@.security 100777 0 0 414 12047206344 6126 0 CN=group1,OU=Groups,DC=addomainname,DC=local,DC=net
CN=group2,OU=Groups,DC=addomainname,DC=local,DC=net
CN=group3,OU=Groups,DC=addomainname,DC=local,DC=net
CN=group4,OU=Groups,DC=addomainname,DC=local,DC=net
CN=groupITPWD-adm,OU=Groups,DC=addomainname,DC=local,DC=net
adLDAP/ 0000755 0000000 0000000 00000000000 12046662646 010615 5 ustar root root adLDAP/CHANGELOG.txt 0000644 0000000 0000000 00000020251 12013401020 012610 0 ustar root root adLDAP - PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
Written by Scott Barnett, Richard Hyland
email: scott@wiggumworld.com, adldap@richardhyland.com
http://adldap.sourceforge.net/
CHANGELOG
-------------------------------------------------------------------------------------------
Version 4.0.3
-------------
[+] New feature: Added support for homephone attribute to the adLDAP schema
[+] New feature: Added getLastLogon($username) to the user model to return a Unix timestamp for the last logon of a user
[-] Bug fix: Change strGuidToHex to public function to prevent errors when used with $isGUID = true
[-] Bug fix: user()->find() function would cause an undefined array error if full error reporting was enabled
[-] Bug fix: #11 If the array "$this->info[0][strtolower($attribute)]" contains a key with 0 (zero), it does not add to the array
[-] Bug fix: #22 Typo in adLDAPFolders for listings
Version 4.0.2
-------------
[-] Bug fix: #16 Typo Error in adLDAPGroups.php could cause an error when PHP strict mode error reporting enabled
[-] Bug fix: #18 Typo in adLDAPContacts.php affecting info and infoCollection functions failing
Version 4.0.1
-------------
[+] New feature: #13 allow binding over SASL where supported
[+] New feature: #12 new $adldap->user()->find() function to find users by searching specific fields
[+] New feature: exchange_altrecipient and exchange_deliverandredirect added to adldap_schema
[-] Bug fix: $adldap->user()->usernameToGuid() function had invalid parameter in ldap_search function
[-] Bug fix: #9 When a password change is attempted but fails due to the configured Active Directory Password Policy. Instead of the error an Exception is thrown.
[-] Bug fix: #10 PHP Warning issued for missing array element. Assumes that element ["count"] exists which does not when the login only has one AD group.
[-] Bug fix: #8 The ou_create function was giving naming violation errors
[-] Bug fix: adldap_schema errors from the version 4.0 changes
Version 4.0.0
-------------
[+] New feature: Version 4 is a complete re-write of the class and is backwards incompatible with version 3 and below. Groups, users, contacts, etc have been seperated into seperate classes and can be called like this $adldap->user()->modify(); or $adldap->group()->create();
Version 3.3.2
-------------
[+] New feature: Move the user to a new OU using user_move() function
[-] Bug fix: Prevent an 'undefined index' error in recursive_groups() when full PHP E_ALL logging is enabled
[-] Bug fix: user_groups() does not return primary group when objectsid is not given (Tracker ID:2931213)
[-] Bug fix: Undefined index in function user_info for non-existent users (Tracker ID:2922729)
[-] Bug fix: Force user_info to find objectCategory of person as if a sAMAccountName also exists in a group it will return that group. (Tracker ID:3006096)
[-] Bug fix: Return false for user_info if the user does not exist
[-] Bug fix: user_info, checks for for a "count" value that not exist in $entries array if "memberof" isn't passed in $fields array. (Tracker ID:2993172)
[-] Bug fix: In authenticate() if user authentication fails function returns and does not rebind with admin credentials - so the other funcions don't work anymore as $this->_bind === false. (Tracker ID:2987887)
[-] Bug fix: When calling $ldap->user_modify('user', array("expires"=>0)) the function fails due to the value being 0. Changed to isset (Tracker ID:3036726)
[-] Bug fix: When calling user_info allow the username to be either a sAMAccountName or userPrincipalName attribute
Version 3.3.1
-------------
[-] Bug fix: Prevent empty $username and $password in authenticate from falling through to the default administrator login
Version 3.3
-----------
[+] New feature: Calling adLDAP without LDAP support in PHP will now throw an adLDAPException
[+] New feature: Specifying a NULL $_base_dn will now automatically attempt to detect the base_dn from your domain controller
[+] New feature: Most user objects can now be queried using a user's GUID as well as their username (samAccountName). Set the $isGUID optional parameter to true. To obtain a user's GUID either use the username2guid() function or decodeGuid()
[+] New function: username2guid($username) will return a string representation of the GUID for a given username
[+] New function: decodeGuid($binaryGuid) will convert a binary GUID to a string
[+] New function: find_base_dn() will return the base_dn from your domain controller
[+] New function: get_root_dse($attributes) will return root domain controller configuration attributes such as the default naming context, current DC time, etc
[+] New function: exchange_servers($attributes) will return a list of Exchange servers in your domain
[+] New function: exchange_storage_groups($exchangeServer, $attributes, $recursive) will return a list of Storage groups on any given Exchange server. Setting $recursive to true (or inheriting from the $_recursive_groups setting will automatically query the databases within a storage group)
[+] New function: exchange_storage_databases($storageGroup, $attributes) will return a list of Databases in any given storage group on any given Exchange server
[+] New function: exchange_add_X400($username, $country, $admd, $pdmd, $org, $surname, $givenname, $isGUID=false) will add an X400 address to the Exchange server
[-] Bug fix: Null comparison error in contact_mailenable()
Version 3.2
-----------
[+] New function: user_password_expiry($username) which will return the timestamp and formatted time of when a user's password expires based both on domain policy and user password expiry policy
[+] New function: groups_in_group($group, $recursive = NULL) returns a list of groups within a group
[+] New function: all_groups() function to list ALL types of group rather than just security groups alone
[+] New function: folder_list($folder_name = NULL, $dn_type = ADLDAP_FOLDER, $recursive = NULL, $type = NULL) allows you to navigate the AD folder structure
[+] New function: computer_ingroup()
[+] New function: computer_groups()
[+] New function: connect()
[+] New function: disconnect()
[+] New feature: Added recursive group lookups to group_members() to recursively get the username of users in a group
[+] New feature: TLS support
[+] New feature: Added getters and setters for core variables
[-] Change: Renamed all_groups() to all_security_groups()
[-] Change: Re-written ldap_slashes() function based on a port from Per's Net::LDAP::Util escape_filter_value
[-] Bug fix: Attempt to deal with special char + in group_info()
[-] Bug fix: user_ingroup() would not allow recursion to be disabled using the $recursive parameter and would only inherit from $_recursive_groups variable
[-] Bug fix: Runtime overriding of $recursive group lookups failed due to changes in PHP 5.2
Version 3.1
-----------
[+] New function: get_last_error() returns the last error returned by your domain controller
[+] New feature: Automatically detect and encode 8bit characters when being added to an AD object
[+] New feature: Exception handing added for connections or attempting methods that require SSL where it is not set
[+] New feature: Added pager to the schema
[+] New feature: New method to obtain a user's or contacts primary group that is far less intensive using get_primary_group(). The old group_cn() is now deprecated
[-] Change: Only return primary group memberof if a user or contact is returned
[-] Bug fix: Contact could not be added to a group
[-] Bug fix: bool2str() function caused exchange mailbox creation to fail
Version 3.0
-----------
[+] New function: user_delete()
[+] New feature: Source code comments totally overhauled
[+] New feature: Configuration options and functions now have their visibility defined. adLDAP is now PHP 5 compatible only.
[+] New feature: Exchange mailbox creation for users
[+] New feature: Add new SMTP addresses to a user
[+] New feature: Change the default SMTP address for a user
[+] New feature: Remove an SMTP address for a user
[+] New feature: Mail enable a contact
[+] New feature: Create, query, delete contacts
[+] New feature: Enable or disable a user with user_enable() or user_disable()
[-] Bug fix: Disabling a user did not work adLDAP/LICENCE.txt 0000644 0000000 0000000 00000060344 12013401020 012372 0 ustar root root GNU LESSER GENERAL PUBLIC LICENSE
Version 2.1, February 1999
Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
[This is the first released version of the Lesser GPL. It also counts
as the successor of the GNU Library Public License, version 2, hence
the version number 2.1.]
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
Licenses are intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users.
This license, the Lesser General Public License, applies to some
specially designated software packages--typically libraries--of the
Free Software Foundation and other authors who decide to use it. You
can use it too, but we suggest you first think carefully about whether
this license or the ordinary General Public License is the better
strategy to use in any particular case, based on the explanations below.
When we speak of free software, we are referring to freedom of use,
not price. Our General Public Licenses are designed to make sure that
you have the freedom to distribute copies of free software (and charge
for this service if you wish); that you receive source code or can get
it if you want it; that you can change the software and use pieces of
it in new free programs; and that you are informed that you can do
these things.
To protect your rights, we need to make restrictions that forbid
distributors to deny you these rights or to ask you to surrender these
rights. These restrictions translate to certain responsibilities for
you if you distribute copies of the library or if you modify it.
For example, if you distribute copies of the library, whether gratis
or for a fee, you must give the recipients all the rights that we gave
you. You must make sure that they, too, receive or can get the source
code. If you link other code with the library, you must provide
complete object files to the recipients, so that they can relink them
with the library after making changes to the library and recompiling
it. And you must show them these terms so they know their rights.
We protect your rights with a two-step method: (1) we copyright the
library, and (2) we offer you this license, which gives you legal
permission to copy, distribute and/or modify the library.
To protect each distributor, we want to make it very clear that
there is no warranty for the free library. Also, if the library is
modified by someone else and passed on, the recipients should know
that what they have is not the original version, so that the original
author's reputation will not be affected by problems that might be
introduced by others.
Finally, software patents pose a constant threat to the existence of
any free program. We wish to make sure that a company cannot
effectively restrict the users of a free program by obtaining a
restrictive license from a patent holder. Therefore, we insist that
any patent license obtained for a version of the library must be
consistent with the full freedom of use specified in this license.
Most GNU software, including some libraries, is covered by the
ordinary GNU General Public License. This license, the GNU Lesser
General Public License, applies to certain designated libraries, and
is quite different from the ordinary General Public License. We use
this license for certain libraries in order to permit linking those
libraries into non-free programs.
When a program is linked with a library, whether statically or using
a shared library, the combination of the two is legally speaking a
combined work, a derivative of the original library. The ordinary
General Public License therefore permits such linking only if the
entire combination fits its criteria of freedom. The Lesser General
Public License permits more lax criteria for linking other code with
the library.
