1 files changed, 61 insertions, 25 deletions

diff --git a/Core/User/LdapUserProvider.php b/Core/User/LdapUserProvider.php
index 1593564..fc42419 100644
--- a/Core/User/LdapUserProvider.php
+++ b/Core/User/LdapUserProvider.php
@@ -11,10 +11,12 @@
 
 namespace Symfony\Component\Security\Core\User;
 
+use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
 use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
 use Symfony\Component\Ldap\Exception\ConnectionException;
-use Symfony\Component\Ldap\LdapClientInterface;
+use Symfony\Component\Ldap\LdapInterface;
 
 /**
  * LdapUserProvider is a simple user provider on top of ldap.
@@ -30,17 +32,19 @@ class LdapUserProvider implements UserProviderInterface
     private $searchPassword;
     private $defaultRoles;
     private $defaultSearch;
+    private $passwordAttribute;
 
     /**
-     * @param LdapClientInterface $ldap
-     * @param string              $baseDn
-     * @param string              $searchDn
-     * @param string              $searchPassword
-     * @param array               $defaultRoles
-     * @param string              $uidKey
-     * @param string              $filter
+     * @param LdapInterface $ldap
+     * @param string        $baseDn
+     * @param string        $searchDn
+     * @param string        $searchPassword
+     * @param array         $defaultRoles
+     * @param string        $uidKey
+     * @param string        $filter
+     * @param string        $passwordAttribute
      */
-    public function __construct(LdapClientInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})')
+    public function __construct(LdapInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})', $passwordAttribute = null)
     {
         $this->ldap = $ldap;
         $this->baseDn = $baseDn;
@@ -48,6 +52,7 @@ class LdapUserProvider implements UserProviderInterface
         $this->searchPassword = $searchPassword;
         $this->defaultRoles = $defaultRoles;
         $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
+        $this->passwordAttribute = $passwordAttribute;
     }
 
     /**
@@ -57,33 +62,25 @@ class LdapUserProvider implements UserProviderInterface
     {
         try {
             $this->ldap->bind($this->searchDn, $this->searchPassword);
-            $username = $this->ldap->escape($username, '', LDAP_ESCAPE_FILTER);
+            $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
             $query = str_replace('{username}', $username, $this->defaultSearch);
-            $search = $this->ldap->find($this->baseDn, $query);
+            $search = $this->ldap->query($this->baseDn, $query);
         } catch (ConnectionException $e) {
             throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
         }
 
-        if (!$search) {
+        $entries = $search->execute();
+        $count = count($entries);
+
+        if (!$count) {
             throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
         }
 
-        if ($search['count'] > 1) {
+        if ($count > 1) {
             throw new UsernameNotFoundException('More than one user found');
         }
 
-        $user = $search[0];
-
-        return $this->loadUser($username, $user);
-    }
-
-    public function loadUser($username, $user)
-    {
-        $password = isset($user['userpassword']) ? $user['userpassword'] : null;
-
-        $roles = $this->defaultRoles;
-
-        return new User($username, $password, $roles);
+        return $this->loadUser($username, $entries[0]);
     }
 
     /**
@@ -105,4 +102,43 @@ class LdapUserProvider implements UserProviderInterface
     {
         return $class === 'Symfony\Component\Security\Core\User\User';
     }
+
+    /**
+     * Loads a user from an LDAP entry.
+     *
+     * @param string $username
+     * @param Entry  $entry
+     *
+     * @return User
+     */
+    protected function loadUser($username, Entry $entry)
+    {
+        $password = $this->getPassword($entry);
+
+        return new User($username, $password, $this->defaultRoles);
+    }
+
+    /**
+     * Fetches the password from an LDAP entry.
+     *
+     * @param null|Entry $entry
+     */
+    private function getPassword(Entry $entry)
+    {
+        if (null === $this->passwordAttribute) {
+            return;
+        }
+
+        if (!$entry->hasAttribute($this->passwordAttribute)) {
+            throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $this->passwordAttribute, $entry->getDn()));
+        }
+
+        $values = $entry->getAttribute($this->passwordAttribute);
+
+        if (1 !== count($values)) {
+            throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $this->passwordAttribute));
+        }
+
+        return $values[0];
+    }
 }