public function retrieveByUsername($username) { $user = $this->adServer->user()->infoCollection($username); if ($user !== false) { $ldapUser = app('LaravelAuthLdap\\Contracts\\LdapUser'); $ldapUser->setUser($user); return $ldapUser; } }
/** * Change the default address * * @param string $username The username of the user to add the Exchange account to * @param string $emailAddress The email address to make default * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function primaryAddress($username, $emailAddress, $isGUID = false) { if ($username === NULL) { return "Missing compulsory field [username]"; } if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; } // Find the dn of the user $user = $this->adldap->user()->info($username, array("cn", "proxyaddresses"), $isGUID); if ($user[0]["dn"] === NULL) { return false; } $userDn = $user[0]["dn"]; if (is_array($user[0]["proxyaddresses"])) { $modAddresses = array(); for ($i = 0; $i < sizeof($user[0]['proxyaddresses']); $i++) { if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) { $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]); } if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) { $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]); } if ($user[0]['proxyaddresses'][$i] != '') { $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i]; } } $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses); if ($result == false) { return false; } return true; } }
/** * Retrieve a user by the given credentials. * * @param array $credentials * * @return Illuminate\Auth\GenericUser|null */ public function retrieveByCredentials(array $credentials) { if (!($user = $credentials[$this->getUsernameField()])) { throw new \InvalidArgumentException(); } //recursive groups fix if ($this->ad->getRecursiveGroups()) { $info = $this->ad->user()->info($user, ['*']); $groups = $this->ad->user()->groups($user); $info[0]['memberof'] = $groups; $info[0]['memberof']['count'] = count($groups); $infoCollection = new \adLDAP\collections\adLDAPUserCollection($info, $this->ad); } else { $infoCollection = $this->ad->user()->infoCollection($user, ['*']); } if ($infoCollection) { $ldapUserInfo = $this->setInfoArray($infoCollection); if ($this->model) { $query = $this->createModel()->newQuery(); foreach ($credentials as $k => $credential) { if (!str_contains($k, 'password') && !str_contains($k, '_token')) { $query->where($k, $credential); } } if ($model = $query->first()) { return $this->addLdapToModel($model, $ldapUserInfo); } } return new LdapUser((array) $ldapUserInfo); } }
/** * Get all users with their LDAP fields * * @return Collection * @throws Exception */ public function getAllUsersWithFields() { //Get all users from LDAP $users = $this->getAllUsers(); $collection = new Collection([]); foreach ($users as $user) { $info = $this->adldap->user()->info($user, $this->fields)[0]; //If there is no displayname its probably a local account if (!isset($info['displayname'])) { continue; } //Add it to the collection $collection->push(new LdapUserObject($info, $this->fields)); } return $collection; }
/** * Retrieve a user by the given credentials. * * @param array $credentials * @return Authenticatable|null */ public function retrieveByCredentials(array $credentials) { if ($this->adldap->authenticate($credentials['username'], $credentials['password'])) { $userInfo = $this->adldap->user()->info($credentials['username'], $this->fields)[0]; $userInfo['username'][0] = $credentials['username']; return $this->createUser($userInfo); } }
/** * Retrieve a user by the given credentials. * * @param array $credentials * @return Illuminate\Auth\GenericUser|null */ public function retrieveByCredentials(array $credentials) { if (!($user = $credentials[$this->getUsernameField()])) { throw new InvalidArgumentException(); } $infoCollection = $this->ad->user()->infoCollection($user, array('*')); if ($infoCollection) { $ldapUserInfo = $this->setInfoArray($infoCollection); if ($this->model) { $query = $this->createModel()->newQuery(); foreach ($credentials as $k => $credential) { if (!str_contains($k, 'password') && !str_contains($k, '_token')) { $query->where($k, $credential); } } if ($model = $query->first()) { return $this->addLdapToModel($model, $ldapUserInfo); } } return new LdapUser((array) $ldapUserInfo); } }
/** * Retrieve a user by the given credentials. * * @param array $credentials * @return Authenticatable|null */ public function retrieveByCredentials(array $credentials) { if ($this->adldap->authenticate($credentials['username'], $credentials['password'])) { $userInfo = $this->adldap->user()->info($credentials['username'], array('*'))[0]; foreach ($userInfo as $key => $value) { switch ($key) { case "memberof": $no_count = array(); for ($i = 0; $i < count($value) - 1; $i++) { $group = array(); preg_match_all("/(.*?)(?=\\,)/", $value[$i], $group); $the_group = substr($group[0][0], 3); $no_count[$i] = $the_group; } $credentials[$key] = $no_count; break; default: $credentials[$key] = $value[0]; break; } } return new LdapUser($credentials); } }