We call this license the "Lesser" General Public License because it
does Less to protect the user's freedom than the ordinary General
Public License. It also provides other free software developers Less
of an advantage over competing non-free programs. These disadvantages
are the reason we use the ordinary General Public License for many
libraries. However, the Lesser license provides advantages in certain
special circumstances.
For example, on rare occasions, there may be a special need to
encourage the widest possible use of a certain library, so that it becomes
a de-facto standard. To achieve this, non-free programs must be
allowed to use the library. A more frequent case is that a free
library does the same job as widely used non-free libraries. In this
case, there is little to gain by limiting the free library to free
software only, so we use the Lesser General Public License.
In other cases, permission to use a particular library in non-free
programs enables a greater number of people to use a large body of
free software. For example, permission to use the GNU C Library in
non-free programs enables many more people to use the whole GNU
operating system, as well as its variant, the GNU/Linux operating
system.
Although the Lesser General Public License is Less protective of the
users' freedom, it does ensure that the user of a program that is
linked with the Library has the freedom and the wherewithal to run
that program using a modified version of the Library.
The precise terms and conditions for copying, distribution and
modification follow. Pay close attention to the difference between a
"work based on the library" and a "work that uses the library". The
former contains code derived from the library, whereas the latter must
be combined with the library in order to run.
GNU LESSER GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License Agreement applies to any software library or other
program which contains a notice placed by the copyright holder or
other authorized party saying it may be distributed under the terms of
this Lesser General Public License (also called "this License").
Each licensee is addressed as "you".
A "library" means a collection of software functions and/or data
prepared so as to be conveniently linked with application programs
(which use some of those functions and data) to form executables.
The "Library", below, refers to any such software library or work
which has been distributed under these terms. A "work based on the
Library" means either the Library or any derivative work under
copyright law: that is to say, a work containing the Library or a
portion of it, either verbatim or with modifications and/or translated
straightforwardly into another language. (Hereinafter, translation is
included without limitation in the term "modification".)
"Source code" for a work means the preferred form of the work for
making modifications to it. For a library, complete source code means
all the source code for all modules it contains, plus any associated
interface definition files, plus the scripts used to control compilation
and installation of the library.
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running a program using the Library is not restricted, and output from
such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.
1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
appropriate copyright notice and disclaimer of warranty; keep intact
all the notices that refer to this License and to the absence of any
warranty; and distribute a copy of this License along with the
Library.
You may charge a fee for the physical act of transferring a copy,
and you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Library or any portion
of it, thus forming a work based on the Library, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) The modified work must itself be a software library.
b) You must cause the files modified to carry prominent notices
stating that you changed the files and the date of any change.
c) You must cause the whole of the work to be licensed at no
charge to all third parties under the terms of this License.
d) If a facility in the modified Library refers to a function or a
table of data to be supplied by an application program that uses
the facility, other than as an argument passed when the facility
is invoked, then you must make a good faith effort to ensure that,
in the event an application does not supply such function or
table, the facility still operates, and performs whatever part of
its purpose remains meaningful.
(For example, a function in a library to compute square roots has
a purpose that is entirely well-defined independent of the
application. Therefore, Subsection 2d requires that any
application-supplied function or table used by this function must
be optional: if the application does not supply it, the square
root function must still compute square roots.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Library,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Library, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Library.
In addition, mere aggregation of another work not based on the Library
with the Library (or with a work based on the Library) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may opt to apply the terms of the ordinary GNU General Public
License instead of this License to a given copy of the Library. To do
this, you must alter all the notices that refer to this License, so
that they refer to the ordinary GNU General Public License, version 2,
instead of to this License. (If a newer version than version 2 of the
ordinary GNU General Public License has appeared, then you can specify
that version instead if you wish.) Do not make any other change in
these notices.
Once this change is made in a given copy, it is irreversible for
that copy, so the ordinary GNU General Public License applies to all
subsequent copies and derivative works made from that copy.
This option is useful when you wish to copy part of the code of
the Library into a program that is not a library.
4. You may copy and distribute the Library (or a portion or
derivative of it, under Section 2) in object code or executable form
under the terms of Sections 1 and 2 above provided that you accompany
it with the complete corresponding machine-readable source code, which
must be distributed under the terms of Sections 1 and 2 above on a
medium customarily used for software interchange.
If distribution of object code is made by offering access to copy
from a designated place, then offering equivalent access to copy the
source code from the same place satisfies the requirement to
distribute the source code, even though third parties are not
compelled to copy the source along with the object code.
5. A program that contains no derivative of any portion of the
Library, but is designed to work with the Library by being compiled or
linked with it, is called a "work that uses the Library". Such a
work, in isolation, is not a derivative work of the Library, and
therefore falls outside the scope of this License.
However, linking a "work that uses the Library" with the Library
creates an executable that is a derivative of the Library (because it
contains portions of the Library), rather than a "work that uses the
library". The executable is therefore covered by this License.
Section 6 states terms for distribution of such executables.
When a "work that uses the Library" uses material from a header file
that is part of the Library, the object code for the work may be a
derivative work of the Library even though the source code is not.
Whether this is true is especially significant if the work can be
linked without the Library, or if the work is itself a library. The
threshold for this to be true is not precisely defined by law.
If such an object file uses only numerical parameters, data
structure layouts and accessors, and small macros and small inline
functions (ten lines or less in length), then the use of the object
file is unrestricted, regardless of whether it is legally a derivative
work. (Executables containing this object code plus portions of the
Library will still fall under Section 6.)
Otherwise, if the work is a derivative of the Library, you may
distribute the object code for the work under the terms of Section 6.
Any executables containing that work also fall under Section 6,
whether or not they are linked directly with the Library itself.
6. As an exception to the Sections above, you may also combine or
link a "work that uses the Library" with the Library to produce a
work containing portions of the Library, and distribute that work
under terms of your choice, provided that the terms permit
modification of the work for the customer's own use and reverse
engineering for debugging such modifications.
You must give prominent notice with each copy of the work that the
Library is used in it and that the Library and its use are covered by
this License. You must supply a copy of this License. If the work
during execution displays copyright notices, you must include the
copyright notice for the Library among them, as well as a reference
directing the user to the copy of this License. Also, you must do one
of these things:
a) Accompany the work with the complete corresponding
machine-readable source code for the Library including whatever
changes were used in the work (which must be distributed under
Sections 1 and 2 above); and, if the work is an executable linked
with the Library, with the complete machine-readable "work that
uses the Library", as object code and/or source code, so that the
user can modify the Library and then relink to produce a modified
executable containing the modified Library. (It is understood
that the user who changes the contents of definitions files in the
Library will not necessarily be able to recompile the application
to use the modified definitions.)
b) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (1) uses at run time a
copy of the library already present on the user's computer system,
rather than copying library functions into the executable, and (2)
will operate properly with a modified version of the library, if
the user installs one, as long as the modified version is
interface-compatible with the version that the work was made with.
c) Accompany the work with a written offer, valid for at
least three years, to give the same user the materials
specified in Subsection 6a, above, for a charge no more
than the cost of performing this distribution.
d) If distribution of the work is made by offering access to copy
from a designated place, offer equivalent access to copy the above
specified materials from the same place.
e) Verify that the user has already received a copy of these
materials or that you have already sent this user a copy.
For an executable, the required form of the "work that uses the
Library" must include any data and utility programs needed for
reproducing the executable from it. However, as a special exception,
the materials to be distributed need not include anything that is
normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
It may happen that this requirement contradicts the license
restrictions of other proprietary libraries that do not normally
accompany the operating system. Such a contradiction means you cannot
use both them and the Library together in an executable that you
distribute.
7. You may place library facilities that are a work based on the
Library side-by-side in a single library together with other library
facilities not covered by this License, and distribute such a combined
library, provided that the separate distribution of the work based on
the Library and of the other library facilities is otherwise
permitted, and provided that you do these two things:
a) Accompany the combined library with a copy of the same work
based on the Library, uncombined with any other library
facilities. This must be distributed under the terms of the
Sections above.
b) Give prominent notice with the combined library of the fact
that part of it is a work based on the Library, and explaining
where to find the accompanying uncombined form of the same work.
8. You may not copy, modify, sublicense, link with, or distribute
the Library except as expressly provided under this License. Any
attempt otherwise to copy, modify, sublicense, link with, or
distribute the Library is void, and will automatically terminate your
rights under this License. However, parties who have received copies,
or rights, from you under this License will not have their licenses
terminated so long as such parties remain in full compliance.
9. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Library or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Library (or any work based on the
Library), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Library or works based on it.
10. Each time you redistribute the Library (or any work based on the
Library), the recipient automatically receives a license from the
original licensor to copy, distribute, link with or modify the Library
subject to these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties with
this License.
11. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Library at all. For example, if a patent
license would not permit royalty-free redistribution of the Library by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Library.
If any portion of this section is held invalid or unenforceable under any
particular circumstance, the balance of the section is intended to apply,
and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
12. If the distribution and/or use of the Library is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Library under this License may add
an explicit geographical distribution limitation excluding those countries,
so that distribution is permitted only in or among countries not thus
excluded. In such case, this License incorporates the limitation as if
written in the body of this License.
13. The Free Software Foundation may publish revised and/or new
versions of the Lesser General Public License from time to time.
Such new versions will be similar in spirit to the present version,
but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Library
specifies a version number of this License which applies to it and
"any later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Library does not specify a
license version number, you may choose any version ever published by
the Free Software Foundation.
14. If you wish to incorporate parts of the Library into other free
programs whose distribution conditions are incompatible with these,
write to the author to ask for permission. For software which is
copyrighted by the Free Software Foundation, write to the Free
Software Foundation; we sometimes make exceptions for this. Our
decision will be guided by the two goals of preserving the free status
of all derivatives of our free software and of promoting the sharing
and reuse of software generally.
NO WARRANTY
15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
adLDAP/README.txt 0000644 0000000 0000000 00000004427 12013401020 012265 0 ustar root root PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
Version 4.0.3
Written by Scott Barnett, Richard Hyland
email: scott@wiggumworld.com, adldap@richardhyland.com
http://adldap.sourceforge.net/
ABOUT
=====
adLDAP is a PHP class that provides LDAP authentication and integration with Active Directory.
We'd appreciate any improvements or additions to be submitted back
to benefit the entire community :)
REQUIREMENTS
============
adLDAP requires PHP 5 and both the LDAP (http://php.net/ldap) and SSL (http://php.net/openssl) libraries
INSTALLATION
============
adLDAP is not an application, but a class library designed to integrate into your own applications.
