function _ldapauth_auth in LDAP integration 6

Authenticate the user against LDAP servers.

Note: Related server information is passed via the global _ldapauth_ldap variable.

Parameters

$name: A username.

$pass: A password.

Return value

User's LDAP dn success, FALSE otherwise.

1 call to _ldapauth_auth()

ldapauth_authenticate in ./ldapauth.module

Main user authentication function. Called by form validator.

File

./ldapauth.module, line 547

ldapauth provides authentication against ldap server.

Code

function _ldapauth_auth($name, $pass, $create_account = FALSE) {
  global $_ldapauth_ldap;

  // Don't allow empty passwords because they cause problems on some setups.
  // http://drupal.org/node/87831
  if (empty($pass)) {
    return FALSE;
  }

  // Cycle through LDAP configurations.  First one to succeed wins.
  $result = db_query("SELECT sid FROM {ldapauth} WHERE status = 1 ORDER BY weight");
  while ($row = db_fetch_object($result)) {

    // Initialize LDAP.
    if (!_ldapauth_init($row->sid)) {
      return FALSE;
    }

    // Look up the user in LDAP.
    if (!($ldap = _ldapauth_user_lookup($name)) || !isset($ldap['dn'])) {
      continue;
    }

    // Filter users based on their LDAP data.
    if (($code = _ldapauth_ldap_info($row->sid, 'filter_php')) && !eval($code)) {
      continue;
    }

    // Try to authenticate.
    if (!$_ldapauth_ldap
      ->connect($ldap['dn'], $pass)) {
      ldapauth_debug_msg(t("authenticate: Matching LDAP entry found, but password was not valid. sid=@sid, dn=@dn", array(
        '@dn' => $ldap['dn'],
        '@sid' => $row->sid,
      )));
      continue;
    }

    // Register this new user.  See http://drupal.org/node/553482 and http://drupal.org/node/551738
    if ($create_account) {
      $error = '';
      $account = ldapauth_drupal_user_create($_ldapauth_ldap, $name, $ldap['dn'], $error);
      if ($account === FALSE) {
        drupal_set_message(check_plain($error), 'error');
        return;
      }
    }
    return $ldap['dn'];
  }
  return FALSE;
}