Provide bin/auth ldap for LDAP diagnostics

Summary: Ref T1536.

Test Plan: Ran `bin/auth ldap`.

Reviewers: mbishopim3, chad

Reviewed By: mbishopim3

CC: aran

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6218

scripts/setup/manage_auth.php

@@ -15,7 +15,8 @@ EOSYNOPSIS
 $args->parseStandardArguments();
 
 $workflows = array(
-  new PhabricatorAuthManagementListWorkflow(),
+  new PhabricatorAuthManagementRecoverWorkflow(),
+  new PhabricatorAuthManagementLDAPWorkflow(),
   new PhutilHelpArgumentWorkflow(),
 );
 

src/__phutil_library_map__.php

@@ -823,6 +823,7 @@ phutil_register_library_map(array(
     'PhabricatorAuthLinkController' => 'applications/auth/controller/PhabricatorAuthLinkController.php',
     'PhabricatorAuthListController' => 'applications/auth/controller/config/PhabricatorAuthListController.php',
     'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php',
+    'PhabricatorAuthManagementLDAPWorkflow' => 'applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php',
     'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
     'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
     'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
@@ -2707,6 +2708,7 @@ phutil_register_library_map(array(
       1 => 'PhabricatorApplicationSearchResultsControllerInterface',
     ),
     'PhabricatorAuthLoginController' => 'PhabricatorAuthController',
+    'PhabricatorAuthManagementLDAPWorkflow' => 'PhabricatorAuthManagementWorkflow',
     'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
     'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
     'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',

src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php

@@ -0,0 +1,71 @@
+<?php
+
+final class PhabricatorAuthManagementLDAPWorkflow
+  extends PhabricatorAuthManagementWorkflow {
+
+  protected function didConstruct() {
+    $this
+      ->setName('ldap')
+      ->setExamples('**ldap**')
+      ->setSynopsis(
+        pht('Analyze and diagnose issues with LDAP configuration.'));
+  }
+
+  public function execute(PhutilArgumentParser $args) {
+    $console = PhutilConsole::getConsole();
+    $console->getServer()->setEnableLog(true);
+
+    $provider = new PhabricatorAuthProviderLDAP();
+    if (!$provider->isEnabled()) {
+      $console->writeOut(
+        "%s\n",
+        "The LDAP authentication provider is not enabled.");
+      exit(1);
+    }
+
+    if (!function_exists('ldap_connect')) {
+      $console->writeOut(
+        "%s\n",
+        "The LDAP extension is not enabled.");
+      exit(1);
+    }
+
+    $adapter = $provider->getAdapter();
+    $adapter->setConsole($console);
+
+    $console->writeOut("%s\n", pht('LDAP CONFIGURATION'));
+    $adapter->printConfiguration();
+
+    $console->writeOut("%s\n", pht('Enter LDAP Credentials'));
+    $username = phutil_console_prompt("LDAP Username: ");
+    if (!strlen($username)) {
+      throw new PhutilArgumentUsageException(
+        pht("You must enter an LDAP username."));
+    }
+
+    phutil_passthru('stty -echo');
+    $password = phutil_console_prompt("LDAP Password: ");
+    phutil_passthru('stty echo');
+
+    if (!strlen($password)) {
+      throw new PhutilArgumentUsageException(
+        pht("You must enter an LDAP password."));
+    }
+
+    $adapter->setLoginUsername($username);
+    $adapter->setLoginPassword(new PhutilOpaqueEnvelope($password));
+
+    $console->writeOut("\n");
+    $console->writeOut("%s\n", pht('Connecting to LDAP...'));
+
+    $account_id = $adapter->getAccountID();
+    if ($account_id) {
+      $console->writeOut("%s\n", pht('Found LDAP Account: %s', $account_id));
+    } else {
+      $console->writeOut("%s\n", pht('Unable to find LDAP account!'));
+    }
+
+    return 0;
+  }
+
+}

src/applications/auth/provider/PhabricatorAuthProvider.php

@@ -180,6 +180,9 @@ abstract class PhabricatorAuthProvider {
     $account->setEmail($adapter->getAccountEmail());
     $account->setAccountURI($adapter->getAccountURI());
 
+    $account->setProfileImagePHID(null);
+    $image_uri = $adapter->getAccountImageURI();
+    if ($image_uri) {
       try {
         $name = PhabricatorSlug::normalize($this->getProviderName());
         $name = $name.'-profile.jpg';
@@ -188,9 +191,6 @@ abstract class PhabricatorAuthProvider {
         // file entry for it, but there's no convenient way to do this with
         // PhabricatorFile right now. The storage will get shared, so the impact
         // here is negligible.
-
-      $image_uri = $adapter->getAccountImageURI();
-
         $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
           $image_file = PhabricatorFile::newFromFileDownload(
             $image_uri,
@@ -199,9 +199,14 @@ abstract class PhabricatorAuthProvider {
             ));
         unset($unguarded);
 
+        if ($image_file) {
           $account->setProfileImagePHID($image_file->getPHID());
+        }
       } catch (Exception $ex) {
-      $account->setProfileImagePHID(null);
+        // Log this but proceed, it's not especially important that we
+        // be able to pull profile images.
+        phlog($ex);
+      }
     }
 
     $this->willSaveAccount($account);