/[drupal]/contributions/modules/ldap_lookup/ldap_lookup.auth
ViewVC logotype

Contents of /contributions/modules/ldap_lookup/ldap_lookup.auth

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.4 - (show annotations) (download)
Thu Oct 4 10:07:03 2007 UTC (2 years, 1 month ago) by kibble
Branch: MAIN
CVS Tags: HEAD
Changes since 1.3: +1 -0 lines 
Version checks only
1 <?php
2 // $Id: ldap_lookup.auth,v 1.2 2007/09/26 09:57:27 kibble Exp $
3
4 function _ldap_lookup_auth($name, $pass) {
5
6 $results = db_query("SELECT * FROM {ldap_lookup}");
7
8 if (( ! isset($pass)) || ($pass == "") || ($pass == NULL)) {
9 unset($pass);
10 $pass = NULL;
11 }
12
13 while ($row = db_fetch_object($results)) {
14
15 $ldap = new ldap_lookup_class($row->name, $row->server, $row->port, $row->basedn, $row->groupdn, $row->binddn, $row->bindpw, $row->use_tls, $row->user_attr, $row->email_attr);
16
17 if ($ldap->connect()) {
18
19 $possible_base_dns = explode("\r\n", $row->basedn);
20 foreach ($possible_base_dns as $base_dn) {
21
22 $user_attr = $row->user_attr;
23
24 $filter = "(" . $user_attr . "=" . $name . ")";
25 $records = $ldap->search($base_dn, $filter);
26
27 if ($records) {
28
29 if ($records['count'] == 1) {
30
31 $record = $records[0];
32
33 if ( ! isset($record[$user_attr][0]) ) {
34 $user_attr = strtolower($user_attr);
35 if ( ! isset($record[$user_attr][0]) ) {
36 break;
37 }
38 }
39
40 foreach ($record[$user_attr] as $value) {
41
42 if (strtolower($value) == strtolower($name)) {
43
44 if ($pass == NULL) { /** update */
45
46 $ldap->set_bindings($record['distinguishedname'][0], NULL);
47 return($ldap);
48
49 /** just in case... */
50 unset($ldap);
51
52 } else { /** login */
53
54 $user_ldap_conn = new ldap_lookup_class($row->name, $row->server, $row->port, $row->basedn, $row->groupdn, $record['distinguishedname'][0], $pass, $row->use_tls, $row->user_attr, $row->email_attr);
55 if ($user_ldap_conn->connect()) {
56
57 unset($user_ldap_conn);
58 unset($ldap);
59
60 /** Set the local password to match LDAP */
61 db_query("UPDATE {users} SET pass = MD5('%s') WHERE name = '%s'", $pass, $name);
62 return(TRUE);
63
64 } else {
65 /** check if user account is locked ? */
66 drupal_set_message('Either your username and password is incorrect or you have been locked out from the system for excessive attempts to login.', 'error');
67 }
68
69 unset($user_ldap_conn);
70
71 }
72
73 }
74
75 }
76
77 }
78
79 }
80
81 }
82
83 }
84
85 unset($ldap);
86 }
87
88 return(FALSE);
89
90 }
91
92 function ldap_lookup_init() {
93
94 global $user;
95 $q = $_GET['q'] ? $_GET['q'] : $_POST['q'];
96
97 if ((strcasecmp($q, 'logout') != 0) && (!$user->uid) && (variable_get('ldap_lookup_enable_ntlm', 0))) {
98
99 /** Try NTML Authentication First */
100 if (!$_SERVER['REMOTE_USER'] && !$_SERVER['AUTH_USER'] && !$_SERVER['LOGON_USER']) {
101 header('HTTP/1.0 401 Authorization Required');
102 header('WWW-Authenticate: NTLM');
103 return;
104 }
105
106 if ($_SERVER['REMOTE_USER'] && $_SERVER['AUTH_USER'] && $_SERVER['LOGON_USER']) {
107
108 /** $_SERVER['HTTP_AUTHORIZATION'] <- contains password hash */
109 $name = preg_replace("/^.+\\\\/", "", $_SERVER["AUTH_USER"]);
110 $ldap = _ldap_lookup_auth($name, NULL);
111
112 if ($ldap != FALSE) {
113
114 $account = db_fetch_object(db_query("SELECT * FROM {users} u WHERE name = '" . $name . "' LIMIT 1"));
115 if ($account->uid) {
116 $uarray = array('uid' => $account->uid, 'name' => $account->name, 'mail' => $account->mail);
117 $user = user_load($uarray);
118 }
119
120 }
121 unset($ldap);
122
123 }
124
125 }
126
127 }
128
129 function ldap_lookup_auth($name, $pass, $server) {
130
131 if ($_SERVER['REMOTE_USER'] && $_SERVER['AUTH_USER'] && $_SERVER['LOGON_USER']) {
132 return(TRUE);
133 } else {
134 return(_ldap_lookup_auth($name, $pass));
135 }
136
137 }
138
139 ?>
  ViewVC Help
Powered by ViewVC 1.1.2