private function changeOpenLDAPPwd($objLdapBinding, $strUserDN, $strNewPwd)
{
include_once "sambahash.php";
$entry["sambaNTPassword"] = nt_hash($strNewPwd);
$this->logwriter->debugwrite('NT Hash:' . $entry["sambaNTPassword"]);
$entry["sambaLMPassword"] = lm_hash($strNewPwd);
$this->logwriter->debugwrite('LM Hash:' . $entry["sambaLMPassword"]);
$date = time();
$this->logwriter->debugwrite('Last Set:' . $date);
$entry["sambaPwdLastSet"] = $date;
$entry["sambaPwdMustChange"] = $date + 90 * 24 * 60 * 60;
$this->logwriter->debugwrite('Must Change:' . $entry["sambaPwdMustChange"]);
mt_srand((double) microtime() * 1000000);
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($strNewPwd . $salt)) . $salt);
$entry["userPassword"] = $hash;
$entry["shadowLastChange"] = (int) ($date / 86400);
$this->logwriter->debugwrite('Shadow Last Change:' . $entry["shadowLastChange"]);
$res = ldap_mod_replace($objLdapBinding, $strUserDN, $entry) or $res = false;
if ($res) {
$this->success($strNewPwd);
return true;
} else {
//Failed to change user Password
$this->failure(8, array($strNewPwd, $newpass, ldap_error($objLdapBinding)));
return false;
}
}
function addAccount($_hookValues)
{
$mailLocalAddress = $_hookValues['account_lid'] . "@" . $this->profileData['defaultDomain'];
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$filter = "uid=" . $_hookValues['account_lid'];
$sri = @ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
if ($sri) {
$allValues = ldap_get_entries($ds, $sri);
$accountDN = $allValues[0]['dn'];
$objectClasses = $allValues[0]['objectclass'];
unset($objectClasses['count']);
} else {
return false;
}
if (!in_array('qmailUser', $objectClasses) && !in_array('qmailuser', $objectClasses)) {
$objectClasses[] = 'qmailuser';
}
// the new code for postfix+cyrus+ldap
$newData = array('mail' => $mailLocalAddress, 'accountStatus' => 'active', 'objectclass' => $objectClasses);
ldap_mod_replace($ds, $accountDN, $newData);
#print ldap_error($ds);
}
public static function updateProfile($numero_membre, $data)
{
$handle_ldap = self::initialize();
if (self::$isDisabled) {
self::$logger->info("Ldap is disabled, doing nothing.");
return false;
}
$membreExists = @ldap_search($handle_ldap, "cn={$numero_membre}, " . self::$conf['basedn'], "objectclass=*", array("cn", "description", "mail"));
if ($membreExists) {
$personnes = ldap_get_entries($handle_ldap, $membreExists);
$personne = $personnes[0];
$dn = $personne["dn"];
//self::$logger->debug(print_r($personne, true));
$newEmail = self::$conf['defaultEmail'];
if (isset($data['email']) && $data['email']) {
$newEmail = $data['email'];
}
$hasLdapEmail = @is_array($personne["mail"]);
$ldapData = ['mail' => [$newEmail]];
if ($hasLdapEmail) {
self::$logger->info("Replacing ldap email for #{$numero_membre}: {$newEmail}");
ldap_mod_replace($handle_ldap, $dn, $ldapData);
} else {
self::$logger->info("Adding ldap email for #{$numero_membre}: {$newEmail}");
ldap_mod_add($handle_ldap, $dn, $ldapData);
}
$err = ldap_error($handle_ldap);
if ($err != "Success") {
return $err;
}
} else {
