function check_ad() { if(!CModule::IncludeModule('ldap')) return $this->Result(null, GetMessage("MAIN_SC_NO_LDAP_MODULE")); $rs = CLdapServer::GetList(); if (!$rs->Fetch()) return $this->Result(null, GetMessage("MAIN_SC_NO_LDAP_INTEGRATION")); return true; }
public static function Sync($ldap_server_id) { global $DB, $USER, $APPLICATION; if (!is_object($USER)) { $USER = new CUser(); $bUSERGen = true; } $dbLdapServers = CLdapServer::GetById($ldap_server_id); if (!($oLdapServer = $dbLdapServers->GetNextServer())) { return false; } if (!$oLdapServer->Connect()) { return false; } if (!$oLdapServer->BindAdmin()) { $oLdapServer->Disconnect(); return false; } $APPLICATION->ResetException(); $db_events = GetModuleEvents("ldap", "OnLdapBeforeSync"); while ($arEvent = $db_events->Fetch()) { $arParams['oLdapServer'] = $oLdapServer; if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { if (!($err = $APPLICATION->GetException())) { $APPLICATION->ThrowException("Unknown error"); } return false; } } // select all users from LDAP $arLdapUsers = array(); $ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]); $APPLICATION->ResetException(); $dbLdapUsers = $oLdapServer->GetUserList(); $ldpEx = $APPLICATION->GetException(); while ($arLdapUser = $dbLdapUsers->Fetch()) { $arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser; } unset($dbLdapUsers); // select all Bitrix CMS users for this LDAP $arUsers = array(); CTimeZone::Disable(); $dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id)); CTimeZone::Enable(); while ($arUser = $dbUsers->Fetch()) { $arUsers[strtolower($arUser["LOGIN"])] = $arUser; } unset($dbUsers); if (!$ldpEx || $ldpEx->msg != 'LDAP_SEARCH_ERROR') { $arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers)); } if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) { $syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]); } else { $syncTime = 0; } $arCache = array(); // selecting a list of groups, from which users will not be imported $noImportGroups = array(); $dbGroups = CLdapServer::GetGroupBan($ldap_server_id); while ($arGroup = $dbGroups->Fetch()) { $noImportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID']; } $cnt = 0; // have to update $oLdapServer->arFields["FIELD_MAP"] for user fields // for each one of them looking for similar in user list foreach ($arLdapUsers as $userLogin => $arLdapUserFields) { if (!is_array($arUsers[$userLogin])) { if ($oLdapServer->arFields["SYNC_USER_ADD"] != "Y") { continue; } // if user is not found among already existing ones, then import him // в $arLdapUserFields - user fields from ldap $userActive = $oLdapServer->getLdapValueByBitrixFieldName("ACTIVE", $arLdapUserFields); if ($userActive != "Y") { continue; } $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache); // $arUserFields here contains LDAP user fields for a LDAP user // make a check, whether this user belongs to those groups only, from which import will not be made... $allUserGroups = $arUserFields['LDAP_GROUPS']; $userImportIsBanned = true; foreach ($allUserGroups as $groupId) { $groupId = trim($groupId); if (!empty($groupId) && !array_key_exists(md5($groupId), $noImportGroups)) { $userImportIsBanned = false; break; } } // ...if he does not, then import him if (!