isAnonBindAllowed()) $anon_bind = isset( $_POST['anonymous_bind'] ) && $_POST['anonymous_bind'] == 'on' ? true : false; else $anon_bind = false; if( ! $anon_bind ) strlen($pass) or pla_error( $lang['password_blank'] ); $save_auth_type = $ldapserver->auth_type; if ($anon_bind) { if (DEBUG_ENABLED) debug_log('Anonymous Login was posted [%s].',4,$anon_bind); $dn = null; $pass = null; /* Checks if the login_attr option is enabled for this host, which allows users to login with a simple username like 'jdoe' rather than the fully qualified DN, 'uid=jdoe,ou=people,,dc=example,dc=com'. */ } elseif ($ldapserver->isLoginAttrEnabled()) { # Is this a login string (printf-style) if( $ldapserver->isLoginStringEnabled() ) { $dn = str_replace( '', $uid, $ldapserver->getLoginString() ); if (DEBUG_ENABLED) debug_log('LoginStringDN: [%s]',3,$dn); } else { # This is a standard login_attr /* Fake the auth_type of config to do searching. This way, the admin can specify the DN to use when searching for the login_attr user. */ $ldapserver->auth_type = 'config'; set_error_handler( 'temp_login_error_handler' ); if ($ldapserver->login_dn) $ldapserver->connect(true,false); else $ldapserver->connect(true,true); restore_error_handler(); if (! empty($ldapserver->login_class)) $filter = sprintf('(&(objectClass=%s)(%s=%s))',$ldapserver->login_class,$ldapserver->login_attr,$uid); else $filter = sprintf('%s=%s',$ldapserver->login_attr,$uid); # Got through each of the BASE DNs and test the login. foreach ($ldapserver->getBaseDN() as $base_dn) { if (DEBUG_ENABLED) debug_log('Searching LDAP with base [%s]',9,$base_dn); $sr = @ldap_search($ldapserver->connect(false), $base_dn, $filter, array('dn'), 0, 1); $result = @ldap_get_entries($ldapserver->connect(false), $sr); $dn = isset( $result[0]['dn'] ) ? $result[0]['dn'] : false; if ($dn) { if (DEBUG_ENABLED) debug_log('Got DN [%s] for user ID [%s]',5,$dn,$uid); break; } } # If we got here then we werent able to find a DN for the login filter. if (! $dn) pla_error($lang['bad_user_name_or_password']); # restore the original auth_type $ldapserver->auth_type = $save_auth_type; } } # We fake a 'config' server auth_type to omit duplicated code if (DEBUG_ENABLED) debug_log('Setting login type to CONFIG with DN [%s]',9,$dn); $save_auth_type = $ldapserver->auth_type; $ldapserver->auth_type = 'config'; $ldapserver->login_dn = $dn; $ldapserver->login_pass = $pass; # Verify that dn is allowed to login if (! userIsAllowedLogin($ldapserver,$dn)) pla_error( $lang['login_not_allowed'] ); if (DEBUG_ENABLED) debug_log('User is not prohibited from logging in - now bind with DN [%s]',9,$dn); # verify that the login is good if( is_null($dn) && is_null($pass)) $ds = $ldapserver->connect(true,true,true); else $ds = $ldapserver->connect(true,false,true); if (DEBUG_ENABLED) debug_log('Connection returned [%s]',9,$ds); if (! is_resource($ds)) { if ($anon_bind) pla_error($lang['could_not_bind_anon']); else pla_error($lang['bad_user_name_or_password']); syslog_notice("Authentification FAILED for $dn"); } $ldapserver->auth_type = $save_auth_type; set_login_dn($ldapserver,$dn,$pass,$anon_bind) or pla_error( $lang['could_not_set_cookie'] ); set_lastactivity($ldapserver); initialize_session_tree(); $_SESSION['tree'][$ldapserver->server_id] = array(); $_SESSION['tree_icons'][$ldapserver->server_id] = array(); if(! $anon_bind) { syslog_notice("Authentification successful for $dn"); } session_write_close(); include './header.php'; ?>



name)); ?>
()

".htmlspecialchars($errstr)); } ?>