1 | <?php
|
---|
2 |
|
---|
3 | function GetLDAPOptions()
|
---|
4 | {
|
---|
5 | return array(
|
---|
6 | 'ldapHost' => 'fact01.ethz.ch',
|
---|
7 | 'ldapDomain' => 'fact.iac.es',
|
---|
8 | 'ldapPort' => '389',
|
---|
9 |
|
---|
10 | 'baseDN' => 'dc=fact,dc=iac,dc=es',
|
---|
11 | 'factDN' => 'cn=FACT Developers,ou=FACT,ou=Groups'
|
---|
12 | );
|
---|
13 | }
|
---|
14 |
|
---|
15 | function CheckUsernameAndPassword($username, $password, $LDAPOptions)
|
---|
16 | {
|
---|
17 | //$errorMessage = "The username/password combination you entered was invalid.";
|
---|
18 | $ldaphost = $LDAPOptions{'ldapHost'};
|
---|
19 | $ldap_domain = $LDAPOptions{'ldapDomain'};
|
---|
20 | $ldapport = $LDAPOptions{'ldapPort'};
|
---|
21 |
|
---|
22 | $baseDN= $LDAPOptions{'baseDN'};
|
---|
23 | $factDN= $LDAPOptions{'factDN'}.','.$baseDN;
|
---|
24 |
|
---|
25 | $ds = ldap_connect($ldaphost, $ldapport);
|
---|
26 | if (!$ds)
|
---|
27 | {
|
---|
28 | echo "Could not connect to the LDAP server: " . $ldaphost;
|
---|
29 | return false;
|
---|
30 | }
|
---|
31 |
|
---|
32 | //------------------ Look for user common name
|
---|
33 | $attributes = array('cn');
|
---|
34 | $dn= 'ou=People,'.$baseDN;
|
---|
35 | $filter= '(uid='.$username.')';
|
---|
36 | if (!($sr = ldap_search($ds, $dn, $filter, $attributes)))
|
---|
37 | {
|
---|
38 | echo "Could not connect to the LDAP server: " . $ldaphost;
|
---|
39 | return false;
|
---|
40 | }
|
---|
41 | $srData = ldap_get_entries($ds, $sr);
|
---|
42 | if ($srData["count"]==0)
|
---|
43 | {
|
---|
44 | echo "Could not find user " . $username . " in the LDAP list.";
|
---|
45 | return false;
|
---|
46 | }
|
---|
47 | $userCommonName= $srData[0]['cn'][0];
|
---|
48 | $userDN= $srData[0]['dn'];
|
---|
49 |
|
---|
50 | //------------------ Authenticate user
|
---|
51 | $ldapbind = ldap_bind($ds, $userDN, $password);
|
---|
52 | if (strlen($password) && $ldapbind)
|
---|
53 | {
|
---|
54 | //------------------ Check if the user is in FACT ldap group
|
---|
55 | $attributes= array("member");
|
---|
56 | $filter= '(objectClass=*)';
|
---|
57 | $sr = ldap_read($ds, $factDN, $filter, $attributes);
|
---|
58 | $srData = ldap_get_entries($ds, $sr);
|
---|
59 | $factGroupMembers= $srData[0]['member'];
|
---|
60 | for ($i=0; $i < $factGroupMembers["count"]; $i++)
|
---|
61 | if (strpos($factGroupMembers[$i], $userCommonName))
|
---|
62 | {
|
---|
63 | ldap_close($ds);
|
---|
64 | return true;
|
---|
65 | }
|
---|
66 | ldap_close($ds);
|
---|
67 | echo 'Sorry, you are not in the LDAP group FACT !';
|
---|
68 | return false;
|
---|
69 | }
|
---|
70 | else
|
---|
71 | {
|
---|
72 | ldap_close($ds);
|
---|
73 | return false;
|
---|
74 | }
|
---|
75 | }
|
---|
76 |
|
---|
77 | ?>
|
---|