示例#1
0
 public function isValid($value)
 {
     $request = Zend_Controller_Front::getInstance()->getRequest();
     $fields = $request->getParams();
     $config = Zend_Registry::get('config');
     $servers = $config['ldap'];
     $valid = false;
     foreach ($servers as $server) {
         try {
             $ldap = new Zend_Ldap($server);
             $ldap->bind($fields['ldapUser'], $fields['ldapPassword']);
             $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $value));
             if (!empty($ldapEntry)) {
                 $valid |= true;
             }
         } catch (Exception $e) {
             $valid |= false;
         }
     }
     if (!$valid) {
         $this->_error(self::NOT_EXISTS);
         return false;
     }
     return true;
 }
示例#2
0
文件: Client.php 项目: knatorski/SMS
 public function checkDomain($params)
 {
     foreach ($params as $param) {
         $data[$param['name']] = $param['value'];
     }
     if (empty($data['toCheck'])) {
         throw new Exception('Podaj login zgłaszającego!');
     }
     $logic = new Logic_Validate_LdapLogin();
     $config = Zend_Registry::get('config');
     $servers = $config['ldap'];
     foreach ($servers as $server) {
         $ldap = new Zend_Ldap($server);
         $ldap->bind($data['login'], $data['password']);
         $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $data['toCheck']));
         if (!empty($ldapEntry)) {
             break;
         }
     }
     if (!empty($ldapEntry)) {
         $ret['pm_name'] = $ldapEntry[0]['displayname'][0];
         $ret['pm_email'] = $ldapEntry[0]['userprincipalname'][0];
         return $ret;
     } else {
         throw new Exception('Nie znaleziono użytkownika w domenie!');
     }
 }
 /**
  * returns ldap metadata of given group
  *
  * @param  int         $_groupId
  * @return array 
  * 
  * @todo remove obsolete code
  */
 protected function _getGroupMetaData($_groupId)
 {
     $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
     $filter = Zend_Ldap_Filter::equals($this->_options['groupUUIDAttribute'], Zend_Ldap::filterEscape($groupId));
     $result = $this->_ldap->search($filter, $this->_options['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('objectclass', 'sambasid'))->getFirst();
     return $result;
     /*
     } catch (Tinebase_Exception_NotFound $e) {
         throw new Exception("group with id $groupId not found");
     }
     */
 }
示例#4
0
文件: Ldap.php 项目: fredcido/simuweb
 /**
  * Checks the group membership of the bound user
  *
  * @param  Zend_Ldap $ldap
  * @param  string    $canonicalName
  * @param  string    $dn
  * @param  array     $adapterOptions
  * @return string|true
  */
 protected function _checkGroupMembership(Zend_Ldap $ldap, $canonicalName, $dn, array $adapterOptions)
 {
     if ($adapterOptions['group'] === null) {
         return true;
     }
     if ($adapterOptions['memberIsDn'] === false) {
         $user = $canonicalName;
     } else {
         $user = $dn;
     }
     /**
      * @see Zend_Ldap_Filter
      */
     require_once 'Zend/Ldap/Filter.php';
     $groupName = Zend_Ldap_Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']);
     $membership = Zend_Ldap_Filter::equals($adapterOptions['memberAttr'], $user);
     $group = Zend_Ldap_Filter::andFilter($groupName, $membership);
     $groupFilter = $adapterOptions['groupFilter'];
     if (!empty($groupFilter)) {
         $group = $group->addAnd($groupFilter);
     }
     $result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']);
     if ($result === 1) {
         return true;
     } else {
         return 'Failed to verify group membership with ' . $group->toString();
     }
 }
示例#5
0
 public function testRealFilterString()
 {
     $f1 = Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('sn', 'Gehrig'), Zend_Ldap_Filter::equals('sn', 'Goerke'));
     $f2 = Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('givenName', 'Stefan'), Zend_Ldap_Filter::equals('givenName', 'Ingo'));
     $f = Zend_Ldap_Filter::andFilter($f1, $f2);
     $this->assertEquals('(&(|(sn=Gehrig)(sn=Goerke))(|(givenName=Stefan)(givenName=Ingo)))', $f->toString());
 }
 /**
  * returns ldap metadata of given group
  *
  * @param  string $_groupId
  * @return array
  * @throws Tinebase_Exception_NotFound
  * 
  * @todo remove obsolete code
  */
 protected function _getMetaData($_groupId)
 {
     $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
     $filter = Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId));
     $result = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('objectclass', 'objectsid'));
     if (count($result) !== 1) {
         throw new Tinebase_Exception_NotFound("Group with id {$_groupId} not found.");
     }
     $group = $result->getFirst();
     return array('dn' => $group['dn'], 'objectclass' => $group['objectclass'], 'objectsid' => Tinebase_Ldap::decodeSid($group['objectsid'][0]));
 }
示例#7
0
 public function testSearchEntriesShortcutWithDnObjectAndFilterObject()
 {
     $dn = Zend_Ldap_Dn::fromString(TESTS_ZEND_LDAP_WRITEABLE_SUBTREE);
     $filter = Zend_Ldap_Filter::equals('objectClass', 'organizationalUnit');
     $entries = $this->_getLdap()->searchEntries($filter, $dn, Zend_Ldap::SEARCH_SCOPE_SUB);
