php,ldap登录例子


Class UserDaoLadp{
	
	// 服务器的配置信息
	private $ldap_server='ldap://192.168.1.200:389/';
	private $ldap_protocol_version='3';
	private $ldap_follow_referrals=1;
	private $ldap_bind_dn='root';
	private $ldap_bind_passwd='pwd1';
	// 搜索用户的配置信息
	private $ldap_organization='';
	private $ldap_root_dn='OU=developer,OU=dept,DC=xxx,DC=com';
	private $ldap_uid_field='sAMAccountName';
	
	public function __construct($config){
		foreach ($config as $key=>$value){
			$this->{$key} = $value;
		}
	}
	
	private function ldap_escape_string( $p_string ) {
		$t_find = array( '\\', '*', '(', ')', '/', "\x00" );
		$t_replace = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );
		$t_string = str_replace( $t_find, $t_replace, $p_string );
		return $t_string;
	}
	
	private function ldap_error_msg_normalize( $p_ds ) {
		return "ERROR #" . ldap_errno( $p_ds ) . ": " . ldap_error( $p_ds );
	}
	
	/**
	 * 管理尝试绑定
	 */
	private function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
		
		// 连接ldap
		$t_ldap_server = $this->ldap_server;
		$t_ds = @ldap_connect( $t_ldap_server );
		if ( $t_ds === false || $t_ds <= 0 ) {
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 设置协议版本
		$t_protocol_version = $this->ldap_protocol_version;
		if( $t_protocol_version > 0 ) {
			$t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
			if( !$t_result ) {
				throw new \Exception($this->ldap_error_msg_normalize($t_ds));
			}
		}
		
		// 设置follow_referrals
		$t_follow_referrals = ON ==  $this->ldap_follow_referrals;
		$t_result = @ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, $t_follow_referrals );
		if( !$t_result ) {
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 使用账户、密码登录
		if( !empty( $p_binddn ) && !empty( $p_password ) ) {
			$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
		}
		else{
			$t_br = @ldap_bind( $t_ds );
		}
			
		if ( !$t_br ) {
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		return $t_ds;
	}
	
	/**
	 * 取得用户指定字段的信息
	 */
	public function ldap_get_field_from_username( $p_username, $p_field ) {
		$t_ldap_organization = $this->ldap_organization;
		$t_ldap_root_dn = $this->ldap_root_dn;
		$t_ldap_uid_field = $this->ldap_uid_field;
		
		$c_username = $this->ldap_escape_string( $p_username );
		
		// 绑定
		$t_ds = @ldap_connect_bind();
		if ( $t_ds === false ) {
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 搜索指定账户
		$t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";
		$t_search_attrs         = array( $t_ldap_uid_field, $p_field, 'dn' );
// 		$t_sr = @ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName',$p_field,'dn') );
		$t_sr = @ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		if ( $t_sr === false ) {
			ldap_log_error( $t_ds );
			ldap_unbind( $t_ds );
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 结果集
		$t_info = ldap_get_entries( $t_ds, $t_sr );
		if ( $t_info === false ) {
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}

		// 释放结果集和绑定
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );
		
		// 没有结果集
		if ( count( $t_info ) == 0 ) {
			return null;
		}
		if( is_array($t_info[0]) && array_key_exists( $p_field, $t_info[0] ) ) {
			return $t_info[0][$p_field][0];
		} else {
			return null;
		}
	}
	
	/**
	 * 用户登录
	 */
	private function ldap_authenticate_by_username($p_username, $p_password) {
		
		$t_ldap_organization = $this->ldap_organization;
		$t_ldap_root_dn = $this->ldap_root_dn;
		$t_ldap_uid_field = $this->ldap_uid_field;
		
		$c_username = $this->ldap_escape_string($p_username);
		
		// 管理员进行绑定
		$t_ds = $this->ldap_connect_bind($this->ldap_bind_dn,$this->ldap_bind_passwd);
		if($t_ds === false){
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 搜索指定账户
		$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";
		$t_search_attrs = array($t_ldap_uid_field,'dn');
// 		$t_sr = ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName','dn') );
		$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
		if ( $t_sr === false ) {
			ldap_unbind( $t_ds );
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 取得匹配的实体列表
		$t_info = @ldap_get_entries( $t_ds, $t_sr );
		if ( $t_info === false ) {
			ldap_free_result( $t_sr );
			ldap_unbind( $t_ds );
			throw new \Exception($this->ldap_error_msg_normalize($t_ds));
		}
		
		// 使用搜索到的账号绑定
		$t_authenticated = false;
		if ( $t_info['count'] > 0 ) {
			// 对匹配到的所有账号,进行尝试绑定
			for ( $i = 0; $i < $t_info['count']; $i++ ) {
				$t_dn = $t_info[$i]['dn'];
				//  普通用户尝试绑定
				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
					$t_authenticated = true;
					break;
				}
			}
		} else {
			return false;
		}
		
		ldap_free_result( $t_sr );
		ldap_unbind( $t_ds );
		return $t_authenticated;
	}
	
	/**
	 * 测试登录
	 */
	public function identify($account, $password) {
		if( !extension_loaded( 'ldap' ) ) {
			throw new \Exception('ldap extension is not loaded.');
		}
		if(!$this->ldap_authenticate_by_username($account,$password)){
			return false;
		}
		return true;
	}
}

例子

$config = array(
	// 服务器的配置信息
	'ldap_server'=>'ldap://192.168.1.200:389/',
	'ldap_protocol_version'=>'3',
	'ldap_follow_referrals'=>1,
	'ldap_bind_dn'=>'root',
	'ldap_bind_passwd'=>'pwd1',

	// 搜索用户的配置信息
	'ldap_organization'=>'',
	'ldap_root_dn'=>'OU=developer,OU=dept,DC=xxx,DC=com',
	'ldap_uid_field'=>'sAMAccountName',
);
$userDaoLadp = new UserDaoLadp($config);
$username = 'developer1';
$password = 'pwd1';
try {
	if($userDaoLadp->identify($username, $password)){
		$unionid = $userDaoLadp->ldap_get_field_from_username($username,'unionid');
		// 	$sql = "select * from user_table where unionid='".$unionid."'";
		// 	$_SESSION['userinfo'] = $userInfo;
		return true;
	}
	else{
		return false;
	}
} catch (\Exception $e) {
	return false;
}





你可能感兴趣的:(PHP,php,ldap)