The core of adLDAP is contained in the 'src' directory. Simply copy/rename this directory inside your own
projects.
Edit the file 'src/adLDAP.php' and change the configuration variables near the top, specifically
those for domain controllers, base dn and account suffix, and if you want to perform anything more complex
than use authentication you'll also need to set the admin username and password variables too.
From within your code simply require the adLDAP.php file and call it like so
require_once(dirname(__FILE__) . '/adLDAP.php');
$adldap = new adLDAP();
It would be better to wrap it in a try/catch though
try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}
Then simply call commands against it e.g.
$adldap->authenticate($username, $password);
or
$adldap->group()->members($groupName);
DOCUMENTATION
=============
You can find our website at http://adldap.sourceforce.net or the class documentation at
http://adldap.sourceforge.net/wiki/doku.php?id=documentation
LICENSE
=======
This library is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Lesser General Public License for more details or LICENSE.txt distributed with
this class.
adLDAP/src/ 0000755 0000000 0000000 00000000000 12046666252 011401 5 ustar root root adLDAP/src/adLDAP.php 100777 0 0 75165 12046707754 7621 0 ldapConnection) {
return $this->ldapConnection;
}
return false;
}
/**
* Get the bind status
*
* @return bool
*/
public function getLdapBind() {
return $this->ldapBind;
}
/**
* Get the current base DN
*
* @return string
*/
public function getBaseDn() {
return $this->baseDn;
}
/**
* The group class
*
* @var adLDAPGroups
*/
protected $groupClass;
/**
* Get the group class interface
*
* @return adLDAPGroups
*/
public function group() {
if (!$this->groupClass) {
$this->groupClass = new adLDAPGroups($this);
}
return $this->groupClass;
}
/**
* The user class
*
* @var adLDAPUsers
*/
protected $userClass;
/**
* Get the userclass interface
*
* @return adLDAPUsers
*/
public function user() {
if (!$this->userClass) {
$this->userClass = new adLDAPUsers($this);
}
return $this->userClass;
}
/**
* The folders class
*
* @var adLDAPFolders
*/
protected $folderClass;
/**
* Get the folder class interface
*
* @return adLDAPFolders
*/
public function folder() {
if (!$this->folderClass) {
$this->folderClass = new adLDAPFolders($this);
}
return $this->folderClass;
}
/**
* The utils class
*
* @var adLDAPUtils
*/
protected $utilClass;
/**
* Get the utils class interface
*
* @return adLDAPUtils
*/
public function utilities() {
if (!$this->utilClass) {
$this->utilClass = new adLDAPUtils($this);
}
return $this->utilClass;
}
/**
* The contacts class
*
* @var adLDAPContacts
*/
protected $contactClass;
/**
* Get the contacts class interface
*
* @return adLDAPContacts
*/
public function contact() {
if (!$this->contactClass) {
$this->contactClass = new adLDAPContacts($this);
}
return $this->contactClass;
}
/**
* The exchange class
*
* @var adLDAPExchange
*/
protected $exchangeClass;
/**
* Get the exchange class interface
*
* @return adLDAPExchange
*/
public function exchange() {
if (!$this->exchangeClass) {
$this->exchangeClass = new adLDAPExchange($this);
}
return $this->exchangeClass;
}
/**
* The computers class
*
* @var adLDAPComputers
*/
protected $computersClass;
/**
* Get the computers class interface
*
* @return adLDAPComputers
*/
public function computer() {
if (!$this->computerClass) {
$this->computerClass = new adLDAPComputers($this);
}
return $this->computerClass;
}
/**
* Getters and Setters
*/
/**
* Set the account suffix
*
* @param string $accountSuffix
* @return void
*/
public function setAccountSuffix($accountSuffix)
{
$this->accountSuffix = $accountSuffix;
}
/**
* Get the account suffix
*
* @return string
*/
public function getAccountSuffix()
{
return $this->accountSuffix;
}
/**
* Set the domain controllers array
*
* @param array $domainControllers
* @return void
*/
public function setDomainControllers(array $domainControllers)
{
$this->domainControllers = $domainControllers;
}
/**
* Get the list of domain controllers
*
* @return void
*/
public function getDomainControllers()
{
return $this->domainControllers;
}
/**
* Sets the port number your domain controller communicates over
*
* @param int $adPort
*/
public function setPort($adPort)
{
$this->adPort = $adPort;
}
/**
* Gets the port number your domain controller communicates over
*
* @return int
*/
public function getPort()
{
return $this->adPort;
}
/**
* Set the username of an account with higher priviledges
*
* @param string $adminUsername
* @return void
*/
public function setAdminUsername($adminUsername)
{
$this->adminUsername = $adminUsername;
}
/**
* Get the username of the account with higher priviledges
*
* This will throw an exception for security reasons
*/
public function getAdminUsername()
{
throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
}
/**
* Set the password of an account with higher priviledges
*
* @param string $adminPassword
* @return void
*/
public function setAdminPassword($adminPassword)
{
$this->adminPassword = $adminPassword;
}
/**
* Get the password of the account with higher priviledges
*
* This will throw an exception for security reasons
*/
public function getAdminPassword()
{
throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
}
/**
* Set whether to detect the true primary group
*
* @param bool $realPrimaryGroup
* @return void
*/
public function setRealPrimaryGroup($realPrimaryGroup)
{
$this->realPrimaryGroup = $realPrimaryGroup;
}
/**
* Get the real primary group setting
*
* @return bool
*/
public function getRealPrimaryGroup()
{
return $this->realPrimaryGroup;
}
/**
* Set whether to use SSL
*
* @param bool $useSSL
* @return void
*/
public function setUseSSL($useSSL)
{
$this->useSSL = $useSSL;
// Set the default port correctly
if($this->useSSL) {
$this->setPort(self::ADLDAP_LDAPS_PORT);
}
else {
$this->setPort(self::ADLDAP_LDAP_PORT);
}
}
/**
* Get the SSL setting
*
* @return bool
*/
public function getUseSSL()
{
return $this->useSSL;
}
/**
* Set whether to use TLS
*
* @param bool $useTLS
* @return void
*/
public function setUseTLS($useTLS)
{
$this->useTLS = $useTLS;
}
/**
* Get the TLS setting
*
* @return bool
*/
public function getUseTLS()
{
return $this->useTLS;
}
/**
* Set whether to use SSO
* Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
*
* @param bool $useSSO
* @return void
*/
public function setUseSSO($useSSO)
{
if ($useSSO === true && !$this->ldapSaslSupported()) {
throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
}
$this->useSSO = $useSSO;
}
/**
* Get the SSO setting
*
* @return bool
*/
public function getUseSSO()
{
return $this->useSSO;
}
/**
* Set whether to lookup recursive groups
*
* @param bool $recursiveGroups
* @return void
*/
public function setRecursiveGroups($recursiveGroups)
{
$this->recursiveGroups = $recursiveGroups;
}
/**
* Get the recursive groups setting
*
* @return bool
*/
public function getRecursiveGroups()
{
return $this->recursiveGroups;
}
/**
* Default Constructor
*
* Tries to bind to the AD domain over LDAP or LDAPs
*
* @param array $options Array of options to pass to the constructor
* @throws Exception - if unable to bind to Domain Controller
* @return bool
*/
function __construct($options = array())
{
// You can specifically overide any of the default configuration options setup above
if (count($options)>0){
if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
if (array_key_exists("domain_controllers",$options)){
if (!is_array($options["domain_controllers"])) {
throw new adLDAPException('[domain_controllers] option must be an array');
}
$this->domainControllers = $options["domain_controllers"];
}
if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); }
if (array_key_exists("sso",$options)){
$this->setUseSSO($options["sso"]);
if (!$this->ldapSaslSupported()) {
$this->setUseSSO(false);
}
}
}
if ($this->ldapSupported() === false) {
throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
}
return $this->connect();
}
/**
* Default Destructor
*
* Closes the LDAP connection
*
* @return void
*/
function __destruct(){
$this->close();
}
/**
* Connects and Binds to the Domain Controller
*
* @return bool
*/
public function connect()
{
// Connect to the AD/LDAP server as the username/password
$domainController = $this->randomController();
if ($this->useSSL) {
$this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
} else {
$this->ldapConnection = ldap_connect($domainController, $this->adPort);
}
// Set some ldap options for talking to AD
ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
if ($this->useTLS) {
ldap_start_tls($this->ldapConnection);
}
// Bind as a domain admin if they've set it up
if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
$this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
if (!$this->ldapBind) {
if ($this->useSSL && !$this->useTLS) {
// If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
}
else {
throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
}
}
}
if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
$this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
if (!$this->ldapBind){
throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
}
else {
return true;
}
}
if ($this->baseDn == NULL) {
$this->baseDn = $this->findBaseDn();
}
return true;
}
/**
* Closes the LDAP connection
*
* @return void
*/
public function close() {
ldap_close($this->ldapConnection);
}
/**
* Validate a user's login credentials
*
* @param string $username A user's AD username
* @param string $password A user's AD password
* @param bool optional $preventRebind
* @return bool
*/
public function authenticate($username, $password, $preventRebind = false) {
// Prevent null binding
if ($username === NULL || $password === NULL) { return false; }
if (empty($username) || empty($password)) { return false; }
// Allow binding over SSO for Kerberos
if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
$this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
if (!$this->ldapBind) {
throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
}
else {
return true;
}
}
// Bind as the user
$ret = true;
$this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
if (!$this->ldapBind){
$ret = false;
}
// Cnce we've checked their details, kick back into admin mode if we have it
if ($this->adminUsername !== NULL && !$preventRebind) {
$this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
if (!$this->ldapBind){
// This should never happen in theory
throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
}
}
return $ret;
}
/**
* Find the Base DN of your domain controller
*
* @return string
*/
public function findBaseDn()
{
$namingContext = $this->getRootDse(array('defaultnamingcontext'));
return $namingContext[0]['defaultnamingcontext'][0];
}
/**
* Get the RootDSE properties from a domain controller
*
* @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
* @return array
*/
public function getRootDse($attributes = array("*", "+")) {
if (!$this->ldapBind){ return (false); }
$sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
$entries = @ldap_get_entries($this->ldapConnection, $sr);
return $entries;
}
/**
* Get last error from Active Directory
*
* This function gets the last message from Active Directory
* This may indeed be a 'Success' message but if you get an unknown error
* it might be worth calling this function to see what errors were raised
*
* return string
*/
public function getLastError() {
return @ldap_error($this->ldapConnection);
}
/**
* Detect LDAP support in php
*
* @return bool
*/
protected function ldapSupported()
{
if (!function_exists('ldap_connect')) {
return false;
}
return true;
}
/**
* Detect ldap_sasl_bind support in PHP
*
* @return bool
*/
protected function ldapSaslSupported()
{
if (!function_exists('ldap_sasl_bind')) {
return false;
}
return true;
}
/**
* Schema
*
* @param array $attributes Attributes to be queried
* @return array
*/
public function adldap_schema($attributes){
// LDAP doesn't like NULL attributes, only set them if they have values
// If you wish to remove an attribute you should set it to a space
// TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
$mod=array();
// Check every attribute to see if it contains 8bit characters and then UTF8 encode them
array_walk($attributes, array($this, 'encode8bit'));
if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
//if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
