Пример #1
0
 /**
  * Build the array sent to GenericUser for use in Auth::user()
  * 
  * @param adLDAP\adLDAP $infoCollection
  * @return array $info
  */
 protected function setInfoArray($infoCollection)
 {
     /*
      * in app/auth.php set the fields array with each value
      * as a field you want from active directory
      * If you have 'user' => 'samaccountname' it will set the $info['user'] = $infoCollection->samaccountname
      * refer to the adLDAP docs for which fields are available.
      */
     if (!empty($this->config['fields'])) {
         foreach ($this->config['fields'] as $k => $field) {
             if ($k == 'groups') {
                 $info[$k] = $this->getAllGroups($infoCollection->memberof);
             } elseif ($k == 'primarygroup') {
                 $info[$k] = $this->getPrimaryGroup($infoCollection->distinguishedname);
             } else {
                 $info[$k] = $infoCollection->{$field};
             }
         }
     } else {
         //if no fields array present default to username and displayName
         $info['username'] = $infoCollection->samaccountname;
         $info['displayname'] = $infoCollection->displayName;
         $info['primarygroup'] = $this->getPrimaryGroup($infoCollection->distinguishedname);
         $info['groups'] = $this->getAllGroups($infoCollection->memberof);
     }
     /*
      * I needed a user list to populate a dropdown
      * Set userlist to true in app/config/auth.php and set a group in app/config/auth.php as well
      * The table is the OU in Active directory you need a list of.
      */
     if (!empty($this->config['userList'])) {
         $info['userlist'] = $this->ad->folder()->listing(array($this->config['group']));
     }
     return $info;
 }
 /**
  * Get all users with their LDAP fields
  *
  * @return Collection
  * @throws Exception
  */
 public function getAllUsersWithFields()
 {
     //Get all users from LDAP
     $users = $this->getAllUsers();
     $collection = new Collection([]);
     foreach ($users as $user) {
         $info = $this->adldap->user()->info($user, $this->fields)[0];
         //If there is no displayname its probably a local account
         if (!isset($info['displayname'])) {
             continue;
         }
         //Add it to the collection
         $collection->push(new LdapUserObject($info, $this->fields));
     }
     return $collection;
 }
 /**
  * Create an organizational unit
  * 
  * @param array $attributes Default attributes of the ou
  * @return bool
  */
 public function create($attributes)
 {
     if (!is_array($attributes)) {
         return "Attributes must be an array";
     }
     if (!is_array($attributes["container"])) {
         return "Container attribute must be an array.";
     }
     if (!array_key_exists("ou_name", $attributes)) {
         return "Missing compulsory field [ou_name]";
     }
     if (!array_key_exists("container", $attributes)) {
         return "Missing compulsory field [container]";
     }
     $attributes["container"] = array_reverse($attributes["container"]);
     $add = array();
     $add["objectClass"] = "organizationalUnit";
     $add["OU"] = $attributes['ou_name'];
     $containers = "";
     if (count($attributes['container']) > 0) {
         $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
     }
     $containers = "OU=" . implode(",OU=", $attributes["container"]);
     $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
     if ($result != true) {
         return false;
     }
     return true;
 }
Пример #4
0
 /**
  * Get the last logon time of any user as a Unix timestamp
  * 
  * @param string $username
  * @return long $unixTimestamp
  */
 public function getLastLogon($username)
 {
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     if ($username === null) {
         return "Missing compulsory field [username]";
     }
     $userInfo = $this->info($username, array("lastLogonTimestamp"));
     $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
     return $lastLogon;
 }
Пример #5
0
 /**
  * Returns a list of Databases within any given storage group in Exchange for a given mail server
  * 
  * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
  * @param array $attributes An array of the AD attributes you wish to return
  * @return array
  */
 public function storageDatabases($storageGroup, $attributes = array('cn', 'distinguishedname', 'displayname'))
 {
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     if ($storageGroup === NULL) {
         return "Missing compulsory field [storageGroup]";
     }
     $filter = '(&(objectCategory=msExchPrivateMDB))';
     $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
     $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
     return $entries;
 }
 /**
  * Convert DN string to array
  *
  * @param $dnStr
  * @param bool $excludeBaseDn exclude base DN from results
  *
  * @return array
  */
 public function dnStrToArr($dnStr, $excludeBaseDn = true)
 {
     $dnArr = array();
     if (!empty($dnStr)) {
         $tmpArr = explode(',', $dnStr);
         $baseDnArr = explode(',', $this->adldap->getBaseDn());
         foreach ($tmpArr as $_tmpStr) {
             if ($excludeBaseDn && in_array($_tmpStr, $baseDnArr)) {
                 continue;
             }
             $dnArr[] = substr($_tmpStr, strpos($_tmpStr, '=') + 1);
         }
     }
     return $dnArr;
 }
Пример #7
0
 /**
  * Coping with AD not returning the primary group
  * http://support.microsoft.com/?kbid=321360
  *
  * For some reason it's not possible to search on primarygrouptoken=XXX
  * If someone can show otherwise, I'd like to know about it :)
  * this way is resource intensive and generally a pain in the @#%^
  *
  * @deprecated deprecated since version 3.1, see get get_primary_group
  * @param string $gid Group ID
  * @return bool|string
  */
 public function cn($gid)
 {
     if ($gid === NULL) {
         return false;
     }
     $r = '';
     $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
     $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
     $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
     $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
     for ($i = 0; $i < $entries["count"]; $i++) {
         if ($entries[$i]["primarygrouptoken"][0] == $gid) {
             $r = $entries[$i]["distinguishedname"][0];
             $i = $entries["count"];
         }
     }
     return $r;
 }
Пример #8
0
 /**
  * Return list of groups (except domain and suffix).
