public function retrieveByUsername($username)
{
$user = $this->adServer->user()->infoCollection($username);
if ($user !== false) {
$ldapUser = app('LaravelAuthLdap\\Contracts\\LdapUser');
$ldapUser->setUser($user);
return $ldapUser;
}
}
/**
* Change the default address
*
* @param string $username The username of the user to add the Exchange account to
* @param string $emailAddress The email address to make default
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function primaryAddress($username, $emailAddress, $isGUID = false)
{
if ($username === NULL) {
return "Missing compulsory field [username]";
}
if ($emailAddress === NULL) {
return "Missing compulsory fields [emailAddress]";
}
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn", "proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL) {
return false;
}
$userDn = $user[0]["dn"];
if (is_array($user[0]["proxyaddresses"])) {
$modAddresses = array();
for ($i = 0; $i < sizeof($user[0]['proxyaddresses']); $i++) {
if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
$user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
}
if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
$user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
}
if ($user[0]['proxyaddresses'][$i] != '') {
$modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
}
}
$result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
if ($result == false) {
return false;
}
return true;
}
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
*
* @return Illuminate\Auth\GenericUser|null
*/
public function retrieveByCredentials(array $credentials)
{
if (!($user = $credentials[$this->getUsernameField()])) {
throw new \InvalidArgumentException();
}
//recursive groups fix
if ($this->ad->getRecursiveGroups()) {
$info = $this->ad->user()->info($user, ['*']);
$groups = $this->ad->user()->groups($user);
$info[0]['memberof'] = $groups;
$info[0]['memberof']['count'] = count($groups);
$infoCollection = new \adLDAP\collections\adLDAPUserCollection($info, $this->ad);
} else {
$infoCollection = $this->ad->user()->infoCollection($user, ['*']);
}
if ($infoCollection) {
$ldapUserInfo = $this->setInfoArray($infoCollection);
if ($this->model) {
$query = $this->createModel()->newQuery();
foreach ($credentials as $k => $credential) {
if (!str_contains($k, 'password') && !str_contains($k, '_token')) {
$query->where($k, $credential);
}
}
if ($model = $query->first()) {
return $this->addLdapToModel($model, $ldapUserInfo);
}
}
return new LdapUser((array) $ldapUserInfo);
}
}
/**
* Get all users with their LDAP fields
*
* @return Collection
* @throws Exception
*/
public function getAllUsersWithFields()
{
//Get all users from LDAP
$users = $this->getAllUsers();
$collection = new Collection([]);
foreach ($users as $user) {
$info = $this->adldap->user()->info($user, $this->fields)[0];
//If there is no displayname its probably a local account
if (!isset($info['displayname'])) {
continue;
}
//Add it to the collection
$collection->push(new LdapUserObject($info, $this->fields));
}
return $collection;
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
* @return Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
if ($this->adldap->authenticate($credentials['username'], $credentials['password'])) {
$userInfo = $this->adldap->user()->info($credentials['username'], $this->fields)[0];
$userInfo['username'][0] = $credentials['username'];
return $this->createUser($userInfo);
}
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
* @return Illuminate\Auth\GenericUser|null
*/
public function retrieveByCredentials(array $credentials)
{
if (!($user = $credentials[$this->getUsernameField()])) {
throw new InvalidArgumentException();
}
$infoCollection = $this->ad->user()->infoCollection($user, array('*'));
if ($infoCollection) {
$ldapUserInfo = $this->setInfoArray($infoCollection);
if ($this->model) {
$query = $this->createModel()->newQuery();
foreach ($credentials as $k => $credential) {
if (!str_contains($k, 'password') && !str_contains($k, '_token')) {
$query->where($k, $credential);
}
}
if ($model = $query->first()) {
return $this->addLdapToModel($model, $ldapUserInfo);
}
}
return new LdapUser((array) $ldapUserInfo);
}
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
* @return Authenticatable|null
*/
public function retrieveByCredentials(array $credentials)
{
if ($this->adldap->authenticate($credentials['username'], $credentials['password'])) {
$userInfo = $this->adldap->user()->info($credentials['username'], array('*'))[0];
foreach ($userInfo as $key => $value) {
switch ($key) {
case "memberof":
$no_count = array();
for ($i = 0; $i < count($value) - 1; $i++) {
$group = array();
preg_match_all("/(.*?)(?=\\,)/", $value[$i], $group);
$the_group = substr($group[0][0], 3);
$no_count[$i] = $the_group;
}
$credentials[$key] = $no_count;
break;
default:
$credentials[$key] = $value[0];
break;
}
}
return new LdapUser($credentials);
}
}
/**
* Remove a user from a group
*
* @param string $group The group to remove a user from
* @param string $user The AD user to remove from the group
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function removeUser($group, $user, $isGUID = false)
{
// Find the parent dn
$groupInfo = $this->info($group, array("cn"));
if ($groupInfo[0]["dn"] === NULL) {
return false;
}
$groupDn = $groupInfo[0]["dn"];
// Find the users dn
$userDn = $this->adldap->user()->dn($user, $isGUID);
if ($userDn === false) {
return false;
}
$del = array();
$del["member"] = $userDn;
$result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
if ($result == false) {
return false;
}
return true;
}
/**
* Retrieve a user by the given credentials.
