function __destruct()
{
// close the connection
if ($this->ds) {
ldap_unbind($this->ds);
}
}
function ParseLDAP()
{
$ldap = new cronldap();
$today = date('Y-m-d');
$connect = $ldap->ldap_connection;
$_GET["suffix"] = $ldap->suffix;
$pattern = "(&(objectClass=UserArticaClass)(FinalDateToLive=*)(!(FinalDateToLive=0)))";
$attr = array("uid", "FinalDateToLive", "dn");
$sr = ldap_search($connect, $_GET["suffix"], $pattern, $attr);
if ($sr) {
$hash = ldap_get_entries($connect, $sr);
if ($hash["count"] > 0) {
for ($i = 0; $i < $hash["count"]; $i++) {
$uid = $hash[$i]["uid"][0];
$dn = $hash[$i]["dn"];
$FinalDateToLive = $hash[$i][strtolower("FinalDateToLive")][0];
$diff = DateDiff($today, $FinalDateToLive);
echo "Analyze {$dn}: {$uid} :{$FinalDateToLive} ({$diff} day(s))\n";
if ($diff < 0) {
echo "This user must be deleted...\n";
delete_ldap($dn, $connect, true);
DeleteMBX($uid);
}
}
}
}
@ldap_unbind($connect);
unset($GLOBALS["LDAP_BIN_ID"]);
unset($GLOBALS["LDAP_CONNECT_ID"]);
echo "\n";
}
function is_prof($login)
{
global $ldap_server, $ldap_port, $dn;
global $error;
$error = "";
$filter = "(&(cn=profs*)(memberUid={$login}))";
$ldap_groups_attr = array("cn", "memberUid");
/*-----------------------------------------------------*/
$ds = @ldap_connect($ldap_server, $ldap_port);
if ($ds) {
$r = @ldap_bind($ds);
if (!$r) {
$error = "Echec du bind anonyme";
} else {
// Recherche du groupe d'appartenance de l'utilisateur connecte
$result = @ldap_list($ds, $dn["groups"], $filter, $ldap_groups_attr);
if ($result) {
$info = @ldap_get_entries($ds, $result);
if ($info["count"]) {
$is_prof = true;
} else {
$is_prof = false;
}
}
}
}
@ldap_unbind($ds);
@ldap_close($ds);
return $is_prof;
}
/**
* unbinds from the LDAP Server
* @access public
*/
function unBind()
{
if ($this->ldap_debug) {
error_log(__FILE__ . " " . __METHOD__ . " " . __LINE__ . " Unbinding from LDAP Server " . $this->ldapconfig['host']);
}
ldap_unbind($this->ldapconn);
}
function generar_lista_grupos()
{
$user = $_SESSION['userblanco'];
$ldappass = $_SESSION['pass'];
$ldaprdn = "electrotecnica\\" . $user;
$adServer = "pegasus.electrotecnica.local";
#replace with your AD server ip/hostname
$ldapconn = ldap_connect($adServer) or die("Couldn't connect to AD!");
// Bind to the directory server.
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass) or die("Couldn't bind to AD!");
$dn = 'OU=Electrotecnica,dc=electrotecnica,dc=local';
//$filter = 'samaccountname='.$ldaprdn;
$filter = '(samaccountname=' . $user . ')';
$result = ldap_search($ldapconn, $dn, $filter);
$entries = ldap_get_entries($ldapconn, $result);
for ($i = 0; $i < $entries["count"]; $i++) {
try {
$groups = array();
// Loop through the groups that the user is a `memberof`
foreach ($entries[0]['memberof'] as $group) {
// extract Group name from string
$temp = substr($group, 0, stripos($group, ","));
// Strip the CN= and change to lowercase for easy handling
$temp = strtolower(str_replace("CN=", "", $temp));
$groups[] .= $temp;
}
} catch (Exception $e) {
echo 'error';
}
}
// Close the connection
ldap_unbind($ldapconn);
return $groups;
}
/**
* 取消绑定,等同于关闭连接
*
*/
public function unbind()
{
if ($this->link !== false) {
ldap_unbind($this->link);
$this->link = false;
}
}
function update_dhcpmtime_old($au_array)
{
global $ds, $auDN, $ldapError, $dhcpman_pwd;
$entry['dhcpmtime'] = time();
# eigene AU
$results = ldap_mod_replace($ds, $auDN, $entry);
if ($results) {
echo "<br><b>dhcpMTime</b> erfolgreich in AU " . $auDN . " aktualisiert!<br>";
#return 1;
} else {
echo "<br>Fehler beim Aktualisieren der <b>dhcpMTime</b> in {$auDN}!<br>";
}
# andere AUs
if (count($au_array) != 0) {
$au_array = array_unique($au_array);