/** * Remove a user from a group * * @param string $group The group to remove a user from * @param string $user The AD user to remove from the group * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function removeUser($group, $user, $isGUID = false) { // Find the parent dn $groupInfo = $this->info($group, array("cn")); if ($groupInfo[0]["dn"] === NULL) { return false; } $groupDn = $groupInfo[0]["dn"]; // Find the users dn $userDn = $this->adldap->user()->dn($user, $isGUID); if ($userDn === false) { return false; } $del = array(); $del["member"] = $userDn; $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); if ($result == false) { return false; } return true; }
/** * Retrieve a user by the given credentials. * * @param array $credentials * * @return Illuminate\Auth\GenericUser|null */ public function retrieveByCredentials(array $credentials) { if (!($user = $credentials[$this->getUsernameField()])) { throw new \InvalidArgumentException(); } //recursive groups fix if ($this->ad->getRecursiveGroups()) { $info = $this->ad->user()->info($user, ['*']); $groups = $this->ad->user()->groups($user); $info[0]['memberof'] = $groups; $info[0]['memberof']['count'] = count($groups); $infoCollection = new \adLDAP\collections\adLDAPUserCollection($info, $this->ad); } else { $infoCollection = $this->ad->user()->info($user, ['*']); } if ($infoCollection != null) { // $ldapUserInfo = $this->setInfoArray($infoCollection); if ($this->model) { $query = $this->createModel()->newQuery(); foreach ($credentials as $k => $credential) { if (!str_contains($k, 'password') && !str_contains($k, '_token')) { $query->where($k, $credential); } } $ldapUserInfo = $this->ad->user()->info($user, ['*'])[0]; $userinfo = ['home_directory' => $ldapUserInfo["homedirectory"][0], 'password' => str_replace('{crypt}', '', $ldapUserInfo['userpassword'][0]), 'uid_number' => $ldapUserInfo['uidnumber'][0], 'uid' => $ldapUserInfo['uid'][0], 'gid' => $ldapUserInfo['gidnumber'][0]]; if ($model = $query->first()) { \App\User::find($model->id)->update($userinfo); return $model; } else { // If the student is registered on LDAP but isn't // in our database $user = \App\User::create($userinfo); return $user; } } } }
/** * Fetches the user data via adLDAP and stores it in the provided $user. * * @param AdUser|User $user * @param TokenInterface $token * @param adLDAP $adLdap * @return bool * @throws \Exception */ public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $userCollection */ $userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*')); if ($userCollection) { $user->setDisplayName($userCollection->displayName); $user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid)); $user->setEmail($userCollection->mail); $user->setPassword($token->getCredentials()); $roles = ['ROLE_USER']; if (in_array($userCollection->mail, $this->config['admin_emails'], true)) { $roles[] = 'ROLE_ADMIN'; } $user->setRoles($roles); $this->userService->saveLDAPUserData($user); return true; } return false; }
if (0) { $attributes = array('group_name' => 'Test Group', 'description' => 'Just Testing', 'container' => array('Groups', 'A Container')); $result = $adldap->group()->create($attributes); var_dump($result); } // retrieve information about a group if (0) { // Raw data array returned $result = $adldap->group()->info('Group Name'); var_dump($result); } // create a user account if (0) { $attributes = array('username' => 'freds', 'logon_name' => '*****@*****.**', 'firstname' => 'Fred', 'surname' => 'Smith', 'company' => 'My Company', 'department' => 'My Department', 'email' => '*****@*****.**', 'container' => array('Container Parent', 'Container Child'), 'enabled' => 1, 'password' => 'Password123'); try { $result = $adldap->user()->create($attributes); var_dump($result); } catch (adLDAPException $e) { echo $e; exit; } } // retrieve the group membership for a user if (0) { $result = $adldap->user()->groups('username'); print_r($result); } // retrieve information about a user if (0) { // Raw data array returned $result = $adldap->user()->info('username');
/** * Fetches the user data via adLDAP and stores it in the provided $user. * * @param AdUser|User $user * @param TokenInterface $token * @param adLDAP $adLdap * @return bool * @throws \Exception */ public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $userCollection */ $userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*')); if ($userCollection) { $groups = $adLdap->user()->groups($user->getUsername(), $this->recursiveGrouproles); $sfRoles = array(); $sfRolesTemp = array(); foreach ($groups as $r) { if (in_array($r, $sfRolesTemp) === false) { $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r)); $sfRolesTemp[] = $r; } } $user->setRoles($sfRoles); unset($sfRolesTemp); $user->setDisplayName($userCollection->displayName); $user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid)); $user->setEmail($userCollection->mail); $user->setRoles(['ROLE_USER']); $user->setPassword($token->getCredentials()); return true; } return false; }
