Horde_Auth_Ldap
extends Horde_Auth_Base
in package
The Horde_Auth_Ldap class provides an LDAP implementation of the Horde authentication system.
'preauthenticate' hook should return LDAP connection information in the 'ldap' credentials key.
Tags
Table of Contents
- $_capabilities : array<string|int, mixed>
- An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- $_credentials : array<string|int, mixed>
- The credentials currently being authenticated.
- $_error : array<string|int, mixed>
- Authentication error information.
- $_history_api : Horde_History
- History object.
- $_ldap : Horde_Ldap
- LDAP object
- $_lock_api : Horde_Lock
- Lock object.
- $_logger : Horde_Log_Logger
- Logger object.
- $_params : array<string|int, mixed>
- Hash containing parameters needed for the drivers.
- __construct() : mixed
- Constructor.
- addUser() : mixed
- Add a set of authentication credentials.
- authenticate() : bool
- Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
- exists() : bool
- Checks if $userId exists in the LDAP backend system.
- getCredential() : mixed
- Returns internal credential value(s).
- getError() : mixed
- Returns the error type or message for an invalid authentication.
- getParam() : string
- Returns the named parameter for the current auth driver.
- hasCapability() : bool
- Queries the current driver to find out if it supports the given capability.
- isLocked() : bool|array<string|int, mixed>
- Returns whether a user is currently locked.
- listUsers() : array<string|int, mixed>
- Lists all users in the system.
- lockUser() : mixed
- Locks a user indefinitely or for a specified time.
- removeUser() : mixed
- Remove a set of authentication credentials.
- resetPassword() : string
- Reset a user's password. Used for example when the user does not remember the existing password.
- searchUsers() : array<string|int, mixed>
- Searches the users for a substring.
- setCredential() : mixed
- Sets an internal credential value.
- setError() : mixed
- Sets the error message for an invalid authentication.
- transparent() : bool
- Automatic authentication.
- unlockUser() : mixed
- Unlocks a user and optionally resets the bad login count.
- updateUser() : mixed
- Update a set of authentication credentials.
- validateAuth() : bool
- Checks for triggers that may invalidate the current auth.
- _authenticate() : mixed
- Find out if the given set of login credentials are valid.
- _badLogin() : mixed
- Handles a bad login.
- _lookupShadow() : array<string|int, mixed>
- Checks for shadowLastChange and shadowMin/Max support and returns their values. We will also check for pwdLastSet if Active Directory is support is requested. For this check to succeed we need to be bound to the directory.
- _resetBadLogins() : mixed
- Resets the bad login counter.
- _sort() : array<string|int, mixed>
- Basic sort implementation.
Properties
$_capabilities
An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
protected
array<string|int, mixed>
$_capabilities
= array('add' => \true, 'update' => \true, 'resetpassword' => \true, 'remove' => \true, 'list' => \true, 'authenticate' => \true)
$_credentials
The credentials currently being authenticated.
protected
array<string|int, mixed>
$_credentials
= array('change' => \false, 'credentials' => array(), 'expire' => \null, 'userId' => '')
$_error
Authentication error information.
protected
array<string|int, mixed>
$_error
$_history_api
History object.
protected
Horde_History
$_history_api
$_ldap
LDAP object
protected
Horde_Ldap
$_ldap
$_lock_api
Lock object.
protected
Horde_Lock
$_lock_api
$_logger
Logger object.
protected
Horde_Log_Logger
$_logger
$_params
Hash containing parameters needed for the drivers.
protected
array<string|int, mixed>
$_params
= array()
Methods
__construct()
Constructor.
public
__construct([array<string|int, mixed> $params = array() ]) : mixed
Parameters
- $params : array<string|int, mixed> = array()
-
Required parameters:
'basedn' - (string) [REQUIRED] The base DN for the LDAP server. 'filter' - (string) The LDAP formatted search filter to search for users. This setting overrides the 'objectclass' parameter. 'ldap' - (Horde_Ldap) [REQUIRED] Horde LDAP object. 'objectclass - (string|array): The objectclass filter used to search for users. Either a single or an array of objectclasses. 'uid' - (string) [REQUIRED] The username search key.
Tags
Return values
mixed —addUser()
Add a set of authentication credentials.
public
addUser(string $userId, array<string|int, mixed> $credentials) : mixed
Parameters
- $userId : string
-
The userId to add.
- $credentials : array<string|int, mixed>
-
The credentials to be set.
Tags
Return values
mixed —authenticate()
Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
public
authenticate(string $userId, array<string|int, mixed> $credentials[, bool $login = true ]) : bool
Parameters
- $userId : string
-
The userId to check.
- $credentials : array<string|int, mixed>
-
The credentials to check.
- $login : bool = true
-
Whether to log the user in. If false, we'll only test the credentials and won't modify the current session. Defaults to true.
Return values
bool —Whether or not the credentials are valid.
exists()
Checks if $userId exists in the LDAP backend system.
public
exists(string $userId) : bool
Parameters
- $userId : string
-
User ID for which to check
Tags
Return values
bool —Whether or not $userId already exists.
getCredential()
Returns internal credential value(s).
public
getCredential([mixed $name = null ]) : mixed
Parameters
- $name : mixed = null
-
The credential value to get. If null, will return the entire credential list. Valid names:
- 'change': (boolean) Do credentials need to be changed?
- 'credentials': (array) The credentials needed to authenticate.
- 'expire': (integer) UNIX timestamp of the credential expiration date.
- 'userId': (string) The user ID.
