/**
* Add a set of authentication credentials.
*
* @param string $accountName The user sAMAccountName to find.
* @param array $credentials The credentials to be set.
*
* @throws Horde_Auth_Exception
*/
public function addUser($accountName, $credentials)
{
/* Connect to the MSAD server. */
$this->_connect();
if (isset($credentials['ldap'])) {
$dn = $credentials['ldap']['dn'];
} else {
$basedn = isset($credentials['basedn']) ? $credentials['basedn'] : $this->_params['basedn'];
/* Set a default CN */
$dn = 'cn=' . $accountName . ',' . $basedn;
$entry['cn'] = $accountName;
$entry['samaccountname'] = $accountName;
$entry['objectclass'][0] = "top";
$entry['objectclass'][1] = "person";
$entry['objectclass'][2] = "organizationalPerson";
$entry['objectclass'][3] = "user";
$entry['description'] = isset($credentials['description']) ? $credentials['description'] : 'New horde user';
if ($this->_params['ssl']) {
$entry["AccountDisabled"] = false;
}
$entry['userPassword'] = Horde_Auth::getCryptedPassword($credentials['password'], '', $this->_params['encryption'], false);
if (isset($this->_params['binddn'])) {
$entry['manager'] = $this->_params['binddn'];
}
}
$success = @ldap_add($this->_ds, $dn, $entry);
if (!$success) {
throw new Horde_Auth_Exception(sprintf(__CLASS__ . ': Unable to add user "%s". This is what the server said: ', $accountName) . ldap_error($this->_ds));
}
@ldap_close($this->_ds);
}
function process()
{
print_r($this->input);
if (ldap_add($this->ds, $this->rdn, $this->input)) {
return true;
}
}
/**
* lastname (sn) is required for the "inetOrgPerson" schema
*/
public function add(Users_Model_User $user)
{
$dn = 'cn=' . $user->username . ',' . $this->_ldapConfig->baseDn;
$info = array('cn' => $user->username, 'givenName' => $user->firstname, 'sn' => $user->lastname, 'mail' => $user->email, 'userPassword' => $this->_hashPassword($user->password), 'objectclass' => 'inetOrgPerson');
if (!@ldap_add($this->_dp, $dn, $info) && ldap_error($this->_dp) != 'Success') {
throw new Exception('Could not add record to LDAP server: ' . ldap_error($this->_dp));
}
}
protected function prepareLDAPServer()
{
$this->nodes = array($this->createDn('ou=Node,') => array("objectClass" => "organizationalUnit", "ou" => "Node", "postalCode" => "1234"), $this->createDn('ou=Test1,ou=Node,') => array("objectClass" => "organizationalUnit", "ou" => "Test1"), $this->createDn('ou=Test2,ou=Node,') => array("objectClass" => "organizationalUnit", "ou" => "Test2"), $this->createDn('ou=Test1,') => array("objectClass" => "organizationalUnit", "ou" => "Test1", "l" => "e"), $this->createDn('ou=Test2,') => array("objectClass" => "organizationalUnit", "ou" => "Test2", "l" => "d"), $this->createDn('ou=Test3,') => array("objectClass" => "organizationalUnit", "ou" => "Test3", "l" => "c"), $this->createDn('ou=Test4,') => array("objectClass" => "organizationalUnit", "ou" => "Test4", "l" => "b"), $this->createDn('ou=Test5,') => array("objectClass" => "organizationalUnit", "ou" => "Test5", "l" => "a"));
$ldap = $this->ldap->getResource();
foreach ($this->nodes as $dn => $entry) {
ldap_add($ldap, $dn, $entry);
}
}
/**
* {@inheritdoc}
*/
public function add(Entry $entry)
{
$con = $this->connection->getResource();
if (!@ldap_add($con, $entry->getDn(), $entry->getAttributes())) {
throw new LdapException(sprintf('Could not add entry "%s": %s', $entry->getDn(), ldap_error($con)));
}
return $this;
}
function addGroup($ds, $info)
{
// On ajoute le nouveau groupe
$r = ldap_add($ds, "cn=" . $info['cn'] . ",ou=groups,dc=rBOX,dc=lan", $info);
// On affiche un message d'erreur si l'utilisateur n'a pas pu être ajouté
if (!$r) {
echo '<p class="center red">Le groupe n\'a pas pu être ajouté. Nous vous prions de nous excuser pour le désagrément.</p>';
exit;
}
}
public function create($attrs)
{
if (!isset($attrs['uid'])) {
return false;
}
$entry = array_merge(['objectclass' => $this->objectclass], $attrs);
try {
return ldap_add($this->ds, "dc=" . $attrs['uid'] . "," . $this->dn, $entry);
