authLdap

Signed-off-by: Jeff <jeff@gotenzing.com>

+dn: dc=test space,{{ LDAP_BASE_DN }}
+changetype: add
+dc: test space
+description: LDAP Example with space
+objectClass: dcObject
+objectClass: organization
+o: test space
+
+dn: cn=Manager,{{ LDAP_BASE_DN }}
+changetype: add
+cn: Manager
+objectClass: organizationalRole
+
+dn: ou=test,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: organizationalUnit
+ou: test
+
+dn: uid=user1,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: account
+objectClass: simpleSecurityObject
+uid: user1
+userPassword: user1
+
+dn: cn=group1,{{ LDAP_BASE_DN }}
+changetype: add
+objectclass: groupOfUniqueNames
+cn: group1
+uniqueMember: uid=user1,{{ LDAP_BASE_DN }}
+
+dn: uid=user2,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: account
+objectClass: simpleSecurityObject
+uid: user2
+userPassword: user2
+
+dn: cn=group2,{{ LDAP_BASE_DN }}
+changetype: add
+objectclass: groupOfUniqueNames
+cn: group2
+uniqueMember: uid=user2,{{ LDAP_BASE_DN }}
+
+dn: uid=user3,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: account
+objectClass: simpleSecurityObject
+uid: user3
+userPassword: user!"
+
+dn: cn=group3,{{ LDAP_BASE_DN }}
+changetype: add
+objectclass: groupOfUniqueNames
+cn: group3
+uniqueMember: uid=user2,{{ LDAP_BASE_DN }}
+uniqueMember: uid=user3,{{ LDAP_BASE_DN }}
+
+dn: uid=user 4,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: account
+objectClass: simpleSecurityObject
+uid: user 4
+userPassword: user!"
+
+dn: cn=group4,{{ LDAP_BASE_DN }}
+changetype: add
+objectclass: groupOfUniqueNames
+cn: group4
+uniqueMember: uid=user 4,{{ LDAP_BASE_DN }}
+
+dn: uid=user 5,dc=test space,{{ LDAP_BASE_DN }}
+changetype: add
+objectClass: account
+objectClass: simpleSecurityObject
+uid: user 5
+userPassword: user!"
+
+dn: cn=group5,{{ LDAP_BASE_DN }}
+changetype: add
+objectclass: groupOfUniqueNames
+cn: group5
+uniqueMember: uid=user 5,dc=test space,{{ LDAP_BASE_DN }}

+.ci
+.github
+build
+config
+dockersetup
+svn
+tests
+vendor
+wp-app
+wd-data
+.distignore
+.editorconfig
+.gitignore
+.phpunit.result.cache
+.svnAccess
+.svnAccess.dist
+build.xml
+composer.json
+composer.lock
+docker-compose.yml
+GPG_KEY
+phpunit.xml.dist
+.git

+root = true
+
+[*]
+charset = utf-8
+tab_width = 4
+trim_trailing_whitespace = true
+indent_size = tab
+indent_style = tab
+insert_final_newline = true
+end_of_line = lf
+
+[*.yml]
+tab_width = 2
+
+[*.xml]
+tab_width = 2
+
+[*.json]
+tab_width = 2

+name: Deploy to WordPress.org
+
+env:
+  SLUG: authldap
+on:
+  release:
+    types: [published]
+jobs:
+  tag:
+    name: New release
+    runs-on: ubuntu-latest
+    environment: deploy_on_release
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: WordPress Plugin Deploy
+        id: deploy
+        uses: 10up/action-wordpress-plugin-deploy@stable
+        with:
+          generate-zip: true
+        env:
+          SVN_USERNAME: ${{ secrets.SVN_USERNAME }}
+          SVN_PASSWORD: ${{ secrets.SVN_PASSWORD }}
+      - name: Upload release asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ${{ steps.deploy.outputs.zip-path }}
+          asset_name: ${{ env.SLUG }}.zip
+          asset_content_type: application/zip
+

+name: CI
+on: [push, pull_request]
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    env:
+      PORT_LDAP: 3389
+      PORT_LDAPS: 6363
+      LDAP_ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+      LDAP_LOG_LEVEL: 0
+    strategy:
+      matrix:
+        # operating-system: [ubuntu-latest, windows-latest, macos-latest]
+        php-versions: [ '7.4', '8.0', '8.1' ]
+    name: Test on ${{ matrix.php-versions }}
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build the docker-compose stack
+        run: docker-compose -f docker-compose.yml up -d
+      - name: Check running containers
+        run: docker ps -a
+      - name: Check logs
+        run: docker-compose logs openldap
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          extensions: ldap
+          tools: phive
+      - name: install dependencies
+        run: composer install
+      - name: install tools
+        run: phive install --trust-gpg-keys 4AA394086372C20A phpunit
+      - name: Run Unit-Tests
+        run: ./tools/phpunit --testdox
+  coverage:
+    needs: test
+    runs-on: ubuntu-latest
+    env:
+      PORT_LDAP: 3389
+      PORT_LDAPS: 6363
+      LDAP_ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+      LDAP_LOG_LEVEL: 0
+    continue-on-error: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Build the docker-compose stack
+        run: docker-compose -f docker-compose.yml up -d
+      - name: Check running containers
+        run: docker ps -a
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "8.0"
+          coverage: xdebug
+          tools: phive
+      - name: install dependencies
+        run: composer install
+      - name: install tools
+        run: phive install --trust-gpg-keys 4AA394086372C20A phpunit
+      - name: run testsuite
+        run: ./tools/phpunit --testdox --colors=always --coverage-clover clover.xml
+      - name: upload to codecov
+        uses: codecov/codecov-action@v1
+        with:
+          #token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
+          files: ./clover.xml # optional
+          #flags: unittests # optional
+          #name: codecov-umbrella # optional
+          #fail_ci_if_error: true # optional (default = false)
+          #verbose: true # optional (default = false)

+<?xml version="1.0" encoding="UTF-8"?>
+<phive xmlns="https://phar.io/phive">
+  <phar name="phpunit" version="^9.5.21" installed="9.5.21" location="./tools/phpunit" copy="true"/>
+  <phar name="phpcs" version="^3.7.1" installed="3.7.1" location="./tools/phpcs" copy="true"/>
+  <phar name="phpcbf" version="^3.7.1" installed="3.7.1" location="./tools/phpcbf" copy="true"/>
+</phive>

+username = svnUsername
+password = svnPassword
\ No newline at end of file

+Copyright <YEAR> <COPYRIGHT HOLDER>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
\ No newline at end of file

@@ -4,12 +4,12 @@
 
 
 Use your existing LDAP as authentication-backend for your wordpress!
 Use your existing LDAP as authentication-backend for your wordpress!
 
 
-[![Build Status](https://travis-ci.org/heiglandreas/authLdap.svg?branch=master)](https://travis-ci.org/heiglandreas/authLdap)
+[![Build Status](https://github.com/heiglandreas/authLdap/workflows/CI/badge.svg)](https://github.com/heiglandreas/authLdap/workflows/CI)
 [![WordPress Stats](https://img.shields.io/wordpress/plugin/dt/authldap.svg)](https://wordpress.org/plugins/authldap/stats/)
 [![WordPress Stats](https://img.shields.io/wordpress/plugin/dt/authldap.svg)](https://wordpress.org/plugins/authldap/stats/)
 [![WordPress Version](https://img.shields.io/wordpress/plugin/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
 [![WordPress Version](https://img.shields.io/wordpress/plugin/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
 [![WordPress testet](https://img.shields.io/wordpress/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
 [![WordPress testet](https://img.shields.io/wordpress/v/authldap.svg)](https://wordpress.org/plugins/authldap/)
 [![Code Climate](https://codeclimate.com/github/heiglandreas/authLdap/badges/gpa.svg)](https://codeclimate.com/github/heiglandreas/authLdap)
 [![Code Climate](https://codeclimate.com/github/heiglandreas/authLdap/badges/gpa.svg)](https://codeclimate.com/github/heiglandreas/authLdap)
-[![Test Coverage](https://codeclimate.com/github/heiglandreas/authLdap/badges/coverage.svg)](https://codeclimate.com/github/heiglandreas/authLdap)
+[![codecov](https://codecov.io/gh/heiglandreas/authLdap/branch/master/graph/badge.svg?token=AYAhEeWtRQ)](https://codecov.io/gh/heiglandreas/authLdap)
 
 
 So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
 So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
 
 
@@ -48,8 +48,8 @@ wonderfull plugin of Alistair Young from http://www.weblogs.uhi.ac.uk/sm00ay/?p=
 * **LDAP Uri** This is the URI where your ldap-backend can be reached. More information are actually on the Configuration page
 * **LDAP Uri** This is the URI where your ldap-backend can be reached. More information are actually on the Configuration page
 * **Filter** This is the real McCoy! The filter you define here specifies how a user will be found. Before applying the filter a %s will be replaced with the given username. This means, when a user logs in using ‘foobar’ as username the following happens:
 * **Filter** This is the real McCoy! The filter you define here specifies how a user will be found. Before applying the filter a %s will be replaced with the given username. This means, when a user logs in using ‘foobar’ as username the following happens:
 
 
-    * **uid=%s** check for any LDAP-Entry that has an attribute ‘uid’ with value ‘foobar’
-    * **(&(objectclass=posixAccount)((!(uid=%s)(mail=%s)))** check for any LDAP-Entry that has an attribute ‘objectclass’ with value ‘posixAccout’ and either a UID- or a mail-attribute with value ‘foobar’
+    * **uid=%1$s** check for any LDAP-Entry that has an attribute ‘uid’ with value ‘foobar’
+    * **(&(objectclass=posixAccount)(|(uid=%1$s)(mail=%1$s)))** check for any LDAP-Entry that has an attribute ‘objectclass’ with value ‘posixAccout’ and either a UID- or a mail-attribute with value ‘foobar’
 
 
     This filter is rather powerfull if used wisely.
     This filter is rather powerfull if used wisely.
 
