My class in two thread :mad:
<?php
/**
* LDAP Authentication
*
* This plugin replaces the RoundCube login page with authentication requests
* to a LDAP server, which enables logging into RoundCube with identities
* authenticated by the LDAP server
*
* @version 0.1
* @author jf
*
*/
class ldap_authentication extends rcube_plugin {
/*
* Connection and bind default variables
*
* @var mixed
* @var mixed
*/
private $ldap_inited = false;
private $_conn = false;
private $_bind = false;
protected $_use_tls = false;
protected $_ldap_bind_username = NULL;
protected $_ldap_bind_password = NULL;
protected $_use_authentication = false;
protected $_base_dn = "DC=mydomain,DC=local";
protected $_ldap_hostname = "ldap.mydomain.be";
/**
* Initialize plugin
*
*/
function init() {
$ldap_inited = false;
// load plugin configurations
$this->load_config();
// add application hooks
$this->add_hook('authenticate', array($this, 'authenticate'));
$this->add_hook('user_create', array($this, 'user_create'));
$this->add_hook('login_failed', array($this, 'login_failed'));
}
/**
* Inject authentication credentials
*
* @param array $args arguments from rcmail
* @return array modified arguments
*/
function authenticate($args) {
// retrieve configurations
$rcmail = rcmail::get_instance();
$cfg = $rcmail->config->all();
// initialize ldap client
$this->ldap_init($cfg);
/*
* if you want to check ldap user valid
*/
if ($this->_use_authentication) {
$this->_bind = @ldap_bind($this->_conn, $args['user'], $args['pass']);
return false;
}
return $args;
}
/*
* When a somebody logs in the first time and a local user is created.
*/
function user_create($args) {
$rcmail = rcmail::get_instance();
$attributes = array($rcmail->config->get('ldap_create_uid'), $rcmail->config->get('ldap_create_email'));
$attributes = array_merge($attributes, $rcmail->config->get('ldap_create_name'));
if(!$this->_conn) return false;
$res = ldap_search($this->_conn,
$rcmail->config->get('ldap_base_dn'),
preg_replace('/%u/', $args['user'], $rcmail->config->get('ldap_filter')), $attributes);
if (!$res)
ldapException("Error in search query " . $this->get_last_error() . $e->getMessage());
try {
$rows = ldap_get_entries($this->_conn, $res);
if ($rows["count"] == 0 OR !$rows) {
new ldapException("user " . $args['user'] . " not found with query " . $rcmail->config->get('ldap_filter') . "And params : " . $this->_conn .
"Base :" . $rcmail->config->get('ldap_base_dn') .
preg_replace('/%u/', $args['user'], $rcmail->config->get('ldap_filter')) . " Attributes: ");
new ldapException($attributes);
}
$userName = '';
foreach ($rcmail->config->get('ldap_create_name') as $val) {
$userName .= $rows[0][$val][0] . ' ';
}
$userName = trim($userName);
$args['user'] = $rows[0][$rcmail->config->get('ldap_create_uid')][0];
$args['user_name'] = $userName;
$args['user_email'] = $rows[0][$rcmail->config->get('ldap_create_email')][0];
} catch (ldapException $e) {
ldapException("Error in search query " . $this->get_last_error());
}
return $args;
}
/**
* Intercept login failure
*
* @param array $args arguments from rcmail
* @return array modified arguments
*/
function login_failed($args) {
// retrieve rcmail instance
$rcmail = rcmail::get_instance();
// compose error page content
global $__page_content, $__error_title, $__error_text;
$__error_title = "LDAP LOGIN FAILED";
$__error_text = <<<EOF
Could not log into your LDAP service. The service may be interrupted, or you may not be authorized to access the service.<br />
Please contact the administrator.<br />
EOF;
$__page_content = <<<EOF
<div>
<h3 class="error-title">$__error_title</h3>
<p class="error-text">$__error_text</p>
</div>
EOF;
// redirect to error page
$rcmail->output->reset();
$rcmail->output->send('error');
// kill current session
$rcmail->kill_session();
// end script
exit;
}
/**
* Set the domain controllers array
*
* @param array $_domain_controllers
* @return void
*/
public function set_ldap_hostname(array $_ldap_hostname) {
$this->_ldap_hostname = $_ldap_hostname;
}
/**
* Get the list of domain controllers
*
* @return void
*/
public function get_ldap_hostname() {
return $this->_ldap_hostname;
}
/**
* Set the username of an account with higher priviledges
*
* @param string $_dn_username
* @return void
*/
public function set_ldap_bind_username($_ad_username) {
$this->_ldap_bind_username = $_ldap_bind_username;
}
/**
* Get the username of the account with higher priviledges
*
* This will throw an exception for security reasons
*/
public function get_ldap_bind_username() {
throw new ldapException('For security reasons you cannot access the domain administrator account details');
}
/**
* Set the password of an account with higher priviledges
*
* @param string $_dn_password
* @return void
*/
public function set_ldap_bind_password($_ad_password) {
$this->_ldap_bind_password = $_ldap_bind_password;
}
/**
* Get the password of the account with higher priviledges
*
* This will throw an exception for security reasons
*/
public function get_ldap_bind_password() {
throw new ldapException('For security reasons you cannot access the domain administrator account details');
}
/**
* Set whether to use SSL
*
* @param bool $_use_ssl
* @return void
*/
public function set_use_ssl($_use_ssl) {
$this->_use_ssl = $_use_ssl;
}
/**
* Get the SSL setting
*
* @return bool
*/
public function get_use_ssl() {
return $this->_use_ssl;
}
/**
* Set whether to use TLS
*
* @param bool $_use_tls
* @return void
*/
public function set_use_tls($_use_tls) {
$this->_use_tls = $_use_tls;
}
/**
* Get the TLS setting
*
* @return bool
*/
public function get_use_tls() {
return $this->_use_tls;
}
/**
* Set whether to use authentication
*
* @param bool $_use_authentication
* @return void
*/
public function set_use_authentication($_use_authentication) {
$this->_use_authentication = $_use_authentication;
}
/**
* Get the use authentication setting
*
* @return bool
*/
public function get_use_authentication() {
return $this->_use_authentication;
}