function check_ad()
{
if(!CModule::IncludeModule('ldap'))
return $this->Result(null, GetMessage("MAIN_SC_NO_LDAP_MODULE"));
$rs = CLdapServer::GetList();
if (!$rs->Fetch())
return $this->Result(null, GetMessage("MAIN_SC_NO_LDAP_INTEGRATION"));
return true;
}
public static function Sync($ldap_server_id)
{
global $DB, $USER, $APPLICATION;
if (!is_object($USER)) {
$USER = new CUser();
$bUSERGen = true;
}
$dbLdapServers = CLdapServer::GetById($ldap_server_id);
if (!($oLdapServer = $dbLdapServers->GetNextServer())) {
return false;
}
if (!$oLdapServer->Connect()) {
return false;
}
if (!$oLdapServer->BindAdmin()) {
$oLdapServer->Disconnect();
return false;
}
$APPLICATION->ResetException();
$db_events = GetModuleEvents("ldap", "OnLdapBeforeSync");
while ($arEvent = $db_events->Fetch()) {
$arParams['oLdapServer'] = $oLdapServer;
if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) {
if (!($err = $APPLICATION->GetException())) {
$APPLICATION->ThrowException("Unknown error");
}
return false;
}
}
// select all users from LDAP
$arLdapUsers = array();
$ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]);
$APPLICATION->ResetException();
$dbLdapUsers = $oLdapServer->GetUserList();
$ldpEx = $APPLICATION->GetException();
while ($arLdapUser = $dbLdapUsers->Fetch()) {
$arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser;
}
unset($dbLdapUsers);
// select all Bitrix CMS users for this LDAP
$arUsers = array();
CTimeZone::Disable();
$dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id));
CTimeZone::Enable();
while ($arUser = $dbUsers->Fetch()) {
$arUsers[strtolower($arUser["LOGIN"])] = $arUser;
}
unset($dbUsers);
if (!$ldpEx || $ldpEx->msg != 'LDAP_SEARCH_ERROR') {
$arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers));
}
if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) {
$syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]);
} else {
$syncTime = 0;
}
$arCache = array();
// selecting a list of groups, from which users will not be imported
$noImportGroups = array();
$dbGroups = CLdapServer::GetGroupBan($ldap_server_id);
while ($arGroup = $dbGroups->Fetch()) {
$noImportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID'];
}
$cnt = 0;
// have to update $oLdapServer->arFields["FIELD_MAP"] for user fields
// for each one of them looking for similar in user list
foreach ($arLdapUsers as $userLogin => $arLdapUserFields) {
if (!is_array($arUsers[$userLogin])) {
if ($oLdapServer->arFields["SYNC_USER_ADD"] != "Y") {
continue;
}
// if user is not found among already existing ones, then import him
// в $arLdapUserFields - user fields from ldap
$userActive = $oLdapServer->getLdapValueByBitrixFieldName("ACTIVE", $arLdapUserFields);
if ($userActive != "Y") {
continue;
}
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $departmentCache);
// $arUserFields here contains LDAP user fields for a LDAP user
// make a check, whether this user belongs to those groups only, from which import will not be made...
$allUserGroups = $arUserFields['LDAP_GROUPS'];
$userImportIsBanned = true;
foreach ($allUserGroups as $groupId) {
$groupId = trim($groupId);
if (!empty($groupId) && !array_key_exists(md5($groupId), $noImportGroups)) {
$userImportIsBanned = false;
break;
}
}
// ...if he does not, then import him
if (!$userImportIsBanned || empty($allUserGroups)) {
$oLdapServer->SetUser($arUserFields);
}
} else {
// if date of update is set, then compare it
$ldapTime = time();
if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) {
$ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]);
$userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]);
}
if ($syncTime < $ldapTime || $syncTime < $userTime) {
// make an update
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache);
$arUserFields["ID"] = $arUsers[$userLogin]["ID"];
//echo $arUserFields["LOGIN"]." - updated<br>";
$oLdapServer->SetUser($arUserFields);
$cnt++;
}
}
}
foreach ($arDelLdapUsers as $userLogin) {
$USER = new CUser();
if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') {
