function AuthenticateUsingLdap($username, $password, &$ldap_connection)
{
$upn = isEmailAddress($username) ? $username : $username . "@" . $ldap_connection['fqdn'];
// Authenticate
error_reporting(E_ERROR | E_PARSE);
$connect = ConnectToLdapServer($ldap_connection['server'], $upn, $password);
return $connect;
}
function AuditSingleLdapPath(&$ldap_path_details)
{
global $db;
DebugEcho($ldap_path_details);
LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"]);
echo "Auditing LDAP Path: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
// Authenticate
$ldap = ConnectToLdapServer($ldap_path_details["ldap_server"], $ldap_path_details["ldap_user"], $ldap_path_details["ldap_password"]);
if (is_array($ldap)) {
DebugEcho("AuditSingleLdapPath: " . $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server");
LogEvent("ldap_audit_script.php", "AuditSingleLdapPath", $ldap_path_details["ldap_base_dn"] . " : Failed to connect to server");
return;
}
$audit_timestamp = date("YmdHis");
DebugEcho($audit_timestamp);
// Perform user object search and get results
echo "Auditing user accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
$ldap_filter = LDAP_USER_FILTER;
$ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "department");
// $ldap_attributes=array("cn,sn,c,l,st,title,postalcode,physicaldeliveryofficename,telephonenumber,givenname,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,co,department,company,streetaddress,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,scriptpath,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,userprincipalname,lockouttime,objectcategory,dscorepropagationdata,dscorepropagationdata,dscorepropagationdata,lastlogontimestamp,mail,manager");
$ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes);
// Update db, ldap_users table
echo "Updating Users table ...<br>\n";
Updateldap_usersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp);
DebugEcho("Total: " . $ldap_results["count"]);
// Perform computer object search and get results
echo "Auditing computer accounts in: " . $ldap_path_details["ldap_base_dn"] . "<br>\n";
$ldap_filter = LDAP_COMPUTER_FILTER;
$ldap_attributes = array("distinguisedname", "cn", "usnchanged", "objectguid", "description", "operatingSystem", "operatingSystemServicePack");
// $ldap_attributes=array("cn,distinguishedname,instancetype,whencreated,whenchanged,displayname,usncreated,usnchanged,name,objectguid,useraccountcontrol,badpwdcount,codepage,countrycode,badpasswordtime,lastlogoff,lastlogon,localpolicyflags,pwdlastset,primarygroupid,objectsid,accountexpires,logoncount,samaccountname,samaccounttype,operatingsystem,operatingsystemversion,operatingsystemservicepack,dnshostname,serviceprincipalname,serviceprincipalname,objectcategory,iscriticalsystemobject,lastlogontimestamp");
$ldap_results = SearchLdap($ldap, $ldap_path_details["ldap_base_dn"], $ldap_filter, $ldap_attributes);
// Update db, ldap_computers table
echo "Updating Computers table ...<br>\n";
Updateldap_computersTable($ldap_results, $ldap_path_details["ldap_path_id"], $audit_timestamp);
DebugEcho("Total: " . ReturnDataOrNull($ldap_results["count"]));
// Disconnect LDAP
ldap_unbind($ldap);
// Finally update the ldap_paths table with the audit timestamp
$sql = "UPDATE ldap_paths SET ldap_paths_timestamp='" . $audit_timestamp . "' WHERE ldap_paths.ldap_paths_id='" . $ldap_path_details["ldap_path_id"] . "'";
mysql_query($sql, $db);
}
Minor change to GetImage(). Added support for $image_link_ldap_attribute and $human_readable_ldap_fields config
options. Now using DisplayError() from "include_functions.php".