return "Membre not found in ldap repo: #{$numero_membre}";
}
}
function change_pass($user, $new_pass)
{
global $config;
global $ldap_connection;
get_ldap_connection($config['user'], $config['pass']);
if ($ldap_connection) {
$filter = "(sAMAccountName={$user})";
$result = ldap_search($ldap_connection, $config['domain_dn'], $filter);
ldap_sort($ldap_connection, $result, "sn");
$info = ldap_get_entries($ldap_connection, $result);
$isLocked = $info[0]["lockoutTime"];
if ($isLocked > 0) {
return msg('account_locked');
}
$userDn = $info[0]["distinguishedname"][0];
$userdata["unicodePwd"] = iconv("UTF-8", "UTF-16LE", '"' . $new_pass . '"');
$result = ldap_mod_replace($ldap_connection, $userDn, $userdata);
if (!$result) {
return msg(ldap_error($ldap_connection));
}
} else {
return msg("wrong_admin");
}
close_ldap_connection();
return "";
}
/**
* changeAttribute
*
* change an attribute
*
*@param string $username
*@param array $array
*@return mixed
*/
public function changeAttribute($username, $array)
{
// array need to be keyed appropriately
$immid = $this->getPortalAttribute('uid', $username);
$immid = $immid[0];
return ldap_mod_replace($this->_portal_ds, "uid={$immid}, " . $this->_ldap['root'], $array);
}
function ldap_update($uid, $replace)
{
global $conn;
global $userDn;
try {
// Form the dn
$dn = "uid=" . $uid . "," . $userDn;
// Make the update
return ldap_mod_replace($conn, $dn, $replace);
} catch (Exception $e) {
return false;
}
}
function changePassword($connection, $dn, $user)
{
global $ldap_connection;
global $ldap_error;
$result = login("cn=root,dc=cupdata,dc=com", "test");
echo $result;
echo "<br>";
echo $ldap_error;
var_dump($user);
if (ldap_mod_replace($ldap_connection, $dn, $user)) {
echo "<br>success<br>";
return 0;
} else {
echo "<br>failed<br>";
return 1;
}
}
/**
*/
protected function _changePassword($user, $oldpass, $newpass)
{
global $conf;
// Connect to the LDAP server.
$ds = ldap_connect($conf['kolab']['ldap']['server'], $conf['kolab']['ldap']['port']);
if (!$ds) {
throw new Passwd_Exception(_("Could not connect to LDAP server"));
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// Bind anonymously, or use the phpdn user if available.
if (!empty($conf['kolab']['ldap']['phpdn'])) {
$phpdn = $conf['kolab']['ldap']['phpdn'];
$phppw = $conf['kolab']['ldap']['phppw'];
$result = @ldap_bind($ds, $phpdn, $phppw);
} else {
$result = @ldap_bind($ds);
}
if (!$result) {
throw new Passwd_Exception(_("Could not bind to LDAP server"));
}
// Make sure we're using the full user@domain format.
if (strstr($user, '@') === false) {
$user .= '@' . $conf['kolab']['imap']['maildomain'];
}
// Find the user's DN.
$result = ldap_search($ds, $conf['kolab']['ldap']['basedn'], 'mail=' . $user);
$entry = ldap_first_entry($ds, $result);
if ($entry === false) {
throw new Passwd_Exception(_("User not found."));
}
$userdn = ldap_get_dn($ds, $entry);
// Connect as the user.
$result = @ldap_bind($ds, $userdn, $old_password);
if (!$result) {
throw new Passwd_Exception(_("Incorrect old password."));
}
// And finally change the password.
