function getMainOptions($startArray, $recursiveKey = 0, $finalArray = array())
{
$countedElements = count($startArray);
foreach ($startArray as $key => $element) {
if ($recursiveKey == 0) {
$getMainOptions = getMainOptions($startArray, $key, $finalArray);
if ($getMainOptions[$key]) {
$finalArray[$key] = $getMainOptions[$key];
}
}
if ($recursiveKey > 0 && ($recursiveKey != $key || $countedElements == 1)) {
if (!multiKeyExists($element, $recursiveKey)) {
$finalArray[$recursiveKey] = $recursiveKey;
}
}
}
return $finalArray;
}
function multiKeyExists(array $arr, $key)
{
// is in base array?
if (array_key_exists($key, $arr)) {
return true;
}
// check arrays contained in this array
foreach ($arr as $element) {
if (is_array($element)) {
if (multiKeyExists($element, $key)) {
return true;
}
}
}
return false;
}
function getMainOptions($startArray, $finalArray = array(), $recursiveKey = 0)
{
foreach ($startArray as $key => $element) {
if ($recursiveKey == 0) {
$finalArray = getMainOptions($startArray, $finalArray, $key);
} elseif ($recursiveKey > 0 && $key != $recursiveKey) {
if (!multiKeyExists($element, $recursiveKey)) {
$finalArray[$recursiveKey] = $recursiveKey;
}
}
}
return $finalArray;
}
/**
* New method to validate user login with LDAP/AD will be step one validation. Step two is to bounce the username and
* password with FileMaker however it is not clear how the flow is defined 10/27/2015
* @param $post - $_POST array
* @param $site_prefix String site homepage prefix from site configuration file
*/
function authenticateLdap($post, $site_prefix, $dbHandle)
{
global $log, $memberOfList, $ldapKeySearch, $baseDn;
$username = $post['username'];
$password = $post['password'];
$log->debug("Now process login with TDC LDAP server with username: "******" password: "******"@" . COMPANY_DOMAIN;
//Port number is optional BUT this could be important if end user has different port number for
// their LDAP/Active Directory.
//TODO Explore SSL LDAP connection
$ldapConn = ldap_connect("ldap://" . LDAP_SERVER . "/", LDAP_PORT) or die("Could not connect to: " . LDAP_SERVER);
if ($ldapConn) {
//connection to LDAP server was successful
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
//Specifies the LDAP protocol to be used (V2 or V3)
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0);
//Specifies whether to automatically follow referrals returned by the LDAP server
$log->debug("Bind using -> Username: "******" Password: "******" LDAP RDN: " . $ldapRdn);
$bind = @ldap_bind($ldapConn, $ldapRdn, $password);
if ($bind) {
//user successfully logged into LDAP/AD (Bind) server
//Now setup LDAP search fields and return fields
$filter = "(&(objectClass=user)(sAMAccountName={$username}))";
$theseFieldOnly = array("cn", "sAMAccountName", "memberOf");
$result = ldap_search($ldapConn, $baseDn, $filter, $theseFieldOnly);
$info = ldap_get_entries($ldapConn, $result);
//validate that user belongs to (memberOf) OnAir-Pro groups
if (multiKeyExists($info, $ldapKeySearch, $memberOfList)) {
ldap_unbind($ldapConn);
//for disconnect from LDAP once done
$log->debug("User Logged in via LDAP and groups were validated. Now return and call FM to setup session data");
return;
} else {
//Could not validate user belongs to group memberOf field of LDAP
ldap_unbind($ldapConn);
//for disconnect from LDAP once done
$log->debug("Group membership validation failed. So call FileMaker to validate if user belongs to site");
return;
//header("location: " .$site_prefix ."index.php?error=" .$error);
//exit;
}
} else {
//unsuccessful login to LDAP AD (note: authenticate with FileMaker since LDAP failed)
$log->debug("LDAP-Bind failed use full FM method for login process");
$log->error("authenticateLdap - Login Error: " . ldap_error($ldapConn) . " username: "******"authenticateLdap - LDAP server is down or application was unable to connect";
$log->error($errorMessage . " Error: " . ldap_error($ldapConn));
ldap_unbind($ldapConn);
$log->debug("LDAP/AD connection error switch to FM login process");
authenticateFMOnly($dbHandle, $post, $site_prefix);
}
}
/**
* Recursive Method to search a multi dimensional array returned by LDAP query. Currently the key is memberOf to extract
* all group names. The method appends each (example CN=Remote Desktop Users,CN=Builtin,DC=thoughtdev,DC=com)
* array item
* @param array $arr an array of Strings of groups names
* @param $key the target array/map key (currently memberOf)
* @param $searchGroups String or array of Strings to find
* @return bool return if key and group name found
*/
function multiKeyExists($arr, $key, $searchGroups)
{
if (array_key_exists($key, $arr)) {
return true;
}
foreach ($arr as $element) {
if (is_array($element)) {
$searchString = "";
if (multiKeyExists($element, $key, $searchGroups)) {
$memOfArray = $element[$key];
if (is_array($memOfArray)) {
for ($index = 0; $index < $memOfArray['count']; $index++) {
//added this space in search string results to account exploded array from LDAP return
$searchString .= " " . $memOfArray[$index];
}
$searchRet = inSearchString($searchString, $searchGroups);
return $searchRet;
} else {
echo $memOfArray . PHP_EOL;
}
}
}
}
return false;
}