+ return $_SERVER['HTTP_HOST'] . str_replace('install.php', '', $_SERVER['REQUEST_URI']);
+}
+
+function jirafeau_has_ldap_auth($cfg)
+{
+ return $cfg['upload_ldap_auth'] === true;
+}
+
+function jirafeau_challenge_ldap_auth($cfg, $user, $password)
+{
+ if (!jirafeau_has_ldap_auth($cfg)) {
+ return "upload_ldap_auth not set";
+ }
+ if (strlen($cfg['upload_ldap_host']) == 0) {
+ return "upload_ldap_host not set";
+ }
+ if (strlen($cfg['upload_ldap_base_dn']) == 0) {
+ return "upload_ldap_base_dn not set";
+ }
+ $host = $cfg['upload_ldap_host'];
+ $base_dn = $cfg['upload_ldap_base_dn'];
+ $con = ldap_connect("ldap://$host");
+ $ldap_user = "cn=$user,$base_dn";
+ if (!$con) {
+ return "cannot initiate connection to ldap server";
+ }
+ ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
+ $bind = ldap_bind_ext($con, $ldap_user, $password, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
+ if (!$bind) {
+ ldap_close($con);
+ return "cannot bind to ldap server";
+ }
+ $parsing = ldap_parse_result($con, $bind, $errcode, $matcheddn, $errmsg, $referrals, $ctrls);
+ if (!$parsing) {
+ ldap_close($con);
+ return "cannot parlse ldap results";
+ }
+ if ($errcode == 49) {
+ ldap_close($con);
+ return "bad password";
+ }
+ if ($errcode != 0) {
+ ldap_close($con);
+ return "ldap auth error: $errmsg ($errcode)";
+ }
+ return true;