/** * Return a list of members in a group * * @param string $group The group to query * @param bool $recursive Recursively get group members * @return array */ public function members($group, $recursive = NULL) { if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it // Search the directory for the members of a group $info = $this->info($group, array("member", "cn")); $users = $info[0]["member"]; if (!is_array($users)) { return false; } $userArray = array(); for ($i = 0; $i < $users["count"]; $i++) { $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; $fields = array("samaccountname", "distinguishedname", "objectClass"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); // not a person, look for a group if ($entries['count'] == 0 && $recursive == true) { $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; $fields = array("samaccountname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (!isset($entries[0]['samaccountname'][0])) { continue; } $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive); if (is_array($subUsers)) { $userArray = array_merge($userArray, $subUsers); $userArray = array_unique($userArray); } continue; } else { if ($entries['count'] == 0) { continue; } } if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) { $userArray[] = $entries[0]['distinguishedname'][0]; } else { if ($entries[0]['samaccountname'][0] !== NULL) { $userArray[] = $entries[0]['samaccountname'][0]; } } } return $userArray; }
/** * Returns a list of Storage Groups in Exchange for a given mail server * * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server * @param array $attributes An array of the AD attributes you wish to return * @param bool $recursive If enabled this will automatically query the databases within a storage group * @return array */ public function storageGroups($exchangeServer, $attributes = array('cn', 'distinguishedname'), $recursive = NULL) { if (!$this->adldap->getLdapBind()) { return false; } if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } $filter = '(&(objectCategory=msExchStorageGroup))'; $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if ($recursive === true) { for ($i = 0; $i < $entries['count']; $i++) { $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]); } } return $entries; }
/** * Determine if a user is in a specific group * * @param string $username The username to query * @param string $group The name of the group to check against * @param bool $recursive Check groups recursively * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function inGroup($username, $group, $recursive = NULL, $isGUID = false) { if ($username === NULL) { return false; } if ($group === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it // Get a list of the groups $groups = $this->groups($username, $recursive, $isGUID); // Return true if the specified group is in the group list if (in_array($group, $groups)) { return true; } return false; }
/** * Determine if a contact is a member of a group * * @param string $distinguisedName The full DN of a contact * @param string $group The group name to query * @param bool $recursive Recursively check groups * @return bool */ public function inGroup($distinguisedName, $group, $recursive = NULL) { if ($distinguisedName === NULL) { return false; } if ($group === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it // Get a list of the groups $groups = $this->groups($distinguisedName, array("memberof"), $recursive); // Return true if the specified group is in the group list if (in_array($group, $groups)) { return true; } return false; }
/** * Get the groups a computer is in * * @param string $computerName The name of the computer * @param bool $recursive Whether to check recursively * @return array */ public function groups($computerName, $recursive = NULL) { if ($computerName === NULL) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } //search the directory for their information $info = @$this->info($computerName, array("memberof", "primarygroupid")); $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames) if ($recursive === true) { foreach ($groups as $id => $groupName) { $extraGroups = $this->adldap->group()->recursiveGroups($groupName); $groups = array_merge($groups, $extraGroups); } } return $groups; }
/** * Returns a folder listing for a specific OU * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions * * @param array $folderName An array to the OU you wish to list. * If set to NULL will list the root, strongly recommended to set * $recursive to false in that instance! * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER. * @param bool $recursive Recursively search sub folders * @param bool $type Specify a type of object to search for * @return array */ public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) { if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } $filter = '(&'; if ($type !== NULL) { switch ($type) { case 'contact': $filter .= '(objectClass=contact)'; break; case 'computer': $filter .= '(objectClass=computer)'; break; case 'group': $filter .= '(objectClass=group)'; break; case 'folder': $filter .= '(objectClass=organizationalUnit)'; break; case 'container': $filter .= '(objectClass=container)'; break; case 'domain': $filter .= '(objectClass=builtinDomain)'; break; default: $filter .= '(objectClass=user)'; break; } } else { $filter .= '(objectClass=*)'; } // If the folder name is null then we will search the root level of AD // This requires us to not have an OU= part, just the base_dn $searchOu = $this->adldap->getBaseDn(); if (is_array($folderName)) { $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName); $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))'; $searchOu = $ou . ',' . $this->adldap->getBaseDn(); } else { $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))'; } if ($recursive === true) { $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (is_array($entries)) { return $entries; } } else { $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (is_array($entries)) { return $entries; } } return false; }