# Bind als DHCP Manager
$dhcp_uid = "dhcpmanager";
if (!($dhcp_ds = uniLdapConnect($dhcp_uid, $dhcpman_pwd))) {
echo "Konnte nicht als <b>DHCP-Manager</b> mit LDAP Server verbinden";
die;
} else {
#echo "DHCP BIND erfolgreich";
foreach ($au_array as $au) {
$results = ldap_mod_replace($dhcp_ds, $au, $entry);
if ($results) {
echo "<b>dhcpMTime</b> erfolgreich in AU " . $au . " aktualisiert!<br>";
#return 1;
} else {
echo "<br>Fehler beim Aktualisieren der <b>dhcpMTime</b> in AU {$au}!<br>";
}
}
ldap_unbind($dhcp_ds);
}
}
}
public static function authenticate($username, $password)
{
if (!config('cmauth.ldap')) {
Session::flash('ldap_error', "ldap is not set for this application");
return false;
}
if (empty($username) or empty($password)) {
Session::flash('ldap_error', 'Error binding to LDAP: username or password empty');
return false;
}
if (!($ldapconn = ldap_connect(config('cmauth.ldap_server'), config('cmauth.ldap_port')))) {
Session::flash('ldap_error', "Could not connect to LDAP server.");
return false;
}
$ldapRdn = config('cmauth.ldap_domain') . "\\" . $username;
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldapRdn, $password);
if ($ldapbind) {
return true;
} else {
Session::flash('ldap_error', 'You have entered wrong username and password');
return false;
}
ldap_unbind($ldapconn);
} else {
Session::flash('ldap_error', 'Error connecting to LDAP.');
return false;
}
return false;
}
public function close()
{
if (is_resource($this->link)) {
@ldap_unbind($this->link);
$this->link = null;
}
}
function get_ldap_members($group, $user, $password)
{
global $ldap_host;
global $ldap_dn;
$LDAPFieldsToFind = array("member");
print "{$ldap_host} {$ldap_dn}\n";
$ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP");
// OPTIONS TO AD
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP");
//check if group is just a name or an ldap string
$group_cn = preg_match("/cn=/i", $group) ? $group : "cn={$group}";
$results = ldap_search($ldap, $ldap_dn, $group_cn, $LDAPFieldsToFind);
$member_list = ldap_get_entries($ldap, $results);
$group_member_details = array();
if (is_array($member_list[0])) {
foreach ($member_list[0] as $list) {
if (is_array($list)) {
foreach ($list as $member) {
$member_dn = explode_dn($member);
$member_cn = str_replace("CN=", "", $member_dn[0]);
$member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")");
$member_details = ldap_get_entries($ldap, $member_search);
$group_member_details[] = array($member_details[0]['samaccountname'][0], $member_details[0]['displayname'][0], $member_details[0]['useraccountcontrol'][0]);
}
}
}
}
ldap_close($ldap);
array_shift($group_member_details);
return $group_member_details;
ldap_unbind($ldap);
}
function ldap_login($username, $password)
{
$ldapServer = "ldap.iitm.ac.in";
$ldapPort = 389;
$ldapDn = "cn=students,ou=bind,dc=ldap,dc=iitm,dc=ac,dc=in";
$ldapPass = "******";
$ldapConn = ldap_connect($ldapServer, $ldapPort) or die("Could not connect to LDAP server.");
echo $ldapConn;
$studentUser = $username;
$studentPass = $password;
if ($ldapConn) {
$ldapBind = @ldap_bind($ldapConn, $ldapDn, $ldapPass);
if ($ldapBind) {
$filter = "(&(objectclass=*)(uid=" . $studentUser . "))";
$ldapDn = "dc=ldap,dc=iitm,dc=ac,dc=in";
$result = @ldap_search($ldapConn, $ldapDn, $filter) or die("Error in search query: " . ldap_error($ldapConn));
$entries = @ldap_get_entries($ldapConn, $result);
foreach ($entries as $values => $values1) {
$logindn = $values1['dn'];
}
$loginbind = @ldap_bind($ldapConn, $logindn, $studentPass);
if ($loginbind) {
return 1;
}
}
}
@ldap_unbind($ldapConn);
return 0;
}
/**
* Unbinds the current University LDAP connection when the object is destroyed.
