1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Test script functions for testing ldap functionality outside of Drupal.
|
6
|
*/
|
7
|
|
8
|
error_reporting(E_ALL | E_STRICT);
|
9
|
set_time_limit(0);
|
10
|
ini_set("display_errors", 1);
|
11
|
ini_set("max_execution_time", 0);
|
12
|
|
13
|
define('LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT', 1);
|
14
|
define('LDAP_SERVERS_BIND_METHOD_ANON', 3);
|
15
|
|
16
|
define('LDAP_FAIL', -1);
|
17
|
|
18
|
define('LDAP_SUCCESS', 0x00);
|
19
|
define('LDAP_OPERATIONS_ERROR', 0x01);
|
20
|
define('LDAP_PROTOCOL_ERROR', 0x02);
|
21
|
define('LDAP_TIMELIMIT_EXCEEDED', 0x03);
|
22
|
define('LDAP_SIZELIMIT_EXCEEDED', 0x04);
|
23
|
define('LDAP_COMPARE_FALSE', 0x05);
|
24
|
define('LDAP_COMPARE_TRUE', 0x06);
|
25
|
define('LDAP_AUTH_METHOD_NOT_SUPPORTED', 0x07);
|
26
|
define('LDAP_STRONG_AUTH_REQUIRED', 0x08);
|
27
|
|
28
|
// Not used in LDAPv3.
|
29
|
define('LDAP_PARTIAL_RESULTS', 0x09);
|
30
|
|
31
|
// Next 5 new in LDAPv3.
|
32
|
define('LDAP_REFERRAL', 0x0a);
|
33
|
define('LDAP_ADMINLIMIT_EXCEEDED', 0x0b);
|
34
|
define('LDAP_UNAVAILABLE_CRITICAL_EXTENSION', 0x0c);
|
35
|
define('LDAP_CONFIDENTIALITY_REQUIRED', 0x0d);
|
36
|
define('LDAP_SASL_BIND_INPROGRESS', 0x0e);
|
37
|
|
38
|
define('LDAP_NO_SUCH_ATTRIBUTE', 0x10);
|
39
|
define('LDAP_UNDEFINED_TYPE', 0x11);
|
40
|
define('LDAP_INAPPROPRIATE_MATCHING', 0x12);
|
41
|
define('LDAP_CONSTRAINT_VIOLATION', 0x13);
|
42
|
define('LDAP_TYPE_OR_VALUE_EXISTS', 0x14);
|
43
|
define('LDAP_INVALID_SYNTAX', 0x15);
|
44
|
|
45
|
define('LDAP_NO_SUCH_OBJECT', 0x20);
|
46
|
define('LDAP_ALIAS_PROBLEM', 0x21);
|
47
|
define('LDAP_INVALID_DN_SYNTAX', 0x22);
|
48
|
|
49
|
define('LDAP_IS_LEAF', 0x23);
|
50
|
define('LDAP_ALIAS_DEREF_PROBLEM', 0x24);
|
51
|
|
52
|
define('LDAP_INAPPROPRIATE_AUTH', 0x30);
|
53
|
define('LDAP_INVALID_CREDENTIALS', 0x31);
|
54
|
define('LDAP_INSUFFICIENT_ACCESS', 0x32);
|
55
|
define('LDAP_BUSY', 0x33);
|
56
|
define('LDAP_UNAVAILABLE', 0x34);
|
57
|
define('LDAP_UNWILLING_TO_PERFORM', 0x35);
|
58
|
define('LDAP_LOOP_DETECT', 0x36);
|
59
|
|
60
|
define('LDAP_SORT_CONTROL_MISSING', 0x3C);
|
61
|
define('LDAP_INDEX_RANGE_ERROR', 0x3D);
|
62
|
|
63
|
define('LDAP_NAMING_VIOLATION', 0x40);
|
64
|
define('LDAP_OBJECT_CLASS_VIOLATION', 0x41);
|
65
|
define('LDAP_NOT_ALLOWED_ON_NONLEAF', 0x42);
|
66
|
define('LDAP_NOT_ALLOWED_ON_RDN', 0x43);
|
67
|
define('LDAP_ALREADY_EXISTS', 0x44);
|
68
|
define('LDAP_NO_OBJECT_CLASS_MODS', 0x45);
|
69
|
define('LDAP_RESULTS_TOO_LARGE', 0x46);
|
70
|
|
71
|
// Next two for LDAPv3.
|
72
|
define('LDAP_AFFECTS_MULTIPLE_DSAS', 0x47);
|
73
|
define('LDAP_OTHER', 0x50);
|
74
|
|
75
|
// Used by some APIs.
|
76
|
define('LDAP_SERVER_DOWN', 0x51);
|
77
|
define('LDAP_LOCAL_ERROR', 0x52);
|
78
|
define('LDAP_ENCODING_ERROR', 0x53);
|
79
|
define('LDAP_DECODING_ERROR', 0x54);
|
80
|
define('LDAP_TIMEOUT', 0x55);
|
81
|
define('LDAP_AUTH_UNKNOWN', 0x56);
|
82
|
define('LDAP_FILTER_ERROR', 0x57);
|
83
|
define('LDAP_USER_CANCELLED', 0x58);
|
84
|
define('LDAP_PARAM_ERROR', 0x59);
|
85
|
define('LDAP_NO_MEMORY', 0x5a);
|
86
|
|
87
|
// Preliminary LDAPv3 codes.