 
@@ -92,4 +92,4 @@ wonderfull plugin of Alistair Young from http://www.weblogs.uhi.ac.uk/sm00ay/?p=
     <a href="https://github.com/heiglandreas/authLdap/issues/65">issue 65</a>
     <a href="https://github.com/heiglandreas/authLdap/issues/65">issue 65</a>
     where <a href="https://github.com/wtfiwtz">wtfiwtz</a> shows how to implement that feature.
     where <a href="https://github.com/wtfiwtz">wtfiwtz</a> shows how to implement that feature.
     </dd>
     </dd>
-    </dl>
\ No newline at end of file
+    </dl>

+.row {
+	overflow: hidden;
+	padding-top: 10px;
+}
+
+.element {
+	float: right;
+	text-align: left;
+}
+
+.authldap-options input[type=text] {
+	width: 100%;
+}

+<?xml version="1.0" encoding="utf-8"?>
+<project name="ajaxComments" default="build" basedir=".">
+    <php expression="include('vendor/autoload.php')"/>
+    <input propertyName="version">Which version shall be tagged?</input>
+    <!--loadfile property = "version" file = "VERSION">
+        <filterchain>
+            <striplinebreaks/>
+        </filterchain>
+    </loadfile-->
+    <target name="bumpversion">
+        <echo>Bumping version to ${version}</echo>
+        <reflexive>
+            <fileset dir=".">
+                <include name="index.php"/>
+                <include name="authLdap.php"/>
+            </fileset>
+            <filterchain>
+                <replaceregexp>
+                    <regexp pattern="Version:.*" replace="Version: ${version}"/>
+                </replaceregexp>
+            </filterchain>
+        </reflexive>
+    </target>
+    <target name="build" depends="bumpversion,deploy.git,deploy.svn"/>
+    <target name="sync.svn">
+        <copy todir="${project.basedir}/svn/trunk">
+            <fileset dir="${project.basedir}">
+                <include name="src/**"/>
+                <include name="view/**"/>
+                <include name="authLdap.css"/>
+                <include name="authLdap.php"/>
+                <include name="ldap.php"/>
+                <include name="LICENSE.md"/>
+                <include name="README.md"/>
+                <include name="readme.txt"/>
+            </fileset>
+        </copy>
+    </target>
+    <target name="deploy.svn" depends="sync.svn">
+        <property override="true" file="${project.basedir}/.svnAccess" prefix="svnaccess" />
+        <foreach param="dirname" target="svn.addFile">
+            <fileset dir="${project.basedir}/svn/trunk">
+                <include name="**/*"/>
+            </fileset>
+        </foreach>
+        <echo message="${svnaccess.username}"/>
+        <exec outputProperty="committedrevision" executable="svn" dir="${project.basedir}/svn/trunk">
+            <arg value="commit"/>
+            <arg value="--username"/>
+            <arg value="${svnaccess.username}"/>
+            <arg value="--password"/>
+            <arg value="${svnaccess.password}"/>
+            <arg value="--message"/>
+            <arg value="Bumps version to ${version}"/>
+            <arg value="--no-auth-cache"/>
+            <arg value="--quiet"/>
+        </exec>
+        <!--svncommit
+            username="${svnaccess.username}"
+            password="${svnaccess.password}"
+            workingcopy="${project.basedir}/svn"
+            message="Bumps version to ${version}"
+            nocache="true"
+            /-->
+        <echo message="Committed revision: ${committedrevision}"/>
+    </target>
+
+    <target name="svn.addFile">
+        <trycatch>
+            <try>
+                <svninfo workingcopy="${project.basedir}/svn/trunk/${dirname}"/>
+            </try>
+            <catch>
+                <exec command="svn add ${project.basedir}/svn/trunk/${dirname}"/>
+                <echo>${dirname}</echo>
+            </catch>
+            <finally>
+
+            </finally>
+        </trycatch>
+        <echo>${svn.info}</echo>
+    </target>
+    <target name="deploy.git">
+        <exec executable="git" dir=".">
+            <arg value="add" />
+            <arg value="authLdap.php" />
+        </exec>
+        <exec executable="git" dir=".">
+            <arg value="commit" />
+            <arg value="-m"/>
+            <arg value="Bumps version to ${version}"/>
+        </exec>
+        <exec executable="git" dir=".">
+            <arg value="tag"/>
+            <arg value="-s"/>
+            <arg value="-m"/>
+            <arg value="Version ${version}"/>
+            <arg value="${version}"/>
+        </exec>
+        <exec executable="git" dir=".">
+            <arg value="push"/>
+            <arg value="--tags"/>
+            <arg value="origin"/>
+            <arg value="master" />
+        </exec>
+    </target>
+</project>
\ No newline at end of file

+{
+    "name" : "org_heigl/authldap",
+    "type" : "library",
+    "description": "Enables wordpress-authentication via LDAP",
+    "keywords": ["ldap","authenticate", "auth", "wordpress"],
+    "homepage": "http://github.com/heiglandreas/authLdap",
+    "license": "MIT",
+    "authors": [{
+        "name": "Andreas Heigl",
+        "email": "andreas@heigl.org",
+        "homepage": "http://andreas.heigl.org",
+        "role": "Developer"
+    }],
+    "require" : {
+        "php": ">=7.4",
+      "ext-ldap": "*"
+    },
+    "require-dev": {
+        "automattic/wordbless": "^0.3.1"
+    },
+    "autoload" : {
+        "classmap" : [
+            "authLdap.php"
+        ],
+        "psr-4" : {
+            "Org_Heigl\\AuthLdap\\" : "src/"
+        }
+    },
+    "autoload-dev" : {
+        "psr-4" : {
+            "Org_Heigl\\AuthLdapTest\\" : "tests/"
+        }
+    },
+    "scripts": {
+        "post-update-cmd": "php -r \"copy('vendor/automattic/wordbless/src/dbless-wpdb.php', 'wordpress/wp-content/db.php');\""
+    },
+    "config": {
+        "allow-plugins": {
+            "roots/wordpress-core-installer": true
+        }
+    }
+}

+version: "3.5"
+
+services:
+  wp:
+   # image: authldap:latest
+    build:
+      context: dockersetup
+      dockerfile: Dockerfile_wordpress
+    ports:
+      - 80:80 # change ip if required
+    volumes:
+      - ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini
+      - ./wp-app:/var/www/html # Full wordpress project
+      - .:/var/www/html/wp-content/plugins/authldap # Plugin development
+      #- ./theme-name/trunk/:/var/www/html/wp-content/themes/theme-name # Theme development
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_NAME: "wordpress"
+      WORDPRESS_DB_USER: root
+      WORDPRESS_DB_PASSWORD: "wppasswd"
+    depends_on:
+      - db
+    links:
+      - db
+
+  wpcli:
+    image: wordpress:cli
+    volumes:
+      - ./config/php.conf.ini:/usr/local/etc/php/conf.d/conf.ini
+      - ./wp-app:/var/www/html
+    depends_on:
+      - db
+      - wp
+
+  db:
+    image: mysql:latest # https://hub.docker.com/_/mysql/ - or mariadb https://hub.docker.com/_/mariadb
+    ports:
+      - 3306:3306 # change ip if required
+    command: [
+      '--default_authentication_plugin=mysql_native_password',
+      '--character-set-server=utf8mb4',
+      '--collation-server=utf8mb4_unicode_ci'
+    ]
+    volumes:
+      - ./wp-data:/docker-entrypoint-initdb.d
+      - db_data:/var/lib/mysql
+    environment:
+      MYSQL_DATABASE: "wordpress"
+      MYSQL_ROOT_PASSWORD: "wppasswd"
+
+  openldap:
+    image: osixia/openldap:latest
+#    build:
+#      context: dockersetup
+#      dockerfile: Dockerfile_ldap
+    ports:
+      - 3389:389
+    volumes:
+      - ./.ci/50-init.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/50-bootstrap.ldif
+    command: "--copy-service --loglevel debug"
+    restart: always
+    environment:
+      LDAP_LOG_LEVEL: "0"
+      LDAP_TLS: "false"
+      LDAP_ADMIN_PASSWORD: "insecure"
+
+volumes:
+  db_data:

+FROM wordpress:latest
+
+RUN set -x \
+    && apt-get update \
+    && apt-get install -y libldap2-dev \
+    && rm -rf /var/lib/apt/lists/* \
+    && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+    && docker-php-ext-install ldap \
+&& apt-get purge -y --auto-remove libldap2-dev
\ No newline at end of file

+<?xml version="1.0"?>
+<ruleset name="Custom Standard" namespace="MyProject\CS\Standard">
+	<description>authLdap codestyle</description>
+	<file>./src</file>
+	<file>./authLdap.php</file>
+	<file>./tests</file>
+
+	<arg name="colors"/>
+	<arg value="sp"/>
+
+	<autoload>./vendor/autoload.php</autoload>
+
+	<rule ref="PSR12">
+		<exclude name="Generic.WhiteSpace.DisallowTabIndent"/>
+	</rule>
+	<rule ref="Generic.WhiteSpace.ScopeIndent">
+		<properties>
+			<property name="tabIndent" value="true"/>
+		</properties>
+	</rule>
+
+</ruleset>

