Added support for multiple LDAP/AD servers, closes thorsten#744

CHANGELOG

@@ -7,8 +7,9 @@ This is a log of major user-visible changes in each phpMyFAQ release.
 
 Version 2.9.0-dev 2014-01-
 - changed PHP requirement to PHP 5.4.4 and later (Thorsten)
-- added tag intersection based search (Tomer Weinberg)
+- added tag intersection based search (Tomer Weinberg, Thorsten)
 - added configuration for enable/disable highlighting search terms (Thorsten)
+- added support for multiple LDAP/AD servers (Bernhard Müller, Thorsten)
 - added frontend dependency management using Bower (Thorsten)
 - updated bundled Symfony ClassLoader to version 2.3.7 (Thorsten)
 - updated bundled jQuery to version 1.10.2 (Thorsten)

phpmyfaq/config/ldap.php.original

@@ -7,15 +7,16 @@ $PMF_LDAP['ldap_password'] = '';
 $PMF_LDAP['ldap_base'] = '';
 
 // More LDAP servers
-// You can as much as you like, please activate them in config/constants_ldap.php, not supported currently
-$PMF_LDAP[0]['ldap_server'] = '';
-$PMF_LDAP[0]['ldap_port'] = '';
-$PMF_LDAP[0]['ldap_user'] = '';
-$PMF_LDAP[0]['ldap_password'] = '';
-$PMF_LDAP[0]['ldap_base'] = '';
-
+// You can as much as you like, please set $PMF_LDAP['ldap_use_multiple_servers'] = true in config/constants_ldap.php
+// Start with 1
 $PMF_LDAP[1]['ldap_server'] = '';
 $PMF_LDAP[1]['ldap_port'] = '';
 $PMF_LDAP[1]['ldap_user'] = '';
 $PMF_LDAP[1]['ldap_password'] = '';
-$PMF_LDAP[1]['ldap_base'] = '';
+$PMF_LDAP[1]['ldap_base'] = '';
+
+$PMF_LDAP[2]['ldap_server'] = '';
+$PMF_LDAP[2]['ldap_port'] = '';
+$PMF_LDAP[2]['ldap_user'] = '';
+$PMF_LDAP[2]['ldap_password'] = '';
+$PMF_LDAP[2]['ldap_base'] = '';

phpmyfaq/inc/PMF/Auth/Ldap.php

@@ -52,6 +52,19 @@ class PMF_Auth_Ldap extends PMF_Auth implements PMF_Auth_Driver
      */
     private $_ldapConfig = [];
 
+    /**
+     * LDAP server(s)
+     *
+     * @var array
+     */
+    private $ldapServer = [];
+
+    /**
+     * Internal key of the active LDAP server where user was found
+     * @var int
+     */
+    private $activeServer = 0;
+
     /**
      * Multiple LDAP servers
      *
@@ -70,17 +83,18 @@ public function __construct(PMF_Configuration $config)
     {
         $this->_config         = $config;
         $this->_ldapConfig     = $this->_config->getLdapConfig();
+        $this->ldapServer     = $this->_config->getLdapServer();
         $this->multipleServers = $this->_ldapConfig['ldap_use_multiple_servers'];
 
         parent::__construct($this->_config);
 
         $this->ldap = new PMF_Ldap($this->_config);
         $this->ldap->connect(
-            $this->_ldapConfig['ldap_server'],
-            $this->_ldapConfig['ldap_port'],
-            $this->_ldapConfig['ldap_base'],
-            $this->_ldapConfig['ldap_user'],
-            $this->_ldapConfig['ldap_password']
+            $this->ldapServer[$this->activeServer]['ldap_server'],
+            $this->ldapServer[$this->activeServer]['ldap_port'],
+            $this->ldapServer[$this->activeServer]['ldap_base'],
+            $this->ldapServer[$this->activeServer]['ldap_user'],
+            $this->ldapServer[$this->activeServer]['ldap_password']
         );
 
