You are here

function _ldapauth_user_lookup in LDAP integration 6

Same name and namespace in other branches
  1. 5.2 ldapauth.module \_ldapauth_user_lookup()
  2. 5 ldapauth.module \_ldapauth_user_lookup()

Queries LDAP server for the user.

Note: Assumes that global $_ldapauth_ldap variable has been initialized.

Parameters

$name: A login name.

Return value

An array with user's LDAP data or NULL if not found.

1 call to _ldapauth_user_lookup()
_ldapauth_auth in ./ldapauth.module
Authenticate the user against LDAP servers.

File

./ldapauth.module, line 604
ldapauth provides authentication against ldap server.

Code

function _ldapauth_user_lookup($name) {
  global $_ldapauth_ldap;
  if (!$_ldapauth_ldap) {
    return;
  }

  // Transform login name.
  $login_name = ($code = _ldapauth_ldap_info($_ldapauth_ldap
    ->getOption('sid'), 'login_php')) ? eval($code) : $name;

  // If there is no bindn and bindpw - the connect will be an anonymous connect.
  $success = $_ldapauth_ldap
    ->connect($_ldapauth_ldap
    ->getOption('binddn'), $_ldapauth_ldap
    ->getOption('bindpw'));
  if (!$success) {
    watchdog('ldapauth', "Failed to connect to ldap in _ldapauth_user_lookup()", array(), WATCHDOG_ERROR);
    return;
  }
  foreach (explode("\r\n", $_ldapauth_ldap
    ->getOption('basedn')) as $base_dn) {
    if (empty($base_dn)) {
      continue;
    }
    $name_attr = $_ldapauth_ldap
      ->getOption('user_attr') ? $_ldapauth_ldap
      ->getOption('user_attr') : LDAPAUTH_DEFAULT_USER_ATTR;
    $filter = $name_attr . '=' . $login_name;
    $attrs = ldapauth_attributes_needed(LDAPAUTH_SYNC_CONTEXT_AUTHENTICATE_DRUPAL_USER, $_ldapauth_ldap
      ->getOption('sid'));
    $result = $_ldapauth_ldap
      ->search($base_dn, $filter, $attrs);
    if (!$result) {
      continue;
    }
    $num_matches = $result['count'];

    // Must find exactly one user for authentication to.
    if ($num_matches != 1) {
      watchdog('ldapauth', "Error: %num_matches users found with \$%filter under %base_dn.", array(
        '%num_matches' => $num_matches,
        '%filter' => $filter,
        '%base_dn' => $base_dn,
      ), WATCHDOG_ERROR);
      continue;
    }
    $match = $result[0];

    // These lines serve to fix the attribute name in case a
    // naughty server (i.e.: MS Active Directory) is messing the
    // characters' case.
    // This was contributed by Dan "Gribnif" Wilga, and described
    // here: http://drupal.org/node/87833
    if (!isset($match[$name_attr][0])) {
      $name_attr = drupal_strtolower($name_attr);
      if (!isset($match[$name_attr][0])) {
        continue;
      }
    }

    // Finally, we must filter out results with spaces added before
    // or after, which are considered OK by LDAP but are no good for us
    // We allow lettercase independence, as requested by Marc Galera
    // on http://drupal.org/node/97728
    //
    // Some setups have multiple $name_attr per entry, as pointed out by
    // Clarence "sparr" Risher on http://drupal.org/node/102008, so we
    // loop through all possible options.
    foreach ($match[$name_attr] as $value) {
      if (drupal_strtolower(trim($value)) == drupal_strtolower($login_name)) {
        return $match;
      }
    }
  }
}