/**
* Get contact information. Returned in a raw array format from AD
*
* @param string $distinguisedname The full DN of a contact
* @param array $fields Attributes to be returned
* @return array
*/
public function info($distinguishedName, $fields = NULL)
{
if ($distinguishedName === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
$filter = "distinguishedName=" . $distinguishedName;
if ($fields === NULL) {
$fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($entries[0]['count'] >= 1) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) {
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
}
$entries[0]["memberof"]["count"]++;
return $entries;
}
/**
* Find information about the users. Returned in a raw array format from AD
*
* @param string $username The username to query
* @param array $fields Array of parameters to query
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return array
*/
public function info($username, $fields = NULL, $isGUID = false, $type = NULL)
{
if ($username === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($isGUID === true) {
$username = $this->adldap->utilities()->strGuidToHex($username);
$filter = "objectguid=" . $username;
} else {
if (strstr($username, "@")) {
$filter = "userPrincipalName=" . $username;
} else {
if ($type == "NetIQ") {
$filter = "cn=" . $username;
} elseif ($type == "LDAP") {
$filter = "uid=" . $username;
} else {
$filter = "samaccountname=" . $username;
}
}
}
$filter = ($type == "NetIQ" or $type == "LDAP") ? "(&(objectClass=person)({$filter}))" : "(&(objectCategory=person)({$filter}))";
if ($fields === NULL) {
$fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
if (!in_array("objectsid", $fields)) {
$fields[] = "objectsid";
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($type == "NetIQ" && sizeof(@$entries) > 0 && isset($entries)) {
foreach ($entries as $key => $u) {
@($entries[@$key]['displayname'] = $u['fullname']);
@($entries[@$key]['samaccountname'] = $u['cn']);
}
}
if (isset($entries[0])) {
if ($entries[0]['count'] >= 1) {
if (in_array("memberof", $fields)) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) {
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
if (!isset($entries[0]["memberof"]["count"])) {
$entries[0]["memberof"]["count"] = 0;
}
$entries[0]["memberof"]["count"]++;
}
}
return $entries;
}
return false;
}
/**
* Find information about the users. Returned in a raw array format from AD
*
* @param string $username The username to query
* @param array $fields Array of parameters to query
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return array
*/
public function info($username, $fields = NULL, $isGUID = false)
{
if ($username === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
$GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":getLdapBind() return false";
return false;
}
if ($isGUID === true) {
$username = $this->adldap->utilities()->strGuidToHex($username);
$filter = "objectguid=" . $username;
} else {
if (strstr($username, "@")) {
$filter = "userPrincipalName=" . $username;
} else {
$filter = "samaccountname=" . $username;
}
}
$filter = "(&(objectCategory=person)({$filter}))";
if ($fields === NULL) {
$fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
if (!in_array("objectsid", $fields)) {
$fields[] = "objectsid";
}
$getBaseDn = $this->adldap->getBaseDn();
$GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":Search {$filter} in {$getBaseDn}";
$sr = ldap_search($this->adldap->getLdapConnection(), $getBaseDn, $filter, $fields);
if (!$sr) {
$GLOBALS["CLASS_ACTV"][] = __FUNCTION__ . ": LINE:" . __LINE__ . ":Search Failed";
}
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (isset($entries[0])) {
if ($entries[0]['count'] >= 1) {
if (in_array("memberof", $fields)) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) {
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
if (!isset($entries[0]["memberof"]["count"])) {
$entries[0]["memberof"]["count"] = 0;
}
$entries[0]["memberof"]["count"]++;
}
}
return $entries;
}
return false;
}
/**
* Find information about the users. Returned in a raw array format from AD
