moved uri parsing into _connect, to allow multiple uri not just multiple hosts and added parameter to constructor to throw exceptions instead of echoing error-messages and returning false on ldapConnect

This commit is contained in:
Ralf Becker 2012-06-04 07:59:07 +00:00
parent 0c6d80d778
commit e1cb2efa1b

View File

@ -1,6 +1,6 @@
<?php <?php
/** /**
* API - LDAP connection handling * EGroupware API - LDAP connection handling
* *
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @author Lars Kneschke <l.kneschke@metaways.de> * @author Lars Kneschke <l.kneschke@metaways.de>
@ -19,26 +19,42 @@
* - SSL: "ldaps://host[:port]/" * - SSL: "ldaps://host[:port]/"
* - TLS: "tls://host[:port]/" * - TLS: "tls://host[:port]/"
* Both require certificats installed on the webserver, otherwise the connection will fail! * Both require certificats installed on the webserver, otherwise the connection will fail!
*
* If multiple (space-separated) ldap hosts or urls are given, try them in order and
* move first successful one to first place in session, to try not working ones
* only once per session.
*/ */
class ldap class ldap
{ {
/** /**
* @var resource $ds holds the LDAP link identifier * Holds the LDAP link identifier
*
* @var resource $ds
*/ */
var $ds; var $ds;
/** /**
* Holds the detected information about the connected ldap server * Holds the detected information about the connected ldap server
* *
* @var ldapserverinfo * @var ldapserverinfo $ldapserverinfo
*/ */
var $ldapServerInfo; var $ldapServerInfo;
/** /**
* the constructor for this class * Throw Exceptions in ldapConnect instead of echoing error and returning false
*
* @var boolean $exception_on_error
*/ */
function __construct() var $exception_on_error=false;
/**
* Constructor
*
* @param boolean $exception_on_error=false true: throw Exceptions in ldapConnect instead of echoing error and returning false
*/
function __construct($exception_on_error=false)
{ {
$this->exception_on_error = $exception_on_error;
$this->restoreSessionData(); $this->restoreSessionData();
} }
@ -70,14 +86,15 @@ class ldap
/** /**
* Connect to ldap server and return a handle * Connect to ldap server and return a handle
* *
* If multiple (space-separated) ldap servers are given, try them in order and * If multiple (space-separated) ldap hosts or urls are given, try them in order and
* move first successful one to first place in session, to try not working ones * move first successful one to first place in session, to try not working ones
* only once per session. * only once per session.
* *
* @param $host ldap host * @param $host='' ldap host, default $GLOBALS['egw_info']['server']['ldap_host']
* @param $dn ldap dn * @param $dn='' ldap dn, default $GLOBALS['egw_info']['server']['ldap_root_dn'] (only if $host default is used!)
* @param $passwd ldap pw * @param $passwd='' ldap pw, default $GLOBALS['egw_info']['server']['ldap_root_pw'] (only if $host default is used!)
* @return resource|boolean resource from ldap_connect() or false on error * @return resource|boolean resource from ldap_connect() or false on error
* @throws egw_exception_assertion_failed 'LDAP support unavailable!' (no ldap extension)
*/ */
function ldapConnect($host='', $dn='', $passwd='') function ldapConnect($host='', $dn='', $passwd='')
{ {
@ -89,30 +106,18 @@ class ldap
$GLOBALS['egw']->log->message('F-Abort, LDAP support unavailable'); $GLOBALS['egw']->log->message('F-Abort, LDAP support unavailable');
$GLOBALS['egw']->log->commit(); $GLOBALS['egw']->log->commit();
} }
if ($this->exception_on_error) throw new egw_exception_assertion_failed('LDAP support unavailable!');
printf('<b>Error: LDAP support unavailable</b><br>',$host); printf('<b>Error: LDAP support unavailable</b><br>',$host);
return False; return False;
} }
if(!$host) if (empty($host))
{ {
$host = $GLOBALS['egw_info']['server']['ldap_host']; $host = $GLOBALS['egw_info']['server']['ldap_host'];
}
if(!$dn)
{
$dn = $GLOBALS['egw_info']['server']['ldap_root_dn']; $dn = $GLOBALS['egw_info']['server']['ldap_root_dn'];
}
if(!$passwd)
{
$passwd = $GLOBALS['egw_info']['server']['ldap_root_pw']; $passwd = $GLOBALS['egw_info']['server']['ldap_root_pw'];
} }
if (($use_tls = substr($host,0,6) == 'tls://'))
{
$port = parse_url($host,PHP_URL_PORT);
$host = parse_url($host,PHP_URL_HOST);
}
// if multiple hosts given, try them all, but only once per session! // if multiple hosts given, try them all, but only once per session!
if (isset($_SESSION) && isset($_SESSION['ldapConnect']) && isset($_SESSION['ldapConnect'][$host])) if (isset($_SESSION) && isset($_SESSION['ldapConnect']) && isset($_SESSION['ldapConnect'][$host]))
{ {
@ -136,6 +141,8 @@ class ldap
' '.function_backtrace()); ' '.function_backtrace());
} }
// give visible error, only if we cant connect to any ldap server // give visible error, only if we cant connect to any ldap server
if ($this->exception_on_error) throw new egw_exception_no_permission("Can't connect/bind to LDAP server '$host' and dn='$dn'!");
echo "<p><b>Error: Can't connect/bind to LDAP server '$host' and dn='$dn'!</b><br />".function_backtrace()."</p>\n"; echo "<p><b>Error: Can't connect/bind to LDAP server '$host' and dn='$dn'!</b><br />".function_backtrace()."</p>\n";
return false; return false;
@ -144,13 +151,18 @@ class ldap
/** /**
* connect to the ldap server and return a handle * connect to the ldap server and return a handle
* *
* @param $host ldap host * @param string $host ldap host
* @param $dn ldap dn * @param string $dn ldap dn
* @param $passwd ldap pw * @param string $passwd ldap pw
* @return resource|boolean resource from ldap_connect() or false on error * @return resource|boolean resource from ldap_connect() or false on error
*/ */
private function _connect($host, $dn, $passwd) private function _connect($host, $dn, $passwd)
{ {
if (($use_tls = substr($host,0,6) == 'tls://'))
{
$port = parse_url($host,PHP_URL_PORT);
$host = parse_url($host,PHP_URL_HOST);
}
// connect to ldap server (never fails, as connection happens in bind!) // connect to ldap server (never fails, as connection happens in bind!)
if(!$this->ds = ldap_connect($host, $port)) if(!$this->ds = ldap_connect($host, $port))
{ {