Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

We’re showing branches in this repository, but you can also compare across forks.

...
  • 9 commits
  • 258 files changed
  • 0 commit comments
  • 1 contributor
Showing with 19,631 additions and 5,272 deletions.
  1. +7 −2 admin/admin/ad_home.php
  2. +15 −1 admin/manage/ad_users.php
  3. +10 −1 config.php.dist
  4. +139 −0 includes/adLDAP/CHANGELOG.txt
  5. +457 −0 includes/adLDAP/LICENCE.txt
  6. +74 −0 includes/adLDAP/README.txt
  7. +77 −0 includes/adLDAP/examples/authenticate.php
  8. +140 −0 includes/adLDAP/examples/examples.php
  9. +23 −0 includes/adLDAP/examples/groupCollection.php
  10. +21 −0 includes/adLDAP/examples/menu.php
  11. +23 −0 includes/adLDAP/examples/userCollection.php
  12. +951 −0 includes/adLDAP/src/adLDAP.php
  13. +153 −0 includes/adLDAP/src/classes/adLDAPComputers.php
  14. +294 −0 includes/adLDAP/src/classes/adLDAPContacts.php
  15. +390 −0 includes/adLDAP/src/classes/adLDAPExchange.php
  16. +179 −0 includes/adLDAP/src/classes/adLDAPFolders.php
  17. +631 −0 includes/adLDAP/src/classes/adLDAPGroups.php
  18. +682 −0 includes/adLDAP/src/classes/adLDAPUsers.php
  19. +264 −0 includes/adLDAP/src/classes/adLDAPUtils.php
  20. +137 −0 includes/adLDAP/src/collections/adLDAPCollection.php
  21. +46 −0 includes/adLDAP/src/collections/adLDAPComputerCollection.php
  22. +46 −0 includes/adLDAP/src/collections/adLDAPContactCollection.php
  23. +46 −0 includes/adLDAP/src/collections/adLDAPGroupCollection.php
  24. +46 −0 includes/adLDAP/src/collections/adLDAPUserCollection.php
  25. +50 −3 includes/classes/class_asession.php
  26. +4 −4 includes/classes/class_askin.php
  27. +49 −2 includes/classes/class_session.php
  28. +5 −5 includes/classes/class_skin.php
  29. +3 −1 includes/functions/func_users.php
  30. +165 −0 includes/smarty/COPYING.lib
  31. +574 −0 includes/smarty/README
  32. +109 −0 includes/smarty/SMARTY_2_BC_NOTES.txt
  33. +24 −0 includes/smarty/SMARTY_3.0_BC_NOTES.txt
  34. +306 −0 includes/smarty/SMARTY_3.1_NOTES.txt
  35. +1,461 −486 includes/smarty/Smarty.class.php
  36. +460 −0 includes/smarty/SmartyBC.class.php
  37. +2,122 −0 includes/smarty/change_log.txt
  38. +9 −12 includes/smarty/debug.tpl
  39. +0 −27 includes/smarty/plugins/block.php.php
  40. +60 −50 includes/smarty/plugins/block.textformat.php
  41. +10 −10 includes/smarty/plugins/function.counter.php
  42. +49 −44 includes/smarty/plugins/function.cycle.php
  43. +167 −170 includes/smarty/plugins/function.fetch.php
  44. +110 −39 includes/smarty/plugins/function.html_checkboxes.php
  45. +69 −49 includes/smarty/plugins/function.html_image.php
  46. +109 −55 includes/smarty/plugins/function.html_options.php
  47. +110 −66 includes/smarty/plugins/function.html_radios.php
  48. +298 −237 includes/smarty/plugins/function.html_select_date.php
  49. +312 −143 includes/smarty/plugins/function.html_select_time.php
  50. +65 −64 includes/smarty/plugins/function.html_table.php
  51. +79 −84 includes/smarty/plugins/function.mailto.php
  52. +17 −14 includes/smarty/plugins/function.math.php
  53. +0 −118 includes/smarty/plugins/function.popup.php
  54. +0 −41 includes/smarty/plugins/function.popup_init.php
  55. +49 −25 includes/smarty/plugins/modifier.capitalize.php
  56. +0 −31 includes/smarty/plugins/modifier.cat.php
  57. +0 −29 includes/smarty/plugins/modifier.count_characters.php
  58. +0 −26 includes/smarty/plugins/modifier.count_paragraphs.php
  59. +0 −27 includes/smarty/plugins/modifier.count_sentences.php
  60. +0 −25 includes/smarty/plugins/modifier.count_words.php
  61. +30 −26 includes/smarty/plugins/modifier.date_format.php
  62. +43 −25 includes/smarty/plugins/modifier.debug_print_var.php
  63. +0 −29 includes/smarty/plugins/modifier.default.php
  64. +144 −67 includes/smarty/plugins/modifier.escape.php
  65. +0 −28 includes/smarty/plugins/modifier.indent.php
  66. +0 −30 includes/smarty/plugins/modifier.lower.php
  67. +0 −24 includes/smarty/plugins/modifier.noprint.php
  68. +24 −17 includes/smarty/plugins/modifier.regex_replace.php
  69. +25 −40 includes/smarty/plugins/modifier.replace.php
  70. +19 −19 includes/smarty/plugins/modifier.spacify.php
  71. +0 −27 includes/smarty/plugins/modifier.string_format.php
  72. +0 −31 includes/smarty/plugins/modifier.strip.php
  73. +0 −31 includes/smarty/plugins/modifier.strip_tags.php
  74. +47 −52 includes/smarty/plugins/modifier.truncate.php
  75. +0 −30 includes/smarty/plugins/modifier.upper.php
  76. +0 −29 includes/smarty/plugins/modifier.wordwrap.php
  77. +30 −0 includes/smarty/plugins/modifiercompiler.cat.php
  78. +33 −0 includes/smarty/plugins/modifiercompiler.count_characters.php
  79. +28 −0 includes/smarty/plugins/modifiercompiler.count_paragraphs.php
  80. +28 −0 includes/smarty/plugins/modifiercompiler.count_sentences.php
  81. +32 −0 includes/smarty/plugins/modifiercompiler.count_words.php
  82. +35 −0 includes/smarty/plugins/modifiercompiler.default.php
  83. +125 −0 includes/smarty/plugins/modifiercompiler.escape.php
  84. +34 −0 includes/smarty/plugins/modifiercompiler.from_charset.php
  85. +32 −0 includes/smarty/plugins/modifiercompiler.indent.php
  86. +31 −0 includes/smarty/plugins/modifiercompiler.lower.php
  87. +25 −0 includes/smarty/plugins/modifiercompiler.noprint.php
  88. +26 −0 includes/smarty/plugins/modifiercompiler.string_format.php
  89. +33 −0 includes/smarty/plugins/modifiercompiler.strip.php
  90. +33 −0 includes/smarty/plugins/modifiercompiler.strip_tags.php
  91. +34 −0 includes/smarty/plugins/modifiercompiler.to_charset.php
  92. +51 −0 includes/smarty/plugins/modifiercompiler.unescape.php
  93. +30 −0 includes/smarty/plugins/modifiercompiler.upper.php
  94. +46 −0 includes/smarty/plugins/modifiercompiler.wordwrap.php