$new_details['userPassword'] = '******' . base64_encode(pack('H*', sha1($newpass)));
if (!ldap_mod_replace($ds, $userdn, $new_details)) {
throw new Passwd_Exception(ldap_error($ds));
}
ldap_unbind($ds);
}
function change_pass($username)
{
global $LDAPHOST, $LDAPPORT, $ldap, $LDAPADMIN, $LDAPADMINPASS, $LDAPDATAFIELD, $LDAPLOCALDOMAIN, $LDAPDOMAIN;
if ($ldap) {
$bind = @ldap_bind($ldap, $LDAPADMIN . "@" . $LDAPLOCALDOMAIN, $LDAPADMINPASS);
if (!$bind) {
@ldap_close($ldap);
die('<p class="message">Your password is incorrect, please try again
<a href=javascript:history.back()>click here</a><br>');
}
$filter = "(sAMAccountName={$username})";
$results = ldap_search($ldap, $LDAPDOMAIN, $filter);
ldap_sort($ldap, $results, "sn");
$info = ldap_get_entries($ldap, $results);
if ($info['count'] < 1) {
@ldap_close($ldap);
die('<p class="message">Error occurred, please verify your user , <a href="javascript:history.back()">Go Back</a>');
}
$dn = $info[0]["dn"];
$stored_mail = $info[0][$LDAPDATAFIELD][0] or die('<p class="message">We could not get your info, please contact Support!');
$newPassw = genPassword("xxx0yY0yY");
$mailPass = $newPassw;
$newPassword = "******"{$newPassw}\"";
$len = strlen($newPassword);
$newPass = "";
for ($i = 0; $i < $len; $i++) {
$newPass .= "{$newPassword[$i]}";
}
$newPassword = $newPass;
$data_new["unicodePwd"][] = $newPassword;
if (ldap_mod_replace($ldap, $dn, $data_new)) {
return array(true, $stored_mail, $mailPass);
} else {
return array(false, 100, 100);
}
return array(true, $stored_mail, $mailPass);
} else {
return array(false, 0, 0);
}
// function
}
/**
* Set tags for a contact
*/
function ajax_settags($dn, $tags)
{
global $conf;
global $LDAP_CON;
global $FIELDS;
if (!$FIELDS['_marker']) {
return;
}
header('Content-Type: text/html; charset=utf-8');
$tags = explode(',', $tags);
$tags = array_map('trim', $tags);
$tags = array_unique($tags);
$tags = array_diff($tags, array(''));
//strip empty ones
$entry[$FIELDS['_marker']] = $tags;
ldap_mod_replace($LDAP_CON, $dn, $entry);
foreach ($tags as $tag) {
print '<a href="index.php?marker=';
print rawurlencode($tag);
print '" class="tag">';
print htmlspecialchars($tag);
print '</a> ';
}
}
/**
* Replace an entry and return a true or false result
*
* @param string $dn The DN which contains the attribute you want to replace
* @param string $attribute The attribute values you want to replace
*
* @return mixed result of comparison (true, false, -1 on error)
*
* @since 12.1
*/
public function replace($dn, $attribute)
{
return @ldap_mod_replace($this->_resource, $dn, $attribute);
}
public function updateAttribute($dn, $attrib, $value)
{
$arr = array();
$arr[$attrib] = $value;
$status = ldap_mod_replace($this->conn, $dn, $arr);
if (!$status) {
$status = ldap_error($this->conn);
}
return $status;
}
} else {
# Get objectClass values from user entry
$entry = ldap_first_entry($ldap, $search);
$ocValues = ldap_get_values($ldap, $entry, "objectClass");
# Remove 'count' key
unset($ocValues["count"]);
if (!in_array($answer_objectClass, $ocValues)) {
# Answer objectClass is not present, add it
array_push($ocValues, $answer_objectClass);
$ocValues = array_values($ocValues);
$userdata["objectClass"] = $ocValues;
}
# Question/Answer
$userdata[$answer_attribute] = '{' . $question . '}' . $answer;
# Commit modification on directory
$replace = ldap_mod_replace($ldap, $userdn, $userdata);
$errno = ldap_errno($ldap);
if ($errno) {
$result = "answermoderror";
error_log("LDAP - Modify answer (error {$errno} (" . ldap_error($ldap) . ")");
} else {
$result = "answerchanged";
}
}
}
#==============================================================================
# HTML
#==============================================================================
?>
<div class="result <?php
private function changeADPWD($objLdapBinding, $strUserDN, $strNewPwd)
{
$newpassword = "******"" . $strNewPwd . "\"";
$newpass = mb_convert_encoding($newpassword, "UTF-16LE");
$entry["unicodePwd"] = $newpass;
$res = ldap_mod_replace($objLdapBinding, $strUserDN, $entry) or $res = false;
if ($res) {
$this->success($strNewPwd);
} else {
//Failed to change user Password
$this->failure(8, array($strNewPwd, $newpass, ldap_error($objLdapBinding)));
}
}
/**
* Performs a request against the LDAP server
*
* The type of request (and the corresponding PHP ldap function called)
* depend on two additional parameters, added in respect to the
* DB_common interface.
