Skip to content

Commit

Permalink
Improve LDAP connection options (with backwards compatibility)
Browse files Browse the repository at this point in the history 
Rename "hostname" to "host" seeing as it can contain protocol and port
information.
Add starttls parameter.
Update example config to reflect changes.
  • Loading branch information
Thomas Pike committed Jun 16, 2017
1 parent ddd71ce commit d371bb6
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 8 deletions.
5 changes: 4 additions & 1 deletion config/config-sample.ini
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@ username = username
password = password

[ldap]
hostname = ldap.example.com
; Address to connect to LDAP server
host = ldaps://ldap.example.com:636
; Use StartTLS for connection security (recommended if using ldap:// instead of ldaps:// above)
starttls = 0
; LDAP subtree containing USER entries
dn_user = "ou=users,dc=example,dc=com"
; LDAP subtree containing GROUP entries
Expand Down
7 changes: 6 additions & 1 deletion core.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,12 @@
require('powerdns.php');
require('email.php');

$ldap = new LDAP($config['ldap']['hostname'], $config['ldap']['bind_dn'], $config['ldap']['bind_password']);
$ldap = new LDAP(
isset($config['ldap']['host']) ? $config['ldap']['host'] : $config['ldap']['hostname'],
isset($config['ldap']['starttls']) ? $config['ldap']['starttls'] : 1,
$config['ldap']['bind_dn'],
$config['ldap']['bind_password']
);
setup_database();

// Convert all non-fatal errors into exceptions
Expand Down
19 changes: 13 additions & 6 deletions ldap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,27 @@

class LDAP {
private $conn;
private $hostname;
private $host;
private $starttls;
private $bind_dn;
private $bind_password;

public function __construct($hostname, $bind_dn, $bind_password) {
public function __construct($host, $starttls, $bind_dn, $bind_password) {
$this->conn = null;
$this->hostname = $hostname;
$this->host = $host;
$this->starttls = $starttls;
$this->bind_dn = $bind_dn;
$this->bind_password = $bind_password;
}

private function connect() {
$this->conn = ldap_connect($this->hostname);
if(!ldap_start_tls($this->conn)) throw new RuntimeException('Could not initiate TLS connection to LDAP server');
$this->conn = ldap_connect($this->host);
if($this->conn === false) throw new LDAPConnectionFailureException('Invalid LDAP connection settings');
if($this->starttls) {
if(!ldap_start_tls($this->conn)) throw new LDAPConnectionFailureException('Could not initiate TLS connection to LDAP server');
}
if(!empty($this->bind_dn)) {
ldap_bind($this->conn, $this->bind_dn, $this->bind_password);
if(!ldap_bind($this->conn, $this->bind_dn, $this->bind_password)) throw new LDAPConnectionFailureException('Could not bind to LDAP server');
}
}

Expand Down Expand Up @@ -78,3 +83,5 @@ public static function escape($str = '') {
return $str;
}
}

class LDAPConnectionFailureException extends RuntimeException {}

0 comments on commit d371bb6

Please sign in to comment.