Action disabled: revisions
Авторизация в Active Directory на PHP
- ad.php
<?php /** * Авторизация (auth) и информация о пользователе (info) через Active Directory * @example http://ad.site.ru/services/ad.php?action=auth&login=user&pwd=password&remote_addr=192.168.0.20 * @example http://ad.site.ru/services/ad.php?action=info&login=user&remote_addr=192.168.0.20 */ class LdapInfo { protected $ldapConnected = false, $ldapServer = 'organisation.local', $ldapDn = "DC=organisation,DC=local", $ldapUserDomain = 'organisation\\', // системный пользователь - для получения информации о любом пользователе без пароля $SYS_LOGIN = 'sysuser', $SYS_PWD = 'syspassword'; public function run() { try { $this->getRequest(); switch($this->ACTION) { // Проверка авторизации (логин-пароль) case 'auth': if (empty($this->LOGIN) || empty($this->PWD)) throw new Exception('EMPTY CREDS', 1); $this->ldapConnect(); $this->ldapBind($this->LOGIN, $this->PWD); $resp = array('result' => 'success'); break; // Информация о пользователе по логину case 'info': if (empty($this->LOGIN)) throw new Exception('EMPTY LOGIN', 1); $this->ldapConnect(); $this->ldapBind($this->SYS_LOGIN, $this->SYS_PWD); $this->ldapSearch(); $it = $this->ldapEntries[0]; $resp = array( 'result' => 'success', 'samaccountname' => $it['samaccountname'][0], 'displayname' => $it['displayname'][0], 'company' => $it['company'][0], 'mail' => $it['mail'][0], 'lablecomputer' => $it['lablecomputer'][0], 'department' => $it['department'][0], 'description' => $it['description'][0], ); break; default: $this->ACTION = 'Wrong action'; throw new Exception('Wrong action', 1); } if($this->ldapConnected) { $this->ldapClose(); } syslog(LOG_INFO, "[AD][{$this->ACTION}][ok][remote_addr={$this->REMOTE_ADDR} login={$this->LOGIN}]"); // header('HTTP/1.1 200 OK', true); // ХЗ почему, но если включить, file_get_contents($uri) будет тормозить, препарация курлом curl --verbose не выявила различий die(json_encode($resp)); } catch (Exception $e) { if($this->ldapConnected) { $this->ldapClose(); } syslog(LOG_ERR, "[AD][{$this->ACTION}][error][remote_addr={$this->REMOTE_ADDR} login={$this->LOGIN}]: " . $e->getMessage()); header('HTTP/1.1 403 Forbidden', true); die($e->getMessage()); } } protected function getRequest() { $this->LOGIN = trim($_REQUEST['login']); $this->PWD = trim($_REQUEST['pwd']); $this->REMOTE_ADDR = trim($_REQUEST['remote_addr']); $this->ACTION = trim($_REQUEST['action']); } // соединение с сервером protected function ldapConnect() { $this->ldapconn = ldap_connect($this->ldapServer); if($this->ldapconn === false) { throw new Exception('LDAP FAILED'); } ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0); $this->ldapConnected = true; } protected function ldapBind($LOGIN, $PWD) { $this->ldapbind = ldap_bind($this->ldapconn, $this->ldapUserDomain . $LOGIN, $PWD); if(!$this->ldapbind) throw new Exception('NOT FOUND', 2); } protected function ldapSearch() { $filter = '(&(objectCategory=user)(samaccountname=' . $this->LOGIN.'))'; $sr = ldap_search($this->ldapconn, $this->ldapDn, $filter); $this->ldapEntries = ldap_get_entries($this->ldapconn, $sr); if($this->ldapEntries['count'] != 1) throw new Exception('TOO MANY RESULTS: ' . $this->ldapEntries['count'], 3); } protected function ldapClose() { ldap_close($this->ldapconn); } } $LdapInfo = new LdapInfo(); $LdapInfo->run();