|
88
|
define('LDAP_CONNECT_ERROR', 0x5b);
|
89
|
define('LDAP_NOT_SUPPORTED', 0x5c);
|
90
|
define('LDAP_CONTROL_NOT_FOUND', 0x5d);
|
91
|
define('LDAP_NO_RESULTS_RETURNED', 0x5e);
|
92
|
define('LDAP_MORE_RESULTS_TO_RETURN', 0x5f);
|
93
|
define('LDAP_CLIENT_LOOP', 0x60);
|
94
|
define('LDAP_REFERRAL_LIMIT_EXCEEDED', 0x61);
|
95
|
|
96
|
define('LDAP_SCRIPTS_COMMAND_LINE_WARNING', "Warning: PHP from the command line may have different PHP versions, php.ini files, and security context than running in a webserver context. This may produce false test results since Drupal LDAP Modules are run in the web server context.");
|
97
|
|
98
|
require_once 'config.inc';
|
99
|
|
100
|
/**
|
101
|
*
|
102
|
*/
|
103
|
function ldap_help_connect($address, $port, $tls, $test = FALSE) {
|
104
|
|
105
|
if ($test) {
|
106
|
// Test for ldap extensions that don't actually connect until bind.
|
107
|
$false_con = ldap_connect("fakehostname.sdfserewerdfsdf.com", 389);
|
108
|
if (ldap_errno($false_con) == LDAP_SUCCESS) {
|
109
|
$con = ldap_connect($address, $port);
|
110
|
return [LDAP_OTHER, "ldap_connect does not actually connect until bind with installed extension, so connect is not a valid test.", $con];
|
111
|
}
|
112
|
}
|
113
|
|
114
|
$con = ldap_connect($address, $port);
|
115
|
|
116
|
if (!$con || ldap_errno($con) != LDAP_SUCCESS) {
|
117
|
$err = ldap_errno($con) . ":" . ldap_error($con) . ":" . ldap_err2str(ldap_errno($con)) . "!";
|
118
|
return [LDAP_CONNECT_ERROR, "LDAP Connect failure to $address : $port. $err"];
|
119
|
}
|
120
|
|
121
|
// Use TLS if we are configured and able to.
|
122
|
if ($tls) {
|
123
|
ldap_get_option($con, LDAP_OPT_PROTOCOL_VERSION, $vers);
|
124
|
if ($vers == -1) {
|
125
|
return [LDAP_PROTOCOL_ERROR, "Could not get LDAP protocol version."];
|
126
|
}
|
127
|
if ($vers != 3) {
|
128
|
return [LDAP_CONNECT_ERROR, 'Could not start TLS, only supported by LDAP v3.'];
|
129
|
}
|
130
|
elseif (!function_exists('ldap_start_tls')) {
|
131
|
return [LDAP_CONNECT_ERROR, 'Could not start TLS. It does not seem to be supported by this PHP setup.'];
|
132
|
}
|
133
|
elseif (!ldap_start_tls($con)) {
|
134
|
return [LDAP_CONNECT_ERROR, "Could not start TLS. (Error " . ldap_errno($con) . ":" . ldap_error($con) . ")."];
|
135
|
}
|
136
|
}
|
137
|
|
138
|
return [LDAP_SUCCESS, "Successful Connection!", $con];
|
139
|
}
|
140
|
|
141
|
/**
|
142
|
*
|
143
|
*/
|
144
|
function ldap_help_show_error($con) {
|
145
|
return "\nLDAP Error Number: " . ldap_errno($con) . "\nLDAP Error Description: " . ldap_error($con);
|
146
|
}
|
147
|
|
148
|
/**
|
149
|
*
|
150
|
*/
|
151
|
function ldap_help_display($title, $value = NULL) {
|
152
|
if (is_array($value)) {
|
153
|
echo "\n" . $title;
|
154
|
foreach ($title as $subtitle => $subvalue) {
|
155
|
ldap_help_display($subtitle, $subvalue);
|
156
|
}
|
157
|
}
|
158
|
if (!$title && $value) {
|
159
|
echo "\n" . $value;
|
160
|
}
|
161
|
elseif ((int) $title === $title) {
|
162
|
echo "\n" . $value;
|
163
|
}
|
164
|
else {
|
165
|
echo "\n" . "$title: $value";
|
166
|
}
|
167
|
|
168
|
}
|
169
|
|
170
|
/**
|
171
|
* Disconnect (unbind) from an active LDAP server.
|
172
|
*/
|
173
|
function ldap_help_disconnect(&$con) {
|
174
|
if (!$con) {
|
175
|
// Never bound or not currently bound, so no need to disconnect.
|
176
|
}
|
177
|
else {
|
178
|
ldap_help_disconnect($con);
|
179
|
$con = NULL;
|
180
|
}
|
181
|
}
|
182
|
|
183
|
/**
|
184
|
* Parse php modules from phpinfo .*/
|
185
|
function ldap_help_parsePHPModules() {
|
186
|
ob_start();
|
187
|
phpinfo(INFO_MODULES);
|
188
|
$s = ob_get_contents();
|
189
|
ob_end_clean();
|
190
|
$matches = [];
|
191
|
preg_match_all("/(\nLDAP Support.*Vendor Version[^\n]*?).*$/iDsU", $s, $matches);
|
192
|
return isset($matches[1][0]) ? "\nphpinfo() LDAP Info:" . $matches[1][0] : '';
|
193
|
}
|
194
|
|
195
|
/**
|
196
|
*
|
197
|
*/
|
198
|
function ldap_help_encodePassword($password) {
|
199
|
$password = "\"" . $password . "\"";
|
200
|
$encoded = "";
|
201
|
for ($i = 0; $i < strlen($password); $i++) {
|
202
|
$encoded .= "{$password[$i]}\000";
|
203
|
}
|
204
|
return $encoded;
|
205
|
}
|