*
* @param string $filter text of the request to send to the LDAP server
* @param string $action type of request to perform, defaults to search (ldap_search())
* @param array $params array of additional parameters to pass to the PHP ldap function requested
* @return result from ldap function or DB Error object if no result
*/
function simpleQuery($filter, $action = null, $params = null)
{
if ($action === null) {
$action = !empty($this->q_action) ? $this->q_action : $this->action;
}
if ($params === null) {
$params = count($this->q_params) > 0 ? $this->q_params : array();
}
if (!$this->isManip($action)) {
$base = $this->q_base ? $this->q_base : $this->base;
$attributes = array();
$attrsonly = 0;
$sizelimit = 0;
$timelimit = 0;
$deref = LDAP_DEREF_NEVER;
$sorting = '';
$sorting_method = '';
reset($params);
while (list($k, $v) = each($params)) {
if (isset(${$k})) {
${$k} = $v;
}
}
$this->sorting = $sorting;
$this->sorting_method = $sorting_method;
$this->attributes = $attributes;
# double escape char for filter: '(o=Przedsi\C4\99biorstwo)' => '(o=Przedsi\\C4\\99biorstwo)'
$filter = str_replace('\\', '\\\\', $filter);
$this->last_query = $filter;
if ($action == 'search') {
$result = @ldap_search($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
} else {
if ($action == 'list') {
$result = @ldap_list($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
} else {
if ($action == 'read') {
$result = @ldap_read($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
} else {
return $this->ldapRaiseError(DB_ERROR_UNKNOWN_LDAP_ACTION);
}
}
}
if (!$result) {
return $this->ldapRaiseError();
}
} else {
# If first argument is an array, it contains the entry with DN.
if (is_array($filter)) {
$entry = $filter;
$filter = $entry["dn"];
} else {
$entry = array();
}
unset($entry["dn"]);
$attribute = '';
$value = '';
$newrdn = '';
$newparent = '';
$deleteoldrdn = false;
reset($params);
while (list($k, $v) = each($params)) {
if (isset(${$k})) {
${$k} = $v;
}
}
$this->last_query = $filter;
if ($action == 'add') {
$result = @ldap_add($this->connection, $filter, $entry);
} else {
if ($action == 'compare') {
$result = @ldap_add($this->connection, $filter, $attribute, $value);
} else {
if ($action == 'delete') {
$result = @ldap_delete($this->connection, $filter);
} else {
if ($action == 'modify') {
$result = @ldap_modify($this->connection, $filter, $entry);
} else {
if ($action == 'mod_add') {
$result = @ldap_mod_add($this->connection, $filter, $entry);
} else {
if ($action == 'mod_del') {
$result = @ldap_mod_del($this->connection, $filter, $entry);
} else {
if ($action == 'mod_replace') {
$result = @ldap_mod_replace($this->connection, $filter, $entry);
} else {
if ($action == 'rename') {
$result = @ldap_rename($this->connection, $filter, $newrdn, $newparent, $deleteoldrdn);
} else {
return $this->ldapRaiseError(DB_ERROR_UNKNOWN_LDAP_ACTION);
}
}
}
}
}
}
}
}
if (!$result) {
return $this->ldapRaiseError();
}
}
$this->freeQuery();
return $result;
}
/**
* Update a specific contact record
*
* @param mixed Record identifier
* @param array Hash array with save data
* @return boolean True on success, False on error
*/
function update($id, $save_cols)
{
$record = $this->get_record($id, true);
$result = $this->get_result();
$record = $result->first();
$newdata = array();
$replacedata = array();
$deletedata = array();
foreach ($save_cols as $col => $val) {
$fld = $this->_map_field($col);
if ($fld) {
// The field does exist compare it to the ldap record.
if ($record[$col] != $val) {
// Changed, but find out how.
if (!isset($record[$col])) {
// Field was not set prior, need to add it.