} catch (\Exception $e) {
return false;
}
}
function AssistedLDAPAdd($ldapc, $newdn, $in)
{
// Use these variables that are outside the function
global $app_theme;
// Add the new entry
$r_add = ldap_add($ldapc, $newdn, $in);
// Let's see if you could make it
if (!$r_add) {
echo '<div class="error">' . _("An error has ocurred trying to insert entries on the LDAP database: ") . ldap_error($ldapc) . '.<br /><br /><a href="javascript:history.back(1);">' . _("Back") . '</a></div>';
include "../themes/{$app_theme}/footer.php";
die;
}
return $r_add;
}
/**
* Create LDAP User
* @param $userDn
* @param $newUserInfo
* @return mixed
*/
public function ldapCreateUser($userDn, $newUserInfo)
{
// Initialiazing ldap connection
$ldapInitialisation = $this->ldapInit();
$issue = null;
if ($ldapInitialisation) {
// Creating user
ErrorHandler::start(E_WARNING);
$issue = ldap_add($this->ldapLinkIdentifier, $userDn, $newUserInfo);
ErrorHandler::stop();
// Closing ldap connection
ldap_close($this->ldapLinkIdentifier);
}
return $issue;
}
protected function setUp()
{
parent::setUp();
$this->_prepareLdapServer();
$this->_orgDn = $this->_createDn('ou=OrgTest,');
$this->_newDn = $this->_createDn('ou=NewTest,');
$this->_orgSubTreeDn = $this->_createDn('ou=OrgSubtree,');
$this->_newSubTreeDn = $this->_createDn('ou=NewSubtree,');
$this->_targetSubTreeDn = $this->_createDn('ou=Target,');
$this->_nodes = array($this->_orgDn => array("objectClass" => "organizationalUnit", "ou" => "OrgTest"), $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "OrgSubtree"), 'ou=Subtree1,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree1"), 'ou=Subtree11,ou=Subtree1,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree11"), 'ou=Subtree12,ou=Subtree1,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree12"), 'ou=Subtree13,ou=Subtree1,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree13"), 'ou=Subtree2,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree2"), 'ou=Subtree3,' . $this->_orgSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Subtree3"), $this->_targetSubTreeDn => array("objectClass" => "organizationalUnit", "ou" => "Target"));
$ldap = $this->_getLdap()->getResource();
foreach ($this->_nodes as $dn => $entry) {
ldap_add($ldap, $dn, $entry);
}
}
function addUser($ds, $info, $infoGroupes)
{
// On ajoute le nouvel utilisateur
$r = ldap_add($ds, "cn=" . $info["cn"] . ",ou=users,dc=rBOX,dc=lan", $info);
// On affiche un message d'erreur si l'utilisateur n'a pas pu être ajouté
if (!$r) {
echo '<p class="center red">L\'utilisateur n\'a pas pu être ajouté. Nous vous prions de nous excuser pour le désagrément.</p>';
exit;
}
$entry['memberUid'] = $info["cn"];
$res = add2Group($ds, $entry, $infoGroupes);
$res2 = add2OtherGroup($ds, $entry, $infoGroupes);
if (!$res or !$res2) {
return false;
}
return true;
}
public function saveNewUser($user)
{
if (!is_object($user) || !$user instanceof jAuthUserLDAP) {
throw new jException('jelix~auth.ldap.object.user.unknown');
}
if (!($user->login != '')) {
throw new jException('jelix~auth.ldap.user.login.unset');
}
$entries = $this->getAttributesLDAP($user);
$connect = $this->_bindLdapUser();
if ($connect === false) {
return false;
}
$result = ldap_add($connect, $this->_buildUserDn($user->login), $entries);
ldap_close($connect);
return $result;
}
public function saveNewUser($user)
{
if (!is_object($user) || !$user instanceof jAuthUserLDAP) {
throw new jException('jelix~auth.ldap.object.user.unknown');
}
if (!($user->login != '')) {
throw new jException('jelix~auth.ldap.user.login.unset');
}
$entries = $this->getAttributesLDAP($user);
$connect = $this->_getLinkId();
$result = false;
if ($connect) {
if (ldap_bind($connect, $this->_params['ldapUser'], $this->_params['ldapPassword'])) {
$result = ldap_add($connect, $this->_buildUserDn($user->login), $entries);
}
ldap_close($connect);
}
return $result;
}
public function saveNewUser($user)
{