+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		 bootstrap="tests/bootstrap.php"
+		 testdox="true"
+		 xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.5/phpunit.xsd"
+>
+	<coverage>
+		<include>
+			<directory suffix=".php">src</directory>
+			<file>authLdap.php</file>
+		</include>
+		<exclude>
+			<directory>src/Wrapper</directory>
+		</exclude>
+		<report>
+			<html outputDirectory="build/coverage" lowUpperBound="35" highLowerBound="70"/>
+		</report>
+	</coverage>
+	<testsuite name="authLdap Test-Suite">
+		<directory>tests</directory>
+	</testsuite>
+	<groups>
+		<exclude>
+			<group>disable</group>
+		</exclude>
+	</groups>
+	<logging>
+		<!--log type="coverage-xml" target="../report/coverage.xml"/-->
+		<!--log type="graphviz" target="../report/logfile.dot"/-->
+		<!--log type="json" target="../report/logfile.json"/-->
+		<!--log type="metrics-xml" target="../report/metrics.xml"/-->
+		<!--log type="plain" target="../report/logfile.txt"/-->
+		<!--log type="pmd-xml" target="../report/pmd.xml" cpdMinLines="5" cpdMinMatches="70"/-->
+		<!--log type="tap" target="../report/logfile.tap"/-->
+		<!--log type="test-xml" target="../report/logfile.xml" logIncompleteSkipped="false"/-->
+		<!--log type="testdox-html" target="../report/testdox.html"/-->
+		<!--log type="testdox-text" target="../report/testdox.txt"/-->
+	</logging>
+</phpunit>

 === authLdap ===
 === authLdap ===
 Contributors: heiglandreas
 Contributors: heiglandreas
-Tags: ldap, auth
+Tags: ldap, auth, authentication, active directory, AD, openLDAP, Open Directory
 Requires at least: 2.5.0
 Requires at least: 2.5.0
-Tested up to: 4.6.1
+Tested up to: 5.9.0
+Requires PHP: 7.4
 Stable tag: trunk
 Stable tag: trunk
+License: MIT
+License URI: https://opensource.org/licenses/MIT
 
 
 Use your existing LDAP flexible as authentication backend for WordPress
 Use your existing LDAP flexible as authentication backend for WordPress
 
 
@@ -13,13 +16,9 @@ Use your existing LDAP as authentication-backend for your wordpress!
 
 
 So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
 So what are the differences to other Wordpress-LDAP-Authentication-Plugins?
 
 
-* Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can
-freely decide how to do the authentication of your users. It simply depends on your
-filters
-* Independent: As soon as a user logs in, it is added/updated to the Wordpress' user-database
-to allow wordpress to always use the correct data. You only have to administer your users once.
-* Failsafe: Due to the users being created in Wordpress' User-database they can
-also log in when the LDAP-backend currently is gone.
+* Flexible: You are totaly free in which LDAP-backend to use. Due to the extensive configuration you can freely decide how to do the authentication of your users. It simply depends on your filters
+* Independent: As soon as a user logs in, it is added/updated to the Wordpress' user-database to allow wordpress to always use the correct data. You only have to administer your users once.
+* Failsafe: Due to the users being created in Wordpress' User-database they can also log in when the LDAP-backend currently is gone.
 * Role-Aware: You can map Wordpress' roles to values of an existing LDAP-attribute.
 * Role-Aware: You can map Wordpress' roles to values of an existing LDAP-attribute.
 
 
 For more Information on the configuration have a look at https://github.com/heiglandreas/authLdap
 For more Information on the configuration have a look at https://github.com/heiglandreas/authLdap
@@ -41,6 +40,51 @@ Go to https://github.com/heiglandreas/authLdap
 Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
 Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
 
 
 == Changelog ==
 == Changelog ==
+
+= 2.5.3 =
+* Fix issue with broken role-assignement in combination with WooCommerce
+* Fix spelling issue
+* Allow DN as role-definition
+
+= 2.5.0 =
+* Ignore the order of capabilities to tell the role. In addition the filter `editable_roles` can be used to limit the roles
+
+= 2.4.11 =
+* Fix issue with running on PHP8.1
+
+= 2.4.9 =
+* Improve group-assignement UI
+
+= 2.4.8 =
+* Make textfields in settings-page wider
+
+= 2.4.7 =
+* Replace deprecated function
+* Fix undefined index
+* Add filter for retrieving other params at login (authLdap_filter_attributes)
+* Add do_action after successfull login (authLdap_login_successful)
+
+= 2.4.0 =
+* Allow to use environment variables for LDAP-URI configuration
+
+= 2.3.0 =
+* Allow to not overwrite existing WordPress-Users with LDAP-Users as that can be a security issue.
+
+= 2.1.0 =
+* Add search-base for groups. This might come in handy for multisite-instances
+
+= 2.0.0 =
+* This new release adds Multi-Site support. It will no longer be possible to use this plugin just in one subsite of a multisite installation!
+* Adds a warning screen to the config-section when no LDAPextension could be found
+* Fixes an issue with the max-length of the username
+
+= 1.5.1 =
+* Fixes an issue with escaped backslashes and quotes
+
+= 1.5.0 =
+* Allows parts of the LDAP-URI to be URLEncoded
+* Drops support for PHP 5.4
+
 = 1.4.20 =
 = 1.4.20 =
 * Allows multiple LDAP-servers to be queried (given that they use the same attributes)
 * Allows multiple LDAP-servers to be queried (given that they use the same attributes)
 * Fixes issue with URL-Encoded informations (see https://github.com/heiglandreas/authLdap/issues/108)
 * Fixes issue with URL-Encoded informations (see https://github.com/heiglandreas/authLdap/issues/108)
@@ -77,7 +121,7 @@ Please use the issuetracker at https://github.com/heiglandreas/authLdap/issues
 * Fixes PSR2 violations
 * Fixes PSR2 violations
 
 
 […]
 […]
-    
+
 = 1.2.1 =
 = 1.2.1 =
 * Fixed an issue with group-ids
 * Fixed an issue with group-ids
 * Moved the code to GitHub (https://github.com/heiglandreas/authLdap)
 * Moved the code to GitHub (https://github.com/heiglandreas/authLdap)

+<?php
+
+/**
+ * Copyright Andrea Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Exception;
+
+use Exception;
+
+class Error extends Exception
+{
+    public function __construct($message, $line = null)
+    {
+        parent::__construct($message);
+        if ($line) {
+            $this -> line = $line;
+        }
+    }
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Exception;
+
+use RuntimeException;
+
+use function sprintf;
+
+class InvalidLdapUri extends RuntimeException
+{
+	public static function cannotparse(string $ldapUri): self
+	{
+		return new self(sprintf(
+			'%1$s seems not to be a valid URI',
+			$ldapUri
+		));
+	}
+
+	public static function wrongSchema(string $uri): self
+	{
+		return new self(sprintf(
+			'%1$s does not start with a valid schema',
+			$uri
+		));
+	}
+
+	public static function noSchema(string $uri): self
+	{
+		return new self(sprintf(
+			'%1$s does not provide a schema',
+			$uri
+		));
+	}
+
+	public static function noEnvironmentVariableSet(string $uri): self
+	{
+		return new self(sprintf(
+			'The environment variable %1$s does not provide a URI',
+			$uri
+		));
+	}
+
+	public static function noServerProvided(string $uri): self
+	{
+		return new self(sprintf(
+			'The LDAP-URI %1$s does not provide a server',
+			$uri
+		));
+	}
+
+	public static function noSearchBaseProvided(string $uri): self
+	{
+		return new self(sprintf(
+			'The LDAP-URI %1$s does not provide a search-base',
+			$uri
+		));
+	}
+
+	public static function invalidSearchBaseProvided(string $uri): self
+	{
+		return new self(sprintf(
+			'The LDAP-URI %1$s does not provide a valid search-base',
+			$uri
+		));
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Exception;
+
+use RuntimeException;
+
+class MissingValidLdapConnection extends Error
+{
+	public static function get(): self
+	{
+		return new self(sprintf(
+			'No valid LDAP connection available'
+		));
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Exception;
+
+use RuntimeException;
+
+class SearchUnsuccessfull extends RuntimeException
+{
+	public static function fromSearchFilter(string $filter): self
+	{
+		return new self(sprintf(
+			'Search for %1$s was not successfull',
+			$filter
+		));
+	}
+}

 <?php
 <?php
+
 /**
 /**
  * Copyright (c) Andreas Heigl<andreas@heigl.org>
  * Copyright (c) Andreas Heigl<andreas@heigl.org>
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -26,23 +27,29 @@
 
 
 namespace Org_Heigl\AuthLdap;
 namespace Org_Heigl\AuthLdap;
 
 
+use Exception;
+use Org_Heigl\AuthLdap\Exception\Error;
+use Org_Heigl\AuthLdap\Exception\SearchUnsuccessfull;
+use Org_Heigl\AuthLdap\Manager\Ldap;
+
 class LdapList
 class LdapList
 {
 {
     /**
     /**
-     * @var \LDAP[]
+     * @var Ldap[]
      */
      */
     protected $items = [];
     protected $items = [];
 
