1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
<?php
/*
** Zabbix
** Copyright (C) 2001-2021 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
/**
* A class for validating LDAP credentials.
*/
class CLdapAuthValidator extends CValidator {
public $conf = [
'host' => null,
'port' => null,
'base_dn' => null,
'bind_dn' => null,
'bind_password' => null,
'search_attribute' => null
];
/**
* Switch between more detailed or more generic error message mode.
*
* @var type
*/
protected $detailed_errors = false;
/**
* Checks if the given user name and password are valid.
*
* The $value array must have the following attributes:
* - user - user name
* - password - password
*
* @param array $value
*
* @return bool
*/
public function validate($value) {
$status = false;
$ldap = new CLdap($this->conf);
$status = $ldap->checkPass($value['user'], $value['password']);
if (!$status) {
$this->setError($ldap->error);
}
return $status;
}
/**
* Return error message.
*
* @return string
*/
public function getError() {
$error = parent::getError();
$messages = [
CLdap::ERR_PHP_EXTENSION => _('PHP LDAP extension missing.'),
CLdap::ERR_SERVER_UNAVAILABLE => _('Cannot connect to LDAP server.'),
CLdap::ERR_BIND_FAILED => _('Cannot bind to LDAP server.'),
CLdap::ERR_BIND_ANON_FAILED => _('Cannot bind anonymously to LDAP server.'),
CLdap::ERR_OPT_PROTOCOL_FAILED => _('Setting LDAP protocol failed.'),
CLdap::ERR_OPT_TLS_FAILED => _('Starting TLS failed.'),
CLdap::ERR_OPT_REFERRALS_FAILED => _('Setting LDAP referrals to "Off" failed.'),
CLdap::ERR_OPT_DEREF_FAILED => _('Setting LDAP dereferencing mode failed.')
];
$messages[CLdap::ERR_USER_NOT_FOUND] = $this->detailed_errors
? _('Login name or password is incorrect.')
: _('Incorrect user name or password or account is temporarily blocked.');
return array_key_exists($error, $messages) ? $messages[$error] : '';
}
/**
* Check if connection error.
*
* @return bool
*/
public function isConnectionError() {
return (parent::getError() !== CLdap::ERR_USER_NOT_FOUND);
}
}
|