if (!is_object($user) || !$user instanceof jAuthUserLDAP) {
throw new jException('jelix~auth.ldap.object.user.unknown');
}
if (!($user->login != '')) {
throw new jException('jelix~auth.ldap.user.login.unset');
}
$entries = $this->getAttributesLDAP($user);
$connect = ldap_connect($this->_params['hostname'], $this->_params['port']);
$result = false;
if ($connect) {
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
if (ldap_bind($connect, $this->_params['ldapUser'], $this->_params['ldapPassword'])) {
$result = ldap_add($connect, 'cn=' . $user->login . ',' . $this->_params['searchBaseDN'], $entries);
}
ldap_close($connect);
}
return $result;
}
function registerNewUser($username, $password, $firstname, $lastname, $email, $phone, $groups)
{
$info = array();
$info["uid"] = $username;
$info["userPassword"] = $password;
$info["givenName"] = $firstname;
$info["sn"] = $lastname;
$info["cn"] = $firstname . $lastname;
$info["mail"] = $email;
$info["telephoneNumber"] = $phone;
$info["objectClass"][0] = "top";
$info["objectClass"][1] = "person";
$info["objectClass"][2] = "organizationalPerson";
$info["objectClass"][3] = "inetorgperson";
$info["objectClass"][4] = "posixAccount";
$info["objectClass"][5] = "inetuser";
if (ldap_add($connection, $DN, $info) == false) {
return false;
}
foreach ($groups as $group) {
addUserToGroup($username, $group);
}
return true;
}
/**
* create ldap entry.
*
* @param array $attributes should follow the structure of ldap_add functions
* entry array: http://us.php.net/manual/en/function.ldap-add.php
$attributes["attribute1"] = "value";
$attributes["attribute2"][0] = "value1";
$attributes["attribute2"][1] = "value2";
* @return boolean result
*/
public function createLdapEntry($attributes, $dn = NULL)
{
if (!$this->connection) {
$this->connect();
$this->bind();
}
if (isset($attributes['dn'])) {
$dn = $attributes['dn'];
unset($attributes['dn']);
} elseif (!$dn) {
return FALSE;
}
$result = @ldap_add($this->connection, $dn, $attributes);
if (!$result) {
$error = "LDAP Server ldap_add(%dn) Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str ";
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
debug(t($error, $tokens));
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR);
}
return $result;
}
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
@ldap_add($link, "badDN dc=my-domain,dc=com", array("objectClass" => array("top", "dcObject", "organization"), "dc" => "my-domain", "o" => "my-domain"));
var_dump(ldap_errno($link));
?>
===DONE===
/**
* Create a user
*
* If you specify a password here, this can only be performed over SSL
*
* @param array $attributes The attributes to set to the user account
* @return bool
*/
public function create($attributes)
{
// Check for compulsory fields
if (!array_key_exists("username", $attributes)) {
return "Missing compulsory field [username]";
}
if (!array_key_exists("firstname", $attributes)) {
return "Missing compulsory field [firstname]";
}
if (!array_key_exists("surname", $attributes)) {
return "Missing compulsory field [surname]";
}
if (!array_key_exists("email", $attributes)) {
return "Missing compulsory field [email]";
}
if (!array_key_exists("container", $attributes)) {
return "Missing compulsory field [container]";
}
if (!is_array($attributes["container"])) {
return "Container attribute must be an array.";
}
if (array_key_exists("password", $attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())) {
throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
}
if (!array_key_exists("display_name", $attributes)) {
$attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
}
// Translate the schema
$add = $this->adldap->adldap_schema($attributes);
// Additional stuff only used for adding accounts
$add["cn"][0] = $attributes["display_name"];
$add["samaccountname"][0] = $attributes["username"];
$add["objectclass"][0] = "top";
$add["objectclass"][1] = "person";
$add["objectclass"][2] = "organizationalPerson";
$add["objectclass"][3] = "user";
//person?
