function _ldapauth_user_lookup in LDAP integration 5
Same name and namespace in other branches
- 5.2 ldapauth.module \_ldapauth_user_lookup()
- 6 ldapauth.module \_ldapauth_user_lookup()
2 calls to _ldapauth_user_lookup()
File
- ./
ldapauth.module, line 726
Code
function _ldapauth_user_lookup($name) {
global $ldapauth_ldap;
$ret = null;
if (!$ldapauth_ldap) {
return;
}
$row = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE name = '%s'", $ldapauth_ldap
->getOption('name')));
$dn = $row->binddn;
$pass = $row->bindpw;
// If there is no BINDDN and BINDPW -- the connect will be an anonymous connect
$ldapauth_ldap
->connect($dn, $pass);
$possible_base_dns = explode("\r\n", $ldapauth_ldap
->getOption('basedn'));
foreach ($possible_base_dns as $base_dn) {
if (!$base_dn) {
continue;
}
$name_attr = $ldapauth_ldap
->getOption('user_attr') ? $ldapauth_ldap
->getOption('user_attr') : LDAP_DEFAULT_USER_ATTRIBUTE;
$filter = "{$name_attr}={$name}";
$result = $ldapauth_ldap
->search($base_dn, $filter);
if (!$result) {
continue;
}
$num_matches = $result['count'];
// must find exactly one user for authentication to
if ($num_matches != 1) {
watchdog('user', "Error: {$num_matches} users found with {$filter} under {$base_dn}", WATCHDOG_ERROR);
continue;
}
$match = $result[0];
// These lines serve to fix the attribute name in case a
// naughty server (i.e.: MS Active Directory) is messing the
// characters' case.
// This was contributed by Dan "Gribnif" Wilga, and described
// here: http://drupal.org/node/87833
if (!isset($match[$name_attr][0])) {
$name_attr = strtolower($name_attr);
if (!isset($match[$name_attr][0])) {
continue;
}
}
// Finally, we must filter out results with spaces added before
// or after, which are considered OK by LDAP but are no good for us
// We allow lettercase independence, as requested by Marc Galera
// on http://drupal.org/node/97728
//
// Some setups have multiple $name_attr per entry, as pointed out by
// Clarence "sparr" Risher on http://drupal.org/node/102008, so we
// loop through all possible options.
$ok = false;
foreach ($match[$name_attr] as $value) {
if (strtolower($value) == strtolower($name)) {
$ok = true;
break;
}
}
if (!$ok) {
continue;
}
$ret = $match;
}
return $ret;
}