$ID = intval($arUsers[$userLogin]["ID"]);
$USER->Update($ID, array('ACTIVE' => 'N'));
}
}
$oLdapServer->Disconnect();
CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction()));
if ($bUSERGen) {
unset($USER);
}
return $cnt;
}
function NTLMAuth()
{
global $USER;
if ($USER->IsAuthorized()) {
return;
}
if (!array_key_exists("AUTH_TYPE", $_SERVER) || $_SERVER["AUTH_TYPE"] != "NTLM") {
return;
}
$ntlm_varname = trim(COption::GetOptionString('ldap', 'ntlm_varname', 'REMOTE_USER'));
if (array_key_exists($ntlm_varname, $_SERVER) && strlen($LOGIN = $_SERVER[$ntlm_varname]) > 0) {
$DOMAIN = "";
if (($pos = strpos($LOGIN, "\\")) !== false) {
$DOMAIN = substr($LOGIN, 0, $pos);
$LOGIN = substr($LOGIN, $pos + 1);
}
$arFilterServer = array('ACTIVE' => 'Y');
if (strlen($DOMAIN) > 0) {
$arFilterServer['CODE'] = $DOMAIN;
} else {
$DEF_DOMAIN_ID = intval(COption::GetOptionInt('ldap', 'ntlm_default_server', 0));
if ($DEF_DOMAIN_ID > 0) {
$arFilterServer['ID'] = $DEF_DOMAIN_ID;
} else {
return;
}
}
$db_ldap_serv = CLdapServer::GetList(array(), $arFilterServer);
/*@var $xLDAP CLDAP*/
while ($xLDAP = $db_ldap_serv->GetNextServer()) {
if ($xLDAP->Connect()) {
if ($arLdapUser = $xLDAP->FindUser($LOGIN)) {
$ID = $xLDAP->SetUser($arLdapUser);
if ($ID > 0) {
$USER->Authorize($ID);
$xLDAP->Disconnect();
return;
}
}
$xLDAP->Disconnect();
}
}
}
}
$ld = CLdapServer::GetByID($ID);
ClearVars("str_");
if (!($arFields = $ld->ExtractFields("str_"))) {
$ID = 0;
} else {
if ($MOD_RIGHT < "W") {
$str_ADMIN_PASSWORD = "";
}
$ldp = CLDAP::Connect(array("SERVER" => $arFields['SERVER'], "PORT" => $arFields['PORT'], "ADMIN_LOGIN" => $arFields['ADMIN_LOGIN'], "ADMIN_PASSWORD" => $arFields['ADMIN_PASSWORD'], "BASE_DN" => $arFields['BASE_DN'], "GROUP_FILTER" => $arFields['GROUP_FILTER'], "GROUP_ID_ATTR" => $arFields['GROUP_ID_ATTR'], "GROUP_NAME_ATTR" => $arFields['GROUP_NAME_ATTR'], "GROUP_MEMBERS_ATTR" => $arFields['GROUP_MEMBERS_ATTR'], "CONVERT_UTF8" => $arFields['CONVERT_UTF8'], "USER_FILTER" => $arFields['USER_FILTER'], "USER_GROUP_ATTR" => $arFields['USER_GROUP_ATTR'], "USER_GROUP_ACCESSORY" => $arFields['USER_GROUP_ACCESSORY'], "USER_DEPARTMENT_ATTR" => $arFields['USER_DEPARTMENT_ATTR'], "USER_MANAGER_ATTR" => $arFields['USER_MANAGER_ATTR'], "MAX_PAGE_SIZE" => $arFields['MAX_PAGE_SIZE']));
$db_groups = CLdapServer::GetGroupMap($ID);
while ($arGroup = $db_groups->Fetch()) {
$arGroups[$arGroup['GROUP_ID'] . ' ' . md5($arGroup['LDAP_GROUP_ID'])] = $arGroup;
}
if (!isset($noimportGroups)) {
$noimportGroups = array();
$db_groups = CLdapServer::GetGroupBan($ID);
while ($arGroup = $db_groups->Fetch()) {
$noimportGroups[md5($arGroup['LDAP_GROUP_ID'])] = $arGroup['LDAP_GROUP_ID'];
}
}
//$ADMIN_PASSWORD = $arFields['ADMIN_PASSWORD'];
if (!$bPostback) {
$arUserFieldMap = $arFields["FIELD_MAP"];
}
}
}
//if(strlen($Add)<=0)
$DB->InitTableVarsForEdit("b_ldap_server", "", "str_");
if (is_array($_REQUEST['LDAP_GROUP'])) {
foreach ($_REQUEST['LDAP_GROUP'] as $t_id => $arGroup) {
if (strlen($arGroup['LDAP_GROUP_ID']) > 0 || $arGroup['GROUP_ID'] > 0) {
}
}
foreach ($arID as $ID) {
if (strlen($ID) <= 0) {
continue;
}
$ID = IntVal($ID);
switch ($_REQUEST['action']) {
case "delete":
if (!CLdapServer::Delete($ID)) {
$lAdmin->AddGroupError(GetMessage("LDAP_ADMIN_DEL_ERR"), $ID);
}
break;
case "activate":
case "deactivate":
$ld = new CLdapServer();
$arFields = array("ACTIVE" => $_REQUEST['action'] == "activate" ? "Y" : "N");
if (!$ld->Update($ID, $arFields)) {
if ($e = $APPLICATION->GetException()) {
$lAdmin->AddUpdateError(GetMessage("SAVE_ERROR") . $ID . ". " . $e->GetString(), $ID);
}
}
break;
}
}
}
// initialise list - query data
$rsData = CLdapServer::GetList(array($by => $order), $arFilter);
$rsData = new CAdminResult($rsData, $sTableID);
$rsData->NavStart();
// set up navigation string
echo GetMessage("USER_IMPORT_LDAP_SERVER");
?>
:</td>
<td width="50%">
<select name="ldapServer" onChange="OnLdapSelect(this.selectedIndex - 1);">
<option value="0"><?php
echo GetMessage("USER_IMPORT_SELECT_FROM_LIST");
?>
</option>
<?
