public function index()
{
$this->id = "content";
$this->template = "ldap/list.tpl";
$this->layout = "common/layout";
$request = Registry::get('request');
$db = Registry::get('db');
$lang = Registry::get('language');
$ldap = new LDAP($this->request->post['ldap_host'], $this->request->post['ldap_bind_dn'], $this->request->post['ldap_bind_pw']);
if ($ldap->is_bind_ok()) {
print "<span class=\"text-success\">" . $lang->data['text_connection_ok'] . "</span> ";
$query = $ldap->query($this->request->post['ldap_base_dn'], "(mail=*)", array());
if ($query->num_rows < 1) {
print "<span class=\"text-error\">" . $lang->data['text_not_found_any_email_address'] . "</span> ";
}
} else {
print "<span class=\"text-error\">" . $lang->data['text_connection_failed'] . "</span> ";
}
}
public function get_accounts_in_domain($domain = '')
{
$ldap_type = '';
$ldap_host = LDAP_HOST;
$ldap_base_dn = LDAP_BASE_DN;
$ldap_helper_dn = LDAP_HELPER_DN;
$ldap_helper_password = LDAP_HELPER_PASSWORD;
if (ENABLE_SAAS == 1) {
$a = $this->model_saas_ldap->get_ldap_params_by_email("aaa@" . $domain);
if (count($a) >= 5) {
$ldap_type = $a[0];
$ldap_host = $a[1];
$ldap_base_dn = $a[2];
$ldap_helper_dn = $a[3];
$ldap_helper_password = $a[4];
}
}
list($ldap_mail_attr, $ldap_account_objectclass, $ldap_distributionlist_attr, $ldap_distributionlist_objectclass) = get_ldap_attribute_names($ldap_type);
if ($ldap_host == '' || $ldap_helper_password == '') {
return array();
}
$ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password);
if ($ldap->is_bind_ok()) {
$query = $ldap->query($ldap_base_dn, "(&(objectClass={$ldap_account_objectclass})({$ldap_mail_attr}=*@{$domain}))", array($ldap_mail_attr));
if ($query->num_rows > 0) {
asort($query->rows);
return $query->rows;
}
}
return array();
}
public function count_emails($s = '')
{
$count = 0;
if (strlen($s) < 1) {
return $count;
}
if (ENABLE_LDAP_AUTH == 1) {
$ldap = new LDAP(LDAP_HOST, LDAP_HELPER_DN, LDAP_HELPER_PASSWORD);
if ($ldap->is_bind_ok()) {
$query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=" . $s . "*))", array());
if (isset($query->rows)) {
$count = $query->num_rows;
}
}
}
$query = $this->db->query("SELECT COUNT(*) AS num FROM `" . TABLE_EMAIL . "` WHERE email LIKE ?", array($s . "%"));
$count += $query->row['num'];
return $count;
}
public function check_ntlm_auth()
{
$ldap_auditor_member_dn = LDAP_AUDITOR_MEMBER_DN;
$ldap_admin_member_dn = LDAP_ADMIN_MEMBER_DN;
$role = 0;
if (!isset($_SERVER['REMOTE_USER']) || $_SERVER['REMOTE_USER'] == '') {
return 0;
}
$u = explode("\\", $_SERVER['REMOTE_USER']);
if (isset($u[1])) {
$username = $u[1];
} else {
$username = $_SERVER['REMOTE_USER'];
}
if (ENABLE_SYSLOG == 1) {
syslog(LOG_INFO, "sso login: {$username}");
}
$ldap = new LDAP(LDAP_HOST, LDAP_HELPER_DN, LDAP_HELPER_PASSWORD);
if ($ldap->is_bind_ok()) {
$query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=user)(samaccountname=" . $username . "))", array());
if (isset($query->row['dn'])) {
$a = $query->row;
if (isset($a['mail']['count'])) {
$username = $a['mail'][0];
} else {
$username = $a['mail'];
}
$username = strtolower(preg_replace("/^smtp\\:/i", "", $username));
if ($username == '') {
syslog(LOG_INFO, "no email address found for " . $a['dn']);
return 0;
}
$query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=user)(proxyAddresses=smtp:{$username}))(&(objectClass=group)(member={$username}))(&(objectClass=group)(member=" . stripslashes($a['dn']) . ")))", array());
