<?php
/***********************************************
 * File      :   authLDAP.php
 * Project   :   Z-Push
 * Descr     :   Authenticate user in an Ldap Server
 *               and get required information.
 *               Parameters must be configured in config.php
 *               This program is based on SearchLdap.php from Z-Push project.
 *
 * Created   :   emerson-faria.nobre@serpro.gov.br - 21/feb/2011
 *
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation with the following additional
 * term according to sec. 7:
 *
 * According to sec. 7 of the GNU Affero General Public License, version 3,
 * the terms of the AGPL are supplemented with the following terms:
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * Consult LICENSE file for details
 ************************************************/

require_once("config.php");

class AuthLDAP {
	var $_connection;

	// connect and bind with LDAP server and return UIDNUMBER
	function bind($user,$pwd) {
		if (!function_exists("ldap_connect")) {
			debugLog("AuthLDAP: php-ldap is not installed. Search aborted.");
			return false;
		}

		// connect to LDAP
		$this->_connection = @ldap_connect(LDAP_HOST, LDAP_PORT);
		@ldap_set_option($this->_connection, LDAP_OPT_PROTOCOL_VERSION, 3);

		// Authenticate
		if (constant('ANONYMOUS_BIND') === true) {
			if(! @ldap_bind($this->_connection)) {
				debugLog("AuthLDAP: Could not bind anonymously to server! Search aborted.");
				$this->_connection = false;
				return false;
			}
		}
		else if(! @ldap_bind($this->_connection, LDAP_BIND_USER, LDAP_BIND_PASSWORD)) {
			debugLog("AuthLDAP: Could not bind to server with ADMIN user '".LDAP_BIND_USER."' and given password! Authentication aborted.");
			$this->_connection = false;
			return false;
		}
		$user_attributes = $this->getSearchResults($user);
		if (! $user_attributes or $user_attributes["searchtotal"] !== 1) {
			debugLog("AuthLDAP: Could not retrieve user $user information. Authentication aborted.");
			$this->_connection = false;
			return false;
		}
		if(! @ldap_bind($this->_connection, $user_attributes[0]["DN"], $pwd)) {
			debugLog("AuthLDAP: Could not bind to server with LOGON user '".$user."' and given password! Authentication aborted.");
			$this->_connection = false;
			return false;
		} else return $user_attributes[0]["UIDNUMBER"];
	}

	// perfom the search on the LDAP server
	function getSearchResults($searchquery) {
		global $ldap_field_map;
		if (isset($this->_connection) && $this->_connection !== false) {
			$searchfilter = str_replace("SEARCHVALUE", ",", $searchquery);
		}

		if (isset($this->_connection) && $this->_connection !== false) {
			$searchfilter = str_replace("SEARCHVALUE", $searchquery, LDAP_SEARCH_FILTER);
			$result = @ldap_search($this->_connection, LDAP_SEARCH_BASE, $searchfilter);
			if (!$result) {
				debugLog("AuthLDAP: Error in search query. Search aborted");
				return false;
			}

			// get entry data as array
			$searchresult = ldap_get_entries($this->_connection, $result);

			$items = array();
			$querycnt = $searchresult['count'];
			$items['searchtotal'] = $querycnt;

			foreach ($ldap_field_map as $key=>$value ) {
				if (isset($searchresult[0][$value])) {
					if (is_array($searchresult[0][$value]))
					$items[0][$key] = $searchresult[0][$value][0];
					else
					$items[0][$key] = $searchresult[0][$value];
				}
			}
			return $items;
		}
		else return false;
	}

	function disconnect() {
		if ($this->_connection)
		@ldap_close($this->_connection);

		return true;
	}
}
?>