/**
* Create an Exchange account
*
* @param string $username The username of the user to add the Exchange account to
* @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
* If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
* @param string $emailAddress The primary email address to add to this user
* @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used
* @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
* @param string $baseDn Specify an alternative base_dn for the Exchange storage group
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname = NULL, $useDefaults = TRUE, $baseDn = NULL, $isGUID = false)
{
if ($username === NULL) {
return "Missing compulsory field [username]";
}
if ($storageGroup === NULL) {
return "Missing compulsory array [storagegroup]";
}
if (!is_array($storageGroup)) {
return "[storagegroup] must be an array";
}
if ($emailAddress === NULL) {
return "Missing compulsory field [emailAddress]";
}
if ($baseDn === NULL) {
$baseDn = $this->adldap->getBaseDn();
}
$container = "CN=" . implode(",CN=", $storageGroup);
if ($mailNickname === NULL) {
$mailNickname = $username;
}
$mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
$attributes = array('exchange_homemdb' => $container . "," . $baseDn, 'exchange_proxyaddress' => 'SMTP:' . $emailAddress, 'exchange_mailnickname' => $mailNickname, 'exchange_usedefaults' => $mdbUseDefaults);
$result = $this->adldap->user()->modify($username, $attributes, $isGUID);
if ($result == false) {
return false;
}
return true;
}
/**
* Get contact information. Returned in a raw array format from AD
*
* @param string $distinguishedName The full DN of a contact
* @param null $fields Array of parameters to query
* @return array|bool
*/
public function info($distinguishedName, $fields = NULL)
{
if ($distinguishedName === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
$filter = "distinguishedName=" . $this->adldap->utilities()->ldapSlashes($distinguishedName);
if ($fields === NULL) {
$fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($entries[0]['count'] >= 1) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) {
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
}
$entries[0]["memberof"]["count"]++;
return $entries;
}
/**
* Coping with AD not returning the primary group
* http://support.microsoft.com/?kbid=321360
*
* This is a re-write based on code submitted by Bruce which prevents the
* need to search each security group to find the true primary group
*
* @param string $groupId Group ID
* @param string $userId User's Object SID
* @return bool
*/
public function getPrimaryGroup($groupId, $userId)
{
if ($groupId === NULL || $userId === NULL) {
return false;
}
$groupId = substr_replace($userId, pack('V', $groupId), strlen($userId) - 4, 4);
$filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($groupId) . ')';
$fields = array("samaccountname", "distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (isset($entries[0]['distinguishedname'][0])) {
return $entries[0]['distinguishedname'][0];
}
return false;
}
/**
* Converts a username (samAccountName) to a GUID
*
* @param string $username The username to query
* @return string
*/
public function usernameToGuid($username)
{
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($username === null) {
return "Missing compulsory field [username]";
}
$filter = "samaccountname=" . $username;
$fields = array("objectGUID");
$sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
$entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
$guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
$strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
return $strGUID;
}
return false;
}
/**
* Get the groups a computer is in
*
* @param string $computerName The name of the computer
* @param null $recursive Whether to check recursively
* @return array|bool
*/
public function groups($computerName, $recursive = NULL)
{
if ($computerName === NULL) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) {
return false;
}
//search the directory for their information
$info = @$this->info($computerName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
//presuming the entry returned is our guy (unique usernames)
if ($recursive === true) {
foreach ($groups as $id => $groupName) {
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
/**
* Finds GUID by DN
*
* @param adLDAP $adLdap
* @param string $dn
* @return null
*/
protected function findManagerGUID(adLDAP $adLdap, $dn = '')
{
if (!empty($dn)) {
$filter = '(' . '&(objectClass=user)' . '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')' . '(objectCategory=person)(distinguishedname=' . $dn . ')' . ')';
$sr = ldap_search($adLdap->getLdapConnection(), $adLdap->getBaseDn(), $filter, ['objectGUID']);
$entries = ldap_get_entries($adLdap->getLdapConnection(), $sr);
if (isset($entries['count']) && $entries['count'] > 0) {
return $adLdap->utilities()->decodeGuid($entries[0]['objectguid'][0]);
}
}
return null;
}
