/** * Retrieve a user by the given credentials. * * @param array $credentials * @return Illuminate\Auth\GenericUser|null */ public function retrieveByCredentials(array $credentials) { if (!($user = $credentials[$this->getUsernameField()])) { throw new InvalidArgumentException(); } //recursive groups fix if ($this->ad->getRecursiveGroups()) { $info = $this->ad->user()->info($user, ['*']); $groups = $this->ad->user()->groups($user); $info[0]['memberof'] = $groups; $info[0]['memberof']['count'] = count($groups); $infoCollection = new \adLDAP\collections\adLDAPUserCollection($info, $this->ad); } else { $infoCollection = $this->ad->user()->infoCollection($user, ['*']); } if ($infoCollection) { $ldapUserInfo = $this->setInfoArray($infoCollection); if ($this->model) { $query = $this->createModel()->newQuery(); foreach ($credentials as $k => $credential) { if (!str_contains($k, 'password') && !str_contains($k, '_token')) { $query->where($k, $credential); } } if ($model = $query->first()) { return $this->addLdapToModel($model, $ldapUserInfo); } } $model = $this->createModel(); return $model->fill((array) $ldapUserInfo); } }
/** * Return a list of members in a group * * @param string $group The group to query * @param bool $recursive Recursively get group members * @return array */ public function members($group, $recursive = NULL) { if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it // Search the directory for the members of a group $info = $this->info($group, array("member", "cn")); if (isset($info[0]["member"])) { $users = $info[0]["member"]; if (!is_array($users)) { return false; } } else { return false; } $userArray = array(); for ($i = 0; $i < $users["count"]; $i++) { $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; $fields = array("samaccountname", "distinguishedname", "objectClass"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); // not a person, look for a group if ($entries['count'] == 0 && $recursive == true) { $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; $fields = array("samaccountname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (!isset($entries[0]['samaccountname'][0])) { continue; } $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive); if (is_array($subUsers)) { $userArray = array_merge($userArray, $subUsers); $userArray = array_unique($userArray); } continue; } else { if ($entries['count'] == 0) { continue; } } if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) { $userArray[] = $entries[0]['distinguishedname'][0]; } else { if ($entries[0]['samaccountname'][0] !== NULL) { $userArray[] = $entries[0]['samaccountname'][0]; } } } return $userArray; }
/** * Returns a list of Storage Groups in Exchange for a given mail server * * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server * @param array $attributes An array of the AD attributes you wish to return * @param bool $recursive If enabled this will automatically query the databases within a storage group * @return array */ public function storageGroups($exchangeServer, $attributes = array('cn', 'distinguishedname'), $recursive = NULL) { if (!$this->adldap->getLdapBind()) { return false; } if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } $filter = '(&(objectCategory=msExchStorageGroup))'; $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if ($recursive === true) { for ($i = 0; $i < $entries['count']; $i++) { $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]); } } return $entries; }
/** * Return list of groups (except domain and suffix). * * @param array $groups * * @return array */ protected function getAllGroups($groups) { $grps = ''; if (is_null($groups)) { return $grps; } if ($this->ad->getRecursiveGroups()) { return array_combine($groups, $groups); } if (!is_array($groups)) { $groups = explode(',', $groups); } foreach ($groups as $k => $group) { $splitGroups = explode(',', $group); foreach ($splitGroups as $splitGroup) { if (substr($splitGroup, 0, 3) == 'CN=') { $grps[substr($splitGroup, '3')] = substr($splitGroup, '3'); } } } return $grps; }
/** * Determine if a contact is a member of a group * * @param string $distinguishedName The full DN of a contact * @param string $group The group name to query * @param null $recursive Recursively check groups * @return bool */ public function inGroup($distinguishedName, $group, $recursive = NULL) { if ($distinguishedName === NULL) { return false; } if ($group === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it // Get a list of the groups $groups = $this->groups($distinguishedName, array("memberof"), $recursive); // Return true if the specified group is in the group list if (in_array($group, $groups)) { return true; } return false; }
/** * Determine if a user is in a specific group * * @param string $username The username to query * @param string $group The name of the group to check against * @param bool $recursive Check groups recursively * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function inGroup($username, $group, $recursive = NULL, $isGUID = false) { if ($username === NULL) { return false; } if ($group === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it // Get a list of the groups $groups = $this->groups($username, $recursive, $isGUID); // Return true if the specified group is in the group list if (in_array($group, $groups)) { return true; } return false; }
/** * Get the groups a computer is in * * @param string $computerName The name of the computer * @param null $recursive Whether to check recursively * @return array|bool */ public function groups($computerName, $recursive = NULL) { if ($computerName === NULL) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } //search the directory for their information $info = @$this->info($computerName, array("memberof", "primarygroupid")); $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames) if ($recursive === true) { foreach ($groups as $id => $groupName) { $extraGroups = $this->adldap->group()->recursiveGroups($groupName); $groups = array_merge($groups, $extraGroups); } } return $groups; }
/** * Returns a folder listing for a specific OU * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions * * @param array $folderName An array to the OU you wish to list. * If set to NULL will list the root, strongly recommended to set * $recursive to false in that instance! * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER. * @param bool $recursive Recursively search sub folders * @param bool $type Specify a type of object to search for * @return array */ public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) { if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } $filter = '(&'; if ($type !== NULL) { switch ($type) { case 'contact': $filter .= '(objectClass=contact)'; break; case 'computer': $filter .= '(objectClass=computer)'; break; case 'group': $filter .= '(objectClass=group)'; break; case 'folder': $filter .= '(objectClass=organizationalUnit)'; break; case 'container': $filter .= '(objectClass=container)'; break; case 'domain': $filter .= '(objectClass=builtinDomain)'; break; default: $filter .= '(objectClass=user)'; break; } } else { $filter .= '(objectClass=*)'; } // If the folder name is null then we will search the root level of AD // This requires us to not have an OU= part, just the base_dn $searchOu = $this->adldap->getBaseDn(); if (is_array($folderName)) { $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName); $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))'; $searchOu = $ou . ',' . $this->adldap->getBaseDn(); } else { $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))'; } if ($recursive === true) { $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (is_array($entries)) { return $entries; } } else { $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (is_array($entries)) { return $entries; } } return false; }