 
-    public function addLdap(LDAP $ldap)
+    public function addLdap(Ldap $ldap)
     {
     {
         $this->items[] = $ldap;
         $this->items[] = $ldap;
     }
     }
 
 
     public function authenticate($username, $password, $filter = '(uid=%s)')
     public function authenticate($username, $password, $filter = '(uid=%s)')
     {
     {
+        /** @var Ldap $item */
         foreach ($this->items as $key => $item) {
         foreach ($this->items as $key => $item) {
             if (! $item->authenticate($username, $password, $filter)) {
             if (! $item->authenticate($username, $password, $filter)) {
-                unset ($this->items[$key]);
+                unset($this->items[$key]);
                 continue;
                 continue;
             }
             }
             return true;
             return true;
@@ -65,21 +72,22 @@ class LdapList
         }
         }
 
 
         if ($allFailed) {
         if ($allFailed) {
-            throw new AuthLDAP_Exception('No bind successfull');
+            throw new Error('No bind successfull');
         }
         }
+
+        return true;
     }
     }
 
 
-    public function search($filter, $attributes = array('uid'))
+    public function search($filter, $attributes = array('uid'), $base = '')
     {
     {
         foreach ($this->items as $item) {
         foreach ($this->items as $item) {
             try {
             try {
-                $result = $item->search($filter, $attributes);
+                $result = $item->search($filter, $attributes, $base);
                 return $result;
                 return $result;
             } catch (Exception $e) {
             } catch (Exception $e) {
-                throw $e;
             }
             }
         }
         }
 
 
-        throw new \AuthLDAP_Exception('No Results found');
+        throw SearchUnsuccessfull::fromSearchFilter($filter);
     }
     }
-}
\ No newline at end of file
+}

+<?php
+
+/**
+ * Copyright (c) Andreas Heigl<andreas@heigl.org>
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @author    Andreas Heigl<andreas@heigl.org>
+ * @copyright Andreas Heigl
+ * @license   http://www.opensource.org/licenses/mit-license.php MIT-License
+ * @since     19.07.2020
+ * @link      http://github.com/heiglandreas/authLDAP
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap;
+
+use Org_Heigl\AuthLdap\Exception\InvalidLdapUri;
+
+use function array_map;
+use function error_get_last;
+use function getenv;
+use function is_array;
+use function is_string;
+use function parse_url;
+use function preg_replace_callback;
+use function rawurlencode;
+use function strlen;
+use function strpos;
+use function substr;
+use function trim;
+use function urldecode;
+
+final class LdapUri
+{
+	private $server;
+
+	private $scheme;
+
+	private $port = 389;
+
+	private string $baseDn;
+
+	private $username = '';
+
+	private $password = '';
+
+	private function __construct(string $uri)
+	{
+		if (!preg_match('/^(ldap|ldaps|env)/', $uri)) {
+			throw InvalidLdapUri::wrongSchema($uri);
+		}
+
+		if (strpos($uri, 'env:') === 0) {
+			$newUri = getenv(substr($uri, 4));
+			if (false === $newUri) {
+				throw InvalidLdapUri::noEnvironmentVariableSet($uri);
+			}
+			$uri = (string) $newUri;
+		}
+
+		$uri = $this->injectEnvironmentVariables($uri);
+
+		$array = parse_url($uri);
+		if (!is_array($array)) {
+			throw InvalidLdapUri::cannotparse($uri);
+		}
+
+		$url = array_map(static function ($item) {
+			if (is_int($item)) {
+				return $item;
+			}
+			return urldecode($item);
+		}, $array);
+
+
+		if (!isset($url['scheme'])) {
+			throw InvalidLdapUri::noSchema($uri);
+		}
+		if (0 !== strpos($url['scheme'], 'ldap')) {
+			throw InvalidLdapUri::wrongSchema($uri);
+		}
+		if (!isset($url['host'])) {
+			throw InvalidLdapUri::noServerProvided($uri);
+		}
+		if (!isset($url['path'])) {
+			throw InvalidLdapUri::noSearchBaseProvided($uri);
+		}
+		if (1 === strlen($url['path'])) {
+			throw InvalidLdapUri::invalidSearchBaseProvided($uri);
+		}
+
+		$this->server = $url['host'];
+		$this->scheme = $url['scheme'];
+		$this->baseDn = substr($url['path'], 1);
+		if (isset($url['user'])) {
+			$this->username = $url['user'];
+		}
+		if ('' === trim($this->username)) {
+			$this->username = 'anonymous';
+		}
+		if (isset($url['pass'])) {
+			$this->password = $url['pass'];
+		}
+		if ($this->scheme === 'ldaps' && $this->port = 389) {
+			$this->port = 636;
+		}
+
+		// When someone sets the port in the URL we overwrite whatever is set.
+		// We have to assume they know what they are doing!
+		if (isset($url['port'])) {
+			$this->port = $url['port'];
+		}
+	}
+
+	public static function fromString(string $uri): LdapUri
+	{
+		return new LdapUri($uri);
+	}
+
+	private function injectEnvironmentVariables(string $base): string
+	{
+		return preg_replace_callback('/%env:([^%]+)%/', static function (array $matches) {
+			return rawurlencode(getenv($matches[1]));
+		}, $base);
+	}
+
+	public function toString(): string
+	{
+		return $this->scheme . '://' . $this->server . ':' . $this->port;
+	}
+
+	public function __toString()
+	{
+		return $this->toString();
+	}
+
+	public function getUsername(): string
+	{
+		return $this->username;
+	}
+
+	public function getPassword(): string
+	{
+		return $this->password;
+	}
+
+	public function getBaseDn(): string
+	{
+		return $this->baseDn;
+	}
+
+	public function isAnonymous(): bool
+	{
+		if ($this->password === '') {
+			return true;
+		}
+
+		if ($this->username === 'anonymous') {
+			return true;
+		}
+
+		return false;
+	}
+}