// Distribution List specific schema
if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
// Exchange Schema
if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }
if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }
if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; }
if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }
// This schema is designed for contacts
if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
//echo ("
"); print_r($mod);
/*
// modifying a name is a bit fiddly
if ($attributes["firstname"] && $attributes["surname"]){
$mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
$mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
$mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
}
*/
if (count($mod)==0){ return (false); }
return ($mod);
}
/**
* Convert 8bit characters e.g. accented characters to UTF8 encoded characters
*/
protected function encode8Bit(&$item, $key) {
$encode = false;
if (is_string($item)) {
for ($i=0; $i> 7) {
$encode = true;
}
}
}
if ($encode === true && $key != 'password') {
$item = utf8_encode($item);
}
}
/**
* Select a random domain controller from your domain controller array
*
* @return string
*/
protected function randomController()
{
mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
/*if (sizeof($this->domainControllers) > 1) {
$adController = $this->domainControllers[array_rand($this->domainControllers)];
// Test if the controller is responding to pings
$ping = $this->pingController($adController);
if ($ping === false) {
// Find the current key in the domain controllers array
$key = array_search($adController, $this->domainControllers);
// Remove it so that we don't end up in a recursive loop
unset($this->domainControllers[$key]);
// Select a new controller
return $this->randomController();
}
else {
return ($adController);
}
} */
return $this->domainControllers[array_rand($this->domainControllers)];
}
/**
* Test basic connectivity to controller
*
* @return bool
*/
protected function pingController($host) {
$port = $this->adPort;
fsockopen($host, $port, $errno, $errstr, 10);
if ($errno > 0) {
return false;
}
return true;
}
}
/**
* adLDAP Exception Handler
*
* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
* Example:
* try {
* $adldap = new adLDAP();
* }
* catch (adLDAPException $e) {
* echo $e;
* exit();
* }
*/
class adLDAPException extends Exception {}
?>
adLDAP/src/classes/ 0000755 0000000 0000000 00000000000 12013401022 013006 5 ustar root root adLDAP/src/classes/adLDAPComputers.php 0000644 0000000 0000000 00000012544 12013401022 016454 0 ustar root root adldap = $adldap;
}
/**
* Get information about a specific computer. Returned in a raw array format from AD
*
* @param string $computerName The name of the computer
* @param array $fields Attributes to return
* @return array
*/
public function info($computerName, $fields = NULL)
{
if ($computerName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
if ($fields === NULL) {
$fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion");
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries;
}
/**
* Find information about the computers. Returned in a raw array format from AD
*
* @param string $computerName The name of the computer
* @param array $fields Array of parameters to query
* @return mixed
*/
public function infoCollection($computerName, $fields = NULL)
{
if ($computerName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$info = $this->info($computerName, $fields);
if ($info !== false) {
$collection = new adLDAPComputerCollection($info, $this->adldap);
return $collection;
}
return false;
}
/**
* Check if a computer is in a group
*
* @param string $computerName The name of the computer
* @param string $group The group to check
* @param bool $recursive Whether to check recursively
* @return array
*/
public function inGroup($computerName, $group, $recursive = NULL)
{
if ($computerName === NULL) { return false; }
if ($group === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
//get a list of the groups
$groups = $this->groups($computerName, array("memberof"), $recursive);
//return true if the specified group is in the group list
if (in_array($group, $groups)){
return true;
}
return false;
}
/**
* Get the groups a computer is in
*
* @param string $computerName The name of the computer
* @param bool $recursive Whether to check recursively
* @return array
*/
public function groups($computerName, $recursive = NULL)
{
if ($computerName === NULL) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
if (!$this->adldap->getLdapBind()){ return false; }
//search the directory for their information
$info = @$this->info($computerName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
if ($recursive === true) {
foreach ($groups as $id => $groupName){
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
}
?> adLDAP/src/classes/adLDAPContacts.php 0000644 0000000 0000000 00000026543 12013401022 016255 0 ustar root root adldap = $adldap;
}
//*****************************************************************************************************************
// CONTACT FUNCTIONS
// * Still work to do in this area, and new functions to write
/**
* Create a contact
*
* @param array $attributes The attributes to set to the contact
* @return bool
*/
public function create($attributes)
{
// Check for compulsory fields
if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
// Translate the schema
$add = $this->adldap->adldap_schema($attributes);
// Additional stuff only used for adding contacts
$add["cn"][0] = $attributes["display_name"];
$add["objectclass"][0] = "top";
$add["objectclass"][1] = "person";
$add["objectclass"][2] = "organizationalPerson";
$add["objectclass"][3] = "contact";
if (!isset($attributes['exchange_hidefromlists'])) {
$add["msExchHideFromAddressLists"][0] = "TRUE";
}
// Determine the container
$attributes["container"] = array_reverse($attributes["container"]);
$container= "OU=" . implode(",OU=", $attributes["container"]);
// Add the entry
$result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
/**
* Determine the list of groups a contact is a member of
*
* @param string $distinguisedname The full DN of a contact
* @param bool $recursive Recursively check groups
* @return array
*/
public function groups($distinguishedName, $recursive = NULL)
{
if ($distinguishedName === NULL) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
if (!$this->adldap->getLdapBind()){ return false; }
// Search the directory for their information
$info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
if ($recursive === true){
foreach ($groups as $id => $groupName){
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
/**
* Get contact information. Returned in a raw array format from AD
*
* @param string $distinguisedname The full DN of a contact
* @param array $fields Attributes to be returned
* @return array
*/
public function info($distinguishedName, $fields = NULL)
{
if ($distinguishedName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$filter = "distinguishedName=" . $distinguishedName;
if ($fields === NULL) {
$fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($entries[0]['count'] >= 1) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
}
$entries[0]["memberof"]["count"]++;
return $entries;
}
/**
* Find information about the contacts. Returned in a raw array format from AD
*
* @param string $distinguishedName The full DN of a contact
* @param array $fields Array of parameters to query
* @return mixed
*/
public function infoCollection($distinguishedName, $fields = NULL)
{
if ($distinguishedName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$info = $this->info($distinguishedName, $fields);
if ($info !== false) {
$collection = new adLDAPContactCollection($info, $this->adldap);
return $collection;
}
return false;
}
/**
* Determine if a contact is a member of a group
*
* @param string $distinguisedName The full DN of a contact
* @param string $group The group name to query
* @param bool $recursive Recursively check groups
* @return bool
*/
public function inGroup($distinguisedName, $group, $recursive = NULL)
{
if ($distinguisedName === NULL) { return false; }
if ($group === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
// Get a list of the groups
$groups = $this->groups($distinguisedName, array("memberof"), $recursive);
// Return true if the specified group is in the group list
if (in_array($group, $groups)){
return true;
}
return false;
}
/**
* Modify a contact
*
* @param string $distinguishedName The contact to query
* @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
* @return bool
*/
public function modify($distinguishedName, $attributes) {
if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
// Translate the update to the LDAP schema
$mod = $this->adldap->adldap_schema($attributes);
// Check to see if this is an enabled status update
if (!$mod) {
return false;
}
// Do the update
$result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
if ($result == false) {
return false;
}
return true;
}
/**
* Delete a contact
*
* @param string $distinguishedName The contact dn to delete (please be careful here!)
* @return array
*/
public function delete($distinguishedName)
{
$result = $this->folder()->delete($distinguishedName);
if ($result != true) {
return false;
}
return true;
}
/**
* Return a list of all contacts
*
* @param bool $includeDescription Include a description of a contact
* @param string $search The search parameters
* @param bool $sorted Whether to sort the results
* @return array
*/
public function all($includeDescription = false, $search = "*", $sorted = true) {
if (!$this->adldap->getLdapBind()) { return false; }
// Perform the search and grab all their details
$filter = "(&(objectClass=contact)(cn=" . $search . "))";
$fields = array("displayname","distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
$usersArray = array();
for ($i=0; $i<$entries["count"]; $i++){
if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
$usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
} elseif ($include_desc){
$usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
} else {
array_push($usersArray, $entries[$i]["distinguishedname"][0]);
}
}
if ($sorted) {
asort($usersArray);
}
return $usersArray;
}
/**
* Mail enable a contact
* Allows email to be sent to them through Exchange
*
* @param string $distinguishedname The contact to mail enable
* @param string $emailaddress The email address to allow emails to be sent through
* @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
* @return bool
*/
public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddres, $mailNickname);
}
}
?>
adLDAP/src/classes/adLDAPExchange.php 0000644 0000000 0000000 00000042163 12013401022 016215 0 ustar root root adldap = $adldap;
}
/**
* Create an Exchange account
*
* @param string $username The username of the user to add the Exchange account to
* @param array $storagegroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
* If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
* @param string $emailaddress The primary email address to add to this user
* @param string $mailnickname The mail nick name. If mail nickname is blank, the username will be used
* @param bool $usedefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
* @param string $base_dn Specify an alternative base_dn for the Exchange storage group
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
{
if ($username === NULL){ return "Missing compulsory field [username]"; }
if ($storagegroup === NULL) { return "Missing compulsory array [storagegroup]"; }
if (!is_array($storagegroup)) { return "[storagegroup] must be an array"; }
if ($emailaddress === NULL) { return "Missing compulsory field [emailaddress]"; }
if ($baseDn === NULL) {
$baseDn = $this->adldap->getBaseDn();
}
$container = "CN=" . implode(",CN=", $storageGroup);
if ($mailNickname === NULL) {
$mailNickname = $username;
}
$mdbUseDefaults = $this->utilities()->boolToString($useDefaults);
$attributes = array(
'exchange_homemdb'=>$container.",".$baseDn,
'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
'exchange_mailnickname'=>$mailNickname,
'exchange_usedefaults'=>$mdbUseDefaults
);
$result = $this->adldap->user()->modify($username, $attributes, $isGUID);
if ($result == false) {
return false;
}
return true;
}
/**
* Add an X400 address to Exchange
* See http://tools.ietf.org/html/rfc1685 for more information.
