[moodle.git] / auth / ldap / lib.php

<?PHP  
//CHANGELOG:
//03.10.2002 First version to CVS
//29.09.2002 Clean up and splitted code to functions v. 0.02
//29.09.2002 LDAP authentication functions v. 0.01
//Distributed under GPL (c)Petri Asikainen 2002


function auth_user_login ($username, $password) {
// Returns true if the username and password work
// and false if they don't

    global $CFG;
 
    $ldap_connection = auth_ldap_connect();
    if($ldap_connection) {
      
      $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
      
      //if ldap_user_dn is empty, user does not exist
      if(!$ldap_user_dn){
	return false;
      }
	
      // Try to bind with current username and password
      $ldap_login = @ldap_bind($ldap_connection, $ldap_user_dn, $password);
      if ($ldap_login) {
	ldap_close($ldap_connection);
	return true;
      }
    } else {
      @ldap_close($ldap_connection);
      error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
      return false ;
    }
}

 
function auth_get_userinfo($username){
  global $CFG;
  //reads userinformation from ldap and return it in array()

  $result = array();
  $ldap_connection=auth_ldap_connect();
  	
  $moodleattributes = array();
  //atribute mappings between moodle and ldap

  $moodleattributes['firstname']    ='givenname';
  $moodleattributes['lastname']     ='sn';
  $moodleattributes['email']        ='mail';
  $moodleattributes['phone1']       ='telephonenumber';
  //$moodleattributes['phone2']       ='facsimiletelephonenumber';
  //$moodleattributes['institution']  ='institution';
  $moodleattributes['department']   ='ou';
  $moodleattributes['address']      ='street';
  $moodleattributes['city']         ='physicaldeliveryofficename';
  //$moodleattributes['country']      ='country';
  $moodleattributes['description']  ='description';

  $search_attribs = array();	
  foreach ($moodleattributes as $key=>$value) {
	array_push($search_attribs, $value);
  }
			
  $user_dn = auth_ldap_find_userdn($ldap_connection, $username);
  if (! isset($CFG->ldap_objectclass)) {
	$CFG->ldap_objectclass="objectClass=*";
  }

  $user_info_result = ldap_read($ldap_connection,$user_dn,$objectclass, $search_attribs);	
  if ($user_info_result) {		
    $user_entry = ldap_get_entries($ldap_connection, $user_info_result);
      foreach ($moodleattributes as $key=>$value){
	if(isset($user_entry[0][$value][0])){
		$result[$key]=$user_entry[0][$value][0];
	}
      }		
  }
  @ldap_close($ldap_connection);

  //Hardcoded defaults	
  if(! isset($result['description'])) {
	$result['description'] = "Description";
  }
  $result['country']='FI';
	
  return $result;
}

function auth_get_userlist() {
  //returns all users from ldap servers
  global $CFG;
  $fresult = array();
  $ldap_connection = auth_ldap_connect();
  auth_ldap_bind($ldap_connection);
  if (! isset($CFG->ldap_objectclass)) {
        $CFG->ldap_objectclass="objectClass=*";
  }
  $contexts=explode(";",$CFG->ldap_contexts);
  foreach ($contexts as $context) {
	
      if($CFG->ldap_search_sub){
      	  //use ldap_search to find first user from subtree
          $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
      } else {
          //search only in this context
          $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
      }

     $users = ldap_get_entries($ldap_connection,$ldap_result);
     //add found users to list
     for ($i=0;$i<$users['count'];$i++) {
	array_push($fresult,($users[$i][$CFG->ldap_user_attribute][0]));	
     }
  }
  return $fresult;	
		    