  95. +71 −53 includes/smarty/plugins/outputfilter.trimwhitespace.php
  96. +43 −23 includes/smarty/plugins/shared.escape_special_chars.php
  97. +33 −0 includes/smarty/plugins/shared.literal_compiler_param.php
  98. +16 −17 includes/smarty/plugins/shared.make_timestamp.php
  99. +55 −0 includes/smarty/plugins/shared.mb_str_replace.php
  100. +48 −0 includes/smarty/plugins/shared.mb_unicode.php
  101. +83 −0 includes/smarty/plugins/shared.mb_wordwrap.php
  102. +15 −15 includes/smarty/plugins/variablefilter.htmlspecialchars.php
  103. +381 −0 includes/smarty/sysplugins/smarty_cacheresource.php
  104. +237 −0 includes/smarty/sysplugins/smarty_cacheresource_custom.php
  105. +463 −0 includes/smarty/sysplugins/smarty_cacheresource_keyvaluestore.php
  106. +95 −0 includes/smarty/sysplugins/smarty_config_source.php
  107. +222 −140 includes/smarty/sysplugins/smarty_internal_cacheresource_file.php
  108. +43 −51 includes/smarty/sysplugins/smarty_internal_compile_append.php
  109. +75 −52 includes/smarty/sysplugins/smarty_internal_compile_assign.php
  110. +257 −88 includes/smarty/sysplugins/smarty_internal_compile_block.php
  111. +77 −0 includes/smarty/sysplugins/smarty_internal_compile_break.php
  112. +112 −45 includes/smarty/sysplugins/smarty_internal_compile_call.php
  113. +74 −48 includes/smarty/sysplugins/smarty_internal_compile_capture.php
  114. +66 −34 includes/smarty/sysplugins/smarty_internal_compile_config_load.php
  115. +78 −0 includes/smarty/sysplugins/smarty_internal_compile_continue.php
  116. +32 −23 includes/smarty/sysplugins/smarty_internal_compile_debug.php
  117. +55 −28 includes/smarty/sysplugins/smarty_internal_compile_eval.php
  118. +108 −61 includes/smarty/sysplugins/smarty_internal_compile_extends.php
  119. +105 −87 includes/smarty/sysplugins/smarty_internal_compile_for.php
  120. +142 −103 includes/smarty/sysplugins/smarty_internal_compile_foreach.php
  121. +136 −70 includes/smarty/sysplugins/smarty_internal_compile_function.php
  122. +148 −55 includes/smarty/sysplugins/smarty_internal_compile_if.php
  123. +172 −102 includes/smarty/sysplugins/smarty_internal_compile_include.php
  124. +85 −45 includes/smarty/sysplugins/smarty_internal_compile_include_php.php
  125. +109 −50 includes/smarty/sysplugins/smarty_internal_compile_insert.php
  126. +32 −23 includes/smarty/sysplugins/smarty_internal_compile_ldelim.php
  127. +53 −39 includes/smarty/sysplugins/smarty_internal_compile_nocache.php
  128. +61 −47 includes/smarty/sysplugins/smarty_internal_compile_private_block_plugin.php
  129. +54 −34 includes/smarty/sysplugins/smarty_internal_compile_private_function_plugin.php
  130. +131 −50 includes/smarty/sysplugins/smarty_internal_compile_private_modifier.php
  131. +66 −37 includes/smarty/sysplugins/smarty_internal_compile_private_object_block_function.php
  132. +60 −35 includes/smarty/sysplugins/smarty_internal_compile_private_object_function.php
  133. +133 −38 includes/smarty/sysplugins/smarty_internal_compile_private_print_expression.php
  134. +82 −48 includes/smarty/sysplugins/smarty_internal_compile_private_registered_block.php
  135. +62 −32 includes/smarty/sysplugins/smarty_internal_compile_private_registered_function.php
  136. +49 −38 includes/smarty/sysplugins/smarty_internal_compile_private_special_variable.php
  137. +33 −24 includes/smarty/sysplugins/smarty_internal_compile_rdelim.php
  138. +96 −63 includes/smarty/sysplugins/smarty_internal_compile_section.php
  139. +72 −0 includes/smarty/sysplugins/smarty_internal_compile_setfilter.php
  140. +75 −47 includes/smarty/sysplugins/smarty_internal_compile_while.php
  141. +147 −74 includes/smarty/sysplugins/smarty_internal_compilebase.php
  142. +257 −215 includes/smarty/sysplugins/smarty_internal_config.php
  143. +96 −68 includes/smarty/sysplugins/smarty_internal_config_file_compiler.php
  144. +146 −50 includes/smarty/sysplugins/smarty_internal_configfilelexer.php
  145. +196 −139 includes/smarty/sysplugins/smarty_internal_configfileparser.php
  146. +400 −262 includes/smarty/sysplugins/smarty_internal_data.php
  147. +151 −74 includes/smarty/sysplugins/smarty_internal_debug.php
  148. +59 −53 includes/smarty/sysplugins/smarty_internal_filter_handler.php
  149. +48 −40 includes/smarty/sysplugins/smarty_internal_function_call_handler.php
  150. +48 −0 includes/smarty/sysplugins/smarty_internal_get_include_path.php
  151. +53 −0 includes/smarty/sysplugins/smarty_internal_nocache_insert.php
  152. +395 −0 includes/smarty/sysplugins/smarty_internal_parsetree.php
  153. +94 −0 includes/smarty/sysplugins/smarty_internal_resource_eval.php
  154. +132 −156 includes/smarty/sysplugins/smarty_internal_resource_extends.php
Sorry, we could not display the entire diff because it was too big.
9 admin/admin/ad_home.php
View
@@ -45,7 +45,12 @@ public function show_home()
if ( file_exists( TD_PATH .'install/install.lock' ) )
{
- $this->trellis->send_message( 'alert', $this->trellis->lang['alert_install_locked'] );
+ $install_url = $this->trellis->config['hd_url'].'/install/index.php';
+ $install_url_status = @get_headers( $install_url );
+ if( strpos( $install_url_status[0], '200' ) )
+ {
+ $this->trellis->send_message( 'alert', $this->trellis->lang['alert_install_locked'] );
+ }
}
elseif ( is_dir( TD_PATH .'install' ) )
{
@@ -724,4 +729,4 @@ function ajax_save_notes()
}
-?>
+?>
16 admin/manage/ad_users.php
View
@@ -464,11 +464,18 @@ private function add_user($error='', $field='')
( $this->trellis->check_perm( 'manage', 'users', 'staff', 0 ) ) ? $ugroup_sub_acp = '  '. $this->trellis->skin->checkbox( array( 'name' => 'ugroup_sub_acp', 'title' => '{lang.acp_access} '. $this->trellis->skin->help_tip('{lang.tip_acp_access}') ) ) : $ugroup_sub_acp = "";
+ /*
+ # For future LDAP support on the user page.