  *
  * @param array $groups
  *
  * @return array
  */
 protected function getAllGroups($groups)
 {
     $grps = '';
     if (is_null($groups)) {
         return $grps;
     }
     if ($this->ad->getRecursiveGroups()) {
         return array_combine($groups, $groups);
     }
     if (!is_array($groups)) {
         $groups = explode(',', $groups);
     }
     foreach ($groups as $k => $group) {
         $splitGroups = explode(',', $group);
         foreach ($splitGroups as $splitGroup) {
             if (substr($splitGroup, 0, 3) == 'CN=') {
                 $grps[substr($splitGroup, '3')] = substr($splitGroup, '3');
             }
         }
     }
     return $grps;
 }
Пример #9
0
 /**
  * Get the groups a computer is in
  *
  * @param string $computerName The name of the computer
  * @param null $recursive Whether to check recursively
  * @return array|bool
  */
 public function groups($computerName, $recursive = NULL)
 {
     if ($computerName === NULL) {
         return false;
     }
     if ($recursive === NULL) {
         $recursive = $this->adldap->getRecursiveGroups();
     }
     //use the default option if they haven't set it
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     //search the directory for their information
     $info = @$this->info($computerName, array("memberof", "primarygroupid"));
     $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]);
     //presuming the entry returned is our guy (unique usernames)
     if ($recursive === true) {
         foreach ($groups as $id => $groupName) {
             $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
             $groups = array_merge($groups, $extraGroups);
         }
     }
     return $groups;
 }
Пример #10
0
<?php

use adLDAP\adLDAP;
/*
Examples file

To test any of the functions, just change the 0 to a 1.
*/
//error_reporting(E_ALL ^ E_NOTICE);
include dirname(__FILE__) . '/../lib/adLDAP/adLDAP.php';
try {
    $adldap = new adLDAP($options);
} catch (adLDAPException $e) {
    echo $e;
    exit;
}
//var_dump($ldap);
echo "<pre>\n";
// authenticate a username/password
if (0) {
    $result = $adldap->authenticate('username', 'password');
    var_dump($result);
}
// add a group to a group
if (0) {
    $result = $adldap->group()->addGroup('Parent Group Name', 'Child Group Name');
    var_dump($result);
}
// add a user to a group
if (0) {
    $result = $adldap->group()->addUser('Group Name', 'username');
Пример #11
0
 /**
  * Mail enable a contact. Allows email to be sent to them through Exchange.
  *
  * @param $distinguishedName
  * @param $emailAddress
  * @param null $mailNickname
  * @return bool
  */
 public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
 {
     return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
 }
 public function fetchData(adUser $adUser, TokenInterface $token, adLDAP $adLdap)
 {
     $connected = $adLdap->connect();
     $isAD = $adLdap->authenticate($adUser->getUsername(), $token->getCredentials());
     if (!$isAD || !$connected) {
         $msg = $this->translator->trans('ztec.security.active_directory.ad.bad_response', array('%connection_status%' => var_export($connected, 1), '%is_AD%' => var_export($isAD, 1)));
         throw new \Exception($msg);
     }
     /** @var adLDAPUserCollection $user */
     $user = $adLdap->user()->infoCollection($adUser->getUsername());
     //$userInfo = $adLdap->user_info($this->username);
     if ($user) {
         $groups = array();
         //$allGroups = $adLdap->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP,true);
         $groups = $adLdap->user()->groups($adUser->getUsername(), $this->recursiveGrouproles);
         /*if ($this->recursiveGrouproles == true) {
               // get recursive groups via adLdap
               $groups = $adLdap->user()->groups($adUser->getUsername(), true);
           } else {
               foreach ($user->memberOf as $k => $group) {
                   if ($k !== 'count' && $group) {
                       $reg = '#CN=([^,]*)#';
                       preg_match_all($reg, $group, $out);
                       $groups[] = $out[1][0];
                       /* if(array_key_exists($out[1][0],$allGroups)){
                            $groups[$out[1][0]] = $allGroups[$out[1][0]];
                        }*/
         /*}
               }
           }*/
         /** End Fetching */
         $sfRoles = array();
         $sfRolesTemp = array();
         foreach ($groups as $r) {
             if (in_array($r, $sfRolesTemp) === false) {
                 $sfRoles[] = 'ROLE_' . strtoupper(str_replace(' ', '_', $r));
                 $sfRolesTemp[] = $r;
             }
         }
         $adUser->setRoles($sfRoles);
         unset($sfRolesTemp);
         $adUser->setDisplayName($user->displayName);
         $adUser->setEmail($user->mail);
         return true;
     }
 }
 public function authenticate($username, $password)
 {
     return $this->adServer->authenticate($username, $password);
 }
 /**
  * @param Authenticatable $user
  * @param array           $credentials
  * @return bool
  */
 public function validateCredentials(Authenticatable $user, array $credentials)
 {
     $username = $credentials['username'];
     $password = $credentials['password'];
     return $this->adldap->authenticate($username, $password);
 }
 /**
  * Validates the credentials against the configured LDAP/AD server.