//$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
// Set the account control attribute
$control_options = array("NORMAL_ACCOUNT");
if (!$attributes["enabled"]) {
$control_options[] = "ACCOUNTDISABLE";
}
$add["userAccountControl"][0] = $this->accountControl($control_options);
// Determine the container
$attributes["container"] = array_reverse($attributes["container"]);
$container = "OU=" . implode(", OU=", $attributes["container"]);
// Add the entry
$result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
$entry = array();
$entry['objectClass'] = array( 'top', 'person', 'organizationalPerson', 'inetOrgPerson', 'hCard' );
$entry['cn'] = array( 'Stephen Weber' ); // Common Name
$entry['sn'] = array( 'Weber' ); // Surname/Family Name
$entry['gn'] = array( 'Stephen' ); // Given Name
$entry['displayName'] = array( 'singpolyma' ); // Nickname
// $entry['title'] = array( '' ); // Job role
$entry['mail'] = array( '*****@*****.**' ); // Email
$entry['labeledURI'] = array( 'http://singpolyma.net' );
$entry['mobile'] = array( '+16503957464' ); // Mobile number
// $entry['telephoneNumber'] = array( '+14156916235' ); // Phone number
// $entry['postalAddress'] = array( '1408 California St, #301
// San Francisco, CA' ); // Mailing address, preformatted (homePostalAddress)
// $entry['postalCode'] = array( '94109' ); // ZIP
if ( !ldap_add( $ldap, $dn, $entry ) ) {
echo ldap_error( $ldap );
} else {
echo 'Successfully added entry';
}
ldap_close( $ldap );
}
/*
Add these from hCard/vCard
additionalName
personalTitle
honorificSuffix
bday
tz
public function test_enrol_ldap()
{
global $CFG, $DB;
if (!extension_loaded('ldap')) {
$this->markTestSkipped('LDAP extension is not loaded.');
}
$this->resetAfterTest();
require_once $CFG->dirroot . '/enrol/ldap/lib.php';
require_once $CFG->libdir . '/ldaplib.php';
if (!defined('TEST_ENROL_LDAP_HOST_URL') or !defined('TEST_ENROL_LDAP_BIND_DN') or !defined('TEST_ENROL_LDAP_BIND_PW') or !defined('TEST_ENROL_LDAP_DOMAIN')) {
$this->markTestSkipped('External LDAP test server not configured.');
}
// Make sure we can connect the server.
$debuginfo = '';
if (!($connection = ldap_connect_moodle(TEST_ENROL_LDAP_HOST_URL, 3, 'rfc2307', TEST_ENROL_LDAP_BIND_DN, TEST_ENROL_LDAP_BIND_PW, LDAP_DEREF_NEVER, $debuginfo, false))) {
$this->markTestSkipped('Can not connect to LDAP test server: ' . $debuginfo);
}
$this->enable_plugin();
// Create new empty test container.
$topdn = 'dc=moodletest,' . TEST_ENROL_LDAP_DOMAIN;
$this->recursive_delete($connection, TEST_ENROL_LDAP_DOMAIN, 'dc=moodletest');
$o = array();
$o['objectClass'] = array('dcObject', 'organizationalUnit');
$o['dc'] = 'moodletest';
$o['ou'] = 'MOODLETEST';
if (!ldap_add($connection, 'dc=moodletest,' . TEST_ENROL_LDAP_DOMAIN, $o)) {
$this->markTestSkipped('Can not create test LDAP container.');
}
// Configure enrol plugin.