     $this->assertType("array", $entries);
     $this->assertEquals(9, count($entries));
 }
 /**
  * resolve UUID(for example entryUUID) to uidnumber
  *
  * @param string $_uuid
  * @return string
  */
 public function resolveUUIdToUIdNumber($_uuid)
 {
     if ($this->_userUUIDAttribute == 'uidnumber') {
         return $_uuid;
     }
     $filter = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($_uuid));
     $groupId = $this->_ldap->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('uidnumber'))->getFirst();
     return $groupId['uidnumber'][0];
 }
示例#9
0
 /**
  * Returns a condition statement string based on given field identifier and clause(s)
  * 
  * @param string	$field
  * @param array		$clauses
  * @param string 	$mode
  * @return string
  */
 protected function _buildConditionStatement($field, array $clauses, $mode = 'AND')
 {
     $statements = array();
     foreach ($clauses as $key => $clause) {
         $prefix = $suffix = null;
         $ops = $this->_matchOperator($clause['operator']);
         $value = $clause['value'];
         if (in_array(Backend\Condition::OPERATOR_BEGINSWITH, $ops)) {
             $value .= '*';
             $filter = \Zend_Ldap_Filter::begins($field, $value);
         }
         if (in_array(Backend\Condition::OPERATOR_ENDSWITH, $ops)) {
             $value = '*' . $value;
             if ($filter instanceof \Zend_Ldap_Filter) {
                 $filter = \Zend_Ldap_Filter::contains($field, $value);
             } else {
                 $filter = \Zend_Ldap_Filter::ends($field, $value);
             }
         }
         if (in_array(Backend\Condition::OPERATOR_DIFF, $ops)) {
             $prefix = '(!';
             $suffix = ')';
         }
         /* if value is an t41_Object_Model-derivated object, use its uri to get id value
          * 
          * @todo set a better way to check that a t41_Object_Uri contains a given t41_Backend_Uri/alias
          *
          * @var $value t41_Object_Model
          */
         if ($value instanceof ObjectModel\BaseObject) {
             throw new Exception("LDAP Adapter doesn't support conditions which value is an object: " . $field);
         }
         $operator = '=';
         $statements[] = sprintf('%s(%s%s%s)%s', $prefix, $field, $operator, $value, $suffix);
     }
     return implode($statements);
 }
示例#10
0
 /**
  * read ldap / get users and groups from tine an create mapping
  * 
  * @return array
  */
 protected function _getGroupMapping()
 {
     $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Fetching user mapping ...');
     $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter));
     $mapping = array();
     $groupNameMapping = $this->_config->groupNameMapping ? $this->_config->groupNameMapping->toArray() : array();
     $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group name mapping: ' . print_r($groupNameMapping, TRUE));
     $ldapGroups = $this->_ldap->search($filter, $this->_config->ldap->baseDn, $this->_groupSearchScope, array('*', '+'));
     foreach ($ldapGroups as $group) {
         $groupname = isset($groupNameMapping[$group['cn'][0]]) ? $groupNameMapping[$group['cn'][0]] : $group['cn'][0];
         $ldapUuid = $group['entryuuid'][0];
         try {
             $tineGroup = $this->_tineGroupBackend->getGroupByName($groupname);
             $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tineGroup->getId() . ' -> ' . $ldapUuid);
             $mapping[$tineGroup->getId()] = $ldapUuid;
         } catch (Tinebase_Exception_Record_NotDefined $tenf) {
             // @todo should be: Tinebase_Exception_NotFound
             $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tenf->getMessage());
         }
     }
     $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Found ' . count($mapping) . ' groups for the mapping.');
     $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($mapping, TRUE));
     return $mapping;
 }
示例#11
0
文件: Ldap.php 项目: robeendey/ce
 /**
  * Checks the group membership of the bound user
  *
  * @param  Zend_Ldap $ldap
  * @param  string    $canonicalName
  * @param  string    $dn
  * @param  array     $adapterOptions
  * @return string|true
  */
 protected function _checkGroupMembership(Zend_Ldap $ldap, $canonicalName, $dn, array $adapterOptions)
 {
     if ($adapterOptions['group'] === null) {
         return true;
     }
     if ($adapterOptions['memberIsDn'] === false) {
         $user = $canonicalName;
     } else {
         $user = $dn;
     }
     /**
      * @see Zend_Ldap_Filter
      */
     // require_once 'Zend/Ldap/Filter.php';
     $groupName = Zend_Ldap_Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']);
     $membership = Zend_Ldap_Filter::equals($adapterOptions['memberAttr'], $user);
     $group = Zend_Ldap_Filter::andFilter($groupName, $membership);
     $groupFilter = $adapterOptions['groupFilter'];
     if (!empty($groupFilter)) {
         $group = $group->addAnd($groupFilter);
     }
     /*
      * Fixes problem when authenticated user is not allowed to retrieve
      * group-membership information.
      * This requires that the user specified with "username" and "password"
      * in the Zend_Ldap options is able to retrieve the required information.
