69 lines
2.0 KiB
PHP
69 lines
2.0 KiB
PHP
<?php
|
|
class LDAPAuth
|
|
{
|
|
private $ldap_server;
|
|
private $service_dn;
|
|
private $service_pwd;
|
|
private $ad;
|
|
|
|
public function __construct()
|
|
{
|
|
$this->ldap_server = 'ldap://intranet.epul3a.local';
|
|
$this->service_dn = 'CN=Service LDAP Reader,CN=Users,DC=epul3a,DC=local';
|
|
$this->service_pwd = 'Test@123';
|
|
}
|
|
|
|
public function connect()
|
|
{
|
|
$this->ad = ldap_connect($this->ldap_server)
|
|
or die("❌ Impossible de se connecter au LDAP");
|
|
|
|
ldap_set_option($this->ad, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
ldap_set_option($this->ad, LDAP_OPT_REFERRALS, 0);
|
|
}
|
|
|
|
public function getUserDN($sAMAccountName)
|
|
{
|
|
$this->connect();
|
|
|
|
// Connexion avec le compte service
|
|
if (!@ldap_bind($this->ad, $this->service_dn, $this->service_pwd)) {
|
|
die("❌ Erreur de connexion avec svc_ldap_read : " . ldap_error($this->ad));
|
|
}
|
|
|
|
// 🔥 Utilisation correcte du sAMAccountName (alias de connexion)
|
|
$search_base = "DC=epul3a,DC=local";
|
|
$search_filter = "(sAMAccountName=$sAMAccountName)"; // 🔥 Remplace ici
|
|
$search_result = ldap_search($this->ad, $search_base, $search_filter);
|
|
$entries = ldap_get_entries($this->ad, $search_result);
|
|
|
|
if ($entries["count"] > 0) {
|
|
return $entries[0]["dn"]; // ✅ Retourne le DN correct
|
|
}
|
|
|
|
return false; // ❌ Utilisateur non trouvé
|
|
}
|
|
|
|
public function authenticate($sAMAccountName, $user_password)
|
|
{
|
|
$user_dn = $this->getUserDN($sAMAccountName);
|
|
if (!$user_dn) {
|
|
return ['success' => false, 'message' => 'Utilisateur introuvable'];
|
|
}
|
|
|
|
// Tentative de connexion avec le DN récupéré
|
|
if (@ldap_bind($this->ad, $user_dn, $user_password)) {
|
|
return ['success' => true, 'dn' => $user_dn];
|
|
}
|
|
|
|
return ['success' => false, 'message' => 'Échec d\'authentification'];
|
|
}
|
|
|
|
public function close()
|
|
{
|
|
if ($this->ad) {
|
|
ldap_close($this->ad);
|
|
}
|
|
}
|
|
}
|