0.8.1-rc1/balance/lib/pear/Providers/Authorization/LDAPAuthorizationProvider.class.php - oodt - Git at Google

 <?php
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /**
  *
  * OODT Balance
  * Web Application Base Framework
  *
  * IApplicationAuthenticationProvider defines an interface that should be
  * implemented by all authentication providers to simplify the process of
  * accessing and retrieving information about the underlying system.
  *
  * The interface defines five mandatory functions:
  *    - __construct: Provide any necessary configuration information but do
  *               not actually establish a connection to the underlying system.
  *    - connect: This function does the work of actually connecting to the
  *               underlying system. Options can be provided either here or in
  *               the constructor arguments (or both), but the connection to the
  *               underlying system should not be initiated until this function
  *               is invoked.
  *    - disconnect: Disconnect from the underlying system, performing any
  *               necessary clean up operations in the process.
  *    - checkLogin: Check if a valid user has logged in.
  *    - login:   Determine the ability to gain access to the underlying system
  *    			 as a legitimate user. The requirements are a valid username
  *    			 (or user ID) and password.
  *    - logout:  Ending the user's session to the underlying system.
  *
  *
  *   Framework implementations of common authentication providers can be found in:
  *   {LIB}/classes/authenticationProviders   and should be named FooAuthenticationProvider.class.php.
  *   Framework authentication providers can be invoked by doing:
  *          $app->GetAuthenticationProvider('FooAuthenticationProvider');
  *
  *   Custom authentication providers should be placed in:
  *   {HOME}/classes/authenticationProviders  and should be named FooAuthenticationProvider.class.php.
  *   Custom authentication providers can be invoked by doing:
  *          $app->GetAuthenticationProvider('foo',true); // true --> custom
  *
  * @author s.khudikyan
  *
  */

 class Org_Apache_Oodt_Balance_Providers_Authorization_LDAPAuthorizationProvider
 	implements Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider {

 	/**
 	 * If authorization config file exists, require(file_name) file
 	 */
 	public function __construct() {
 		// Set LDAP constants
 		define("AUTH_BASE_DN",   App::Get()->settings['authorization_ldap_base_dn']);
 		define("AUTH_GROUPS_DN", App::Get()->settings['authorization_ldap_group_dn']);
 		define("AUTH_LDAP_HOST", App::Get()->settings['authorization_ldap_host']);
 		define("AUTH_LDAP_PORT", App::Get()->settings['authorization_ldap_port']);
 	}

 	public function retrieveGroupsForUser($username,$searchDirectory = AUTH_GROUPS_DN) {

 		// attempt to connect to ldap server
 		$ldapconn = $this->connect(AUTH_LDAP_HOST,AUTH_LDAP_PORT);
 		$groups   = array();
 		if ($ldapconn) {
 			$filter = "(&(objectClass=groupOfUniqueNames)"
 				."(uniqueMember=uid={$username}," . AUTH_BASE_DN . "))";
 			$result = ldap_search($ldapconn,$searchDirectory,$filter,array('cn'));

 			if ($result) {
 				$entries = ldap_get_entries($ldapconn,$result);
 				foreach ($entries as $rawGroup) {
 					if (isset($rawGroup['cn'][0])
 					&& $rawGroup['cn'][0] != '') {
 						$groups[] = $rawGroup['cn'][0];
 					}
 				}
 			}
 		}
 		return $groups;
 	}

 	public function connect() {
 		if ($conn = ldap_connect(func_get_arg(0),func_get_arg(1))) {
 			// Connection established
 			$this->connectionStatus = 1;
 			ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
 			ldap_set_option($conn, LDAP_OPT_DEBUG_LEVEL, 7);
 			ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
 			$this->conn = $conn;
 			return $conn;
 		} else {
 			// Connection failed
 			return false;
 		}
 	}
 }
	<?php
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	/**
	*
	* OODT Balance
	* Web Application Base Framework
	*
	* IApplicationAuthenticationProvider defines an interface that should be
	* implemented by all authentication providers to simplify the process of
	* accessing and retrieving information about the underlying system.
	*
	* The interface defines five mandatory functions:
	* - __construct: Provide any necessary configuration information but do
	* not actually establish a connection to the underlying system.
	* - connect: This function does the work of actually connecting to the
	* underlying system. Options can be provided either here or in
	* the constructor arguments (or both), but the connection to the
	* underlying system should not be initiated until this function
	* is invoked.
	* - disconnect: Disconnect from the underlying system, performing any
	* necessary clean up operations in the process.
	* - checkLogin: Check if a valid user has logged in.
	* - login: Determine the ability to gain access to the underlying system
	* as a legitimate user. The requirements are a valid username
	* (or user ID) and password.
	* - logout: Ending the user's session to the underlying system.
	*
	*
	* Framework implementations of common authentication providers can be found in:
	* {LIB}/classes/authenticationProviders and should be named FooAuthenticationProvider.class.php.
	* Framework authentication providers can be invoked by doing:
	* $app->GetAuthenticationProvider('FooAuthenticationProvider');
	*
	* Custom authentication providers should be placed in:
	* {HOME}/classes/authenticationProviders and should be named FooAuthenticationProvider.class.php.
	* Custom authentication providers can be invoked by doing:
	* $app->GetAuthenticationProvider('foo',true); // true --> custom
	*
	* @author s.khudikyan
	*
	*/

	class Org_Apache_Oodt_Balance_Providers_Authorization_LDAPAuthorizationProvider
	implements Org_Apache_Oodt_Balance_Interfaces_IApplicationAuthorizationProvider {

	/**
	* If authorization config file exists, require(file_name) file
	*/
	public function __construct() {
	// Set LDAP constants
	define("AUTH_BASE_DN", App::Get()->settings['authorization_ldap_base_dn']);
	define("AUTH_GROUPS_DN", App::Get()->settings['authorization_ldap_group_dn']);
	define("AUTH_LDAP_HOST", App::Get()->settings['authorization_ldap_host']);
	define("AUTH_LDAP_PORT", App::Get()->settings['authorization_ldap_port']);
	}

	public function retrieveGroupsForUser($username,$searchDirectory = AUTH_GROUPS_DN) {

	// attempt to connect to ldap server
	$ldapconn = $this->connect(AUTH_LDAP_HOST,AUTH_LDAP_PORT);
	$groups = array();
	if ($ldapconn) {
	$filter = "(&(objectClass=groupOfUniqueNames)"
	."(uniqueMember=uid={$username}," . AUTH_BASE_DN . "))";
	$result = ldap_search($ldapconn,$searchDirectory,$filter,array('cn'));

	if ($result) {
	$entries = ldap_get_entries($ldapconn,$result);
	foreach ($entries as $rawGroup) {
	if (isset($rawGroup['cn'][0])
	&& $rawGroup['cn'][0] != '') {
	$groups[] = $rawGroup['cn'][0];
	}
	}
	}
	}
	return $groups;
	}

	public function connect() {
	if ($conn = ldap_connect(func_get_arg(0),func_get_arg(1))) {
	// Connection established
	$this->connectionStatus = 1;
	ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
	ldap_set_option($conn, LDAP_OPT_DEBUG_LEVEL, 7);
	ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
	$this->conn = $conn;
	return $conn;
	} else {
	// Connection failed
	return false;
	}
	}
	}