      */
     $ldap->bind();
     $result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']);
     if ($result === 1) {
         return true;
     } else {
         return 'Failed to verify group membership with ' . $group->toString();
     }
 }
 /**
  * return sid of group
  * 
  * @param string  $_groupId
  * @return string the sid of the group 
  */
 protected function _getGroupSID($_groupId)
 {
     $ldapOptions = Tinebase_User::getBackendConfiguration();
     $filter = Zend_Ldap_Filter::equals($ldapOptions['groupUUIDAttribute'], Zend_Ldap::filterEscape($_groupId));
     $groups = $this->_ldap->search($filter, $ldapOptions['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('sambasid'));
     if (count($groups) == 0) {
         throw new Tinebase_Exception_NotFound('Group not found! Filter: ' . $filter->toString());
     }
     $group = $groups->getFirst();
     if (empty($group['sambasid'][0])) {
         throw new Tinebase_Exception_NotFound('Group has no sambaSID');
     }
     return $group['sambasid'][0];
 }
 /**
  * (non-PHPdoc)
  */
 protected function _getSpecialResultDataFromLdap()
 {
     $filter = "&";
     foreach ($this->_simpleMailConfig['skeleton'] as $attr => $val) {
         if (is_array($val)) {
             foreach ($val as $val_array) {
                 $filter .= '(' . $attr . '=' . $val_array . ')';
             }
         } else {
             $filter .= '(' . $attr . '=' . $val . ')';
         }
     }
     $ldap = $this->_ldap->searchEntries(Zend_Ldap_Filter::string($filter), $this->_simpleMailConfig['base'], $this->_simpleMailConfig['scope'], array());
     /* Make sure, the managed rdn is last in array and properties are
      * ultimately read from this rdn (if entries are doubled)
      *  
      * Order of array matters: 
      *  - all entries anywhere
      *  - entries within the storage path
      *  - the exact managed dn
      */
     $this->_ldapRawData = array();
     $managedPath = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
     $managedDn = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_rdn'] . ',' . $this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
     $managedDnExisting = false;
     foreach ($ldap as $dn) {
         $dnArr = Zend_Ldap_Dn::fromString($dn['dn'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
         if ($dnArr->toString() == $managedDn->toString()) {
             array_push($this->_ldapRawData, $dn);
             $managedDnExisting = true;
         } elseif (Zend_Ldap_Dn::isChildOf($dnArr, $managedPath)) {
             $managedDnExisting === true ? array_splice($this->_ldapRawData, -1, 0, array($dn)) : array_push($this->_ldapRawData, $dn);
         } else {
             $dn['simplemail_readonly'] = true;
             array_unshift($this->_ldapRawData, $dn);
         }
     }
     if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
         Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' simpleMail - Tinebase_EmailUser combined with ldap: ' . print_r($this->_ldapRawData, true));
     }
 }
示例#14
0
 /**
  * get groupmemberships of user from sync backend
  * 
  * @param   Tinebase_Model_User|string  $_userId
  * @return  array  list of group ids
  */
 public function getGroupMembershipsFromSyncBackend($_userId)
 {
     $metaData = $this->_getUserMetaData($_userId);
     $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])), Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($metaData['dn']))));
     if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
         Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter);
     }
     $groups = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('cn', 'description', $this->_groupUUIDAttribute));
     $memberships = array();
     foreach ($groups as $group) {
         $memberships[] = $group[$this->_groupUUIDAttribute][0];
     }
     if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
         Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE));
     }
     return $memberships;
 }
示例#15
0
文件: AD.php 项目: dafik/dfi
 public function getDetailsByLoginAndController($login, $controller)
 {
     try {
         $ldap = $this->getLdap($controller);
     } catch (Exception $e) {
         $x = 1;
     }
     if ($ldap) {
         $f1 = Zend_Ldap_Filter::equals('samaccountname', $login);
         /* attributes = array(
            'displayname',
            'dn',
            'givenname',
            'name',
            'samaccountname',
            'sn',
            'whencreated',
            'useraccountcontrol',
            'memberof',
            'telephoneNumber',
            'objectguid'
            ); */
         $adUsers = $ldap->search($f1);
         return $adUsers->getFirst();
     }
     return [];
 }
示例#16
0
文件: User.php 项目: knatorski/SMS
 /**
  * Metoda pobierająca dane użytkownika o podanym loginie z domeny
  * @param string $login
  * @return array|boolean
  */
 public function getLdapData($login, $ldapPwd)
 {
     $login = strtolower($login);
     $config = Zend_Registry::get('config');
     $identity = Zend_Auth::getInstance()->getIdentity();
     $ldapServers = $config['ldap'];
     foreach ($ldapServers as $server) {
         try {
             $ldap = new Zend_Ldap($server);
             $ldap->bind($identity->login, $ldapPwd);
             $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $login));
             if (!empty($ldapEntry)) {
                 return array_shift($ldapEntry);
             }
         } catch (Exception $e) {
             // pusty catch - obsługa braku dostępu do wybranej domeny
             // na podstawie danych zalogowanego użytkownika
         }
     }
     return false;
 }