function checkLDAPGroupEx($ldapconn, $userdn, $groupdn)
{
$attributes = array("memberOf");
$result = ldap_read($ldapconn, $userdn, "(objectclass=*)", $attributes);
if ($result === FALSE) {
return FALSE;
}
$entries = ldap_get_entries($ldapconn, $result);
if ($entries['count'] <= 0) {
return FALSE;
}
if (empty($entries[0]['memberof'])) {
return FALSE;
} else {
for ($i = 0; $i < $entries[0]['memberof']['count']; $i++) {
if ($entries[0]['memberof'][$i] == $groupdn) {
return TRUE;
} elseif (checkLDAPGroupEx($ldapconn, $entries[0]['memberof'][$i], $groupdn)) {
return TRUE;
}
}
}
return FALSE;
}
}
}
}
if ($_POST['loginwith'] == 'adlogin') {
define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x32);
$type = "adlogin";
$ldapconn = ldap_connect($conf->getSetting("ldapserver"));
if ($ldapconn) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if (ldap_bind($ldapconn, $username . "@" . $conf->getSetting("ldapdomain"), $_POST['password'])) {
$basedn = "DC=" . implode(",DC=", explode(".", $conf->getSetting("ldapdomain")));
$userdn = getDN($ldapconn, $username, $basedn);
foreach ($conf->getAdmins() as $key => $value) {
$groupdn = getDN($ldapconn, $value['cn'], $basedn);
if (checkLDAPGroupEx($ldapconn, $userdn, $groupdn)) {
$isAuth = TRUE;
}
}
ldap_unbind($ldapconn);
} else {
if (ldap_get_option($ldapconn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
$loginerror = "LDAP: Error on Bind - " . $extended_error;
} else {
$loginerror = "LDAP: Invalid Credentials";
}
}
} else {
$loginerror = "LDAP: Unable to Connect to URL";
}
}