/** @var enrol_ldap_plugin $enrol */
$enrol = enrol_get_plugin('ldap');
$enrol->set_config('host_url', TEST_ENROL_LDAP_HOST_URL);
$enrol->set_config('start_tls', 0);
$enrol->set_config('ldap_version', 3);
$enrol->set_config('ldapencoding', 'utf-8');
$enrol->set_config('page_size', '2');
$enrol->set_config('bind_dn', TEST_ENROL_LDAP_BIND_DN);
$enrol->set_config('bind_pw', TEST_ENROL_LDAP_BIND_PW);
$enrol->set_config('course_search_sub', 0);
$enrol->set_config('memberattribute_isdn', 0);
$enrol->set_config('user_contexts', '');
$enrol->set_config('user_search_sub', 0);
$enrol->set_config('user_type', 'rfc2307');
$enrol->set_config('opt_deref', LDAP_DEREF_NEVER);
$enrol->set_config('objectclass', '(objectClass=posixGroup)');
$enrol->set_config('course_idnumber', 'cn');
$enrol->set_config('course_shortname', 'cn');
$enrol->set_config('course_fullname', 'cn');
$enrol->set_config('course_summary', '');
$enrol->set_config('ignorehiddencourses', 0);
$enrol->set_config('nested_groups', 0);
$enrol->set_config('autocreate', 0);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$roles = get_all_roles();
foreach ($roles as $role) {
$enrol->set_config('contexts_role' . $role->id, '');
$enrol->set_config('memberattribute_role' . $role->id, '');
}
// Create group for teacher enrolments.
$teacherrole = $DB->get_record('role', array('shortname' => 'teacher'));
$this->assertNotEmpty($teacherrole);
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'teachers';
ldap_add($connection, 'ou=teachers,' . $topdn, $o);
$enrol->set_config('contexts_role' . $teacherrole->id, 'ou=teachers,' . $topdn);
$enrol->set_config('memberattribute_role' . $teacherrole->id, 'memberuid');
// Create group for student enrolments.
$studentrole = $DB->get_record('role', array('shortname' => 'student'));
$this->assertNotEmpty($studentrole);
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'students';
ldap_add($connection, 'ou=students,' . $topdn, $o);
$enrol->set_config('contexts_role' . $studentrole->id, 'ou=students,' . $topdn);
$enrol->set_config('memberattribute_role' . $studentrole->id, 'memberuid');
// Create some users and courses.
$user1 = $this->getDataGenerator()->create_user(array('idnumber' => 'user1', 'username' => 'user1'));
$user2 = $this->getDataGenerator()->create_user(array('idnumber' => 'user2', 'username' => 'user2'));
$user3 = $this->getDataGenerator()->create_user(array('idnumber' => 'user3', 'username' => 'user3'));
$user4 = $this->getDataGenerator()->create_user(array('idnumber' => 'user4', 'username' => 'user4'));
$user5 = $this->getDataGenerator()->create_user(array('idnumber' => 'user5', 'username' => 'user5'));
$user6 = $this->getDataGenerator()->create_user(array('idnumber' => 'user6', 'username' => 'user6'));
$course1 = $this->getDataGenerator()->create_course(array('idnumber' => 'course1', 'shortname' => 'course1'));
$course2 = $this->getDataGenerator()->create_course(array('idnumber' => 'course2', 'shortname' => 'course2'));
$course3 = $this->getDataGenerator()->create_course(array('idnumber' => 'course3', 'shortname' => 'course3'));
// Set up some ldap data.
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3', 'userx');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '2';
$o['memberUid'] = array('user5');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=teachers,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course2';
$o['gidNumber'] = '3';
$o['memberUid'] = array('user1', 'user2', 'user3', 'user4');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course4';
$o['gidNumber'] = '4';
$o['memberUid'] = array('user1', 'user2');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course4';
$o['gidNumber'] = '5';
$o['memberUid'] = array('user5', 'user6');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=teachers,' . $topdn, $o);
// Test simple test without creation.
$this->assertEquals(0, $DB->count_records('user_enrolments'));
$this->assertEquals(0, $DB->count_records('role_assignments'));
$this->assertEquals(4, $DB->count_records('course'));
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(8, $DB->count_records('user_enrolments'));
$this->assertEquals(8, $DB->count_records('role_assignments'));
$this->assertEquals(4, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user5->id, $teacherrole->id);
$this->assertIsEnrolled($course2->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user3->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user4->id, $studentrole->id);
// Test course creation.
$enrol->set_config('autocreate', 1);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$course4 = $DB->get_record('course', array('idnumber' => 'course4'), '*', MUST_EXIST);
$this->assertIsEnrolled($course4->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course4->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course4->id, $user5->id, $teacherrole->id);
$this->assertIsEnrolled($course4->id, $user6->id, $teacherrole->id);
// Test unenrolment.
