public function testChangePasswordWithUserAccountActiveDirectory()
{
if ($this->_getLdap()->getRootDse()->getServerType() !== Zend_Ldap_Node_RootDse::SERVER_TYPE_ACTIVEDIRECTORY) {
$this->markTestSkipped('Test can only be run on an ActiveDirectory server');
}
$options = $this->_getLdap()->getOptions();
if ($options['useSsl'] !== true && $options['useStartTls'] !== true) {
$this->markTestSkipped('Test can only be run on an SSL or TLS secured connection');
}
$dn = $this->_createDn('cn=New User,');
$data = array();
$password = '******';
Zend_Ldap_Attribute::setAttribute($data, 'cn', 'New User', false);
Zend_Ldap_Attribute::setAttribute($data, 'displayName', 'New User', false);
Zend_Ldap_Attribute::setAttribute($data, 'sAMAccountName', 'newuser', false);
Zend_Ldap_Attribute::setAttribute($data, 'userAccountControl', 512, false);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'person', true);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'organizationalPerson', true);
Zend_Ldap_Attribute::setAttribute($data, 'objectClass', 'user', true);
Zend_Ldap_Attribute::setPassword($data, $password, Zend_Ldap_Attribute::PASSWORD_UNICODEPWD, 'unicodePwd');
try {
$this->_getLdap()->add($dn, $data);
$this->_getLdap()->bind($dn, $password);
$newPasswd = 'newpasswd';
$newData = array();
Zend_Ldap_Attribute::setPassword($newData, $newPasswd, Zend_Ldap_Attribute::PASSWORD_UNICODEPWD);
$this->_getLdap()->update($dn, $newData);
try {
$this->_getLdap()->bind($dn, $password);
$this->fail('Expected exception not thrown');
} catch (Zend_Ldap_Exception $zle) {
$message = $zle->getMessage();
$this->assertTrue(strstr($message, 'Invalid credentials') || strstr($message, 'Server is unwilling to perform'));
}
$this->assertType('Zend_Ldap', $this->_getLdap()->bind($dn, $newPasswd));
$this->_getLdap()->bind();
$this->_getLdap()->delete($dn);
} catch (Zend_Ldap_Exception $e) {
$this->_getLdap()->bind();
if ($this->_getLdap()->exists($dn)) {
$this->_getLdap()->delete($dn);
}
$this->fail($e->getMessage());
}
}
/**
* Gets a LDAP date/time attribute.
*
* This is an offline method.
*
* @param string $name
* @param integer $index
* @return array|integer
* @throws Zend_Ldap_Exception
*/
public function getDateTimeAttribute($name, $index = null)
{
return Zend_Ldap_Attribute::getDateTimeAttribute($this->_currentData, $name, $index);
}
/**
* Remove given values from a LDAP attribute
*
* @param string $attribName
* @param mixed|array $value
* @return void
*/
public function removeFromAttribute($attribName, $value)
{
Zend_Ldap_Attribute::removeFromAttribute($this->_currentData, $attribName, $value);
}
/**
* Parse the given tokens into a data structure
*
* @param array $data
* @param array $tokens
* @return void
*/
protected function _parseLdapSchemaSyntax(array &$data, array $tokens)
{
// tokens that have no value associated
$noValue = array('single-value', 'obsolete', 'collective', 'no-user-modification', 'abstract', 'structural', 'auxiliary');
// tokens that can have multiple values
$multiValue = array('must', 'may', 'sup');
while (count($tokens) > 0) {
$token = strtolower(array_shift($tokens));
if (in_array($token, $noValue)) {
$data[$token] = true;
// single value token
} else {
$data[$token] = array_shift($tokens);
// this one follows a string or a list if it is multivalued
if ($data[$token] == '(') {
// this creates the list of values and cycles through the tokens
// until the end of the list is reached ')'
$data[$token] = array();
while ($tmp = array_shift($tokens)) {
if ($tmp == ')') {
break;
}
if ($tmp != '$') {
$data[$token][] = Zend_Ldap_Attribute::convertFromLdapValue($tmp);
}
}
} else {
$data[$token] = Zend_Ldap_Attribute::convertFromLdapValue($data[$token]);
}
// create a array if the value should be multivalued but was not
if (in_array($token, $multiValue) && !is_array($data[$token])) {
$data[$token] = array($data[$token]);
}
}
}
}
public function testPasswordGenerationUnicodePwd()
{
$password = '******';
$unicodePwd = Zend_Ldap_Attribute::createPassword($password, Zend_Ldap_Attribute::PASSWORD_UNICODEPWD);
$this->assertEquals(10, strlen($unicodePwd));
$this->assertEquals("\"new\"", $unicodePwd);
}
protected function _changePassLdap(\Core_Dto_Mapping $dtoPass, $userEntity, $recover = FALSE)
{
try {
$ldapUser = $userEntity->getSqPessoa()->getSqPessoaFisica()->getNuCpf();
$userPasswd = $dtoPass->getTxSenha();
$adminAuth = $this->_adminAuthLDAP();
if (!$recover) {
$adminAuth->bind($ldapUser, $userPasswd);
}
$userDn = current($adminAuth->search("samAccountName={$ldapUser}")->toArray());
if (!$userDn) {
throw new \Core_Exception_ServiceLayer_Verification("Usuário inexistente no LDAP");
}
$userData = array();
\Zend_Ldap_Attribute::setPassword($userData, $dtoPass->getTxSenhaNova(), \Zend_Ldap_Attribute::PASSWORD_UNICODEPWD);
$this->_adminAuthLDAP()->update($userDn['dn'], $userData);
} catch (\Zend_Ldap_Exception $exc) {
$message = sprintf('[SICA-e] LDAP Error in %s: "%s"', __METHOD__, $exc->getMessage());
error_log($message);
$this->getMessaging()->addErrorMessage($exc->getMessage());
$message = sprintf('[Erro no LDAP] %s', $exc->getMessage());
$ldapCode = $exc->getCode();
if ($ldapCode > 0) {
$message = sprintf('LDAP0x%x', $ldapCode);
}
throw new \Core_Exception_ServiceLayer_Verification($message);
}
}
public function updateByLogin($login, $options)
{
$filter = Zend_Ldap_Filter::equals('samaccountname', $login);
$ldap = $this->getLdap();
$users = $ldap->search($filter);
if ($users->count() > 0) {
$user = $users->getFirst();
$dn = $user['dn'];
$entry = array();
foreach ($options as $attrib => $value) {
Zend_Ldap_Attribute::setAttribute($entry, $attrib, $value);
}
$res = $ldap->update($dn, $entry);
return $res;
}
return false;
}
/**
* Sets the value for the given LDAP attribute.
*
* @param array $entry LDAP entry
* @param string $attribName Attribute name.
* @param mixed $value Value.
*/
protected function _setLDAPAttribute(&$entry, $attribName, $value)
{
$attribName = strtolower($attribName);
Zend_Ldap_Attribute::setAttribute($entry, $attribName, $value);
}