  * The credentials are passed in an array with the keys 'username'
  * and 'password'.
  *
  * @param  array   $credentials   The credentials to validate.
  * @return boolean
  */
 private function validateLDAPCredentials(array $credentials)
 {
     $credentialsValidated = false;
     $adldap = false;
     try {
         $userPassword = $credentials['password'];
         $userName = $credentials['username'];
         $ldapConOp = $this->GetLDAPConnectionOptions();
         //            // Set LDAP debug log level - useful in DEV, dangerous in PROD!!
         //            ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
         // Try to authenticate using AD/LDAP
         $adldap = new adLDAP($ldapConOp);
         $authUser = $adldap->user()->authenticate($userName, $userPassword);
         // If the user got authenticated
         if ($authUser == true) {
             $credentialsValidated = true;
         } else {
             $this->handleLDAPError($adldap);
             $credentialsValidated = false;
         }
     } catch (\Exception $ex) {
         Log::error('Exception validating LDAP credential for user: '******', Exception message: ' . $ex->getMessage());
         Log::error($ex->getTraceAsString());
         $this->handleLDAPError($adldap);
         $credentialsValidated = false;
     }
     if (isset($adldap)) {
         $adldap->close();
         unset($adldap);
     }
     return $credentialsValidated;
 }
Пример #16
0
<?php

use adLDAP\adLDAP;
/*
Examples file

To test any of the functions, just change the 0 to a 1.
*/
//error_reporting(E_ALL ^ E_NOTICE);
include dirname(__FILE__) . "/../lib/adLDAP/adLDAP.php";
try {
    $adldap = new adLDAP($options);
} catch (adLDAPException $e) {
    echo $e;
    exit;
}
//var_dump($ldap);
echo "<pre>\n";
// authenticate a username/password
if (0) {
    $result = $adldap->authenticate("username", "password");
    var_dump($result);
}
// add a group to a group
if (0) {
    $result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name");
    var_dump($result);
}
// add a user to a group
if (0) {
    $result = $adldap->group()->addUser("Group Name", "username");
Пример #17
0
 /**
  * Finds GUID by DN
  *
  * @param adLDAP $adLdap
  * @param string $dn
  * @return null
  */
 protected function findManagerGUID(adLDAP $adLdap, $dn = '')
 {
     if (!empty($dn)) {
         $filter = '(' . '&(objectClass=user)' . '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')' . '(objectCategory=person)(distinguishedname=' . $dn . ')' . ')';
         $sr = ldap_search($adLdap->getLdapConnection(), $adLdap->getBaseDn(), $filter, ['objectGUID']);
         $entries = ldap_get_entries($adLdap->getLdapConnection(), $sr);
         if (isset($entries['count']) && $entries['count'] > 0) {
             return $adLdap->utilities()->decodeGuid($entries[0]['objectguid'][0]);
         }
     }
     return null;
 }
Пример #18
0
}
require_once __DIR__ . '/../vendor/autoload.php';
use adLDAP\adLDAP;
use adLDAP\Exceptions\adLDAPException;
$options = ['account_suffix' => '', 'base_dn' => null, 'domain_controllers' => [''], 'admin_username' => null, 'admin_password' => null, 'real_primarygroup' => '', 'use_ssl' => false, 'use_tls' => false, 'recursive_groups' => true, 'ad_port' => adLDAP::ADLDAP_LDAP_PORT, 'sso' => ''];
foreach ($options as $optName => $defaultValue) {
    if (isset($_POST[$optName])) {
        $options[$optName] = $_POST[$optName];
    }
}
$options['domain_controllers'] = array_filter($options['domain_controllers']);
$adldap = false;
$exception = false;
if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) {
    try {
        $adldap = new adLDAP($options);
        $options['base_dn'] = $adldap->getBaseDn();
        $options['ad_port'] = $adldap->getPort();
    } catch (adLDAPException $e) {
        $exception = $e;
    }
}
$username = !empty($_POST['username']) ? $_POST['username'] : '';
$info = false;
if ($adldap && !empty($username)) {
    $password = $_POST['password'];
    try {
        $adldap->authenticate($username, $password);
        $info = $adldap->user()->info($username, ['*']);
        if (isset($info[0])) {
            $info = $info[0];