$newdata[$fld] = $val;
} elseif ($val == '') {
// Field supplied is empty, verify that it is not required.
if (!in_array($fld, $this->prop['required_fields'])) {
// It is not, safe to clear.
$deletedata[$fld] = $record[$col];
}
// end if
} else {
// The data was modified, save it out.
$replacedata[$fld] = $val;
}
// end else
}
// end if
}
// end if
}
// end foreach
$dn = base64_decode($id);
// Update the entry as required.
if (!empty($deletedata)) {
// Delete the fields.
$this->_debug("C: Delete [dn: {$dn}]: " . print_r($deletedata, true));
if (!ldap_mod_del($this->conn, $dn, $deletedata)) {
$this->_debug("S: " . ldap_error($this->conn));
return false;
}
$this->_debug("S: OK");
}
// end if
if (!empty($replacedata)) {
// Handle RDN change
if ($replacedata[$this->prop['LDAP_rdn']]) {
$newdn = $this->prop['LDAP_rdn'] . '=' . rcube_ldap::quote_string($replacedata[$this->prop['LDAP_rdn']], true) . ',' . $this->prop['base_dn'];
if ($dn != $newdn) {
$newrdn = $this->prop['LDAP_rdn'] . '=' . rcube_ldap::quote_string($replacedata[$this->prop['LDAP_rdn']], true);
unset($replacedata[$this->prop['LDAP_rdn']]);
}
}
// Replace the fields.
if (!empty($replacedata)) {
$this->_debug("C: Replace [dn: {$dn}]: " . print_r($replacedata, true));
if (!ldap_mod_replace($this->conn, $dn, $replacedata)) {
$this->_debug("S: " . ldap_error($this->conn));
return false;
}
$this->_debug("S: OK");
}
// end if
}
// end if
if (!empty($newdata)) {
// Add the fields.
$this->_debug("C: Add [dn: {$dn}]: " . print_r($newdata, true));
if (!ldap_mod_add($this->conn, $dn, $newdata)) {
$this->_debug("S: " . ldap_error($this->conn));
return false;
}
$this->_debug("S: OK");
}
// end if
// Handle RDN change
if (!empty($newrdn)) {
$this->_debug("C: Rename [dn: {$dn}] [dn: {$newrdn}]");
if (@ldap_rename($this->conn, $dn, $newrdn, NULL, TRUE)) {
$this->_debug("S: " . ldap_error($this->conn));
return base64_encode($newdn);
}
$this->_debug("S: OK");
}
return true;
}
/**
* Definition of the function modifyUser in order to modify the password
*
* @param string $user nick of the user to be changed
* @param array $changes array of field/value pairs to be changed (password will be clear text)
* @return bool true on success, false on error
*/
function modifyUser($user, $changes)
{
// open the connection to the ldap
if (!$this->_openLDAP()) {
$this->_debug('LDAP cannot connect: ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
// find the information about the user, in particular the "dn"
$info = $this->getUserData($user, true);
if (empty($info['dn'])) {
$this->_debug('LDAP cannot find your user dn', 0, __LINE__, __FILE__);
return false;
}
$dn = $info['dn'];
// find the old password of the user
list($loginuser, $loginsticky, $loginpass) = auth_getCookie();
if ($loginuser !== null) {
// the user is currently logged in
$secret = auth_cookiesalt(!$loginsticky, true);
$pass = auth_decrypt($loginpass, $secret);
// bind with the ldap
if (!@ldap_bind($this->con, $dn, $pass)) {
$this->_debug('LDAP user bind failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
} elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
// we are changing the password on behalf of the user (eg: forgotten password)
// bind with the superuser ldap
if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
$this->_debug('LDAP bind as superuser: '******'pass']);
