LDAP authentication hook
This commit is contained in:
@@ -18,6 +18,46 @@ class AuthController extends BaseController
|
||||
return View::make('frontend.auth.signin');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Authenticates a user to LDAP
|
||||
*
|
||||
* @return true if the username and/or password provided are valid
|
||||
* false if the username and/or password provided are invalid
|
||||
*
|
||||
*/
|
||||
function ldap($username, $password) {
|
||||
|
||||
$ldaphost = Config::get('ldap.url');
|
||||
$ldaprdn = Config::get('ldap.username');
|
||||
$ldappass = Config::get('ldap.password');
|
||||
$baseDn = Config::get('ldap.basedn');
|
||||
$filterQuery = Config::get('ldap.authentication.filter.query') . $username;
|
||||
|
||||
// Connecting to LDAP
|
||||
$connection = ldap_connect($ldaphost) or die("Could not connect to {$ldaphost}");
|
||||
|
||||
try {
|
||||
if ($connection) {
|
||||
// binding to ldap server
|
||||
$ldapbind = ldap_bind($connection, $ldaprdn, $ldappass);
|
||||
if ( ($results = @ldap_search($connection, $baseDn, $filterQuery)) !==false ) {
|
||||
$entry = ldap_first_entry($connection, $results);
|
||||
if ( ($userDn = @ldap_get_dn($connection, $entry)) !== false ) {
|
||||
if( ($isBound = ldap_bind($connection, $userDn, $password)) == "true") {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
LOG::error($e->getMessage());
|
||||
}
|
||||
ldap_close($connection);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Account sign in form processing.
|
||||
*
|
||||
@@ -41,9 +81,40 @@ class AuthController extends BaseController
|
||||
}
|
||||
|
||||
try {
|
||||
// Try to log the user in
|
||||
Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0));
|
||||
|
||||
|
||||
/**
|
||||
* =================================================================
|
||||
* Hack in LDAP authentication
|
||||
*/
|
||||
|
||||
// Try to get the user from the database.
|
||||
$user = (array) DB::table('users')->where('username', Input::get('username'))->first();
|
||||
|
||||
if ($user && strpos($user["notes"],'LDAP') !== false) {
|
||||
LOG::debug("Authenticating user against LDAP.");
|
||||
if( $this->ldap(Input::get('username'), Input::get('password')) ) {
|
||||
LOG::debug("valid login");
|
||||
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);
|
||||
$user = Sentry::findUserByLogin( Input::get('username') );
|
||||
$user->password = $pass;
|
||||
$user->save();
|
||||
$credentials = array(
|
||||
'username' => Input::get('username'),
|
||||
'password' => $pass,
|
||||
);
|
||||
Sentry::authenticate($credentials, Input::get('remember-me', 0));
|
||||
}
|
||||
else {
|
||||
throw new Cartalyst\Sentry\Users\UserNotFoundException();
|
||||
}
|
||||
}
|
||||
/* ============================================================== */
|
||||
else {
|
||||
LOG::debug("Authenticating user against database.");
|
||||
// Try to log the user in
|
||||
Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0));
|
||||
}
|
||||
|
||||
// Get the page we were before
|
||||
$redirect = Session::get('loginRedirect', 'account');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user