/** * Move a user account to a different OU * * @param string $username The username to move (please be careful here!) * @param array $container The container or containers to move the user to (please be careful here!). * accepts containers in 1. parent 2. child order * @return array */ public function move($username, $container) { if (!$this->adldap->getLdapBind()) { return false; } if ($username === null) { return "Missing compulsory field [username]"; } if ($container === null) { return "Missing compulsory field [container]"; } if (!is_array($container)) { return "Container must be an array"; } $userInfo = $this->info($username, array("*")); $dn = $userInfo[0]['distinguishedname'][0]; $newRDn = "cn=" . $username; $container = array_reverse($container); $newContainer = "ou=" . implode(",ou=", $container); $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn(); $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true); if ($result !== true) { return false; } return true; }
/** * Return a list of all contacts * * @param bool $includeDescription Include a description of a contact * @param string $search The search parameters * @param bool $sorted Whether to sort the results * @return array */ public function all($includeDescription = false, $search = "*", $sorted = true) { if (!$this->adldap->getLdapBind()) { return false; } // Perform the search and grab all their details $filter = "(&(objectClass=contact)(cn=" . $search . "))"; $fields = array("displayname", "distinguishedname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); $usersArray = array(); for ($i = 0; $i < $entries["count"]; $i++) { if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) { $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0]; } elseif ($include_desc) { $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0]; } else { array_push($usersArray, $entries[$i]["distinguishedname"][0]); } } if ($sorted) { asort($usersArray); } return $usersArray; }
/** * Get information about a specific computer. Returned in a raw array format from AD * * @param string $computerName The name of the computer * @param array $fields Attributes to return * @return array */ public function info($computerName, $fields = NULL) { if ($computerName === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } $filter = "(&(objectClass=computer)(cn=" . $computerName . "))"; if ($fields === NULL) { $fields = array("memberof", "cn", "displayname", "dnshostname", "distinguishedname", "objectcategory", "operatingsystem", "operatingsystemservicepack", "operatingsystemversion"); } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); return $entries; }
/** * Create an organizational unit * * @param array $attributes Default attributes of the ou * @return bool */ public function create($attributes) { if (!is_array($attributes)) { return "Attributes must be an array"; } if (!is_array($attributes["container"])) { return "Container attribute must be an array."; } if (!array_key_exists("ou_name", $attributes)) { return "Missing compulsory field [ou_name]"; } if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; } $attributes["container"] = array_reverse($attributes["container"]); $add = array(); $add["objectClass"] = "organizationalUnit"; $add["OU"] = $attributes['ou_name']; $containers = ""; if (count($attributes['container']) > 0) { $containers = "OU=" . implode(",OU=", $attributes["container"]) . ","; } $containers = "OU=" . implode(",OU=", $attributes["container"]); $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add); if ($result != true) { return false; } return true; }
/** * !!!! Méthode ajouter !!!! * Active un ordinateur * * @param string $dn le dn de l'ordinateur * @return bool */ public function activerComputer($dn) { $controlOptions = array("PASSWD_NOTREQD", "WORKSTATION_TRUST_ACCOUNT"); $mod["userAccountControl"][0] = $this->accountControl($controlOptions); $result = @ldap_modify($this->adldap->getLdapConnection(), $dn, $mod); if ($result == false) { return false; } return true; }
/** * Returns a list of Databases within any given storage group in Exchange for a given mail server * * @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN * @param array $attributes An array of the AD attributes you wish to return * @return array */ public function storageDatabases($storageGroup, $attributes = array('cn', 'distinguishedname', 'displayname')) { if (!$this->adldap->getLdapBind()) { return false; } if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; } $filter = '(&(objectCategory=msExchPrivateMDB))'; $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes); $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); return $entries; }
/** * Coping with AD not returning the primary group * http://support.microsoft.com/?kbid=321360 * * For some reason it's not possible to search on primarygrouptoken=XXX * If someone can show otherwise, I'd like to know about it :) * this way is resource intensive and generally a pain in the @#%^ * * @deprecated deprecated since version 3.1, see get get_primary_group * @param string $gid Group ID * @return string */ public function cn($gid) { if ($gid === NULL) { return false; } $r = false; $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))"; $fields = array("primarygrouptoken", "samaccountname", "distinguishedname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); for ($i = 0; $i < $entries["count"]; $i++) { if ($entries[$i]["primarygrouptoken"][0] == $gid) { $r = $entries[$i]["distinguishedname"][0]; $i = $entries["count"]; } } return $r; }
/** * Créé un ordinateur dans l'ad * @param array $attributes * @return string|boolean */ public function create($attributes) { // Check for compulsory fields if (!array_key_exists("cn", $attributes)) { return "Missing compulsory field [username]"; } if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; } if (!is_array($attributes["container"])) { return "Container attribute must be an array."; } // Translate the schema // $add = $this->adldap->adldap_schema($attributes); // Additional stuff only used for adding accounts $add["cn"][0] = $attributes["cn"]; $add["sAMAccountName"][0] = $attributes["cn"] . "\$"; $add["objectClass"][0] = "top"; $add["objectClass"][1] = "person"; $add["objectClass"][2] = "organizationalPerson"; $add["objectClass"][3] = "user"; //person? $add["objectClass"][4] = "computer"; //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"]; // Set the account control attribute $control_options = array("WORKSTATION_TRUST_ACCOUNT"); $add["userAccountControl"][0] = $this->accountControl($control_options); // Determine the container $attributes["container"] = array_reverse($attributes["container"]); //$container = "OU=" . implode(",OU= ",$attributes["container"]); $container = "CN=" . implode(",CN= ", $attributes["container"]); // Add the entry $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . "," . $container . "," . $this->adldap->getBaseDn(), $add); if ($result != true) { return false; } return true; }