added support for list users from ldap.
[moodle.git] / auth / ldap / lib.php
CommitLineData
fcad1373 1<?PHP
2//CHANGELOG:
68605943 3//03.10.2002 First version to CVS
fcad1373 4//29.09.2002 Clean up and splitted code to functions v. 0.02
5//29.09.2002 LDAP authentication functions v. 0.01
6//Distributed under GPL (c)Petri Asikainen 2002
7
8
9
10
11function auth_user_login ($username, $password) {
12// Returns true if the username and password work
13// and false if they don't
14
15 global $CFG;
16
17 $ldap_connection = auth_ldap_connect();
18 if($ldap_connection) {
19
20 $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
21
22 //if ldap_user_dn is empty, user does not exist
23 if(!$ldap_user_dn){
24 return false;
25 }
26
27 // Try to bind with current username and password
28 $ldap_login = @ldap_bind($ldap_connection, $ldap_user_dn, $password);
29 if ($ldap_login) {
30 ldap_close($ldap_connection);
31 return true;
32 }
33 } else {
34 @ldap_close($ldap_connection);
35 error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
36 return false ;
37 }
38}
39
40
41function auth_get_userinfo($username){
42 global $CFG;
43 //reads userinformation from ldap and return it in array()
44
45 $result = array();
46 $ldap_connection=auth_ldap_connect();
47
48 $moodleattributes = array();
68605943 49 //atribute mappings between moodle and ldap
fcad1373 50
51 $moodleattributes['firstname'] ='givenname';
52 $moodleattributes['lastname'] ='sn';
53 $moodleattributes['email'] ='mail';
54 $moodleattributes['phone1'] ='telephonenumber';
55 //$moodleattributes['phone2'] ='facsimiletelephonenumber';
56 //$moodleattributes['institution'] ='institution';
57 $moodleattributes['department'] ='ou';
58 $moodleattributes['address'] ='street';
59 $moodleattributes['city'] ='physicaldeliveryofficename';
60 //$moodleattributes['country'] ='country';
61 $moodleattributes['description'] ='description';
62
63 $search_attribs = array();
64 foreach ($moodleattributes as $key=>$value) {
65 array_push($search_attribs, $value);
66 }
67
68 $user_dn = auth_ldap_find_userdn($ldap_connection, $username);
05da6502 69 if (! isset($CFG->ldap_objectclass)) {
70 $CFG->ldap_objectclass="objectClass=*";
71 }
72
73 $user_info_result = ldap_read($ldap_connection,$user_dn,$objectclass, $search_attribs);
fcad1373 74 if ($user_info_result) {
75 $user_entry = ldap_get_entries($ldap_connection, $user_info_result);
76 foreach ($moodleattributes as $key=>$value){
77 if(isset($user_entry[0][$value][0])){
78 $result[$key]=$user_entry[0][$value][0];
79 }
80 }
81 }
82 @ldap_close($ldap_connection);
83
84 //Hardcoded defaults
85 if(! isset($result['description'])) {
86 $result['description'] = "Description";
87 }
88 $result['country']='FI';
89
90 return $result;
91}
92
05da6502 93function auth_get_userlist() {
94 //returns all users from ldap servers
95 global $CFG;
96 $fresult = array();
97 $ldap_connection = auth_ldap_connect();
98 auth_ldap_bind($ldap_connection);
99 if (! isset($CFG->ldap_objectclass)) {
100 $CFG->ldap_objectclass="objectClass=*";
101 }
102 $contexts=explode(";",$CFG->ldap_contexts);
103 foreach ($contexts as $context) {
104
105 if($CFG->ldap_search_sub){
106 //use ldap_search to find first user from subtree
107 $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
108 } else {
109 //search only in this context
110 $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_objectclass.")", array($CFG->ldap_user_attribute));
111 }
112
113 $users = ldap_get_entries($ldap_connection,$ldap_result);
114 //add found users to list
115 for ($i=0;$i<$users['count'];$i++) {
116 array_push($fresult,($users[$i][$CFG->ldap_user_attribute][0]));
117 }
118 }
119 return $fresult;
120
121}
fcad1373 122function auth_ldap_connect(){
123 //connects to ldap-server
124 global $CFG;
125 $result = ldap_connect($CFG->ldap_host_url);
126 if ($result) {
127 return $result;
128 } else {
129 error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
130 return false;
131 }
fcad1373 132}
05da6502 133
fcad1373 134function auth_ldap_bind($ldap_connection){
135 //makes bind to ldap for searching users
136 //uses ldap_bind_dn or anonymous bind
137 global $CFG;
138 if ($CFG->ldap_bind_dn){
139 //bind with search-user
140 if (!ldap_bind($ldap_connection, $CFG->ldap_bind_dn,$CFG->ldap_bind_pw)){
141 error("Error: could not bind ldap with ldap_bind_dn/pw");
142 return false;
143 }
144 }else{
145 //bind anonymously
146 if ( !ldap_bind($ldap_connection)){
147 error("Error: could not bind ldap anonymously");
148 return false;
149 }
150 }
151 return true;
152
153}
154
155function auth_ldap_find_userdn ($ldap_connection, $username){
156 //return dn of username
157 //like: cn=username,ou=suborg,o=org
158 //or false if username not found
159 global $CFG;
160 //default return value
161 $ldap_user_dn = FALSE;
162
fcad1373 163 auth_ldap_bind($ldap_connection);
68605943 164
fcad1373 165 //get all contexts and look for first matching user
166 $ldap_contexts = explode(";",$CFG->ldap_contexts);
167
fcad1373 168 foreach($ldap_contexts as $context) {
169 $context == trim($context);
fcad1373 170 if($CFG->ldap_search_sub){
171 //use ldap_search to find first user from subtree
172 $ldap_result = ldap_search($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
173 } else {
174 //search only in this context
175 $ldap_result = ldap_list($ldap_connection, $context, "(".$CFG->ldap_user_attribute."=".$username.")");
176 }
177
178 $entry = ldap_first_entry($ldap_connection,$ldap_result);
179 if ($entry){
180
181 $ldap_user_dn = ldap_get_dn($ldap_connection, $entry);
182 break ;
183
184 }
185 }
186 return $ldap_user_dn;
187}
188
fcad1373 189?>