+<?php
+
+/**
+ * $Id: ldap.php 381646 2011-05-06 09:37:31Z heiglandreas $
+ *
+ * authLdap - Authenticate Wordpress against an LDAP-Backend.
+ * Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * This file handles the basic LDAP-Tasks
+ *
+ * @author Andreas Heigl<andreas@heigl.org>
+ * @package authLdap
+ * @category authLdap
+ * @since 2008
+ */
+
+namespace Org_Heigl\AuthLdap\Manager;
+
+use Org_Heigl\AuthLdap\Exception\Error;
+use Org_Heigl\AuthLdap\Exception\MissingValidLdapConnection;
+use Org_Heigl\AuthLdap\LdapUri;
+use Org_Heigl\AuthLdap\Wrapper\LdapFactory;
+use Org_Heigl\AuthLdap\Wrapper\LdapInterface;
+
+class Ldap
+{
+	/**
+	 * This property contains the connection handle to the ldap-server
+	 *
+	 * @var LdapInterface|null
+	 */
+	private ?LdapInterface $connection;
+
+	private LdapUri $uri;
+
+	private LdapFactory $factory;
+
+	private $starttls;
+
+	public function __construct(LdapFactory $factory, LdapUri $uri, $starttls = false)
+	{
+		$this->starttls = $starttls;
+		$this->uri = $uri;
+		$this->factory = $factory;
+		$this->connection = null;
+	}
+
+	/**
+	 * Connect to the given LDAP-Server
+	 */
+	public function connect(): self
+	{
+		$this->disconnect();
+
+		$this->connection = $this->factory->createFromLdapUri($this->uri->toString());
+		$this->connection->setOption(LDAP_OPT_PROTOCOL_VERSION, 3);
+		$this->connection->setOption(LDAP_OPT_REFERRALS, 0);
+		//if configured try to upgrade encryption to tls for ldap connections
+		if ($this->starttls) {
+			$this->connection->startTls();
+		}
+		return $this;
+	}
+
+	/**
+	 * Disconnect from a resource if one is available
+	 */
+	public function disconnect(): self
+	{
+		if (null !== $this->connection) {
+			$this->connection->unbind();
+		}
+		$this->connection = null;
+		return $this;
+	}
+
+	/**
+	 * Bind to an LDAP-Server with the given credentials
+	 *
+	 * @throws Error
+	 */
+	public function bind(): self
+	{
+		if (!$this->connection) {
+			$this->connect();
+		}
+		if (null === $this->connection) {
+			throw MissingValidLdapConnection::get();
+		}
+		if ($this->uri->isAnonymous()) {
+			$bind = $this->connection->bind();
+		} else {
+			$bind = $this->connection->bind($this->uri->getUsername(), $this->uri->getPassword());
+		}
+		if (!$bind) {
+			throw new Error('bind was not successfull: ' . $this->connection->error());
+		}
+		return $this;
+	}
+
+	/**
+	 * This method does the actual ldap-serch.
+	 *
+	 * This is using the filter <var>$filter</var> for retrieving the attributes
+	 * <var>$attributes</var>
+	 *
+	 * @return array<string|int, mixed>
+	 * @throws Error
+	 */
+	public function search(string $filter, array $attributes = ['uid'], ?string $base = ''): array
+	{
+		if (null === $this->connection) {
+			throw new Error('No resource handle available');
+		}
+		if (!$base) {
+			$base = $this->uri->getBaseDn();
+		}
+		$result = $this->connection->search($base, $filter, $attributes);
+		if ($result === false) {
+			throw new Error('no result found');
+		}
+		$info = $this->connection->getEntries($result);
+		if ($info === false) {
+			throw new Error('invalid results found');
+		}
+		return $info;
+	}
+
+	/**
+	 * This method authenticates the user <var>$username</var> using the
+	 * password <var>$password</var>
+	 *
+	 * @param string $filter OPTIONAL This parameter defines the Filter to be used
+	 * when searchin for the username. This MUST contain the string '%s' which
+	 * will be replaced by the vaue given in <var>$username</var>
+	 * @throws Error
+	 */
+	public function authenticate(string $username, string $password, string $filter = '(uid=%s)'): bool
+	{
+		$this->connect();
+		$this->bind();
+		$res = $this->search(sprintf($filter, $this->factory->escape($username, '', LDAP_ESCAPE_FILTER)));
+		if ($res ['count'] !== 1) {
+			return false;
+		}
+
+		$dn = $res[0]['dn'];
+		return $username && $password && $this->connection->bind($dn, $password);
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap;
+
+use WP_User;
+
+use function array_search;
+use function in_array;
+use function var_dump;
+
+class UserRoleHandler
+{
+	/**
+	 * @param WP_User $user
+	 * @param string[] $roles
+	 * @return void
+	 */
+	public function addRolesToUser(WP_User $user, $roles) : void
+	{
+		if ($roles === []) {
+			return;
+		}
+
+		if ($user->roles == $roles) {
+			return;
+		}
+
+		// Remove unused roles from existing.
+		foreach ($user->roles as $role) {
+			if (!in_array($role, $roles)) {
+				// Remove unused roles.
+				$user->remove_role($role);
+				continue;
+			}
+			// Remove the existing role from roles.
+			if (($key = array_search($role, $roles)) !== false) {
+				unset($roles[$key]);
+			}
+		}
+
+		// Add new ones if not already assigned.
+		foreach ($roles as $role) {
+			$user->add_role($role);
+		}
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Wrapper;
+
+use function ldap_bind;
+use function ldap_connect;
+use function ldap_error;
+use function ldap_escape;
+use function ldap_get_entries;
+use function ldap_set_option;
+use function ldap_start_tls;
+use function ldap_unbind;
+
+final class Ldap implements LdapInterface
+{
+	private $connection;
+
+	public function __construct(string $ldapUri)
+	{
+		$this->connection = ldap_connect($ldapUri);
+	}
+
+	public function bind($dn = null, $password = null)
+	{
+		if (null === $dn && null === $password) {
+			return ldap_bind($this->connection);
+		}
+		return ldap_bind($this->connection, $dn, $password);
+	}
+
+	public function unbind()
+	{
+		return ldap_unbind($this->connection);
+	}
+
+	public function setOption($option, $value)
+	{
+		return ldap_set_option($this->connection, $option, $value);
+	}
+
+	public function startTls()
+	{
+		return ldap_start_tls($this->connection);
+	}
+
+	public function error()
+	{
+		return ldap_error($this->connection);
+	}
+
+	public function errno()
+	{
+		return ldap_errno($this->connection);
+	}
+
+	public function search(
+		$base,
+		$filter,
+		array $attributes = [],
+		$attributes_only = 0,
+		$sizelimit = -1,
+		$timelimit = -1
+	) {
+		return ldap_search(
+			$this->connection,
+			$base,
+			$filter,
+			$attributes,
+			$attributes_only,
+			$sizelimit,
+			$timelimit
+		);
+	}
+
+	public function getEntries($search_result)
+	{
+		return ldap_get_entries($this->connection, $search_result);
+	}
+
+	public static function escape(string $value, string $ignore = '', int $flags = 0): string
+	{
+		return ldap_escape($value, $ignore, $flags);
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Wrapper;
+
+class LdapFactory
+{
+	public function createFromLdapUri(string $ldapUri): LdapInterface
+	{
+		return new Ldap($ldapUri);
+	}
+
+	public function escape($value, $ignore = '', $flags = 0): string
+	{
+		return Ldap::escape($value, $ignore, $flags);
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+declare(strict_types=1);
+
+namespace Org_Heigl\AuthLdap\Wrapper;
+
+interface LdapInterface
+{
+	public function bind($dn = null, $password = null);
+
+	public function unbind();
+
+	public function setOption($option, $value);
+
+	public function startTls();
+
+	public function error();
+
+	public function errno();
+
+	public function search(
+		$base,
+		$filter,
+		array $attributes = [],
+		$attributes_only = 0,
+		$sizelimit = -1,
+		$timelimit = -1
+	);
+
+	public function getEntries($search_result);
+
+	public static function escape(string $value, string $ignore = '', int $flags = 0): string;
+}

+<?php
+
+/**
+ * Copyright (c) 2016-2016} Andreas Heigl<andreas@heigl.org>
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @author    Andreas Heigl<andreas@heigl.org>
+ * @copyright 2016-2016 Andreas Heigl
+ * @license   http://www.opensource.org/licenses/mit-license.php MIT-License
+ * @version   0.0
+ * @since     07.06.2016
+ * @link      http://github.com/heiglandreas/authLDAP
+ */
+
+namespace Org_Heigl\AuthLdapTest;
+
+use Closure;
+use Org_Heigl\AuthLdap\Exception\Error;
+use Org_Heigl\AuthLdap\Exception\SearchUnsuccessfull;
+use Org_Heigl\AuthLdap\LdapList;
+use Org_Heigl\AuthLdap\Manager\Ldap;
+use Org_Heigl\AuthLdap\LdapUri;
+use Org_Heigl\AuthLdap\Wrapper\LdapFactory;
+use Org_Heigl\AuthLdap\Wrapper\LdapInterface;
+use PHPUnit\Framework\Assert;
+use PHPUnit\Framework\TestCase;
+
+class LDAPListBaseTest extends TestCase
+{
+	private $ldapA;
+
+	private $ldapB;
+
+	public function setUp(): void
+	{
+		$this->ldapA = $this->getMockBuilder(Ldap::class)->disableOriginalConstructor()->getMock();
+		$this->ldapB = $this->getMockBuilder(Ldap::class)->disableOriginalConstructor()->getMock();
+		Assert::assertNotSame($this->ldapA, $this->ldapB);
+		parent::setUp(); // TODO: Change the autogenerated stub
+	}
+
+	public function addingItemsWorks(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		Assert::assertSame([$this->ldapA, $this->ldapB], $this->getLdaps($list));
+	}
+
+	public function testFailingBindRemovesItemsFromList(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('bind')->willThrowException(new Error('throw'));
+		$this->ldapB->method('bind')->willReturn($this->ldapB);
+
+		$list->bind();
+
+		Assert::assertCount(1, $this->getLdaps($list));
+	}
+
+	public function testFailingBindInAllConnectorsThrows(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('bind')->willThrowException(new Error('throw'));
+		$this->ldapB->method('bind')->willThrowException(new Error('throw'));
+
+		$this->expectException(Error::class);
+		$this->expectExceptionMessage('No bind successfull');
+
+		$list->bind();
+
+		Assert::assertCount(0, $this->getLdaps($list));
+	}
+
+	public function testAuthenticatingViaListWorks(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('authenticate')->willReturn(false);
+		$this->ldapB->method('authenticate')->willReturn(true);
+
+		Assert::assertTrue($list->authenticate('foo', 'bar'));
+
+		Assert::assertCount(1, $this->getLdaps($list));
+	}
+
+	public function testAuthenticatingViaListFailsWhenNoConnectorAuthenticates(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('authenticate')->willReturn(false);
+		$this->ldapB->method('authenticate')->willReturn(false);
+
+		Assert::assertFalse($list->authenticate('foo', 'bar'));
+
+		Assert::assertCount(0, $this->getLdaps($list));
+	}
+
+	public function testSuccessfullSearchInOneConnectorReturnsResult(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('search')->willThrowException(new Error('Whoot'));
+		$this->ldapB->method('search')->willReturn(['count' => 1, ['dn' => 'foo']]);
+
+		Assert::assertEquals(['count' => 1, ['dn' => 'foo']], $list->search('uid=foo'));
+	}
+
+	public function testUnsuccessfullSearchWillThrow(): void
+	{
+		$list = new LdapList();
+
+		$list->addLdap($this->ldapA);
+		$list->addLdap($this->ldapB);
+
+		$this->ldapA->method('search')->willThrowException(new Error('Whoot'));
+		$this->ldapB->method('search')->willThrowException(new Error('Whoot2'));
+
+		$this->expectException(SearchUnsuccessfull::class);
+
+		$list->search('uid=foo');
+	}
+
+
+	private function getLdaps(LdapList $list): array
+	{
+
+		// Courtesy of Marco Pivetta
+		//  https://ocramius.github.io/blog/accessing-private-php-class-members-without-reflection/
+		$sweetsThief = function (LdapList $kitchen) {
+			return $kitchen->items;
+		};
+
+		// Closure::bind() actually creates a new instance of the closure
+		$sweetsThief = Closure::bind($sweetsThief, null, $list);
+
+		return $sweetsThief($list);
+	}
+}

