89 lines
1.4 KiB
PHP
89 lines
1.4 KiB
PHP
<?php defined("SYSPATH") or die("No direct script access.");
|
|
|
|
|
|
/**
|
|
* a plugin to authenticate user accounts on an Active Directory domain controller
|
|
*
|
|
*/
|
|
class pam_ad
|
|
{
|
|
private $adldap;
|
|
private $name;
|
|
private $pass;
|
|
private $auth;
|
|
|
|
|
|
/**
|
|
*
|
|
* @param string $name
|
|
* @param string $pass
|
|
*/
|
|
public function __construct($name, $pass)
|
|
{
|
|
require("adLDAP/adLDAP.php");
|
|
// this will load $options
|
|
require('config.php');
|
|
|
|
$this->name = $name;
|
|
$this->pass = $pass;
|
|
$this->adldap = new adLDAP($options);
|
|
$this->_auth();
|
|
|
|
}
|
|
|
|
/**
|
|
*
|
|
* @return boolean
|
|
*/
|
|
public function isAuth()
|
|
{
|
|
return $this->auth;
|
|
}
|
|
|
|
/**
|
|
*
|
|
* @return object or false
|
|
*/
|
|
public function getAccount()
|
|
{
|
|
return $this->_account();
|
|
}
|
|
|
|
/**
|
|
* perform the AD authentication and set the var auth
|
|
*/
|
|
private function _auth()
|
|
{
|
|
if ($this->adldap->authenticate($this->name, $this->pass)){
|
|
$this->auth = TRUE;
|
|
}
|
|
else {
|
|
$this->auth = FALSE;
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
*
|
|
* @return object or false
|
|
*/
|
|
public function _account()
|
|
{
|
|
$result = $this->adldap->user_info($this->name);
|
|
$user_info = $result[0];
|
|
if (isset($user_info)){
|
|
$account = array(
|
|
'name' => $this->name,
|
|
'full_name' => $user_info['displayname'][0],
|
|
'email' => $user_info['mail'][0],
|
|
);
|
|
return (object) $account;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
}
|
|
|