+ ( $this->trellis->$config['ldap_enabled'] ) ? $ldap_user = $this->trellis->skin->group_table_row( '{lang.ldap_user}', $this->trellis->skin->checkbox( array( 'name' => 'ldap_user', 'title' => '{lang.ldap_user}'.$this->trellis->skin->help_tip('{lang.tip_ldap_user}' ) ) ) ) : $ldap_user = "";
+ */
+ $ldap_user = "";
+
$this->output .= "<div id='ticketroll'>
". $this->trellis->skin->start_form( "<! TD_URL !>/admin.php?section=manage&amp;page=users&amp;act=doadd", 'add_user', 'post' ) ."
". $this->trellis->skin->start_group_table( '{lang.adding_user}', 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.username}', $this->trellis->skin->textfield( 'name' ), 'a', '25%', '75%' ) ."
". $this->trellis->skin->group_table_row( '{lang.email}', $this->trellis->skin->textfield( 'email' ), 'a' ) ."
+ ". $ldap_user ."
". $this->trellis->skin->group_table_row( '{lang.password}', $this->trellis->skin->textfield( 'password' ), 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.title} '. $this->trellis->skin->help_tip('{lang.tip_title}'), $this->trellis->skin->textfield( 'title' ), 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.group}', "<select name='ugroup' id='ugroup'>". $this->trellis->func->drop_downs->group_drop( array( 'select' => $this->trellis->input['ugroup'], 'staff_check' => 1 ) ) ."</select>", 'a' ) ."
@@ -656,11 +663,18 @@ private function edit_user($error='', $field='')
( $this->trellis->check_perm( 'manage', 'users', 'staff', 0 ) ) ? $ugroup_sub_acp = '&nbsp;&nbsp;'. $this->trellis->skin->checkbox( array( 'name' => 'ugroup_sub_acp', 'title' => '{lang.acp_access} '. $this->trellis->skin->help_tip('{lang.tip_acp_access}'), 'value' => $u['ugroup_sub_acp'] ) ) : $ugroup_sub_acp = "";
+ /*
+ # For future LDAP support on the user page.
+ ( $this->trellis->$config['ldap_enabled'] ) ? $ldap_user = $this->trellis->skin->group_table_row( '{lang.ldap_user}', $this->trellis->skin->checkbox( array( 'name' => 'ldap_user', 'title' => '{lang.ldap_user}'.$this->trellis->skin->help_tip('{lang.tip_ldap_user}' ) ) ) ) : $ldap_user = "";
+ */
+ $ldap_user = "";
+
$this->output .= "<div id='ticketroll'>
". $this->trellis->skin->start_form( "<! TD_URL !>/admin.php?section=manage&amp;page=users&amp;act=doedit&amp;id={$u['id']}", 'edit_user', 'post' ) ."
". $this->trellis->skin->start_group_table( '{lang.editing_user} '. $u['name'], 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.username}', $this->trellis->skin->textfield( 'name', $u['name'] ), 'a', '25%', '75%' ) ."
". $this->trellis->skin->group_table_row( '{lang.email}', $this->trellis->skin->textfield( 'email', $u['email'] ), 'a' ) ."
+ ". $ldap_user ."
". $this->trellis->skin->group_table_row( '{lang.password} '. $this->trellis->skin->help_tip('{lang.tip_change_password}'), $this->trellis->skin->textfield( 'password' ), 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.title} '. $this->trellis->skin->help_tip('{lang.tip_title}'), $this->trellis->skin->textfield( 'title', $u['title'] ), 'a' ) ."
". $this->trellis->skin->group_table_row( '{lang.group}', "<select name='ugroup' id='ugroup'>". $this->trellis->func->drop_downs->group_drop( array( 'select' => $ugroup, 'staff_check' => 1 ) ) ."</select>", 'a' ) ."
@@ -1508,4 +1522,4 @@ private function generate_url($params=array())
}
-?>
+?>
11 config.php.dist
View
@@ -10,4 +10,13 @@ $data_path=$data_path.'/data/';
$data_path = str_replace("install/", "", $data_path);
$config['data_path'] = $data_path;
$config['debug_level'] = 0;
-?>
+$config['ldap_enabled'] = false;
+$config['ldap_servers'] = array('your.ldap.server');
+$config['ldap_suffix'] = '@yourdomain.com';
+$config['ldap_base_dn'] = "DC=yourdomain,DC=com";
+$config['ldap_ssl'] = false;
+$config['ldap_tls'] = false;
+$config['ldap_allowed_group'] = '';
+$config['ldap_bind_dn'] = 'CN=LDAP Auth User,CN=Users,DC=yourdomain,DC=com';
+$config['ldap_bind_pass'] = 'LDAPpassword';
+?>
139 includes/adLDAP/CHANGELOG.txt
View
@@ -0,0 +1,139 @@
+adLDAP - PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+
+Written by Scott Barnett, Richard Hyland
+email: scott@wiggumworld.com, adldap@richardhyland.com
+http://adldap.sourceforge.net/
+
+
+CHANGELOG
+-------------------------------------------------------------------------------------------
+
+Version 4.0.4
+-------------
+[+] New Feature: Ability to delete a group $adldap->group()->delete($groupName);
+[+] New Feature: #30 Add magic __isset method to adLDAPCollection
+[-] Feature Change: #34 A better recursiveGroups() implementation
+[-] Feature Change: Changed $adldap->user()->getLastLogon from using the lastLogin attribute to lastLogonTimestamp. The difference between the two is detailed here http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
+[-] Bug Fix: $adldap->user()->getLastLogon('mySAMAccountName') produced a PHP error 'Non-static method adLDAPUtils::convertWindowsTimeToUnixTime() should not be called statically'
+[-] Bug Fix: #29 $includeDescription broken in adLDAPContacts->all()
+[-] Bug Fix: #25 exchange->createMailbox typo in $storageGroup variable null checking
+[-] Bug Fix: #25 exchange->createMailbox Call to undefined method adLDAPExchange::utilities()
+[-] Bug Fix: #27 Case mismatch on an array key in the folder()->create()
+[-] Bug Fix: Typo in $adldap->contact()->contactMailEnable() for email address so that the function wouldn't work as intended
+[-] Bug Fix: $adldap->folder->create() typo would have failed to create the folder correctly
+[-] Bug Fix: Some uninitialized variable warnings quashed for PHP Strict Mode
+[-] Bug Fix: Ensure a connection is established before calling ldap_close in __destruct()
+[-] Bug Fix: #32 undefined offset in getPrimaryGroup()
+[-] Bug Fix: #31 Non-recursive group()->members method sometimes does not work
+
+Version 4.0.3
+-------------
+[+] New feature: Added support for homephone attribute to the adLDAP schema
+[+] New feature: Added getLastLogon($username) to the user model to return a Unix timestamp for the last logon of a user
+[-] Bug fix: Change strGuidToHex to public function to prevent errors when used with $isGUID = true
+[-] Bug fix: user()->find() function would cause an undefined array error if full error reporting was enabled
+[-] Bug fix: #11 If the array "$this->info[0][strtolower($attribute)]" contains a key with 0 (zero), it does not add to the array
+[-] Bug fix: #22 Typo in adLDAPFolders for listings
+
+Version 4.0.2
+-------------
+[-] Bug fix: #16 Typo Error in adLDAPGroups.php could cause an error when PHP strict mode error reporting enabled
+[-] Bug fix: #18 Typo in adLDAPContacts.php affecting info and infoCollection functions failing
+
+Version 4.0.1
+-------------
+[+] New feature: #13 allow binding over SASL where supported
+[+] New feature: #12 new $adldap->user()->find() function to find users by searching specific fields
+[+] New feature: exchange_altrecipient and exchange_deliverandredirect added to adldap_schema
+[-] Bug fix: $adldap->user()->usernameToGuid() function had invalid parameter in ldap_search function
+[-] Bug fix: #9 When a password change is attempted but fails due to the configured Active Directory Password Policy. Instead of the error an Exception is thrown.