// change the password
if (!@ldap_mod_replace($this->con, $dn, array('userpassword' => $hash))) {
$this->_debug('LDAP mod replace failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
return true;
}
}
if ($oldfile[$i] != "" && $file[$i] == "") {
echo "PXE Dateinamen loeschen!<br> \n\t\t\t\tAchtung: aus ihren PXE Daten wird keine PXE Datei mehr generiert.<br>\n\t\t\t\tSie sind solange nicht mehr für den PXE Bootvorgang verwendbar bis Sie einen neuen Dateinamen anlegen!<br><br>";
$filemod['filename'][$i] = $oldfile[$i];
$filedel['filename'][$j] = $oldfile[$i];
$j++;
$delfi = 1;
$seconds = 4;
}
}
#erst ändern
if ($modfi == 1) {
echo "Ändern: ";
print_r($filemod);
echo "<br>";
if (ldap_mod_replace($ds, $pxeDN, $filemod)) {
$mesg = "PXE Dateiname(n) erfolgreich geändert<br><br>";
} else {
$mesg = "Fehler beim ändern des(r) PXE Dateinamens!<br><br>";
}
$modfi = 0;
}
# dann löschen
if ($delfi == 1) {
echo "Löschen: ";
print_r($filedel);
echo "<br>";
if (ldap_mod_del($ds, $pxeDN, $filedel)) {
$mesg = "PXE Dateiname(n) erfolgreich gelöscht<br><br>";
} else {
$mesg = "Fehler beim löschen des PXE Dateinamens !<br><br>";
/**
* Update a LDAP attribute in entry
* Ldap object connect and bind must have been done
*
* @param string $dn DN entry key
* @param array $info Attributes array
* @param User $user Objet user that create
* @return int <0 if KO, >0 if OK
*/
function updateAttribute($dn, $info, $user)
{
global $conf;
dol_syslog(get_class($this) . "::updateAttribute dn=" . $dn . " info=" . join(',', $info));
// Check parameters
if (!$this->connection) {
$this->error = "NotConnected";
return -2;
}
if (!$this->bind) {
$this->error = "NotConnected";
return -3;
}
// Encode to LDAP page code
$dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
foreach ($info as $key => $val) {
if (!is_array($val)) {
$info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
}
}
$this->dump($dn, $info);
//print_r($info);
$result = @ldap_mod_replace($this->connection, $dn, $info);
if ($result) {
dol_syslog(get_class($this) . "::updateAttribute successfull", LOG_DEBUG);
return 1;
} else {
$this->error = @ldap_error($this->connection);
dol_syslog(get_class($this) . "::updateAttribute failed: " . $this->error, LOG_ERR);
return -1;
}
}
$meDN = $_GET['dn'];
$oldpos = $_GET['pos'];
$pxeDN = $_GET['pxedn'];
$mnr = $_GET['mnr'];
$sbmnr = $_GET['sbmnr'];
$me = get_menuentries($pxeDN, array("cn"));
$maxpos = count($me);
$oldpos = preg_replace('/0([0-9])/', '$1', $oldpos);
if ($oldpos < $maxpos) {
$newpos = $oldpos + 1;
if (strlen($newpos) == 1) {
$newpos = "0" . $newpos;
}
if (strlen($oldpos) == 1) {
$oldpos = "0" . $oldpos;
}
if ($secmeDN = get_dn_menuposition($pxeDN, $newpos)) {
#echo "other meDN:"; print_r($secmeDN); echo "<br>";
$entrysec['menuposition'] = $oldpos;
if ($result = ldap_mod_replace($ds, $secmeDN, $entrysec)) {
$entrymenu['menuposition'] = $newpos;
$result = ldap_mod_replace($ds, $meDN, $entrymenu);
}
}
}
$seconds = 0;
$url = "pxe.php?dn=" . $pxeDN . "&mnr=" . $mnr . "&sbmnr=" . $sbmnr . "&#menu";
$mesg = "";
#$mesg .= "<br>Sie werden automatisch auf die vorherige Seite zurückgeleitet. <br>
# Falls nicht, klicken Sie hier <a href=".$url." style='publink'>back</a>";
redirect($seconds, $url, $mesg, $addSessionId = TRUE);
/**
* Replaces attribute values with new ones.
