Page MenuHomePhorge
Diviner Tech Docs PhutilLDAPAuthAdapter

final class PhutilLDAPAuthAdapter
Phorge Technical Documentation (Auth)

Retrieve identify information from LDAP accounts.

Methods

public function __get($name)
Inherited

This method is not documented.
Parameters
$name
Return
wild

public function __set($name, $value)
Inherited

This method is not documented.
Parameters
$name
$value
Return
wild

public function current()
Inherited

This method is not documented.
Return
wild

public function key()
Inherited

This method is not documented.
Return
wild

public function next()
Inherited

This method is not documented.
Return
wild

public function rewind()
Inherited

This method is not documented.
Return
wild

public function valid()
Inherited

This method is not documented.
Return
wild

private function throwOnAttemptedIteration()
Inherited

This method is not documented.
Return
wild

public function getPhobjectClassConstant($key, $byte_limit)
Inherited

Phobject

Read the value of a class constant.

This is the same as just typing self::CONSTANTNAME, but throws a more useful message if the constant is not defined and allows the constant to be limited to a maximum length.

Parameters
string$keyName of the constant.
int|null$byte_limitMaximum number of bytes permitted in the value.
Return
stringValue of the constant.

final public function getAccountIdentifiers()
Inherited

This method is not documented.
Return
wild

protected function newAccountIdentifiers()
Inherited

This method is not documented.
Return
wild

final protected function newAccountIdentifier($raw_identifier)
Inherited

This method is not documented.
Parameters
$raw_identifier
Return
wild

public function getAccountID()

PhutilAuthAdapter

Get a unique identifier associated with the account.

This identifier should be permanent, immutable, and uniquely identify the account. If possible, it should be nonsensitive. For providers that have a GUID or PHID value for accounts, these are the best values to use.

You can implement newAccountIdentifiers() instead if a provider is unable to emit identifiers with all of these properties.

If the adapter was unable to authenticate an identity, it should return null.

PhutilLDAPAuthAdapter
This method is not documented.
Return
string|nullUnique account identifier, or `null` if authentication failed.

public function getAdapterType()

PhutilAuthAdapter

Get a string identifying this adapter, like "ldap". This string should be unique to the adapter class.

PhutilLDAPAuthAdapter
This method is not documented.
Return
stringUnique adapter identifier.

public function getAdapterDomain()

PhutilAuthAdapter

Get a string identifying the domain this adapter is acting on. This allows an adapter (like LDAP) to act against different identity domains without conflating credentials. For providers like Facebook or Google, the adapters just return the relevant domain name.

PhutilLDAPAuthAdapter
This method is not documented.
Return
stringDomain the adapter is associated with.

public function getAdapterKey()
Inherited

PhutilAuthAdapter

Generate a string uniquely identifying this adapter configuration. Within the scope of a given key, all account IDs must uniquely identify exactly one identity.

Return
stringUnique identifier for this adapter configuration.

public function getAccountEmail()

PhutilAuthAdapter

Optionally, return an email address associated with this account.

PhutilLDAPAuthAdapter
This method is not documented.
Return
string|nullAn email address associated with the account, or `null` if data is not available.

public function getAccountName()

PhutilAuthAdapter

Optionally, return a human readable username associated with this account.

PhutilLDAPAuthAdapter
This method is not documented.
Return
string|nullAccount username, or `null` if data isn't available.

public function getAccountURI()
Inherited

PhutilAuthAdapter

Optionally, return a URI corresponding to a human-viewable profile for this account.

Return
string|nullA profile URI associated with this account, or `null` if the data isn't available.

public function getAccountImageURI()
Inherited

PhutilAuthAdapter

Optionally, return a profile image URI associated with this account.

Return
string|nullURI for an account profile image, or `null` if one is not available.

public function getAccountRealName()

PhutilAuthAdapter

Optionally, return a real name associated with this account.

PhutilLDAPAuthAdapter
This method is not documented.
Return
string|nullA human real name, or `null` if this data is not available.

public function setHostname($host)

This method is not documented.
Parameters
$host
Return
wild

public function setPort($port)

This method is not documented.
Parameters
$port
Return
wild

public function setBaseDistinguishedName($base_distinguished_name)

This method is not documented.
Parameters
$base_distinguished_name
Return
wild

public function setSearchAttributes($search_attributes)

This method is not documented.
Parameters
array$search_attributes
Return
wild

public function setUsernameAttribute($username_attribute)

This method is not documented.
Parameters
$username_attribute
Return
wild

public function setRealNameAttributes($attributes)

This method is not documented.
Parameters
array$attributes
Return
wild

public function setLDAPVersion($ldap_version)

This method is not documented.
Parameters
$ldap_version
Return
wild

public function setLDAPReferrals($ldap_referrals)

This method is not documented.
Parameters
$ldap_referrals
Return
wild

public function setLDAPStartTLS($ldap_start_tls)

This method is not documented.
Parameters
$ldap_start_tls
Return
wild

public function setAnonymousUsername($anonymous_username)

This method is not documented.
Parameters
$anonymous_username
Return
wild

public function setAnonymousPassword($anonymous_password)

This method is not documented.
Parameters
PhutilOpaqueEnvelope$anonymous_password
Return
wild

public function setLoginUsername($login_username)

This method is not documented.
Parameters
$login_username
Return
wild

public function setLoginPassword($login_password)

This method is not documented.
Parameters
PhutilOpaqueEnvelope$login_password
Return
wild

public function setActiveDirectoryDomain($domain)

This method is not documented.
Parameters
$domain
Return
wild

public function setAlwaysSearch($always_search)

This method is not documented.
Parameters
$always_search
Return
wild

public function readLDAPRecordAccountID($record)

This method is not documented.
Parameters
array$record
Return
wild

public function readLDAPRecordAccountName($record)

This method is not documented.
Parameters
array$record
Return
wild

public function readLDAPRecordRealName($record)

This method is not documented.
Parameters
array$record
Return
wild

public function readLDAPRecordEmail($record)

This method is not documented.
Parameters
array$record
Return
wild

private function getLDAPUserData()

This method is not documented.
Return
wild

private function readLDAPData($data, $key, $default)

This method is not documented.
Parameters
array$data
$key
$default
Return
wild

private function formatLDAPAttributeSearch($attribute, $login_user)

This method is not documented.
Parameters
$attribute
$login_user
Return
wild

private function loadLDAPUserData()

This method is not documented.
Return
wild

private function establishConnection()

This method is not documented.
Return
wild

private function searchLDAPForRecord($dn)

This method is not documented.
Parameters
$dn
Return
wild

public function searchLDAP($pattern)

This method is not documented.
Parameters
$pattern
Return
wild

private function raiseConnectionException($conn, $message)

This method is not documented.
Parameters
$conn
$message
Return
wild

private function bindLDAP($conn, $user, $pass)

This method is not documented.
Parameters
$conn
$user
PhutilOpaqueEnvelope$pass
Return
wild

private function shouldBindWithoutIdentity()

Determine if this adapter should attempt to bind to the LDAP server without a user identity.

Generally, we can bind directly if we have a username/password, or if the "Always Search" flag is set, indicating that the empty username and password are sufficient.

Return
boolTrue if the adapter should perform binds without identity.