function ldap_auth_user_list()
{
global $config, $ds;
ldap_init();
ldap_bind_dn();
$filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')';
print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]");
$search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
print_debug(ldap_error($ds));
$entries = ldap_get_entries($ds, $search);
if ($entries['count']) {
for ($i = 0; $i < $entries['count']; $i++) {
$username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0];
$realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0];
$user_id = ldap_internal_auth_user_id($entries[$i]);
$userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username;
print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]");
foreach ($config['auth_ldap_group'] as $ldap_group) {
$authorized = 0;
$compare = ldap_compare($ds, $ldap_group, $config['auth_ldap_groupmemberattr'], $userdn);
if ($compare === -1) {
print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
continue;
} elseif ($compare === FALSE) {
print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]");
} else {
// $$compare === TRUE
print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]");
$authorized = 1;
break;
}
// FIXME does not support nested groups
}
if (!isset($config['auth_ldap_group']) || $authorized) {
$userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id);
}
}
}
return $userlist;
}
/**
* Retrieve list of users with all details.
*
* @return array Rows of user data
*/
function ldap_auth_user_list($username = NULL)
{
global $config, $ds;
ldap_init();
ldap_bind_dn();
//$filter = '(objectClass=' . $config['auth_ldap_objectclass'] . ')';
$filter_params = array();
$filter_params[] = ldap_filter_create('objectClass', $config['auth_ldap_objectclass']);
if (!empty($username)) {
// Filter users by username
$filter_params[] = ldap_filter_create($config['auth_ldap_attr']['uid'], $username);
}
if (count($config['auth_ldap_group']) == 1) {
//$filter = '(&'.$filter.'(memberof='.$config['auth_ldap_group'][0].'))';
$filter_params[] = ldap_filter_create('memberOf', $config['auth_ldap_group'][0]);
} else {
if (count($config['auth_ldap_group']) > 1) {
$group_params = array();
foreach ($config['auth_ldap_group'] as $group) {
//$group_filter .= '(memberof='.$group.')';
$group_params[] = ldap_filter_create('memberOf', $group);
}
$filter_params[] = ldap_filter_combine($group_params, '|');
//$filter = '(&'.$filter.'(|'.$group_filter.'))';
}
}
$filter = ldap_filter_combine($filter_params);
print_debug("LDAP[UserList][Filter][{$filter}][" . trim($config['auth_ldap_suffix'], ', ') . "]");
$search = ldap_search($ds, trim($config['auth_ldap_suffix'], ', '), $filter);
print_debug(ldap_error($ds));
$entries = ldap_get_entries($ds, $search);
//print_vars($entries);
if ($entries['count']) {
for ($i = 0; $i < $entries['count']; $i++) {
$username = $entries[$i][strtolower($config['auth_ldap_attr']['uid'])][0];
$realname = $entries[$i][strtolower($config['auth_ldap_attr']['cn'])][0];
$user_id = ldap_internal_auth_user_id($entries[$i]);
$email = $entries[$i]['mail'][0];
$userdn = $config['auth_ldap_groupmembertype'] == 'fulldn' ? $entries[$i]['dn'] : $username;
print_debug("LDAP[UserList][Compare: " . implode('|', $config['auth_ldap_group']) . "][" . $config['auth_ldap_groupmemberattr'] . "][{$userdn}]");
foreach ($config['auth_ldap_group'] as $ldap_group) {
$authorized = 0;
$compare = ldap_search_user($ldap_group, $userdn);
if ($compare === -1) {
print_debug("LDAP[UserList][Compare LDAP error: " . ldap_error($ds) . "]");
continue;
} elseif ($compare === FALSE) {
print_debug("LDAP[UserList][Processing group: {$ldap_group}][Not matched]");
} else {
// $$compare === TRUE
print_debug("LDAP[UserList][Authorized: {$userdn} for group {$ldap_group}]");
$authorized = 1;
break;
}
}
if (!isset($config['auth_ldap_group']) || $authorized) {
$user_level = ldap_auth_user_level($username);
$userlist[] = array('username' => $username, 'realname' => $realname, 'user_id' => $user_id, 'level' => $user_level, 'email' => $email);
}
}
}
return $userlist;
}