$userImportIsBanned || empty($allUserGroups)) { $oLdapServer->SetUser($arUserFields); } } else { // if date of update is set, then compare it $ldapTime = time(); if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) { $ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]); $userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]); } if ($syncTime < $ldapTime || $syncTime < $userTime) { // make an update $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache); $arUserFields["ID"] = $arUsers[$userLogin]["ID"]; //echo $arUserFields["LOGIN"]." - updated<br>"; $oLdapServer->SetUser($arUserFields); $cnt++; } } } foreach ($arDelLdapUsers as $userLogin) { $USER = new CUser(); if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') { $ID = intval($arUsers[$userLogin]["ID"]); $USER->Update($ID, array('ACTIVE' => 'N')); } } $oLdapServer->Disconnect(); CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction())); if ($bUSERGen) { unset($USER); } return $cnt; }
function NTLMAuth() { global $USER; if ($USER->IsAuthorized()) { return; } if (!array_key_exists("AUTH_TYPE", $_SERVER) || $_SERVER["AUTH_TYPE"] != "NTLM") { return; } $ntlm_varname = trim(COption::GetOptionString('ldap', 'ntlm_varname', 'REMOTE_USER')); if (array_key_exists($ntlm_varname, $_SERVER) && strlen($LOGIN = $_SERVER[$ntlm_varname]) > 0) { $DOMAIN = ""; if (($pos = strpos($LOGIN, "\\")) !== false) { $DOMAIN = substr($LOGIN, 0, $pos); $LOGIN = substr($LOGIN, $pos + 1); } $arFilterServer = array('ACTIVE' => 'Y'); if (strlen($DOMAIN) > 0) { $arFilterServer['CODE'] = $DOMAIN; } else { $DEF_DOMAIN_ID = intval(COption::GetOptionInt('ldap', 'ntlm_default_server', 0)); if ($DEF_DOMAIN_ID > 0) { $arFilterServer['ID'] = $DEF_DOMAIN_ID; } else { return; } } $db_ldap_serv = CLdapServer::GetList(array(), $arFilterServer); /*@var $xLDAP CLDAP*/ while ($xLDAP = $db_ldap_serv->GetNextServer()) { if ($xLDAP->Connect()) { if ($arLdapUser = $xLDAP->FindUser($LOGIN)) { $ID = $xLDAP->SetUser($arLdapUser); if ($ID > 0) { $USER->Authorize($ID); $xLDAP->Disconnect(); return; } } $xLDAP->Disconnect(); } } } }
$ld = CLdapServer::GetByID($ID); ClearVars("str_"); if (!($arFields = $ld->ExtractFields("str_"))) { $ID = 0; } else { if ($MOD_RIGHT < "W") { $str_ADMIN_PASSWORD = ""; } $ldp = CLDAP::Connect(array("SERVER" => $arFields['SERVER'], "PORT" => $arFields['PORT'], "ADMIN_LOGIN" => $arFields['ADMIN_LOGIN'], "ADMIN_PASSWORD" => $arFields['ADMIN_PASSWORD'], "BASE_DN" => $arFields['BASE_DN'], "GROUP_FILTER" => $arFields['GROUP_FILTER'], "GROUP_ID_ATTR" => $arFields['GROUP_ID_ATTR'], "GROUP_NAME_ATTR" => $arFields['GROUP_NAME_ATTR'], "GROUP_MEMBERS_ATTR" => $arFields['GROUP_MEMBERS_ATTR'], "CONVERT_UTF8" => $arFields['CONVERT_UTF8'], "USER_FILTER" => $arFields['USER_FILTER'], "USER_GROUP_ATTR" => $arFields['USER_GROUP_ATTR'], "USER_GROUP_ACCESSORY" => $arFields['USER_GROUP_ACCESSORY'], "USER_DEPARTMENT_ATTR" => $arFields['USER_DEPARTMENT_ATTR'], "USER_MANAGER_ATTR" => $arFields['USER_MANAGER_ATTR'], "MAX_PAGE_SIZE" => $arFields['MAX_PAGE_SIZE'])); $db_groups = CLdapServer::GetGroupMap($ID); while ($arGroup = $db_groups->Fetch()) { $arGroups[$arGroup['GROUP_ID'] . ' ' . md5($arGroup['LDAP_GROUP_ID'])] = $arGroup; } if (!isset($noimportGroups)) { $noimportGroups = array(); $db_groups = CLdapServer::GetGroupBan($ID); while ($arGroup = $db_groups->Fetch()) { $noimportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID']; } } //$ADMIN_PASSWORD = $arFields['ADMIN_PASSWORD']; if (!$bPostback) { $arUserFieldMap = $arFields["FIELD_MAP"]; } } } //if(strlen($Add)<=0) $DB->InitTableVarsForEdit("b_ldap_server", "", "str_"); if (is_array($_REQUEST['LDAP_GROUP'])) { foreach ($_REQUEST['LDAP_GROUP'] as $t_id => $arGroup) { if (strlen($arGroup['LDAP_GROUP_ID']) > 0 || $arGroup['GROUP_ID'] > 0) {