*/
public function __destruct()
{
$this->log('Unbinding from University LDAP.');
if (!ldap_unbind($this->connection)) {
$this->trigger_ldap_error('Unable unbind from University LDAP.', E_USER_WARNING);
}
}
function login($uid, $pwd, $ip = 0)
{
$this->groups = array();
$this->uid = $uid;
if (!($ds = ldap_connect($this->host))) {
return false;
}
if (!($r = @ldap_bind($ds, "uid={$uid},{$this->basedn}", $pwd))) {
ldap_unbind($ds);
sess_log(LOG_LOGIN, 0, "uid={$uid},{$this->basedn}", 0);
return false;
}
$filter = "(&(objectclass=posixGroup)(memberuid={$uid}))";
$retvals = array("cn");
$sr = ldap_search($ds, $this->basedn, $filter, $retvals);
$entries = ldap_get_entries($ds, $sr);
$this->groups = array();
for ($i = 0; $i < $entries["count"]; $i++) {
for ($j = 0; $j < $entries[$i]["cn"]["count"]; $j++) {
$this->groups[] = $entries[$i]["cn"][$j];
}
}
ldap_free_result($sr);
ldap_unbind($ds);
// print_r( $this->groups );
sess_log(LOG_LOGIN, 0, "uid={$uid},{$this->basedn}", 1);
return true;
}
public function disconnect()
{
if ($ldapConnection) {
@ldap_unbind($ldapConnection);
//Assume success
}
$ldapConnection = null;
}
/**
* @see IdentityProvider_Driver::is_correct_password.
*/
public function is_correct_password($user, $password)
{
$connection = ldap_connect(self::$_params["url"]);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
$lbind = @ldap_bind($connection, $user->dn, $password);
ldap_unbind($connection);
return $lbind ? true : false;
}
function logout($connection)
{
if (ldap_unbind($connection)) {
return 0;
} else {
//$ldap_error = ldap_error($connection);
return 1;
}
}
public function Logoff()
{
if (ldap_unbind($this->ldap_link)) {
ZLog::Write(LOGLEVEL_INFO, sprintf("BackendLDAP->Logoff(): Disconnection successfull."));
} else {
ZLog::Write(LOGLEVEL_INFO, sprintf("BackendLDAP->Logoff(): Disconnection failed. Error: %s", ldap_error($this->ldap_link)));
}
return true;
}
function ad_end()
{
global $adconn;
if (!isset($adconn)) {
die('Error, no LDAP connection established');
}
// Close existing LDAP connection
ldap_unbind($adconn);
}
function ad_authUser($upn, $pw)
{
//precondition: $upn and $pw are assumed to be AD credentials within AD_SCOPE
//postcondition: return true if they are valid credentials, false otherwise
$ldh = ad_connect();
$dn = ad_fetchDN($upn, $ldh);
$pass = ad_authDN($dn, $pw, $ldh);
ldap_unbind($ldh);
return $pass;
}
function validate_login($username, $password)
{
global $HOST, $PORT, $DN;
$user_connect = ldap_connect($HOST, $PORT);
if ($user_bind = @ldap_bind($user_connect, "uid=" . $username . "," . $DN, $password)) {
ldap_unbind($user_connect);
return true;
}
return false;
}
function logout()
{
if ($this->ldapConn && ldap_unbind($this->ldapConn)) {
$this->ldapConn = null;
$this->ldapUser = null;
$this->groupNames = null;
return true;
} else {
return false;
}
}
function cleanUp()
{
global $ad, $mconn;
if (isset($ad)) {
ldap_unbind($ad);
unset($GLOBALS["ad"]);
}
if (isset($mconn)) {
mysqli_close($mconn);
unset($GLOBALS["mconn"]);
}
}
public function authenticate($username, $password, &$userId)
{
// Check if username should be authenticated locally
if (in_array($username, $this->LDAP_LOCAL_ACCOUNTS)) {
return $this->kimaiAuth->authenticate($username, $password, $userId);
}
// Check environment sanity
if (!function_exists('ldap_bind')) {
echo 'ldap is not installed!';
$userId = false;
return false;
}
// Check if username is legal
$check_username = trim($username);
if (!$check_username || !trim($password) || $this->LDAP_FORCE_USERNAME_LOWERCASE && strtolower($check_username) !== $check_username) {
$userId = false;
return false;
}
// Connect to LDAP
$connect_result = ldap_connect($this->LADP_SERVER);
if (!$connect_result) {
echo "Cannot connect to ", $this->LADP_SERVER;
$userId = false;
return false;
}
ldap_set_option($connect_result, LDAP_OPT_PROTOCOL_VERSION, 3);
// Try to bind. Binding means user and pwd are valid.
