/** * Change the default address * * @param string $username The username of the user to add the Exchange account to * @param string $emailAddress The email address to make default * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function primaryAddress($username, $emailAddress, $isGUID = false) { if ($username === NULL) { return "Missing compulsory field [username]"; } if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; } // Find the dn of the user $user = $this->adldap->user()->info($username, array("cn", "proxyaddresses"), $isGUID); if ($user[0]["dn"] === NULL) { return false; } $userDn = $user[0]["dn"]; if (is_array($user[0]["proxyaddresses"])) { $modAddresses = array(); for ($i = 0; $i < sizeof($user[0]['proxyaddresses']); $i++) { if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) { $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]); } if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) { $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]); } if ($user[0]['proxyaddresses'][$i] != '') { $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i]; } } $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses); if ($result == false) { return false; } return true; } }
public function authAD() { $adldap = new adLDAP(); if ($adldap->authenticate($this->login, $this->password)) { $user_info = $adldap->user()->info($this->login); $this->display_name = $user_info[0]['displayname'][0]; $this->logged = true; $this->is_admin = $this->isAdmin($user_info); } else { $this->logged = false; } }
/** * Remove a user from a group * * @param string $group The group to remove a user from * @param string $user The AD user to remove from the group * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function removeUser($group, $user, $isGUID = false) { // Find the parent dn $groupInfo = $this->info($group, array("cn")); if ($groupInfo[0]["dn"] === NULL) { return false; } $groupDn = $groupInfo[0]["dn"]; // Find the users dn $userDn = $this->adldap->user()->dn($user, $isGUID); if ($userDn === false) { return false; } $del = array(); $del["member"] = $userDn; $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); if ($result == false) { return false; } return true; }
$_POST = filter_user_input($_POST, true, true, false); //dont debug ini_set('display_errors', 1); error_reporting(E_ERROR); //include AD script include dirname(__FILE__) . "/../../functions/adLDAP/src/adLDAP.php"; // get All settings $settings = getAllSettings(); //open connection try { //get settings for connection $ad = getADSettings(); //AD $adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => explode(";", $ad['domain_controllers']), 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port'])); //try to login with higher credentials for search $authUser = $adldap->user()->authenticate($ad['adminUsername'], $ad['adminPassword']); if ($authUser == false) { throw new adLDAPException('Invalid credentials'); } // set OpenLDAP flag if ($settings['domainAuth'] == "2") { $adldap->setUseOpenLDAP(true); } //search for domain user! $userinfo = $adldap->user()->info("{$_POST['dname']}*", array("*")); //echo $adldap->getLastError(); } catch (adLDAPException $e) { die('<div class="alert alert-danger">' . $e . '</div>'); } //at least 2 chars if (strlen($_POST['dname']) < 2) {
//prevent null bind if ($username != NULL && $password != NULL) { //include the class and create a connection include dirname(__FILE__) . "/../lib/adLDAP/adLDAP.php"; try { $adldap = new adLDAP(); } catch (adLDAPException $e) { echo $e; exit; } //authenticate the user if ($adldap->authenticate($username, $password)) { //establish your session and redirect session_start(); $_SESSION["username"] = $username; $_SESSION["userinfo"] = $adldap->user()->info($username); $redir = "Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/menu.php"; header($redir); exit; } } $failed = 1; } ?> <html> <head> <title>adLDAP example</title> </head> <body>
/** * Restaure un item * @global type $DB * @param type $arrayItem */ function restaurerItem($arrayItem) { global $DB; $date = date('j-m-Y'); $heure = date('H:m:s'); //Récupération des informations de configuration $configClass = new PluginReformeConfig(); $config = $configClass->getInfoAdministrative(); //Récupération des infos de la machine $info = $this->getInfoMachine($arrayItem[0], $arrayItem[1]); $bon_reforme = null; //Modification de la fiche GLPI $comment = addslashes($info['commentaire']) . "\nRestauration effectuée par: " . "" . $arrayItem[2] . " le: " . $date . " à: " . $heure; //Si nom de la machine non remis if ($info["name"] == "") { $query = "SELECT name,statut,bon_reforme FROM glpi_plugin_reforme_log " . "WHERE id_item = '{$arrayItem['0']}' AND type_item = '{$arrayItem['1']}' " . "AND vie='1'"; if ($result = $DB->query($query)) { if ($DB->numrows($result) > 0) { $row = $DB->fetch_assoc($result); $info["name"] = $row["name"]; $bon_reforme = $row["bon_reforme"]; switch ($arrayItem[1]) { case 'Computer': $query1 = "UPDATE glpi_computers SET name='" . $row["name"] . "'," . "states_id='" . $row["statut"] . "' WHERE id='" . $arrayItem[0] . "'"; $query2 = "UPDATE glpi_computers SET comment='{$comment}' " . "WHERE id='" . $arrayItem[0] . "'"; // instanciation de adldap $cheminAdldap = $this->getAbsolutePathForm() . "/adldap"; require_once $cheminAdldap . '/adLDAP.php'; //Récupération des AD et réactivation de la machine si présente $LDAPConfig = $this->getLDAPConfig($info["id"]); $domaine = ""; //Si la machine appartenait à un domaine on la restaure if ($LDAPConfig != NULL && $this->testerAD($LDAPConfig)) { $serveur[0] = $LDAPConfig['serveur']; $adldap = new adLDAP(array('base_dn' => $LDAPConfig['dc'], 'account_suffix' => $LDAPConfig['suffix'], 'domain_controllers' => $serveur)); $adldap->close(); $adldap->setAdminUsername($LDAPConfig['login']); $adldap->setAdminPassword($LDAPConfig['passwd']); $adldap->connect(); $result = $adldap->computer()->info($info["name"], array("distinguishedname")); if ($result[0]["distinguishedname"][0] != "") { if ($adldap->user()->activerComputer($result[0]["distinguishedname"][0])) { $domaine = $LDAPConfig['suffix']; } else { $domaine = $LDAPConfig['suffix'] . "-->erreur"; } } $adldap->close(); } break; case 'Monitor': $query1 = "UPDATE glpi_monitors SET name='" . $row["name"] . "'," . "states_id='" . $row["statut"] . "' WHERE id='" . $arrayItem[0] . "'"; $query2 = "UPDATE glpi_monitors SET comment='{$comment}' " . "WHERE id='" . $arrayItem[0] . "'"; break; default: break; } $DB->query($query1); $DB->query($query2); } } } // Désactivation du log de réforme $query = "UPDATE glpi_plugin_reforme_log SET vie='0' WHERE id_item='" . $arrayItem[0] . "'" . " AND type_item='" . $arrayItem[1] . "'"; $DB->query($query); $stockage = $this->getAbsolutePathForm() . "bon_reforme"; // Envoie du mail d'annulation de réforme $sujet = "Anulation de la reforme de la machine: " . $info["name"]; $Message_Send = utf8_decode("L\\'objet : <span class=\"Titre\">" . $info["name"] . "</span> a été réformée par erreur<br><br>"); $Message_Send .= utf8_decode("La machine a été restauré dans la base GLPI par: " . "<span class=\"Tech\">" . $arrayItem[2] . "</span><br><br>"); $Message_Send .= utf8_decode("<span class=\"glpi\">Ce message a été envoyé " . "de façon automatique par GLPI (Plugin Reforme)<br></span>"); $Message_Send .= utf8_decode("<span class=\"glpi\">© Viduc 2013 <A " . "HREF=\"http://viduc.sugarbox.fr/\">http://viduc.sugarbox.fr/</A> </span>"); $this->Send_Mail($config['mail'], $sujet, $Message_Send, $this->getAbsolutePathForm() . 'bon_reforme/' . $bon_reforme . '.pdf', $bon_reforme . '.pdf'); //Suppression du bon de réforme unlink($this->getAbsolutePathForm() . 'bon_reforme/' . $bon_reforme . '.pdf'); }
try { //set options $options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port); //AD $adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //search for domain user! $userinfo = $adldap->user()->info("{$_POST['dname']}*", array("*")); //echo $adldap->getLastError(); } catch (adLDAPException $e) { $Result->show("danger", $e->getMessage(), true); } //check for found if (!isset($userinfo['count'])) { print "<div class='alert alert-info'>"; print _('No users found') . "!<hr>"; print _('Possible reasons') . ":"; print "<ul>"; print "<li>" . _('Username not existing') . "</li>"; print "<li>" . _('Invalid baseDN setting for AD') . "</li>"; print "<li>" . _('AD account does not have enough privileges for search') . "</li>"; print "</div>"; } else {
<?php //$db = new database(DATABASE_HOST,DATABASE_PORT,DATABASE_USER,DATABASE_PASSWORD,DATABASE_NAME); try { $settings = array("account_suffix" => $this->page->get_global_setting('auth_ad_account_suffix'), "base_dn" => $this->page->get_global_setting('auth_ad_base_dn'), "domain_controllers" => explode(',', $this->page->get_global_setting('auth_ad_domain_controllers')), "admin_username" => $this->page->get_global_setting('auth_ad_admin_username'), "admin_password" => $this->page->get_global_setting('auth_ad_admin_password', true)); $adldap = new adLDAP($settings); $auth = $adldap->authenticate("{$username}", "{$password}"); $c = $adldap->user()->groups($username); ob_start(); var_dump($auth); $html = ob_get_contents(); ob_end_clean(); echo "<br/>"; $d = $adldap->user()->info($username, array('displayname')); echo $d[0]['displayname'][0]; if ($adldap->authenticate("{$username}", "{$password}") == 1) { $ln = array(); foreach (explode(" ", $d[0]['displayname'][0]) as $n => $v) { if ($n == 0) { $first_name = $v; } else { $ln[] = $v; } } $user_info = array(); $user_info['user_name'] = $username; $user_info['password'] = hash("sha256", $password . SALT); $user_info['first_name'] = $first_name; $user_info['last_name'] = implode(" ", $ln); $result = $this->db->query("SELECT * FROM tbl_user WHERE user_name = '{$username}'"); if ($this->db->num_rows($result) == 0) {
