diff options
Diffstat (limited to 'src/web/helpers/ldap.php')
| -rw-r--r-- | src/web/helpers/ldap.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/web/helpers/ldap.php b/src/web/helpers/ldap.php new file mode 100644 index 0000000..f3697cc --- /dev/null +++ b/src/web/helpers/ldap.php @@ -0,0 +1,41 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +function ldap_auth($auth_username, $auth_password) { + $url = getenv("LDAP_URL"); + $bind = getenv("LDAP_BIND_DN"); + $password = getenv("LDAP_BIND_PASSWORD"); + $bound = getenv("LDAP_BASE_DN"); + $filter = getenv("LDAP_FILTER"); + $uid = getenv("LDAP_UID"); + + $conn = @ldap_connect($url); + if (!$conn) { + return NULL; + } + ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); + + $bind_conn = @ldap_bind($conn, $bind, $password); + if (!$bind_conn) { + return NULL; + } + + $search = @ldap_search($conn, $bound, $filter); + + $info = @ldap_get_entries($conn, $search); + $user = NULL; + for ($i=0; $i<$info['count']; $i++) { + $user = $info[$i]; + if (!array_key_exists($uid, $user)) + continue; + if ($user[$uid][0] == $auth_username) + break; + } + + if ($user == NULL) { + return FALSE; + } + + $succ = @ldap_bind($conn, $user['dn'], $auth_password); + return !!$succ; +} + |