| 1 | <?php
|
|---|
| 2 |
|
|---|
| 3 | function GetLDAPOptions()
|
|---|
| 4 | {
|
|---|
| 5 | return array(
|
|---|
| 6 | 'ldapHost' => '161.72.93.133',
|
|---|
| 7 | 'ldapDomain' => 'fact.iac.es',
|
|---|
| 8 | 'ldapPort' => '389',
|
|---|
| 9 |
|
|---|
| 10 | 'baseDN' => 'dc=fact,dc=iac,dc=es',
|
|---|
| 11 | 'factDN' => 'cn=Operations,ou=Application Groups'
|
|---|
| 12 | );
|
|---|
| 13 | }
|
|---|
| 14 |
|
|---|
| 15 | function CheckUsernameAndPassword($username, $password, $LDAPOptions)
|
|---|
| 16 | {
|
|---|
| 17 | //$errorMessage = "The username/password combination you entered was invalid.";
|
|---|
| 18 | $ldaphost = $LDAPOptions{'ldapHost'};
|
|---|
| 19 | $ldap_domain = $LDAPOptions{'ldapDomain'};
|
|---|
| 20 | $ldapport = $LDAPOptions{'ldapPort'};
|
|---|
| 21 |
|
|---|
| 22 | $baseDN= $LDAPOptions{'baseDN'};
|
|---|
| 23 | $factDN= $LDAPOptions{'factDN'}.','.$baseDN;
|
|---|
| 24 |
|
|---|
| 25 | $ds = ldap_connect($ldaphost, $ldapport);
|
|---|
| 26 | if (!$ds)
|
|---|
| 27 | {
|
|---|
| 28 | echo "Could not connect to the LDAP server: " . $ldaphost;
|
|---|
| 29 | return false;
|
|---|
| 30 | }
|
|---|
| 31 |
|
|---|
| 32 | //------------------ Look for user common name
|
|---|
| 33 | $attributes = array('cn');
|
|---|
| 34 | $dn= 'ou=People,'.$baseDN;
|
|---|
| 35 | $filter= '(uid='.$username.')';
|
|---|
| 36 | if (!($sr = ldap_search($ds, $dn, $filter, $attributes)))
|
|---|
| 37 | {
|
|---|
| 38 | echo "Could not connect to the LDAP server: " . $ldaphost;
|
|---|
| 39 | return false;
|
|---|
| 40 | }
|
|---|
| 41 | $srData = ldap_get_entries($ds, $sr);
|
|---|
| 42 | if ($srData["count"]==0)
|
|---|
| 43 | {
|
|---|
| 44 | echo "Could not find user " . $username . " in the LDAP list.";
|
|---|
| 45 | return false;
|
|---|
| 46 | }
|
|---|
| 47 | $userCommonName= $srData[0]['cn'][0];
|
|---|
| 48 | $userDN= $srData[0]['dn'];
|
|---|
| 49 |
|
|---|
| 50 | //------------------ Authenticate user
|
|---|
| 51 | $ldapbind = ldap_bind($ds, $userDN, $password);
|
|---|
| 52 | if (strlen($password) && $ldapbind)
|
|---|
| 53 | {
|
|---|
| 54 | //------------------ Check if the user is in FACT ldap group
|
|---|
| 55 | $attributes= array("member");
|
|---|
| 56 | $filter= '(objectClass=*)';
|
|---|
| 57 | $sr = ldap_read($ds, $factDN, $filter, $attributes);
|
|---|
| 58 | $srData = ldap_get_entries($ds, $sr);
|
|---|
| 59 | $factGroupMembers= $srData[0]['member'];
|
|---|
| 60 | for ($i=0; $i < $factGroupMembers["count"]; $i++)
|
|---|
| 61 | if (strpos($factGroupMembers[$i], $userCommonName))
|
|---|
| 62 | {
|
|---|
| 63 | ldap_close($ds);
|
|---|
| 64 | return true;
|
|---|
| 65 | }
|
|---|
| 66 | ldap_close($ds);
|
|---|
| 67 | echo 'Sorry, you are not in the LDAP group FACT !';
|
|---|
| 68 | return false;
|
|---|
| 69 | }
|
|---|
| 70 | else
|
|---|
| 71 | {
|
|---|
| 72 | ldap_close($ds);
|
|---|
| 73 | return false;
|
|---|
| 74 | }
|
|---|
| 75 | }
|
|---|
| 76 |
|
|---|
| 77 | ?>
|
|---|
