3 files changed, 117 insertions, 4 deletions

diff --git a/Core/User/LdapUserProvider.php b/Core/User/LdapUserProvider.php
new file mode 100644
index 0000000..1593564
--- /dev/null
+++ b/Core/User/LdapUserProvider.php
@@ -0,0 +1,108 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\User;
+
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Ldap\Exception\ConnectionException;
+use Symfony\Component\Ldap\LdapClientInterface;
+
+/**
+ * LdapUserProvider is a simple user provider on top of ldap.
+ *
+ * @author Grégoire Pineau <lyrixx@lyrixx.info>
+ * @author Charles Sarrazin <charles@sarraz.in>
+ */
+class LdapUserProvider implements UserProviderInterface
+{
+    private $ldap;
+    private $baseDn;
+    private $searchDn;
+    private $searchPassword;
+    private $defaultRoles;
+    private $defaultSearch;
+
+    /**
+     * @param LdapClientInterface $ldap
+     * @param string              $baseDn
+     * @param string              $searchDn
+     * @param string              $searchPassword
+     * @param array               $defaultRoles
+     * @param string              $uidKey
+     * @param string              $filter
+     */
+    public function __construct(LdapClientInterface $ldap, $baseDn, $searchDn = null, $searchPassword = null, array $defaultRoles = array(), $uidKey = 'sAMAccountName', $filter = '({uid_key}={username})')
+    {
+        $this->ldap = $ldap;
+        $this->baseDn = $baseDn;
+        $this->searchDn = $searchDn;
+        $this->searchPassword = $searchPassword;
+        $this->defaultRoles = $defaultRoles;
+        $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function loadUserByUsername($username)
+    {
+        try {
+            $this->ldap->bind($this->searchDn, $this->searchPassword);
+            $username = $this->ldap->escape($username, '', LDAP_ESCAPE_FILTER);
+            $query = str_replace('{username}', $username, $this->defaultSearch);
+            $search = $this->ldap->find($this->baseDn, $query);
+        } catch (ConnectionException $e) {
+            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
+        }
+
+        if (!$search) {
+            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
+        }
+
+        if ($search['count'] > 1) {
+            throw new UsernameNotFoundException('More than one user found');
+        }
+
+        $user = $search[0];
+
+        return $this->loadUser($username, $user);
+    }
+
+    public function loadUser($username, $user)
+    {
+        $password = isset($user['userpassword']) ? $user['userpassword'] : null;
+
+        $roles = $this->defaultRoles;
+
+        return new User($username, $password, $roles);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function refreshUser(UserInterface $user)
+    {
+        if (!$user instanceof User) {
+            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
+        }
+
+        return new User($user->getUsername(), null, $user->getRoles());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function supportsClass($class)
+    {
+        return $class === 'Symfony\Component\Security\Core\User\User';
+    }
+}
diff --git a/Core/User/UserCheckerInterface.php b/Core/User/UserCheckerInterface.php
index 3dd8d51..62ea9f0 100644
--- a/Core/User/UserCheckerInterface.php
+++ b/Core/User/UserCheckerInterface.php
@@ -11,10 +11,13 @@
 
 namespace Symfony\Component\Security\Core\User;
 
+use Symfony\Component\Security\Core\Exception\AccountStatusException;
+
 /**
- * UserCheckerInterface checks user account when authentication occurs.
+ * Implement to throw AccountStatusException during the authentication process.
  *
- * This should not be used to make authentication decisions.
+ * Can be used when you want to check the account status, e.g when the account is
+ * disabled or blocked. This should not be used to make authentication decisions.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  */
@@ -24,6 +27,8 @@ interface UserCheckerInterface
      * Checks the user account before authentication.
      *
      * @param UserInterface $user a UserInterface instance
+     *
+     * @throws AccountStatusException
      */
     public function checkPreAuth(UserInterface $user);
 
@@ -31,6 +36,8 @@ interface UserCheckerInterface
      * Checks the user account after authentication.
      *
      * @param UserInterface $user a UserInterface instance
+     *
+     * @throws AccountStatusException
      */
     public function checkPostAuth(UserInterface $user);
 }
diff --git a/Core/User/UserProviderInterface.php b/Core/User/UserProviderInterface.php
index d17e3b7..146ed65 100644
--- a/Core/User/UserProviderInterface.php
+++ b/Core/User/UserProviderInterface.php
@@ -43,8 +43,6 @@ interface UserProviderInterface
      *
      * @return UserInterface
      *
-     * @see UsernameNotFoundException
-     *
      * @throws UsernameNotFoundException if the user is not found
      */
     public function loadUserByUsername($username);