+[-] Bug fix: #10 PHP Warning issued for missing array element. Assumes that element ["count"] exists which does not when the login only has one AD group.
+[-] Bug fix: #8 The ou_create function was giving naming violation errors
+[-] Bug fix: adldap_schema errors from the version 4.0 changes
+
+Version 4.0.0
+-------------
+[+] New feature: Version 4 is a complete re-write of the class and is backwards incompatible with version 3 and below. Groups, users, contacts, etc have been seperated into seperate classes and can be called like this $adldap->user()->modify(); or $adldap->group()->create();
+
+Version 3.3.2
+-------------
+[+] New feature: Move the user to a new OU using user_move() function
+[-] Bug fix: Prevent an 'undefined index' error in recursive_groups() when full PHP E_ALL logging is enabled
+[-] Bug fix: user_groups() does not return primary group when objectsid is not given (Tracker ID:2931213)
+[-] Bug fix: Undefined index in function user_info for non-existent users (Tracker ID:2922729)
+[-] Bug fix: Force user_info to find objectCategory of person as if a sAMAccountName also exists in a group it will return that group. (Tracker ID:3006096)
+[-] Bug fix: Return false for user_info if the user does not exist
+[-] Bug fix: user_info, checks for for a "count" value that not exist in $entries array if "memberof" isn't passed in $fields array. (Tracker ID:2993172)
+[-] Bug fix: In authenticate() if user authentication fails function returns and does not rebind with admin credentials - so the other funcions don't work anymore as $this->_bind === false. (Tracker ID:2987887)
+[-] Bug fix: When calling $ldap->user_modify('user', array("expires"=>0)) the function fails due to the value being 0. Changed to isset (Tracker ID:3036726)
+[-] Bug fix: When calling user_info allow the username to be either a sAMAccountName or userPrincipalName attribute
+
+
+Version 3.3.1
+-------------
+[-] Bug fix: Prevent empty $username and $password in authenticate from falling through to the default administrator login
+
+Version 3.3
+-----------
+
+[+] New feature: Calling adLDAP without LDAP support in PHP will now throw an adLDAPException
+[+] New feature: Specifying a NULL $_base_dn will now automatically attempt to detect the base_dn from your domain controller
+[+] New feature: Most user objects can now be queried using a user's GUID as well as their username (samAccountName). Set the $isGUID optional parameter to true. To obtain a user's GUID either use the username2guid() function or decodeGuid()
+[+] New function: username2guid($username) will return a string representation of the GUID for a given username
+[+] New function: decodeGuid($binaryGuid) will convert a binary GUID to a string
+[+] New function: find_base_dn() will return the base_dn from your domain controller
+[+] New function: get_root_dse($attributes) will return root domain controller configuration attributes such as the default naming context, current DC time, etc
+[+] New function: exchange_servers($attributes) will return a list of Exchange servers in your domain
+[+] New function: exchange_storage_groups($exchangeServer, $attributes, $recursive) will return a list of Storage groups on any given Exchange server. Setting $recursive to true (or inheriting from the $_recursive_groups setting will automatically query the databases within a storage group)
+[+] New function: exchange_storage_databases($storageGroup, $attributes) will return a list of Databases in any given storage group on any given Exchange server
+[+] New function: exchange_add_X400($username, $country, $admd, $pdmd, $org, $surname, $givenname, $isGUID=false) will add an X400 address to the Exchange server
+[-] Bug fix: Null comparison error in contact_mailenable()
+
+Version 3.2
+-----------
+
+[+] New function: user_password_expiry($username) which will return the timestamp and formatted time of when a user's password expires based both on domain policy and user password expiry policy
+[+] New function: groups_in_group($group, $recursive = NULL) returns a list of groups within a group
+[+] New function: all_groups() function to list ALL types of group rather than just security groups alone
+[+] New function: folder_list($folder_name = NULL, $dn_type = ADLDAP_FOLDER, $recursive = NULL, $type = NULL) allows you to navigate the AD folder structure
+[+] New function: computer_ingroup()
+[+] New function: computer_groups()
+[+] New function: connect()
+[+] New function: disconnect()
+[+] New feature: Added recursive group lookups to group_members() to recursively get the username of users in a group
+[+] New feature: TLS support
+[+] New feature: Added getters and setters for core variables
+[-] Change: Renamed all_groups() to all_security_groups()
+[-] Change: Re-written ldap_slashes() function based on a port from Per's Net::LDAP::Util escape_filter_value
+[-] Bug fix: Attempt to deal with special char + in group_info()
+[-] Bug fix: user_ingroup() would not allow recursion to be disabled using the $recursive parameter and would only inherit from $_recursive_groups variable
+[-] Bug fix: Runtime overriding of $recursive group lookups failed due to changes in PHP 5.2
+
+
+Version 3.1
+-----------
+
+[+] New function: get_last_error() returns the last error returned by your domain controller
+[+] New feature: Automatically detect and encode 8bit characters when being added to an AD object
+[+] New feature: Exception handing added for connections or attempting methods that require SSL where it is not set
+[+] New feature: Added pager to the schema
+[+] New feature: New method to obtain a user's or contacts primary group that is far less intensive using get_primary_group(). The old group_cn() is now deprecated
+[-] Change: Only return primary group memberof if a user or contact is returned
+[-] Bug fix: Contact could not be added to a group
+[-] Bug fix: bool2str() function caused exchange mailbox creation to fail
+
+
+Version 3.0
+-----------
+
+[+] New function: user_delete()
+[+] New feature: Source code comments totally overhauled
+[+] New feature: Configuration options and functions now have their visibility defined. adLDAP is now PHP 5 compatible only.
