Horde_Auth_Msad
extends Horde_Auth_Ldap
in package
The Horde_Auth_Msad class provides an experimental MSAD extension of the LDAP implementation of the Horde authentication system.
Tags
Table of Contents
- $_capabilities : array<string|int, mixed>
- An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
- $_credentials : array<string|int, mixed>
- The credentials currently being authenticated.
- $_error : array<string|int, mixed>
- Authentication error information.
- $_history_api : Horde_History
- History object.
- $_ldap : Horde_Ldap
- LDAP object
- $_lock_api : Horde_Lock
- Lock object.
- $_logger : Horde_Log_Logger
- Logger object.
- $_params : array<string|int, mixed>
- Hash containing parameters needed for the drivers.
- __construct() : mixed
- Constructor.
- addUser() : mixed
- Add a set of authentication credentials.
- authenticate() : bool
- Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
- exists() : bool
- Checks if $userId exists in the system.
- getCredential() : mixed
- Returns internal credential value(s).
- getError() : mixed
- Returns the error type or message for an invalid authentication.
- getParam() : string
- Returns the named parameter for the current auth driver.
- hasCapability() : bool
- Queries the current driver to find out if it supports the given capability.
- isLocked() : bool|array<string|int, mixed>
- Returns whether a user is currently locked.
- listUsers() : mixed
- Lists all users in the system.
- lockUser() : mixed
- Locks a user indefinitely or for a specified time.
- removeUser() : mixed
- Remove a set of authentication credentials.
- resetPassword() : string
- Reset a user's password. Used for example when the user does not remember the existing password.
- searchUsers() : array<string|int, mixed>
- Searches the users for a substring.
- setCredential() : mixed
- Sets an internal credential value.
- setError() : mixed
- Sets the error message for an invalid authentication.
- transparent() : bool
- Automatic authentication.
- unlockUser() : mixed
- Unlocks a user and optionally resets the bad login count.
- updateUser() : mixed
- Update a set of authentication credentials.
- validateAuth() : bool
- Checks for triggers that may invalidate the current auth.
- _authenticate() : mixed
- Authentication stub.
- _badLogin() : mixed
- Handles a bad login.
- _connect() : mixed
- Does an ldap connect and binds as the guest user.
- _findDN() : string
- Find the user dn
- _lookupShadow() : array<string|int, mixed>
- Checks for shadowLastChange and shadowMin/Max support and returns their values. We will also check for pwdLastSet if Active Directory is support is requested. For this check to succeed we need to be bound to the directory.
- _resetBadLogins() : mixed
- Resets the bad login counter.
- _sort() : array<string|int, mixed>
- Basic sort implementation.
Properties
$_capabilities
An array of capabilities, so that the driver can report which operations it supports and which it doesn't.
protected
array<string|int, mixed>
$_capabilities
= array('add' => \false, 'authenticate' => \true, 'groups' => \false, 'list' => \false, 'resetpassword' => \false, 'remove' => \false, 'transparent' => \false, 'update' => \false, 'badlogincount' => \false, 'lock' => \false)
$_credentials
The credentials currently being authenticated.
protected
array<string|int, mixed>
$_credentials
= array('change' => \false, 'credentials' => array(), 'expire' => \null, 'userId' => '')
$_error
Authentication error information.
protected
array<string|int, mixed>
$_error
$_history_api
History object.
protected
Horde_History
$_history_api
$_ldap
LDAP object
protected
Horde_Ldap
$_ldap
$_lock_api
Lock object.
protected
Horde_Lock
$_lock_api
$_logger
Logger object.
protected
Horde_Log_Logger
$_logger
$_params
Hash containing parameters needed for the drivers.
protected
array<string|int, mixed>
$_params
= array()
Methods
__construct()
Constructor.
public
__construct([array<string|int, mixed> $params = array() ]) : mixed
Parameters
- $params : array<string|int, mixed> = array()
-
A hash containing connection parameters.
Tags
Return values
mixed —addUser()
Add a set of authentication credentials.
public
addUser(string $accountName, array<string|int, mixed> $credentials) : mixed
Parameters
- $accountName : string
-
The user sAMAccountName to find.
- $credentials : array<string|int, mixed>
-
The credentials to be set.
Tags
Return values
mixed —authenticate()
Finds out if a set of login credentials are valid, and if requested, mark the user as logged in in the current session.
public
authenticate(string $userId, array<string|int, mixed> $credentials[, bool $login = true ]) : bool
Parameters
- $userId : string
-
The userId to check.
- $credentials : array<string|int, mixed>
-
The credentials to check.
- $login : bool = true
-
Whether to log the user in. If false, we'll only test the credentials and won't modify the current session. Defaults to true.
Return values
bool —Whether or not the credentials are valid.
exists()
Checks if $userId exists in the system.
public
exists(string $userId) : bool
Parameters
- $userId : string
-
User ID for which to check
Return values
bool —Whether or not $userId already exists.
getCredential()
Returns internal credential value(s).
public
getCredential([mixed $name = null ]) : mixed
Parameters
- $name : mixed = null
-
The credential value to get. If null, will return the entire credential list. Valid names:
- 'change': (boolean) Do credentials need to be changed?
- 'credentials': (array) The credentials needed to authenticate.
- 'expire': (integer) UNIX timestamp of the credential expiration date.
- 'userId': (string) The user ID.
Return values
mixed —The credential information, or null if the credential doesn't exist.
getError()
Returns the error type or message for an invalid authentication.
public
getError([bool $msg = false ]) : mixed
Parameters
- $msg : bool = false
-
If true, returns the message string (if set).
Return values
mixed —Error type, error message (if $msg is true) or false if entry doesn't exist.
getParam()
Returns the named parameter for the current auth driver.
public
getParam(string $param) : string
Parameters
- $param : string
-
The parameter to fetch.