[Nick Brown] 24/04/2009
Added utf8_encode() to LDAP search filter strings
**********************************************************************************************************/
require_once "include.php";
$ldap_info = GetLdapConnection();
// Didn't get LDAP connection - alert user & done
if ($ldap_info === False) {
DisplayError(__("Cannot retrieve LDAP details as you have no LDAP connection defined for this domain."));
}
// Connect (authenticate) to LDAP
$upn = isEmailAddress($ldap_info['user']) ? $ldap_info['user'] : $ldap_info['user'] . "@" . $ldap_info['fqdn'];
$ldap = ConnectToLdapServer($ldap_info['server'], $upn, $ldap_info['password']);
// Get LDAP info
if ($_GET["record_type"] == "computer") {
$sam_account_name = $ldap_info['system_name'] . "\$";
$attributes = $_GET["full_details"] == "y" ? array() : $computer_ldap_attributes;
} else {
// Get user account name - user name *may* be in DOMAIN\ACCOUNT format or may not :-)
$sam_account_name = stripos($ldap_info["net_user_name"], "\\") !== FALSE ? array_pop(explode("\\", $ldap_info["net_user_name"])) : $ldap_info["net_user_name"];
$attributes = $_GET["full_details"] == "y" ? array() : $user_ldap_attributes;
}
$filter = "(&(objectClass=" . $_GET["record_type"] . ")(sAMAccountName=" . $sam_account_name . "))";
$sr = ldap_search($ldap, $ldap_info['nc'], utf8_encode($filter), $attributes);
$info = ldap_get_entries($ldap, $sr);
// Couldn't retrieve user or computer object from LDAP - alert user & done
if ($info == NULL) {
DisplayError(__("Cannot retrieve LDAP details. The ") . $_GET["record_type"] . __(" object cannot be found in the LDAP source - ") . $ldap_info["name"]);
function SaveLdapConnectionXml($db)
{
header("Content-type: text/xml");
// Validate supplied details
$html = TestLdapConnectionHtml();
$testresult = strpos($html, "LDAP bind successful") === false ? "false" : "true";
if ($testresult != "true") {
return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>";
}
// Connect anonymously to get default domain NC & config NC
$l = ConnectToLdapServer($_GET["ldap_connection_server"]);
$domain_nc = GetDefaultNC($l);
$config_nc = GetConfigNC($l);
$fqdn = implode(".", explode(",DC=", substr($domain_nc, 3)));
ldap_unbind($l);
// Authenticate and get domain GUID and NetBIOS name
$ldap_user = isEmailAddress($_GET["ldap_connection_user"]) ? $_GET["ldap_connection_user"] : $_GET["ldap_connection_user"] . "@" . $fqdn;
$l = ConnectToLdapServer($_GET["ldap_connection_server"], $ldap_user, $_GET["ldap_connection_password"]);
$ldap_connection_name = GetDomainNetbios($l, "CN=Partitions," . $config_nc, $domain_nc);
ldap_unbind($l);
$aes_key = GetAesKey();
if (isset($_GET["ldap_connection_id"]) and strlen($_GET["ldap_connection_id"]) > 0) {
// UPDATE query - connection already exists so modify
LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "Edit Connection: " . $ldap_connection_name);
$sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='" . $domain_nc . "',`ldap_connections_fqdn`='" . $fqdn . "',";
$sql .= "`ldap_connections_server`='" . $_GET["ldap_connection_server"] . "',`ldap_connections_user`=AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),";
$sql .= "`ldap_connections_password`=AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),`ldap_connections_name`='" . $ldap_connection_name . "' ";
$sql .= "WHERE ldap_connections_id='" . $_GET["ldap_connection_id"] . "'";
} else {
// INSERT query - new connection
LogEvent("admin_config_data.php", "SaveLdapConnectionXml", "New Connection: " . $ldap_connection_name);
$sql = "INSERT INTO `ldap_connections` (`ldap_connections_nc`,`ldap_connections_fqdn`,`ldap_connections_server`,`ldap_connections_user`,`ldap_connections_password`,`ldap_connections_name`,`ldap_connections_schema`) ";
$sql .= "VALUES ('" . $domain_nc . "','" . $fqdn . "','" . $_GET["ldap_connection_server"] . "',";
$sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_user"] . "','" . $aes_key . "'),";
$sql .= "AES_ENCRYPT('" . $_GET["ldap_connection_password"] . "','" . $aes_key . "'),'" . $ldap_connection_name . "','AD')";
}
mysql_query($sql, $db);
//return "<SaveLdapConnection><html>".$html."</html><sql_query>".$sql."</sql_query><result>".$testresult."</result></SaveLdapConnection>";
return "<SaveLdapConnection><html>" . $html . "</html><result>" . $testresult . "</result></SaveLdapConnection>";
}