+[+] New feature: Exchange mailbox creation for users
+[+] New feature: Add new SMTP addresses to a user
+[+] New feature: Change the default SMTP address for a user
+[+] New feature: Remove an SMTP address for a user
+[+] New feature: Mail enable a contact
+[+] New feature: Create, query, delete contacts
+[+] New feature: Enable or disable a user with user_enable() or user_disable()
+[-] Bug fix: Disabling a user did not work
457 includes/adLDAP/LICENCE.txt
View
@@ -0,0 +1,457 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
74 includes/adLDAP/README.txt
View
@@ -0,0 +1,74 @@
+PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+Version 4.0.4
+
+Written by Scott Barnett, Richard Hyland
+email: scott@wiggumworld.com, adldap@richardhyland.com
+http://adldap.sourceforge.net/
+
+ABOUT
+=====
+
+adLDAP is a PHP class that provides LDAP authentication and integration with Active Directory.
+
+We'd appreciate any improvements or additions to be submitted back
+to benefit the entire community :)
+
+REQUIREMENTS
+============
+
+adLDAP requires PHP 5 and both the LDAP (http://php.net/ldap) and SSL (http://php.net/openssl) libraries
+
+INSTALLATION
+============
+
+adLDAP is not an application, but a class library designed to integrate into your own applications.
+
+The core of adLDAP is contained in the 'src' directory. Simply copy/rename this directory inside your own
+projects.
+
+Edit the file 'src/adLDAP.php' and change the configuration variables near the top, specifically
+those for domain controllers, base dn and account suffix, and if you want to perform anything more complex
+than use authentication you'll also need to set the admin username and password variables too.
+
+From within your code simply require the adLDAP.php file and call it like so
+
+require_once(dirname(__FILE__) . '/adLDAP.php');
+$adldap = new adLDAP();
+
+It would be better to wrap it in a try/catch though
+
+try {
+ $adldap = new adLDAP();
+}
+catch (adLDAPException $e) {
+ echo $e;
+ exit();
+}
+
+Then simply call commands against it e.g.
+
+$adldap->authenticate($username, $password);
+
+or
+
+$adldap->group()->members($groupName);
+
+DOCUMENTATION
+=============
+
+You can find our website at http://adldap.sourceforce.net or the class documentation at
+
+http://adldap.sourceforge.net/wiki/doku.php?id=documentation
+
+LICENSE
+=======
+
+This library is free software; you can redistribute it and/or modify it under the terms of the
+GNU Lesser General Public License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+See the GNU Lesser General Public License for more details or LICENSE.txt distributed with
+this class.
+
77 includes/adLDAP/examples/authenticate.php
View
@@ -0,0 +1,77 @@
+<?php
+//log them out
+$logout = $_GET['logout'];
+if ($logout == "yes") { //destroy the session
+ session_start();
+ $_SESSION = array();
+ session_destroy();
+}
+
+//force the browser to use ssl (STRONGLY RECOMMENDED!!!!!!!!)
+if ($_SERVER["SERVER_PORT"] != 443){
+ header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
+ exit();
+}
+
+//you should look into using PECL filter or some form of filtering here for POST variables
+$username = strtoupper($_POST["username"]); //remove case sensitivity on the username
+$password = $_POST["password"];
+$formage = $_POST["formage"];
+
+if ($_POST["oldform"]) { //prevent null bind
+
+ if ($username != NULL && $password != NULL){
+ //include the class and create a connection
+ include (dirname(__FILE__) . "/../src/adLDAP.php");
+ try {
+ $adldap = new adLDAP();
+ }
+ catch (adLDAPException $e) {
+ echo $e;
+ exit();
+ }
+
+ //authenticate the user
+ if ($adldap->authenticate($username, $password)){
+ //establish your session and redirect
+ session_start();
+ $_SESSION["username"] = $username;
+ $_SESSION["userinfo"] = $adldap->user()->info($username);
+ $redir = "Location: https://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/menu.php";
+ header($redir);
+ exit;
+ }
+ }
+ $failed = 1;
+}
+
+?>
+
+<html>
+<head>
+<title>adLDAP example</title>
+</head>
+
+<body>
+
+This area is restricted.<br>
+Please login to continue.<br>
+
+<form method='post' action='<?php echo $_SERVER["PHP_SELF"]; ?>'>
+<input type='hidden' name='oldform' value='1'>
+
+Username: <input type='text' name='username' value='<?php echo ($username); ?>'><br>
+Password: <input type='password' name='password'><br>
+<br>
+
+<input type='submit' name='submit' value='Submit'><br>
+<?php if ($failed){ echo ("<br>Login Failed!<br><br>\n"); } ?>
+</form>
+
+<?php if ($logout=="yes") { echo ("<br>You have successfully logged out."); } ?>
+
+
+</body>
+
+</html>
+
140 includes/adLDAP/examples/examples.php
View
@@ -0,0 +1,140 @@
+<?
+/*
+Examples file
+
+To test any of the functions, just change the 0 to a 1.
+*/
+
+//error_reporting(E_ALL ^ E_NOTICE);
+
+include (dirname(__FILE__) . "/../src/adLDAP.php");
+try {
+ $adldap = new adLDAP($options);
+}
+catch (adLDAPException $e) {
+ echo $e;
+ exit();
+}
+//var_dump($ldap);
+
+echo ("<pre>\n");
+
+// authenticate a username/password
+if (0) {
+ $result = $adldap->authenticate("username", "password");
+ var_dump($result);
+}
+
+// add a group to a group
+if (0) {
+ $result = $adldap->group()->addGroup("Parent Group Name", "Child Group Name");
+ var_dump($result);
+}
+
+// add a user to a group
+if (0) {
+ $result = $adldap->group()->addUser("Group Name", "username");
+ var_dump($result);
+}
+
+// create a group
+if (0) {
+ $attributes=array(
+ "group_name"=>"Test Group",
+ "description"=>"Just Testing",
+ "container"=>array("Groups","A Container"),
+ );
+ $result = $adldap->group()->create($attributes);
+ var_dump($result);
+}
+
+// retrieve information about a group
+if (0) {
+ // Raw data array returned
+ $result = $adldap->group()->info("Group Name");
+ var_dump($result);
+}
+
+// create a user account
+if (0) {
+ $attributes=array(
+ "username"=>"freds",
+ "logon_name"=>"freds@mydomain.local",
+ "firstname"=>"Fred",
+ "surname"=>"Smith",
+ "company"=>"My Company",
+ "department"=>"My Department",
+ "email"=>"freds@mydomain.local",
+ "container"=>array("Container Parent","Container Child"),
+ "enabled"=>1,
+ "password"=>"Password123",
+ );
+
+ try {
+ $result = $adldap->user()->create($attributes);
+ var_dump($result);
+ }
+ catch (adLDAPException $e) {
+ echo $e;
+ exit();
+ }
+}
+
+// retrieve the group membership for a user
+if (0) {
+ $result = $adldap->user()->groups("username");
+ print_r($result);
+}
+
+// retrieve information about a user
+if (0) {
+ // Raw data array returned
+ $result = $adldap->user()->info("username");
+ print_r($result);
+}
+
+// check if a user is a member of a group
+if (0) {
+ $result = $adldap->user()->inGroup("username","Group Name");
+ var_dump($result);
+}
+
+// modify a user account (this example will set "user must change password at next logon")
+if (0) {
+ $attributes=array(
+ "change_password"=>1,
+ );
+ $result = $adldap->user()->modify("username",$attributes);
+ var_dump($result);
+}
+
+// change the password of a user. It must meet your domain's password policy
+if (0) {
+ try {
+ $result = $adldap->user()->password("username","Password123");
+ var_dump($result);
+ }
+ catch (adLDAPException $e) {
+ echo $e;
+ exit();
+ }
+}
+
+// see a user's last logon time
+if (0) {
+ try {
+ $result = $adldap->user()->getLastLogon("username");
+ var_dump(date('Y-m-d H:i:s', $result));
+ }
+ catch (adLDAPException $e) {
+ echo $e;
+ exit();
+ }
+}
+
+// list the contents of the Users OU
+if (0) {
+ $result=$adldap->folder()->listing(array('Users'), adLDAP::ADLDAP_FOLDER, false);
+ var_dump ($result);
+}
+?>
23 includes/adLDAP/examples/groupCollection.php
View
@@ -0,0 +1,23 @@
+<?
