Class UserDaoLadp{
// 服务器的配置信息
private $ldap_server='ldap://192.168.1.200:389/';
private $ldap_protocol_version='3';
private $ldap_follow_referrals=1;
private $ldap_bind_dn='root';
private $ldap_bind_passwd='pwd1';
// 搜索用户的配置信息
private $ldap_organization='';
private $ldap_root_dn='OU=developer,OU=dept,DC=xxx,DC=com';
private $ldap_uid_field='sAMAccountName';
public function __construct($config){
foreach ($config as $key=>$value){
$this->{$key} = $value;
}
}
private function ldap_escape_string( $p_string ) {
$t_find = array( '\\', '*', '(', ')', '/', "\x00" );
$t_replace = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );
$t_string = str_replace( $t_find, $t_replace, $p_string );
return $t_string;
}
private function ldap_error_msg_normalize( $p_ds ) {
return "ERROR #" . ldap_errno( $p_ds ) . ": " . ldap_error( $p_ds );
}
/**
* 管理尝试绑定
*/
private function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {
// 连接ldap
$t_ldap_server = $this->ldap_server;
$t_ds = @ldap_connect( $t_ldap_server );
if ( $t_ds === false || $t_ds <= 0 ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 设置协议版本
$t_protocol_version = $this->ldap_protocol_version;
if( $t_protocol_version > 0 ) {
$t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );
if( !$t_result ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
}
// 设置follow_referrals
$t_follow_referrals = ON == $this->ldap_follow_referrals;
$t_result = @ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, $t_follow_referrals );
if( !$t_result ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 使用账户、密码登录
if( !empty( $p_binddn ) && !empty( $p_password ) ) {
$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );
}
else{
$t_br = @ldap_bind( $t_ds );
}
if ( !$t_br ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
return $t_ds;
}
/**
* 取得用户指定字段的信息
*/
public function ldap_get_field_from_username( $p_username, $p_field ) {
$t_ldap_organization = $this->ldap_organization;
$t_ldap_root_dn = $this->ldap_root_dn;
$t_ldap_uid_field = $this->ldap_uid_field;
$c_username = $this->ldap_escape_string( $p_username );
// 绑定
$t_ds = @ldap_connect_bind();
if ( $t_ds === false ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 搜索指定账户
$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";
$t_search_attrs = array( $t_ldap_uid_field, $p_field, 'dn' );
// $t_sr = @ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName',$p_field,'dn') );
$t_sr = @ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
if ( $t_sr === false ) {
ldap_log_error( $t_ds );
ldap_unbind( $t_ds );
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 结果集
$t_info = ldap_get_entries( $t_ds, $t_sr );
if ( $t_info === false ) {
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 释放结果集和绑定
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
// 没有结果集
if ( count( $t_info ) == 0 ) {
return null;
}
if( is_array($t_info[0]) && array_key_exists( $p_field, $t_info[0] ) ) {
return $t_info[0][$p_field][0];
} else {
return null;
}
}
/**
* 用户登录
*/
private function ldap_authenticate_by_username($p_username, $p_password) {
$t_ldap_organization = $this->ldap_organization;
$t_ldap_root_dn = $this->ldap_root_dn;
$t_ldap_uid_field = $this->ldap_uid_field;
$c_username = $this->ldap_escape_string($p_username);
// 管理员进行绑定
$t_ds = $this->ldap_connect_bind($this->ldap_bind_dn,$this->ldap_bind_passwd);
if($t_ds === false){
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 搜索指定账户
$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";
$t_search_attrs = array($t_ldap_uid_field,'dn');
// $t_sr = ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName','dn') );
$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );
if ( $t_sr === false ) {
ldap_unbind( $t_ds );
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 取得匹配的实体列表
$t_info = @ldap_get_entries( $t_ds, $t_sr );
if ( $t_info === false ) {
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
throw new \Exception($this->ldap_error_msg_normalize($t_ds));
}
// 使用搜索到的账号绑定
$t_authenticated = false;
if ( $t_info['count'] > 0 ) {
// 对匹配到的所有账号,进行尝试绑定
for ( $i = 0; $i < $t_info['count']; $i++ ) {
$t_dn = $t_info[$i]['dn'];
// 普通用户尝试绑定
if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
$t_authenticated = true;
break;
}
}
} else {
return false;
}
ldap_free_result( $t_sr );
ldap_unbind( $t_ds );
return $t_authenticated;
}
/**
* 测试登录
*/
public function identify($account, $password) {
if( !extension_loaded( 'ldap' ) ) {
throw new \Exception('ldap extension is not loaded.');
}
if(!$this->ldap_authenticate_by_username($account,$password)){
return false;
}
return true;
}
}
$config = array(
// 服务器的配置信息
'ldap_server'=>'ldap://192.168.1.200:389/',
'ldap_protocol_version'=>'3',
'ldap_follow_referrals'=>1,
'ldap_bind_dn'=>'root',
'ldap_bind_passwd'=>'pwd1',
// 搜索用户的配置信息
'ldap_organization'=>'',
'ldap_root_dn'=>'OU=developer,OU=dept,DC=xxx,DC=com',
'ldap_uid_field'=>'sAMAccountName',
);
$userDaoLadp = new UserDaoLadp($config);
$username = 'developer1';
$password = 'pwd1';
try {
if($userDaoLadp->identify($username, $password)){
$unionid = $userDaoLadp->ldap_get_field_from_username($username,'unionid');
// $sql = "select * from user_table where unionid='".$unionid."'";
// $_SESSION['userinfo'] = $userInfo;
return true;
}
else{
return false;
}
} catch (\Exception $e) {
return false;
}