*
* @param array $credentials
*
* @return Illuminate\Auth\GenericUser|null
*/
public function retrieveByCredentials(array $credentials)
{
if (!($user = $credentials[$this->getUsernameField()])) {
throw new \InvalidArgumentException();
}
//recursive groups fix
if ($this->ad->getRecursiveGroups()) {
$info = $this->ad->user()->info($user, ['*']);
$groups = $this->ad->user()->groups($user);
$info[0]['memberof'] = $groups;
$info[0]['memberof']['count'] = count($groups);
$infoCollection = new \adLDAP\collections\adLDAPUserCollection($info, $this->ad);
} else {
$infoCollection = $this->ad->user()->info($user, ['*']);
}
if ($infoCollection != null) {
// $ldapUserInfo = $this->setInfoArray($infoCollection);
if ($this->model) {
$query = $this->createModel()->newQuery();
foreach ($credentials as $k => $credential) {
if (!str_contains($k, 'password') && !str_contains($k, '_token')) {
$query->where($k, $credential);
}
}
$ldapUserInfo = $this->ad->user()->info($user, ['*'])[0];
$userinfo = ['home_directory' => $ldapUserInfo["homedirectory"][0], 'password' => str_replace('{crypt}', '', $ldapUserInfo['userpassword'][0]), 'uid_number' => $ldapUserInfo['uidnumber'][0], 'uid' => $ldapUserInfo['uid'][0], 'gid' => $ldapUserInfo['gidnumber'][0]];
if ($model = $query->first()) {
\App\User::find($model->id)->update($userinfo);
return $model;
} else {
// If the student is registered on LDAP but isn't
// in our database
$user = \App\User::create($userinfo);
return $user;
}
}
}
}
/**
* Fetches the user data via adLDAP and stores it in the provided $user.
*
* @param AdUser|User $user
* @param TokenInterface $token
* @param adLDAP $adLdap
* @return bool
* @throws \Exception
*/
public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $userCollection */
$userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*'));
if ($userCollection) {
$user->setDisplayName($userCollection->displayName);
$user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid));
$user->setEmail($userCollection->mail);
$user->setPassword($token->getCredentials());
$roles = ['ROLE_USER'];
if (in_array($userCollection->mail, $this->config['admin_emails'], true)) {
$roles[] = 'ROLE_ADMIN';
}
$user->setRoles($roles);
$this->userService->saveLDAPUserData($user);
return true;
}
return false;
}
if (0) {
$attributes = array('group_name' => 'Test Group', 'description' => 'Just Testing', 'container' => array('Groups', 'A Container'));
$result = $adldap->group()->create($attributes);
var_dump($result);
}
// retrieve information about a group
if (0) {
// Raw data array returned
$result = $adldap->group()->info('Group Name');
var_dump($result);
}
// create a user account
if (0) {
$attributes = array('username' => 'freds', 'logon_name' => '*****@*****.**', 'firstname' => 'Fred', 'surname' => 'Smith', 'company' => 'My Company', 'department' => 'My Department', 'email' => '*****@*****.**', 'container' => array('Container Parent', 'Container Child'), 'enabled' => 1, 'password' => 'Password123');
try {
$result = $adldap->user()->create($attributes);
var_dump($result);
} catch (adLDAPException $e) {
echo $e;
exit;
}
}
// retrieve the group membership for a user
if (0) {
$result = $adldap->user()->groups('username');
print_r($result);
}
// retrieve information about a user
if (0) {
// Raw data array returned
$result = $adldap->user()->info('username');
/**
* Fetches the user data via adLDAP and stores it in the provided $user.
*
* @param AdUser|User $user
* @param TokenInterface $token
* @param adLDAP $adLdap
* @return bool
* @throws \Exception
*/
public function fetchData(AdUser $user, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($user->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('riper.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $userCollection */
$userCollection = $adLdap->user()->infoCollection($user->getUsername(), array('*'));
if ($userCollection) {
$groups = $adLdap->user()->groups($user->getUsername(), $this->recursiveGrouproles);
$sfRoles = array();
$sfRolesTemp = array();
foreach ($groups as $r) {
if (in_array($r, $sfRolesTemp) === false) {
$sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
$sfRolesTemp[] = $r;
}
}
$user->setRoles($sfRoles);
unset($sfRolesTemp);
$user->setDisplayName($userCollection->displayName);
$user->setUuid($adLdap->utilities()->decodeGuid($userCollection->objectguid));
$user->setEmail($userCollection->mail);
$user->setRoles(['ROLE_USER']);
$user->setPassword($token->getCredentials());
return true;
}
return false;
}
/**
* Validates the credentials against the configured LDAP/AD server.
