/**
* Create an organizational unit
*
* @param array $attributes Default attributes of the ou
* @return bool
*/
public function create($attributes)
{
if (!is_array($attributes)) {
return "Attributes must be an array";
}
if (!is_array($attributes["container"])) {
return "Container attribute must be an array.";
}
if (!array_key_exists("ou_name", $attributes)) {
return "Missing compulsory field [ou_name]";
}
if (!array_key_exists("container", $attributes)) {
return "Missing compulsory field [container]";
}
$attributes["container"] = array_reverse($attributes["container"]);
$add = array();
$add["objectClass"] = "organizationalUnit";
$add["OU"] = $attributes['ou_name'];
$containers = "";
if (count($attributes['container']) > 0) {
$containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
}
$containers = "OU=" . implode(",OU=", $attributes["container"]);
$result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
public function authenticate()
{
/*if (Request::ajax()):*/
$isAccountActive = FALSE;
$adldap = new adLDAP();
$username = Request::input('username');
$password = md5(Request::input('password'));
$authUser = $adldap->authenticate($username, Request::input('password'));
if ($authUser && $this->login_status) {
$user_fields = array('displayname', 'mail', 'company', 'physicaldeliveryofficename', 'givenname', 'sn');
$this->user_info = $adldap->user()->info($username, $user_fields);
//working
$this->_processUser($username, $password);
//return array("status" => $this->response_status, "message" => $this->response_text);
} else {
$this->login_status = FALSE;
$this->_check_failed_login_duration($username);
//return array("status" => $this->response_status, "message" => $this->response_text);
}
//todo WFH. SEARCH FOR VLANS
if (!$this->wfh) {
// if user is allowed to work from home then check his IP
$user_ip_address = Request::getClientIp(true);
$tmpIP = $user_ip_address;
$pos = strrpos($tmpIP, '.');
$tmpIP = substr($tmpIP, 0, $pos) . '.';
$qry2 = "\n\t\t\t\tSELECT * FROM vlans v \n\t\t\t\tINNER JOIN offices o ON v.office_id = o.office_id \n\t\t\t\tWHERE subnet like '" . $tmpIP . "%';\n\t\t\t";
$res2 = DB::select($qry2);
if (count($res2) == 0 && ip2long($user_ip_address)) {
$this->login_status = FALSE;
$this->response_text = 'You are not authorised to login remotely. If this is incorrect please contact HR.';
$this->response_status = 'failed';
Auth::logout();
return array("status" => $this->response_status, "message" => $this->response_text);
}
}
if (!$this->login_status) {
$this->response_status = 'failed';
$this->response_text = $this->messages['invalid'];
}
return array("status" => $this->response_status, "message" => $this->response_text);
/*else:
return array("status" => $this->response_status, "message" => $this->response_text);
endif;*/
}
/**
* Get the last logon time of any user as a Unix timestamp
*
* @param string $username
* @return long $unixTimestamp
*/
public function getLastLogon($username)
{
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($username === null) {
return "Missing compulsory field [username]";
}
$userInfo = $this->info($username, array("lastLogonTimestamp"));
$lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
return $lastLogon;
}
/**
* Returns a list of Databases within any given storage group in Exchange for a given mail server
*
* @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
* @param array $attributes An array of the AD attributes you wish to return
* @return array
*/
public function storageDatabases($storageGroup, $attributes = array('cn', 'distinguishedname', 'displayname'))
{
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($storageGroup === NULL) {
return "Missing compulsory field [storageGroup]";
}
$filter = '(&(objectCategory=msExchPrivateMDB))';
$sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries;
}
/**
* Coping with AD not returning the primary group
* http://support.microsoft.com/?kbid=321360
*
* For some reason it's not possible to search on primarygrouptoken=XXX
* If someone can show otherwise, I'd like to know about it :)
* this way is resource intensive and generally a pain in the @#%^
*
* @deprecated deprecated since version 3.1, see get get_primary_group
* @param string $gid Group ID
* @return string
*/
public function cn($gid)
{
if ($gid === NULL) {
return false;
}
$sr = false;
$r = '';
$filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
$fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
for ($i = 0; $i < $entries["count"]; $i++) {
if ($entries[$i]["primarygrouptoken"][0] == $gid) {
$r = $entries[$i]["distinguishedname"][0];
$i = $entries["count"];
}
}
return $r;
}
/**
* Get the groups a computer is in
*
* @param string $computerName The name of the computer
* @param bool $recursive Whether to check recursively
* @return array
*/
public function groups($computerName, $recursive = NULL)
{
if ($computerName === NULL) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) {
return false;
}
//search the directory for their information
$info = @$this->info($computerName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
//presuming the entry returned is our guy (unique usernames)
if ($recursive === true) {
foreach ($groups as $id => $groupName) {
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
public function testLdap()
{
$ad = new adLDAP();
//$ad->user()->modify("genesis.gallardo", array("email" => "*****@*****.**"));
$results = $ad->user()->info("angelique.torrano");
echo "<pre>";
print_r($results);
}
/**
* Mail enable a contact
* Allows email to be sent to them through Exchange
*
* @param string $distinguishedname The contact to mail enable
* @param string $emailaddress The email address to allow emails to be sent through
* @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
* @return bool
*/
public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
{
return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
}