Adding support for multiple LDAP backends with new authentication module

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@21 44740490-163a-0410-bde0-09ae8108e29a

Adding support for multiple LDAP backends with new authentication module
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@21 44740490-163a-0410-bde0-09ae8108e29a
41ed7ae3 · Andreas Åkre Solberg · aa60b1b9 · 41ed7ae3 · 41ed7ae3 · 41ed7ae3
Commit 41ed7ae3 authored 17 years ago by Andreas Åkre Solberg
--- a/config/ldapmulti-template.php
+++ b/config/ldapmulti-template.php
+<?php
+/* 
+ * The configuration of simpleSAMLphp
+ * 
+ * 
+ */
+
+$ldapmulti = array (
+
+	'feide.no' => array(
+		'description'	=> 'Feide',
+		'dnpattern'		=> 'uid=%username%,dc=feide,dc=no,ou=feide,dc=uninett,dc=no',
+		'hostname'		=> 'ldap.uninett.no',
+		'attributes'	=> 'objectclass=*',
+	),
+	'uninett.no' => array(
+		'description'	=> 'UNINETT',
+		'dnpattern'		=> 'uid=%username%,ou=people,dc=uninett,dc=no',
+		'hostname'		=> 'ldap.uninett.no',
+		'attributes'	=> 'objectclass=*',
+	)
+	
+);
+
+
+
+?>
\ No newline at end of file
--- a/templates/login-ldapmulti.php
+++ b/templates/login-ldapmulti.php
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title><?php echo $data['header']; ?></title>
+<script>
+<!--
+function sf(){document.f.username.focus();}
+// -->
+</script>
+<style type="text/css">
+
+/* these styles are in the head of this page because this is a unique page */
+
+/* THE BIG GUYS */
+* {margin:0;padding:0}
+body {text-align:center;padding: 20px 0;background: #222;color:#333;font:83%/1.5 arial,tahoma,verdana,sans-serif}
+img {border:none;display:block}
+hr {margin: 1em 0;background:#eee;height:1px;color:#eee;border:none;clear:both}
+
+/* LINKS */
+a,a:link,a:link,a:link,a:hover {font-weight:bold;background:transparent;text-decoration:underline;cursor:pointer} 
+a:link {color:#c00} 
+a:visited {color:#999} 
+a:hover,a:active {color:#069} 
+
+/* LISTS */
+ul {margin: .3em 0 1.5em 2em}
+	ul.related {margin-top:-1em}
+li {margin-left:2em}
+dt {font-weight:bold}
+#wrap {border: 1px solid #fff;position:relative;background:#fff;width:600px;margin: 0 auto;text-align:left}
+#header {background: #666 url("/<?php echo $data['baseurlpath']; ?>resources/sprites.gif") repeat-x 0 100%;margin: 0 0 25px;padding: 0 0 8px}
+#header h1 {color:#fff;font-size: 145%;padding:20px 20px 12px}
+#poweredby {width:96px;height:63px;position:absolute;top:0;right:0}
+#content {padding: 0 20px}
+
+/* TYPOGRAPHY */
+p, ul, ol {margin: 0 0 1.5em}
+h1, h2, h3, h4, h5, h6 {letter-spacing: -1px;font-family: arial,verdana,sans-serif;margin: 1.2em 0 .3em;color:#000;border-bottom: 1px solid #eee;padding-bottom: .1em}
+h1 {font-size: 196%;margin-top:0;border:none}
+h2 {font-size: 136%}
+h3 {font-size: 126%}
+h4 {font-size: 116%}
+h5 {font-size: 106%}
+h6 {font-size: 96%}
+
+.old {text-decoration:line-through}
+</style>
+</head>
+<body onload="sf();">
+
+<div id="wrap">
+
+	<div id="header">
+		<h1>simpleSAMLphp authentication</h1>
+		<div id="poweredby"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/lock.png" alt="Login screen" /></div>
+	</div>
+	
+	<div id="content">
+	
+		<?php if (isset($data['error'])) { ?>
+		<div style="border-left: 1px solid #e8e8e8; border-bottom: 1px solid #e8e8e8; background: #f5f5f5"
+		<img src="/<?php echo $data['baseurlpath']; ?>resources/icons/bomb.png" style="float: left; margin: 15px " />
+		<h2>What you entered was not accepted!</h2>
+		
+		<p><?php echo $data['error']; ?> </p>
+		</div>
+		<?php } ?>
+	
+		<h2 style="break: both">Enter your username and password</h2>
+		
+		<p>
+			A service has requested you to authenticate your self. That means you need to enter your username and password in the form below.
+		</p>
+		
+		<form action="?" method="post" name="f">
+
+		<table>
+			<tr>
+				<td rowspan="3"><img src="/<?php echo $data['baseurlpath']; ?>resources/icons/pencil.png" /></td>
+				<td style="padding: .3em;">Username</td>
+				<td><input type="text" tabindex="1" name="username" 
+					<?php if (isset($data['username'])) {
+						echo 'value="' . $data['username'] . '"';
+					} ?> /></td>
+
+					
+				<td style="padding: .4em; rowspan="3">
+					<input type="submit" tabindex="3" value="Login" />
+					<input type="hidden" name="RelayState" value="<?php echo $data['relaystate']; ?>" />
+				</td>
+			</tr>
+			
+			<tr>
+				<td style="padding: .3em;">Organization</td>
+				<td><select name="org" tabindex="2">
+					<?php
+					
+					foreach ($data['ldapconfig'] AS $key => $entry) {
+						echo '<option ' .
+							($key == $data['org'] ? 'selected="selected" ' : '')
+							. 'value="' . $key . '">' . $entry['description'] . '</option>';
