Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

file 145 lines (121 sloc) 5.11 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
<?php

/**
* AD Integration functions for Simple Import Users.
*
* It's extremely frustrating to have to do this. If all of the methods and properties in the AD
* integration plugin were not marked 'protected', I wouldn't have to reproduce all of this stuff
* here.
*
* The strategy is this. I extend the base class to include a public creation method, which uses
* AD connection information that must be entered by the admin.
*
* There are two different cases. One is if you're using the BLSCI AD plugin fixer. The other
* extends the regular base class.
*/
 
if ( !method_exists( $AD_Integration_plugin, 'create_user' ) ) :

if ( class_exists( 'BLSCI_AD_Fix' ) ) {
class SIU_AD_Integration extends BLSCI_AD_Fix {
public function create_user( $username, $userinfo = false, $display_name = false, $role = '', $password = '', $bulkimport = false ) {
$ad_settings = get_site_option( 'siu_ad_integration_settings' );

if ( empty( $ad_settings['username'] ) || empty( $ad_settings['password'] ) )
return false;

// Connect to Active Directory
try {
$this->_adldap = @new SIU_adLDAP( array(
"base_dn" => $this->_base_dn,
"domain_controllers" => explode(';', $this->_domain_controllers),
"ad_port" => $this->_port, // AD port
"use_tls" => $this->_use_tls, // secure?
"network_timeout" => $this->_network_timeout, // network timeout
"ad_username" => $ad_settings['username'],
"ad_password" => $ad_settings['password']
) );
} catch (Exception $e) {
$this->_log(ADI_LOG_ERROR,'adLDAP exception: ' . $e->getMessage());
return false;
}

// This is where the action is.
$account_suffixes = explode(";",$this->_account_suffix);
foreach($account_suffixes AS $account_suffix) {
$account_suffix = trim($account_suffix);
$this->_log(ADI_LOG_NOTICE,'trying account suffix "'.$account_suffix.'"');
$this->_adldap->set_account_suffix($account_suffix);

// Find user by email address
$un = $this->_adldap->find_user_by_email( $username );

if ( empty( $un ) )
return false;

// Get all userdata
$userinfo = $this->_adldap->user_info( $un[0], $this->_all_user_attributes );
//print_r( $un ); die();

}

return $this->_create_user( $un[0], $userinfo[0], false, false, false, true );
}
}
} else {
class SIU_AD_Integration extends ADIntegrationPlugin {
public function create_user( $username, $userinfo = false, $display_name = false, $role = '', $password = '', $bulkimport = false ) {
$ad_settings = get_site_option( 'siu_ad_integration_settings' );

if ( empty( $ad_settings['username'] ) || empty( $ad_settings['password'] ) )
return false;

// Connect to Active Directory
try {
$this->_adldap = @new SIU_adLDAP( array(
"base_dn" => $this->_base_dn,
"domain_controllers" => explode(';', $this->_domain_controllers),
"ad_port" => $this->_port, // AD port
"use_tls" => $this->_use_tls, // secure?
"network_timeout" => $this->_network_timeout, // network timeout
"ad_username" => $ad_settings['username'],
"ad_password" => $ad_settings['password']
) );
} catch (Exception $e) {
$this->_log(ADI_LOG_ERROR,'adLDAP exception: ' . $e->getMessage());
return false;
}

// This is where the action is.
$account_suffixes = explode(";",$this->_account_suffix);
foreach($account_suffixes AS $account_suffix) {
$account_suffix = trim($account_suffix);
$this->_log(ADI_LOG_NOTICE,'trying account suffix "'.$account_suffix.'"');
$this->_adldap->set_account_suffix($account_suffix);

// Find user by email address
$un = $this->_adldap->find_user_by_email( $username );

if ( empty( $un ) )
return false;

// Get all userdata
$userinfo = $this->_adldap->user_info( $un[0], $this->_all_user_attributes );

}

return $this->_create_user( $username, $userinfo[0], false, false, false, true );
}
}
}

$AD_Integration_plugin = new SIU_AD_Integration;
endif;

class SIU_adLDAP extends adLDAP {
public function find_user_by_email( $email ) {
// Perform the search and grab all their details
$filter = "(&(objectClass=user)(samaccounttype=". ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(mail=".$email."))";
$fields = array(
"samaccountname",
"displayname",
'mail',
'sn',
'cn'
);

$sr = ldap_search( $this->_conn, $this->_base_dn, $filter, $fields );
$entries = ldap_get_entries( $this->_conn, $sr );

$users_array = array();
for ($i=0; $i<$entries["count"]; $i++){
if ($include_desc && strlen($entries[$i]["displayname"][0])>0){
$users_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["displayname"][0];
} elseif ($include_desc){
$users_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["samaccountname"][0];
} else {
array_push($users_array, $entries[$i]["samaccountname"][0]);
}
}
if ($sorted){ asort($users_array); }
return ($users_array);
}
}

?>
Something went wrong with that request. Please try again.