         if ($this->ldap->error) {
@@ -101,13 +115,13 @@ public function add($login, $pass)
     {
         $user   = new PMF_User($this->_config);
         $result = $user->createUser($login, null);
-        $this->ldap = new PMF_Ldap($this->_config);
+
         $this->ldap->connect(
-            $this->_ldapConfig['ldap_server'],
-            $this->_ldapConfig['ldap_port'],
-            $this->_ldapConfig['ldap_base'],
-            $this->_ldapConfig['ldap_user'],
-            $this->_ldapConfig['ldap_password']
+            $this->ldapServer[$this->activeServer]['ldap_server'],
+            $this->ldapServer[$this->activeServer]['ldap_port'],
+            $this->ldapServer[$this->activeServer]['ldap_base'],
+            $this->ldapServer[$this->activeServer]['ldap_user'],
+            $this->ldapServer[$this->activeServer]['ldap_password']
         );
 
         if ($this->ldap->error) {
@@ -175,19 +189,41 @@ public function checkPassword($login, $pass, Array $optionalData = null)
             return false;
         }
 
+        // Get active LDAP server for current user
+        if ($this->multipleServers) {
+            // Try all LDAP servers
+            foreach ($this->ldapServer as $key => $value) {
+
+                $this->ldap->connect(
+                    $this->ldapServer[$key]['ldap_server'],
+                    $this->ldapServer[$key]['ldap_port'],
+                    $this->ldapServer[$key]['ldap_base'],
+                    $this->ldapServer[$key]['ldap_user'],
+                    $this->ldapServer[$key]['ldap_password']
+                );
+                if ($this->ldap->error) {
+                    $this->errors[] = $this->ldap->error;
+                }
+
+                if (false !== $this->ldap->getDn($login)) {
+                    $this->activeServer = $key;
+                    break;
+                }
+            }
+        }
+
         $bindLogin = $login;
         if ($this->_ldapConfig['ldap_use_domain_prefix']) {
             if (array_key_exists('domain', $optionalData)) {
                 $bindLogin = $optionalData['domain'] . '\\' . $login;
             }
         } else {
-            $this->ldap = new PMF_Ldap($this->_config);
             $this->ldap->connect(
-                $this->_ldapConfig['ldap_server'],
-                $this->_ldapConfig['ldap_port'],
-                $this->_ldapConfig['ldap_base'],
-                $this->_ldapConfig['ldap_user'],
-                $this->_ldapConfig['ldap_password']
+                $this->ldapServer[$this->activeServer]['ldap_server'],
+                $this->ldapServer[$this->activeServer]['ldap_port'],
+                $this->ldapServer[$this->activeServer]['ldap_base'],
+                $this->ldapServer[$this->activeServer]['ldap_user'],
+                $this->ldapServer[$this->activeServer]['ldap_password']
             );
             if ($this->ldap->error) {
                 $this->errors[] = $this->ldap->error;
@@ -199,9 +235,9 @@ public function checkPassword($login, $pass, Array $optionalData = null)
         // Check user in LDAP
         $this->ldap = new PMF_Ldap($this->_config);
         $this->ldap->connect(
-            $this->_ldapConfig['ldap_server'],
-            $this->_ldapConfig['ldap_port'],
-            $this->_ldapConfig['ldap_base'],
+            $this->ldapServer[$this->activeServer]['ldap_server'],
+            $this->ldapServer[$this->activeServer]['ldap_port'],
+            $this->ldapServer[$this->activeServer]['ldap_base'],
             $bindLogin,
             $pass
         );

phpmyfaq/inc/PMF/Configuration.php

@@ -212,21 +212,38 @@ public function getLdap()
      */
     public function setLdapConfig(Array $ldapConfig)
     {
+        // Always add main LDAP server
+        $this->config['core.ldapServer'][0] = [
+            'ldap_server'   => $ldapConfig['ldap_server'],
+            'ldap_port'     => $ldapConfig['ldap_port'],
+            'ldap_user'     => $ldapConfig['ldap_user'],
+            'ldap_password' => $ldapConfig['ldap_password'],
+            'ldap_base'     => $ldapConfig['ldap_base']
+        ];
+
+        // Add multiple LDAP servers if enabled
         if (true === $ldapConfig['ldap_use_multiple_servers']) {
-            // Multiple LDAP servers
-            $key = 0;
-            while ($key >= 0) {
+            $key = 1;
+            while ($key >= 1) {
                 if (isset($ldapConfig[$key])) {
-                    $this->config['core.ldapConfig'][$key] = $ldapConfig[$key];
+                    $this->config['core.ldapServer'][$key] = $ldapConfig[$key];
                     $key++;
                 } else {
                     break;
                 }
             }
-        } else {
-            // one LDAP server
-            $this->config['core.ldapConfig'] = $ldapConfig;
         }
+
+        // Set LDAP configuration
+        $this->config['core.ldapConfig'] = [
+            'ldap_use_multiple_servers' => $ldapConfig['ldap_use_multiple_servers'],
+            'ldap_mapping'              => $ldapConfig['ldap_mapping'],
+            'ldap_use_domain_prefix'    => $ldapConfig['ldap_use_domain_prefix'],
+            'ldap_options'              => $ldapConfig['ldap_options'],
+            'ldap_use_memberOf'         => $ldapConfig['ldap_use_memberOf'],
+            'ldap_use_sasl'             => $ldapConfig['ldap_use_sasl'],
+            'ldap_use_anonymous_login'  => $ldapConfig['ldap_use_anonymous_login']
+        ];
     }
 
