Logo Search packages:      
Sourcecode: nanoweb version File versions  Download package

mod_auth_ldap.php

<?php

/*

Nanoweb LDAP Auth Module
========================

Copyright (C) 2002-2003 Vincent Negrier aka. sIX <six@aegis-corp.org>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.


Usage
=====

Use these directives in a conf/vhost/access file to use mod_auth_nwauth

AuthRealm = your auth realm name here
AuthRequire = LDAP
AuthLDAPServer = ldap.example.com
AuthLDAPBindDN = cn=%AUTH_USER%,ou=people,dc=example,dc=com
AuthLDAPMatchFilter = (&(attrfilter=val)(httpaccess=on))

In AuthLDAPBindDN, %AUTH_USER% is replaced with the actual login provided by
the HTTP client. You may also use %AUTH_USER_U% and %AUTH_USER_D% if you want
to allow user@domain type logins.

*/

class mod_auth_ldap {

      var $modtype="auth_ldap";
      var $modname="LDAP authentication";
      
      function init() {

            if (!is_callable("ldap_connect")) {

                  techo("WARN: mod_auth_ldap needs a php binary compiled with LDAP support", NW_EL_WARNING);
                  $this->ldapless_php=true;
            
            }
      
      }
      
      function auth($user, $pass, $args) {

            if ($this->ldapless_php) {

                  return(false);

            } else if ($ldsrvs=access_query("authldapserver")) {

                  foreach ($ldsrvs as $ld_srv) if ($ld_cid=ldap_connect($ld_srv)) break;
      
                  if (!$ld_cid) {

                        techo("WARN: mod_auth_ldap: unable to connect to server(s)", NW_EL_WARNING);
                        return(false);
                  
                  }

            } else {

                  techo("WARN: mod_auth_ldap: no AuthLDAPServer specified", NW_EL_WARNING);
                  ldap_close($ld_cid);
                  return(false);
            
            }
            
            $ld_dn=access_query("authldapbinddn", 0);
            $eu=explode("@", $user);
            
            $ld_dn=str_replace("%AUTH_USER%", $user, $ld_dn);
            $ld_dn=str_replace("%AUTH_USER_U%", $eu[0], $ld_dn);
            $ld_dn=str_replace("%AUTH_USER_D%", $eu[1], $ld_dn);

            if ($ld_bind=ldap_bind($ld_cid, $ld_dn, $pass)) {

                  if ($ld_filter=access_query("authldapmatchfilter", 0)) {

                        if ($ld_q=ldap_search($ld_cid, $ld_dn, $ld_filter)) {

                              if ($a=ldap_count_entries($ld_cid, $ld_q)) {
                              
                                    ldap_close($ld_cid);
                                    return(true);

                              } else {

                                    ldap_close($ld_cid);
                                    return(false);

                              }
                        
                        } else {

                              ldap_close($ld_cid);
                              return(false);
                        
                        }
                  
                  } else {

                        ldap_close($ld_cid);
                        return(true);
                  
                  }
            
            } else {
                  
                  ldap_close($ld_cid);
                  return(false);

            }
            
      }

}

?>

Generated by  Doxygen 1.6.0   Back to index