} } foreach ($arID as $ID) { if (strlen($ID) <= 0) { continue; } $ID = IntVal($ID); switch ($_REQUEST['action']) { case "delete": if (!CLdapServer::Delete($ID)) { $lAdmin->AddGroupError(GetMessage("LDAP_ADMIN_DEL_ERR"), $ID); } break; case "activate": case "deactivate": $ld = new CLdapServer(); $arFields = array("ACTIVE" => $_REQUEST['action'] == "activate" ? "Y" : "N"); if (!$ld->Update($ID, $arFields)) { if ($e = $APPLICATION->GetException()) { $lAdmin->AddUpdateError(GetMessage("SAVE_ERROR") . $ID . ". " . $e->GetString(), $ID); } } break; } } } // initialise list - query data $rsData = CLdapServer::GetList(array($by => $order), $arFilter); $rsData = new CAdminResult($rsData, $sTableID); $rsData->NavStart(); // set up navigation string
echo GetMessage("USER_IMPORT_LDAP_SERVER"); ?> :</td> <td width="50%"> <select name="ldapServer" onChange="OnLdapSelect(this.selectedIndex - 1);"> <option value="0"><?php echo GetMessage("USER_IMPORT_SELECT_FROM_LIST"); ?> </option> <? $arAllFields = CLDAPUtil::GetSynFields(); // all user fields that are currently set up in the system $arFieldMaps = array(); $indSelected = -1; $i=-1; $dbLdap = CLdapServer::GetList(array("NAME" => "ASC"), array("ACTIVE" => "Y")); while ($arLdap = $dbLdap->GetNext()): $i++; $map = $arLdap["FIELD_MAP"]; foreach ($map as $user_f=>$ldap_f) { if (!array_key_exists($user_f,$arAllFields)) { unset($map[$user_f]); } } $arFieldMaps[] = $map; ?> <option value="<?php echo $arLdap["ID"]; ?>
function Sync($ldap_server_id) { global $DB, $USER, $APPLICATION; if (!is_object($USER)) { $USER = new CUser(); $bUSERGen = true; } $dbLdapServers = CLdapServer::GetById($ldap_server_id); if (!($oLdapServer = $dbLdapServers->GetNextServer())) { return false; } if (!$oLdapServer->Connect()) { return false; } if (!$oLdapServer->BindAdmin()) { $oLdapServer->Disconnect(); return false; } $APPLICATION->ResetException(); $db_events = GetModuleEvents("ldap", "OnLdapBeforeSync"); while ($arEvent = $db_events->Fetch()) { $arParams['oLdapServer'] = $oLdapServer; if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { if (!($err = $APPLICATION->GetException())) { $APPLICATION->ThrowException("Unknown error"); } return false; } } // select all users from LDAP $arLdapUsers = array(); $ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]); $dbLdapUsers = $oLdapServer->GetUserList(); while ($arLdapUser = $dbLdapUsers->Fetch()) { $arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser; } unset($dbLdapUsers); // select all Bitrix CMS users for this LDAP $arUsers = array(); CTimeZone::Disable(); $dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id)); CTimeZone::Enable(); while ($arUser = $dbUsers->Fetch()) { $arUsers[strtolower($arUser["LOGIN"])] = $arUser; } unset($dbUsers); $arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers)); if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) { $syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]); } else { $syncTime = 0; } $arCache = array(); $cnt = 0; // have