}
function auth_ldap_connect(){
  //connects to ldap-server
  global $CFG;
  $result = ldap_connect($CFG->ldap_host_url);
  if ($result) {
    return $result;
  } else {
    error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
    return false;
  }
}

function auth_ldap_bind($ldap_connection){
  //makes bind to ldap for searching users
  //uses ldap_bind_dn or anonymous bind
  global $CFG;
    if ($CFG->ldap_bind_dn){
      //bind with search-user
      if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){
	error("Error: could not bind ldap with ldap_bind_dn/pw");
	return false;
      }
    }else{
      //bind anonymously 
      if ( !ldap_bind($ldap_connection)){
	error("Error: could not bind ldap anonymously");
	return false;
      }  
    }
  return true;

}
		
function auth_ldap_find_userdn ($ldap_connection, $username){
  //return dn of username
  //like: cn=username,ou=suborg,o=org
  //or false if username not found
  global $CFG;
  //default return value
  $ldap_user_dn = FALSE;

  auth_ldap_bind($ldap_connection);

  //get all contexts and look for first matching user
  $ldap_contexts = explode(";",$CFG->ldap_contexts);
  
  foreach($ldap_contexts as $context) {
    $context == trim($context);
    if($CFG->ldap_search_sub){
      //use ldap_search to find first user from subtree
      $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
    } else {
      //search only in this context
      $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
    }
	 
    $entry = ldap_first_entry($ldap_connection,$ldap_result);
    if ($entry){
      
      $ldap_user_dn = ldap_get_dn($ldap_connection, $entry);
      break ;
	 
