[unlcms#955] Update LDAP parts of unl_cas to use native PHP ldap func…

…tions rather than NMC's Unl_Ldap
ericras · Dec 11, 2019 · 84f5ad1 · 84f5ad1
1 parent 619d2a9
commit 84f5ad1
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 17 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -1,9 +1,6 @@
 [submodule "vendor/WDN-TinyMCE"]
   path = vendor/WDN-TinyMCE
   url = [email protected]:iim/TinyMCE.git
-[submodule "vendor/NmcFramework"]
-  path = vendor/NmcFramework
-  url = [email protected]:UNL-Information-Services/NMC-PHP-Framework.git
 [submodule "sites/all/modules/diff"]
   path = sites/all/modules/diff
   url = http://git.drupal.org/project/diff.git

diff --git a/sites/all/modules/unl_cas/unl_cas.module b/sites/all/modules/unl_cas/unl_cas.module
@@ -199,8 +199,18 @@ function unl_cas_login_authenticate($form, &$form_state) {
   $password = trim($form_state['values']['pass']);
 
   try {
-    $ldap = new Unl_Ldap(unl_cas_get_setting('ldap_uri'));
-    $ldap->bind('uid=' . $username . ',ou=people,dc=unl,dc=edu', $password);
+    $ldap_connection = ldap_connect(unl_cas_get_setting('ldap_uri'));
+    if ($ldap_connection === FALSE) {
+      throw new Exception('Unable to connect to the LDAP server');
+    }
+    ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
+    // Check for an actual connection.
+    @ldap_start_tls($ldap_connection);
+    if (ldap_errno($ldap_connection) == -1) {
+      throw new Exception('Could not connect to LDAP Server', -1);
+    }
+    @ldap_bind($ldap_connection, 'uid=' . $username . ',ou=people,dc=unl,dc=edu', $password);
+
     $account = unl_cas_import_user($username);
     $form_state['uid'] = $account->uid;
   } catch (Exception $e) {
@@ -288,19 +298,36 @@ function unl_cas_user_logout($account) {
   $cas->logout(url('<front>', array('absolute' => TRUE)));
 }
 
-function unl_cas_get_user_record($username) {$result=0;
+function unl_cas_get_user_record($username) {
+  $result = 0;
   // First, try getting the info from LDAP.
-//  try {
-//    $ldap = new Unl_Ldap(unl_cas_get_setting('ldap_uri'));
-//    $ldap->bind(unl_cas_get_setting('ldap_dn'), unl_cas_get_setting('ldap_password'));
-//    $results = $ldap->search('ou=people,dc=unl,dc=edu', 'sAMAccountName=' . $username);
-//    if (count($results) > 0) {
-//      $result = $results[0];
-//    }
-//  }
-//  catch (Exception $e) {
-//    // don't do anything, just go on to try the PeopleFinder method
-//  }
+  try {
+    $ldap_connection = ldap_connect(unl_cas_get_setting('ldap_uri'));
+    if ($ldap_connection === FALSE) {
+      throw new Exception('Unable to connect to the LDAP server');
+    }
+    ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
+    ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
+
+    // Check for an actual connection.
+    @ldap_start_tls($ldap_connection);
+    if (ldap_errno($ldap_connection) == -1) {
+      throw new Exception('Could not connect to LDAP Server', -1);
+    }
+
+    if (@ldap_bind($ldap_connection, unl_cas_get_setting('ldap_dn'), unl_cas_get_setting('ldap_password')) === TRUE) {
+      $results = _unl_cas_ldap_search($ldap_connection, 'ou=people,dc=unl,dc=edu', 'sAMAccountName=' . $username);
+      if (count($results) > 0) {
+        $result = $results[0];
+      }
+    }
+    else {
+      throw new Exception('Unable to LDAP bind: ' . ldap_error($ldap_connection), ldap_errno($ldap_connection));
+    }
+  }
+  catch (Exception $e) {
+    // don't do anything, just go on to try the PeopleFinder method
+  }
 
   // Next, if LDAP didn't work, try PeopleFinder service...
   $json = unl_url_get_contents('https://directory.unl.edu/service.php?format=json&uid=' . $username);
@@ -515,3 +542,40 @@ function unl_cas_tokens($type, $tokens, array $data = array(), array $options =
 
   return $replacements;
 }
+
+function _unl_cas_ldap_search($ldap_connection, $base_dn, $filter) {
+  $result = @ldap_search($ldap_connection, $base_dn, $filter);
+  if ($result === FALSE) {
+    throw new Exception('LDAP search failed: ' . ldap_error($this->_conn));
+  }
+
+  $referrals = null;
+  $matcheddn = null;
+  $errmsg = null;
+  $errcode = null;
+  if (ldap_parse_result($ldap_connection, $result, $errcode, $matcheddn, $errmsg, $referrals)) {
+    if ($errcode !== 0) {
+      throw new Exception('Error retrieving results: ' . ldap_err2str($errcode));
+    }
+  }
+  else {
+    throw new Exception('Error retrieving results: ' . ldap_error($this->_conn));
+  }
+
+  $entries = ldap_get_entries($ldap_connection, $result);
+  if ($result === FALSE) {
+    throw new Exception('Error retrieving results: ' . ldap_error($this->_conn));
+  }
+
+  // Strip off redundant data.
+  for ($i = 0; $i < $entries['count']; $i++) {
+    for ($j = 0; $j < $entries[$i]['count']; $j++) {
+      unset($entries[$i][$entries[$i][$j]]['count']);
+      unset($entries[$i][$j]);
+    }
+    unset($entries[$i]['count']);
+  }
+  unset($entries['count']);
+
+  return $entries;
+}