/**
* Coping with AD not returning the primary group.
*
* http://support.microsoft.com/?kbid=321360.
*
* @param string $group The name of the group
* @param string $user The username of the user
*
* @return bool
*/
public function getPrimaryGroup($group, $user)
{
$group = $this->find($group);
$user = $this->getAdldap()->users()->find($user);
if ($group instanceof Group && $user instanceof User) {
$sid = Utilities::binarySidToText($group->getSid());
$result = $this->adldap->search()->where(ActiveDirectory::OBJECT_SID, '=', $sid)->first();
if ($result instanceof Entry) {
return $result->getDn();
}
}
return false;
}
/**
* Returns the models memberOf names only.
*
* @return array
*/
public function getMemberOfNames()
{
$names = [];
$dns = $this->getAttribute(ActiveDirectory::MEMBER_OF);
if (is_array($dns)) {
foreach ($dns as $dn) {
$exploded = Utilities::explodeDn($dn);
if (array_key_exists(0, $exploded)) {
$names[] = $exploded[0];
}
}
}
return $names;
}
/**
* Returns a new LDAP Entry instance.
*
* @param array $attributes
*
* @return Entry
*/
public function newLdapEntry(array $attributes = [])
{
$attribute = ActiveDirectory::OBJECT_CATEGORY;
if (array_key_exists($attribute, $attributes) && array_key_exists(0, $attributes[$attribute])) {
// We'll explode the DN so we can grab it's object category.
$category = Utilities::explodeDn($attributes[$attribute][0]);
// Make sure the category string exists in the attribute array
if (array_key_exists(0, $category)) {
$category = strtolower($category[0]);
if (array_key_exists($category, $this->mappings)) {
$model = $this->mappings[$category];
return (new $model([], $this))->setRawAttributes($attributes);
}
}
}
// A default entry object if the object category isn't found
return (new Entry([], $this))->setRawAttributes($attributes);
}
/**
* Adds the inserted field, operator and value
* to the orWheres property array.
*
* @param string $field
* @param string $operator
* @param null $value
*
* @throws InvalidQueryOperatorException
*/
private function addOrWhere($field, $operator, $value = null)
{
$this->orWheres[] = [self::$whereFieldKey => $field, self::$whereOperatorKey => $this->getOperator($operator), self::$whereValueKey => Utilities::escape($value)];
}
/**
* Change the password of the current user. This must be performed over SSL.
* @param string $oldPassword The new password
* @param string $newPassword The old password
*
* @return bool
*
* @throws AdldapException
* @throws PasswordPolicyException
* @throws WrongPasswordException
*/
public function changePassword($oldPassword, $newPassword)
{
if (!$this->connection->isUsingSSL() && !$this->connection->isUsingTLS()) {
$message = 'SSL or TLS must be configured on your web server and enabled to change passwords.';
throw new AdldapException($message);
}
$attribute = ActiveDirectory::UNICODE_PASSWORD;
$this->setModification($attribute, LDAP_MODIFY_BATCH_REMOVE, Utilities::encodePassword($oldPassword));
$this->setModification($attribute, LDAP_MODIFY_BATCH_ADD, Utilities::encodePassword($newPassword));
$result = $this->save();
if ($result === false) {
$error = $this->connection->getExtendedError();
if ($error) {
$errorCode = $this->connection->getExtendedErrorCode();
$message = 'Error: ' . $error;
if ($errorCode == '0000052D') {
$message = "Error: {$errorCode}. Your new password might not match the password policy.";
throw new PasswordPolicyException($message);
} elseif ($errorCode == '00000056') {
$message = "Error: {$errorCode}. Your old password might be wrong.";
throw new WrongPasswordException($message);
}
throw new AdldapException($message);
} else {
return false;
}
}
return $result;
}
/**
* Return the expiration date of the user account.