     /**
@@ -239,6 +256,16 @@ public function getLdapConfig()
         return isset($this->config['core.ldapConfig']) ? $this->config['core.ldapConfig'] : [];
     }
 
+    /**
+     * Returns the LDAP server(s)
+     *
+     * @return array
+     */
+    public function getLdapServer()
+    {
+        return isset($this->config['core.ldapServer']) ? $this->config['core.ldapServer'] : [];
+    }
+
     /**
      * Adds a configuration item for the database
      *

tests/AllTests.php

@@ -28,12 +28,13 @@
 require_once 'PHPUnit/TextUI/TestRunner.php';
 
 // include Testsuites
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'Attachment' . DIRECTORY_SEPARATOR . 'AllTests.php';
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'Category' . DIRECTORY_SEPARATOR . 'AllTests.php';
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'Faq' . DIRECTORY_SEPARATOR . 'AllTests.php';
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'Instance' . DIRECTORY_SEPARATOR . 'AllTests.php';
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'Search' . DIRECTORY_SEPARATOR . 'AllTests.php';
-require_once __DIR__ . DIRECTORY_SEPARATOR . 'PMF_LinkTest.php';
+require_once __DIR__ . '/Attachment/AllTests.php';
+require_once __DIR__ . '/Category/AllTests.php';
+require_once __DIR__ . '/Configuration/AllTests.php';
+require_once __DIR__ . '/Faq/AllTests.php';
+require_once __DIR__ . '/Instance/AllTests.php';
+require_once __DIR__ . '/Search/AllTests.php';
+require_once __DIR__ . '/PMF_LinkTest.php';
 
 /**
  * AllTests
@@ -54,6 +55,7 @@ public static function suite()
 
         $suite->addTest(Attachment_AllTests::suite());
         $suite->addTest(Category_AllTests::suite());
+        $suite->addTest(Configuration_AllTests::suite());
         $suite->addTest(Faq_AllTests::suite());
         $suite->addTest(Instance_AllTests::suite());
         $suite->addTest(Search_AllTests::suite());

tests/Configuration/AllTests.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Test suite for configuration related classes
+ *
+ * PHP Version 5.4
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public License,
+ * v. 2.0. If a copy of the MPL was not distributed with this file, You can
+ * obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * @category  phpMyFAQ
+ * @package   PMF_Tests
+ * @author    Thorsten Rinne <[email protected]>
+ * @copyright 2013 phpMyFAQ Team
+ * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      http://www.phpmyfaq.de
+ * @since     2013-12-30
+ */
+
+require_once 'PHPUnit/Framework/TestSuite.php';
+require_once 'PHPUnit/TextUI/TestRunner.php';
+
+require_once 'PMF_ConfigurationTest.php';
+
+/**
+ * Configuration_AllTests
+ *
+ * @category  phpMyFAQ
+ * @package   PMF_Tests
+ * @author    Thorsten Rinne <[email protected]>
+ * @copyright 2013 phpMyFAQ Team
+ * @license   http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
+ * @link      http://www.phpmyfaq.de
+ * @since     2013-12-30
+ */
+class Configuration_AllTests
+{
+    public static function suite()
+    {
+        $suite = new PHPUnit_Framework_TestSuite('phpMyFAQ Configuration');
+
+        $suite->addTestSuite('PMF_ConfigurationTest');
+
+        return $suite;
+    }
+}