/** * Get contact information. Returned in a raw array format from AD * * @param string $distinguisedname The full DN of a contact * @param array $fields Attributes to be returned * @return array */ public function info($distinguishedName, $fields = NULL) { if ($distinguishedName === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } $filter = "distinguishedName=" . $distinguishedName; if ($fields === NULL) { $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if ($entries[0]['count'] >= 1) { // AD does not return the primary group in the ldap query, we may need to fudge it if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) { //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]); $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]); } else { $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn(); } } $entries[0]["memberof"]["count"]++; return $entries; }
/** * Find information about the users. Returned in a raw array format from AD * * @param string $username The username to query * @param array $fields Array of parameters to query * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return array */ public function info($username, $fields = NULL, $isGUID = false, $type = NULL) { if ($username === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } if ($isGUID === true) { $username = $this->adldap->utilities()->strGuidToHex($username); $filter = "objectguid=" . $username; } else { if (strstr($username, "@")) { $filter = "userPrincipalName=" . $username; } else { if ($type == "NetIQ") { $filter = "cn=" . $username; } elseif ($type == "LDAP") { $filter = "uid=" . $username; } else { $filter = "samaccountname=" . $username; } } } $filter = ($type == "NetIQ" or $type == "LDAP") ? "(&(objectClass=person)({$filter}))" : "(&(objectCategory=person)({$filter}))"; if ($fields === NULL) { $fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); } if (!in_array("objectsid", $fields)) { $fields[] = "objectsid"; } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if ($type == "NetIQ" && sizeof(@$entries) > 0 && isset($entries)) { foreach ($entries as $key => $u) { @($entries[@$key]['displayname'] = $u['fullname']); @($entries[@$key]['samaccountname'] = $u['cn']); } } if (isset($entries[0])) { if ($entries[0]['count'] >= 1) { if (in_array("memberof", $fields)) { // AD does not return the primary group in the ldap query, we may need to fudge it if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) { //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]); $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]); } else { $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn(); } if (!isset($entries[0]["memberof"]["count"])) { $entries[0]["memberof"]["count"] = 0; } $entries[0]["memberof"]["count"]++; } } return $entries; } return false; }
/** * Find information about the users. Returned in a raw array format from AD * * @param string $username The username to query * @param array $fields Array of parameters to query * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return array */ public function info($username, $fields = NULL, $isGUID = false) { if ($username === NULL) { return false; } if (!$this->adldap->getLdapBind()) { $GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":getLdapBind() return false"; return false; } if ($isGUID === true) { $username = $this->adldap->utilities()->strGuidToHex($username); $filter = "objectguid=" . $username; } else { if (strstr($username, "@")) { $filter = "userPrincipalName=" . $username; } else { $filter = "samaccountname=" . $username; } } $filter = "(&(objectCategory=person)({$filter}))"; if ($fields === NULL) { $fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); } if (!in_array("objectsid", $fields)) { $fields[] = "objectsid"; } $getBaseDn = $this->adldap->getBaseDn(); $GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":Search {$filter} in {$getBaseDn}"; $sr = ldap_search($this->adldap->getLdapConnection(), $getBaseDn, $filter, $fields); if (!$sr) { $GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":Search Failed"; } $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (isset($entries[0])) { if ($entries[0]['count'] >= 1) { if (in_array("memberof", $fields)) { // AD does not return the primary group in the ldap query, we may need to fudge it if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) { //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]); $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]); } else { $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn(); } if (!isset($entries[0]["memberof"]["count"])) { $entries[0]["memberof"]["count"] = 0; } $entries[0]["memberof"]["count"]++; } } return $entries; } return false; }