+<?php
+
+/**
+ * $Id: LdapTest.php 292156 2010-09-21 19:32:01Z heiglandreas $
+ *
+ * authLdap - Authenticate Wordpress against an LDAP-Backend.
+ * Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * This file tests the basic LDAP-Tasks
+ *
+ * @category authLdap
+ * @package authLdap
+ * @subpackage UnitTests
+ * @author Andreas Heigl<andreas@heigl.org>
+ * @copyright 2010 Andreas Heigl<andreas@heigl.org>
+ * @license GPL
+ * @since 21.09.2010
+ */
+
+namespace Org_Heigl\AuthLdapTest;
+
+use Exception;
+use Generator;
+use Org_Heigl\AuthLdap\LdapUri;
+use Org_Heigl\AuthLdap\Wrapper\LdapFactory;
+use PHPUnit\Framework\TestCase;
+use Org_Heigl\AuthLdap\Manager\Ldap;
+
+class LdapTest extends TestCase
+{
+	/**
+	 *
+	 * @dataProvider dpInstantiateLdapClass
+	 * @param array $expected
+	 * @param array $given
+	 */
+	public function testInstantiateLdapClass($ldapUri, $debug, $startTls)
+	{
+		$ldap = new Ldap(new LdapFactory(), LdapUri::fromString($ldapUri), $debug, $startTls);
+		self::assertInstanceOf(Ldap::class, $ldap);
+	}
+
+	/**
+	 * @dataProvider dpExceptionsWhenInstantiatingLdapClass
+	 * @param string $expected
+	 */
+	public function testExceptionsWhenInstantiatingLdapClass(string $expected)
+	{
+		self::expectException(Exception::class);
+		new Ldap(new LdapFactory(), LdapUri::fromString($expected));
+	}
+
+	public function dpInstantiateLdapClass(): Generator
+	{
+		yield [
+			'ldap://uid=jondoe,cn=users,cn=example,c=org:secret@ldap.example.org/cn=example,c=org',
+			true,
+			false,
+			[
+				'username' => 'uid=jondoe,cn=users,cn=example,c=org',
+				'password' => 'secret',
+				'server' => 'ldap.example.org',
+				'baseDn' => 'cn=example,c=org',
+				'debug' => true,
+			],
+		];
+		yield [
+			'ldap://uid=jondoe,cn=users,cn=example,c=org@ldap.example.org/cn=example,c=org',
+			true,
+			false,
+			[
+				'username' => 'uid=jondoe,cn=users,cn=example,c=org',
+				'password' => '',
+				'server' => 'ldap.example.org',
+				'baseDn' => 'cn=example,c=org',
+				'debug' => true,
+			],
+		];
+		yield [
+			'ldap://ldap.example.org/cn=example,c=org',
+			true,
+			false,
+			[
+				'username' => 'anonymous',
+				'password' => '',
+				'server' => 'ldap.example.org',
+				'baseDn' => 'cn=example,c=org',
+				'debug' => true,
+			],
+		];
+//      yield [
+//           'ldap://ldap.example.org',
+//              true,
+//              false,
+//              [
+//                  'username' => 'anonymous',
+//                  'password' => '',
+//                  'server'   => 'ldap.example.org',
+//                  'baseDn'   => '',
+//                  'debug'    => true
+//             ]
+//          ];
+		yield [
+			'ldap://uid=jondoe,cn=users,cn=example,c=org:secret@ldap.example.org/cn=example,c=org',
+			false,
+			false,
+			[
+				'username' => 'uid=jondoe,cn=users,cn=example,c=org',
+				'password' => 'secret',
+				'server' => 'ldap.example.org',
+				'baseDn' => 'cn=example,c=org',
+				'debug' => false,
+			],
+		];
+		yield [
+			'ldap://ldap.example.org/cn=test%20example,c=org',
+			false,
+			false,
+			[
+				'username' => 'anonymous',
+				'password' => '',
+				'server' => 'ldap.example.org',
+				'baseDn' => 'cn=test example,c=org',
+				'debug' => false,
+			],
+		];
+	}
+
+	public function dpExceptionsWhenInstantiatingLdapClass(): Generator
+	{
+		yield ['ldap://ldap.example.org'];
+		yield ['ldap://foo:bar@/cn=example,c=org'];
+		yield ['http://ldap.example.org'];
+		yield ['fooBar'];
+		yield ['ldap://ldap.example.org/'];
+		yield ['()123üäö'];
+	}
+
+	public function testThatGroupMappingWorks()
+	{
+		$groups = [
+			'count' => 1,
+			0 => [
+				'dn' => 'dn-1',
+				'count' => 1,
+				0 => 'group',
+				'group' => [
+					'count' => 2,
+					0 => 'angličtina@ff.cuni.cz',
+					1 => 'literatura@ff.cuni.cz',
+				],
+			],
+		];
+
+		$grp = [];
+		for ($i = 0; $i < $groups ['count']; $i++) {
+			for ($k = 0; $k < $groups[$i][strtolower('group')]['count']; $k++) {
+				$grp[] = $groups[$i][strtolower('group')][$k];
+			}
+		}
+
+		$this->assertEquals([
+			'angličtina@ff.cuni.cz',
+			'literatura@ff.cuni.cz',
+		], $grp);
+
+		$role = '';
+		foreach (
+			[
+				'testrole' => 'literatura@ff.cuni.cz,literatura@ff.cuni.cz',
+			] as $key => $val
+		) {
+			$currentGroup = explode(',', $val);
+			// Remove whitespaces around the group-ID
+			$currentGroup = array_map('trim', $currentGroup);
+			if (0 < count(array_intersect($currentGroup, $grp))) {
+				$role = $key;
+				break;
+			}
+		}
+
+		$this->assertEquals('testrole', $role);
+	}
+}

+<?php
+
+namespace Org_Heigl\AuthLdapTest;
+
+use Generator;
+use Org_Heigl\AuthLdap\Exception\InvalidLdapUri;
+use Org_Heigl\AuthLdap\LdapUri;
+use PHPUnit\Framework\Assert;
+use PHPUnit\Framework\TestCase;
+
+use function getenv;
+use function putenv;
+
+class LdapUriTest extends TestCase
+{
+	public function toStringProvider(): Generator
+	{
+		yield ['ldaps://foo:bar@foo.bar/baz', 'ldaps://foo.bar:636', 'foo', 'bar', 'baz'];
+		yield ['env:LDAP_URI', 'ldaps://foo.bar:636', 'foo', 'bar', 'baz', [
+			'LDAP_URI' => 'ldaps://foo:bar@foo.bar/baz',
+		]];
+        yield ['ldaps://foo:%env:LDAP_PASSWORD%@foo.bar/baz', 'ldaps://foo.bar:636', 'foo', 'bar', 'baz', [
+			'LDAP_PASSWORD' => 'bar',
+        ]];
+        yield ['ldaps://foo:%env:LDAP_PASSWORD%@foo.bar/baz', 'ldaps://foo.bar:636', 'foo', 'ba r', 'baz', [
+	        'LDAP_PASSWORD' => 'ba r',
+        ]];
+    }
+
+	public function fromStringProvider(): Generator
+	{
+		yield ['ldaps://foo:bar@foo.bar/baz', false];
+		yield ['env:LDAP_URI', false];
+		yield ['foo:MyLdapUri', true];
+	}
+
+	/**
+	 * @dataProvider toStringProvider
+	 */
+	public function testToString(string $uri, string $result, $user, $password, $baseDn, array $env = []): void
+	{
+		foreach ($env as $key => $value) {
+			putenv("$key=$value");
+		}
+		$ldapUri = LdapUri::fromString($uri);
+		Assert::assertSame($result, $ldapUri->toString());
+		Assert::assertSame($user, $ldapUri->getUsername());
+		Assert::assertSame($password, $ldapUri->getPassword());
+		Assert::assertSame($baseDn, $ldapUri->getBaseDn());
+	}
+
+	/** @dataProvider fromStringProvider */
+	public function testFromString(string $uri, bool $failure = false): void
+	{
+		if ($failure) {
+			self::expectException(InvalidLdapUri::class);
+		}
+		$ldapUri = LdapUri::fromString($uri);
+		self::assertInstanceOf(LdapUri::class, $ldapUri);
+	}
+
+	public function testSettingLdapsWillSetCorrectPort(): void
+	{
+		$uri = LdapUri::fromString('ldaps://example.org/foo');
+
+		Assert::assertSame('ldaps://example.org:636', $uri->toString());
+	}
+
+	public function testSettingLdapWillSetCorrectPort(): void
+	{
+		$uri = LdapUri::fromString('ldap://example.org/foo');
+
+		Assert::assertSame('ldap://example.org:389', $uri->toString());
+	}
+
+	/**
+	 * @dataProvider anonymousProvider
+	 */
+	public function testUriIsAnonymous(string $uri): void
+	{
+		$uri = LdapUri::fromString($uri);
+		Assert::assertTrue($uri->isAnonymous());
+	}
+
+	public function anonymousProvider(): Generator
+	{
+		yield ['ldaps://test.example.com/dc=com'];
+		yield ['ldaps://foo@test.example.com/dc=com'];
+		yield ['ldaps://%20:password@test.example.com/dc=com'];
+		yield ['ldaps://anonymous:password@test.example.com/dc=com'];
+	}
+
+	public function testMissingSchemaThrows(): void
+	{
+		$this->expectException(InvalidLdapUri::class);
+
+		LdapUri::fromString('ldaps.example.com');
+	}
+
+	public function testMWrongSchemaThrows(): void
+	{
+		$this->expectException(InvalidLdapUri::class);
+
+		LdapUri::fromString('environ://ldaps.example.com');
+	}
+
+	public function testMissingHostThrows(): void
+	{
+		$this->expectException(InvalidLdapUri::class);
+
+		LdapUri::fromString('ldaps:/foo=bar');
+	}
+
+	public function testgettingUriFromEnvironment(): void
+	{
+		putenv('URI=ldaps://example.com/foo');
+		$uri = LdapUri::fromString('env:URI');
+
+		Assert::assertSame('ldaps://example.com:636', (string) $uri);
+		Assert::assertSame('foo', $uri->getBaseDn());
+	}
+
+	public function testgettingUriFromEmptyEnvironment(): void
+	{
+		putenv('URI');
+		$this->expectException(InvalidLdapUri::class);
+		$uri = LdapUri::fromString('env:URI');
+	}
+}

