/**
* Return a list of members in a group
*
* @param string $group The group to query
* @param bool $recursive Recursively get group members
* @return array
*/
public function members($group, $recursive = NULL)
{
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
// Use the default option if they haven't set it
// Search the directory for the members of a group
$info = $this->info($group, array("member", "cn"));
$users = $info[0]["member"];
if (!is_array($users)) {
return false;
}
$userArray = array();
for ($i = 0; $i < $users["count"]; $i++) {
$filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
$fields = array("samaccountname", "distinguishedname", "objectClass");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
// not a person, look for a group
if ($entries['count'] == 0 && $recursive == true) {
$filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
$fields = array("samaccountname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (!isset($entries[0]['samaccountname'][0])) {
continue;
}
$subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
if (is_array($subUsers)) {
$userArray = array_merge($userArray, $subUsers);
$userArray = array_unique($userArray);
}
continue;
} else {
if ($entries['count'] == 0) {
continue;
}
}
if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
$userArray[] = $entries[0]['distinguishedname'][0];
} else {
if ($entries[0]['samaccountname'][0] !== NULL) {
$userArray[] = $entries[0]['samaccountname'][0];
}
}
}
return $userArray;
}
/**
* Returns a list of Storage Groups in Exchange for a given mail server
*
* @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
* @param array $attributes An array of the AD attributes you wish to return
* @param bool $recursive If enabled this will automatically query the databases within a storage group
* @return array
*/
public function storageGroups($exchangeServer, $attributes = array('cn', 'distinguishedname'), $recursive = NULL)
{
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($exchangeServer === NULL) {
return "Missing compulsory field [exchangeServer]";
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
$filter = '(&(objectCategory=msExchStorageGroup))';
$sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($recursive === true) {
for ($i = 0; $i < $entries['count']; $i++) {
$entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
}
}
return $entries;
}
/**
* Determine if a user is in a specific group
*
* @param string $username The username to query
* @param string $group The name of the group to check against
* @param bool $recursive Check groups recursively
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
{
if ($username === NULL) {
return false;
}
if ($group === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
// Use the default option if they haven't set it
// Get a list of the groups
$groups = $this->groups($username, $recursive, $isGUID);
// Return true if the specified group is in the group list
if (in_array($group, $groups)) {
return true;
}
return false;
}
/**
* Determine if a contact is a member of a group
*
* @param string $distinguisedName The full DN of a contact
* @param string $group The group name to query
* @param bool $recursive Recursively check groups
* @return bool
*/
public function inGroup($distinguisedName, $group, $recursive = NULL)
{
if ($distinguisedName === NULL) {
return false;
}
if ($group === NULL) {
return false;
}
if (!$this->adldap->getLdapBind()) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
// Get a list of the groups
$groups = $this->groups($distinguisedName, array("memberof"), $recursive);
// Return true if the specified group is in the group list
if (in_array($group, $groups)) {
return true;
}
return false;
}
/**
* Get the groups a computer is in
*
* @param string $computerName The name of the computer
* @param bool $recursive Whether to check recursively
* @return array
*/
public function groups($computerName, $recursive = NULL)
{
if ($computerName === NULL) {
return false;
}
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) {
return false;
}
//search the directory for their information
$info = @$this->info($computerName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
//presuming the entry returned is our guy (unique usernames)
if ($recursive === true) {
foreach ($groups as $id => $groupName) {
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
/**
* Returns a folder listing for a specific OU
* See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
*
* @param array $folderName An array to the OU you wish to list.
* If set to NULL will list the root, strongly recommended to set
* $recursive to false in that instance!
* @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
* @param bool $recursive Recursively search sub folders
* @param bool $type Specify a type of object to search for
* @return array
*/
public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL)
{
if ($recursive === NULL) {
$recursive = $this->adldap->getRecursiveGroups();
}
//use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) {
return false;
}
$filter = '(&';
if ($type !== NULL) {
switch ($type) {
case 'contact':
$filter .= '(objectClass=contact)';
break;
case 'computer':
$filter .= '(objectClass=computer)';
break;
case 'group':
$filter .= '(objectClass=group)';
break;
case 'folder':
$filter .= '(objectClass=organizationalUnit)';
break;
case 'container':
$filter .= '(objectClass=container)';
break;
case 'domain':
$filter .= '(objectClass=builtinDomain)';
break;
default:
$filter .= '(objectClass=user)';
break;
}
} else {
$filter .= '(objectClass=*)';
}
// If the folder name is null then we will search the root level of AD
// This requires us to not have an OU= part, just the base_dn
$searchOu = $this->adldap->getBaseDn();
if (is_array($folderName)) {
$ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
$filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
$searchOu = $ou . ',' . $this->adldap->getBaseDn();
} else {
$filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
}
if ($recursive === true) {
$sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (is_array($entries)) {
return $entries;
}
} else {
$sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (is_array($entries)) {
return $entries;
}
}
return false;
}