* An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
*
* @param string $username The username of the user to add the X400 to to
* @param string $country Country
* @param string $admd Administration Management Domain
* @param string $pdmd Private Management Domain (often your AD domain)
* @param string $org Organization
* @param string $surname Surname
* @param string $givenName Given name
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false)
{
if ($username === NULL){ return "Missing compulsory field [username]"; }
$proxyValue = 'X400:';
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL) { return false; }
$userDn = $user[0]["dn"];
// We do not have to demote an email address from the default so we can just add the new proxy address
$attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
// Translate the update to the LDAP schema
$add = $this->adldap->adldap_schema($attributes);
if (!$add) { return false; }
// Do the update
// Take out the @ to see any errors, usually this error might occur because the address already
// exists in the list of proxyAddresses
$result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
if ($result == false) {
return false;
}
return true;
}
/**
* Add an address to Exchange
*
* @param string $username The username of the user to add the Exchange account to
* @param string $emailaddress The email address to add to this user
* @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
if ($emailaddress === NULL) { return "Missing compulsory fields [emailaddress]"; }
$proxyValue = 'smtp:';
if ($default === true) {
$proxyValue = 'SMTP:';
}
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL){ return false; }
$userDn = $user[0]["dn"];
// We need to scan existing proxy addresses and demote the default one
if (is_array($user[0]["proxyaddresses"]) && $default === true) {
$modAddresses = array();
for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
if ($result == false) {
return false;
}
return true;
}
else {
// We do not have to demote an email address from the default so we can just add the new proxy address
$attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
// Translate the update to the LDAP schema
$add = $this->adldap->adldap_schema($attributes);
if (!$add) {
return false;
}
// Do the update
// Take out the @ to see any errors, usually this error might occur because the address already
// exists in the list of proxyAddresses
$result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
if ($result == false) {
return false;
}
return true;
}
}
/**
* Remove an address to Exchange
* If you remove a default address the account will no longer have a default,
* we recommend changing the default address first
*
* @param string $username The username of the user to add the Exchange account to
* @param string $emailaddress The email address to add to this user
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function deleteAddress($username, $emailAddress, $isGUID=false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
if ($emailAddress === NULL) { return "Missing compulsory fields [emailaddress]"; }
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL) { return false; }
$userDn = $user[0]["dn"];
if (is_array($user[0]["proxyaddresses"])) {
$mod = array();
for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
if ($result == false) {
return false;
}
return true;
}
else {
return false;
}
}
/**
* Change the default address
*
* @param string $username The username of the user to add the Exchange account to
* @param string $emailaddress The email address to make default
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function primaryAddress($username, $emailAddress, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
if ($emailAddress === NULL) { return "Missing compulsory fields [emailaddress]"; }
// Find the dn of the user
$user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
if ($user[0]["dn"] === NULL){ return false; }
$userDn = $user[0]["dn"];
if (is_array($user[0]["proxyaddresses"])) {
$modAddresses = array();
for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
if ($result == false) {
return false;
}
return true;
}
}
/**
* Mail enable a contact
* Allows email to be sent to them through Exchange
*
* @param string $distinguishedname The contact to mail enable
* @param string $emailaddress The email address to allow emails to be sent through
* @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
* @return bool
*/
public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
{
if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
if ($emailAddress === NULL) { return "Missing compulsory field [emailaddress]"; }
if ($mailNickname !== NULL) {
// Find the dn of the user
$user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
if ($user[0]["displayname"] === NULL) { return false; }
$mailNickname = $user[0]['displayname'][0];
}
$attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname"=>$mailNickname);
// Translate the update to the LDAP schema
$mod = $this->adldap->adldap_schema($attributes);
// Check to see if this is an enabled status update
if (!$mod) { return false; }
// Do the update
$result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
if ($result == false) { return false; }
return true;
}
/**
* Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
*
* @param array $attributes An array of the AD attributes you wish to return
* @return array
*/
public function servers($attributes = array('cn','distinguishedname','serialnumber'))
{
if (!$this->adldap->getLdapBind()){ return false; }
$configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
$sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries;
}
/**
* Returns a list of Storage Groups in Exchange for a given mail server
*
* @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
* @param array $attributes An array of the AD attributes you wish to return
* @param bool $recursive If enabled this will automatically query the databases within a storage group
* @return array
*/
public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL)
{
if (!$this->adldap->getLdapBind()){ return false; }
if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
$filter = '(&(objectCategory=msExchStorageGroup))';
$sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if ($recursive === true) {
for ($i=0; $i<$entries['count']; $i++) {
$entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
}
}
return $entries;
}
/**
* Returns a list of Databases within any given storage group in Exchange for a given mail server
*
* @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
* @param array $attributes An array of the AD attributes you wish to return
* @return array
*/
public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
if (!$this->adldap->getLdapBind()){ return false; }
if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
$filter = '(&(objectCategory=msExchPrivateMDB))';
$sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries;
}
}
?> adLDAP/src/classes/adLDAPFolders.php 0000644 0000000 0000000 00000015231 12013401022 016065 0 ustar root root adldap = $adldap;
}
/**
* Delete a distinguished name from Active Directory
* You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
*
* @param string $dn The distinguished name to delete
* @return bool
*/
public function delete($dn){
$result = ldap_delete($this->adldap->getLdapConnection(), $dn);
if ($result != true) {
return false;
}
return true;
}
/**
* Returns a folder listing for a specific OU
* See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
*
* @param array $folder_name An array to the OU you wish to list.
* If set to NULL will list the root, strongly recommended to set
* $recursive to false in that instance!
* @param string $dn_type The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
* @param bool $recursive Recursively search sub folders
* @param bool $type Specify a type of object to search for
* @return array
*/
public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL)
{
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) { return false; }
$filter = '(&';
if ($type !== NULL) {
switch ($type) {
case 'contact':
$filter .= '(objectClass=contact)';
break;
case 'computer':
$filter .= '(objectClass=computer)';
break;
case 'group':
$filter .= '(objectClass=group)';
break;
case 'folder':
$filter .= '(objectClass=organizationalUnit)';
break;
case 'container':
$filter .= '(objectClass=container)';
break;
case 'domain':
$filter .= '(objectClass=builtinDomain)';
break;
default:
$filter .= '(objectClass=user)';
break;
}
}
else {
$filter .= '(objectClass=*)';
}
// If the folder name is null then we will search the root level of AD
// This requires us to not have an OU= part, just the base_dn
$searchOu = $this->adldap->getBaseDn();
if (is_array($folderName)) {
$ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
$filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
$searchOu = $ou . ',' . $this->adldap->getBaseDn();
}
else {
$filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
}
if ($recursive === true) {
$sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (is_array($entries)) {
return $entries;
}
}
else {
$sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
$entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (is_array($entries)) {
return $entries;
}
}
return false;
}
/**
* Create an organizational unit
*
* @param array $attributes Default attributes of the ou
* @return bool
*/
public function create($attributes)
{
if (!is_array($attributes)){ return "Attributes must be an array"; }
if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
$attributes["container"] = array_reverse($attributes["container"]);
$add=array();
$add["objectClass"] = "organizationalUnit";
$add["OU"] = $attributes['ou_name'];
$containers = "";
if (count($attributes['container']) > 0) {
$containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
}
$container = "OU=" . implode(",OU=", $attributes["container"]);
$result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["ou"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
}
?> adLDAP/src/classes/adLDAPGroups.php 0000644 0000000 0000000 00000053504 12013401022 015753 0 ustar root root adldap = $adldap;
}
/**
* Add a group to a group
*
* @param string $parent The parent group name
* @param string $child The child group name
* @return bool
*/
public function addGroup($parent,$child){
// Find the parent group's dn
$parentGroup = $this->ginfo($parent, array("cn"));
if ($parentGroup[0]["dn"] === NULL){
return false;
}
$parentDn = $parentGroup[0]["dn"];
// Find the child group's dn
$childGroup = $this->info($child, array("cn"));
if ($childGroup[0]["dn"] === NULL){
return false;
}
$childDn = $childGroup[0]["dn"];
$add = array();
$add["member"] = $childDn;
$result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
if ($result == false) {
return false;
}
return true;
}
/**
* Add a user to a group
*
* @param string $group The group to add the user to
* @param string $user The user to add to the group
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function addUser($group, $user, $isGUID = false)
{
// Adding a user is a bit fiddly, we need to get the full DN of the user
// and add it using the full DN of the group
// Find the user's dn
$userDn = $this->adldap->user()->dn($user, $isGUID);
if ($userDn === false) {
return false;
}
// Find the group's dn
$groupInfo = $this->info($group, array("cn"));
if ($groupInfo[0]["dn"] === NULL) {
return false;
}
$groupDn = $groupInfo[0]["dn"];
$add = array();
$add["member"] = $userDn;
$result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
if ($result == false) {
return false;
}
return true;
}
/**
* Add a contact to a group
*
* @param string $group The group to add the contact to
* @param string $contactDn The DN of the contact to add
* @return bool
*/
public function addContact($group, $contactDn)
{
// To add a contact we take the contact's DN
// and add it using the full DN of the group
// Find the group's dn
$groupInfo = $this->info($group, array("cn"));
if ($groupInfo[0]["dn"] === NULL) {
return false;
}
$groupDn = $groupInfo[0]["dn"];
$add = array();
$add["member"] = $contactDn;
$result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
if ($result == false) {
return false;
}
return true;
}
/**
* Create a group
*
* @param array $attributes Default attributes of the group
* @return bool
*/
public function create($attributes)
{
if (!is_array($attributes)){ return "Attributes must be an array"; }
if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
$attributes["container"] = array_reverse($attributes["container"]);
//$member_array = array();
//$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
//$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
$add = array();
$add["cn"] = $attributes["group_name"];
$add["samaccountname"] = $attributes["group_name"];
$add["objectClass"] = "Group";
$add["description"] = $attributes["description"];
//$add["member"] = $member_array; UNTESTED
$container = "OU=" . implode(",OU=", $attributes["container"]);
