Permalink
Browse files

added functionality for pre-authentication as admin to accommodate an…

…y access control for ldap_search calls (closes #5)
  • Loading branch information...
1 parent 069178f commit d668f06b54306e2120500751adad74c1d84cbcbc Robert Elwell committed Oct 5, 2012
Showing with 22 additions and 4 deletions.
  1. +1 −1 LdapBundle/Resources/config/services.yml
  2. +21 −3 LdapBundle/Security/Ldap/Ldap.php
@@ -34,4 +34,4 @@ services:
daps_ldap.ldap:
class: %daps_ldap.ldap.class%
- arguments: [%daps_ldap.ldap.host%, %daps_ldap.ldap.port%, %daps_ldap.ldap.dn%, %daps_ldap.ldap.username_suffix%]
+ arguments: [%daps_ldap.ldap.host%, %daps_ldap.ldap.port%, %daps_ldap.ldap.dn%, %daps_ldap.ldap.username_suffix%, %daps_ldap.ldap.admin.enable%, %daps_ldap.ldap.admin.dn%, %daps_ldap.ldap.admin.password%]
@@ -21,24 +21,30 @@ class Ldap implements LdapInterface
private $optReferrals;
private $username;
private $password;
+ private $enableAdmin;
+ private $adminDn;
+ private $adminPassword;
private $boundListing;
private $connection;
- /**
+ /**
* contructor
*
* @param string $host
* @param integer $port
* @param string $dn
* @param string $usernameSuffix
+ * @param boolean $enableAdmin
+ * @param string $adminDn
+ * @param string $adminPassword
* @param integer $version
* @param boolean $useSsl
* @param boolean $useStartTls
* @param boolean $optReferrals
*/
- public function __construct($host = null, $port = 389, $dn = null, $usernameSuffix = null, $version = 3, $useSsl = false, $useStartTls = false, $optReferrals = false)
+ public function __construct($host = null, $port = 389, $dn = null, $usernameSuffix = null, $enableAdmin = false, $adminDn = null, $adminPassword = null, $version = 3, $useSsl = false, $useStartTls = false, $optReferrals = false )
{
if (!extension_loaded('ldap')) {
throw new LdapException('Ldap module is needed. ');
@@ -48,10 +54,13 @@ public function __construct($host = null, $port = 389, $dn = null, $usernameSuff
$this->port = $port;
$this->dn = $dn;
$this->usernameSuffix = $usernameSuffix;
+ $this->enableAdmin = (boolean) $enableAdmin;
+ $this->adminDn = $adminDn;
+ $this->adminPassword = $adminPassword;
$this->version = $version;
$this->useSsl = (boolean) $useSsl;
$this->useStartTls = (boolean) $useStartTls;
- $this->optReferrals = (boolean) $optReferrals;
+ $this->optReferrals = (boolean) $optReferrals;
$this->connection = null;
}
@@ -279,6 +288,15 @@ private function connect()
if ($this->getUseStartTls()) {
ldap_start_tls($this->connection);
}
+
+ if ($this->enableAdmin) {
+ if ( ($this->adminDn === null) || ($this->adminPassword === null) ) {
+ throw new ConnectionException('Admin bind required but credentials not provided. Please see ldapcredentials.yml.');
+ }
+ if (false === @ldap_bind($this->connection, $this->adminDn, $this->adminPassword)) {
+ throw new ConnectionException('Admin bind credentials incorrect. Please see ldapcredentials.yml or review your LDAP configurations.');
+ }
+ }
}
return $this;
}

0 comments on commit d668f06

Please sign in to comment.