Beispiel #1
0
 /**
  * Create an organizational unit
  * 
  * @param array $attributes Default attributes of the ou
  * @return bool
  */
 public function create($attributes)
 {
     if (!is_array($attributes)) {
         return "Attributes must be an array";
     }
     if (!is_array($attributes["container"])) {
         return "Container attribute must be an array.";
     }
     if (!array_key_exists("ou_name", $attributes)) {
         return "Missing compulsory field [ou_name]";
     }
     if (!array_key_exists("container", $attributes)) {
         return "Missing compulsory field [container]";
     }
     $attributes["container"] = array_reverse($attributes["container"]);
     $add = array();
     $add["objectClass"] = "organizationalUnit";
     $add["OU"] = $attributes['ou_name'];
     $containers = "";
     if (count($attributes['container']) > 0) {
         $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
     }
     $containers = "OU=" . implode(",OU=", $attributes["container"]);
     $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
     if ($result != true) {
         return false;
     }
     return true;
 }
Beispiel #2
0
 public function authenticate()
 {
     /*if (Request::ajax()):*/
     $isAccountActive = FALSE;
     $adldap = new adLDAP();
     $username = Request::input('username');
     $password = md5(Request::input('password'));
     $authUser = $adldap->authenticate($username, Request::input('password'));
     if ($authUser && $this->login_status) {
         $user_fields = array('displayname', 'mail', 'company', 'physicaldeliveryofficename', 'givenname', 'sn');
         $this->user_info = $adldap->user()->info($username, $user_fields);
         //working
         $this->_processUser($username, $password);
         //return array("status" => $this->response_status, "message" => $this->response_text);
     } else {
         $this->login_status = FALSE;
         $this->_check_failed_login_duration($username);
         //return array("status" => $this->response_status, "message" => $this->response_text);
     }
     //todo WFH. SEARCH FOR VLANS
     if (!$this->wfh) {
         // if user is allowed to work from home then check his IP
         $user_ip_address = Request::getClientIp(true);
         $tmpIP = $user_ip_address;
         $pos = strrpos($tmpIP, '.');
         $tmpIP = substr($tmpIP, 0, $pos) . '.';
         $qry2 = "\n\t\t\t\tSELECT * FROM vlans v \n\t\t\t\tINNER JOIN offices o ON v.office_id = o.office_id \n\t\t\t\tWHERE subnet like '" . $tmpIP . "%';\n\t\t\t";
         $res2 = DB::select($qry2);
         if (count($res2) == 0 && ip2long($user_ip_address)) {
             $this->login_status = FALSE;
             $this->response_text = 'You are not authorised to login remotely. If this is incorrect please contact HR.';
             $this->response_status = 'failed';
             Auth::logout();
             return array("status" => $this->response_status, "message" => $this->response_text);
         }
     }
     if (!$this->login_status) {
         $this->response_status = 'failed';
         $this->response_text = $this->messages['invalid'];
     }
     return array("status" => $this->response_status, "message" => $this->response_text);
     /*else:
     			return array("status" => $this->response_status, "message" => $this->response_text);
     		endif;*/
 }
Beispiel #3
0
 /**
  * Get the last logon time of any user as a Unix timestamp
  * 
  * @param string $username
  * @return long $unixTimestamp
  */
 public function getLastLogon($username)
 {
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     if ($username === null) {
         return "Missing compulsory field [username]";
     }
     $userInfo = $this->info($username, array("lastLogonTimestamp"));
     $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
     return $lastLogon;
 }
Beispiel #4
0
 /**
  * Returns a list of Databases within any given storage group in Exchange for a given mail server
  * 
  * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
  * @param array $attributes An array of the AD attributes you wish to return
  * @return array
  */
 public function storageDatabases($storageGroup, $attributes = array('cn', 'distinguishedname', 'displayname'))
 {
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     if ($storageGroup === NULL) {
         return "Missing compulsory field [storageGroup]";
     }
     $filter = '(&(objectCategory=msExchPrivateMDB))';
     $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
     $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
     return $entries;
 }
Beispiel #5
0
 /**
  * Coping with AD not returning the primary group
  * http://support.microsoft.com/?kbid=321360 
  * 
  * For some reason it's not possible to search on primarygrouptoken=XXX
  * If someone can show otherwise, I'd like to know about it :)
  * this way is resource intensive and generally a pain in the @#%^
  * 
  * @deprecated deprecated since version 3.1, see get get_primary_group
  * @param string $gid Group ID
  * @return string
  */
 public function cn($gid)
 {
     if ($gid === NULL) {
         return false;
     }
     $sr = false;
     $r = '';
     $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
     $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
     $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
     $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
     for ($i = 0; $i < $entries["count"]; $i++) {
         if ($entries[$i]["primarygrouptoken"][0] == $gid) {
             $r = $entries[$i]["distinguishedname"][0];
             $i = $entries["count"];
         }
     }
     return $r;
 }
Beispiel #6
0
 /**
  * Get the groups a computer is in
  * 
  * @param string $computerName The name of the computer
  * @param bool $recursive Whether to check recursively
  * @return array
  */
 public function groups($computerName, $recursive = NULL)
 {
     if ($computerName === NULL) {
         return false;
     }
     if ($recursive === NULL) {
         $recursive = $this->adldap->getRecursiveGroups();
     }
     //use the default option if they haven't set it
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     //search the directory for their information
     $info = @$this->info($computerName, array("memberof", "primarygroupid"));
     $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
     //presuming the entry returned is our guy (unique usernames)
     if ($recursive === true) {
         foreach ($groups as $id => $groupName) {
             $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
             $groups = array_merge($groups, $extraGroups);
         }
     }
     return $groups;
 }
 public function testLdap()
 {
     $ad = new adLDAP();
     //$ad->user()->modify("genesis.gallardo", array("email" => "*****@*****.**"));
     $results = $ad->user()->info("angelique.torrano");
     echo "<pre>";
     print_r($results);
 }
Beispiel #8
0
 /**
  * Mail enable a contact
  * Allows email to be sent to them through Exchange
  * 
  * @param string $distinguishedname The contact to mail enable
  * @param string $emailaddress The email address to allow emails to be sent through
  * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
  * @return bool
  */
 public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
 {
     return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
 }