Lines Matching +full:select +full:- +full:user +full:- +full:groups -(+path:inc +path:lang) -(+path:lib +path:plugins +path:lang) -(+path:lib +path:tpl +path:dokuwiki +path:lang)
12 * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
30 * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
31 * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
43 * based directory. If you bind as a domain user, you can't fetch as
74 * The default port for LDAP non-SSL connections
143 * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
159 * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
184 if ($this->ldapConnection) {
185 return $this->ldapConnection;
196 return $this->ldapBind;
205 return $this->baseDn;
221 if (!$this->groupClass) {
222 $this->groupClass = new adLDAPGroups($this);
224 return $this->groupClass;
228 * The user class
239 public function user() {
240 if (!$this->userClass) {
241 $this->userClass = new adLDAPUsers($this);
243 return $this->userClass;
259 if (!$this->folderClass) {
260 $this->folderClass = new adLDAPFolders($this);
262 return $this->folderClass;
278 if (!$this->utilClass) {
279 $this->utilClass = new adLDAPUtils($this);
281 return $this->utilClass;
297 if (!$this->contactClass) {
298 $this->contactClass = new adLDAPContacts($this);
300 return $this->contactClass;
316 if (!$this->exchangeClass) {
317 $this->exchangeClass = new adLDAPExchange($this);
319 return $this->exchangeClass;
335 if (!$this->computerClass) {
336 $this->computerClass = new adLDAPComputers($this);
338 return $this->computerClass;
353 $this->accountSuffix = $accountSuffix;
363 return $this->accountSuffix;
374 $this->domainControllers = $domainControllers;
384 return $this->domainControllers;
394 $this->adPort = $adPort;
404 return $this->adPort;
415 $this->adminUsername = $adminUsername;
436 $this->adminPassword = $adminPassword;
457 $this->realPrimaryGroup = $realPrimaryGroup;
467 return $this->realPrimaryGroup;
478 $this->useSSL = $useSSL;
480 if($this->useSSL) {
481 $this->setPort(self::ADLDAP_LDAPS_PORT);
484 $this->setPort(self::ADLDAP_LDAP_PORT);
495 return $this->useSSL;
506 $this->useTLS = $useTLS;
516 return $this->useTLS;
521 * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
528 if ($useSSO === true && !$this->ldapSaslSupported()) {
531 $this->useSSO = $useSSO;
541 return $this->useSSO;
545 * Set whether to lookup recursive groups
552 $this->recursiveGroups = $recursiveGroups;
556 * Get the recursive groups setting
562 return $this->recursiveGroups;
571 * @throws Exception - if unable to bind to Domain Controller
577 if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
578 if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
583 $this->domainControllers = $options["domain_controllers"];
585 if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
586 if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
587 if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
588 if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
589 if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
590 if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
591 if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); }
593 $this->setUseSSO($options["sso"]);
594 if (!$this->ldapSaslSupported()) {
595 $this->setUseSSO(false);
600 if ($this->ldapSupported() === false) {
604 return $this->connect();
615 $this->close();
626 $domainController = $this->randomController();
627 if ($this->useSSL) {
628 $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
630 $this->ldapConnection = ldap_connect($domainController, $this->adPort);
634 ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
635 ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
637 if ($this->useTLS) {
638 ldap_start_tls($this->ldapConnection);
642 if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
643 $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
644 if (!$this->ldapBind) {
645 if ($this->useSSL && !$this->useTLS) {
647 throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
650 throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
654 if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
656 $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
657 if (!$this->ldapBind){
658 throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
666 if ($this->baseDn == NULL) {
667 $this->baseDn = $this->findBaseDn();
679 if ($this->ldapConnection) {
680 @ldap_close($this->ldapConnection);
685 * Validate a user's login credentials
687 * @param string $username A user's AD username
688 * @param string $password A user's AD password
698 if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
700 $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
701 if (!$this->ldapBind) {
702 throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
709 // Bind as the user
711 $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
712 if (!$this->ldapBind){
717 if ($this->adminUsername !== NULL && !$preventRebind) {
718 $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
719 if (!$this->ldapBind){
721 throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
735 $namingContext = $this->getRootDse(array('defaultnamingcontext'));
746 if (!$this->ldapBind){ return (false); }
748 $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
749 $entries = @ldap_get_entries($this->ldapConnection, $sr);
763 return @ldap_error($this->ldapConnection);
829 if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
894 * Select a random domain controller from your domain controller array
901 /*if (sizeof($this->domainControllers) > 1) {
902 $adController = $this->domainControllers[array_rand($this->domainControllers)];
904 $ping = $this->pingController($adController);
907 $key = array_search($adController, $this->domainControllers);
909 unset($this->domainControllers[$key]);
910 // Select a new controller
911 return $this->randomController();
917 return $this->domainControllers[array_rand($this->domainControllers)];
926 $port = $this->adPort;