+/*
+Test for the new user collections object
+*/
+
+//error_reporting(E_ALL ^ E_NOTICE);
+
+include (dirname(__FILE__) . "/../src/adLDAP.php");
+try {
+ $adldap = new adLDAP($options);
+}
+catch (adLDAPException $e) {
+ echo $e;
+ exit();
+}
+
+echo ("<pre>\n");
+
+$collection = $adldap->group()->infoCollection('groupname');
+
+print_r($collection->member);
+print_r($collection->description);
+?>
21 includes/adLDAP/examples/menu.php
View
@@ -0,0 +1,21 @@
+<?php
+session_start();
+?>
+<html>
+<head>
+<title>adLDAP authentication</title>
+</head>
+
+<body>
+
+<p>If you called authenticate.php and you are redirected to this page, you successfully authenticated against Active Directory with your credentials.</p>
+
+User Details for <?php $_SESSION['username']; ?><br />
+<pre>
+<?php
+print_r($_SESSION['userinfo']);
+?>
+</pre>
+
+</body>
+</html>
23 includes/adLDAP/examples/userCollection.php
View
@@ -0,0 +1,23 @@
+<?
+/*
+Test for the new user collections object
+*/
+
+//error_reporting(E_ALL ^ E_NOTICE);
+
+include (dirname(__FILE__) . "/../src/adLDAP.php");
+try {
+ $adldap = new adLDAP($options);
+}
+catch (adLDAPException $e) {
+ echo $e;
+ exit();
+}
+
+echo ("<pre>\n");
+
+$collection = $adldap->user()->infoCollection('username');
+
+print_r($collection->memberOf);
+print_r($collection->displayName);
+?>
951 includes/adLDAP/src/adLDAP.php
View
@@ -0,0 +1,951 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 169 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+
+/**
+* Main adLDAP class
+*
+* Can be initialised using $adldap = new adLDAP();
+*
+* Something to keep in mind is that Active Directory is a permissions
+* based directory. If you bind as a domain user, you can't fetch as
+* much information on other users as you could as a domain admin.
+*
+* Before asking questions, please read the Documentation at
+* http://adldap.sourceforge.net/wiki/doku.php?id=api
+*/
+require_once(dirname(__FILE__) . '/collections/adLDAPCollection.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPGroups.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUsers.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPFolders.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUtils.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPContacts.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPExchange.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPComputers.php');
+
+class adLDAP {
+
+ /**
+ * Define the different types of account in AD
+ */
+ const ADLDAP_NORMAL_ACCOUNT = 805306368;
+ const ADLDAP_WORKSTATION_TRUST = 805306369;
+ const ADLDAP_INTERDOMAIN_TRUST = 805306370;
+ const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
+ const ADLDAP_DISTRIBUTION_GROUP = 268435457;
+ const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
+ const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
+ const ADLDAP_FOLDER = 'OU';
+ const ADLDAP_CONTAINER = 'CN';
+
+ /**
+ * The default port for LDAP non-SSL connections
+ */
+ const ADLDAP_LDAP_PORT = '389';
+ /**
+ * The default port for LDAPS SSL connections
+ */
+ const ADLDAP_LDAPS_PORT = '636';
+
+ /**
+ * The account suffix for your domain, can be set when the class is invoked
+ *
+ * @var string
+ */
+ protected $accountSuffix = "@mydomain.local";
+
+ /**
+ * The base dn for your domain
+ *
+ * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
+ *
+ * @var string
+ */
+ protected $baseDn = "DC=mydomain,DC=local";
+
+ /**
+ * Port used to talk to the domain controllers.
+ *
+ * @var int
+ */
+ protected $adPort = self::ADLDAP_LDAP_PORT;
+
+ /**
+ * Array of domain controllers. Specifiy multiple controllers if you
+ * would like the class to balance the LDAP queries amongst multiple servers
+ *
+ * @var array
+ */
+ protected $domainControllers = array("dc01.mydomain.local");
+
+ /**
+ * Optional account with higher privileges for searching
+ * This should be set to a domain admin account
+ *
+ * @var string
+ * @var string
+ */
+ protected $adminUsername = NULL;
+ protected $adminPassword = NULL;
+
+ /**
+ * AD does not return the primary group. http://support.microsoft.com/?kbid=321360
+ * This tweak will resolve the real primary group.
+ * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
+ * someone's primary group is NOT domain users, this is obviously going to mess up the results
+ *
+ * @var bool
+ */
+ protected $realPrimaryGroup = true;
+
+ /**
+ * Use SSL (LDAPS), your server needs to be setup, please see
+ * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
+ *
+ * @var bool
+ */
+ protected $useSSL = false;
+
+ /**
+ * Use TLS
+ * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
+ *
+ * @var bool
+ */
+ protected $useTLS = false;
+
+ /**
+ * Use SSO
+ * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos
+ *
+ * @var bool
+ */
+ protected $useSSO = false;
+
+ /**
+ * When querying group memberships, do it recursively
+ * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
+ * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
+ *
+ * @var bool
+ */
+ protected $recursiveGroups = true;
+
+ // You should not need to edit anything below this line
+ //******************************************************************************************
+
+ /**
+ * Connection and bind default variables
+ *
+ * @var mixed
+ * @var mixed
+ */
+ protected $ldapConnection;
+ protected $ldapBind;
+
+ /**
+ * Get the active LDAP Connection
+ *
+ * @return resource
+ */
+ public function getLdapConnection() {
+ if ($this->ldapConnection) {
+ return $this->ldapConnection;
+ }
+ return false;
+ }
+
+ /**
+ * Get the bind status
+ *
+ * @return bool
+ */
+ public function getLdapBind() {
+ return $this->ldapBind;
+ }
+
+ /**
+ * Get the current base DN
+ *
+ * @return string
+ */
+ public function getBaseDn() {
+ return $this->baseDn;
+ }
+
+ /**
+ * The group class
+ *
+ * @var adLDAPGroups
+ */
+ protected $groupClass;
+
+ /**
+ * Get the group class interface
+ *
+ * @return adLDAPGroups
+ */
+ public function group() {
+ if (!$this->groupClass) {
+ $this->groupClass = new adLDAPGroups($this);
+ }
+ return $this->groupClass;
+ }
+
+ /**
+ * The user class
+ *
+ * @var adLDAPUsers
+ */
+ protected $userClass;
+
+ /**
+ * Get the userclass interface
+ *
+ * @return adLDAPUsers
+ */
+ public function user() {
+ if (!$this->userClass) {
+ $this->userClass = new adLDAPUsers($this);
+ }
+ return $this->userClass;
+ }
+
+ /**
+ * The folders class
+ *
+ * @var adLDAPFolders
+ */
+ protected $folderClass;
+
+ /**
+ * Get the folder class interface
+ *
+ * @return adLDAPFolders
+ */
+ public function folder() {
+ if (!$this->folderClass) {
+ $this->folderClass = new adLDAPFolders($this);
+ }
+ return $this->folderClass;
+ }
+
+ /**
+ * The utils class
+ *
+ * @var adLDAPUtils
+ */
+ protected $utilClass;
+
+ /**
+ * Get the utils class interface
+ *
+ * @return adLDAPUtils
+ */
+ public function utilities() {
+ if (!$this->utilClass) {
+ $this->utilClass = new adLDAPUtils($this);
+ }
+ return $this->utilClass;
+ }
+
+ /**
+ * The contacts class
+ *
+ * @var adLDAPContacts
+ */
+ protected $contactClass;
+
+ /**
+ * Get the contacts class interface
+ *
+ * @return adLDAPContacts
+ */
+ public function contact() {
+ if (!$this->contactClass) {
+ $this->contactClass = new adLDAPContacts($this);
+ }
+ return $this->contactClass;
+ }
+
+ /**
+ * The exchange class
+ *
+ * @var adLDAPExchange
+ */
+ protected $exchangeClass;
+
+ /**
+ * Get the exchange class interface
+ *
+ * @return adLDAPExchange
+ */
+ public function exchange() {
+ if (!$this->exchangeClass) {
+ $this->exchangeClass = new adLDAPExchange($this);
+ }
+ return $this->exchangeClass;
+ }
+
+ /**
+ * The computers class
+ *
+ * @var adLDAPComputers
+ */
+ protected $computersClass;
+
+ /**
+ * Get the computers class interface
+ *
+ * @return adLDAPComputers
+ */
+ public function computer() {
+ if (!$this->computerClass) {
+ $this->computerClass = new adLDAPComputers($this);
+ }
+ return $this->computerClass;
+ }
+
+ /**
+ * Getters and Setters
+ */
+
+ /**
+ * Set the account suffix
+ *
+ * @param string $accountSuffix
+ * @return void
+ */
+ public function setAccountSuffix($accountSuffix)
+ {
+ $this->accountSuffix = $accountSuffix;
+ }
+
+ /**
+ * Get the account suffix
+ *
+ * @return string
+ */
+ public function getAccountSuffix()
+ {
+ return $this->accountSuffix;
+ }
+
+ /**
+ * Set the domain controllers array
+ *
+ * @param array $domainControllers
+ * @return void
+ */
+ public function setDomainControllers(array $domainControllers)
+ {
+ $this->domainControllers = $domainControllers;
+ }
+
+ /**
+ * Get the list of domain controllers
+ *
+ * @return void
+ */
+ public function getDomainControllers()
+ {
+ return $this->domainControllers;
+ }
+
+ /**
+ * Sets the port number your domain controller communicates over
+ *
+ * @param int $adPort
+ */
+ public function setPort($adPort)
+ {
+ $this->adPort = $adPort;
+ }
+
+ /**
+ * Gets the port number your domain controller communicates over
+ *
+ * @return int
+ */
+ public function getPort()
+ {
+ return $this->adPort;
+ }
+
+ /**
+ * Set the username of an account with higher priviledges
+ *
+ * @param string $adminUsername
+ * @return void
+ */
+ public function setAdminUsername($adminUsername)
+ {
+ $this->adminUsername = $adminUsername;
+ }
+
+ /**
+ * Get the username of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminUsername()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set the password of an account with higher priviledges
+ *
+ * @param string $adminPassword
+ * @return void
+ */
+ public function setAdminPassword($adminPassword)
+ {
+ $this->adminPassword = $adminPassword;
+ }
+
+ /**
+ * Get the password of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminPassword()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set whether to detect the true primary group
+ *
+ * @param bool $realPrimaryGroup
+ * @return void
+ */
+ public function setRealPrimaryGroup($realPrimaryGroup)
+ {
+ $this->realPrimaryGroup = $realPrimaryGroup;
+ }
+
+ /**
+ * Get the real primary group setting
+ *
+ * @return bool
+ */
+ public function getRealPrimaryGroup()
+ {
+ return $this->realPrimaryGroup;
+ }
+
+ /**
+ * Set whether to use SSL
+ *
+ * @param bool $useSSL
+ * @return void
+ */
+ public function setUseSSL($useSSL)
+ {
+ $this->useSSL = $useSSL;
+ // Set the default port correctly
+ if($this->useSSL) {
+ $this->setPort(self::ADLDAP_LDAPS_PORT);
+ }
+ else {
+ $this->setPort(self::ADLDAP_LDAP_PORT);
+ }
+ }
+
+ /**
+ * Get the SSL setting
+ *
+ * @return bool
+ */
+ public function getUseSSL()
+ {
+ return $this->useSSL;
+ }
+
+ /**
+ * Set whether to use TLS
+ *
+ * @param bool $useTLS
+ * @return void
+ */
+ public function setUseTLS($useTLS)
+ {
+ $this->useTLS = $useTLS;
+ }
+
+ /**
+ * Get the TLS setting
+ *
+ * @return bool
+ */
+ public function getUseTLS()
+ {
+ return $this->useTLS;
+ }
+
+ /**
+ * Set whether to use SSO
+ * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
+ *
+ * @param bool $useSSO
+ * @return void
+ */
+ public function setUseSSO($useSSO)
+ {
+ if ($useSSO === true && !$this->ldapSaslSupported()) {
+ throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
+ }
+ $this->useSSO = $useSSO;
+ }
+
+ /**
+ * Get the SSO setting
+ *
+ * @return bool
+ */
+ public function getUseSSO()
+ {
+ return $this->useSSO;
+ }
+
+ /**
+ * Set whether to lookup recursive groups
+ *
+ * @param bool $recursiveGroups
+ * @return void
+ */
+ public function setRecursiveGroups($recursiveGroups)
+ {
+ $this->recursiveGroups = $recursiveGroups;
+ }
+
+ /**
+ * Get the recursive groups setting
+ *
+ * @return bool
+ */
+ public function getRecursiveGroups()
+ {
+ return $this->recursiveGroups;
+ }
+
+ /**
+ * Default Constructor
+ *
+ * Tries to bind to the AD domain over LDAP or LDAPs
+ *
+ * @param array $options Array of options to pass to the constructor
+ * @throws Exception - if unable to bind to Domain Controller
+ * @return bool
+ */
+ function __construct($options = array()) {
+ // You can specifically overide any of the default configuration options setup above
+ if (count($options) > 0) {
+ if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
+ if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
+ if (array_key_exists("domain_controllers",$options)){
+ if (!is_array($options["domain_controllers"])) {
+ throw new adLDAPException('[domain_controllers] option must be an array');
+ }
+ $this->domainControllers = $options["domain_controllers"];
+ }
+ if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
+ if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
+ if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
+ if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
+ if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
+ if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
+ if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); }
+ if (array_key_exists("sso",$options)) {
+ $this->setUseSSO($options["sso"]);
+ if (!$this->ldapSaslSupported()) {