* The credentials are passed in an array with the keys 'username'
* and 'password'.
*
* @param array $credentials The credentials to validate.
* @return boolean
*/
private function validateLDAPCredentials(array $credentials)
{
$credentialsValidated = false;
$adldap = false;
try {
$userPassword = $credentials['password'];
$userName = $credentials['username'];
$ldapConOp = $this->GetLDAPConnectionOptions();
// // Set LDAP debug log level - useful in DEV, dangerous in PROD!!
// ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
// Try to authenticate using AD/LDAP
$adldap = new adLDAP($ldapConOp);
$authUser = $adldap->user()->authenticate($userName, $userPassword);
// If the user got authenticated
if ($authUser == true) {
$credentialsValidated = true;
} else {
$this->handleLDAPError($adldap);
$credentialsValidated = false;
}
} catch (\Exception $ex) {
Log::error('Exception validating LDAP credential for user: '******', Exception message: ' . $ex->getMessage());
Log::error($ex->getTraceAsString());
$this->handleLDAPError($adldap);
$credentialsValidated = false;
}
if (isset($adldap)) {
$adldap->close();
unset($adldap);
}
return $credentialsValidated;
}
if (0) {
$attributes = array("group_name" => "Test Group", "description" => "Just Testing", "container" => array("Groups", "A Container"));
$result = $adldap->group()->create($attributes);
var_dump($result);
}
// retrieve information about a group
if (0) {
// Raw data array returned
$result = $adldap->group()->info("Group Name");
var_dump($result);
}
// create a user account
if (0) {
$attributes = array("username" => "freds", "logon_name" => "*****@*****.**", "firstname" => "Fred", "surname" => "Smith", "company" => "My Company", "department" => "My Department", "email" => "*****@*****.**", "container" => array("Container Parent", "Container Child"), "enabled" => 1, "password" => "Password123");
try {
$result = $adldap->user()->create($attributes);
var_dump($result);
} catch (adLDAPException $e) {
echo $e;
exit;
}
}
// retrieve the group membership for a user
if (0) {
$result = $adldap->user()->groups("username");
print_r($result);
}
// retrieve information about a user
if (0) {
// Raw data array returned
$result = $adldap->user()->info("username");
public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap)
{
$connected = $adLdap->connect();
$isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials());
if (!$isAD || !$connected) {
$msg = $this->translator->trans('ztec.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
throw new \Exception($msg);
}
/** @var adLDAPUserCollection $user */
$user = $adLdap->user()->infoCollection($adUser->getUsername());
//$userInfo = $adLdap->user_info($this->username);
if ($user) {
$groups = array();
//$allGroups = $adLdap->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP,true);
$groups = $adLdap->user()->groups($adUser->getUsername(), $this->recursiveGrouproles);
/*if ($this->recursiveGrouproles == true) {
// get recursive groups via adLdap
$groups = $adLdap->user()->groups($adUser->getUsername(), true);
} else {
foreach ($user->memberOf as $k => $group) {
if ($k !== 'count' && $group) {
$reg = '#CN=([^,]*)#';
preg_match_all($reg, $group, $out);
$groups[] = $out[1][0];
/* if(array_key_exists($out[1][0],$allGroups)){
$groups[$out[1][0]] = $allGroups[$out[1][0]];
}*/
/*}
}
}*/
/** End Fetching */
$sfRoles = array();
$sfRolesTemp = array();
foreach ($groups as $r) {
if (in_array($r, $sfRolesTemp) === false) {
$sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
$sfRolesTemp[] = $r;
}
}
$adUser->setRoles($sfRoles);
unset($sfRolesTemp);
$adUser->setDisplayName($user->displayName);
$adUser->setEmail($user->mail);
return true;
}
}
if (isset($_POST[$optName])) {
$options[$optName] = $_POST[$optName];
}
}
$options['domain_controllers'] = array_filter($options['domain_controllers']);
$adldap = false;
$exception = false;
if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) {
try {
$adldap = new adLDAP($options);
$options['base_dn'] = $adldap->getBaseDn();
$options['ad_port'] = $adldap->getPort();
} catch (adLDAPException $e) {
$exception = $e;
}
}
$username = !empty($_POST['username']) ? $_POST['username'] : '';
$info = false;
if ($adldap && !empty($username)) {
$password = $_POST['password'];
try {
$adldap->authenticate($username, $password);
$info = $adldap->user()->info($username, ['*']);
if (isset($info[0])) {
$info = $info[0];
}
} catch (\adLDAP\Exceptions\adLDAPException $e) {
$exception = $e;
}
}
require 'view.html.php';
