conn) throw new Exception('LDAP not connected'); $res = ldap_read($this->conn, $groupDN, "(objectClass=*)"); if (!$res) return false; $entries = ldap_get_entries($this->conn, $res); if (!isset($entries[0])) return false; if (!isset($entries[0]['member'])) return false; if (!isset($entries[0]['member']['count'])) return false; $cntMember = $entries[0]['member']['count']; for ($iMember=0; $iMember<$cntMember; $iMember++) { $groupOrUser = $entries[0]['member'][$iMember]; if (strtolower($groupOrUser) == strtolower($userDN)) return true; if ($this->isMemberOfRec($userDN, $groupOrUser)) return true; } return false; } public function __destruct() { $this->disconnect(); } public function disconnect() { if ($this->conn) { //ldap_unbind($this->conn); // commented out because ldap_unbind() kills the link descriptor ldap_close($this->conn); $this->conn = null; } } public function connect($cfg_ldap_server, $cfg_ldap_port=389) { $this->disconnect(); // Connect to the server if (strpos($cfg_ldap_server, '://') !== false) { // e.g. ldap://hostname:port or ldaps://hostname:port $uri = $cfg_ldap_server; } else { $secure = ($cfg_ldap_port == 636) || ($cfg_ldap_port == 3268) || ($cfg_ldap_port == 3269); $schema = $secure ? 'ldaps' : 'ldap'; $uri = $schema . '://' . $cfg_ldap_server . ':' . $cfg_ldap_port; } if (!($ldapconn = @ldap_connect($uri))) throw new Exception(self::_L('Cannot connect to LDAP server')); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); $this->conn = $ldapconn; } public function login($username, $password) { return @ldap_bind($this->conn, $username, $password); } public function getUserInfo($userPrincipalName, $cfg_ldap_base_dn) { $cfg_ldap_user_filter = "(&(objectClass=user)(objectCategory=person)(userPrincipalName=".ldap_escape($userPrincipalName, '', LDAP_ESCAPE_FILTER)."))"; if (!($result = @ldap_search($this->conn,$cfg_ldap_base_dn, $cfg_ldap_user_filter))) throw new Exception(self::_L('Error in search query: %1', ldap_error($this->conn))); $data = ldap_get_entries($this->conn, $result); $ldap_userinfo = array(); if ($data['count'] == 0) return false; /* @phpstan-ignore-line */ $ldap_userinfo = $data[0]; // empty($ldap_userinfo) can happen if the user did not log-in using their correct userPrincipalName (e.g. "username@domainname" instead of "username@domainname.local") return empty($ldap_userinfo) ? false : $ldap_userinfo; } }