/** * Validates the credentials against the configured LDAP/AD server. * The credentials are passed in an array with the keys 'username' * and 'password'. * * @param array $credentials The credentials to validate. * @return boolean */ private function validateLDAPCredentials(array $credentials) { $credentialsValidated = false; $adldap = false; try { $userPassword = $credentials['password']; $userName = $credentials['username']; $ldapConOp = $this->GetLDAPConnectionOptions(); // // Set LDAP debug log level - useful in DEV, dangerous in PROD!! // ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Try to authenticate using AD/LDAP $adldap = new adLDAP($ldapConOp); $authUser = $adldap->user()->authenticate($userName, $userPassword); // If the user got authenticated if ($authUser == true) { $credentialsValidated = true; } else { $this->handleLDAPError($adldap); $credentialsValidated = false; } } catch (\Exception $ex) { Log::error('Exception validating LDAP credential for user: '******', Exception message: ' . $ex->getMessage()); Log::error($ex->getTraceAsString()); $this->handleLDAPError($adldap); $credentialsValidated = false; } if (isset($adldap)) { $adldap->close(); unset($adldap); } return $credentialsValidated; }
if (0) { $attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container")); $result = $adldap->group()->create($attributes); var_dump($result); } // retrieve information about a group if (0) { // Raw data array returned $result = $adldap->group()->info("Group Name"); var_dump($result); } // create a user account if (0) { $attributes = array("username" => "freds", "logon_name" => "*****@*****.**", "firstname" => "Fred", "surname" => "Smith", "company" => "My Company", "department" => "My Department", "email" => "*****@*****.**", "container" => array("Container Parent", "Container Child"), "enabled" => 1, "password" => "Password123"); try { $result = $adldap->user()->create($attributes); var_dump($result); } catch (adLDAPException $e) { echo $e; exit; } } // retrieve the group membership for a user if (0) { $result = $adldap->user()->groups("username"); print_r($result); } // retrieve information about a user if (0) { // Raw data array returned $result = $adldap->user()->info("username");
public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap) { $connected = $adLdap->connect(); $isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials()); if (!$isAD || !$connected) { $msg = $this->translator->trans('ztec.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1))); throw new \Exception($msg); } /** @var adLDAPUserCollection $user */ $user = $adLdap->user()->infoCollection($adUser->getUsername()); //$userInfo = $adLdap->user_info($this->username); if ($user) { $groups = array(); //$allGroups = $adLdap->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP,true); $groups = $adLdap->user()->groups($adUser->getUsername(), $this->recursiveGrouproles); /*if ($this->recursiveGrouproles == true) { // get recursive groups via adLdap $groups = $adLdap->user()->groups($adUser->getUsername(), true); } else { foreach ($user->memberOf as $k => $group) { if ($k !== 'count' && $group) { $reg = '#CN=([^,]*)#'; preg_match_all($reg, $group, $out); $groups[] = $out[1][0]; /* if(array_key_exists($out[1][0],$allGroups)){ $groups[$out[1][0]] = $allGroups[$out[1][0]]; }*/ /*} } }*/ /** End Fetching */ $sfRoles = array(); $sfRolesTemp = array(); foreach ($groups as $r) { if (in_array($r, $sfRolesTemp) === false) { $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r)); $sfRolesTemp[] = $r; } } $adUser->setRoles($sfRoles); unset($sfRolesTemp); $adUser->setDisplayName($user->displayName); $adUser->setEmail($user->mail); return true; } }
if (isset($_POST[$optName])) { $options[$optName] = $_POST[$optName]; } } $options['domain_controllers'] = array_filter($options['domain_controllers']); $adldap = false; $exception = false; if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) { try { $adldap = new adLDAP($options); $options['base_dn'] = $adldap->getBaseDn(); $options['ad_port'] = $adldap->getPort(); } catch (adLDAPException $e) { $exception = $e; } } $username = !empty($_POST['username']) ? $_POST['username'] : ''; $info = false; if ($adldap && !empty($username)) { $password = $_POST['password']; try { $adldap->authenticate($username, $password); $info = $adldap->user()->info($username, ['*']); if (isset($info[0])) { $info = $info[0]; } } catch (\adLDAP\Exceptions\adLDAPException $e) { $exception = $e; } } require 'view.html.php';