*
* @param $dn
* @param array $entry
*
* @return bool
*/
public function modReplace($dn, array $entry)
{
if ($this->suppressErrors) {
return @ldap_mod_replace($this->getConnection(), $dn, $entry);
}
return ldap_mod_replace($this->getConnection(), $dn, $entry);
}
public function changePassword($newPass, $encryptionMethod = "SHA")
{
if ($this->isLoggedIn()) {
$user = "******" . SSO_BASE_DN;
$entry = array();
switch (strtoupper($encryptionMethod)) {
case "SHA":
$entry['userPassword'] = "******" . base64_encode(pack("H*", sha1($newPass)));
break;
case "MD5":
$entry['userPassword'] = "******" . base64_encode(pack("H*", md5($newPass)));
break;
default:
throw new Exception("Unsupported encryption method requested");
}
if (ldap_mod_replace($this->conn, $user, $entry)) {
return true;
} else {
return false;
}
} else {
return false;
}
}
/**
* Set the password of a user - This must be performed over SSL
*
* @param string $username The username to modify
* @param string $password The new password
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function password($username, $password, $isGUID = false)
{
if ($username === NULL) {
return false;
}
if ($password === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
}
$userDn = $this->dn($username, $isGUID);
if ($userDn === false) {
return false;
}
$add = array();
$add["unicodePwd"][0] = $this->encodePassword($password);
$result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
if ($result === false) {
$err = ldap_errno($this->adldap->getLdapConnection());
if ($err) {
$msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
if ($err == 53) {
$msg .= ' Your password might not match the password policy.';
}
throw new adLDAPException($msg);
} else {
return false;
}
}
return true;
}
ldap_delete($ds, $dn);
/* #### MOD ADD ### */
$dn = "cn=groupname,cn=groups,dc=example,dc=com";
echo "\nModAdd " . $dn;
$entry['memberuid'] = "username";
ldap_mod_add($ds, $dn, $entry);
/* #### MOD DELETE ### */
$dn = "cn=groupname,cn=groups,dc=example,dc=com";
echo "\nModDel " . $dn;
$entry['memberuid'] = "username";
ldap_mod_del($ds, $dn, $entry);
/* #### MOD REPLACE ### */
$dn = "cn=groupname,cn=groups,dc=example,dc=com";
echo "\nModReplace " . $dn;
$entry['memberuid'] = "username";
ldap_mod_replace($ds, $dn, $entry);
/* ### SEARCH ### */
$dn = "o=My Company, c=USs";
echo "\nSearch " . $dn;
$filter = "(|(sn=jeantet)(givenname=jeantet*))";
$justthese = array("ou", "sn", "givenname", "mail");
$cookie = 'cookie';
ldap_control_paged_result($ds, 23, true, $cookie);
$sr = ldap_search($ds, $dn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo "\n\t" . $info["count"] . " entries returned";
// ldap_control_paged_result_response($ds, $sr, $cookie);
/* ### COMPARE ### */
$dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
echo "\nCompare " . $dn;
// Préparation des données
/**
* Change the default address
*
* @param string $username The username of the user to add the Exchange account to
* @param string $emailAddress The email address to make default
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function primaryAddress($username, $emailAddress, $isGUID = false)
{
if ($username === NULL) {
return "Missing compulsory field [username]";
}
if ($emailAddress === NULL) {
return "Missing compulsory fields [emailAddress]";
}
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn", "proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL) {
return false;
}
$userDn = $user[0]["dn"];
if (is_array($user[0]["proxyaddresses"])) {
$modAddresses = array();
for ($i = 0; $i < sizeof($user[0]['proxyaddresses']); $i++) {
if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
$user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
}
if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
$user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
}
