useLdap();
}
public function useLdap() {
$this->checkConfiguration();
return $this->USE_LDAP;
}
private function buildFakeLdapUsers() { return $this->buildFakeLdapUsersFromDB(); }
private function buildFakeLdapUsersFromDB() {
$users = TableRegistry::get('Users')->find();
$ldapUsers = [];
foreach ($users as $user) {
$names = explode(" ", $user['nom']);
if(isset($names[1])) {
$ldapUsers[] = [
'sn' => [$names[0]],
'mail' => [$user['email']],
'uid' => [$user['username']],
'givenname' => [$names[1]],
$this->authenticationType => [$user['username']],
'userpassword' => [$user['password']],
];
}
else {
$ldapUsers[] = [
'sn' => [$names[0]],
'mail' => [$user['email']],
'uid' => [$user['username']],
'givenname' => " ",
$this->authenticationType => [$user['username']],
'userpassword' => [$user['password']],
];
}
}
$prefix = "_NouvelUtilisateur_";
$ldapUsers[] = [
'sn' => ['NOUVEL'],
'givenname' => ['UTILISATEUR'],
'mail' => [$prefix.'email'],
'uid' => [$prefix.'login'],
$this->authenticationType => [$prefix.'username'],
'userpassword' => [$prefix.'password'],
];
return $ldapUsers;
}
private function checkConfiguration() {
$config = TableRegistry::get('Configurations')->find()->where(['id =' => 1])->first();
$this->USE_LDAP = $config->use_ldap ? TRUE : FALSE;
if (!$this->USE_LDAP) {
$this->authenticationType = $config->authentificationType_ldap;
if (empty($this->fakeLDAPUsers)) $this->fakeLDAPUsers = $this->buildFakeLdapUsers();
return true;
}
$ldapConfig = $config->toArray();
if (!empty($config->host_ldap)
&& !empty($config->port_ldap)
&& !empty($config->baseDn_ldap)
&& !empty($config->authentificationType_ldap)
&& !empty($config->filter_ldap)
) {
$this->host = $config->host_ldap;
$this->port = $config->port_ldap;
$this->baseDn = $config->baseDn_ldap;
$this->filter = $config->filter_ldap;
$this->authenticationType = $config->authentificationType_ldap;
return true;
}
throw new Exception ('The ldap configuration is not valid :
- host = ' . @$ldapConfig['host'] . '
- port = ' . @$ldapConfig['port'] . '
- baseDn = ' . @$ldapConfig['baseDn'] . '
- filter = ' . @$ldapConfig['filter'] . '
- authenticationType = ' . @$ldapConfig['authenticationType'] . '
'
);
}
public function getAllLdapUsers() {
try {
if($this->checkConfiguration()) {
// REAL LDAP
if ($this->USE_LDAP) {
$ldapConnection = ldap_connect($this->host, $this->port);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
$results = ldap_search($ldapConnection, $this->baseDn, $this->filter);
$res = ldap_get_entries($ldapConnection, $results);
}
// FAKE LDAP
else {
$res=$this->fakeLDAPUsers;
}
return $res;
}
}
catch (Exception $e) { }
return false;
}
// $userName = login
public function getUserAttributes($userName) {
try {
if($this->checkConfiguration()) {
if ($this->USE_LDAP) {
$ldapConnection = ldap_connect($this->host, $this->port);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
$results = ldap_search($ldapConnection, $this->baseDn, $this->authenticationType . '=' . $userName);
return ldap_get_entries($ldapConnection, $results);
}
else return array($this->getFakeLdapUser($userName));
}
}
catch (Exception $e) { }
return false;
}
public function getAuthenticationType() {
return $this->authenticationType;
}
//EP added
public function getFakeLdapUser($login) {
foreach ($this->fakeLDAPUsers as $user) {
if ($login == $user['uid'][0]) return $user;
}
return FALSE;
}
/**
* Return a list of Users with key = login & value = username
*/
public function getListUsers() {
$u = $this->getAllLdapUsers();
$utilisateurs= [];
if($this->USE_LDAP) {
for($i = 0; $i < $u['count']; $i++) {
$utilisateurs[$u[$i][$this->authenticationType][0]] = $u[$i]['givenname'][0].' '.$u[$i]['sn'][0];
}
}
else {
for($i = 0; $i < sizeof($u)-1; $i++) {
$utilisateurs[$u[$i][$this->authenticationType][0]] = $u[$i]['givenname'][0].' '.$u[$i]['sn'][0];
}
}
return $utilisateurs;
}
/**
* Return size of list users
*/
public function getNbUsers() {
$u = $this->getAllLdapUsers();
if($this->USE_LDAP) {
$nbUsers = $u['count'];
}
else {
$nbUsers = sizeof($u)-1;
}
return $nbUsers;
}
public function ldapAuthentication($login, $password) {
try {
if($this->checkConfiguration()) {
if ($this->USE_LDAP) {
if (strlen(trim($password))==0) return FALSE;
$ldapConnection = ldap_connect($this->host, $this->port);
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
if (@ldap_bind($ldapConnection, $this->authenticationType . '=' . $login . ',' . $this->baseDn, $password)) {
return $this->getUserAttributes($login)[0];
} else {
return false;
}
}
else {
$user = $this->getFakeLdapUser($login);
if ($user != false && (new DefaultPasswordHasher)->check($password, $user['userpassword'][0])) {
//if ($user != false && $user['userpassword'][0] == $password) {
return $user;
}
}
}
}
catch (Exception $e) { }
return false;
}
}
?>