/** * Find information about the users. Returned in a raw array format from AD * * @param string $username The username to query * @param array $fields Array of parameters to query * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return array */ public function info($username, $fields = NULL, $isGUID = false) { if ($username === NULL) { return false; } //if (!$this->adldap->getLdapBind()) { print 'No bind!'; return false; } if ($isGUID === true) { $username = $this->adldap->utilities()->strGuidToHex($username); $filter = "objectguid=" . $username; } else { if (strstr($username, "@")) { $user = explode('@', $username); $user = $user[0]; $filter = "uid=" . $user; } else { $filter = "uid=" . $username; } } $filter = "(&(objectClass=person)({$filter}))"; if ($fields === NULL) { $fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); } if (!in_array("objectsid", $fields)) { $fields[] = "objectsid"; } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (isset($entries[0])) { if ($entries[0]['count'] >= 1) { if (in_array("memberof", $fields)) { // AD does not return the primary group in the ldap query, we may need to fudge it if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) { //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]); $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]); } else { $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn(); } if (!isset($entries[0]["memberof"]["count"])) { $entries[0]["memberof"]["count"] = 0; } $entries[0]["memberof"]["count"]++; } } return $entries; } return false; }
/** * Get the groups a computer is in * * @param string $computerName The name of the computer * @param bool $recursive Whether to check recursively * @return array */ public function groups($computerName, $recursive = NULL) { if ($computerName === NULL) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } //search the directory for their information $info = @$this->info($computerName, array("memberof", "primarygroupid")); $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames) if ($recursive === true) { foreach ($groups as $id => $groupName) { $extraGroups = $this->adldap->group()->recursiveGroups($groupName); $groups = array_merge($groups, $extraGroups); } } return $groups; }
<?php /* Test for the new user collections object */ //error_reporting(E_ALL ^ E_NOTICE); include dirname(__FILE__) . "/../src/adLDAP.php"; try { $adldap = new adLDAP($options); } catch (adLDAPException $e) { echo $e; exit; } echo "<pre>\n"; $collection = $adldap->group()->infoCollection('groupname'); print_r($collection->member); print_r($collection->description);
} //set options $options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port); //AD $adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //search groups $groups = $adldap->group()->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, true, "*{$_POST['dfilter']}*"); //echo $adldap->getLastError(); } catch (adLDAPException $e) { $Result->show("danger", $adldap->getLastError(), false); $Result->show("danger", $e->getMessage(), true); } //check for found if (sizeof($groups) == 0) { print "<div class='alert alert-info'>"; print _('No groups found') . "!<hr>"; print _('Possible reasons') . ":"; print "<ul>"; print "<li>" . _('Invalid baseDN setting for AD') . "</li>"; print "<li>" . _('AD account does not have enough privileges for search') . "</li>"; print "</div>"; } else {
