//AD
$adldap = new adLDAP($options);
//try to login with higher credentials for search
$authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword);
if ($authUser == false) {
$Result->show("danger", _("Invalid credentials"), true);
}
// set OpenLDAP flag
if ($server->type == "LDAP") {
$adldap->setUseOpenLDAP(true);
}
//search groups
$groups = $adldap->group()->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, true, "*{$_POST['dfilter']}*");
//echo $adldap->getLastError();
} catch (adLDAPException $e) {
$Result->show("danger", $adldap->getLastError(), false);
$Result->show("danger", $e->getMessage(), true);
}
//check for found
if (sizeof($groups) == 0) {
print "<div class='alert alert-info'>";
print _('No groups found') . "!<hr>";
print _('Possible reasons') . ":";
print "<ul>";
print "<li>" . _('Invalid baseDN setting for AD') . "</li>";
print "<li>" . _('AD account does not have enough privileges for search') . "</li>";
print "</div>";
} else {
print _(" Following groups were found") . ": (" . sizeof($groups) . "):<hr>";
print "<table class='table table-top table-td-top table-striped'>";
// loop
/**
* Check user against AD
*/
function checkADLogin($username, $password)
{
/* get All settings */
$settings = getAllSettings();
# include login script
include dirname(__FILE__) . "/adLDAP/src/adLDAP.php";
# open connection
try {
# get settings for connection
$ad = getADSettings();
# AD
$adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port']));
# set OpenLDAP flag
if ($settings['domainAuth'] == "2") {
$adldap->setUseOpenLDAP(true);
}
} catch (adLDAPException $e) {
die('<div class="alert alert-danger">' . $e . '</div>');
}
# user authentication
$authUser = $adldap->authenticate($username, $password);
# result
if ($authUser == true) {
return 'ok';
} else {
$err = $adldap->getLastError();
print "<div class='alert alert-danger'>{$err}</div>";
return 'Failed to authenticate user via AD!';
}
}
/**
* Check user against AD
*/
function checkADLogin($username, $password)
{
/* get All settings */
$settings = getAllSettings();
//include login script
include dirname(__FILE__) . "/adLDAP/src/adLDAP.php";
//open connection
try {
//get settings for connection
$ad = getADSettings();
//AD
$adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port']));
// set OpenLDAP flag
if ($settings['domainAuth'] == "2") {
$adldap->setUseOpenLDAP(true);
}
} catch (adLDAPException $e) {
die('<div class="alert alert-error">' . $e . '</div>');
}
//user authentication
$authUser = $adldap->authenticate($username, $password);
if ($authUser == true) {
global $db;
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
$query = "SELECT id FROM users WHERE username = '******';";
$user_id = $database->getRow($query);
if (count($user_id) == 0) {
$real_name = str_replace('.', ' ', $username);
$real_name = ucwords($real_name);
$email = $username . "@enovance.com";
$query = "INSERT INTO users (username, role, real_name, email, domainUser, lang) VALUES ('{$username}', 'Administrator', '{$real_name}', '{$email}', 1, 1);";
$database->executeQuery($query);
$user_id = $database->insert_id;
if (count($user_id) > 0) {
updateLogTable('Created user ' . $username . ' successfully', "", 0);
}
}
$database->close();
if (count($user_id) > 0) {
updateLogTable('User ' . $username . ' authenticated against AD.', "", 0);
return 'ok';
} else {
updateLogTable('Failed to create user .' . $username, "", 2);
return "Failed to creater user {$username}";
}
} else {
updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2);
$err = $adldap->getLastError();
return 'Failed to authenticate user via AD!';
}
}
/**
* Check user against AD
*/
function checkADLogin($username, $password)
{
/* first checked if it is defined in database - username and ad option */
global $db;
# get variables from config file
/* global $ad; */
/* check if user exists in local database */
$database = new database($db['host'], $db['user'], $db['pass'], $db['name']);
$query = 'select count(*) as count from users where `username` = binary "' . $username . '" and `domainUser` = "1";';
/* execute */
try {
$result = $database->getArray($query);
} catch (Exception $e) {
$error = $e->getMessage();
print "<div class='alert alert-danger'>" . _('Error') . ": {$error}</div>";
return false;
}
/* close database connection */
$database->close();
/* get All settings */
$settings = getAllSettings();
/* if yes try with AD */
if ($result[0]['count'] == "1") {
//include login script
include dirname(__FILE__) . "/adLDAP/src/adLDAP.php";
//open connection
try {
//get settings for connection
$ad = getADSettings();
//AD
$adldap = new adLDAP(array('base_dn' => $ad['base_dn'], 'account_suffix' => $ad['account_suffix'], 'domain_controllers' => $ad['domain_controllers'], 'use_ssl' => $ad['use_ssl'], 'use_tls' => $ad['use_tls'], 'ad_port' => $ad['ad_port']));
// set OpenLDAP flag
if ($settings['domainAuth'] == "2") {
$adldap->setUseOpenLDAP(true);
}
} catch (adLDAPException $e) {
die('<div class="alert alert-danger">' . $e . '</div>');
}
//user authentication
$authUser = $adldap->authenticate($username, $password);
if ($authUser == true) {
updateLogTable('User ' . $username . ' authenticated against AD.', "", 0);
return 'ok';
} else {
updateLogTable('User ' . $username . ' failed to authenticate against AD.', "", 2);
$err = $adldap->getLastError();
print "<div class='alert alert-danger'>{$err}</div>";
return 'Failed to authenticate user via AD!';
}
} else {
return false;
}
}