<?php require_once dirname(__FILE__) . '/adLDAP.php'; $adldap = new adLDAP(array("account_suffix" => "@test.slimcrm.com", "base_dn" => "DC=test,DC=slimcrm,DC=com", "domain_controllers" => array("50.57.184.4"), "admin_username" => "administrator", "admin_password" => "CTL-tmp-domaintestD5v5mqV6D")); echo $adldap->authenticate("tholum", "Password1"); echo "\n"; $c = $adldap->user()->groups('tholum'); var_dump($c);
} //set options $options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port); //AD $adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //search for domain user! $userinfo = $adldap->user()->info("{$_POST['dname']}*", array("*"), false, $server->type); //echo $adldap->getLastError(); } catch (adLDAPException $e) { $Result->show("danger", $e->getMessage(), true); } //check for found if (!isset($userinfo['count'])) { print "<div class='alert alert-info'>"; print _('No users found') . "!<hr>"; print _('Possible reasons') . ":"; print "<ul>"; print "<li>" . _('Username not existing') . "</li>"; print "<li>" . _('Invalid baseDN setting for AD') . "</li>"; print "<li>" . _('AD account does not have enough privileges for search') . "</li>"; print "</div>"; } else {
function login($return = '') { if ($this->authorized()) { redirect($return); } $check = FALSE; // If no valid mechanisms found, bail if (!$this->auth_mechanisms) { redirect('auth/generate'); } $login = isset($_POST['login']) ? $_POST['login'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // Loop through authentication mechanisms // Break when we have a match foreach ($this->auth_mechanisms as $mechanism => $auth_data) { // Local is just a username => hash array switch ($mechanism) { case 'noauth': // No authentication $check = TRUE; $login = '******'; break 2; case 'config': // Config authentication if ($_POST && isset($auth_data[$login])) { $t_hasher = $this->load_phpass(); $check = $t_hasher->CheckPassword($password, $auth_data[$login]); break 2; } break; case 'ldap': // LDAP authentication if ($login && $password) { include_once APP_PATH . '/lib/authLDAP/authLDAP.php'; $ldap_auth_obj = new Auth_ldap($auth_data); if ($ldap_auth_obj->authenticate($login, $password)) { //alert('Authenticated'); // Check user against users list if (isset($auth_data['mr_allowed_users'])) { // $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD if ($user_data = $ldap_auth_obj->getUserData($login)) { foreach ($user_data['grps'] as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } } //end group list check // Not in users list or group list error(lang('not_authorized')); break; } } case 'AD': // Active Directory authentication // Prevent empty values if ($_POST && $login && $password) { //include the class and create a connection //TODO wrap this include somewhere else? include_once APP_PATH . '/lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($auth_data); } catch (adLDAPException $e) { // When in debug mode, show additional info $msg = conf('debug') ? ":<br>" . $e->getMessage() : ''; error(lang('error_contacting_AD') . $msg); break 2; } // Authenticate user if ($adldap->authenticate($login, $password)) { // Check user against userlist if (isset($auth_data['mr_allowed_users'])) { // $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD $groups = $adldap->user()->groups($login); foreach ($groups as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } //end group list check // Not in users list or group list error(lang('not_authorized')); break; } break; } break; default: die('Unknown authentication mechanism: ' . $mechanism); break; } } // If authentication succeeded, create session if ($check) { $_SESSION['user'] = $login; $_SESSION['auth'] = $mechanism; session_regenerate_id(); redirect($return); } // If POST and no other alerts, auth has failed if ($_POST && !$GLOBALS['alerts']) { if (!$login or !$password) { error(lang('empty_not_allowed')); } else { error(lang('wrong_user_or_pass')); } } $data = array('login' => $login, 'url' => url("auth/login/{$return}")); $obj = new View(); $obj->view('auth/login', $data); }
