/** * Create an Exchange account * * @param string $username The username of the user to add the Exchange account to * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn * @param string $emailAddress The primary email address to add to this user * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota. * @param string $baseDn Specify an alternative base_dn for the Exchange storage group * @param bool $isGUID Is the username passed a GUID or a samAccountName * @return bool */ public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname = NULL, $useDefaults = TRUE, $baseDn = NULL, $isGUID = false) { if ($username === NULL) { return "Missing compulsory field [username]"; } if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; } if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; } if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; } if ($baseDn === NULL) { $baseDn = $this->adldap->getBaseDn(); } $container = "CN=" . implode(",CN=", $storageGroup); if ($mailNickname === NULL) { $mailNickname = $username; } $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults); $attributes = array('exchange_homemdb' => $container . "," . $baseDn, 'exchange_proxyaddress' => 'SMTP:' . $emailAddress, 'exchange_mailnickname' => $mailNickname, 'exchange_usedefaults' => $mdbUseDefaults); $result = $this->adldap->user()->modify($username, $attributes, $isGUID); if ($result == false) { return false; } return true; }
/** * Move a user account to a different OU * * @param string $username The username to move (please be careful here!) * @param array $container The container or containers to move the user to (please be careful here!). * accepts containers in 1. parent 2. child order * @return array */ public function move($username, $container) { if (!$this->adldap->getLdapBind()) { return false; } if ($username === null) { return "Missing compulsory field [username]"; } if ($container === null) { return "Missing compulsory field [container]"; } if (!is_array($container)) { return "Container must be an array"; } $userInfo = $this->info($username, array("*")); $dn = $userInfo[0]['distinguishedname'][0]; $newRDn = "cn=" . $username; $container = array_reverse($container); $newContainer = "ou=" . implode(",ou=", $container); $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn(); $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true); if ($result !== true) { return false; } return true; }
/** * Return a list of all contacts * * @param bool $includeDescription Include a description of a contact * @param string $search The search parameters * @param bool $sorted Whether to sort the results * @return array|bool */ public function all($includeDescription = false, $search = "*", $sorted = true) { if (!$this->adldap->getLdapBind()) { return false; } // Perform the search and grab all their details $filter = "(&(objectClass=contact)(cn=" . $search . "))"; $fields = array("displayname", "distinguishedname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); $usersArray = array(); for ($i = 0; $i < $entries["count"]; $i++) { if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) { $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0]; } elseif ($includeDescription) { $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0]; } else { array_push($usersArray, $entries[$i]["distinguishedname"][0]); } } if ($sorted) { asort($usersArray); } return $usersArray; }
/** * Get information about a specific computer. Returned in a raw array format from AD * * @param string $computerName The name of the computer * @param null $fields Attributes to return * @return array|bool */ public function info($computerName, $fields = NULL) { if ($computerName === NULL) { return false; } if (!$this->adldap->getLdapBind()) { return false; } $filter = "(&(objectClass=computer)(cn=" . $computerName . "))"; if ($fields === NULL) { $fields = array("memberof", "cn", "displayname", "dnshostname", "distinguishedname", "objectcategory", "operatingsystem", "operatingsystemservicepack", "operatingsystemversion"); } $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); return $entries; }
/** * Create an organizational unit * * @param array $attributes Default attributes of the ou * @return bool */ public function create($attributes) { if (!is_array($attributes)) { return "Attributes must be an array"; } if (!is_array($attributes["container"])) { return "Container attribute must be an array."; } if (!array_key_exists("ou_name", $attributes)) { return "Missing compulsory field [ou_name]"; } if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; } $attributes["container"] = array_reverse($attributes["container"]); $add = array(); $add["objectClass"] = "organizationalUnit"; $add["OU"] = $attributes['ou_name']; $containers = ""; if (count($attributes['container']) > 0) { $containers = "OU=" . implode(",OU=", $attributes["container"]) . ","; } $containers = "OU=" . implode(",OU=", $attributes["container"]); $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add); if ($result != true) { return false; } return true; }
/** * Convert DN string to array * * @param $dnStr * @param bool $excludeBaseDn exclude base DN from results * * @return array */ public function dnStrToArr($dnStr, $excludeBaseDn = true) { $dnArr = array(); if (!empty($dnStr)) { $tmpArr = explode(',', $dnStr); $baseDnArr = explode(',', $this->adldap->getBaseDn()); foreach ($tmpArr as $_tmpStr) { if ($excludeBaseDn && in_array($_tmpStr, $baseDnArr)) { continue; } $dnArr[] = substr($_tmpStr, strpos($_tmpStr, '=') + 1); } } return $dnArr; }
/** * Coping with AD not returning the primary group * http://support.microsoft.com/?kbid=321360 * * For some reason it's not possible to search on primarygrouptoken=XXX * If someone can show otherwise, I'd like to know about it :) * this way is resource intensive and generally a pain in the @#%^ * * @deprecated deprecated since version 3.1, see get get_primary_group * @param string $gid Group ID * @return bool|string */ public function cn($gid) { if ($gid === NULL) { return false; } $r = ''; $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))"; $fields = array("primarygrouptoken", "samaccountname", "distinguishedname"); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); for ($i = 0; $i < $entries["count"]; $i++) { if ($entries[$i]["primarygrouptoken"][0] == $gid) { $r = $entries[$i]["distinguishedname"][0]; $i = $entries["count"]; } } return $r; }
/** * Finds GUID by DN * * @param adLDAP $adLdap * @param string $dn * @return null */ protected function findManagerGUID(adLDAP $adLdap, $dn = '') { if (!empty($dn)) { $filter = '(' . '&(objectClass=user)' . '(samaccounttype=' . adLDAP::ADLDAP_NORMAL_ACCOUNT . ')' . '(objectCategory=person)(distinguishedname=' . $dn . ')' . ')'; $sr = ldap_search($adLdap->getLdapConnection(), $adLdap->getBaseDn(), $filter, ['objectGUID']); $entries = ldap_get_entries($adLdap->getLdapConnection(), $sr); if (isset($entries['count']) && $entries['count'] > 0) { return $adLdap->utilities()->decodeGuid($entries[0]['objectguid'][0]); } } return null; }
require_once __DIR__ . '/../vendor/autoload.php'; use adLDAP\adLDAP; use adLDAP\Exceptions\adLDAPException; $options = ['account_suffix' => '', 'base_dn' => null, 'domain_controllers' => [''], 'admin_username' => null, 'admin_password' => null, 'real_primarygroup' => '', 'use_ssl' => false, 'use_tls' => false, 'recursive_groups' => true, 'ad_port' => adLDAP::ADLDAP_LDAP_PORT, 'sso' => '']; foreach ($options as $optName => $defaultValue) { if (isset($_POST[$optName])) { $options[$optName] = $_POST[$optName]; } } $options['domain_controllers'] = array_filter($options['domain_controllers']); $adldap = false; $exception = false; if (is_array($options['domain_controllers']) && !empty($options['domain_controllers'][0])) { try { $adldap = new adLDAP($options); $options['base_dn'] = $adldap->getBaseDn(); $options['ad_port'] = $adldap->getPort(); } catch (adLDAPException $e) { $exception = $e; } } $username = !empty($_POST['username']) ? $_POST['username'] : ''; $info = false; if ($adldap && !empty($username)) { $password = $_POST['password']; try { $adldap->authenticate($username, $password); $info = $adldap->user()->info($username, ['*']); if (isset($info[0])) { $info = $info[0]; }