public function index() { $this->id = "content"; $this->template = "ldap/list.tpl"; $this->layout = "common/layout"; $request = Registry::get('request'); $db = Registry::get('db'); $lang = Registry::get('language'); $ldap = new LDAP($this->request->post['ldap_host'], $this->request->post['ldap_bind_dn'], $this->request->post['ldap_bind_pw']); if ($ldap->is_bind_ok()) { print "<span class=\"text-success\">" . $lang->data['text_connection_ok'] . "</span> "; $query = $ldap->query($this->request->post['ldap_base_dn'], "(mail=*)", array()); if ($query->num_rows < 1) { print "<span class=\"text-error\">" . $lang->data['text_not_found_any_email_address'] . "</span> "; } } else { print "<span class=\"text-error\">" . $lang->data['text_connection_failed'] . "</span> "; } }
public function get_accounts_in_domain($domain = '') { $ldap_type = ''; $ldap_host = LDAP_HOST; $ldap_base_dn = LDAP_BASE_DN; $ldap_helper_dn = LDAP_HELPER_DN; $ldap_helper_password = LDAP_HELPER_PASSWORD; if (ENABLE_SAAS == 1) { $a = $this->model_saas_ldap->get_ldap_params_by_email("aaa@" . $domain); if (count($a) >= 5) { $ldap_type = $a[0]; $ldap_host = $a[1]; $ldap_base_dn = $a[2]; $ldap_helper_dn = $a[3]; $ldap_helper_password = $a[4]; } } list($ldap_mail_attr, $ldap_account_objectclass, $ldap_distributionlist_attr, $ldap_distributionlist_objectclass) = get_ldap_attribute_names($ldap_type); if ($ldap_host == '' || $ldap_helper_password == '') { return array(); } $ldap = new LDAP($ldap_host, $ldap_helper_dn, $ldap_helper_password); if ($ldap->is_bind_ok()) { $query = $ldap->query($ldap_base_dn, "(&(objectClass={$ldap_account_objectclass})({$ldap_mail_attr}=*@{$domain}))", array($ldap_mail_attr)); if ($query->num_rows > 0) { asort($query->rows); return $query->rows; } } return array(); }
public function count_emails($s = '') { $count = 0; if (strlen($s) < 1) { return $count; } if (ENABLE_LDAP_AUTH == 1) { $ldap = new LDAP(LDAP_HOST, LDAP_HELPER_DN, LDAP_HELPER_PASSWORD); if ($ldap->is_bind_ok()) { $query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=" . LDAP_ACCOUNT_OBJECTCLASS . ")(" . LDAP_MAIL_ATTR . "=" . $s . "*))", array()); if (isset($query->rows)) { $count = $query->num_rows; } } } $query = $this->db->query("SELECT COUNT(*) AS num FROM `" . TABLE_EMAIL . "` WHERE email LIKE ?", array($s . "%")); $count += $query->row['num']; return $count; }
public function check_ntlm_auth() { $ldap_auditor_member_dn = LDAP_AUDITOR_MEMBER_DN; $ldap_admin_member_dn = LDAP_ADMIN_MEMBER_DN; $role = 0; if (!isset($_SERVER['REMOTE_USER']) || $_SERVER['REMOTE_USER'] == '') { return 0; } $u = explode("\\", $_SERVER['REMOTE_USER']); if (isset($u[1])) { $username = $u[1]; } else { $username = $_SERVER['REMOTE_USER']; } if (ENABLE_SYSLOG == 1) { syslog(LOG_INFO, "sso login: {$username}"); } $ldap = new LDAP(LDAP_HOST, LDAP_HELPER_DN, LDAP_HELPER_PASSWORD); if ($ldap->is_bind_ok()) { $query = $ldap->query(LDAP_BASE_DN, "(&(objectClass=user)(samaccountname=" . $username . "))", array()); if (isset($query->row['dn'])) { $a = $query->row; if (isset($a['mail']['count'])) { $username = $a['mail'][0]; } else { $username = $a['mail']; } $username = strtolower(preg_replace("/^smtp\\:/i", "", $username)); if ($username == '') { syslog(LOG_INFO, "no email address found for " . $a['dn']); return 0; } $query = $ldap->query(LDAP_BASE_DN, "(|(&(objectClass=user)(proxyAddresses=smtp:{$username}))(&(objectClass=group)(member={$username}))(&(objectClass=group)(member=" . stripslashes($a['dn']) . ")))", array()); $emails = $this->get_email_array_from_ldap_attr($query->rows); $extra_emails = $this->model_user_user->get_email_addresses_from_groups($emails); $emails = array_merge($emails, $extra_emails); if ($this->check_ldap_membership($ldap_auditor_member_dn, $query->rows) == 1) { $role = 2; } if ($this->check_ldap_membership($ldap_admin_member_dn, $query->rows) == 1) { $role = 1; } $this->add_session_vars($a['cn'], $username, $emails, $role); $this->model_user_prefs->get_user_preferences($username); AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP'); return 1; } } return 0; }
public function query_remote_users($host) { $data = array(); LOGGER("running query_remote_users() ..."); $attrs = array("cn", "mail", "mailAlternateAddress", "memberdn", "memberaddr"); $mailAttr = 'mail'; $mailAttrs = array("mail", "mailalternateaddress"); $memberAttrs = array("memberdn"); $filter = "{$mailAttr}=*"; $ldap = new LDAP($host['ldap_host'], $host['ldap_binddn'], $host['ldap_bindpw']); if ($ldap->is_bind_ok() == 0) { LOGGER($host['ldap_binddn'] . ": failed bind to " . $host['ldap_host']); return array(); } LOGGER($host['ldap_binddn'] . ": successful bind to " . $host['ldap_host']); LOGGER("LDAP type: " . $host['type']); if ($host['type'] == "AD") { $attrs = array("cn", "samaccountname", "proxyaddresses", "member", "mail", "displayname"); $mailAttr = "proxyaddresses"; $mailAttrs = array("mail", "proxyaddresses"); $memberAttrs = array("member"); $filter = "(&(objectClass=user)({$mailAttr}=*))"; } $query = $ldap->query($host['ldap_basedn'], $filter, $attrs); LOGGER("LDAP query: {$mailAttr}=* for basedn:" . $host['ldap_basedn']); foreach ($query->rows as $result) { $emails = ""; if (!isset($result['cn']) || !isset($result['dn'])) { continue; } foreach ($mailAttrs as $__mail_attr) { if (isset($result[$__mail_attr])) { if (is_array($result[$__mail_attr])) { for ($i = 0; $i < $result[$__mail_attr]['count']; $i++) { LOGGER("found email entry: " . $result['dn'] . " => {$__mail_attr}:" . $result[$__mail_attr][$i]); $emails .= strtolower(preg_replace("/^smtp\\:/i", "", $result[$__mail_attr][$i])) . "\n"; } } else { LOGGER("found email entry: " . $result['dn'] . " => {$__mail_attr}:" . $result[$__mail_attr]); $emails .= strtolower(preg_replace("/smtp\\:/i", "", $result[$__mail_attr])) . "\n"; } } } $__emails = explode("\n", $emails); $members = ""; foreach ($memberAttrs as $__member_attr) { if (isset($result[$__member_attr])) { if (is_array($result[$__member_attr])) { for ($i = 0; $i < $result[$__member_attr]['count']; $i++) { LOGGER("found member entry: " . $result['dn'] . " => {$__member_attr}:" . $result[$__member_attr][$i]); $members .= $result[$__member_attr][$i] . "\n"; } } else { LOGGER("found member entry: " . $result['dn'] . " => {$__member_attr}:" . $result[$__member_attr]); $members .= $result[$__member_attr] . "\n"; } } } $realname = ''; if ($host['type'] == "AD") { $realname = $result['displayname']; } else { $realname = $result['cn']; } $data[] = array('username' => preg_replace("/\n{1,}\$/", "", $__emails[0]), 'realname' => $realname, 'dn' => $result['dn'], 'samaccountname' => isset($result['samaccountname']) ? $result['samaccountname'] : '', 'emails' => preg_replace("/\n{1,}\$/", "", $emails), 'members' => preg_replace("/\n{1,}\$/", "", $members)); } LOGGER("found " . count($data) . " users"); return $data; }