function login($return = '') { if (func_get_args()) { $return_parts = func_get_args(); $return = implode('/', $return_parts); } if ($this->authorized()) { redirect($return); } $check = FALSE; // If no valid mechanisms found, bail if (!$this->auth_mechanisms) { redirect('auth/generate'); } $login = isset($_POST['login']) ? $_POST['login'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : ''; // User is a member of these groups $groups = array(); // Loop through authentication mechanisms // Break when we have a match foreach ($this->auth_mechanisms as $mechanism => $auth_data) { // Local is just a username => hash array switch ($mechanism) { case 'noauth': // No authentication $check = TRUE; $login = '******'; break 2; case 'config': // Config authentication if ($login && $password) { if (isset($auth_data[$login])) { $t_hasher = $this->load_phpass(); $check = $t_hasher->CheckPassword($password, $auth_data[$login]); if ($check) { // Get group memberships foreach (conf('groups', array()) as $groupname => $members) { if (in_array($login, $members)) { $groups[] = $groupname; } } } break 2; } } break; case 'ldap': // LDAP authentication if ($login && $password) { include_once APP_PATH . '/lib/authLDAP/authLDAP.php'; $ldap_auth_obj = new Auth_ldap($auth_data); if ($ldap_auth_obj->authenticate($login, $password)) { //alert('Authenticated'); // Check user against users list if (isset($auth_data['mr_allowed_users'])) { $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; // If business units enabled, get group memberships if (conf('enable_business_units')) { if ($user_data = $ldap_auth_obj->getUserData($login)) { $groups = $user_data['grps']; } } break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD if ($user_data = $ldap_auth_obj->getUserData($login)) { foreach ($user_data['grps'] as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; // If business units enabled, store group memberships if (conf('enable_business_units')) { $groups = $user_data['grps']; } break 3; } } } } //end group list check // Not in users list or group list error('Not authorized', 'auth.not_authorized'); break; } } case 'AD': // Active Directory authentication // Prevent empty values if ($_POST && $login && $password) { //include the class and create a connection //TODO: wrap this include somewhere else? include_once APP_PATH . '/lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($auth_data); } catch (adLDAPException $e) { error('An error ocurred while contacting AD', 'error_contacting_AD'); // When in debug mode, show additional info if (conf('debug')) { error($e->getMessage()); } break 2; } // If nothing has failed to this point, authenticate user if ($adldap->authenticate($login, $password)) { // Check user against userlist if (isset($auth_data['mr_allowed_users'])) { $admin_users = is_array($auth_data['mr_allowed_users']) ? $auth_data['mr_allowed_users'] : array($auth_data['mr_allowed_users']); if (in_array(strtolower($login), array_map('strtolower', $admin_users))) { $check = TRUE; // If business units enabled, get group memberships if (conf('enable_business_units')) { $groups = $adldap->user()->groups($login); } break 2; } } // Check user against group list if (isset($auth_data['mr_allowed_groups'])) { // Set mr_allowed_groups to array $admin_groups = is_array($auth_data['mr_allowed_groups']) ? $auth_data['mr_allowed_groups'] : array($auth_data['mr_allowed_groups']); // Get groups from AD $groups = $adldap->user()->groups($login); foreach ($groups as $group) { if (in_array($group, $admin_groups)) { $check = TRUE; break 3; } } } //end group list check // Not in users list or group list error('Not authorized', 'auth.not_authorized'); break; } break; } break; //end of AD method //end of AD method default: die('Unknown authentication mechanism: ' . $mechanism); break; } //end switch } //end foreach loop // If authentication succeeded, create session if ($check) { $_SESSION['user'] = $login; $_SESSION['groups'] = $groups; $_SESSION['auth'] = $mechanism; $this->set_session_props(); session_regenerate_id(); redirect($return); } // If POST and no other alerts, auth has failed if ($_POST && !$GLOBALS['alerts']) { if (!$login or !$password) { error('Empty values are not allowed', 'auth.empty_not_allowed'); } else { error('Wrong username or password', 'auth.wrong_user_or_pass'); } } $data = array('login' => $login, 'url' => url("auth/login/{$return}")); $obj = new View(); $obj->view('auth/login', $data); }
<?php require_once dirname(__FILE__) . '/adLDAP.php'; try { $adldap = new adLDAP(); echo "A"; $adldap->user()->authenticate('SV_LDAP_CARTOPLI ', 'appli'); //var_dump( $adldap->user()->authenticate('jbeutin_stage', '070893')); $user = $adldap->user()->infoCollection('SV_LDAP_CARTOPLI', array('*')); //var_dump($adldap); echo $user->displayName; $groupArray = $user->memberOf; foreach ($groupArray as $group) { echo $group . "\n"; } } catch (adLDAPException $e) { echo $e; exit; }