$result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
/**
* Remove a group from a group
*
* @param string $parent The parent group name
* @param string $child The child group name
* @return bool
*/
public function removeGroup($parent , $child)
{
// Find the parent dn
$parentGroup = $this->info($parent, array("cn"));
if ($parentGroup[0]["dn"] === NULL) {
return false;
}
$parentDn = $parentGroup[0]["dn"];
// Find the child dn
$childGroup = $this->info($child, array("cn"));
if ($childGroup[0]["dn"] === NULL) {
return false;
}
$childDn = $childGroup[0]["dn"];
$del = array();
$del["member"] = $childDn;
$result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
if ($result == false) {
return false;
}
return true;
}
/**
* Remove a user from a group
*
* @param string $group The group to remove a user from
* @param string $user The AD user to remove from the group
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function removeUser($group, $user, $isGUID = false)
{
// Find the parent dn
$groupInfo = $this->info($group, array("cn"));
if ($groupInfo[0]["dn"] === NULL){
return false;
}
$groupDn = $groupInfo[0]["dn"];
// Find the users dn
$userDn = $this->adldap->user()->dn($user, $isGUID);
if ($userDn === false) {
return false;
}
$del = array();
$del["member"] = $userDn;
$result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
if ($result == false) {
return false;
}
return true;
}
/**
* Remove a contact from a group
*
* @param string $group The group to remove a user from
* @param string $contactDn The DN of a contact to remove from the group
* @return bool
*/
public function removeContact($group, $contactDn)
{
// Find the parent dn
$groupInfo = $this->info($group, array("cn"));
if ($groupInfo[0]["dn"] === NULL) {
return false;
}
$groupDn = $groupInfo[0]["dn"];
$del = array();
$del["member"] = $contactDn;
$result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
if ($result == false) {
return false;
}
return true;
}
/**
* Return a list of groups in a group
*
* @param string $group The group to query
* @param bool $recursive Recursively get groups
* @return array
*/
public function inGroup($group, $recursive = NULL)
{
if (!$this->adldap->getLdapBind()){ return false; }
if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
// Search the directory for the members of a group
$info = $this->info($group, array("member","cn"));
$groups = $info[0]["member"];
if (!is_array($groups)) {
return false;
}
$groupArray = array();
for ($i=0; $i<$groups["count"]; $i++){
$filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
$fields = array("samaccountname", "distinguishedname", "objectClass");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
// not a person, look for a group
if ($entries['count'] == 0 && $recursive == true) {
$filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
$fields = array("distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (!isset($entries[0]['distinguishedname'][0])) {
continue;
}
$subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);
if (is_array($subGroups)) {
$groupArray = array_merge($groupArray, $subGroups);
$groupArray = array_unique($groupArray);
}
continue;
}
$groupArray[] = $entries[0]['distinguishedname'][0];
}
return $groupArray;
}
/**
* Return a list of members in a group
*
* @param string $group The group to query
* @param bool $recursive Recursively get group members
* @return array
*/
public function members($group, $recursive = NULL)
{
if (!$this->adldap->getLdapBind()){ return false; }
if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
// Search the directory for the members of a group
$info = $this->info($group, array("member","cn"));
$users = $info[0]["member"];
if (!is_array($users)) {
return false;
}
$userArray = array();
for ($i=0; $i<$users["count"]; $i++){
$filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
$fields = array("samaccountname", "distinguishedname", "objectClass");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
// not a person, look for a group
if ($entries['count'] == 0 && $recursive == true) {
$filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
$fields = array("samaccountname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (!isset($entries[0]['samaccountname'][0])) {
continue;
}
$subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
if (is_array($subUsers)) {
$userArray = array_merge($userArray, $subUsers);
$userArray = array_unique($userArray);
}
continue;
}
if ($entries[0]['samaccountname'][0] === NULL && $entries[0]['distinguishedname'][0] !== NULL) {
$userArray[] = $entries[0]['distinguishedname'][0];
}
elseif ($entries[0]['samaccountname'][0] !== NULL) {
$userArray[] = $entries[0]['samaccountname'][0];
}
}
return $userArray;
}
/**
* Group Information. Returns an array of raw information about a group.
* The group name is case sensitive
*
* @param string $groupName The group name to retrieve info about
* @param array $fields Fields to retrieve
* @return array
*/
public function info($groupName, $fields = NULL)
{
if ($groupName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if (stristr($groupName, '+')) {
$groupName = stripslashes($groupName);
}
$filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
if ($fields === NULL) {
$fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname");
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries;
}
/**
* Group Information. Returns an collection
* The group name is case sensitive
*
* @param string $groupName The group name to retrieve info about
* @param array $fields Fields to retrieve
* @return adLDAPGroupCollection
*/
public function infoCollection($groupName, $fields = NULL)
{
if ($groupName === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$info = $this->info($groupName, $fields);
if ($info !== false) {
$collection = new adLDAPGroupCollection($info, $this->adldap);
return $collection;
}
return false;
}
/**
* Return a complete list of "groups in groups"
*
* @param string $group The group to get the list from
* @return array
*/
public function recursiveGroups($group)
{
if ($group === NULL) { return false; }
$retGroups = array();
$groups = $this->info($group, array("memberof"));
if (isset($groups[0]["memberof"]) && is_array($groups[0]["memberof"])) {
$groups = $groups[0]["memberof"];
if ($groups) {
$groupNames = $this->adldap->utilities()->niceNames($groups);
$retGroups = array_merge($retGroups, $groupNames); //final groups to return
foreach ($groupNames as $id => $groupName){
$childGroups = $this->recursiveGroups($groupName);
$retGroups = array_merge($retGroups, $childGroups);
}
}
}
return $retGroups;
}
/**
* Returns a complete list of the groups in AD based on a SAM Account Type
*
* @param string $sAMAaccountType The account type to return
* @param bool $includeDescription Whether to return a description
* @param string $search Search parameters
* @param bool $sorted Whether to sort the results
* @return array
*/
public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
if (!$this->adldap->getLdapBind()) { return false; }
$filter = '(&(objectCategory=group)';
if ($sAMAaccountType !== null) {
$filter .= '(samaccounttype='. $sAMAaccountType .')';
}
$filter .= '(cn=' . $search . '))';
// Perform the search and grab all their details
$fields = array("samaccountname", "description");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
$groupsArray = array();
for ($i=0; $i<$entries["count"]; $i++){
if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
$groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
}
else if ($includeDescription){
$groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
}
else {
array_push($groupsArray, $entries[$i]["samaccountname"][0]);
}
}
if ($sorted) {
asort($groupsArray);
}
return $groupsArray;
}
/**
* Returns a complete list of all groups in AD
*
* @param bool $includeDescription Whether to return a description
* @param string $search Search parameters
* @param bool $sorted Whether to sort the results
* @return array
*/
public function all($includeDescription = false, $search = "*", $sorted = true){
$groupsArray = $this->search(null, $includeDescription, $search, $sorted);
return $groupsArray;
}
/**
* Returns a complete list of security groups in AD
*
* @param bool $includeDescription Whether to return a description
* @param string $search Search parameters
* @param bool $sorted Whether to sort the results
* @return array
*/
public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
$groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
return $groupsArray;
}
/**
* Returns a complete list of distribution lists in AD
*
* @param bool $includeDescription Whether to return a description
* @param string $search Search parameters
* @param bool $sorted Whether to sort the results
* @return array
*/
public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
$groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
return $groupsArray;
}
/**
* Coping with AD not returning the primary group
* http://support.microsoft.com/?kbid=321360
*
* This is a re-write based on code submitted by Bruce which prevents the
* need to search each security group to find the true primary group
*
* @param string $gid Group ID
* @param string $usersid User's Object SID
* @return string
*/
public function getPrimaryGroup($gid, $usersid)
{
if ($gid === NULL || $usersid === NULL) { return false; }
$r = false;
$gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
$filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
$fields = array("samaccountname","distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
return $entries[0]['distinguishedname'][0];
}
/**
* Coping with AD not returning the primary group
* http://support.microsoft.com/?kbid=321360
*
* For some reason it's not possible to search on primarygrouptoken=XXX
* If someone can show otherwise, I'd like to know about it :)
* this way is resource intensive and generally a pain in the @#%^
*
* @deprecated deprecated since version 3.1, see get get_primary_group
* @param string $gid Group ID
* @return string
*/
public function cn($gid){
if ($gid === NULL) { return false; }
$r = false;
$filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
$fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
for ($i=0; $i<$entries["count"]; $i++){
if ($entries[$i]["primarygrouptoken"][0] == $gid) {
$r = $entries[$i]["distinguishedname"][0];
$i = $entries["count"];
}
}
return $r;
}
}
?>
adLDAP/src/classes/adLDAPUsers.php 0000644 0000000 0000000 00000067263 12013401022 015604 0 ustar root root adldap = $adldap;
}
/**
* Validate a user's login credentials
*
* @param string $username A user's AD username
* @param string $password A user's AD password
* @param bool optional $prevent_rebind
* @return bool
*/
public function authenticate($username, $password, $preventRebind = false) {
return $this->adldap->authenticate($username, $password, $preventRebind);
}
/**
* Create a user
*
* If you specify a password here, this can only be performed over SSL
*
* @param array $attributes The attributes to set to the user account
* @return bool
*/
public function create($attributes)
{
// Check for compulsory fields
if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){
throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
}
if (!array_key_exists("display_name", $attributes)) {
$attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
}
// Translate the schema
$add = $this->adldap->adldap_schema($attributes);
// Additional stuff only used for adding accounts
$add["cn"][0] = $attributes["display_name"];
$add["samaccountname"][0] = $attributes["username"];
$add["objectclass"][0] = "top";
$add["objectclass"][1] = "person";
$add["objectclass"][2] = "organizationalPerson";
$add["objectclass"][3] = "user"; //person?
//$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
// Set the account control attribute
$control_options = array("NORMAL_ACCOUNT");
if (!$attributes["enabled"]) {
$control_options[] = "ACCOUNTDISABLE";
}
$add["userAccountControl"][0] = $this->accountControl($control_options);
// Determine the container
$attributes["container"] = array_reverse($attributes["container"]);
$container = "OU=" . implode(", OU=",$attributes["container"]);
// Add the entry
$result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
if ($result != true) {
return false;
}
return true;
}
/**
* Account control options
*
* @param array $options The options to convert to int
* @return int
*/
protected function accountControl($options)
{
$val=0;
if (is_array($options)) {
if (in_array("SCRIPT",$options)){ $val=$val+1; }
if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
if (in_array("LOCKOUT",$options)){ $val=$val+16; }
if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
//PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
//For information about how to set the permission programmatically, see the "Property flag descriptions" section.
if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; }
if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
}
return $val;
}
/**
* Delete a user account
*
* @param string $username The username to delete (please be careful here!)