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPEND);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPENDNOROLES);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, 0, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user2->id, 0, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user3->id, 0, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_UNENROL);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(9, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsNotEnrolled($course1->id, $user1->id);
$this->assertIsNotEnrolled($course1->id, $user2->id);
$this->assertIsNotEnrolled($course1->id, $user3->id);
// Individual user enrolments-
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPEND);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPENDNOROLES);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, 0, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_UNENROL);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(9, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsNotEnrolled($course1->id, $user1->id);
$this->recursive_delete($connection, TEST_ENROL_LDAP_DOMAIN, 'dc=moodletest');
ldap_close($connection);
// NOTE: multiple roles in one course is not supported, sorry
}
/**
* Add new information to the LDAP repository
*
* @param string|Dn $dn
* @param array $entry
* @return Ldap Provides a fluid interface
* @throws Exception\LdapException
*/
public function add($dn, array $entry)
{
if (!$dn instanceof Dn) {
$dn = Dn::factory($dn, null);
}
self::prepareLdapEntryArray($entry);
foreach ($entry as $key => $value) {
if (is_array($value) && count($value) === 0) {
unset($entry[$key]);
}
}
$rdnParts = $dn->getRdn(Dn::ATTR_CASEFOLD_LOWER);
foreach ($rdnParts as $key => $value) {
$value = Dn::unescapeValue($value);
if (!array_key_exists($key, $entry)) {
$entry[$key] = array($value);
} elseif (!in_array($value, $entry[$key])) {
$entry[$key] = array_merge(array($value), $entry[$key]);
}
}
$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory', 'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
foreach ($adAttributes as $attr) {
if (array_key_exists($attr, $entry)) {
unset($entry[$attr]);
}
}
ErrorHandler::start(E_WARNING);
$isAdded = ldap_add($this->getResource(), $dn->toString(), $entry);
ErrorHandler::stop();
if ($isAdded === false) {
throw new Exception\LdapException($this, 'adding: ' . $dn->toString());
}
return $this;
}
/**
* Add new information to the LDAP repository
*
* @param string|Zend_Ldap_Dn $dn
* @param array $entry
* @return Zend_Ldap Provides a fluid interface
* @throws Zend_Ldap_Exception
*/
public function add($dn, array $entry)
{
if (!$dn instanceof Zend_Ldap_Dn) {
$dn = Zend_Ldap_Dn::factory($dn, null);
}
self::prepareLdapEntryArray($entry);
foreach ($entry as $key => $value) {
if (is_array($value) && count($value) === 0) {
unset($entry[$key]);
}
}
$rdnParts = $dn->getRdn(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
foreach ($rdnParts as $key => $value) {
$value = Zend_Ldap_Dn::unescapeValue($value);
if (!array_key_exists($key, $entry)) {
$entry[$key] = array($value);
} else {
if (!in_array($value, $entry[$key])) {
$entry[$key] = array_merge(array($value), $entry[$key]);
}
}
}
$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory', 'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
foreach ($adAttributes as $attr) {
if (array_key_exists($attr, $entry)) {
unset($entry[$attr]);
}
}
$isAdded = @ldap_add($this->getResource(), $dn->toString(), $entry);
if ($isAdded === false) {
/**
* @see Zend_Ldap_Exception
*/
#require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception($this, 'adding: ' . $dn->toString());
}
return $this;
}
public static function add($user)
{
// create LDAP Connection
//
$ldapConnectionConfig = Config::get('ldap.connections.' . App::environment());
$ldapHost = $ldapConnectionConfig['host'];
$ldapPort = $ldapConnectionConfig['port'];
$ldapConnection = ldap_connect($ldapHost, $ldapPort);
if ($ldapConnection) {
// query LDAP for user info
//
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapUser = $ldapConnectionConfig['users']['web_user'];
$ldapbind = ldap_bind($ldapConnection, $ldapUser['user'], $ldapUser['password']);