+ $this->setUseSSO(false);
+ }
+ }
+ }
+
+ if ($this->ldapSupported() === false) {
+ throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
+ }
+
+ return $this->connect();
+ }
+
+ /**
+ * Default Destructor
+ *
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ function __destruct() {
+ $this->close();
+ }
+
+ /**
+ * Connects and Binds to the Domain Controller
+ *
+ * @return bool
+ */
+ public function connect()
+ {
+ // Connect to the AD/LDAP server as the username/password
+ $domainController = $this->randomController();
+ if ($this->useSSL) {
+ $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
+ } else {
+ $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+ }
+
+ // Set some ldap options for talking to AD
+ ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->useTLS) {
+ ldap_start_tls($this->ldapConnection);
+ }
+
+ // Bind as a domain admin if they've set it up
+ if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
+ if (!$this->ldapBind) {
+ if ($this->useSSL && !$this->useTLS) {
+ // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+ throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
+ }
+ else {
+ throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
+ }
+ }
+ }
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind){
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+
+ if ($this->baseDn == NULL) {
+ $this->baseDn = $this->findBaseDn();
+ }
+
+ return true;
+ }
+
+ /**
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ public function close() {
+ if ($this->ldapConnection) {
+ @ldap_close($this->ldapConnection);
+ }
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $preventRebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ // Prevent null binding
+ if ($username === NULL || $password === NULL) { return false; }
+ if (empty($username) || empty($password)) { return false; }
+
+ // Allow binding over SSO for Kerberos
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+ // Bind as the user
+ $ret = true;
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
+ if (!$this->ldapBind){
+ $ret = false;
+ }
+
+ // Cnce we've checked their details, kick back into admin mode if we have it
+ if ($this->adminUsername !== NULL && !$preventRebind) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
+ if (!$this->ldapBind){
+ // This should never happen in theory
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ }
+
+ return $ret;
+ }
+
+ /**
+ * Find the Base DN of your domain controller
+ *
+ * @return string
+ */
+ public function findBaseDn()
+ {
+ $namingContext = $this->getRootDse(array('defaultnamingcontext'));
+ return $namingContext[0]['defaultnamingcontext'][0];
+ }
+
+ /**
+ * Get the RootDSE properties from a domain controller
+ *
+ * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+ * @return array
+ */
+ public function getRootDse($attributes = array("*", "+")) {
+ if (!$this->ldapBind){ return (false); }
+
+ $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+ $entries = @ldap_get_entries($this->ldapConnection, $sr);
+ return $entries;
+ }
+
+ /**
+ * Get last error from Active Directory
+ *
+ * This function gets the last message from Active Directory
+ * This may indeed be a 'Success' message but if you get an unknown error
+ * it might be worth calling this function to see what errors were raised
+ *
+ * return string
+ */
+ public function getLastError() {
+ return @ldap_error($this->ldapConnection);
+ }
+
+ /**
+ * Detect LDAP support in php
+ *
+ * @return bool
+ */
+ protected function ldapSupported()
+ {
+ if (!function_exists('ldap_connect')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Detect ldap_sasl_bind support in PHP
+ *
+ * @return bool
+ */
+ protected function ldapSaslSupported()
+ {
+ if (!function_exists('ldap_sasl_bind')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Schema
+ *
+ * @param array $attributes Attributes to be queried
+ * @return array
+ */
+ public function adldap_schema($attributes){
+
+ // LDAP doesn't like NULL attributes, only set them if they have values
+ // If you wish to remove an attribute you should set it to a space
+ // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+ $mod=array();
+
+ // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+ array_walk($attributes, array($this, 'encode8bit'));
+
+ if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
+ if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
+ //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+ if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
+ if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+ if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
+ if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+ if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
+ if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
+ if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
+ if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
+ if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
+ if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
+ if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+ if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
+ if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+ if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+ if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
+ if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+ if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
+ if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+ if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
+ if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+ if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+ if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
+ if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
+ if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+ if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
+ if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
+ if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+ if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+ if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+ if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+ if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
+
+ // Distribution List specific schema
+ if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+ if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+
+ // Exchange Schema
+ if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+ if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+ if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+ if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+ if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+ if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }
+ if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }
+ if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; }
+ if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }
+
+ // This schema is designed for contacts
+ if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+ if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+
+ //echo ("<pre>"); print_r($mod);
+ /*
+ // modifying a name is a bit fiddly
+ if ($attributes["firstname"] && $attributes["surname"]){
+ $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ }
+ */
+
+ if (count($mod)==0){ return (false); }
+ return ($mod);
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ protected function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i<strlen($item); $i++) {
+ if (ord($item[$i]) >> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Select a random domain controller from your domain controller array
+ *
+ * @return string
+ */
+ protected function randomController()
+ {
+ mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+ /*if (sizeof($this->domainControllers) > 1) {
+ $adController = $this->domainControllers[array_rand($this->domainControllers)];
+ // Test if the controller is responding to pings
+ $ping = $this->pingController($adController);
+ if ($ping === false) {
+ // Find the current key in the domain controllers array
+ $key = array_search($adController, $this->domainControllers);
+ // Remove it so that we don't end up in a recursive loop
+ unset($this->domainControllers[$key]);
+ // Select a new controller
+ return $this->randomController();
+ }
+ else {
+ return ($adController);
+ }
+ } */
+ return $this->domainControllers[array_rand($this->domainControllers)];
+ }
+
+ /**
+ * Test basic connectivity to controller
+ *
+ * @return bool
+ */
+ protected function pingController($host) {
+ $port = $this->adPort;
+ fsockopen($host, $port, $errno, $errstr, 10);
+ if ($errno > 0) {
+ return false;
+ }
+ return true;
+ }
+
+}
+
+/**
+* adLDAP Exception Handler
+*
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {