'LDAP info', 'version' => '1.1', 'author' => '[http://WebDesignEssence.com/ Web Design Essence]', 'description' => '"ldapinfo" tag will show the information about the user from LDAP database', 'url' => 'http://WebDesignEssence.com/mediawiki/ldapinfo/', ); class LDAPinfo { var $sn_source; function LDAPinfo($source) { $this->sn_source = escapeshellcmd($source); } function parse() { global $wgLDAPDomainNames; $ldapconn = $this->connect(); if (! $ldapconn) { $this->printDebug("Failed to connect",1); return 'Failed to connect to the LDAP server. '.$wgLDAPDomainNames[0]; } $searchstring = $this->getSearchString($ldapconn,$this->sn_source); $entry = @ldap_read($ldapconn, $searchstring, "objectclass=*"); @ldap_unbind(); if (!$entry) { $this->printDebug("Did not find a matching user in LDAP",1); return 'LDAP user "'.$this->sn_source.'" not found '; } $this->printDebug("Found a matching user in LDAP",1); $entries = ldap_get_entries($ldapconn, $entry); global $wikidbToken; $logged_in=false; if (isset($wikidbToken) && !empty($wikidbToken)) { $logged_in=true; } global $wgParser; $wgParser->disableCache(); $s='

'; $s.=$this->show_line('Company', $entries[0]['o'][0]); if ($logged_in) { $s.=$this->show_line('Division', $entries[0]['ou'][0]); } $s.=$this->show_line('Department', $entries[0]['businesscategory'][0]); if ($logged_in) { $s.=$this->show_line('Title', $entries[0]['title'][0]); } if ($logged_in) { $s.=$this->show_line('Affiliation', $entries[0]['employeetype'][0]); } $s.=$this->show_line('Office phone', $entries[0]['telephonenumber'][0]); if ($logged_in) { $s.=$this->show_line('Room number', $entries[0]['roomnumber'][0]); } $s.=$this->show_line('E-Mail', $this->encrypt_mail($entries[0]['mail'][0])); $s.=$this->show_line_weblink('Web page',$entries[0]['labeleduri'][0]); $s.="

\n"; return $s; } # Show one line function show_line($name, $value) { $val=ltrim(rtrim($value )); if (empty($val)) { return ''; } return '

'.$name.': '.$val."

\n"; } # Show one line: URL function show_line_weblink($name, $value) { $val=ltrim(rtrim($value )); if (empty($val)) { return ''; } return '

'.$name.': '.$val."

\n"; } # Scramble e-mail address function encrypt_mail($s) { $pos = strpos($s, '@'); if ($pos == false) { return $s; } $user = substr($s, 0,$pos); $domain = substr($s,$pos+1); $res=''; $res.=''."\n"; return $res; } # Debugging log function printDebug($debugText, $debugVal ) { global $wgLDAPDebug; if ($wgLDAPDebug > $debugVal) { echo $debugText . "
"; } } # Open LDAP connection function connect() { global $wgLDAPServerNames, $wgLDAPDomainNames; global $wgLDAPUseSSL, $wgLDAPUseTLS; $this->printDebug("Entering Connect",1); if ($wgLDAPUseSSL ) { $this->printDebug("Using SSL",3); $serverpre = "ldaps://"; } else { $this->printDebug("Not Using SSL",3); $serverpre = "ldap://"; } $servers = ""; $tmpservers = $wgLDAPServerNames[$wgLDAPDomainNames[0]]; $tok = strtok($tmpservers, " "); while ($tok) { $servers = $servers . " " . $serverpre . $tok; $tok = strtok(" "); } $servers = rtrim($servers); $this->printDebug("Using servers: $servers",2); $ldapconn = @ldap_connect($servers ); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); if ($wgLDAPUseTLS) { $this->printDebug("Using TLS",3); ldap_start_tls($ldapconn); } return $ldapconn; } # Search string function getSearchString($ldapconn, $username) { global $wgLDAPSearchStrings,$wgLDAPDomainNames; $this->printDebug("Entering getSearchString",1); if (isset($wgLDAPSearchStrings[$wgLDAPDomainNames[0]])) { //This is a straight bind $this->printDebug("Doing a straight bind",1); $tmpuserdn = $wgLDAPSearchStrings[$wgLDAPDomainNames[0]]; $userdn = str_replace("USER-NAME",$username,$tmpuserdn); } else { //This is a proxy bind, or an anonymous bind with a search $this->printDebug("Doing a proxy or anonymous bind",1); $userdn = $this->getUserDN($ldapconn, $username); } $this->printDebug("userdn is: $userdn",2); return $userdn; } # Full user DN function getUserDN($ldapconn, $username) { global $wgLDAPProxyAgent, $wgLDAPProxyAgentPassword; global $wgLDAPSearchAttributes, $wgLDAPDomainNames; global $wgLDAPRequireAuthAttribute, $wgLDAPAuthAttribute; global $wgLDAPBaseDNs; $this->printDebug("Entering getUserDN",1); if (isset($wgLDAPProxyAgent)) { //This is a proxy bind $this->printDebug("Doing a proxy bind",1); $bind = $this->bindAs($ldapconn, $wgLDAPProxyAgent, $wgLDAPProxyAgentPassword ); } else { //This is an anonymous bind $this->printDebug("Doing an anonymous bind",1); $bind = $this->bindAs($ldapconn ); } if (!$bind) { $this->printDebug("Failed to bind",1); return ''; } // We need to do a subbase search for the entry // Let's catch it here is the user is missing auth attribute if ($wgLDAPRequireAuthAttribute) { $auth_filter = "(" . $wgLDAPAuthAttribute[$wgLDAPDomainNames[0]] . ")"; $srch_filter = "(" . $wgLDAPSearchAttributes[$wgLDAPDomainNames[0]] . "=$username)"; $filter = "(&" . $srch_filter . $auth_filter . ")"; $this->printDebug("Created an auth attribute filter: $filter",2); } else { $filter = "(" . $wgLDAPSearchAttributes[$wgLDAPDomainNames[0]] . "=$username)"; $this->printDebug("Created a regular filter: $filter",2); } $attributes = array("dn"); $base = $wgLDAPBaseDNs[$wgLDAPDomainNames[0]]; $this->printDebug("Using base: $base",2); $entry = @ldap_search($ldapconn, $base, $filter, $attributes); if (!$entry) { $this->printDebug("Couldn't find an entry",1); return ''; } $info = @ldap_get_entries($ldapconn, $entry); $userdn = $info[0]["dn"]; return $userdn; } # Check if the user can authenticate. function bindAs($ldapconn, $userdn=null, $password=null ) { if ($userdn == null || $password == null) { $bind = @ldap_bind($ldapconn); } else { $bind = @ldap_bind($ldapconn, $userdn, $password); } if (!$bind) { $this->printDebug("Failed to bind as $userdn",1); return false; } return true; } } $wgExtensionFunctions[] = "wfExtensionLdapInfo"; # Main function function wfExtensionLdapInfo() { global $wgParser; $wgParser->setHook("ldapinfo", create_function('$text', '$ldapinf = new LDAPinfo(rtrim(ltrim($text)));return $ldapinf->parse();')); } ?>