/** * ajoute ou supprime un ordinateur d'un groupe * @global type $DB * @param type $action * @param type $groupe * @param type $id */ function changeGroupe($action, $groupe, $id) { global $DB; // instanciation de adldap $cheminAdldap = $this->getAjaxAbsolutePath() . "adldap/adLDAP.php"; require_once $cheminAdldap; $LDAPConfig = $this->getLDAPConfig($id); if ($LDAPConfig != NULL && $this->testerAD($LDAPConfig, $cheminAdldap)) { // Connection à l'AD $serveur[0] = $LDAPConfig['serveur']; $adldap = new adLDAP(array('base_dn' => $LDAPConfig['dc'], 'account_suffix' => $LDAPConfig['suffix'], 'domain_controllers' => $serveur)); $adldap->close(); $adldap->setAdminUsername($LDAPConfig['login']); $adldap->setAdminPassword($LDAPConfig['passwd']); $adldap->connect(); $computerInfo = $adldap->computer()->info($this->getItemName($id), array("dn")); // Ajout ou suppression de l'ordinateur du groupe if ($action == "add") { $groupeOrdinateur = $adldap->group()->addUser($groupe, $computerInfo[0]["dn"]); } else { $groupeOrdinateur = $adldap->group()->removeUser($groupe, $computerInfo[0]["dn"]); } // Enregistrement de l'action dans la base de données $technicien = $_SESSION["glpiname"]; $date = date('j-m-Y'); $heure = date('H:m:s'); $query = "INSERT INTO glpi_plugin_groupead_log VALUES ('','{$id}',\n 'Computer','{$technicien}','{$date}|{$heure}','{$action}','{$groupe}')"; $DB->query($query); } }
try { $adldap = new adLDAP($options); } catch (adLDAPException $e) { echo $e; exit; } //var_dump($ldap); echo "<pre>\n"; // authenticate a username/password if (0) { $result = $adldap->authenticate("username", "password"); var_dump($result); } // add a group to a group if (0) { $result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name"); var_dump($result); } // add a user to a group if (0) { $result = $adldap->group()->addUser("Group Name", "username"); var_dump($result); } // create a group if (0) { $attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container")); $result = $adldap->group()->create($attributes); var_dump($result); } // retrieve information about a group if (0) {
$adldap = new adLDAP($options); //try to login with higher credentials for search $authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword); if ($authUser == false) { $Result->show("danger", _("Invalid credentials"), true); } // set OpenLDAP flag if ($server->type == "LDAP") { $adldap->setUseOpenLDAP(true); } //fetch all groups $all_groups = $Admin->fetch_all_objects("userGroups", "g_id"); if ($all_groups !== false) { foreach ($all_groups as $k => $g) { //members $domain_group_members = $adldap->group()->members($g->g_name); //false if ($domain_group_members !== false) { foreach ($domain_group_members as $m) { if ($m == $_POST['username']) { $membership[] = $g->g_id; } } } } } # if something set print it if (isset($membership)) { print trim(implode(";", array_filter($membership))); } } catch (adLDAPException $e) {
function clonerOrdiAD($idOrdinateur, $idCloner, $groupe, $log) { require_once $this->getAjaxAbsolutePath() . "adldap/adLDAP.php"; $name = $this->getItemName($idOrdinateur); $LDAPConfig = $this->getLDAPConfig($idCloner); if ($LDAPConfig != NULL && $this->testerAD($LDAPConfig)) { $serveur[0] = $LDAPConfig['serveur']; $adldap = new adLDAP(array('base_dn' => $LDAPConfig['dc'], 'account_suffix' => $LDAPConfig['suffix'], 'domain_controllers' => $serveur)); $adldap->close(); $adldap->setAdminUsername($LDAPConfig['login']); $adldap->setAdminPassword($LDAPConfig['passwd']); $adldap->connect(); $computerInfo = $adldap->computer()->info($name, array("dn")); if ($computerInfo["count"] == 0) { // si l'ordinateur n'existe pas dans l'ad on le créé $attributes["cn"] = $name; $container = array("Computers"); $attributes["container"] = $container; if ($adldap->computer()->create($attributes)) { $log = "Ordinateur créé dans l'AD: " . $LDAPConfig['suffix']; $this->setLog($idOrdinateur, 'Computer', $log); } else { $log = "Erreur lors de la création de l'ordinateur dans l'AD: " . $LDAPConfig['suffix']; $this->setLog($idOrdinateur, 'Computer', $log); } } else { $log = "L'ordinateur existe déjà dans l'AD: " . $LDAPConfig['suffix']; $this->setLog($idOrdinateur, 'Computer', $log); } if ($groupe != null) { $explodeGroupe = explode("|", $groupe); if ($explodeGroupe[0] != null) { $explodeGroupe1 = explode(",", $explodeGroupe[0]); foreach ($explodeGroupe1 as $value) { $adldap->group()->addUser($value, "CN=" . $name . ",CN=Computers," . $LDAPConfig['dc']); $log = "L'ordinateur a été ajouté dans le groupe: " . $value . " de l'AD: " . $LDAPConfig['suffix']; $this->setLog($idOrdinateur, 'Computer', $log); } } } } return true; }