*/
class LdapService
{
- protected Ldap $ldap;
- protected GroupSyncService $groupSyncService;
- protected UserAvatars $userAvatars;
-
/**
- * @var resource
+ * @var resource|\LDAP\Connection
*/
protected $ldapConnection;
protected array $config;
protected bool $enabled;
- /**
- * LdapService constructor.
- */
- public function __construct(Ldap $ldap, UserAvatars $userAvatars, GroupSyncService $groupSyncService)
- {
- $this->ldap = $ldap;
- $this->userAvatars = $userAvatars;
- $this->groupSyncService = $groupSyncService;
+ public function __construct(
+ protected Ldap $ldap,
+ protected UserAvatars $userAvatars,
+ protected GroupSyncService $groupSyncService
+ ) {
$this->config = config('services.ldap');
$this->enabled = config('auth.method') === 'ldap';
}
// Clean attributes
foreach ($attributes as $index => $attribute) {
- if (strpos($attribute, 'BIN;') === 0) {
+ if (str_starts_with($attribute, 'BIN;')) {
$attributes[$index] = substr($attribute, strlen('BIN;'));
}
}
* Get the details of a user from LDAP using the given username.
* User found via configurable user filter.
*
- * @throws LdapException
+ * @throws LdapException|JsonDebugException
*/
public function getUserDetails(string $userName): ?array
{
*/
protected function getUserResponseProperty(array $userDetails, string $propertyKey, $defaultValue)
{
- $isBinary = strpos($propertyKey, 'BIN;') === 0;
+ $isBinary = str_starts_with($propertyKey, 'BIN;');
$propertyKey = strtolower($propertyKey);
$value = $defaultValue;
* Bind the system user to the LDAP connection using the given credentials
* otherwise anonymous access is attempted.
*
- * @param resource $connection
+ * @param resource|\LDAP\Connection $connection
*
* @throws LdapException
*/
- protected function bindSystemUser($connection)
+ protected function bindSystemUser($connection): void
{
$ldapDn = $this->config['dn'];
$ldapPass = $this->config['pass'];
*
* @throws LdapException
*
- * @return resource
+ * @return resource|\LDAP\Connection
*/
protected function getConnection()
{
$this->ldap->setOption(null, LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP_OPT_X_TLS_NEVER);
}
- $serverDetails = $this->parseServerString($this->config['server']);
- $ldapConnection = $this->ldap->connect($serverDetails['host'], $serverDetails['port']);
+ $ldapHost = $this->parseServerString($this->config['server']);
+ $ldapConnection = $this->ldap->connect($ldapHost);
if ($ldapConnection === false) {
throw new LdapException(trans('errors.ldap_cannot_connect'));
}
/**
- * Parse a LDAP server string and return the host and port for a connection.
+ * Parse an LDAP server string and return the host suitable for a connection.
* Is flexible to formats such as 'ldap.example.com:8069' or 'ldaps://ldap.example.com'.
*/
- protected function parseServerString(string $serverString): array
+ protected function parseServerString(string $serverString): string
{
- $serverNameParts = explode(':', $serverString);
-
- // If we have a protocol just return the full string since PHP will ignore a separate port.
- if ($serverNameParts[0] === 'ldaps' || $serverNameParts[0] === 'ldap') {
- return ['host' => $serverString, 'port' => 389];
+ if (str_starts_with($serverString, 'ldaps://') || str_starts_with($serverString, 'ldap://')) {
+ return $serverString;
}
- // Otherwise, extract the port out
- $hostName = $serverNameParts[0];
- $ldapPort = (count($serverNameParts) > 1) ? intval($serverNameParts[1]) : 389;
-
- return ['host' => $hostName, 'port' => $ldapPort];
+ return "ldap://{$serverString}";
}
/**
* @throws LdapException
* @throws JsonDebugException
*/
- public function syncGroups(User $user, string $username)
+ public function syncGroups(User $user, string $username): void
{
$userLdapGroups = $this->getUserGroups($username);
$this->groupSyncService->syncUserWithFoundGroups($user, $userLdapGroups, $this->config['remove_from_groups']);
projects / bookstack / blobdiff