<?php
/* $Id$ */
namespace Mammut\Auth;

(defined('MAMMUT') && (basename(__FILE__) != basename($_SERVER['PHP_SELF']))) or die('ACCESS DENIED');

use \Mammut\Exception\IllegalStateException;
use \Mammut\Protocol\LDAP\LDAP;

/**
 * Novell NDS/eDirectory support via LDAP connection
 *
 * @author Stefan Daurer <s.daurer@q-spot.org>
 * @package Mammut\Auth
 */
class AuthEDir extends \Mammut\StrictObject {
	
	/**
	 * The tree name
	 *
	 * @var string
	 */
	private $tree = NULL;
	
	/**
	 * The ldap servers
	 *
	 * @var array
	 */
	private $servers = array();
	private $ctrlUser = NULL;
	private $ctrlPasswd = NULL;

	private function checkPreconditions() {
		if(is_null($this->tree))
			throw new IllegalStateException('No tree defined');
		if(count($this->servers) == 0)
			throw new IllegalStateException('No servers defined');
	}

	private function domainUserName($name) {
		return $name . '@' . $this->domain;
	}

	public function setTree($tree) {
		$this->tree = $tree;
	}

	public function getDomain() {
		return $this->domain;
	}

	/**
	 * set the domain controllers.
	 * can be set by an array or a single string if only one exists
	 *
	 * @param mixed $domCtrl
	 *        	the domain controllers
	 */
	public function setServer($domCtrl) {
		if(is_array($domCtrl))
			$this->servers = $domCtrl;
		else
			$this->servers = array((string) $domCtrl);
	}

	/**
	 *
	 * @return array the domain controller list
	 */
	public function getServer() {
		return $this->servers;
	}

	/**
	 *
	 * @return string a random domain controller name
	 */
	protected function getRndServer() {
		return $this->servers[rand(0, count($this->servers) - 1)];
	}

	public function setControlUser($user, $password) {
		$this->ctrlUser = $user;
		$this->ctrlPasswd = $password;
	}

	/**
	 * authenticates a user on the active directory
	 *
	 * @param string $user
	 *        	the username
	 * @param string $password
	 *        	the password
	 * @return boolean true on success, false otherwise
	 */
	public function authenticate($user, $password) {
		if(empty($user))
			return false;
		$this->checkPreconditions();
		$user = $this->ndsUserName($user);
		$svr = $this->getRndServer();
		$ldap = new LDAP($svr);
		try {
			$ldap->connect($user, $password);
		}
		catch(AuthenticationException $e) {
			$ldap->disconnect();
			return false;
		}
		$ldap->disconnect();
		return true;
	}
}