feat: use a service account to permit read only checks like for auth

2025-02-04 11:51:42 -08:00
parent 986b72a2cb
commit 0b83f35f1b
8 changed files with 122 additions and 37 deletions
--- a/test.php
+++ b/test.php
@@ -1,13 +1,31 @@
 <?php
-$ldapconn = ldap_connect("ldap://intranet.epul3a.local");
+$ldap_server = 'ldap://intranet.epul3a.local';
+$service_dn = "CN=Service LDAP Reader,CN=Users,DC=epul3a,DC=local";
+
+
+$service_pwd = "Test@123";
+
+$ldapconn = ldap_connect($ldap_server);
 ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
 ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

-$user_dn = "CN=Ali Gathor,OU=3AFISA,DC=epul3a,DC=local";
-$password = "Test@123";  // Remplace avec un vrai mot de passe de test
-
-if (@ldap_bind($ldapconn, $user_dn, $password)) {
-    echo "✅ Connexion réussie !";
+if (@ldap_bind($ldapconn, $service_dn, $service_pwd)) {
+    echo "✅ Connexion réussie avec svc_ldap_read !";
 } else {
    echo "❌ Erreur de connexion : " . ldap_error($ldapconn);
 }
+
+ldap_close($ldapconn);
+
+// === TEST ===
+require_once __DIR__ . '/models/LDAPAuth.php';
+$ldap = new LDAPAuth();
+$result = $ldap->authenticate("a.gathor", "Test@123");
+
+if ($result['success']) {
+    echo "✅ Authentification réussie pour " . $result['dn'];
+} else {
+    echo "❌ " . $result['message'];
+}
+
+$ldap->close();