+					}
+					
+					?>
+				</select></td>
+			</tr>
+			
+			<tr>
+				<td style="padding: .3em;">Password</td>
+				<td><input type="password" tabindex="2" name="password" /></td>
+			</tr>
+		</table>
+		
+		
+		</form>
+		
+		
+		<h2>Help! I don't remember my password.</h2>
+		
+		
+		<p>Too bad! - Without your username and password you cannot authenticate your self and access the service.
+		There may be someone that can help you. Contact the help desk at your university!</p>
+		
+		<h2>About simpleSAMLphp</h2>
+		<p>Hey! This simpleSAMLphp thing is pretty cool, where can I read more about it?
+		You can find more information about simpleSAMLphp at <a href="http://rnd.feide.no">the Feide RnD blog</a> over at <a href="http://uninett.no">UNINETT</a>.</p>
+		
+
+		<hr />
+		
+		Copyright &copy; 2007 <a href="http://rnd.feide.no/">Feide RnD</a>
+		
+		<hr />
+	
+	</div>
+
+</div>
+
+</body>
+</html>
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
+<?php
+
+
+require_once('../../www/_include.php');
+
+
+require_once('SimpleSAML/Utilities.php');
+require_once('SimpleSAML/Session.php');
+require_once('SimpleSAML/XML/MetaDataStore.php');
+require_once('SimpleSAML/XML/SAML20/AuthnRequest.php');
+require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
+require_once('SimpleSAML/XHTML/Template.php');
+
+session_start();
+
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = new SimpleSAML_XML_MetaDataStore($config);
+$session = SimpleSAML_Session::getInstance();
+
+
+$ldapconfigfile = $config->getValue('basedir') . 'config/ldapmulti.php';
+require_once($ldapconfigfile);
+
+
+$error = null;
+$attributes = array();
+	
+if (isset($_POST['username'])) {
+
+	$ldapconfig = $ldapmulti[$_POST['org']];
+	
+	
+
+	$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
+	$pwd = $_POST['password'];
+
+	$ds = ldap_connect($ldapconfig['hostname']);
+	
+	if ($ds) {
+	
+		if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+			echo "Failed to set LDAP Protocol version to 3";
+			exit;
+		}
+		/*
+		if (!ldap_start_tls($ds)) {
+		echo "Failed to start TLS";
+		exit;
+		}
+		*/
+		if (!ldap_bind($ds, $dn, $pwd)) {
+			$error = "Bind failed, wrong username or password. Tried with DN=[" . $dn . "] DNPattern=[" .  $ldapconfig['dnpattern'] . "]";
+			
+			
+		} else {
+			$sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
+			$ldapentries = ldap_get_entries($ds, $sr);
+			
+
+			for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
+				$values = array();
+				if ($ldapentries[0][$i] == 'jpegphoto') continue;
+				for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
+					$values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
+				}
+				
+				$attributes[$ldapentries[0][$i]] = $values;
+			}
+
+			// generelt ldap_next_entry for flere, men bare ett her
+			//print_r($ldapentries);
+			//print_r($attributes);
+			
+			$session->setAuthenticated(true);
+			$session->setAttributes($attributes);
+			
+			$session->setNameID(SimpleSAML_Utilities::generateID());
+			$session->setNameIDFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:transient');
+			
+			$returnto = $_REQUEST['RelayState'];
+			header("Location: " . $returnto);
+			exit(0);
+
+		}
+	// ldap_close() om du vil, men frigjoeres naar skriptet slutter
+	}
+
+	
+}
+
+
+$t = new SimpleSAML_XHTML_Template($config, 'login-ldapmulti.php');
+
+$t->data['header'] = 'simpleSAMLphp: Enter username and password';	
+$t->data['relaystate'] = $_REQUEST['RelayState'];
+$t->data['ldapconfig'] = $ldapmulti;
+$t->data['org'] = $_REQUEST['org'];
+$t->data['error'] = $error;
+if (isset($error)) {
+	$t->data['username'] = $_POST['username'];
+}
+
+$t->show();
+
+
+?>
--- a/www/example-simple/saml2-example.php
+++ b/www/example-simple/saml2-example.php
@@ -36,8 +36,6 @@ $attributes = $session->getAttributes();
 *
 */

-
-
 $et = new SimpleSAML_XHTML_Template($config, 'status.php');

 $et->data['header'] = 'SAML 2.0 SP Demo Example';
@@ -48,10 +46,6 @@ $et->data['valid'] = $session->isValid() ? 'Session is valid' : 'Session is inva
 $et->data['logout'] = '<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=/' . 
 	$config->getValue('baseurlpath') . 'logout.html">Logout</a> ]';

-/*
-$et->data['logout'] = '[ <a href="https://sam.feide.no/amserver/saml2/jsp/idpSingleLogoutInit.jsp?binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">IdP intiated logout from Feide (only if you are connected to the Feide IdP)</a> ]</p>
-			<p>[ <a href="/' . $config->getValue('baseurlpath') . 'saml2/sp/initSLO.php?RelayState=' .  urlencode(SimpleSAML_Utilities::selfURL()) . '">SP initated logout</a> ]';
-*/
 $et->show();