Return values
mixed —The credential information, or null if the credential doesn't exist.
getError()
Returns the error type or message for an invalid authentication.
public
getError([bool $msg = false ]) : mixed
Parameters
- $msg : bool = false
-
If true, returns the message string (if set).
Return values
mixed —Error type, error message (if $msg is true) or false if entry doesn't exist.
getParam()
Returns the named parameter for the current auth driver.
public
getParam(string $param) : string
Parameters
- $param : string
-
The parameter to fetch.
Return values
string —The parameter's value, or null if it doesn't exist.
hasCapability()
Queries the current driver to find out if it supports the given capability.
public
hasCapability(string $capability) : bool
Parameters
- $capability : string
-
The capability to test for.
Return values
bool —Whether or not the capability is supported.
isLocked()
Returns whether a user is currently locked.
public
isLocked(string $userId[, bool $show_details = false ]) : bool|array<string|int, mixed>
Parameters
- $userId : string
-
The user to check.
- $show_details : bool = false
-
Return timeout too?
Tags
Return values
bool|array<string|int, mixed> —If $show_details is a true, an array with 'locked' and 'lock_timeout' values. Whether the user is locked, otherwise.
listUsers()
Lists all users in the system.
public
listUsers([bool $sort = false ]) : array<string|int, mixed>
Parameters
- $sort : bool = false
-
Sort the users?
Tags
Return values
array<string|int, mixed> —The array of userIds.
lockUser()
Locks a user indefinitely or for a specified time.
public
lockUser(string $userId, int $time) : mixed
Parameters
- $userId : string
-
The user to lock.
- $time : int
-
The duration in minutes, 0 = permanent.
Tags
Return values
mixed —removeUser()
Remove a set of authentication credentials.
public
removeUser(string $userId[, string $dn = null ]) : mixed
Parameters
- $userId : string
-
The userId to add.
- $dn : string = null
-
TODO
Tags
Return values
mixed —resetPassword()
Reset a user's password. Used for example when the user does not remember the existing password.
public
resetPassword(string $userId) : string
Parameters
- $userId : string
-
The user id for which to reset the password.
Tags
Return values
string —The new password on success.
searchUsers()
Searches the users for a substring.
public
searchUsers(string $search) : array<string|int, mixed>
Parameters
- $search : string
-
The search term.
Tags
Return values
array<string|int, mixed> —A list of all matching users.
setCredential()
Sets an internal credential value.
public
setCredential(string $type, mixed $value) : mixed
Parameters
- $type : string
-
The credential name to set. See getCredential() for the list of valid credentials/types.
- $value : mixed
-
The credential value to set.
Return values
mixed —setError()
Sets the error message for an invalid authentication.
public
setError(string $type[, string $msg = null ]) : mixed
Parameters
- $type : string
-
The type of error (Horde_Auth::REASON_* constant).
- $msg : string = null
-
The error message/reason for invalid authentication.
Return values
mixed —transparent()
Automatic authentication.
public
transparent() : bool
Transparent authentication should set 'userId', 'credentials', or 'params' in $this->_credentials as needed - these values will be used to set the credentials in the session.
Transparent authentication should normally never throw an error - false should be returned.
Tags
Return values
bool —Whether transparent login is supported.
unlockUser()
Unlocks a user and optionally resets the bad login count.
public
unlockUser(string $userId[, bool $resetBadLogins = false ]) : mixed
Parameters
- $userId : string
-
The user to unlock.
- $resetBadLogins : bool = false
-
Reset bad login counter?
Tags
Return values
mixed —updateUser()
Update a set of authentication credentials.
public
updateUser(string $oldID, string $newID, array<string|int, mixed> $credentials[, string $olddn = null ][, string $newdn = null ]) : mixed
Parameters
- $oldID : string
-
The old userId.
- $newID : string
-
The new userId.
- $credentials : array<string|int, mixed>
-
The new credentials.
- $olddn : string = null
-
The old user DN.
- $newdn : string = null
-
The new user DN.
Tags
Return values
mixed —validateAuth()
Checks for triggers that may invalidate the current auth.
public
validateAuth() : bool
These triggers are independent of the credentials.
Return values
bool —True if the results of authenticate() are still valid.
_authenticate()
Find out if the given set of login credentials are valid.
protected
_authenticate(string $userId, array<string|int, mixed> $credentials) : mixed
Parameters
- $userId : string
-
The userId to check.
- $credentials : array<string|int, mixed>
-
An array of login credentials.
Tags
Return values
mixed —_badLogin()
Handles a bad login.
protected
_badLogin(string $userId) : mixed
Parameters
- $userId : string
-
The user with a bad login.
Tags
Return values
mixed —_lookupShadow()
Checks for shadowLastChange and shadowMin/Max support and returns their values. We will also check for pwdLastSet if Active Directory is support is requested. For this check to succeed we need to be bound to the directory.
protected
_lookupShadow(string $dn) : array<string|int, mixed>
Parameters
- $dn : string
-
The dn of the user.
Return values
array<string|int, mixed> —Array with keys being "shadowlastchange", "shadowmin" "shadowmax", "shadowwarning" and containing their respective values or false for no support.
_resetBadLogins()
Resets the bad login counter.
protected
_resetBadLogins(string $userId) : mixed
Parameters
- $userId : string
-
The user to reset.
Tags
Return values
mixed —_sort()
Basic sort implementation.
protected
_sort(array<string|int, mixed> $users, bool $sort) : array<string|int, mixed>
If the backend has listUsers and doesn't have a native sorting option, fall back to this method.
Parameters
- $users : array<string|int, mixed>
-
An array of usernames.
- $sort : bool
-
Whether to sort or not.
Return values
array<string|int, mixed> —the users, sorted or not