if ($user[0]['proxyaddresses'][$i] != '') {
$modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
}
}
$result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
if ($result == false) {
return false;
}
return true;
}
}
/**
* @param Object $object
* @param string $action
* @param array $entry
*
* @return bool
*/
public function modify(Object $object, $action, $entry)
{
switch ($action) {
case 'add':
@ldap_mod_add($this->server->getResource(), $object->getDistinguishedName(), $entry);
break;
case 'del':
@ldap_mod_del($this->server->getResource(), $object->getDistinguishedName(), $entry);
break;
case 'replace':
@ldap_mod_replace($this->server->getResource(), $object->getDistinguishedName(), $entry);
break;
}
return true;
}
public function write($attrs, $dn = NULL)
{
$dn = $dn ? $dn : $this->dn;
# default to self
$allowed = array_fill_keys(array('displayname', 'title', 'mobile', 'telephonenumber', 'userpassword'), NULL);
# strip other attribs than allowed
$attrs = array_intersect_key($attrs, $allowed);
# if userpassword not given, don't update it
if (isset($attrs['userpassword']) && $attrs['userpassword'] == '') {
unset($attrs['userpassword']);
}
# setting attribs to empty array deletes them from LDAP object
array_walk($attrs, function (&$val, $key) {
if ($val == '') {
$val = array();
}
});
$result = ldap_mod_replace($this->conn, $dn, $attrs);
if ($result === false) {
throw new LDAPSrvErr($this->conn);
}
}
if ($rbs != "none" && $rbs != $oldrbs) {
if ($rbs != "") {
$exp = ldap_explode_dn($rbs, 1);
$rbscn = $exp[0];
$rbsau = $exp[2];
$dhcpdata = get_node_data($rbs, array("tftpserverip", "initbootfile"));
$entryrbs['hlprbservice'] = $rbs;
$entryrbs['dhcpoptnext-server'] = $dhcpdata['tftpserverip'];
$entryrbs['dhcpoptfilename'] = $dhcpdata['initbootfile'];
if ($oldrbs != "") {
echo "RBS replace ";
print_r($oldrbs);
echo " with ";
print_r($entryrbs);
echo "<br>";
if ($result = ldap_mod_replace($ds, $hostDN, $entryrbs)) {
update_dhcpmtime(array());
rbs_adjust_host($hostDN, $rbs);
$mesg = "Remote Boot Service erfolgreich zu <b>" . $rbscn . " [Abt.: " . $rbsau . "]</b> geändert<br><br>";
} else {
$mesg = "Fehler beim ändern des Remote Boot Services zu <b>" . $rbscn . "</b>!<br><br>";
}
} else {
echo "RBS add ";
print_r($entryrbs);
echo "<br>";
if ($result = ldap_mod_add($ds, $hostDN, $entryrbs)) {
update_dhcpmtime(array());
rbs_adjust_host($hostDN, $rbs);
$mesg = "Remote Boot Service erfolgreich zu <b>" . $rbscn . " [Abt.: " . $rbsau . "]</b> geändert<br><br>";
} else {
/**
* Sets a script running on the backend.
*
* @param array $script The filter script information. Passed elements:
* - 'name': (string) the script name.
* - 'recipes': (array) the filter recipe objects.
* - 'script': (string) the filter script.
*
* @throws Ingo_Exception
*/
public function setScriptActive($script)
{
$ldapcn = $this->_connect();
$values = $this->_getScripts($ldapcn, $userDN);
$found = false;
foreach ($values as $i => $value) {
if (strpos($value, "# Sieve Filter\n") !== false) {
if (empty($script['script'])) {
unset($values[$i]);
} else {
$values[$i] = $script['script'];
}
$found = true;
break;
}
}
if (!$found && !empty($script['script'])) {
$values[] = $script['script'];
}
$replace = array(Horde_String::lower($this->_params['script_attribute']) => $values);
$r = empty($values) ? @ldap_mod_del($ldapcn, $userDN, $replace) : @ldap_mod_replace($ldapcn, $userDN, $replace);
if (!$r) {
throw new Ingo_Exception(sprintf(_("Activating the script for \"%s\" failed: (%d) %s"), $userDN, ldap_errno($ldapcn), ldap_error($ldapcn)));
}
@ldap_close($ldapcn);
}
/**
* Modifies attributes on that entry.
*
* @param array $attribs The attributes to modify.
* @return boolean Returns true on success and false on failure.
*/
public function modify($attribs)
{
return ldap_mod_replace($this->conn, $this->dn, $attribs);
}