$bind_result = ldap_bind($connect_result, $this->LDAP_USERNAME_PREFIX . $check_username . $this->LDAP_USERNAME_POSTFIX, $password);
if (!$bind_result) {
// Nope!
$userId = false;
return false;
}
ldap_unbind($connect_result);
// User is authenticated. Does it exist in Kimai yet?
$check_username = $this->LDAP_FORCE_USERNAME_LOWERCASE ? strtolower($check_username) : $check_username;
$userId = $this->database->user_name2id($check_username);
if ($userId === false) {
// User does not exist (yet)
if ($this->LDAP_USER_AUTOCREATE) {
// Create it!
$userId = $this->database->user_create(array('name' => $check_username, 'globalRoleID' => $this->getDefaultGlobalRole(), 'active' => 1));
$this->database->setGroupMemberships($userId, array($this->getDefaultGroups()));
// Set a password, to calm kimai down
$usr_data = array('password' => md5($this->kga['password_salt'] . md5(uniqid(rand(), true)) . $this->kga['password_salt']));
$this->database->user_edit($userId, $usr_data);
} else {
$userId = false;
return false;
}
}
return true;
}
function authenticate($user, $password)
{
// Active Directory server
$ldap_host = "172.22.1.4";
// Active Directory DN
$ldap_dn = "dc=gcs,dc=local";
// Active Directory user group
$ldap_user_group = "bcmGroup";
// Active Directory manager group
$ldap_manager_group = "bcmGroup";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@gcs.local";
// connect to active directory
$ldap = ldap_connect($ldap_host);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
// verify user and password
if ($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
// check groups
foreach ($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) {
$access = 2;
break;
}
// is user
if (strpos($grps, $ldap_user_group)) {
$access = 1;
}
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
}
function checkLogin($user, $password)
{
global $HOST, $PORT, $DN;
// Make a new connection to the LDAP server for validating the user
$user_connect = ldap_connect($HOST, $PORT);
// Try to bind to the LDAP server with the username and password the user entered
if ($user_bind = @ldap_bind($user_connect, "uid=" . $user . "," . $DN, $password)) {
// Successfull bind
// Get the groups the user is a member of
$filter = "(uid=" . $user . ")";
$attr = array("memberOf");
$result = ldap_search($user_connect, $DN, $filter, $attr) or die($connection_error_message);
$entries = ldap_get_entries($user_connect, $result);
ldap_unbind($user_connect);
// Determen the access (higher number => more access)
$access = -1;
// No access
// Check the groups for access
foreach ($entries[0]['memberof'] as $grps) {
// Is admin, break loop
if (strpos($grps, "it-drift")) {
$access = 2;
break;
}
// Is manager
if (strpos($grps, "funk")) {
$access = 1;
}
// Is user
if (strpos($grps, "active") && $access < 0) {
$access = 0;
}
}
if ($access >= 0) {
// Access granted
// Establish session variables
$_SESSION['username'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// Access denied
return false;
}
} else {
// Invalid username or password
return false;
}
// Just for safety
return false;
}
function login($email_or_nickname, $password)
{
$this->session->unset_userdata('mbr_id');
if ($this->config->item('ldap') && filter_var($email_or_nickname, FILTER_VALIDATE_EMAIL)) {
$ldap_connect = ldap_connect($this->config->item('ldap_server'), $this->config->item('ldap_port'));
if ($ldap_connect) {
ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, $this->config->item('ldap_protocol'));
ldap_set_option($ldap_connect, LDAP_OPT_REFERRALS, 0);
if (ldap_bind($ldap_connect, $this->config->item('ldap_rootdn'), $this->config->item('ldap_rootpw'))) {
$ldap_search = ldap_search($ldap_connect, $this->config->item('ldap_basedn'), str_replace('[email]', $email_or_nickname, $this->config->item('ldap_filter')));
if ($ldap_search) {
$ldap_get_entries = ldap_get_entries($ldap_connect, $ldap_search);
if ($ldap_get_entries['count'] > 0) {
try {
if (ldap_bind($ldap_connect, $ldap_get_entries[0]['dn'], $password)) {
