public function get_accounts_in_domain($domain = '')
{
$ldap_type = '';
$ldap_host = LDAP_HOST;
$ldap_base_dn = LDAP_BASE_DN;
$ldap_helper_dn = LDAP_HELPER_DN;
$ldap_helper_password = LDAP_HELPER_PASSWORD;
if (ENABLE_SAAS == 1) {
$a = $this->model_saas_ldap->get_ldap_params_by_email("aaa@" . $domain);
if (count($a) >= 5) {
$ldap_type = $a[0];
$ldap_host = $a[1];
$ldap_base_dn = $a[2];
$ldap_helper_dn = $a[3];
$ldap_helper_password = $a[4];
}
}
list($ldap_mail_attr, $ldap_account_objectclass, $ldap_distributionlist_attr, $ldap_distributionlist_objectclass) = get_ldap_attribute_names($ldap_type);
if ($ldap_host == '' || $ldap_helper_password == '') {
return array();
}
$ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password);
if ($ldap->is_bind_ok()) {
$query = $ldap->query($ldap_base_dn, "(&(objectClass={$ldap_account_objectclass})({$ldap_mail_attr}=*@{$domain}))", array($ldap_mail_attr));
if ($query->num_rows > 0) {
asort($query->rows);
return $query->rows;
}
}
return array();
}
private function checkLoginAgainstLDAP($username = '', $password = '')
{
$ldap_type = '';
$ldap_host = LDAP_HOST;
$ldap_base_dn = LDAP_BASE_DN;
$ldap_helper_dn = LDAP_HELPER_DN;
$ldap_helper_password = LDAP_HELPER_PASSWORD;
$ldap_auditor_member_dn = LDAP_AUDITOR_MEMBER_DN;
$ldap_admin_member_dn = LDAP_ADMIN_MEMBER_DN;
$role = 0;
$username_prefix = '';
if (ENABLE_SAAS == 1) {
$a = $this->model_saas_ldap->get_ldap_params_by_email($username);
if (count($a) >= 6) {
$ldap_type = $a['ldap_type'];
$ldap_host = $a['ldap_host'];
$ldap_base_dn = $a['ldap_base_dn'];
$ldap_helper_dn = $a['ldap_bind_dn'];
$ldap_helper_password = $a['ldap_bind_pw'];
$ldap_auditor_member_dn = $a['ldap_auditor_member_dn'];
$ldap_mail_attr = $a['ldap_mail_attr'];
$ldap_account_objectclass = $a['ldap_account_objectclass'];
$ldap_distributionlist_attr = $a['ldap_distributionlist_attr'];
$ldap_distributionlist_objectclass = $a['ldap_distributionlist_objectclass'];
}
}
if ($ldap_type != LDAP_TYPE_GENERIC) {
list($ldap_mail_attr, $ldap_account_objectclass, $ldap_distributionlist_attr, $ldap_distributionlist_objectclass) = get_ldap_attribute_names($ldap_type);
}
if ($ldap_mail_attr == 'proxyAddresses') {
$username_prefix = 'smtp:';
}
if ($ldap_host == '' || $ldap_helper_password == '') {
return 0;
}
$ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password);
if ($ldap->is_bind_ok()) {
$query = $ldap->query($ldap_base_dn, "(&(objectClass={$ldap_account_objectclass})({$ldap_mail_attr}={$username_prefix}{$username}))", array());
if (isset($query->row['dn']) && $query->row['dn']) {
$a = $query->row;
$ldap_auth = new LDAP($ldap_host, $a['dn'], $password);
if (ENABLE_SYSLOG == 1) {
syslog(LOG_INFO, "ldap auth against '" . $ldap_host . "', dn: '" . $a['dn'] . "', result: " . $ldap_auth->is_bind_ok());
}
if ($ldap_auth->is_bind_ok()) {
$query = $ldap->query($ldap_base_dn, "(|(&(objectClass={$ldap_account_objectclass})({$ldap_mail_attr}={$username_prefix}{$username}))(&(objectClass={$ldap_distributionlist_objectclass})({$ldap_distributionlist_attr}={$username_prefix}{$username})" . ")(&(objectClass={$ldap_distributionlist_objectclass})({$ldap_distributionlist_attr}=" . stripslashes($a['dn']) . ")))", array());
if ($this->check_ldap_membership($ldap_auditor_member_dn, $query->rows) == 1) {
$role = 2;
}
if ($this->check_ldap_membership($ldap_admin_member_dn, $query->rows) == 1) {
$role = 1;
}
$emails = $this->get_email_array_from_ldap_attr($query->rows);
$extra_emails = $this->model_user_user->get_email_addresses_from_groups($emails);
$emails = array_merge($emails, $extra_emails);
$this->add_session_vars($a['cn'], $username, $emails, $role);
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
return 1;
} else {
AUDIT(ACTION_LOGIN_FAILED, $username, '', '', 'failed auth against LDAP');
}
}
} else {
if (ENABLE_SYSLOG == 1) {
syslog(LOG_INFO, "cannot bind to '" . $ldap_host . "' as '" . $ldap_helper_dn . "'");
}
}
return 0;
}