+<?php
+
+/**
+ * Copyright (c) 2016-2016} Andreas Heigl<andreas@heigl.org>
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * @author    Andreas Heigl<andreas@heigl.org>
+ * @copyright 2016-2016 Andreas Heigl
+ * @license   http://www.opensource.org/licenses/mit-license.php MIT-License
+ * @version   0.0
+ * @since     07.06.2016
+ * @link      http://github.com/heiglandreas/authLDAP
+ */
+
+namespace Org_Heigl\AuthLdapTest\Manager;
+
+use Org_Heigl\AuthLdap\Exception\Error;
+use Org_Heigl\AuthLdap\LdapList;
+use Org_Heigl\AuthLdap\LdapUri;
+use Org_Heigl\AuthLdap\Manager\Ldap;
+use Org_Heigl\AuthLdap\Wrapper\Ldap as LdapWrapper;
+use Org_Heigl\AuthLdap\Wrapper\LdapFactory;
+use Org_Heigl\AuthLdap\Wrapper\LdapInterface;
+use PHPUnit\Framework\Assert;
+use PHPUnit\Framework\TestCase;
+
+class LDAPBaseTest extends TestCase
+{
+    private LdapFactory $factory;
+
+    private LdapInterface $wrapper;
+
+    public function setUp(): void
+    {
+        $this->wrapper = $this->getMockBuilder(LdapInterface::class)->getMock();
+        $this->factory = $this->getMockBuilder(LdapFactory::class)->getMock();
+        $this->factory->method('createFromLdapUri')->willReturn($this->wrapper);
+		$this->factory->method('escape')->willReturnCallback(function ($value, $ignore, $flags) {
+			return \Org_Heigl\AuthLdap\Wrapper\Ldap::escape($value, $ignore, $flags);
+		});
+    }
+
+    /**
+     * @dataProvider bindingWithPasswordProvider
+     * @testdox Binding user $user with password $password using a filter $filter works
+     */
+    public function testThatBindingWithPasswordWorks($user, $password, $filter, $uri)
+    {
+		$uri = LdapUri::fromString($uri);
+	    $this->wrapper
+		    ->method('bind')
+		    ->willReturn(true);
+
+		$this->wrapper
+			->expects($this->once())
+			->method('search')
+			->with($uri->getBaseDn(), sprintf($filter, $user));
+
+		$this->wrapper
+			->method('getEntries')
+			->willReturn(['count' => 1, 0 => ['dn' => 'foo']]);
+
+	    $ldap = new Ldap($this->factory, $uri);
+        $this->assertTrue($ldap->authenticate($user, $password, $filter));
+    }
+
+    public function bindingWithPasswordProvider()
+    {
+        return [
+            [
+                'user3',
+                'user!"',
+                'uid=%s',
+                'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=example,dc=org'
+            ], [
+//                'admin',
+//                'insecure',
+//                'cn=%s',
+//                'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=example,dc=org'
+//            ], [
+                'user1',
+                'user1',
+                'uid=%s',
+                'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=example,dc=org'
+            ], [
+                'user 4',
+                'user!"',
+                'uid=%s',
+                'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=example,dc=org'
+            ], [
+                'user 5',
+                'user!"',
+                'uid=%s',
+                'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=test%20space,dc=example,dc=org'
+            ],
+        ];
+    }
+
+    /**
+     * @param $uri
+     * @dataProvider initialBindingToLdapServerWorksProvider
+     */
+    public function testThatInitialBindingWorks($uri)
+    {
+	    $this->wrapper
+		    ->method('bind')
+		    ->willReturn(true);
+
+	    $ldap = new LDAP($this->factory, LdapUri::fromString($uri));
+        $this->assertInstanceof(Ldap::class, $ldap->bind());
+    }
+
+    /**
+     * @param $uri
+     * @dataProvider initialBindingToLdapServerWorksProvider
+     */
+    public function testThatInitialBindingToMultipleLdapsWorks($uri)
+    {
+		$this->wrapper->expects($this->once())
+	        ->method('bind')
+			->with('uid=user 5,dc=test space,dc=example,dc=org', 'user!"')
+			->willReturn(true);
+
+        $list = new LdapList();
+        $list->addLDAP(new LDAP($this->factory, LdapUri::fromString($uri)));
+        $this->assertTrue($list->bind());
+    }
+
+    public function initialBindingToLdapServerWorksProvider()
+    {
+        return [
+            ['ldap://uid=user%205,dc=test%20space,dc=example,dc=org:user!"' .
+                '@127.0.0.1:3389/dc=test%20space,dc=example,dc=org'],
+        ];
+    }
+
+    /**
+     * @dataProvider provideUnescapedData
+     */
+    public function testThatPassedDataIsEscaped($unescaped, $escaped): void
+    {
+        $ldap = new LDAP($this->factory, LdapUri::fromString(
+            'ldap://cn=admin,dc=example,dc=org:insecure@127.0.0.1:3389/dc=example,dc=org'
+        ));
+
+		$this->wrapper->expects($this->exactly(2))
+			->method('bind')
+			->withConsecutive(
+				['cn=admin,dc=example,dc=org', 'insecure'],
+				['foo', 'password'],
+			)
+			->willReturnOnConsecutiveCalls(true, true);
+		$this->wrapper->expects($this->once())->method('search')->with(
+			'dc=example,dc=org',
+			$escaped,
+			['uid'],
+		);
+		$this->wrapper->method('getEntries')->willReturn(['count' => 1, 0 => ['dn' => 'foo']]);
+
+        $ldap->authenticate($unescaped, 'password');
+    }
+
+    public function provideUnescapedData(): array
+    {
+        return [
+            ['\’foobar', '(uid=\5c’foobar)'],
+            ['XXX;(&(uid=Admin)(userPassword=A*))', '(uid=XXX;\28&\28uid=Admin\29\28userPassword=A\2a\29\29)'],
+        ];
+    }
+
+
+	public function testSettingStartTls(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->expects($this->once())->method('startTls');
+		$this->wrapper->method('bind')->willReturn(true);
+
+		$ldap->bind();
+	}
+
+
+	public function testUnsettingConnectionBeforeBinding(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->method('bind')->willReturn(true);
+		$this->wrapper->expects($this->once())->method('unbind');
+
+		$ldap->connect();
+		$ldap->disconnect();
+	}
+
+	public function testErrorIsThrownOnUnsuccessfullBInd(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->method('bind')->willReturn(false);
+		$this->expectException(Error::class);
+
+		$ldap->bind();
+	}
+
+	public function testFailingSearchThrowsError(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->method('bind')->willReturn(true);
+		$this->wrapper->method('search')->willReturn(false);
+
+		$this->expectException(Error::class);
+		$this->expectExceptionMessage('no result found');
+
+		$ldap->bind();
+		$ldap->search('uid=foo');
+	}
+
+	public function testFailingSearchResultFetchingThrowsError(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->method('bind')->willReturn(true);
+		$this->wrapper->method('search')->willReturn(true);
+		$this->wrapper->method('getEntries')->willReturn(false);
+
+		$this->expectException(Error::class);
+		$this->expectExceptionMessage('invalid results found');
+
+		$ldap->bind();
+		$ldap->search('uid=foo');
+	}
+
+	public function testSearchingWithoutBindingThrowsError(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->expectException(Error::class);
+		$this->expectExceptionMessage('No resource handle available');
+
+		$ldap->search('uid=foo');
+	}
+
+	public function testAuthenticatingFailsWithNoSearchResults(): void
+	{
+		$ldap = new Ldap($this->factory, LdapUri::fromString('ldap://example.com/foo=bar'), true);
+
+		$this->wrapper->method('bind')->willReturn(true);
+		$this->wrapper->method('search')->willReturn(true);
+		$this->wrapper->method('getEntries')->willReturn(['count' => 0]);
+
+		$ldap->bind();
+		Assert::assertFalse($ldap->authenticate('foo', 'bar'));
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+namespace Org_Heigl\AuthLdapTest;
+
+use Org_Heigl\AuthLdap\UserRoleHandler;
+use WorDBless\BaseTestCase;
+use WP_User;
+
+class UserRoleHandlerTest extends BaseTestCase
+{
+	public function testUserRolesAreAssignedAsExpected() : void
+	{
+		$user = new WP_User(1);
+
+		$handler = new UserRoleHandler();
+
+		$handler->addRolesToUser($user, ['author', 'user']);
+
+		self::assertEquals(['author'], $user->roles);
+	}
+
+	public function testEqualUserRolesAreEasy() : void
+	{
+		$user = new WP_User(1);
+		$user->add_role('administrator');
+		$user->add_role('author');
+
+		$handler = new UserRoleHandler();
+
+		$handler->addRolesToUser($user, ['administrator', 'author']);
+
+		self::assertEquals(['administrator', 'author'], $user->roles);
+	}
+	
+	public function testUserRolesAreNotAssignedWhenUserAlreadyHasRole() : void
+	{
+		$user = new WP_User(1);
+		$user->add_role('administrator');
+		$user->add_role('author');
+
+		$handler = new UserRoleHandler();
+
+		$handler->addRolesToUser($user, ['author', 'editor']);
+
+		self::assertEquals(['author', 'editor'], $user->roles);
+	}
+
+	public function testEmptyRolesAreIgnored() : void
+	{
+		$user = new WP_User(1);
+		$user->add_role('administrator');
+
+		$handler = new UserRoleHandler();
+		$handler->addRolesToUser($user, []);
+
+		self::assertEquals(['administrator'], $user->roles);
+	}
+}