$query = $this->db->query('SELECT mbr.* FROM ' . $this->db->dbprefix('members') . ' AS mbr WHERE mbr.mbr_email = ? GROUP BY mbr.mbr_id', array($email_or_nickname));
if ($query->num_rows() > 0) {
$member = $query->row();
$this->db->set('mbr_password', $this->readerself_library->set_salt_password($password));
$this->db->where('mbr_id', $member->mbr_id);
$this->db->update('members');
} else {
$this->db->set('mbr_email', $email_or_nickname);
$this->db->set('mbr_password', $this->readerself_library->set_salt_password($password));
$this->db->set('mbr_datecreated', date('Y-m-d H:i:s'));
$this->db->insert('members');
$member = $this->get($this->db->insert_id());
}
$this->connect($member->mbr_id);
return TRUE;
}
} catch (Exception $e) {
}
}
}
}
ldap_unbind($ldap_connect);
}
} else {
$query = $this->db->query('SELECT mbr.* FROM ' . $this->db->dbprefix('members') . ' AS mbr WHERE mbr.mbr_email = ? OR (mbr.mbr_nickname = ? AND mbr.mbr_nickname IS NOT NULL) GROUP BY mbr.mbr_id', array($email_or_nickname, $email_or_nickname));
if ($query->num_rows() > 0) {
$member = $query->row();
if ($this->readerself_library->set_salt_password($password) == $member->mbr_password) {
$this->connect($member->mbr_id);
return TRUE;
}
}
}
return FALSE;
}
public function callback()
{
global $cfg;
if (ldap_bind($this->ldap, $cfg->settings["security"]["ldap_bind_user"], $cfg->settings["security"]["ldap_bind_pwd"])) {
$searchfilter = "(&(" . $cfg->settings["security"]["ldap_username_attr"] . '=' . $_POST["uname"] . ")" . $cfg->settings["security"]["ldap_search_filter"] . ")";
$found = ldap_search($this->ldap, $cfg->settings["security"]["ldap_search_base"], $searchfilter);
$results = ldap_get_entries($this->ldap, $found);
if ($results["count"] == 1) {
$dn = $results[0]["dn"];
//Bind as user
if (ldap_bind($this->ldap, $dn, $_POST["pwd"])) {
$this->data["sAMAccountName"] = $_POST["uname"];
$this->firstName = $results[0]['givenname'][0];
$this->lastName = $results[0]['sn'][0];
$this->email = $results[0]['mail'][0];
$this->language = "en";
return true;
/*
$grps = ldap_get_values($this->ldap, $ent, "memberOf");
foreach($grps as $grp){
if(preg_match("/{$cfg->settings["security"]["ldap_ug"]}/", $grp))
{
$this->data = array();
$this->data["sAMAccountName"] = $_POST["uname"];
$grps = ldap_get_values($this->ldap, $ent, "givenName");
$this->firstName = $grps[0];
$grps = ldap_get_values($this->ldap, $ent, "sn");
$this->lastName = $grps[0];
$grps = ldap_get_values($this->ldap, $ent, "mail");
$this->email = $grps[0];
$this->language = "en";
return true;
}
}
return "Not in group";
*/
} else {
return "Bad Credentials";
}
} else {
return "User Not Found";
}
ldap_unbind($this->ldap);
} else {
return "Bad Credentials";
}
}
function ldapSearchUser($filter, $required)
{
global $AUTHCFG;
$conn = ldapConnectServer();
if ($conn == NULL) {
return NULL;
}
$ident = @ldap_search($conn, $AUTHCFG['ldap_basedn'], $filter, $required);
if ($ident) {
$result = ldap_get_entries($conn, $ident);
ldap_free_result($ident);
}
ldap_unbind($conn);
return $result;
}
function authenticate($user, $password, $email_add)
{
global $ldap_host, $ldap_usr_dom, $ldap_dn, $ldap_username, $ldap_password;
$ldap = ldap_connect($ldap_host);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
$filter = "(mail=" . $email_add . ")";
$attr = array("displayName", "company", "sn", "givenName", "title", "mobile", "telephoneNumber", "physicalDeliveryOfficeName", "thumbnailphoto", "mail");
$resultad = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to connect to LDAP server");
$entries = ldap_get_entries($ldap, $resultad);
ldap_unbind($ldap);
return $entries;
}
}
public function login($user, $password)
{
if ($user and $password) {
$connection = @ldap_connect($this->server);
if ($connection) {
$this->status = @ldap_bind($connection, $user, $password);
if ($this->status) {
$this->user = $user;
}
} else {
$this->status = false;
$this->user = "";
}
ldap_unbind($connection);
}
return $this->status;
}