$dn = 'swampUuid=' . $user->user_uid . ',ou=people,o=SWAMP,dc=cosalab,dc=org';
$entry = self::newUserToEntry($user);
// set object class
//
$entry['objectclass'][0] = "top";
$entry['objectclass'][1] = "person";
$entry['objectclass'][2] = "organizationalPerson";
$entry['objectclass'][3] = "inetOrgPerson";
$entry['objectclass'][4] = "eduPerson";
$entry['objectclass'][5] = "swampEntity";
// add new object
//
$response = ldap_add($ldapConnection, $dn, $entry);
// close LDAP connection
//
ldap_close($ldapConnection);
return $user;
}
}
}
$ouName = 'SpecialGroups';
$ouDN = 'ou=' . $ouName . ',' . $bdn;
//creates an OU
if (true) {
$entry = [];
$entry['objectclass'][] = 'top';
$entry['objectclass'][] = 'organizationalunit';
$entry['ou'] = $ouName;
$b = ldap_add($cr, $ouDN, $entry);
if (!$b) {
die(ldap_error($cr));
}
}
$groups = ['SquareGroup', 'CircleGroup', 'TriangleGroup', 'SquaredCircleGroup'];
// groupOfNames requires groups to have at least one member
// the member used is created by createExplicitUsers.php script
$omniMember = 'uid=alice,ou=Users,' . $bdn;
foreach ($groups as $cn) {
$newDN = 'cn=' . $cn . ',' . $ouDN;
$entry = [];
$entry['cn'] = $cn;
$entry['objectclass'][] = 'groupOfNames';
$entry['member'][] = $omniMember;
$ok = ldap_add($cr, $newDN, $entry);
if ($ok) {
echo 'created group ' . ': ' . $entry['cn'] . PHP_EOL;
} else {
die(ldap_error($cr));
}
}
private function evilObjectCreator($id, $expire)
{
$connection = ldap_connect($this->config['url']);
ldap_set_option($connection, LDAP_OPT_DEREF, $this->config['deref']);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($connection, $this->config['username'], $this->config['password']);
ldap_add($connection, "cn={$id},{$this->config['base']}", array('jsonString' => array(json_encode('dummy')), 'expireTime' => array(strval($expire)), 'objectClass' => array('jsonObject')));
ldap_close($connection);
}
/**
* @return bool
*/
public function Add($sNewDn, $aEntry)
{
CApi::Log('ldap_add = ' . ((empty($sNewDn) ? '' : $sNewDn . ',') . $this->sSearchDN));
CApi::LogObject($aEntry);
$bResult = !!@ldap_add($this->rLink, (empty($sNewDn) ? '' : $sNewDn . ',') . $this->sSearchDN, $aEntry);
$this->validateLdapErrorOnFalse($bResult);
return $bResult;
}
public function set($key, $val)
{
ldap_add($this->bind, $key, $val);
}
/**
* Create a new DN
*
* @param string $dn The DN where you want to put the object
* @param array $entries An array of arrays describing the object to add
*
* @return boolean Result of operation
*
* @since 12.1
*/
public function create($dn, array $entries)
{
return @ldap_add($this->_resource, $dn, $entries);
}
public function addEntry($dn, $entry)
{
$status = ldap_add($this->conn, $dn, $entry);
if (!$status) {
throw new Exception(ldap_error($this->conn));
}
return $status;
}
/**
* Set the person details.
* @param string $username
* @param array $details
* @param boolean $create
*/
protected function setPerson($username, $password, $details, $create)
{
if (!$this->options['can_edit_user_detatils']) {
return false;
}
if (!$username || !($ldap = $this->getConnection())) {
return false;
}
$p_details = array();
foreach ($details as $detail => $value) {
if ($value === null) {
continue;
}
if (!array_key_exists($detail, $this->options['p_details'])) {
continue;
}
if ($create && (is_string($value) && strlen($value) == 0)) {
$value = array();
#want to know why am i doing this?
#see: http://www.php.net/manual/en/function.ldap-modify.php#43216
#and: http://www.php.net/manual/en/function.ldap-modify.php#38092
}
$p_details[$this->options['p_details'][$detail]] = $value;
}
if ($password) {
$p_details[$this->options['password_field']] = $this->encryptPassword($password);
}
$dn = $this->getPeopleQry($username);
if ($create) {
$p_details['objectClass'] = $this->options['person_objectClass'];
$p_details['uid'] = $username;
if (!@ldap_add($ldap, $dn, $p_details)) {
I2CE::raiseError("Could not create user {$username} with details at: " . $dn);
return false;
}
} else {
if (!@ldap_modify($ldap, $dn, $p_details)) {
I2CE::raiseError("Could not modify user {$username} with details at: " . $dn);
return false;
}
}
return true;
}