*
* @return DateTime Expiration date or null if no expiration date
*/
public function expirationDate()
{
$accountExpiry = $this->getAccountExpiry();
if ($accountExpiry == 0 || $accountExpiry == ActiveDirectory::NEVER_EXPIRES_DATE) {
return;
}
$unixTime = Utilities::convertWindowsTimeToUnixTime($accountExpiry);
return new \DateTime(date('Y-m-d H:i:s', $unixTime));
}
/**
* Returns the model's object category DN in an exploded array.
*
* @return array
*/
public function getObjectCategoryArray()
{
return Utilities::explodeDn($this->getObjectCategoryDn());
}
/**
* Assembles an RDN with the specified attribute and value.
*
* @param string $attribute
* @param array $values
*
* @return null|string
*/
private function assembleRdns($attribute, array $values = [])
{
if (count($values) > 0) {
$values = array_reverse($values);
$values = array_map(function ($value) use($attribute) {
return $attribute . '=' . Utilities::escape($value, '', 2);
}, $values);
return implode(',', $values);
}
return null;
}
/**
* Adds a binding to the query.
*
* @param string $field
* @param string $operator
* @param string $value
* @param string $type
*
* @throws InvalidQueryOperatorException
*
* @return Builder
*/
public function addBinding($field, $operator, $value, $type = 'where')
{
if (!array_key_exists($type, $this->bindings)) {
throw new InvalidArgumentException("Invalid binding type: {$type}.");
}
$operator = $this->getOperator($operator);
$value = Utilities::escape($value);
$this->{$this->bindings[$type]}[] = compact('field', 'operator', 'value');
return $this;
}
/**
* Assembles an RDN with the specified attribute and value.
*
* @param string $attribute
* @param array $values
*
* @return null|string
*/
protected function assembleRdns($attribute, array $values = [])
{
if (count($values) > 0) {
$values = array_reverse($values);
$values = array_map(function ($value) use($attribute) {
return sprintf('%s=%s', $attribute, Utilities::escape($value, '', 2));
}, $values);
return implode(',', $values);
}
return;
}
/**
* Update roles
*
* @param User $user
* @param Models\User $adUser
*/
protected function updateRole(User &$user, Models\User $adUser)
{
$memberOf = [];
foreach ($adUser->getMemberOfNames() as $group) {
$memberOf[] = \Adldap\Classes\Utilities::unescape($group);
}
foreach ($this->group2Role as $group => $role) {
if (in_array($group, $memberOf, true)) {
if ($this->roleExists($role)) {
$user->addRole($role);
}
}
}
}
/**
* Returns a new LDAP Entry instance.
*
* @param array $attributes
*
* @return Entry
*/
public function newLdapEntry(array $attributes)
{
$attribute = ActiveDirectory::OBJECT_CATEGORY;
if (array_key_exists($attribute, $attributes) && array_key_exists(0, $attributes[$attribute])) {
// We'll explode the DN so we can grab it's object category.
$category = Utilities::explodeDn($attributes[$attribute][0]);
// We'll create a new object depending on the object category of the LDAP entry.
switch (strtolower($category[0])) {
case ActiveDirectory::OBJECT_CATEGORY_COMPUTER:
return (new Computer([], $this->connection))->setRawAttributes($attributes);
case ActiveDirectory::OBJECT_CATEGORY_PERSON:
return (new User([], $this->connection))->setRawAttributes($attributes);
case ActiveDirectory::OBJECT_CATEGORY_GROUP:
return (new Group([], $this->connection))->setRawAttributes($attributes);
case ActiveDirectory::MS_EXCHANGE_SERVER:
return (new ExchangeServer([], $this->connection))->setRawAttributes($attributes);
case ActiveDirectory::OBJECT_CATEGORY_CONTAINER:
return (new Container([], $this->connection))->setRawAttributes($attributes);
case ActiveDirectory::OBJECT_CATEGORY_PRINTER:
return (new Printer($attributes, $this->connection))->setRawAttributes();
}
}
// A default entry object if the object category isn't recognized.
return (new Entry($attributes, $this->connection))->setRawAttributes($attributes);
}