*
* @param string $username The username to query
* @param array $fields Array of parameters to query
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return array
*/
public function info($username, $fields = NULL, $isGUID = false)
{
if ($username === NULL) {
return false;
}
//if (!$this->adldap->getLdapBind()) { print 'No bind!'; return false; }
if ($isGUID === true) {
$username = $this->adldap->utilities()->strGuidToHex($username);
$filter = "objectguid=" . $username;
} else {
if (strstr($username, "@")) {
$user = explode('@', $username);
$user = $user[0];
$filter = "uid=" . $user;
} else {
$filter = "uid=" . $username;
}
}
$filter = "(&(objectClass=person)({$filter}))";
if ($fields === NULL) {
$fields = array("samaccountname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
if (!in_array("objectsid", $fields)) {
$fields[] = "objectsid";
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (isset($entries[0])) {
if ($entries[0]['count'] >= 1) {
if (in_array("memberof", $fields)) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) {
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
if (!isset($entries[0]["memberof"]["count"])) {
$entries[0]["memberof"]["count"] = 0;
}
$entries[0]["memberof"]["count"]++;
}
}
return $entries;
}
return false;
}
/**
* Get the groups a computer is in
*
* @param string $computerName The name of the computer
* @param bool $recursive Whether to check recursively
* @return array
*/
public function groups($computerName, $recursive = NULL)
{
if ($computerName === NULL) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) {
return false;
}
//search the directory for their information
$info = @$this->info($computerName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
//presuming the entry returned is our guy (unique usernames)
if ($recursive === true) {
foreach ($groups as $id => $groupName) {
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
<?php
/*
Test for the new user collections object
*/
//error_reporting(E_ALL ^ E_NOTICE);
include dirname(__FILE__) . "/../src/adLDAP.php";
try {
$adldap = new adLDAP($options);
} catch (adLDAPException $e) {
echo $e;
exit;
}
echo "<pre>\n";
$collection = $adldap->group()->infoCollection('groupname');
print_r($collection->member);
print_r($collection->description);
}
//set options
$options = array('base_dn' => $params->base_dn, 'account_suffix' => $params->account_suffix, 'domain_controllers' => explode(";", $params->domain_controllers), 'use_ssl' => $params->use_ssl, 'use_tls' => $params->use_tls, 'ad_port' => $params->ad_port);
//AD
$adldap = new adLDAP($options);
//try to login with higher credentials for search
$authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword);
if ($authUser == false) {
$Result->show("danger", _("Invalid credentials"), true);
}
// set OpenLDAP flag
if ($server->type == "LDAP") {
$adldap->setUseOpenLDAP(true);
}
//search groups
$groups = $adldap->group()->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, true, "*{$_POST['dfilter']}*");
//echo $adldap->getLastError();
} catch (adLDAPException $e) {
$Result->show("danger", $adldap->getLastError(), false);
$Result->show("danger", $e->getMessage(), true);
}
//check for found
if (sizeof($groups) == 0) {
print "<div class='alert alert-info'>";
print _('No groups found') . "!<hr>";
print _('Possible reasons') . ":";
print "<ul>";
print "<li>" . _('Invalid baseDN setting for AD') . "</li>";
print "<li>" . _('AD account does not have enough privileges for search') . "</li>";
print "</div>";
} else {
/**
* ajoute ou supprime un ordinateur d'un groupe
* @global type $DB
* @param type $action
* @param type $groupe
* @param type $id
*/
function changeGroupe($action, $groupe, $id)
{
global $DB;
// instanciation de adldap
$cheminAdldap = $this->getAjaxAbsolutePath() . "adldap/adLDAP.php";
require_once $cheminAdldap;
$LDAPConfig = $this->getLDAPConfig($id);
if ($LDAPConfig != NULL && $this->testerAD($LDAPConfig, $cheminAdldap)) {
// Connection à l'AD
$serveur[0] = $LDAPConfig['serveur'];
$adldap = new adLDAP(array('base_dn' => $LDAPConfig['dc'], 'account_suffix' => $LDAPConfig['suffix'], 'domain_controllers' => $serveur));