$arAllFields = CLDAPUtil::GetSynFields(); // all user fields that are currently set up in the system
$arFieldMaps = array();
$indSelected = -1;
$i=-1;
$dbLdap = CLdapServer::GetList(array("NAME" => "ASC"), array("ACTIVE" => "Y"));
while ($arLdap = $dbLdap->GetNext()):
$i++;
$map = $arLdap["FIELD_MAP"];
foreach ($map as $user_f=>$ldap_f)
{
if (!array_key_exists($user_f,$arAllFields))
{
unset($map[$user_f]);
}
}
$arFieldMaps[] = $map;
?>
<option value="<?php
echo $arLdap["ID"];
?>
function Sync($ldap_server_id)
{
global $DB, $USER, $APPLICATION;
if (!is_object($USER)) {
$USER = new CUser();
$bUSERGen = true;
}
$dbLdapServers = CLdapServer::GetById($ldap_server_id);
if (!($oLdapServer = $dbLdapServers->GetNextServer())) {
return false;
}
if (!$oLdapServer->Connect()) {
return false;
}
if (!$oLdapServer->BindAdmin()) {
$oLdapServer->Disconnect();
return false;
}
$APPLICATION->ResetException();
$db_events = GetModuleEvents("ldap", "OnLdapBeforeSync");
while ($arEvent = $db_events->Fetch()) {
$arParams['oLdapServer'] = $oLdapServer;
if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) {
if (!($err = $APPLICATION->GetException())) {
$APPLICATION->ThrowException("Unknown error");
}
return false;
}
}
// select all users from LDAP
$arLdapUsers = array();
$ldapLoginAttr = strtolower($oLdapServer->arFields["~USER_ID_ATTR"]);
$dbLdapUsers = $oLdapServer->GetUserList();
while ($arLdapUser = $dbLdapUsers->Fetch()) {
$arLdapUsers[strtolower($arLdapUser[$ldapLoginAttr])] = $arLdapUser;
}
unset($dbLdapUsers);
// select all Bitrix CMS users for this LDAP
$arUsers = array();
CTimeZone::Disable();
$dbUsers = CUser::GetList($o, $b, array("EXTERNAL_AUTH_ID" => "LDAP#" . $ldap_server_id));
CTimeZone::Enable();
while ($arUser = $dbUsers->Fetch()) {
$arUsers[strtolower($arUser["LOGIN"])] = $arUser;
}
unset($dbUsers);
$arDelLdapUsers = array_diff(array_keys($arUsers), array_keys($arLdapUsers));
if (strlen($oLdapServer->arFields["SYNC_LAST"]) > 0) {
$syncTime = MakeTimeStamp($oLdapServer->arFields["SYNC_LAST"]);
} else {
$syncTime = 0;
}
$arCache = array();
$cnt = 0;
// have to update $oLdapServer->arFields["FIELD_MAP"] for user fields
// for each one of them looking for similar in user list
foreach ($arLdapUsers as $userLogin => $arLdapUserFields) {
if (!is_array($arUsers[$userLogin])) {
continue;
}
// if date of update is set, then compare it
$ldapTime = time();
if ($syncTime > 0 && strlen($oLdapServer->arFields["SYNC_ATTR"]) > 0 && preg_match("'([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})\\.0Z'", $arLdapUserFields[strtolower($oLdapServer->arFields["SYNC_ATTR"])], $arTimeMatch)) {
$ldapTime = gmmktime($arTimeMatch[4], $arTimeMatch[5], $arTimeMatch[6], $arTimeMatch[2], $arTimeMatch[3], $arTimeMatch[1]);
$userTime = MakeTimeStamp($arUsers[$userLogin]["TIMESTAMP_X"]);
}
if ($syncTime < $ldapTime || $syncTime < $userTime) {
// make an update
$arUserFields = $oLdapServer->GetUserFields($arLdapUserFields, $arCache);
$arUserFields["ID"] = $arUsers[$userLogin]["ID"];
