function _ldapauth_user_lookup in LDAP integration 6
Same name and namespace in other branches
- 5.2 ldapauth.module \_ldapauth_user_lookup()
- 5 ldapauth.module \_ldapauth_user_lookup()
Queries LDAP server for the user.
Note: Assumes that global $_ldapauth_ldap variable has been initialized.
Parameters
$name: A login name.
Return value
An array with user's LDAP data or NULL if not found.
1 call to _ldapauth_user_lookup()
- _ldapauth_auth in ./
ldapauth.module - Authenticate the user against LDAP servers.
File
- ./
ldapauth.module, line 604 - ldapauth provides authentication against ldap server.
Code
function _ldapauth_user_lookup($name) {
global $_ldapauth_ldap;
if (!$_ldapauth_ldap) {
return;
}
// Transform login name.
$login_name = ($code = _ldapauth_ldap_info($_ldapauth_ldap
->getOption('sid'), 'login_php')) ? eval($code) : $name;
// If there is no bindn and bindpw - the connect will be an anonymous connect.
$success = $_ldapauth_ldap
->connect($_ldapauth_ldap
->getOption('binddn'), $_ldapauth_ldap
->getOption('bindpw'));
if (!$success) {
watchdog('ldapauth', "Failed to connect to ldap in _ldapauth_user_lookup()", array(), WATCHDOG_ERROR);
return;
}
foreach (explode("\r\n", $_ldapauth_ldap
->getOption('basedn')) as $base_dn) {
if (empty($base_dn)) {
continue;
}
$name_attr = $_ldapauth_ldap
->getOption('user_attr') ? $_ldapauth_ldap
->getOption('user_attr') : LDAPAUTH_DEFAULT_USER_ATTR;
$filter = $name_attr . '=' . $login_name;
$attrs = ldapauth_attributes_needed(LDAPAUTH_SYNC_CONTEXT_AUTHENTICATE_DRUPAL_USER, $_ldapauth_ldap
->getOption('sid'));
$result = $_ldapauth_ldap
->search($base_dn, $filter, $attrs);
if (!$result) {
continue;
}
$num_matches = $result['count'];
// Must find exactly one user for authentication to.
if ($num_matches != 1) {
watchdog('ldapauth', "Error: %num_matches users found with \$%filter under %base_dn.", array(
'%num_matches' => $num_matches,
'%filter' => $filter,
'%base_dn' => $base_dn,
), WATCHDOG_ERROR);
continue;
}
$match = $result[0];
// These lines serve to fix the attribute name in case a
// naughty server (i.e.: MS Active Directory) is messing the
// characters' case.
// This was contributed by Dan "Gribnif" Wilga, and described
// here: http://drupal.org/node/87833
if (!isset($match[$name_attr][0])) {
$name_attr = drupal_strtolower($name_attr);
if (!isset($match[$name_attr][0])) {
continue;
}
}
// Finally, we must filter out results with spaces added before
// or after, which are considered OK by LDAP but are no good for us
// We allow lettercase independence, as requested by Marc Galera
// on http://drupal.org/node/97728
//
// Some setups have multiple $name_attr per entry, as pointed out by
// Clarence "sparr" Risher on http://drupal.org/node/102008, so we
// loop through all possible options.
foreach ($match[$name_attr] as $value) {
if (drupal_strtolower(trim($value)) == drupal_strtolower($login_name)) {
return $match;
}
}
}
}