central function for LDAP connect

This commit is contained in:
Roland Gruber 2017-10-07 14:45:15 +02:00
parent 4f3eb2f7bb
commit b227a55a2b
2 changed files with 28 additions and 13 deletions

View File

@ -629,6 +629,30 @@ function escapeDN($dn) {
); );
} }
/**
* Connects to an LDAP server using the given URL.
*
* @param string $serverURL URL
*/
function connectToLDAP($serverURL, $startTLS) {
$server = ldap_connect($serverURL);
if (!$server) {
return null;
}
// use LDAPv3
ldap_set_option($server, LDAP_OPT_PROTOCOL_VERSION, 3);
// start TLS if possible
if ($startTLS) {
ldap_start_tls($server);
if (ldap_errno($server) != 0) {
ldap_close($server);
logNewMessage(LOG_ERR, 'Unable to start TLS encryption. Please check if your server certificate is valid and if the LDAP server supports TLS at all.');
return null;
}
}
return $server;
}
/** /**
* This will search the given LDAP suffix for all entries which have the given attribute. * This will search the given LDAP suffix for all entries which have the given attribute.
* *

View File

@ -95,22 +95,13 @@ class Ldap{
} }
// save password und username encrypted // save password und username encrypted
$this->encrypt_login($user, $passwd); $this->encrypt_login($user, $passwd);
$this->server = @ldap_connect($this->conf->get_ServerURL()); $startTLS = $this->conf->getUseTLS();
if ($this->server) { $startTLS = ($startTLS === 'yes');
// use LDAPv3 $this->server = connectToLDAP($this->conf->get_ServerURL(), $startTLS);
ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3); if ($this->server != null) {
// referral following // referral following
$followReferrals = ($this->conf->getFollowReferrals() === 'true') ? 1 : 0; $followReferrals = ($this->conf->getFollowReferrals() === 'true') ? 1 : 0;
ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals); ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
// start TLS if specified
$useTLS = $this->conf->getUseTLS();
if (isset($useTLS) && ($useTLS == "yes")) {
@ldap_start_tls($this->server);
if (ldap_errno($this->server) != 0) {
logNewMessage(LOG_ERR, 'Unable to start TLS encryption. Please check if your server certificate is valid and if the LDAP server supports TLS at all.');
return ldap_errno($this->server);
}
}
$bind = @ldap_bind($this->server, $user, $passwd); $bind = @ldap_bind($this->server, $user, $passwd);
if ($bind) { if ($bind) {
$return = ldap_errno($this->server); $return = ldap_errno($this->server);