Try CumulusClips Cloud Hosting

LDAP Plugin for CC 2.5

edited March 28 in Customizations
Hey guys, I am not a PRO when it comes to PHP development but I think I've managed to further enhance the LDAP plugin and make it functional with CC 2.5.

Feel free to report feedback, good or bad.

Cheers


<?php

class LDAP extends PluginAbstract
{
public $name = 'LDAP Plugin';
public $description = 'LDAP Authentication';
public $author = 'various';
public $url = 'http://www.cumulusclips.org';
public $version = '1.0.1';

public function load()
{
Plugin::attachEvent('login.end', array($this, 'LDAPCode'));
}

private function handleException($view, $errorMessage)
{
$view->vars->message = $errorMessage;
$view->vars->message_type = "errors";
}

public function LDAPCode($view)
{
if ((isset($_POST['submitted_login'])) && (!(empty($view->vars->username))) && (!(empty($view->vars->password))))
{
$username = $view->vars->username;
$password = $view->vars->password;

$userMapper = new UserMapper();
$userService = new UserService();
$authService = new AuthService();

// To trust selfsigned SSL certs add "TLS_REQCERT never" to /etc/openldap/ldap.conf
$ldapurl = "ldaps://server.mydomain.org:636";
$basedn = "DC=mydomain,DC=org";
$filter = "(sAMAccountName=[username])";
$userdn = $filter;

$ldaprdn = $username . "@mydomain.org";
$ldappass = $password;

if ($authService->validateCredentials($username, $password))
{
# We're authenticated
}
elseif ($ldapconn = ldap_connect($ldapurl))
{
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

// Enable tracing...
// ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

if ($ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass))
{
$search = str_replace("[username]", $username, $userdn);

if (!preg_match('/\((.)*=(.)*\)/',$search))
{
throw new Exception("Failed: search has been used but '$search' is NOT a filter.");
}

if ($result = ldap_search($ldapconn,$basedn,$search))
{
$entries = ldap_get_entries($ldapconn, $result);
$binddn = $entries[0]["dn"];

if ($ldapbind = ldap_bind($ldapconn, $binddn, $view->vars->password))
{
if ($entries)
{
$_SESSION['user'] = $username;
$_SESSION['loggedInUserId'] = $username;
$_SESSION['name'] = $entries[0]["cn"][0];
$_SESSION['email'] = $entries[0]['mail'][0];
$_SESSION['firstname'] = $entries[0]['givenname'][0];
$_SESSION['lastname'] = $entries[0]['sn'][0];
}
ldap_close($ldapconn);

// Creation of local user account if one does not exist
if (!$userMapper->getUserByUsername($username))
{
//Code to create the new user
$user = new User();
$user->username = $username;
$user->password = md5(SECRET_KEY.'PASSWORD');
$user->email = $_SESSION['email'];
$user->firstName = $_SESSION['firstname'];
$user->lastName = $_SESSION['lastname'];
$newUser = $userService->create($user);

//Local user activation
$newUser->status = 'active';
$newUser->lastLogin = date(DATE_FORMAT);
$userMapper->save($newUser);

// Send Admin Alert
if (Settings::Get ('alerts_users') == '1')
{
$subject = 'New Member Registered';
$body = 'A new member has registered.';
$body .= "\n\n=======================================================\n";
$body .= "Username: $user->username\n";
$body .= "Profile URL: " . HOST . "/members/$user->username/\n";
$body .= "=======================================================";
App::Alert ($subject, $body);
}

// $config = Registry::get('config');
// $mailer = new Mailer($config);
// $mailer->setTemplate ('account_approved', array('sitename' => $config->sitename));
// $mailer->Send ($user->email);
}

$user = $userMapper->getUserByCustom(array(
'username' => $username,
'status' => 'active'
));

if ($user)
{
$authService->login($user);
$user->lastLogin = date(DATE_FORMAT);
$userMapper->save($user);
$url = ($view->vars->redirect) ? $view->vars->redirect : HOST . '/account/';
$url = Plugin::triggerFilter('login_redirect', $url);
header('Location: ' . $url);
}
else
{
LDAP::handleException($view, "ERROR: Login Failed (1002)");
}
}
else
{
LDAP::handleException($view, "ERROR: Login Failed (1003)");
}
}
else
{
ldap_close($ldapconn);
LDAP::handleException($view, "ERROR: Could not log you in, please try again.");
}
}
else
{
ldap_close($ldapconn);
LDAP::handleException($view, "ERROR: Inccorect username or password");
}
}
else
{
LDAP::handleException($view, "ERROR: Incorrect LDAP Settings (1004)");
}
}
}
}
?>



Comments

  • This is a great start. May I recommend adding a settings page for your plugin so that users can specify their domain; along with any other user specific value. This way the values aren't hard coded and the user can change them via the Admin Panel.

    Our documentation is lacking when it comes to settings pages for plugins. Follow along the plugin_settings.php file in the admin panel, the PluginAbstract.php, and Plugin.php classes in cc-core/lib. If you have any questions I'm always here to help.
  • Very good plugin. I have problem with some users who have a '-' like "j-doe". But it's normal because the CC username must contain alphanumeric (a-z, 0-9) characters, no spaces or special characters.

    The user is created, but when I go to : http://monserveur/members/j-doe/ I have a 404 not found.

    Thanks.
  • @o71 Please create a seperate post for your issue.
  • Sorry. It's not really a problem, just an information.
Sign In or Register to comment.