/** * Create an Exchange account * * @param string $username The username of the user to add the Exchange account to * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn * @param string $emailAddress The primary email address to add to this user * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota. * @param string $baseDn Specify an alternative base_dn for the Exchange storage group * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname = NULL, $useDefaults = TRUE, $baseDn = NULL, $isGUID = false) { if ($username === NULL) { return "Missing compulsory field [username]"; } if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; } if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; } if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; } if ($baseDn === NULL) { $baseDn = $this->adldap->getBaseDn(); } $container = "CN=" . implode(",CN=", $storageGroup); if ($mailNickname === NULL) { $mailNickname = $username; } $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults); $attributes = array('exchange_homemdb' => $container . "," . $baseDn, 'exchange_proxyaddress' => 'SMTP:' . $emailAddress, 'exchange_mailnickname' => $mailNickname, 'exchange_usedefaults' => $mdbUseDefaults); $result = $this->adldap->user()->modify($username, $attributes, $isGUID); if ($result == false) { return false; } return true; }
/** * Get contact information. Returned in a raw array format from AD * * @param string $distinguishedName The full DN of a contact * @param null $fields Array of parameters to query * @return array|bool */ public function info($distinguishedName, $fields = NULL) { if ($distinguishedName === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } $filter = "distinguishedName=" . $this->adldap->utilities()->ldapSlashes($distinguishedName); if ($fields === NULL) { $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if ($entries[0]['count'] >= 1) { // AD does not return the primary group in the ldap query, we may need to fudge it if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) { //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]); $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]); } else { $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn(); } } $entries[0]["memberof"]["count"]++; return $entries; }
/** * Coping with AD not returning the primary group * http://support.microsoft.com/?kbid=321360 * * This is a re-write based on code submitted by Bruce which prevents the * need to search each security group to find the true primary group * * @param string $groupId Group ID * @param string $userId User's Object SID * @return bool */ public function getPrimaryGroup($groupId, $userId) { if ($groupId === NULL || $userId === NULL) { return false; } $groupId = substr_replace($userId, pack('V', $groupId), strlen($userId) - 4, 4); $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($groupId) . ')'; $fields = array("samaccountname", "distinguishedname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); if (isset($entries[0]['distinguishedname'][0])) { return $entries[0]['distinguishedname'][0]; } return false; }
/** * Converts a username (samAccountName) to a GUID * * @param string $username The username to query * @return string */ public function usernameToGuid($username) { if (!$this->adldap->getLdapBind()) { return false; } if ($username === null) { return "Missing compulsory field [username]"; } $filter = "samaccountname=" . $username; $fields = array("objectGUID"); $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) { $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr); $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID'); $strGUID = $this->adldap->utilities()->binaryToText($guid[0]); return $strGUID; } return false; }
/** * Get the groups a computer is in * * @param string $computerName The name of the computer * @param null $recursive Whether to check recursively * @return array|bool */ public function groups($computerName, $recursive = NULL) { if ($computerName === NULL) { return false; } if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it if (!$this->adldap->getLdapBind()) { return false; } //search the directory for their information $info = @$this->info($computerName, array("memberof", "primarygroupid")); $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames) if ($recursive === true) { foreach ($groups as $id => $groupName) { $extraGroups = $this->adldap->group()->recursiveGroups($groupName); $groups = array_merge($groups, $extraGroups); } } return $groups; }
/** * Finds GUID by DN * * @param adLDAP $adLdap * @param string $dn * @return null */ protected function findManagerGUID(adLDAP $adLdap, $dn = '') { if (!empty($dn)) { $filter = '(' . '&(objectClass=user)' . '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')' . '(objectCategory=person)(distinguishedname=' . $dn . ')' . ')'; $sr = ldap_search($adLdap->getLdapConnection(), $adLdap->getBaseDn(), $filter, ['objectGUID']); $entries = ldap_get_entries($adLdap->getLdapConnection(), $sr); if (isset($entries['count']) && $entries['count'] > 0) { return $adLdap->utilities()->decodeGuid($entries[0]['objectguid'][0]); } } return null; }