//echo $arUserFields["LOGIN"]." - updated<br>";
$oLdapServer->SetUser($arUserFields);
$cnt++;
}
}
foreach ($arDelLdapUsers as $userLogin) {
$USER = new CUser();
if (isset($arUsers[$userLogin]) && $arUsers[$userLogin]['ACTIVE'] == 'Y') {
$ID = intval($arUsers[$userLogin]["ID"]);
$USER->Update($ID, array('ACTIVE' => 'N'));
}
}
$oLdapServer->Disconnect();
CLdapServer::Update($ldap_server_id, array("~SYNC_LAST" => $DB->CurrentTimeFunction()));
if ($bUSERGen) {
unset($USER);
}
return $cnt;
}
##############################################
# Bitrix: SiteManager #
# Copyright (c) 2002-2012 Bitrix #
# http://www.bitrixsoft.com #
# mailto:admin@bitrixsoft.com #
##############################################
global $MESS;
include GetLangFileName($GLOBALS["DOCUMENT_ROOT"] . "/bitrix/modules/ldap/lang/", "/options.php");
IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . BX_ROOT . "/modules/main/options.php");
$module_id = "ldap";
CModule::IncludeModule($module_id);
$MOD_RIGHT = $APPLICATION->GetGroupRight($module_id);
if ($MOD_RIGHT >= "R") {
$arAllLdapServers = array(0 => GetMessage('LDAP_NOT_USE_DEFAULT_NTLM_SERVER'));
$rsLdapServers = CLdapServer::GetList();
while ($arLdapServer = $rsLdapServers->Fetch()) {
$arAllLdapServers[$arLdapServer['ID']] = $arLdapServer['NAME'];
}
// get current NTLM user login for displaying later
if (!($ntlmVarname = $_POST['ntlm_varname'])) {
$ntlmVarname = COption::GetOptionString($module_id, 'ntlm_varname', 'REMOTE_USER');
}
if (array_key_exists($ntlmVarname, $_SERVER) && trim($_SERVER[$ntlmVarname]) != '') {
$currentUserNTLMMsg = htmlspecialcharsbx($_SERVER[$ntlmVarname]);
} else {
$currentUserNTLMMsg = GetMessage("LDAP_CURRENT_USER_ABS");
}
// set up form
$arAllOptions = array(array("default_email", GetMessage('LDAP_OPTIONS_DEFAULT_EMAIL'), "no@email", array("text")), array("use_ntlm", GetMessage('LDAP_OPTIONS_USE_NTLM'), "N", array("checkbox")), array("use_ntlm_login", GetMessage('LDAP_CURRENT_USER'), $currentUserNTLMMsg, array("statictext")), array("ntlm_varname", GetMessage('LDAP_OPTIONS_NTLM_VARNAME'), "REMOTE_USER", array("text", 20)), array("ntlm_default_server", GetMessage('LDAP_DEFAULT_NTLM_SERVER'), "0", array("selectbox", $arAllLdapServers)), array("add_user_when_auth", GetMessage("LDAP_OPTIONS_NEW_USERS"), "Y", array("checkbox")), array("ntlm_auth_without_prefix", GetMessage("LDAP_WITHOUT_PREFIX"), "Y", array("checkbox")), GetMessage("LDAP_BITRIXVM_BLOCK"), array("bitrixvm_auth_support", GetMessage("LDAP_BITRIXVM_SUPPORT"), "N", array("checkbox")), array("bitrixvm_auth_net", GetMessage('LDAP_BITRIXVM_NET'), "", array("text", 40)));
if ($MOD_RIGHT >= "W") {
function OnPostForm()
{
$wizard =& $this->GetWizard();
if ($wizard->IsPrevButtonClick()) {
return;
}
if (!$this->ldp) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error"), "ldapServer");
return;
} elseif (!$this->ldp->BindAdmin()) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error1"), "ldapLogin");
return;
} elseif ($this->ldp) {
$dbGroup = $this->ldp->GetGroupList();
