taarly/PHP_AdminTool_Projekt
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a39ea87eec
PHP_AdminTool_Projekt/config/ldap.php
blaerf 959b3b0e82 LDAP login erstellt
2025-11-16 12:06:16 +01:00

86 lines
2.4 KiB
PHP
Raw Blame History

<?php
// config/ldap.php
$LDAP_HOST = "ITFA-PROJ-SRV.ITFA-PROJ-DOM.local";
$LDAP_PORT = 389;
$LDAP_BASE_DN = "DC=ITFA-PROJ-DOM,DC=local";
$LDAP_UPN_SUFFIX = "@ITFA-PROJ-DOM.local";
$LDAP_NETBIOS_NAME = "ITFA-PROJ-DOM"; // falls man mal DOMAIN\user nutzen will
// einfacher Logger für LDAP
function ldap_log($message)
{
$logDir = dirname(__DIR__) . '/logs';
$logFile = $logDir . '/ldap.log';
if (!is_dir($logDir)) {
mkdir($logDir, 0770, true);
}
$line = date('c') . " [LDAP] " . $message . PHP_EOL;
// KEIN Passwort loggen!
file_put_contents($logFile, $line, FILE_APPEND);
}
/**
* LDAP-Login
* @param string $username SAM-Accountname ohne Domain
* @param string $password Klartext-Passwort (nicht loggen!)
* @param string|null $errorDetail wird mit technischem Fehlertext gefüllt
* @return resource|false LDAP-Verbindung bei Erfolg, sonst false
*/
function ldap_authenticate($username, $password, ?string &$errorDetail = null)
{
global $LDAP_HOST, $LDAP_PORT, $LDAP_UPN_SUFFIX;
$errorDetail = "";
if ($username === "" || $password === "") {
$errorDetail = "Username oder Passwort leer.";
ldap_log($errorDetail);
return false;
}
$connection = @ldap_connect($LDAP_HOST, $LDAP_PORT);
if ($connection === false) {
$errorDetail = "Verbindung zu LDAP-Host '$LDAP_HOST:$LDAP_PORT' fehlgeschlagen.";
ldap_log($errorDetail);
return false;
}
// Optionen setzen
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
//StartTLS
if (!@ldap_start_tls($connection)) {
$errNo = ldap_errno($connection);
$errStr = ldap_error($connection);
$errorDetail = "ldap_start_tls fehlgeschlagen (Fehler {$errNo}: {$errStr}).";
ldap_log($errorDetail);
ldap_unbind($connection);
return false;
}
// UPN-Login: user@domain
$bindRdn = $username . $LDAP_UPN_SUFFIX;
$bind = @ldap_bind($connection, $bindRdn, $password);
if ($bind === false) {
$errNo = ldap_errno($connection);
$errStr = ldap_error($connection);
$errorDetail = "Bind fehlgeschlagen für '$bindRdn' (Fehler $errNo: $errStr).";
ldap_log($errorDetail);
ldap_unbind($connection);
return false;
}
ldap_log("Login erfolgreich für '$bindRdn'.");
return $connection;
}
Reference in New Issue View Git Blame Copy Permalink