$adldap->close();
$adldap->setAdminUsername($LDAPConfig['login']);
$adldap->setAdminPassword($LDAPConfig['passwd']);
$adldap->connect();
$computerInfo = $adldap->computer()->info($this->getItemName($id), array("dn"));
// Ajout ou suppression de l'ordinateur du groupe
if ($action == "add") {
$groupeOrdinateur = $adldap->group()->addUser($groupe, $computerInfo[0]["dn"]);
} else {
$groupeOrdinateur = $adldap->group()->removeUser($groupe, $computerInfo[0]["dn"]);
}
// Enregistrement de l'action dans la base de données
$technicien = $_SESSION["glpiname"];
$date = date('j-m-Y');
$heure = date('H:m:s');
$query = "INSERT INTO glpi_plugin_groupead_log VALUES ('','{$id}',\n 'Computer','{$technicien}','{$date}|{$heure}','{$action}','{$groupe}')";
$DB->query($query);
}
}
try {
$adldap = new adLDAP($options);
} catch (adLDAPException $e) {
echo $e;
exit;
}
//var_dump($ldap);
echo "<pre>\n";
// authenticate a username/password
if (0) {
$result = $adldap->authenticate("username", "password");
var_dump($result);
}
// add a group to a group
if (0) {
$result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name");
var_dump($result);
}
// add a user to a group
if (0) {
$result = $adldap->group()->addUser("Group Name", "username");
var_dump($result);
}
// create a group
if (0) {
$attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container"));
$result = $adldap->group()->create($attributes);
var_dump($result);
}
// retrieve information about a group
if (0) {
$adldap = new adLDAP($options);
//try to login with higher credentials for search
$authUser = $adldap->authenticate($params->adminUsername, $params->adminPassword);
if ($authUser == false) {
$Result->show("danger", _("Invalid credentials"), true);
}
// set OpenLDAP flag
if ($server->type == "LDAP") {
$adldap->setUseOpenLDAP(true);
}
//fetch all groups
$all_groups = $Admin->fetch_all_objects("userGroups", "g_id");
if ($all_groups !== false) {
foreach ($all_groups as $k => $g) {
//members
$domain_group_members = $adldap->group()->members($g->g_name);
//false
if ($domain_group_members !== false) {
foreach ($domain_group_members as $m) {
if ($m == $_POST['username']) {
$membership[] = $g->g_id;
}
}
}
}
}
# if something set print it
if (isset($membership)) {
print trim(implode(";", array_filter($membership)));
}
} catch (adLDAPException $e) {
function clonerOrdiAD($idOrdinateur, $idCloner, $groupe, $log)
{
require_once $this->getAjaxAbsolutePath() . "adldap/adLDAP.php";
$name = $this->getItemName($idOrdinateur);
$LDAPConfig = $this->getLDAPConfig($idCloner);
if ($LDAPConfig != NULL && $this->testerAD($LDAPConfig)) {
$serveur[0] = $LDAPConfig['serveur'];
$adldap = new adLDAP(array('base_dn' => $LDAPConfig['dc'], 'account_suffix' => $LDAPConfig['suffix'], 'domain_controllers' => $serveur));
$adldap->close();
$adldap->setAdminUsername($LDAPConfig['login']);
$adldap->setAdminPassword($LDAPConfig['passwd']);
$adldap->connect();
$computerInfo = $adldap->computer()->info($name, array("dn"));
if ($computerInfo["count"] == 0) {
// si l'ordinateur n'existe pas dans l'ad on le créé
$attributes["cn"] = $name;
$container = array("Computers");
$attributes["container"] = $container;
if ($adldap->computer()->create($attributes)) {
$log = "Ordinateur créé dans l'AD: " . $LDAPConfig['suffix'];
$this->setLog($idOrdinateur, 'Computer', $log);
} else {
$log = "Erreur lors de la création de l'ordinateur dans l'AD: " . $LDAPConfig['suffix'];
$this->setLog($idOrdinateur, 'Computer', $log);
}
} else {
$log = "L'ordinateur existe déjà dans l'AD: " . $LDAPConfig['suffix'];
$this->setLog($idOrdinateur, 'Computer', $log);
}
if ($groupe != null) {
$explodeGroupe = explode("|", $groupe);
if ($explodeGroupe[0] != null) {
$explodeGroupe1 = explode(",", $explodeGroupe[0]);
foreach ($explodeGroupe1 as $value) {
$adldap->group()->addUser($value, "CN=" . $name . ",CN=Computers," . $LDAPConfig['dc']);
$log = "L'ordinateur a été ajouté dans le groupe: " . $value . " de l'AD: " . $LDAPConfig['suffix'];
$this->setLog($idOrdinateur, 'Computer', $log);
}
}
}
}
return true;
}
