From 8154e0d0b1ddcbbebb35c668b89f6a9ef8caebcb Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Wed, 20 Aug 2008 12:05:21 +0000
Subject: [PATCH] use SimpleSAML_Auth_LDAP class for handling LDAP access; this
 aligns handling of the "attributes" parameter with other LDAP auth variants
 using SimpleSAML_Auth_LDAP, but breaks backwards compatibility with
 login-ldapmulti itself (as the "attributes" value was actually used as an
 LDAP filter, eg. "objectclass=*")

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@825 44740490-163a-0410-bde0-09ae8108e29a
---
 www/auth/login-ldapmulti.php | 89 ++++++++++--------------------------
 1 file changed, 25 insertions(+), 64 deletions(-)

diff --git a/www/auth/login-ldapmulti.php b/www/auth/login-ldapmulti.php
index a2052670d..5f2461fb4 100644
--- a/www/auth/login-ldapmulti.php
+++ b/www/auth/login-ldapmulti.php
@@ -37,77 +37,38 @@ if (isset($_POST['username'])) {
 		$dn = str_replace('%username%', $_POST['username'], $ldapconfig['dnpattern'] );
 		$pwd = $_POST['password'];
 	
-		$ds = ldap_connect($ldapconfig['hostname']);
+		$ldap = new SimpleSAML_Auth_LDAP($ldapconfig['hostname'], $ldapconfig['enable_tls']);
 		
-		if ($ds) {
-		
-			if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-			
-				SimpleSAML_Logger::critical('AUTH - ldap-multi: Error setting LDAP protocol version to 3');
-				
-				$error = "Failed to set LDAP Protocol version to 3";
-			}
-			/*
-			if (!ldap_start_tls($ds)) {
-			echo "Failed to start TLS";
-			exit;
-			}
-			*/
-			if (!@ldap_bind($ds, $dn, $pwd)) {
-				$error = 'Bind failed, wrong username or password.' .
-					' Tried with DN=[' . $dn . '] DNPattern=[' .
-					$ldapconfig['dnpattern'] . '] Error=[' .
-					ldap_error($ds) . "] ErrNo=[" .
-					ldap_errno($ds) . "]";
-	
-				SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate');
-				
-			} else {
-				$sr = ldap_read($ds, $dn, $ldapconfig['attributes'] );
-				$ldapentries = ldap_get_entries($ds, $sr);
-				
-	
-				for ($i = 0; $i < $ldapentries[0]['count']; $i++) {
-					$values = array();
-					if ($ldapentries[0][$i] == 'jpegphoto') continue;
-					for ($j = 0; $j < $ldapentries[0][$ldapentries[0][$i]]['count']; $j++) {
-						$values[] = $ldapentries[0][$ldapentries[0][$i]][$j];
-					}
-					
-					$attributes[$ldapentries[0][$i]] = $values;
-				}
-	
-				// generelt ldap_next_entry for flere, men bare ett her
-				//print_r($ldapentries);
-				//print_r($attributes);
-				
-				SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
+		if (!$ldap->bind($dn, $pwd)) {
+			SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' failed to authenticate. DN=' . $dn);
+			throw new Exception('Wrong username or password');
+		}
+						
+		$attributes = $ldap->getAttributes($dn, $ldapconfig['attributes']);
+						
+		SimpleSAML_Logger::info('AUTH - ldap-multi: '. $_POST['username'] . ' successfully authenticated');
 				
 				
-				$session->doLogin('login-ldapmulti');
-				$session->setAttributes($attributes);
+		$session->doLogin('login-ldapmulti');
+		$session->setAttributes($attributes);
 				
-				$session->setNameID(array(
-					'value' => SimpleSAML_Utilities::generateID(),
-					'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
+		$session->setNameID(array(
+			'value' => SimpleSAML_Utilities::generateID(),
+			'Format' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'));
 				
-				/**
-				 * Create a statistics log entry for every successfull login attempt.
-				 * Also log a specific attribute as set in the config: statistics.authlogattr
-				 */
-				$authlogattr = $config->getValue('statistics.authlogattr', null);
-				if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
-					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
-				else 
-					SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
+		/**
+		 * Create a statistics log entry for every successfull login attempt.
+		 * Also log a specific attribute as set in the config: statistics.authlogattr
+		 */
+		$authlogattr = $config->getValue('statistics.authlogattr', null);
+		if ($authlogattr && array_key_exists($authlogattr, $attributes)) 
+			SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK ' . $attributes[$authlogattr][0]);
+		else 
+			SimpleSAML_Logger::stats('AUTH-login-ldapmulti OK');
 				
 				
-				$returnto = $_REQUEST['RelayState'];
-				SimpleSAML_Utilities::redirect($returnto);
-	
-			}
-		// ldap_close() om du vil, men frigjoeres naar skriptet slutter
-		}
+		$returnto = $_REQUEST['RelayState'];
+		SimpleSAML_Utilities::redirect($returnto);
 
 	} catch (Exception $e) {
 		
-- 
GitLab