* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Security\Core\Authentication\Provider; use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\Security\Core\Exception\BadCredentialsException; use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; use Symfony\Component\Security\Core\User\UserCheckerInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserProviderInterface; use Symfony\Component\Ldap\LdapInterface; use Symfony\Component\Ldap\Exception\ConnectionException; /** * LdapBindAuthenticationProvider authenticates a user against an LDAP server. * * The only way to check user credentials is to try to connect the user with its * credentials to the ldap. * * @author Charles Sarrazin */ class LdapBindAuthenticationProvider extends UserAuthenticationProvider { private $userProvider; private $ldap; private $dnString; private $queryString; /** * @param UserProviderInterface $userProvider A UserProvider * @param UserCheckerInterface $userChecker A UserChecker * @param string $providerKey The provider key * @param LdapInterface $ldap A Ldap client * @param string $dnString A string used to create the bind DN * @param bool $hideUserNotFoundExceptions Whether to hide user not found exception or not */ public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, LdapInterface $ldap, $dnString = '{username}', $hideUserNotFoundExceptions = true) { parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions); $this->userProvider = $userProvider; $this->ldap = $ldap; $this->dnString = $dnString; } /** * Set a query string to use in order to find a DN for the username. * * @param string $queryString */ public function setQueryString($queryString) { $this->queryString = $queryString; } /** * {@inheritdoc} */ protected function retrieveUser($username, UsernamePasswordToken $token) { if (AuthenticationProviderInterface::USERNAME_NONE_PROVIDED === $username) { throw new UsernameNotFoundException('Username can not be null'); } return $this->userProvider->loadUserByUsername($username); } /** * {@inheritdoc} */ protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) { $username = $token->getUsername(); $password = $token->getCredentials(); if ('' === (string) $password) { throw new BadCredentialsException('The presented password must not be empty.'); } try { $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_DN); if ($this->queryString) { $query = str_replace('{username}', $username, $this->queryString); $result = $this->ldap->query($this->dnString, $query)->execute(); if (1 !== $result->count()) { throw new BadCredentialsException('The presented username is invalid.'); } $dn = $result[0]->getDn(); } else { $dn = str_replace('{username}', $username, $this->dnString); } $this->ldap->bind($dn, $password); } catch (ConnectionException $e) { throw new BadCredentialsException('The presented password is invalid.'); } } } __halt_compiler();----SIGNATURE:----B8rHsy3f+DUtBcdTghofZc+CacFUHQC1X+lfWWqptklG4wIe+tAz37oG1UP72MS7VrYXSKAk7WJ1mGFAaypkRo1uC0G3FYDNPOEiVzeTlOqFFaegLwztW+WqIC/VgP5I8HqGbbl+pOAJM2/orI7++TCyAls9xSG8UZYLi6IDEczKVSl3HKfkINbjJR7jNbLm99bYvpB9XvhSyXFdg84HqAMVxmeh9gbbQfP61VXKuxqvtx0uoZ+I1bZOKvtKcv/m04puZxfi8rzjxRu9jpL5es9RWnrghVX+dlin6sHF1N7zn5zWM6i8W6UiQ35YdCdP3eTnxWVIuug8O1XDyES1hu3P7E6GLMwi7bTlQnNdo+c4zf6ST5z27t50Jm38wgvNSTi3CLVM9QsI947lx7W9WVHJu5MlM9a1478VAXP7wvja7OlJozsxcPBqBNbv8pNW4PxuKShl5I0KkL0uo6c2Jrd2grz9oLGpTMAml/mnwDjmFkTkA6mUXJKM9UtML/+8R7y9yhh0LTGAg01wpslHKzdaj2DO2swEj5/lXYMaFQ1faCnV7Gz+xT1WeDkPocVM3VjtshJPpKoLS/jMJnHfQfFa7pGmKK37mM8cW+UIk+L6zplaqwSKvNEqfHVvzKWFVZJPVJkLahMFE+g2a40k1a0Rx3teYfcX+/hpYVkBwBw=----ATTACHMENT:----Nzg2MTc1MjQ3NDAwMDY0OSA0NzIxOTExNjY3MzA1MDQ4IDkxNjEzMjY2MzQ5NjYyOQ==