source: trunk/www/db_po/include.php@ 11942

Last change on this file since 11942 was 11597, checked in by Daniela Dorner, 13 years ago
added (functions for ldap-authentication)
File size: 2.2 KB
Line 
1<?php
2
3function GetLDAPOptions()
4{
5 return array(
6 'ldapHost' => 'ldap.isdc.unige.ch',
7 'ldapDomain' => 'isdc.unige.ch',
8 'ldapPort' => '389',
9
10 'baseDN' => 'dc=isdc,dc=unige,dc=ch',
11 'factDN' => 'cn=FACT Developers,ou=FACT,ou=Groups'
12 );
13}
14
15function CheckUsernameAndPassword($username, $password, $LDAPOptions)
16{
17 //$errorMessage = "The username/password combination you entered was invalid.";
18 $ldaphost = $LDAPOptions{'ldapHost'};
19 $ldap_domain = $LDAPOptions{'ldapDomain'};
20 $ldapport = $LDAPOptions{'ldapPort'};
21
22 $baseDN= $LDAPOptions{'baseDN'};
23 $factDN= $LDAPOptions{'factDN'}.','.$baseDN;
24
25 $ds = ldap_connect($ldaphost, $ldapport);
26 if (!$ds)
27 {
28 echo "Could not connect to the LDAP server: " . $ldaphost;
29 return false;
30 }
31
32 //------------------ Look for user common name
33 $attributes = array('cn');
34 $dn= 'ou=People,'.$baseDN;
35 $filter= '(uid='.$username.')';
36 if (!($sr = ldap_search($ds, $dn, $filter, $attributes)))
37 {
38 echo "Could not connect to the LDAP server: " . $ldaphost;
39 return false;
40 }
41 $srData = ldap_get_entries($ds, $sr);
42 if ($srData["count"]==0)
43 {
44 echo "Could not find user " . $username . " in the LDAP list.";
45 return false;
46 }
47 $userCommonName= $srData[0]['cn'][0];
48 $userDN= $srData[0]['dn'];
49
50 //------------------ Authenticate user
51 $ldapbind = ldap_bind($ds, $userDN, $password);
52 if (strlen($password) && $ldapbind)
53 {
54 //------------------ Check if the user is in FACT ldap group
55 $attributes= array("member");
56 $filter= '(objectClass=*)';
57 $sr = ldap_read($ds, $factDN, $filter, $attributes);
58 $srData = ldap_get_entries($ds, $sr);
59 $factGroupMembers= $srData[0]['member'];
60 for ($i=0; $i < $factGroupMembers["count"]; $i++)
61 if (strpos($factGroupMembers[$i], $userCommonName))
62 {
63 ldap_close($ds);
64 return true;
65 }
66 ldap_close($ds);
67 echo 'Sorry, you are not in the LDAP group FACT !';
68 return false;
69 }
70 else
71 {
72 ldap_close($ds);
73 return false;
74 }
75}
76
77?>
Note: See TracBrowser for help on using the repository browser.