Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
roundcubemail-plugins-kolab/plugins/ldap_authentication/ldap_authentication.php
Aleksander Machniak 5271b6e787 Use consistent PHP code style
2024-01-24 11:24:41 +01:00

143 lines
4.5 KiB
PHP
Raw Permalink Blame History

<?php
/**
* LDAP Authentication
*
* Authenticate on LDAP server, finds canonized authentication ID for IMAP
* and for new users create identity based on LDAP information.
*
* @version @package_version@
* @author Aleksander Machniak <machniak@kolabsys.com>
*
* Copyright (C) 2011, Kolab Systems AG <contact@kolabsys.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
class ldap_authentication extends rcube_plugin
{
public $task = 'login';
private $ldap;
private $data = [];
public function init()
{
$this->add_hook('authenticate', [$this, 'authenticate']);
$this->add_hook('user_create', [$this, 'user_create']);
}
public function user_create($args)
{
if (!empty($this->data['user_email'])) {
$args['user_email'] = $this->data['user_email'];
}
if (!empty($this->data['user_name'])) {
$args['user_name'] = $this->data['user_name'];
}
return $args;
}
public function authenticate($args)
{
if ($this->init_ldap()) {
$rcmail = rcube::get_instance();
$filter = $rcmail->config->get('ldap_authentication_filter');
$domain = $rcmail->config->get('username_domain');
// get username and host
$user = $args['user'];
$host = rcube_utils::parse_host($args['host']);
if (!empty($domain) && strpos($user, '@') === false) {
if (is_array($domain) && isset($domain[$args['host']])) {
$user .= '@' . rcube_utils::parse_host($domain[$host], $host);
} elseif (is_string($domain)) {
$user .= '@' . rcube_utils::parse_host($domain, $host);
}
}
// replace variables in filter
[$u, $d] = explode('@', $user);
$dc = 'dc=' . strtr($d, ['.' => ',dc=']); // hierarchal domain string
$replaces = ['%dc' => $dc, '%d' => $d, '%fu' => $user, '%u' => $u];
$filter = strtr($filter, $replaces);
// get record
$this->ldap->set_filter($filter);
$results = $this->ldap->list_records();
if (count($results->records) == 1) {
$record = $results->records[0];
$login_attr = $rcmail->config->get('ldap_authentication_login');
$name_attr = $rcmail->config->get('ldap_authentication_name');
if ($login_attr) {
$this->data['user_login'] = is_array($record[$login_attr]) ? $record[$login_attr][0] : $record[$login_attr];
}
if ($name_attr) {
$this->data['user_name'] = is_array($record[$name_attr]) ? $record[$name_attr][0] : $record[$name_attr];
}
if ($this->data['user_login']) {
$args['user'] = $this->data['user_login'];
}
}
}
return $args;
}
private function init_ldap()
{
if ($this->ldap) {
return $this->ldap->ready;
}
$this->load_config();
$rcmail = rcube::get_instance();
$addressbook = $rcmail->config->get('ldap_authentication_addressbook');
if (!is_array($addressbook)) {
$ldap_config = (array)$rcmail->config->get('ldap_public');
$addressbook = $ldap_config[$addressbook];
}
if (empty($addressbook)) {
return false;
}
$this->ldap = new ldap_authentication_ldap_backend(
$addressbook,
$rcmail->config->get('ldap_debug'),
$rcmail->config->mail_domain($_SESSION['imap_host'])
);
return $this->ldap->ready;
}
}
class ldap_authentication_ldap_backend extends rcube_ldap
{
public function set_filter($filter)
{
if ($filter) {
$this->prop['filter'] = $filter;
}
}
}
Reference in a new issue View git blame Copy permalink