diff --git a/app/controllers/AuthController.php b/app/controllers/AuthController.php index 2c522241b3..8a83aa9ebb 100755 --- a/app/controllers/AuthController.php +++ b/app/controllers/AuthController.php @@ -18,6 +18,46 @@ class AuthController extends BaseController return View::make('frontend.auth.signin'); } + + /** + * Authenticates a user to LDAP + * + * @return true if the username and/or password provided are valid + * false if the username and/or password provided are invalid + * + */ + function ldap($username, $password) { + + $ldaphost = Config::get('ldap.url'); + $ldaprdn = Config::get('ldap.username'); + $ldappass = Config::get('ldap.password'); + $baseDn = Config::get('ldap.basedn'); + $filterQuery = Config::get('ldap.authentication.filter.query') . $username; + + // Connecting to LDAP + $connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}"); + + try { + if ($connection) { + // binding to ldap server + $ldapbind = ldap_bind($connection, $ldaprdn, $ldappass); + if ( ($results = @ldap_search($connection, $baseDn, $filterQuery)) !==false ) { + $entry = ldap_first_entry($connection, $results); + if ( ($userDn = @ldap_get_dn($connection, $entry)) !== false ) { + if( ($isBound = ldap_bind($connection, $userDn, $password)) == "true") { + return true; + } + } + } + } + } catch (Exception $e) { + LOG::error($e->getMessage()); + } + ldap_close($connection); + return false; + } + + /** * Account sign in form processing. * @@ -41,9 +81,40 @@ class AuthController extends BaseController } try { - // Try to log the user in - Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0)); - + + /** + * ================================================================= + * Hack in LDAP authentication + */ + + // Try to get the user from the database. + $user = (array) DB::table('users')->where('username', Input::get('username'))->first(); + + if ($user && strpos($user["notes"],'LDAP') !== false) { + LOG::debug("Authenticating user against LDAP."); + if( $this->ldap(Input::get('username'), Input::get('password')) ) { + LOG::debug("valid login"); + $pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10); + $user = Sentry::findUserByLogin( Input::get('username') ); + $user->password = $pass; + $user->save(); + $credentials = array( + 'username' => Input::get('username'), + 'password' => $pass, + ); + Sentry::authenticate($credentials, Input::get('remember-me', 0)); + } + else { + throw new Cartalyst\Sentry\Users\UserNotFoundException(); + } + } + /* ============================================================== */ + else { + LOG::debug("Authenticating user against database."); + // Try to log the user in + Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0)); + } + // Get the page we were before $redirect = Session::get('loginRedirect', 'account');