$emails = $this->get_email_array_from_ldap_attr($query->rows);
$extra_emails = $this->model_user_user->get_email_addresses_from_groups($emails);
$emails = array_merge($emails, $extra_emails);
if ($this->check_ldap_membership($ldap_auditor_member_dn, $query->rows) == 1) {
$role = 2;
}
if ($this->check_ldap_membership($ldap_admin_member_dn, $query->rows) == 1) {
$role = 1;
}
$this->add_session_vars($a['cn'], $username, $emails, $role);
$this->model_user_prefs->get_user_preferences($username);
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
return 1;
}
}
return 0;
}
public function query_remote_users($host)
{
$data = array();
LOGGER("running query_remote_users() ...");
$attrs = array("cn", "mail", "mailAlternateAddress", "memberdn", "memberaddr");
$mailAttr = 'mail';
$mailAttrs = array("mail", "mailalternateaddress");
$memberAttrs = array("memberdn");
$filter = "{$mailAttr}=*";
$ldap = new LDAP($host['ldap_host'], $host['ldap_binddn'], $host['ldap_bindpw']);
if ($ldap->is_bind_ok() == 0) {
LOGGER($host['ldap_binddn'] . ": failed bind to " . $host['ldap_host']);
return array();
}
LOGGER($host['ldap_binddn'] . ": successful bind to " . $host['ldap_host']);
LOGGER("LDAP type: " . $host['type']);
if ($host['type'] == "AD") {
$attrs = array("cn", "samaccountname", "proxyaddresses", "member", "mail", "displayname");
$mailAttr = "proxyaddresses";
$mailAttrs = array("mail", "proxyaddresses");
$memberAttrs = array("member");
$filter = "(&(objectClass=user)({$mailAttr}=*))";
}
$query = $ldap->query($host['ldap_basedn'], $filter, $attrs);
LOGGER("LDAP query: {$mailAttr}=* for basedn:" . $host['ldap_basedn']);
foreach ($query->rows as $result) {
$emails = "";
if (!isset($result['cn']) || !isset($result['dn'])) {
continue;
}
foreach ($mailAttrs as $__mail_attr) {
if (isset($result[$__mail_attr])) {
if (is_array($result[$__mail_attr])) {
for ($i = 0; $i < $result[$__mail_attr]['count']; $i++) {
LOGGER("found email entry: " . $result['dn'] . " => {$__mail_attr}:" . $result[$__mail_attr][$i]);
$emails .= strtolower(preg_replace("/^smtp\\:/i", "", $result[$__mail_attr][$i])) . "\n";
}
} else {
LOGGER("found email entry: " . $result['dn'] . " => {$__mail_attr}:" . $result[$__mail_attr]);
$emails .= strtolower(preg_replace("/smtp\\:/i", "", $result[$__mail_attr])) . "\n";
}
}
}
$__emails = explode("\n", $emails);
$members = "";
foreach ($memberAttrs as $__member_attr) {
if (isset($result[$__member_attr])) {
if (is_array($result[$__member_attr])) {
for ($i = 0; $i < $result[$__member_attr]['count']; $i++) {
LOGGER("found member entry: " . $result['dn'] . " => {$__member_attr}:" . $result[$__member_attr][$i]);
$members .= $result[$__member_attr][$i] . "\n";
}
} else {
LOGGER("found member entry: " . $result['dn'] . " => {$__member_attr}:" . $result[$__member_attr]);
$members .= $result[$__member_attr] . "\n";
}
}
}
$realname = '';
if ($host['type'] == "AD") {
$realname = $result['displayname'];
} else {
$realname = $result['cn'];
}
$data[] = array('username' => preg_replace("/\n{1,}\$/", "", $__emails[0]), 'realname' => $realname, 'dn' => $result['dn'], 'samaccountname' => isset($result['samaccountname']) ? $result['samaccountname'] : '', 'emails' => preg_replace("/\n{1,}\$/", "", $emails), 'members' => preg_replace("/\n{1,}\$/", "", $members));
}
LOGGER("found " . count($data) . " users");
return $data;
}
