + } + + $user_info_result = ldap_read($ldap_connection,$user_dn,$CFG->ldap_objectclass, $search_attribs); + + if ($user_info_result) { + $user_entry = ldap_get_entries($ldap_connection, $user_info_result); + foreach ($moodleattributes as $key=>$value){ + if(isset($user_entry[0][$value][0])){ + $result[$key]=$user_entry[0][$value][0]; + } + } + } + + @ldap_close($ldap_connection); + + return $result; } + + function auth_get_userlist() { - //returns all users from ldap servers - global $CFG; - $fresult = array(); - $ldap_connection = auth_ldap_connect(); - auth_ldap_bind($ldap_connection); - if (! isset($CFG->ldap_objectclass)) { - $CFG->ldap_objectclass="objectClass=*"; - } - $contexts=explode(";",$CFG->ldap_contexts); - foreach ($contexts as $context) { - - if($CFG->ldap_search_sub){ - //use ldap_search to find first user from subtree - $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute)); - } else { - //search only in this context - $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute)); - } +/// returns all users from ldap servers + global $CFG; - $users = ldap_get_entries($ldap_connection,$ldap_result); - //add found users to list - for ($i=0;$i<$users['count'];$i++) { - array_push($fresult,($users[$i][$CFG->ldap_user_attribute][0])); - } - } - return $fresult; - + $fresult = array(); + $ldap_connection = auth_ldap_connect(); + + auth_ldap_bind($ldap_connection); + + if (! isset($CFG->ldap_objectclass)) { + $CFG->ldap_objectclass="objectClass=*"; + } + + $contexts = explode(";",$CFG->ldap_contexts); + + foreach ($contexts as $context) { + + if ($CFG->ldap_search_sub) { + //use ldap_search to find first user from subtree + $ldap_result = ldap_search($ldap_connection, $context, + "(".$CFG->ldap_objectclass.")", + array($CFG->ldap_user_attribute)); + } else { + //search only in this context + $ldap_result = ldap_list($ldap_connection, $context, + "(".$CFG->ldap_objectclass.")", + array($CFG->ldap_user_attribute)); + } + + $users = ldap_get_entries($ldap_connection, $ldap_result); + + //add found users to list + for ($i=0;$i<$users['count'];$i++) { + array_push($fresult, ($users[$i][$CFG->ldap_user_attribute][0]) ); + } + } + + return $fresult; } + + + function auth_ldap_connect(){ - //connects to ldap-server - global $CFG; - $result = ldap_connect($CFG->ldap_host_url); - if ($result) { - return $result; - } else { - error("LDAP-module cannot connect to server: $CFG->ldap_host_url"); - return false; - } +/// connects to ldap-server + global $CFG; + + $result = ldap_connect($CFG->ldap_host_url); + + if ($result) { + return $result; + + } else { + error("LDAP-module cannot connect to server: $CFG->ldap_host_url"); + return false; + } } + + function auth_ldap_bind($ldap_connection){ - //makes bind to ldap for searching users - //uses ldap_bind_dn or anonymous bind - global $CFG; +/// makes bind to ldap for searching users +/// uses ldap_bind_dn or anonymous bind + + global $CFG; + if ($CFG->ldap_bind_dn){ - //bind with search-user - if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){ - error("Error: could not bind ldap with ldap_bind_dn/pw"); - return false; - } - }else{ - //bind anonymously - if ( !ldap_bind($ldap_connection)){ - error("Error: could not bind ldap anonymously"); - return false; - } - } - return true; + //bind with search-user + if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){ + error("Error: could not bind ldap with ldap_bind_dn/pw"); + return false; + } -} - -function auth_ldap_find_userdn ($ldap_connection, $username){ - //return dn of username - //like: cn=username,ou=suborg,o=org - //or false if username not found - global $CFG; - //default return value - $ldap_user_dn = FALSE; - - auth_ldap_bind($ldap_connection); - - //get all contexts and look for first matching user - $ldap_contexts = explode(";",$CFG->ldap_contexts); - - foreach($ldap_contexts as $context) { - $context == trim($context); - if($CFG->ldap_search_sub){ - //use ldap_search to find first user from subtree - $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); } else { - //search only in this context - $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); + //bind anonymously + if ( !ldap_bind($ldap_connection)){ + error("Error: could not bind ldap anonymously"); + return false; + } } - - $entry = ldap_first_entry($ldap_connection,$ldap_result); - if ($entry){ - - $ldap_user_dn = ldap_get_dn($ldap_connection, $entry); - break ; - + + return true; +} + + + +function auth_ldap_find_userdn ($ldap_connection, $username){ +/// return dn of username +/// like: cn=username,ou=suborg,o=org +/// or false if username not found + + global $CFG; + + //default return value + $ldap_user_dn = FALSE; + + auth_ldap_bind($ldap_connection); + + //get all contexts and look for first matching user + $ldap_contexts = explode(";",$CFG->ldap_contexts); + + foreach ($ldap_contexts as $context) { + + $context == trim($context); + + if ($CFG->ldap_search_sub){ + //use ldap_search to find first user from subtree + $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); + + } else { + //search only in this context + $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")"); + } + + $entry = ldap_first_entry($ldap_connection,$ldap_result); + + if ($entry){ + $ldap_user_dn = ldap_get_dn($ldap_connection, $entry); + break ; + } } - } - return $ldap_user_dn; + + return $ldap_user_dn; } ?>