* @param bool $isGUID Is the username a GUID or a samAccountName
* @return array
*/
public function delete($username, $isGUID = false)
{
$userinfo = $this->info($username, array("*"), $isGUID);
$dn = $userinfo[0]['distinguishedname'][0];
$result = $this->adldap->folder()->delete($dn);
if ($result != true) {
return false;
}
return true;
}
/**
* Groups the user is a member of
*
* @param string $username The username to query
* @param bool $recursive Recursive list of groups
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return array
*/
public function groups($username, $recursive = NULL, $isGUID = false)
{
if ($username === NULL) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
if (!$this->adldap->getLdapBind()) { return false; }
// Search the directory for their information
$info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
$groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
if ($recursive === true){
foreach ($groups as $id => $groupName){
$extraGroups = $this->adldap->group()->recursiveGroups($groupName);
$groups = array_merge($groups, $extraGroups);
}
}
return $groups;
}
/**
* Find information about the users. Returned in a raw array format from AD
*
* @param string $username The username to query
* @param array $fields Array of parameters to query
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return array
*/
public function info($username, $fields = NULL, $isGUID = false)
{
if ($username === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if ($isGUID === true) {
$username = $this->adldap->utilities()->strGuidToHex($username);
$filter = "objectguid=" . $username;
}
else if (strstr($username, "@")) {
$filter = "userPrincipalName=" . $username;
}
else {
$filter = "samaccountname=" . $username;
}
$filter = "(&(objectCategory=person)({$filter}))";
if ($fields === NULL) {
$fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid");
}
if (!in_array("objectsid", $fields)) {
$fields[] = "objectsid";
}
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
if (isset($entries[0])) {
if ($entries[0]['count'] >= 1) {
if (in_array("memberof", $fields)) {
// AD does not return the primary group in the ldap query, we may need to fudge it
if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
//$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
$entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
} else {
$entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
}
if (!isset($entries[0]["memberof"]["count"])) {
$entries[0]["memberof"]["count"] = 0;
}
$entries[0]["memberof"]["count"]++;
}
}
return $entries;
}
return false;
}
/**
* Find information about the users. Returned in a raw array format from AD
*
* @param string $username The username to query
* @param array $fields Array of parameters to query
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return mixed
*/
public function infoCollection($username, $fields = NULL, $isGUID = false)
{
if ($username === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
$info = $this->info($username, $fields, $isGUID);
if ($info !== false) {
$collection = new adLDAPUserCollection($info, $this->adldap);
return $collection;
}
return false;
}
/**
* Determine if a user is in a specific group
*
* @param string $username The username to query
* @param string $group The name of the group to check against
* @param bool $recursive Check groups recursively
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
{
if ($username === NULL) { return false; }
if ($group === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
// Get a list of the groups
$groups = $this->groups($username, $recursive, $isGUID);
// Return true if the specified group is in the group list
if (in_array($group, $groups)) {
return true;
}
return false;
}
/**
* Determine a user's password expiry date
*
* @param string $username The username to query
* @param book $isGUID Is the username passed a GUID or a samAccountName
* @requires bcmath http://www.php.net/manual/en/book.bc.php
* @return array
*/
public function passwordExpiry($username, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
if (!$this->adldap->getLdapBind()) { return false; }
if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
$userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
$pwdLastSet = $userInfo[0]['pwdlastset'][0];
$status = array();
if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
// Password does not expire
return "Does not expire";
}
if ($pwdLastSet === '0') {
// Password has already expired
return "Password has expired";
}
// Password expiry in AD can be calculated from TWO values:
// - User's own pwdLastSet attribute: stores the last time the password was changed
// - Domain's maxPwdAge attribute: how long passwords last in the domain
//
// Although Microsoft chose to use a different base and unit for time measurements.
// This function will convert them to Unix timestamps
$sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
if (!$sr) {
return false;
}
$info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
$maxPwdAge = $info[0]['maxpwdage'][0];
// See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
//
// pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC),
// stored in a 64 bit integer.
//
// The number of seconds between this date and Unix epoch is 11644473600.
//
// maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
// intervals from the time the password was set before the password expires.
//
// We also need to scale this to seconds but also this value is a _negative_ quantity!
//
// If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
//
// Unfortunately the maths involved are too big for PHP integers, so I've had to require
// BCMath functions to work with arbitrary precision numbers.
if (bcmod($maxPwdAge, 4294967296) === '0') {
return "Domain does not expire passwords";
}
// Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
// time units. Because maxpwd age is negative we need to subtract it.
$pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
// Convert MS's time to Unix time
$status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
$status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
return $status;
}
/**
* Modify a user
*
* @param string $username The username to query
* @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function modify($username, $attributes, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
}
// Find the dn of the user
$userDn = $this->dn($username, $isGUID);
if ($userDn === false) {
return false;
}
// Translate the update to the LDAP schema
$mod = $this->adldap->adldap_schema($attributes);
// Check to see if this is an enabled status update
if (!$mod && !array_key_exists("enabled", $attributes)){
return false;
}
// Set the account control attribute (only if specified)
if (array_key_exists("enabled", $attributes)){
if ($attributes["enabled"]){
$controlOptions = array("NORMAL_ACCOUNT");
}
else {
$controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE");
}
$mod["userAccountControl"][0] = $this->accountControl($controlOptions);
}
// Do the update
$result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
if ($result == false) {
return false;
}
return true;
}
/**
* Disable a user account
*
* @param string $username The username to disable
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function disable($username, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
$attributes = array("enabled" => 0);
$result = $this->modify($username, $attributes, $isGUID);
if ($result == false) { return false; }
return true;
}
/**
* Enable a user account
*
* @param string $username The username to enable
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function enable($username, $isGUID = false)
{
if ($username === NULL) { return "Missing compulsory field [username]"; }
$attributes = array("enabled" => 1);
$result = $this->modify($username, $attributes, $isGUID);
if ($result == false) { return false; }
return true;
}
/**
* Set the password of a user - This must be performed over SSL
*
* @param string $username The username to modify
* @param string $password The new password
* @param bool $isGUID Is the username passed a GUID or a samAccountName
* @return bool
*/
public function password($username, $password, $isGUID = false)
{
if ($username === NULL) { return false; }
if ($password === NULL) { return false; }
if (!$this->adldap->getLdapBind()) { return false; }
if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
}
$userDn = $this->dn($username, $isGUID);
if ($userDn === false) {
return false;
}
$add=array();
$add["unicodePwd"][0] = $this->encodePassword($password);
$result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
if ($result === false){
$err = ldap_errno($this->adldap->getLdapConnection());
if ($err) {
$msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
if($err == 53) {
$msg .= ' Your password might not match the password policy.';
}
throw new adLDAPException($msg);
}
else {
return false;
}
}
return true;
}
/**
* Encode a password for transmission over LDAP
*
* @param string $password The password to encode
* @return string
*/
public function encodePassword($password)
{
$password="\"".$password."\"";
$encoded="";
for ($i=0; $i info($username, array("cn"), $isGUID);
if ($user[0]["dn"] === NULL) {
return false;
}
$userDn = $user[0]["dn"];
return $userDn;
}
/**
* Return a list of all users in AD
*
* @param bool $includeDescription Return a description of the user
* @param string $search Search parameter
* @param bool $sorted Sort the user accounts
* @return array
*/
public function all($includeDescription = false, $search = "*", $sorted = true)
{
if (!$this->adldap->getLdapBind()) { return false; }
// Perform the search and grab all their details
$filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
$fields = array("samaccountname","displayname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
$usersArray = array();
for ($i=0; $i<$entries["count"]; $i++){
if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
$usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
} elseif ($includeDescription){
$usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
} else {
array_push($usersArray, $entries[$i]["samaccountname"][0]);
}
}
if ($sorted) {
asort($usersArray);
}
return $usersArray;
}
/**
* Converts a username (samAccountName) to a GUID
*
* @param string $username The username to query
* @return string
*/
public function usernameToGuid($username)
{
if (!$this->adldap->getLdapBind()){ return false; }
if ($username === null){ return "Missing compulsory field [username]"; }
$filter = "samaccountname=" . $username;
$fields = array("objectGUID");
$sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
$entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
$guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
$strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
return $strGUID;
}
return false;
}
/**
* Return a list of all users in AD that have a specific value in a field
*
* @param bool $includeDescription Return a description of the user
* @param string $searchField Field to search search for
* @param string $searchFilter Value to search for in the specified field
* @param bool $sorted Sort the user accounts
* @return array
*/
public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
if (!$this->adldap->getLdapBind()){ return false; }
// Perform the search and grab all their details
$searchParams = "";
if ($searchField) {
$searchParams = "(" . $searchField . "=" . $searchFilter . ")";
}
$filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
$fields=array("samaccountname","displayname");
$sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
$entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
$usersArray = array();
for ($i=0; $i < $entries["count"]; $i++) {
if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
$usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
}
else if ($includeDescription) {
$usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
}
else {
array_push($usersArray, $entries[$i]["samaccountname"][0]);
}
}
if ($sorted){
asort($usersArray);
}
return ($usersArray);
}
/**
* Move a user account to a different OU
*
* @param string $username The username to move (please be careful here!)
* @param array $container The container or containers to move the user to (please be careful here!).