+<?php
+
+/**
+ * Copyright Andreas Heigl <andreas@heigl.org>
+ *
+ * Licenses under the MIT-license. For details see the included file LICENSE.md
+ */
+
+require_once __DIR__ . '/../vendor/autoload.php'; // adjust the path as needed
+
+\WorDBless\Load::load();

-1.4.20
\ No newline at end of file

-apiVersion: backstage.io/v1alpha1
-kind: Component
-metadata:
-  name: wp-auth-ldap
-  annotations:
-    github.com/project-slug: lampo/wp-auth-ldap
-spec:
-  type: general
-  lifecycle: production
-  owner: B2C Developers

-{
-    "name" : "lampo/wp-auth-ldap",
-    "type" : "wordpress-plugin",
-    "description": "Fork of http://github.com/heiglandreas/authLdap, moves settings to defined constants.",
-    "keywords": ["ldap","authenticate", "auth", "wordpress"],
-    "homepage": "http://github.com/lampo/wp-auth-ldap",
-    "license": "MIT",
-    "authors": [{
-        "name": "Andreas Heigl",
-        "email": "andreas@heigl.org",
-        "homepage": "http://andreas.heigl.org",
-        "role": "Developer"
-    },{
-        "name": "Micah Flatt",
-        "email": "mflatt@flattware.net",
-        "role": "Developer"
-    }],
-    "require" : {
-        "php": ">=5.4",
-        "composer/installers": "~1.0"
-    },
-    "autoload" : {
-        "psr-4" : {
-            "Org_Heigl\\AuthLdap\\" : "./"
-        }
-    }
-}

-<?php
-/**
- * $Id: ldap.php 381646 2011-05-06 09:37:31Z heiglandreas $
- *
- * authLdap - Authenticate Wordpress against an LDAP-Backend.
- * Copyright (c) 2008 Andreas Heigl<andreas@heigl.org>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- *
- * This file handles the basic LDAP-Tasks
- *
- * @author Andreas Heigl<andreas@heigl.org>
- * @package authLdap
- * @category authLdap
- * @since 2008
- */
-namespace Org_Heigl\AuthLdap;
-
-use Exception;
-
-class LDAP
-{
-    private $_server = '';
-
-    private $_scheme = 'ldap';
-
-    private $_port = 389;
-
-    private $_baseDn = '';
-
-    private $_debug = false;
-    /**
-     * This property contains the connection handle to the ldap-server
-     *
-     * @var Ressource
-     */
-    private $_ch = null;
-
-    private $_username = '';
-
-    private $_password = '';
-
-    private $_starttls = false;
-
-    public function __construct($URI, $debug = false, $starttls = false)
-    {
-        $this->_debug=$debug;
-        $array = parse_url($URI);
-        if (! is_array($array)) {
-            throw new Exception($URI . ' seems not to be a valid URI');
-        }
-        $url = array_map(function ($item) { return urldecode($item); }, $array);
-        if (false === $url) {
-            throw new Exception($URI . ' is an invalid URL');
-        }
-        if (! isset ( $url['scheme'] )) {
-            throw new Exception($URI . ' does not provide a scheme');
-        }
-        if (0 !== strpos($url['scheme'], 'ldap')) {
-            throw new Exception($URI . ' is an invalid LDAP-URI');
-        }
-        if (! isset ( $url['host'] )) {
-            throw new Exception($URI . ' does not provide a server');
-        }
-        if (! isset ( $url['path'] )) {
-            throw new Exception($URI . ' does not provide a search-base');
-        }
-        if (1 == strlen($url['path'])) {
-            throw new Exception($URI . ' does not provide a valid search-base');
-        }
-        $this -> _server = $url['host'];
-        $this -> _scheme = $url['scheme'];
-        $this -> _baseDn = substr($url['path'], 1);
-        if (isset ( $url['user'] )) {
-            $this -> _username = $url['user'];
-        }
-        if ('' == trim($this -> _username)) {
-            $this -> _username = 'anonymous';
-        }
-        if (isset ( $url['pass'] )) {
-            $this -> _password = $url['pass'];
-        }
-        if (isset ( $url['port'] )) {
-            $this -> _port = $url['port'];
-        }
-        $this->_starttls = $starttls;
-    }
-
-    /**
-     * Connect to the given LDAP-Server
-     *
-     * @return LDAP
-     * @throws AuthLdap_Exception
-     */
-    public function connect()
-    {
-        $this -> disconnect();
-        if ('ldaps' == $this->_scheme && 389 == $this->_port) {
-            $this->_port = 636;
-        }
-
-        $this->_ch = @ldap_connect($this->_scheme . '://' . $this->_server . ':' . $this -> _port);
-        if (! $this->_ch) {
-            throw new AuthLDAP_Exception('Could not connect to the server');
-        }
-        ldap_set_option($this->_ch, LDAP_OPT_PROTOCOL_VERSION, 3);
-        ldap_set_option($this->_ch, LDAP_OPT_REFERRALS, 0);
-        //if configured try to upgrade encryption to tls for ldap connections
-        if ($this->_starttls) {
-          ldap_start_tls($this->_ch);
-        }
-        return $this;
-    }
-
-    /**
-     * Disconnect from a resource if one is available
-     *
-     * @return LDAP
-     */
-    public function disconnect()
-    {
-        if (is_resource($this->_ch)) {
-            @ldap_unbind($this->_ch);
-        }
-        $this->_ch = null;
-        return $this;
-    }
-
-    /**
-     * Bind to an LDAP-Server with the given credentials
-     *
-     * @return LDAP
-     * @throw AuthLdap_Exception
-     */
-    public function bind()
-    {
-        if (! $this->_ch) {
-            $this->connect();
-        }
-        if (! is_resource($this->_ch)) {
-            throw new AuthLDAP_Exception('No Resource-handle given');
-        }
-        $bind = false;
-        if (( ( $this->_username )
-            && ( $this->_username != 'anonymous') )
-            && ( $this->_password != '' ) ) {
-            $bind = @ldap_bind($this->_ch, $this->_username, $this->_password);
-        } else {
-            $bind = @ldap_bind($this->_ch);
-        }
-        if (! $bind) {
-            throw new AuthLDAP_Exception('bind was not successfull: ' . ldap_error($this->_ch));
-        }
-        return $this;
-    }
-
-    public function getErrorNumber()
-    {
-        return @ldap_errno($this->_ch);
-    }
-
-    public function getErrorText()
-    {
-        return @ldap_error($this->_ch);
-    }
-
-    /**
-     * This method does the actual ldap-serch.
-     *
-     * This is using the filter <var>$filter</var> for retrieving the attributes
-     * <var>$attributes</var>
-     *
-     *
-     * @param string $filter
-     * @param array $attributes
-     * @return array
-     */
-    public function search($filter, $attributes = array('uid'))
-    {
-        if (! is_Resource($this->_ch)) {
-            throw new AuthLDAP_Exception('No resource handle avbailable');
-        }
-        $result = @ldap_search($this->_ch, $this->_baseDn, $filter, $attributes);
-        if ($result === false) {
-            throw new AuthLDAP_Exception('no result found');
-        }
-        $this->_info = @ldap_get_entries($this->_ch, $result);
-        if ($this->_info === false) {
-            throw new AuthLDAP_Exception('invalid results found');
-        }
-        return $this -> _info;
-    }
-
-    /**
-     * This method sets debugging to ON
-     */
-    public function debugOn()
-    {
-        $this->_debug = true;
-        return $this;
-    }
-
-    /**
-     * This method sets debugging to OFF
-     */
-    public function debugOff()
-    {
-        $this->_debug = false;
-        return $this;
-    }
-
-    /**
-     * This method authenticates the user <var>$username</var> using the
-     * password <var>$password</var>
-     *
-     * @param string $username
-     * @param string $password
-     * @param string $filter OPTIONAL This parameter defines the Filter to be used
-     * when searchin for the username. This MUST contain the string '%s' which
-     * will be replaced by the vaue given in <var>$username</var>
-     * @return boolean true or false depending on successfull authentication or not
-     */
-    public function authenticate($username, $password, $filter = '(uid=%s)')
-    {
-        //return true;
-        $this->connect();
-        $this->bind();
-        $res = $this->search(sprintf($filter, $username));
-        if (! $res || ! is_array($res) || ( $res ['count'] != 1 )) {
-            return false;
-        }
-        $dn = $res[0]['dn'];
-        if ($username && $password) {
-            if (@ldap_bind($this->_ch, $dn, $password)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    /**
-     * $this method loggs errors if debugging is set to ON
-     */
-    public function logError()
-    {
-        if ($this->_debug) {
-            $_v = debug_backtrace();
-            throw new AuthLDAP_Exception('[LDAP_ERROR]' . ldap_errno($this->_ch) . ':' . ldap_error($this->_ch), $_v[0]['line']);
-        }
-    }
-}
-
-class AuthLDAP_Exception extends Exception
-{
-    public function __construct($message, $line = null)
-    {
-        parent :: __construct($message);
-        if ($line) {
-            $this -> line = $line;
-        }
-    }
-}