yaowenqiang · August 29, 2015 14:23
diff --git a/auth.php b/auth.php
 <?php

 return array(

    'driver' => 'auth-ldap',
    'reminder' => array(
        'emails.auth.reminder', 'table' => 'password_reminders',
    ),
 	// Ldap server
 	'ldap'	=> 'UPDATE'
 	'ldap-domain' => 'UPDATE'

 );
diff --git a/global.php b/global.php
 <?php


 Auth::extend('auth-ldap', function() {
 	return new Illuminate\Auth\Guard(new LdapProvider, App::make('session.store'));
 });
diff --git a/LdapProvider.php b/LdapProvider.php
 <?php 

 use Illuminate\Auth\UserProviderInterface as UserProvider;
 use Illuminate\Auth\UserInterface as UserInterface;

 class LdapProvider implements UserProvider{

 	public function __construct(){}

 	/**
 	 * @param  string $identifier - ldap username
 	 * @return User
 	 */
 	public function retrieveByID($identifier)
 	{
 		return new User(array('username' => $identifier));
 	}

 	/**
 	 * [connectLdap description]
 	 * @param  array  $credentials - passes in username / password
 	 * @return boolean
 	 */
 	public function connectLdap(array $credentials)
 	{
 		$ldap   = ldap_connect(Config::get('auth.ldap'));
 		$domain = Config::get('auth.ldap-domain', false );
 		$domain = ( $domain ) ? "{$domain}\\" : '';
 		
 		/**
 		 * If the username and password is not @ least 3 chars ...
 		 * Prevents ldap_connect with password = abc
 		 */
 		if(strlen($credentials['username']) < 3 || strlen($credentials['password']) < 3){
 			return false;
 		}

 		// If connection succeeds, then user is valid
 		// ldap_bind fails hard with invalid credentials so let's silence it with @
 		try { 
 			$ldap_bind = @ldap_bind($ldap, $domain . $credentials['username'], $credentials['password']);
 			
 			if (!$ldap_bind) {
 		        return false;
 		    }

 			return true;

 		} catch (Exception $e) {
 		
 			// otherwise invalid
 			return false;
 		}
 	}

 	/**
 	 * @param  array  $credentials - passes in username / password
 	 * @return mixed
 	 */
 	public function retrieveByCredentials(array $credentials)
 	{
 		if($this->connectLdap($credentials)){
 			return $user = new User($credentials);
 		}
 	}

 	/**
 	 * [validateCredentials description]
 	 * @param  UserInterface $user        [description]
 	 * @param  array         $credentials [description]
 	 * @return boolean
 	 */
 	public function validateCredentials(UserInterface $user, array $credentials)
 	{
 		return $this->connectLdap($credentials);
 	}

 	public function retrieveByToken($identifier, $token){}
 	public function updateRememberToken(UserInterface $user, $token){}
 }
	<?php

	return array(

	'driver' => 'auth-ldap',
	'reminder' => array(
	'emails.auth.reminder', 'table' => 'password_reminders',
	),
	// Ldap server
	'ldap' => 'UPDATE'
	'ldap-domain' => 'UPDATE'

	);
	<?php


	Auth::extend('auth-ldap', function() {
	return new Illuminate\Auth\Guard(new LdapProvider, App::make('session.store'));
	});
	<?php

	use Illuminate\Auth\UserProviderInterface as UserProvider;
	use Illuminate\Auth\UserInterface as UserInterface;

	class LdapProvider implements UserProvider{

	public function __construct(){}

	/**
	* @param string $identifier - ldap username
	* @return User
	*/
	public function retrieveByID($identifier)
	{
	return new User(array('username' => $identifier));
	}

	/**
	* [connectLdap description]
	* @param array $credentials - passes in username / password
	* @return boolean
	*/
	public function connectLdap(array $credentials)
	{
	$ldap = ldap_connect(Config::get('auth.ldap'));
	$domain = Config::get('auth.ldap-domain', false );
	$domain = ( $domain ) ? "{$domain}\\" : '';

	/**
	* If the username and password is not @ least 3 chars ...
	* Prevents ldap_connect with password = abc
	*/
	if(strlen($credentials['username']) < 3 \|\| strlen($credentials['password']) < 3){
	return false;
	}

	// If connection succeeds, then user is valid
	// ldap_bind fails hard with invalid credentials so let's silence it with @
	try {
	$ldap_bind = @ldap_bind($ldap, $domain . $credentials['username'], $credentials['password']);

	if (!$ldap_bind) {
	return false;
	}

	return true;

	} catch (Exception $e) {

	// otherwise invalid
	return false;
	}
	}

	/**
	* @param array $credentials - passes in username / password
	* @return mixed
	*/
	public function retrieveByCredentials(array $credentials)
	{
	if($this->connectLdap($credentials)){
	return $user = new User($credentials);
	}
	}

	/**
	* [validateCredentials description]
	* @param UserInterface $user [description]
	* @param array $credentials [description]
	* @return boolean
	*/
	public function validateCredentials(UserInterface $user, array $credentials)
	{
	return $this->connectLdap($credentials);
	}

	public function retrieveByToken($identifier, $token){}
	public function updateRememberToken(UserInterface $user, $token){}
	}