* accepts containers in 1. parent 2. child order
* @return array
*/
public function move($username, $container)
{
if (!$this->adldap->getLdapBind()) { return false; }
if ($username === null) { return "Missing compulsory field [username]"; }
if ($container === null) { return "Missing compulsory field [container]"; }
if (!is_array($container)) { return "Container must be an array"; }
$userInfo = $this->info($username, array("*"));
$dn = $userInfo[0]['distinguishedname'][0];
$newRDn = "cn=" . $username;
$container = array_reverse($container);
$newContainer = "ou=" . implode(",ou=",$container);
$newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
$result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
if ($result !== true) {
return false;
}
return true;
}
/**
* Get the last logon time of any user as a Unix timestamp
*
* @param string $username
* @return long $unixTimestamp
*/
public function getLastLogon($username) {
if (!$this->adldap->getLdapBind()) { return false; }
if ($username === null) { return "Missing compulsory field [username]"; }
$userInfo = $this->info($username, array("lastLogon"));
$lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastlogon'][0]);
return $lastLogon;
}
}
?>
adLDAP/src/classes/adLDAPUtils.php 0000644 0000000 0000000 00000017635 12013401022 015601 0 ustar root root adldap = $adldap;
}
/**
* Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
*
* @param array $groups
* @return array
*/
public function niceNames($groups)
{
$groupArray = array();
for ($i=0; $i<$groups["count"]; $i++){ // For each group
$line = $groups[$i];
if (strlen($line)>0) {
// More presumptions, they're all prefixed with CN=
// so we ditch the first three characters and the group
// name goes up to the first comma
$bits=explode(",", $line);
$groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
}
}
return $groupArray;
}
/**
* Escape characters for use in an ldap_create function
*
* @param string $str
* @return string
*/
public function escapeCharacters($str) {
$str = str_replace(",", "\,", $str);
return $str;
}
/**
* Escape strings for the use in LDAP filters
*
* DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
* Ported from Perl's Net::LDAP::Util escape_filter_value
*
* @param string $str The string the parse
* @author Port by Andreas Gohr
* @return string
*/
public function ldapSlashes($str){
return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
'"\\\\\".join("",unpack("H2","$1"))',
$str);
}
/**
* Converts a string GUID to a hexdecimal value so it can be queried
*
* @param string $strGUID A string representation of a GUID
* @return string
*/
public function strGuidToHex($strGUID)
{
$strGUID = str_replace('-', '', $strGUID);
$octet_str = '\\' . substr($strGUID, 6, 2);
$octet_str .= '\\' . substr($strGUID, 4, 2);
$octet_str .= '\\' . substr($strGUID, 2, 2);
$octet_str .= '\\' . substr($strGUID, 0, 2);
$octet_str .= '\\' . substr($strGUID, 10, 2);
$octet_str .= '\\' . substr($strGUID, 8, 2);
$octet_str .= '\\' . substr($strGUID, 14, 2);
$octet_str .= '\\' . substr($strGUID, 12, 2);
//$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
if (($i % 2) == 0) {
$octet_str .= '\\' . substr($strGUID, $i, 2);
}
}
return $octet_str;
}
/**
* Convert a binary SID to a text SID
*
* @param string $binsid A Binary SID
* @return string
*/
public function getTextSID($binsid) {
$hex_sid = bin2hex($binsid);
$rev = hexdec(substr($hex_sid, 0, 2));
$subcount = hexdec(substr($hex_sid, 2, 2));
$auth = hexdec(substr($hex_sid, 4, 12));
$result = "$rev-$auth";
for ($x=0;$x < $subcount; $x++) {
$subauth[$x] =
hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
$result .= "-" . $subauth[$x];
}
// Cheat by tacking on the S-
return 'S-' . $result;
}
/**
* Converts a little-endian hex number to one that hexdec() can convert
*
* @param string $hex A hex code
* @return string
*/
public function littleEndian($hex)
{
$result = '';
for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
$result .= substr($hex, $x, 2);
}
return $result;
}
/**
* Converts a binary attribute to a string
*
* @param string $bin A binary LDAP attribute
* @return string
*/
public function binaryToText($bin)
{
$hex_guid = bin2hex($bin);
$hex_guid_to_guid_str = '';
for($k = 1; $k <= 4; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-';
for($k = 1; $k <= 2; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-';
for($k = 1; $k <= 2; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
return strtoupper($hex_guid_to_guid_str);
}
/**
* Converts a binary GUID to a string GUID
*
* @param string $binaryGuid The binary GUID attribute to convert
* @return string
*/
public function decodeGuid($binaryGuid)
{
if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
$strGUID = $this->binaryToText($binaryGuid);
return $strGUID;
}
/**
* Convert a boolean value to a string
* You should never need to call this yourself
*
* @param bool $bool Boolean value
* @return string
*/
public function boolToStr($bool)
{
return ($bool) ? 'TRUE' : 'FALSE';
}
/**
* Convert 8bit characters e.g. accented characters to UTF8 encoded characters
*/
public function encode8Bit(&$item, $key) {
$encode = false;
if (is_string($item)) {
for ($i=0; $i> 7) {
$encode = true;
}
}
}
if ($encode === true && $key != 'password') {
$item = utf8_encode($item);
}
}
/**
* Get the current class version number
*
* @return string
*/
public function getVersion() {
return self::ADLDAP_VERSION;
}
/**
* Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
*
* @param long $windowsTime
* @return long $unixTime
*/
public function convertWindowsTimeToUnixTime($windowsTime) {
$unixTime = round($windowsTime / 10000000) - 11644477200;
return $unixTime;
}
}
?> adLDAP/src/collections/ 0000755 0000000 0000000 00000000000 12013401022 013667 5 ustar root root adLDAP/src/collections/adLDAPCollection.php 0000644 0000000 0000000 00000006656 12013401022 017456 0 ustar root root setInfo($info);
$this->adldap = $adldap;
}
/**
* Set the raw info array from Active Directory
*
* @param array $info
*/
public function setInfo(array $info)
{
if ($this->info && sizeof($info) >= 1) {
unset($this->info);
}
$this->info = $info;
}
/**
* Magic get method to retrieve data from the raw array in a formatted way
*
* @param string $attribute
* @return mixed
*/
public function __get($attribute)
{
if (isset($this->info[0]) && is_array($this->info[0])) {
foreach ($this->info[0] as $keyAttr => $valueAttr) {
if (strtolower($keyAttr) == strtolower($attribute)) {
if ($this->info[0][strtolower($attribute)]['count'] == 1) {
return $this->info[0][strtolower($attribute)][0];
}
else {
$array = array();
foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
if ((string)$key != 'count') {
$array[$key] = $value;
}
}
return $array;
}
}
}
}
else {
return NULL;
}
}
/**
* Magic set method to update an attribute
*
* @param string $attribute
* @param string $value
* @return bool
*/
abstract public function __set($attribute, $value);
}
?>
adLDAP/src/collections/adLDAPComputerCollection.php 0000644 0000000 0000000 00000002657 12013401022 021172 0 ustar root root
adLDAP/src/collections/adLDAPContactCollection.php 0000644 0000000 0000000 00000002655 12013401022 020765 0 ustar root root
adLDAP/src/collections/adLDAPGroupCollection.php 0000644 0000000 0000000 00000002651 12013401022 020462 0 ustar root root
adLDAP/src/collections/adLDAPUserCollection.php 0000644 0000000 0000000 00000002647 12013401022 020311 0 ustar root root
api.php 100777 0 0 11041 12047206475 5503 0 D;7($@:.";
$databaseName = "pwd_db";
$tableName = "pwd_table";
$tableHistory = "history";
if (isset($_GET['query'])) {
$query= $_GET['query'];
}
if (isset($_GET['pwd_id'])) {
$pwd_id= $_GET['pwd_id'];
}
if (isset($_GET['type'])) {
$type= $_GET['type'];
}
if (isset($_GET['username'])) {
$username= $_GET['username'];
}
if (isset($_GET['password'])) {
$password= $_GET['password'];
}
if (isset($_GET['comment'])) {
$comment= $_GET['comment'];
}
if (isset($_GET['url'])) {
$url= $_GET['url'];
}
if (isset($_GET['groupname'])) {
$groupname= $_GET['groupname'];
}
else {
$groupname="";
}
if (isset($_GET['logonUsername'])) {
$logonUsername= $_GET['logonUsername'];
}
if (isset($_GET['acl'])) {
$acl= $_GET['acl'];
}
$last_date = date(DATE_RFC822);
//--------------------------------------------------------------------------
// 1) Connect to mysql database
//--------------------------------------------------------------------------
$con = mysql_connect($host,$user,$pass);
$dbs = mysql_select_db($databaseName, $con);
//--------------------------------------------------------------------------
// 2) Query database for data
//--------------------------------------------------------------------------
switch ($query) {
case -1:
// Get the ID of the new entry
$query_STR = "SELECT $tableName.pwd_id,$tableName.type,$tableName.username,$tableName.acl,$tableName.comment,$tableName.url FROM $tableName " .
"WHERE $tableName.pwd_id = (SELECT MAX($tableName.pwd_id) FROM $tableName)";
break;
case 0:
// View a password entry
$query_STR = "SELECT $tableName.pwd_id,$tableName.type,$tableName.username,$tableName.acl,$tableName.comment,$tableName.url,DECODE($tableName.password,'$passphrase') as pwd_decoded," .
"$tableHistory.login,$tableHistory.last_read,$tableHistory.history_id,$tableHistory.pwd_id " .
"FROM $tableName,$tableHistory " .
"WHERE ($tableName.pwd_id='$pwd_id' AND $tableHistory.pwd_id='$pwd_id') " .
"ORDER BY $tableHistory.history_id DESC " .
"LIMIT 0,10";
break;
case 1:
// Edit a password entry
$query_STR = "SELECT $tableName.pwd_id,$tableName.type,$tableName.username,$tableName.acl,$tableName.comment,$tableName.url,DECODE($tableName.password,'$passphrase') as pwd_decoded " .
"FROM $tableName " .
"WHERE $tableName.pwd_id='$pwd_id' " ;
break;
case 2:
// Edit a password entry
$query_STR = "SELECT $tableName.pwd_id,$tableName.type,$tableName.username,$tableName.acl,$tableName.comment,$tableName.url " .
"FROM $tableName " .
"WHERE $tableName.acl LIKE '%$groupname%' " .
"ORDER BY $tableName.type,$tableName.comment,$tableName.username" ;
break;
case 3:
// Edit a password entry
$query_STR = "UPDATE $tableName SET type='$type',username='$username',password=ENCODE('$password','$passphrase'),url='$url',comment='$comment',acl='$acl' " .
"WHERE $tableName.pwd_id = '$pwd_id' " ;
break;
case 4:
// Update history
$query_STR = "INSERT INTO $tableHistory (pwd_id,login,last_read) VALUES ('$pwd_id','$logonUsername','$last_date')";
break;
case 5:
// New entry
$query_STR = "INSERT INTO $tableName (type,username,password,url,comment,acl) VALUES ('$type', '$username', ENCODE('$password','$passphrase'),'$url','$comment','$acl')";
break;
case 6:
// Delete entry
$query_STR = "DELETE FROM $tableName WHERE pwd_id = '$pwd_id'";
break;
}
if ($query >= 3)
{
mysql_query($query_STR) or die('Error, insert query failed');
}
else
{
mysql_query("set names 'utf8'");
$result = mysql_query($query_STR);
$data = array();
while ( $row = mysql_fetch_array($result) )
{
$data[] = $row;
}
echo json_encode($data);
}
}
?>
auth.php 100777 0 0 11220 12046721127 5665 0 Password Database".
"";
echo "
".
"
Welcome to the Password Database
".
"
";
echo 'You must enter a valid login and password';
echo '