    }
   }
  return $ldap_user_dn;
}

?>
Commit	Line	Data
fcad1373	1	<?PHP
fcad1373	2	//CHANGELOG:
68605943	3	//03.10.2002 First version to CVS
fcad1373	4	//29.09.2002 Clean up and splitted code to functions v. 0.02
	5	//29.09.2002 LDAP authentication functions v. 0.01
	6	//Distributed under GPL (c)Petri Asikainen 2002
	7
	8
	9
	10
	11	function auth_user_login ($username, $password) {
	12	// Returns true if the username and password work
	13	// and false if they don't
	14
	15	global $CFG;
	16
	17	$ldap_connection = auth_ldap_connect();
	18	if($ldap_connection) {
	19
	20	$ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
	21
	22	//if ldap_user_dn is empty, user does not exist
	23	if(!$ldap_user_dn){
	24	return false;
	25	}
	26
	27	// Try to bind with current username and password
	28	$ldap_login = @ldap_bind($ldap_connection, $ldap_user_dn, $password);
	29	if ($ldap_login) {
	30	ldap_close($ldap_connection);
	31	return true;
	32	}
	33	} else {
	34	@ldap_close($ldap_connection);
	35	error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
	36	return false ;
	37	}
	38	}
	39
	40
	41	function auth_get_userinfo($username){
	42	global $CFG;
	43	//reads userinformation from ldap and return it in array()
	44
	45	$result = array();
	46	$ldap_connection=auth_ldap_connect();
	47
	48	$moodleattributes = array();
68605943	49	//atribute mappings between moodle and ldap
fcad1373	50
	51	$moodleattributes['firstname'] ='givenname';
	52	$moodleattributes['lastname'] ='sn';
	53	$moodleattributes['email'] ='mail';
	54	$moodleattributes['phone1'] ='telephonenumber';
	55	//$moodleattributes['phone2'] ='facsimiletelephonenumber';
	56	//$moodleattributes['institution'] ='institution';
	57	$moodleattributes['department'] ='ou';
	58	$moodleattributes['address'] ='street';
	59	$moodleattributes['city'] ='physicaldeliveryofficename';
	60	//$moodleattributes['country'] ='country';
	61	$moodleattributes['description'] ='description';
	62
	63	$search_attribs = array();
	64	foreach ($moodleattributes as $key=>$value) {
	65	array_push($search_attribs, $value);
	66	}
	67
	68	$user_dn = auth_ldap_find_userdn($ldap_connection, $username);
05da6502	69	if (! isset($CFG->ldap_objectclass)) {
	70	$CFG->ldap_objectclass="objectClass=*";
	71	}
	72
	73	$user_info_result = ldap_read($ldap_connection,$user_dn,$objectclass, $search_attribs);
fcad1373	74	if ($user_info_result) {
	75	$user_entry = ldap_get_entries($ldap_connection, $user_info_result);
	76	foreach ($moodleattributes as $key=>$value){
	77	if(isset($user_entry[0][$value][0])){
	78	$result[$key]=$user_entry[0][$value][0];
	79	}
	80	}
	81	}
	82	@ldap_close($ldap_connection);
	83
	84	//Hardcoded defaults
	85	if(! isset($result['description'])) {
	86	$result['description'] = "Description";
	87	}
	88	$result['country']='FI';
	89
	90	return $result;
	91	}
	92
05da6502	93	function auth_get_userlist() {
	94	//returns all users from ldap servers
	95	global $CFG;
	96	$fresult = array();
	97	$ldap_connection = auth_ldap_connect();
	98	auth_ldap_bind($ldap_connection);
	99	if (! isset($CFG->ldap_objectclass)) {
	100	$CFG->ldap_objectclass="objectClass=*";
	101	}
	102	$contexts=explode(";",$CFG->ldap_contexts);
	103	foreach ($contexts as $context) {
	104
	105	if($CFG->ldap_search_sub){
	106	//use ldap_search to find first user from subtree
	107	$ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
	108	} else {
	109	//search only in this context
	110	$ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
	111	}
	112
	113	$users = ldap_get_entries($ldap_connection,$ldap_result);
	114	//add found users to list
	115	for ($i=0;$i<$users['count'];$i++) {
	116	array_push($fresult,($users[$i][$CFG->ldap_user_attribute][0]));
	117	}
	118	}
	119	return $fresult;
	120
	121	}
fcad1373	122	function auth_ldap_connect(){
	123	//connects to ldap-server
	124	global $CFG;
	125	$result = ldap_connect($CFG->ldap_host_url);
	126	if ($result) {
	127	return $result;
	128	} else {
	129	error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
	130	return false;
	131	}
fcad1373	132	}
05da6502	133
fcad1373	134	function auth_ldap_bind($ldap_connection){
	135	//makes bind to ldap for searching users
	136	//uses ldap_bind_dn or anonymous bind
	137	global $CFG;
	138	if ($CFG->ldap_bind_dn){
	139	//bind with search-user
	140	if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){
	141	error("Error: could not bind ldap with ldap_bind_dn/pw");
	142	return false;
	143	}
	144	}else{
	145	//bind anonymously
	146	if ( !ldap_bind($ldap_connection)){
	147	error("Error: could not bind ldap anonymously");
	148	return false;
	149	}
	150	}
	151	return true;
	152
	153	}
	154
	155	function auth_ldap_find_userdn ($ldap_connection, $username){
	156	//return dn of username
	157	//like: cn=username,ou=suborg,o=org
	158	//or false if username not found
	159	global $CFG;
	160	//default return value
	161	$ldap_user_dn = FALSE;
	162
fcad1373	163	auth_ldap_bind($ldap_connection);
68605943	164
fcad1373	165	//get all contexts and look for first matching user
	166	$ldap_contexts = explode(";",$CFG->ldap_contexts);
	167
fcad1373	168	foreach($ldap_contexts as $context) {
fcad1373	169	$context == trim($context);
fcad1373	170	if($CFG->ldap_search_sub){
	171	//use ldap_search to find first user from subtree
	172	$ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
	173	} else {
	174	//search only in this context
	175	$ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
	176	}
	177
	178	$entry = ldap_first_entry($ldap_connection,$ldap_result);
	179	if ($entry){
	180
	181	$ldap_user_dn = ldap_get_dn($ldap_connection, $entry);
	182	break ;
	183
	184	}
	185	}
	186	return $ldap_user_dn;
	187	}
	188
fcad1373	189	?>