I'm going to post this to the group, in hopes that others might find
it useful as well.
This is what I'm using to do my LDAP stuff in my app. This model
lives on a PHP5 system, so it might take a little bit of twiddling to
get it running on a PHP4 install.
It works with LDAP users as well as LDAP groups, and although it is
in sore need of refactoring, I present it here, mostly just to show
you how it might be implemented in Cake:
<?
class LdapUser extends AppModel
{
var $useTable = false;
var $name = 'LdapUser';
var $host = 'ldap.example.com';
var $port = 389;
var $baseDn = 'dc=example,dc=com';
var $user = 'cn=admin,dc=example,dc=com';
var $pass = 'secretgoeshere';
var $validate = array(
'givenName' => VALID_NOT_EMPTY,
'sn' => VALID_NOT_EMPTY
);
var $ds;
var $inetOrgPersonAttributes = array(
'givenName',
'sn',
'title',
'street',
'l',
'st',
'postalCode',
'telephoneNumber',
'homePhone',
'mobile',
'mail',
'ou'
);
var $ouAttributes = array(
'postalAddress',
'l',
'st',
'postalCode',
'telephoneNumber',
'facsimileTelephoneNumber'
);
function __construct()
{
parent::__construct();
$this->ds = ldap_connect($this->host, $this->port);
ldap_set_option($this->ds,
LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($this->ds, $this->user, $this->pass);
}
function __destruct()
{
ldap_close($this->ds);
}
function auth($uid, $password)
{
$result = $this->findAll('uid', $uid);
if($result[0])
{
if (ldap_bind($this->ds, $result[0]['dn'],
$password))
{
return true;
}
else
{
return false;
}
}
}
function findAll($attribute = 'uid', $value = '*', $baseDn =
'ou=People,dc=example,dc=com')
{
$r = ldap_search($this->ds, $baseDn, $attribute .
'=' . $value);
if ($r)
{
//if the result contains entries with surnames,
//sort by surname:
ldap_sort($this->ds, $r, "sn");
return ldap_get_entries($this->ds, $r);
}
}
function findAllMulti($search, $baseDn = 'dc=example,dc=com')
{
$r = ldap_search($this->ds, $baseDn, $search);
if ($r)
{
ldap_sort($this->ds, $r, "ou");
return ldap_get_entries($this->ds, $r);
}
}
function add($data)
{
$data = $this->cleanArray($data);
$r = ldap_bind($this->ds,
'cn=admin,dc=example,dc=com', 'secretgoeshere');
$cn = 'cn=' . $data['cn'] . ',ou=' . $data['ou'] .
',ou=People,dc=example,dc=com';
$r = ldap_add($this->ds, $cn, $data);
if (ldap_error($this->ds) != 'Success')
{
$_SESSION['error_message'] = ldap_error
($this->ds);
return false;
}
return true;
}
function addGroup($data)
{
$data = $this->cleanArray(@$data);
$r = ldap_bind($this->ds,
'cn=admin,dc=example,dc=com', 'secretgoeshere');
$cn = 'ou=' . $data['ou'] .
',ou=People,dc=example,dc=com';
$r = ldap_add($this->ds, $cn, $data);
if (ldap_error($this->ds) != 'Success')
{
$_SESSION['error_message'] = ldap_error
($this->ds);
return false;
}
return true;
}
function modify($oldCn, $data)
{
$data = $this->cleanArray(@$data);
unset($data['objectClass']);
unset($data['cn']);
$r = ldap_bind($this->ds,
'cn=admin,dc=example,dc=com', 'secretgoeshere');
$cn = 'cn=' . $oldCn . ',ou=' . $data['ou'] .
',ou=People,dc=example,dc=com';
$r = ldap_modify($this->ds, $cn, $data);
if (ldap_error($this->ds) != 'Success')
{
$_SESSION['error_message'] = ldap_error
($this->ds);
return false;
}
foreach($this->inetOrgPersonAttributes as $attr)
{
if (!empty($data[$attr]) === false)
{
$todel[strtolower($attr)] = array();
//Remove elements that were empty
upon submission
ldap_mod_del($this->ds, $cn, $todel);
}
}
return true;
}
function modifyOu($oldOu, $data)
{
$data = $this->cleanArray($data);
unset($data['objectClass']);
unset($data['cn']);
$r = ldap_bind($this->ds,
'cn=admin,dc=example,dc=com', 'secretgoeshere');
$cn = 'ou=' . $data['ou'] .
',ou=People,dc=example,dc=com';
$r = ldap_modify($this->ds, $cn, $data);
if (ldap_error($this->ds) != 'Success')
{
$_SESSION['error_message'] = ldap_error
($this->ds);
return false;
}
foreach($this->ouAttributes as $attr)
{
if (!empty($data[$attr]) === false)
{
$todel[strtolower($attr)] = array();
//Remove elements that were empty
upon submission
ldap_mod_del($this->ds, $cn, $todel);
}
}
return true;
}
function delete($oldCn)
{
$r = ldap_bind($this->ds,
'cn=admin,dc=example,dc=com', 'secretgoeshere');
$deadMeat = $this->findAll('cn', $oldCn);
$cn = 'cn=' . $deadMeat[0]['cn'][0] . ',ou=' .
$deadMeat[0]['ou'][0] . ',ou=People,dc=example,dc=com';
$r = ldap_delete($this->ds, $cn);
if (ldap_error($this->ds) != 'Success')
{
$_SESSION['error_message'] = ldap_error
($this->ds);
return false;
}
return true;
}
function cleanArray($data)
{
//Remove empty array values
$keys = array_keys($data);
for($i = 0; $i < count($keys); $i++)
{
if (!$data[$keys[$i]] || $data[$keys[$i]] ==
"") {
unset($data[$keys[$i]]);
}
}
if(!$data['uid'])
{
unset($data['uid']);
}
return $data;
}
}
?>
-- John
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/cake-php
-~----------~----~----~----~------~----~------~--~---
