function AuthenticateUsingLdap($username, $password, &$ldap_connection) { $upn = isEmailAddress($username) ? $username : $username . "@" . $ldap_connection['fqdn']; // Authenticate error_reporting(E_ERROR | E_PARSE); $connect = ConnectToLdapServer($ldap_connection['server'], $upn, $password); return $connect; }
function AuditSingleLdapPath(&$ldap_path_details) { global $db; DebugEcho($ldap_path_details); LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"]); echo "Auditing LDAP Path: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; // Authenticate $ldap = ConnectToLdapServer($ldap_path_details["ldap_server"], $ldap_path_details["ldap_user"], $ldap_path_details["ldap_password"]); if (is_array($ldap)) { DebugEcho("AuditSingleLdapPath: " . $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server"); LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server"); return; } $audit_timestamp = date("YmdHis"); DebugEcho($audit_timestamp); // Perform user object search and get results echo "Auditing user accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; $ldap_filter = LDAP_USER_FILTER; $ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "department"); // $ldap_attributes=array("cn,sn,c,l,st,title,postalcode,physicaldeliveryofficename,telephonenumber,givenname,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,co,department,company,streetaddress,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,scriptpath,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,userprincipalname,lockouttime,objectcategory,dscorepropagationdata,dscorepropagationdata,dscorepropagationdata,lastlogontimestamp,mail,manager"); $ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes); // Update db, ldap_users table echo "Updating Users table ...<br>\n"; Updateldap_usersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp); DebugEcho("Total: " . $ldap_results["count"]); // Perform computer object search and get results echo "Auditing computer accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n"; $ldap_filter = LDAP_COMPUTER_FILTER; $ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "operatingSystem", "operatingSystemServicePack"); // $ldap_attributes=array("cn,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,localpolicyflags,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,operatingsystem,operatingsystemversion,operatingsystemservicepack,dnshostname,serviceprincipalname,serviceprincipalname,objectcategory,iscriticalsystemobject,lastlogontimestamp"); $ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes); // Update db, ldap_computers table echo "Updating Computers table ...<br>\n"; Updateldap_computersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp); DebugEcho("Total: " . ReturnDataOrNull($ldap_results["count"])); // Disconnect LDAP ldap_unbind($ldap); // Finally update the ldap_paths table with the audit timestamp $sql = "UPDATE ldap_paths SET ldap_paths_timestamp='" . $audit_timestamp . "' WHERE ldap_paths.ldap_paths_id='" . $ldap_path_details["ldap_path_id"] . "'"; mysql_query($sql, $db); }
Minor change to GetImage(). Added support for $image_link_ldap_attribute and $human_readable_ldap_fields config options. Now using DisplayError() from "include_functions.php". [Nick Brown] 24/04/2009 Added utf8_encode() to LDAP search filter strings **********************************************************************************************************/ require_once "include.php"; $ldap_info = GetLdapConnection(); // Didn't get LDAP connection - alert user & done if ($ldap_info === False) { DisplayError(__("Cannot retrieve LDAP details as you have no LDAP connection defined for this domain.")); } // Connect (authenticate) to LDAP $upn = isEmailAddress($ldap_info['user']) ? $ldap_info['user'] : $ldap_info['user'] . "@" . $ldap_info['fqdn']; $ldap = ConnectToLdapServer($ldap_info['server'], $upn, $ldap_info['password']); // Get LDAP info if ($_GET["record_type"] == "computer") { $sam_account_name = $ldap_info['system_name'] . "\$"; $attributes = $_GET["full_details"] == "y" ? array() : $computer_ldap_attributes; } else { // Get user account name - user name *may* be in DOMAIN\ACCOUNT format or may not :-) $sam_account_name = stripos($ldap_info["net_user_name"], "\\") !== FALSE ? array_pop(explode("\\", $ldap_info["net_user_name"])) : $ldap_info["net_user_name"]; $attributes = $_GET["full_details"] == "y" ? array() : $user_ldap_attributes; } $filter = "(&(objectClass=" . $_GET["record_type"] . ")(sAMAccountName=" . $sam_account_name . "))"; $sr = ldap_search($ldap, $ldap_info['nc'], utf8_encode($filter), $attributes); $info = ldap_get_entries($ldap, $sr); // Couldn't retrieve user or computer object from LDAP - alert user & done if ($info == NULL) { DisplayError(__("Cannot retrieve LDAP details. The ") . $_GET["record_type"] . __(" object cannot be found in the LDAP source - ") . $ldap_info["name"]);
function SaveLdapConnectionXml($db) { header("Content-type: text/xml"); // Validate supplied details $html = TestLdapConnectionHtml(); $testresult = strpos($html, "LDAP bind successful") === false ? "false" : "true"; if ($testresult != "true") { return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>"; } // Connect anonymously to get default domain NC & config NC $l = ConnectToLdapServer($_GET["ldap_connection_server"]); $domain_nc = GetDefaultNC($l); $config_nc = GetConfigNC($l); $fqdn = implode(".", explode(",DC=", substr($domain_nc, 3))); ldap_unbind($l); // Authenticate and get domain GUID and NetBIOS name $ldap_user = isEmailAddress($_GET["ldap_connection_user"]) ? $_GET["ldap_connection_user"] : $_GET["ldap_connection_user"] . "@" . $fqdn; $l = ConnectToLdapServer($_GET["ldap_connection_server"], $ldap_user, $_GET["ldap_connection_password"]); $ldap_connection_name = GetDomainNetbios($l, "CN=Partitions," . $config_nc, $domain_nc); ldap_unbind($l); $aes_key = GetAesKey(); if (isset($_GET["ldap_connection_id"]) and strlen($_GET["ldap_connection_id"]) > 0) { // UPDATE query - connection already exists so modify LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "Edit Connection: " . $ldap_connection_name); $sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='" . $domain_nc . "',`ldap_connections_fqdn`='" . $fqdn . "',"; $sql .= "`ldap_connections_server`='" . $_GET["ldap_connection_server"] . "',`ldap_connections_user`=AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),"; $sql .= "`ldap_connections_password`=AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),`ldap_connections_name`='" . $ldap_connection_name . "' "; $sql .= "WHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'"; } else { // INSERT query - new connection LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "New Connection: " . $ldap_connection_name); $sql = "INSERT INTO `ldap_connections` (`ldap_connections_nc`,`ldap_connections_fqdn`,`ldap_connections_server`,`ldap_connections_user`,`ldap_connections_password`,`ldap_connections_name`,`ldap_connections_schema`) "; $sql .= "VALUES ('" . $domain_nc . "','" . $fqdn . "','" . $_GET["ldap_connection_server"] . "',"; $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),"; $sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),'" . $ldap_connection_name . "','AD')"; } mysql_query($sql, $db); //return "<SaveLdapConnection><html>".$html."</html><sql_query>".$sql."</sql_query><result>".$testresult."</result></SaveLdapConnection>"; return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>"; }