to update $oLdapServer->arFields["FIELD_MAP"] for user fields // for each one of them looking for similar in user list foreach ($arLdapUsers as $userLogin => $arLdapUserFields) { if (!is_array($arUsers[$userLogin])) { continue; } // if date of update is set, then compare it $ldapTime = time(); if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) { $ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]); $userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]); } if ($syncTime < $ldapTime || $syncTime < $userTime) { // make an update $arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache); $arUserFields["ID"] = $arUsers[$userLogin]["ID"]; //echo $arUserFields["LOGIN"]." - updated<br>"; $oLdapServer->SetUser($arUserFields); $cnt++; } } foreach ($arDelLdapUsers as $userLogin) { $USER = new CUser(); if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') { $ID = intval($arUsers[$userLogin]["ID"]); $USER->Update($ID, array('ACTIVE' => 'N')); } } $oLdapServer->Disconnect(); CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction())); if ($bUSERGen) { unset($USER); } return $cnt; }
############################################## # Bitrix: SiteManager # # Copyright (c) 2002-2012 Bitrix # # http://www.bitrixsoft.com # # mailto:admin@bitrixsoft.com # ############################################## global $MESS; include GetLangFileName($GLOBALS["DOCUMENT_ROOT"] . "/bitrix/modules/ldap/lang/", "/options.php"); IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/options.php"); $module_id = "ldap"; CModule::IncludeModule($module_id); $MOD_RIGHT = $APPLICATION->GetGroupRight($module_id); if ($MOD_RIGHT >= "R") { $arAllLdapServers = array(0 => GetMessage('LDAP_NOT_USE_DEFAULT_NTLM_SERVER')); $rsLdapServers = CLdapServer::GetList(); while ($arLdapServer = $rsLdapServers->Fetch()) { $arAllLdapServers[$arLdapServer['ID']] = $arLdapServer['NAME']; } // get current NTLM user login for displaying later if (!($ntlmVarname = $_POST['ntlm_varname'])) { $ntlmVarname = COption::GetOptionString($module_id, 'ntlm_varname', 'REMOTE_USER'); } if (array_key_exists($ntlmVarname, $_SERVER) && trim($_SERVER[$ntlmVarname]) != '') { $currentUserNTLMMsg = htmlspecialcharsbx($_SERVER[$ntlmVarname]); } else { $currentUserNTLMMsg = GetMessage("LDAP_CURRENT_USER_ABS"); } // set up form $arAllOptions = array(array("default_email", GetMessage('LDAP_OPTIONS_DEFAULT_EMAIL'), "no@email", array("text")), array("use_ntlm", GetMessage('LDAP_OPTIONS_USE_NTLM'), "N", array("checkbox")), array("use_ntlm_login", GetMessage('LDAP_CURRENT_USER'), $currentUserNTLMMsg, array("statictext")), array("ntlm_varname", GetMessage('LDAP_OPTIONS_NTLM_VARNAME'), "REMOTE_USER", array("text", 20)), array("ntlm_default_server", GetMessage('LDAP_DEFAULT_NTLM_SERVER'), "0", array("selectbox", $arAllLdapServers)), array("add_user_when_auth", GetMessage("LDAP_OPTIONS_NEW_USERS"), "Y", array("checkbox")), array("ntlm_auth_without_prefix", GetMessage("LDAP_WITHOUT_PREFIX"), "Y", array("checkbox")), GetMessage("LDAP_BITRIXVM_BLOCK"), array("bitrixvm_auth_support", GetMessage("LDAP_BITRIXVM_SUPPORT"), "N", array("checkbox")), array("bitrixvm_auth_net", GetMessage('LDAP_BITRIXVM_NET'), "", array("text", 40))); if ($MOD_RIGHT >= "W") {
