Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Initial version of ldap authentication module. It have no config-inte…

…rface yet. (But it's coming)

It contains also experimental auth_get_userinfo() function, what is not used by moodle yet.
If you like to try it, create following $CFG variables to /config.php or directly to config-table and activate
ldap authentication from admin-configuration page.

$CFG->ldap_bind_dn      	"If your like to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'"
$CFG->ldap_bind_pw      	"Password for bind-user."
$CFG->ldap_contexts    		"List of contexts where users are located.
				  Separate different contexts with ';'. Something like 'ou=users,o=org; ou=other,o=org'"
$CFG->ldap_host_url      	"Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps//ldap.myorg.com/' ";
$CFG->ldap_search_sub   	"Put value <> 0 if  you like to search users from subcontexts.";
$CFG->ldap_user_attribute 	"What attribute is used to name/search users. Usually 'cn'. ";

More configuration optios are coming. This version is tested against Novell E-Directory without SSL and it works fine.
  • Loading branch information...
commit fcad13730e308696c895e5636a91c10cfedc16b7 1 parent abf59b1
paca70 authored
Showing with 167 additions and 0 deletions.
  1. +167 −0 auth/ldap/lib.php
View
167 auth/ldap/lib.php
@@ -0,0 +1,167 @@
+<?PHP
+//CHANGELOG:
+//29.09.2002 Clean up and splitted code to functions v. 0.02
+//29.09.2002 LDAP authentication functions v. 0.01
+//Distributed under GPL (c)Petri Asikainen 2002
+
+
+
+
+function auth_user_login ($username, $password) {
+// Returns true if the username and password work
+// and false if they don't
+
+ global $CFG;
+
+ $ldap_connection = auth_ldap_connect();
+ if($ldap_connection) {
+
+ $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
+
+ //if ldap_user_dn is empty, user does not exist
+ if(!$ldap_user_dn){
+ return false;
+ }
+
+ // Try to bind with current username and password
+ $ldap_login = @ldap_bind($ldap_connection, $ldap_user_dn, $password);
+ if ($ldap_login) {
+ ldap_close($ldap_connection);
+ return true;
+ }
+ } else {
+ @ldap_close($ldap_connection);
+ error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
+ return false ;
+ }
+}
+
+
+function auth_get_userinfo($username){
+ global $CFG;
+ //reads userinformation from ldap and return it in array()
+
+ $result = array();
+ $ldap_connection=auth_ldap_connect();
+
+ $moodleattributes = array();
+ // Commented out , does not work (why ?)
+ //require("$CFG->wwwroot/auth/ldap/attr_mappings.php");
+
+ $moodleattributes['firstname'] ='givenname';
+ $moodleattributes['lastname'] ='sn';
+ $moodleattributes['email'] ='mail';
+ $moodleattributes['phone1'] ='telephonenumber';
+ //$moodleattributes['phone2'] ='facsimiletelephonenumber';
+ //$moodleattributes['institution'] ='institution';
+ $moodleattributes['department'] ='ou';
+ $moodleattributes['address'] ='street';
+ $moodleattributes['city'] ='physicaldeliveryofficename';
+ //$moodleattributes['country'] ='country';
+ $moodleattributes['description'] ='description';
+
+ $search_attribs = array();
+ foreach ($moodleattributes as $key=>$value) {
+ array_push($search_attribs, $value);
+ }
+
+ $user_dn = auth_ldap_find_userdn($ldap_connection, $username);
+ $user_info_result = ldap_read($ldap_connection,$user_dn,"objectClass=*", $search_attribs);
+ if ($user_info_result) {
+ $user_entry = ldap_get_entries($ldap_connection, $user_info_result);
+ foreach ($moodleattributes as $key=>$value){
+ if(isset($user_entry[0][$value][0])){
+ $result[$key]=$user_entry[0][$value][0];
+ }
+ }
+ }
+ @ldap_close($ldap_connection);
+
+ //Hardcoded defaults
+ if(! isset($result['description'])) {
+ $result['description'] = "Description";
+ }
+ $result['country']='FI';
+
+ return $result;
+}
+
+function auth_ldap_connect(){
+ //connects to ldap-server
+ global $CFG;
+ $result = ldap_connect($CFG->ldap_host_url);
+ if ($result) {
+ return $result;
+ } else {
+ error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
+ return false;
+ }
+
+}
+function auth_ldap_bind($ldap_connection){
+ //makes bind to ldap for searching users
+ //uses ldap_bind_dn or anonymous bind
+ global $CFG;
+ if ($CFG->ldap_bind_dn){
+ //bind with search-user
+ if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){
+ error("Error: could not bind ldap with ldap_bind_dn/pw");
+ return false;
+ }
+ }else{
+ //bind anonymously
+ if ( !ldap_bind($ldap_connection)){
+ error("Error: could not bind ldap anonymously");
+ return false;
+ }
+ }
+ return true;
+
+}
+
+function auth_ldap_find_userdn ($ldap_connection, $username){
+ //return dn of username
+ //like: cn=username,ou=suborg,o=org
+ //or false if username not found
+ global $CFG;
+ //default return value
+ $ldap_user_dn = FALSE;
+
+
+ //$ldap_connection = auth_ldap_connect();
+ auth_ldap_bind($ldap_connection);
+
+ //get all contexts and look for first matching user
+ $ldap_contexts = explode(";",$CFG->ldap_contexts);
+
+
+
+
+ foreach($ldap_contexts as $context) {
+ $context == trim($context);
+ //echo ("looking in context:".$context."<br>");
+ //echo ("filter :"."(".$CFG->ldap_user_attribute."=".$username.")". "<br>");
+
+ if($CFG->ldap_search_sub){
+ //use ldap_search to find first user from subtree
+ $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
+ } else {
+ //search only in this context
+ $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
+ }
+
+ $entry = ldap_first_entry($ldap_connection,$ldap_result);
+ if ($entry){
+
+ $ldap_user_dn = ldap_get_dn($ldap_connection, $entry);
+ break ;
+
+ }
+ }
+ return $ldap_user_dn;
+}
+
+
+
+
+?>
Please sign in to comment.
Something went wrong with that request. Please try again.