Ldap Adapter

This adapter authenticates against active directory using LDAP. If you know the DN format, you and pass that to the constructor. If you don't know it, then you can pass bind options to find the user's DN.

Example 1: Known DN format

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php

use Vespula\Auth\Session\Session;
use Vespula\Auth\Auth;
use Vespula\Auth\Adapter\Text;

$session = new Session();

$uri = 'ldap.mycompany.org';

//%s replaced by username internally
$dn = 'cn=%s,OU=Users,OU=MyCompany,OU=Edmonton,OU=Alberta';

$ldap_options = [
    LDAP_OPT_PROTOCOL_VERSION=>3,
    LDAP_OPT_REFERRALS=>0
];

// These attributes populate the `getUserdata()` array.
// Use array keys for aliases, values for the LDAP attribute name.
// Note: Be sure to define keys for all attributes or none of them. Otherwise
// there will be integer indexed attribute values.
$attributes = [
    'email' => 'email',
    'firstName' => 'givenname',
    'lastName' => 'sn'
];

$adapter = new Ldap($uri, $dn, null, $ldap_options, $attributes);
$auth = new Auth($adapter, $session);

if ('login button pushed logic') {
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
    $credentials = [
        'username'=>$username,
        'password'=>$password
    ];
    $auth->login($credentials);
    if ($auth->isValid()) {
        // display message, redirect, etc.
        $userdata = $auth->getUserdata();
        echo 'Hello, ' . $auth->getUsername();
        echo 'Your fullname is ' . $userdata['givenname'];
        // Or...
        echo 'Your fullname is ' . $auth->getUserdata('givenname');
    } else {
        // no luck, bad password or username
    }
}

if ('logout link clicked') {
    $auth->logout();
    // bye bye
    // $auth->isAnon() should return true
}

Example 2: Unknown DN format

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<?php

use Vespula\Auth\Session\Session;
use Vespula\Auth\Auth;
use Vespula\Auth\Adapter\Text;

$session = new Session();
$uri = 'ldap.mycompany.org';

// Specify bind options to look up the user's dn
$bind_options = [
    'basedn'=>'OU=MyCompany,OU=Edmonton,OU=Alberta',
    'binddn'=>'cn=specialuser,OU=MyCompany,OU=Edmonton,OU=Alberta',
    'bindpw'=>'********',
    'filter'=>'cn=%s' // How to find the particular user in the base dn
];


$ldap_options = [
    LDAP_OPT_PROTOCOL_VERSION=>3,
    LDAP_OPT_REFERRALS=>0
];

// Example without aliases
$attributes = [
    'email',
    'givenname'
];

$adapter = new Ldap($uri, null, $bind_options, $ldap_options, $attributes);
$auth = new Auth($adapter, $session);

if ('login button pushed logic') {
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $password = filter_input(INPUT_POST, 'password', FILTER_DEFAULT);
    $credentials = [
        'username'=>$username,
        'password'=>$password
    ];
    $auth->login($credentials);
    if ($auth->isValid()) {
        // display message, redirect, etc.
        $userdata = $auth->getUserdata();
        echo 'Hello, ' . $auth->getUsername();
        echo 'Your fullname is ' . $userdata['givenname'];
        // Or...
        echo 'Your fullname is ' . $auth->getUserdata('givenname');
    } else {
        // no luck, bad password or username
    }
}

if ('logout link clicked') {
    $auth->logout();
    // bye bye
    // $auth->isAnon() should return true
}

Modifying Escape Characters

The LDAP adapter automatically escapes the username using PHP's addcslashes(). The default escape characters are \\&!|=<>,+-"\';(). So, for example, if you had a username that was my-username, the adapter would escape the - which would result in my\-username. This likely would fail. So, if you need to modify the escape characters, you can use the $apapter->setEscapeChars() method.