function OnPostForm() { $wizard =& $this->GetWizard(); if ($wizard->IsPrevButtonClick()) { return; } if (!$this->ldp) { $wizard->SetCurrentStep("ldap_settings"); $this->SetError(GetMessage("wiz_ldap_error"), "ldapServer"); return; } elseif (!$this->ldp->BindAdmin()) { $wizard->SetCurrentStep("ldap_settings"); $this->SetError(GetMessage("wiz_ldap_error1"), "ldapLogin"); return; } elseif ($this->ldp) { $dbGroup = $this->ldp->GetGroupList(); if (!$dbGroup->Fetch()) { $wizard->SetCurrentStep("ldap_settings"); $this->SetError(GetMessage("wiz_ldap_error_root"), "ldapBaseDN"); return; } } $arUserFieldMap = array("ACTIVE" => "UserAccountControl&2", "EMAIL" => "email", "NAME" => "givenName", "LAST_NAME" => "sn", "PERSONAL_WWW" => "wWWHomePage", "PERSONAL_PHONE" => "homePhone", "PERSONAL_MOBILE" => "mobile", "PERSONAL_STREET" => "streetAddress", "PERSONAL_MAILBOX" => "postOfficeBox", "PERSONAL_CITY" => "l", "PERSONAL_STATE" => "st", "PERSONAL_ZIP" => "postalCode", "PERSONAL_COUNTRY" => "c", "WORK_COMPANY" => "company", "WORK_DEPARTMENT" => "department", "WORK_POSITION" => "title", "WORK_PHONE" => "telephoneNumber", "WORK_FAX" => "facsimileTelephoneNumber", "ADMIN_NOTES" => "description"); $arFields = array("NAME" => GetMessage("wiz_ldap_server1"), "DESCRIPTION" => "", "CODE" => $wizard->GetVar('ldapNTLMDomain') ? $wizard->GetVar('ldapNTLMDomain') : '', "SERVER" => $wizard->GetVar("ldapServer"), "PORT" => $wizard->GetVar("ldapPort"), "CONVERT_UTF8" => "Y", "ADMIN_LOGIN" => $wizard->GetVar("ldapLogin"), "ACTIVE" => "Y", "ADMIN_PASSWORD" => $wizard->GetVar("ldapPassword"), "BASE_DN" => $wizard->GetVar("ldapBaseDN"), "GROUP_FILTER" => "(objectCategory=group)", "GROUP_ID_ATTR" => "dn", "GROUP_NAME_ATTR" => "sAMAccountName", "USER_FILTER" => "(&(objectClass=user)(objectCategory=PERSON))", "USER_ID_ATTR" => "samaccountname", "USER_NAME_ATTR" => "givenName", "USER_LAST_NAME_ATTR" => "sn", "USER_EMAIL_ATTR" => "mail", "USER_GROUP_ATTR" => "memberof", "SYNC_PERIOD" => "5", "SYNC" => "N", "SYNC_ATTR" => "whenChanged", "FIELD_MAP" => $arUserFieldMap); $ldapGroup = $wizard->GetVar("ldapGroup"); if (is_array($ldapGroup) && !empty($ldapGroup)) { $arGroups = array(); foreach ($ldapGroup as $groupID => $ldapGroupID) { $arGroups[] = array("GROUP_ID" => $groupID, "LDAP_GROUP_ID" => $ldapGroupID); } $arFields["GROUPS"] = $arGroups; } $ID = CLdapServer::Add($arFields); if ($ID < 1) { $this->SetError(GetMessage("wiz_ldap_server_err") . ($exception = $GLOBALS["APPLICATION"]->GetException() ? $exception->GetString() : "")); } elseif ($wizard->GetVar('ldapNTLM') == 'Y' && strlen($wizard->GetVar('ldapNTLMDomain')) > 0) { COption::SetOptionString("ldap", "use_ntlm", "Y"); COption::SetOptionString("ldap", "ntlm_default_server", $ID); RegisterModuleDependences('main', 'OnBeforeProlog', 'ldap', 'CLDAP', 'NTLMAuth', 40); $fhtaccess = $_SERVER['DOCUMENT_ROOT'] . '/.htaccess'; $f = fopen($fhtaccess, "rb"); $fcontent = fread($f, filesize($fhtaccess)); fclose($f); $fcontent = preg_replace('/AuthType .+SSPIOfferBasic On[\\r\\n\\t #]Require valid-user/is', '', $fcontent); $fcontent = $fcontent . "\r\n" . "AuthName \"My Intranet\"\r\n" . "AuthType SSPI\r\n" . "SSPIAuth On\r\n" . "SSPIPackage NTLM\r\n" . "SSPIDomain " . $wizard->GetVar('ldapNTLMDomain') . "\r\n" . "SSPIPerRequestAuth On\r\n" . "SSPIAuthoritative On\r\n" . "SSPIOfferBasic On\r\n" . "Require valid-user\r\n"; $f = fopen($fhtaccess, "wb+"); fwrite($f, $fcontent); fclose($f); } }