if (!$dbGroup->Fetch()) {
$wizard->SetCurrentStep("ldap_settings");
$this->SetError(GetMessage("wiz_ldap_error_root"), "ldapBaseDN");
return;
}
}
$arUserFieldMap = array("ACTIVE" => "UserAccountControl&2", "EMAIL" => "email", "NAME" => "givenName", "LAST_NAME" => "sn", "PERSONAL_WWW" => "wWWHomePage", "PERSONAL_PHONE" => "homePhone", "PERSONAL_MOBILE" => "mobile", "PERSONAL_STREET" => "streetAddress", "PERSONAL_MAILBOX" => "postOfficeBox", "PERSONAL_CITY" => "l", "PERSONAL_STATE" => "st", "PERSONAL_ZIP" => "postalCode", "PERSONAL_COUNTRY" => "c", "WORK_COMPANY" => "company", "WORK_DEPARTMENT" => "department", "WORK_POSITION" => "title", "WORK_PHONE" => "telephoneNumber", "WORK_FAX" => "facsimileTelephoneNumber", "ADMIN_NOTES" => "description");
$arFields = array("NAME" => GetMessage("wiz_ldap_server1"), "DESCRIPTION" => "", "CODE" => $wizard->GetVar('ldapNTLMDomain') ? $wizard->GetVar('ldapNTLMDomain') : '', "SERVER" => $wizard->GetVar("ldapServer"), "PORT" => $wizard->GetVar("ldapPort"), "CONVERT_UTF8" => "Y", "ADMIN_LOGIN" => $wizard->GetVar("ldapLogin"), "ACTIVE" => "Y", "ADMIN_PASSWORD" => $wizard->GetVar("ldapPassword"), "BASE_DN" => $wizard->GetVar("ldapBaseDN"), "GROUP_FILTER" => "(objectCategory=group)", "GROUP_ID_ATTR" => "dn", "GROUP_NAME_ATTR" => "sAMAccountName", "USER_FILTER" => "(&(objectClass=user)(objectCategory=PERSON))", "USER_ID_ATTR" => "samaccountname", "USER_NAME_ATTR" => "givenName", "USER_LAST_NAME_ATTR" => "sn", "USER_EMAIL_ATTR" => "mail", "USER_GROUP_ATTR" => "memberof", "SYNC_PERIOD" => "5", "SYNC" => "N", "SYNC_ATTR" => "whenChanged", "FIELD_MAP" => $arUserFieldMap);
$ldapGroup = $wizard->GetVar("ldapGroup");
if (is_array($ldapGroup) && !empty($ldapGroup)) {
$arGroups = array();
foreach ($ldapGroup as $groupID => $ldapGroupID) {
$arGroups[] = array("GROUP_ID" => $groupID, "LDAP_GROUP_ID" => $ldapGroupID);
}
$arFields["GROUPS"] = $arGroups;
}
$ID = CLdapServer::Add($arFields);
if ($ID < 1) {
$this->SetError(GetMessage("wiz_ldap_server_err") . ($exception = $GLOBALS["APPLICATION"]->GetException() ? $exception->GetString() : ""));
} elseif ($wizard->GetVar('ldapNTLM') == 'Y' && strlen($wizard->GetVar('ldapNTLMDomain')) > 0) {
COption::SetOptionString("ldap", "use_ntlm", "Y");
COption::SetOptionString("ldap", "ntlm_default_server", $ID);
RegisterModuleDependences('main', 'OnBeforeProlog', 'ldap', 'CLDAP', 'NTLMAuth', 40);
$fhtaccess = $_SERVER['DOCUMENT_ROOT'] . '/.htaccess';
$f = fopen($fhtaccess, "rb");
$fcontent = fread($f, filesize($fhtaccess));
fclose($f);
$fcontent = preg_replace('/AuthType .+SSPIOfferBasic On[\\r\\n\\t #]Require valid-user/is', '', $fcontent);
$fcontent = $fcontent . "\r\n" . "AuthName \"My Intranet\"\r\n" . "AuthType SSPI\r\n" . "SSPIAuth On\r\n" . "SSPIPackage NTLM\r\n" . "SSPIDomain " . $wizard->GetVar('ldapNTLMDomain') . "\r\n" . "SSPIPerRequestAuth On\r\n" . "SSPIAuthoritative On\r\n" . "SSPIOfferBasic On\r\n" . "Require valid-user\r\n";
$f = fopen($fhtaccess, "wb+");
fwrite($f, $fcontent);
fclose($f);
}
}