date_default_timezone_set('America/Los_Angeles'); require_once 'adLDAP.php'; require_once "dbconn.php"; //require_once("/var/www/html/jump/filter_users.php"); $username = strtolower($_POST['username']); $password = $_POST['password']; $json_response = array(); $current_users = array(); $username_query_result = $dbconn->query('select username from people') or die("Error getting usernames"); while ($row = $username_query_result->fetch_assoc()) { array_push($current_users, $row['username']); } $direction = 'login.php'; try { $adldap = new adLDAP(array('base_dn' => 'DC=AD,DC=UCSD,DC=EDU', 'use_ssl' => true, 'domain_controllers' => array("ldap.ad.ucsd.edu"), 'account_suffix' => '')); $authUser = $adldap->user()->authenticate("AD\\{$username}", $password); if ($authUser) { $_SESSION['username'] = $username; $_SESSION['logged_in'] = true; $_SESSION['logout_time'] = strtotime("+8 hours"); if (!in_array($username, $current_users)) { $direction = 'setup.php'; $dbconn->query("insert into people (username) values ('{$username}')"); } else { $direction = 'index.php'; } } else { //echo $adldap->getLastError() . "\n"; } echo json_encode(array('authUser' => $authUser, 'direction' => $direction)); } catch (adLDAPException $e) {
<?php /* Test for the new user collections object */ //error_reporting(E_ALL ^ E_NOTICE); include dirname(__FILE__) . '/../lib/adLDAP/adLDAP.php'; try { $adldap = new adLDAP($options); } catch (adLDAPException $e) { echo $e; exit; } echo "<pre>\n"; $collection = $adldap->user()->infoCollection('username'); print_r($collection->memberOf); print_r($collection->displayName);
function checkcreds_ADGroups_ToServer($groups, $hostname, $username, $password, $account_suffix) { if (strlen($groups) == 0) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer no defined group in line:" . __LINE__); } return true; } $YGroups = array(); $zGroups = explode("\n", $groups); while (list($num, $ligne) = each($zGroups)) { $ligne = trim(strtolower($ligne)); if ($ligne == null) { continue; } $YGroups[$ligne] = $ligne; if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer checks group {$ligne} in line:" . __LINE__); } } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer " . count($YGroups) . " in line:" . __LINE__); } if (count($YGroups) == 0) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer no group defined, return true in line:" . __LINE__); } return true; } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer checks {$username} groups in line:" . __LINE__); } $account_suffixZ = explode(".", $account_suffix); while (list($num, $a) = each($account_suffixZ)) { $zsuffix[] = "DC={$a}"; } $suffix = @implode(",", $zsuffix); $options = array('base_dn' => $suffix, 'ad_username' => $username, 'ad_password' => $password, 'recursive_groups' => true, 'domain_controllers' => array($hostname), 'account_suffix' => "@{$account_suffix}"); $adldap = new adLDAP($options); $adldap->authenticate("{$username}", $password); $result = $adldap->user()->groups($username); if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog_array($GLOBALS["CLASS_ACTV"]); } if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_ADGroups_ToServer {$username} in:" . count($result) . " groups in line:" . __LINE__); } while (list($num, $group) = each($result)) { $group = trim(strtolower($group)); if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_AD checks {$group} group in line:" . __LINE__); } if (isset($YGroups[$group])) { if ($GLOBALS["HOTSPOT_DEBUG"]) { ToSyslog("{$hostname}: checkcreds_AD checks {$group} is OK in line:" . __LINE__); } return true; } } return false; }
if (0) { $attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container")); $result = $adldap->group()->create($attributes); var_dump($result); } // retrieve information about a group if (0) { // Raw data array returned $result = $adldap->group()->info("Group Name"); var_dump($result); } // create a user account if (0) { $attributes = array("username" => "freds", "logon_name" => "*****@*****.**", "firstname" => "Fred", "surname" => "Smith", "company" => "My Company", "department" => "My Department", "email" => "*****@*****.**", "container" => array("Container Parent", "Container Child"), "enabled" => 1, "password" => "Password123"); try { $result = $adldap->user()->create($attributes); var_dump($result); } catch (adLDAPException $e) { echo $e; exit; } } // retrieve the group membership for a user if (0) { $result = $adldap->user()->groups("username"); print_r($result); } // retrieve information about a user if (0) { // Raw data array returned $result = $adldap->user()->info("username");