final public function getAccountIdentifiers()Inherited
| wild |
protected function newAccountIdentifiers()Inherited
| wild |
final protected function newAccountIdentifier($raw_identifier)Inherited
| $raw_identifier |
| wild |
public function getAccountID()
Get a unique identifier associated with the account.
This identifier should be permanent, immutable, and uniquely identify the account. If possible, it should be nonsensitive. For providers that have a GUID or PHID value for accounts, these are the best values to use.
You can implement newAccountIdentifiers() instead if a provider is unable to emit identifiers with all of these properties.
If the adapter was unable to authenticate an identity, it should return null.
| string|null | Unique account identifier, or `null` if authentication failed. |
public function getAdapterType()
Get a string identifying this adapter, like "ldap". This string should be unique to the adapter class.
| string | Unique adapter identifier. |
public function getAdapterDomain()
Get a string identifying the domain this adapter is acting on. This allows an adapter (like LDAP) to act against different identity domains without conflating credentials. For providers like Facebook or Google, the adapters just return the relevant domain name.
| string | Domain the adapter is associated with. |
public function getAdapterKey()Inherited
Generate a string uniquely identifying this adapter configuration. Within the scope of a given key, all account IDs must uniquely identify exactly one identity.
| string | Unique identifier for this adapter configuration. |
public function getAccountEmail()
Optionally, return an email address associated with this account.
| string|null | An email address associated with the account, or `null` if data is not available. |
public function getAccountName()
Optionally, return a human readable username associated with this account.
| string|null | Account username, or `null` if data isn't available. |
public function getAccountURI()Inherited
Optionally, return a URI corresponding to a human-viewable profile for this account.
| string|null | A profile URI associated with this account, or `null` if the data isn't available. |
public function getAccountImageURI()Inherited
Optionally, return a profile image URI associated with this account.
| string|null | URI for an account profile image, or `null` if one is not available. |
public function getAccountRealName()
Optionally, return a real name associated with this account.
| string|null | A human real name, or `null` if this data is not available. |
public function setHostname($host)
| $host |
| wild |
public function setPort($port)
| $port |
| wild |
public function setBaseDistinguishedName($base_distinguished_name)
| $base_distinguished_name |
| wild |
public function setSearchAttributes($search_attributes)
| array | $search_attributes |
| wild |
public function setUsernameAttribute($username_attribute)
| $username_attribute |
| wild |
public function setRealNameAttributes($attributes)
| array | $attributes |
| wild |
public function setLDAPVersion($ldap_version)
| $ldap_version |
| wild |
public function setLDAPReferrals($ldap_referrals)
| $ldap_referrals |
| wild |
public function setLDAPStartTLS($ldap_start_tls)
| $ldap_start_tls |
| wild |
public function setAnonymousUsername($anonymous_username)
| $anonymous_username |
| wild |
public function setAnonymousPassword($anonymous_password)
| PhutilOpaqueEnvelope | $anonymous_password |
| wild |
public function setLoginUsername($login_username)
| $login_username |
| wild |
public function setLoginPassword($login_password)
| PhutilOpaqueEnvelope | $login_password |
| wild |
public function setActiveDirectoryDomain($domain)
| $domain |
| wild |
public function setAlwaysSearch($always_search)
| $always_search |
| wild |
public function readLDAPRecordAccountID($record)
| array | $record |
| wild |
public function readLDAPRecordAccountName($record)
| array | $record |
| wild |
public function readLDAPRecordRealName($record)
| array | $record |
| wild |
public function readLDAPRecordEmail($record)
| array | $record |
| wild |
private function getLDAPUserData()
| wild |
private function readLDAPData($data, $key, $default)
| array | $data | |
| $key | ||
| $default |
| wild |
private function formatLDAPAttributeSearch($attribute, $login_user)
| $attribute | ||
| $login_user |
| wild |
private function loadLDAPUserData()
| wild |
private function establishConnection()
| wild |
private function searchLDAPForRecord($dn)
| $dn |
| wild |
public function searchLDAP($pattern)
| $pattern |
| wild |
private function raiseConnectionException($conn, $message)
| $conn | ||
| $message |
| wild |
private function bindLDAP($conn, $user, $pass)
| $conn | ||
| $user | ||
| PhutilOpaqueEnvelope | $pass |
| wild |
private function shouldBindWithoutIdentity()
Determine if this adapter should attempt to bind to the LDAP server without a user identity.
Generally, we can bind directly if we have a username/password, or if the "Always Search" flag is set, indicating that the empty username and password are sufficient.
| bool | True if the adapter should perform binds without identity. |