Return values
string —The parameter's value, or null if it doesn't exist.
hasCapability()
Queries the current driver to find out if it supports the given capability.
public
hasCapability(string $capability) : bool
Parameters
- $capability : string
-
The capability to test for.
Return values
bool —Whether or not the capability is supported.
isLocked()
Returns whether a user is currently locked.
public
isLocked(string $userId[, bool $show_details = false ]) : bool|array<string|int, mixed>
Parameters
- $userId : string
-
The user to check.
- $show_details : bool = false
-
Return timeout too?
Tags
Return values
bool|array<string|int, mixed> —If $show_details is a true, an array with 'locked' and 'lock_timeout' values. Whether the user is locked, otherwise.
listUsers()
Lists all users in the system.
public
listUsers([bool $sort = false ]) : mixed
Parameters
- $sort : bool = false
-
Sort the users?
Tags
Return values
mixed —The array of userIds.
lockUser()
Locks a user indefinitely or for a specified time.
public
lockUser(string $userId, int $time) : mixed
Parameters
- $userId : string
-
The user to lock.
- $time : int
-
The duration in minutes, 0 = permanent.
Tags
Return values
mixed —removeUser()
Remove a set of authentication credentials.
public
removeUser(string $accountName[, string $dn = null ]) : mixed
Parameters
- $accountName : string
-
The user sAMAccountName to remove.
- $dn : string = null
-
TODO
Tags
Return values
mixed —resetPassword()
Reset a user's password. Used for example when the user does not remember the existing password.
public
resetPassword(string $user_id) : string
Parameters
- $user_id : string
-
The user id for which to reset the password.
Tags
Return values
string —The new password on success.
searchUsers()
Searches the users for a substring.
public
searchUsers(string $search) : array<string|int, mixed>
Parameters
- $search : string
-
The search term.
Tags
Return values
array<string|int, mixed> —A list of all matching users.
setCredential()
Sets an internal credential value.
public
setCredential(string $type, mixed $value) : mixed
Parameters
- $type : string
-
The credential name to set. See getCredential() for the list of valid credentials/types.
- $value : mixed
-
The credential value to set.
Return values
mixed —setError()
Sets the error message for an invalid authentication.
public
setError(string $type[, string $msg = null ]) : mixed
Parameters
- $type : string
-
The type of error (Horde_Auth::REASON_* constant).
- $msg : string = null
-
The error message/reason for invalid authentication.
Return values
mixed —transparent()
Automatic authentication.
public
transparent() : bool
Transparent authentication should set 'userId', 'credentials', or 'params' in $this->_credentials as needed - these values will be used to set the credentials in the session.
Transparent authentication should normally never throw an error - false should be returned.
Tags
Return values
bool —Whether transparent login is supported.
unlockUser()
Unlocks a user and optionally resets the bad login count.
public
unlockUser(string $userId[, bool $resetBadLogins = false ]) : mixed
Parameters
- $userId : string
-
The user to unlock.
- $resetBadLogins : bool = false
-
Reset bad login counter?
Tags
Return values
mixed —updateUser()
Update a set of authentication credentials.
public
updateUser(string $oldId, string $newId, array<string|int, mixed> $credentials[, string $olddn = null ][, string $newdn = null ]) : mixed
Parameters
- $oldId : string
-
The old userId.
- $newId : string
-
The new userId.
- $credentials : array<string|int, mixed>
-
The new credentials.
- $olddn : string = null
-
The old user DN.
- $newdn : string = null
-
The new user DN.
Tags
Return values
mixed —validateAuth()
Checks for triggers that may invalidate the current auth.
public
validateAuth() : bool
These triggers are independent of the credentials.
Return values
bool —True if the results of authenticate() are still valid.
_authenticate()
Authentication stub.
protected
abstract _authenticate(string $userId, array<string|int, mixed> $credentials) : mixed
On failure, Horde_Auth_Exception should pass a message string (if any) in the message field, and the Horde_Auth::REASON_* constant in the code field (defaults to Horde_Auth::REASON_MESSAGE).
Parameters
- $userId : string
-
The userID to check.
- $credentials : array<string|int, mixed>
-
An array of login credentials.
Tags
Return values
mixed —_badLogin()
Handles a bad login.
protected
_badLogin(string $userId) : mixed
Parameters
- $userId : string
-
The user with a bad login.
Tags
Return values
mixed —_connect()
Does an ldap connect and binds as the guest user.
protected
_connect() : mixed
Tags
Return values
mixed —_findDN()
Find the user dn
protected
_findDN(string $userId) : string
Parameters
- $userId : string
-
The user UID to find.
Return values
string —The user's full DN
_lookupShadow()
Checks for shadowLastChange and shadowMin/Max support and returns their values. We will also check for pwdLastSet if Active Directory is support is requested. For this check to succeed we need to be bound to the directory.
protected
_lookupShadow(string $dn) : array<string|int, mixed>
Parameters
- $dn : string
-
The dn of the user.
Return values
array<string|int, mixed> —Array with keys being "shadowlastchange", "shadowmin" "shadowmax", "shadowwarning" and containing their respective values or false for no support.
_resetBadLogins()
Resets the bad login counter.
protected
_resetBadLogins(string $userId) : mixed
Parameters
- $userId : string
-
The user to reset.
Tags
Return values
mixed —_sort()
Basic sort implementation.
protected
_sort(array<string|int, mixed> $users, bool $sort) : array<string|int, mixed>
If the backend has listUsers and doesn't have a native sorting option, fall back to this method.
Parameters
- $users : array<string|int, mixed>
-
An array of usernames.
- $sort : bool
-
Whether to sort or not.
Return values
array<string|int, mixed> —the users, sorted or not