Example #1
0
function ldap_auth_user_list()
{
    global $config, $ds;
    ldap_init();
    ldap_bind_dn();
    $filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')';
    print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]");
    $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
    print_debug(ldap_error($ds));
    $entries = ldap_get_entries($ds, $search);
    if ($entries['count']) {
        for ($i = 0; $i < $entries['count']; $i++) {
            $username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0];
            $realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0];
            $user_id = ldap_internal_auth_user_id($entries[$i]);
            $userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username;
            print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]");
            foreach ($config['auth_ldap_group'] as $ldap_group) {
                $authorized = 0;
                $compare = ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'], $userdn);
                if ($compare === -1) {
                    print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
                    continue;
                } elseif ($compare === FALSE) {
                    print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]");
                } else {
                    // $$compare === TRUE
                    print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]");
                    $authorized = 1;
                    break;
                }
                // FIXME does not support nested groups
            }
            if (!isset($config['auth_ldap_group']) || $authorized) {
                $userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id);
            }
        }
    }
    return $userlist;
}
Example #2
0
/**
 * Retrieve list of users with all details.
 *
 * @return array Rows of user data
 */
function ldap_auth_user_list($username = NULL)
{
    global $config, $ds;
    ldap_init();
    ldap_bind_dn();
    //$filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')';
    $filter_params = array();
    $filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_objectclass']);
    if (!empty($username)) {
        // Filter users by username
        $filter_params[] = ldap_filter_create($config['auth_ldap_attr']['uid'], $username);
    }
    if (count($config['auth_ldap_group']) == 1) {
        //$filter = '(&'.$filter.'(memberof='.$config['auth_ldap_group'][0].'))';
        $filter_params[] = ldap_filter_create('memberOf', $config['auth_ldap_group'][0]);
    } else {
        if (count($config['auth_ldap_group']) > 1) {
            $group_params = array();
            foreach ($config['auth_ldap_group'] as $group) {
                //$group_filter .= '(memberof='.$group.')';
                $group_params[] = ldap_filter_create('memberOf', $group);
            }
            $filter_params[] = ldap_filter_combine($group_params, '|');
            //$filter = '(&'.$filter.'(|'.$group_filter.'))';
        }
    }
    $filter = ldap_filter_combine($filter_params);
    print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]");
    $search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
    print_debug(ldap_error($ds));
    $entries = ldap_get_entries($ds, $search);
    //print_vars($entries);
    if ($entries['count']) {
        for ($i = 0; $i < $entries['count']; $i++) {
            $username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0];
            $realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0];
            $user_id = ldap_internal_auth_user_id($entries[$i]);
            $email = $entries[$i]['mail'][0];
            $userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username;
            print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]");
            foreach ($config['auth_ldap_group'] as $ldap_group) {
                $authorized = 0;
                $compare = ldap_search_user($ldap_group, $userdn);
                if ($compare === -1) {
                    print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
                    continue;
                } elseif ($compare === FALSE) {
                    print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]");
                } else {
                    // $$compare === TRUE
                    print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]");
                    $authorized = 1;
                    break;
                }
            }
            if (!isset($config['auth_ldap_group']) || $authorized) {
                $user_level = ldap_auth_user_level($username);
                $userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id, 'level' => $user_level, 'email' => $email);
            }
        }
    }
    return $userlist;
}