1*76ce1169SAndreas Gohr<?php 2*76ce1169SAndreas Gohr/** 3*76ce1169SAndreas Gohr * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 4*76ce1169SAndreas Gohr * Version 4.0.4 5*76ce1169SAndreas Gohr * 6*76ce1169SAndreas Gohr * PHP Version 5 with SSL and LDAP support 7*76ce1169SAndreas Gohr * 8*76ce1169SAndreas Gohr * Written by Scott Barnett, Richard Hyland 9*76ce1169SAndreas Gohr * email: scott@wiggumworld.com, adldap@richardhyland.com 10*76ce1169SAndreas Gohr * http://adldap.sourceforge.net/ 11*76ce1169SAndreas Gohr * 12*76ce1169SAndreas Gohr * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland 13*76ce1169SAndreas Gohr * 14*76ce1169SAndreas Gohr * We'd appreciate any improvements or additions to be submitted back 15*76ce1169SAndreas Gohr * to benefit the entire community :) 16*76ce1169SAndreas Gohr * 17*76ce1169SAndreas Gohr * This library is free software; you can redistribute it and/or 18*76ce1169SAndreas Gohr * modify it under the terms of the GNU Lesser General Public 19*76ce1169SAndreas Gohr * License as published by the Free Software Foundation; either 20*76ce1169SAndreas Gohr * version 2.1 of the License. 21*76ce1169SAndreas Gohr * 22*76ce1169SAndreas Gohr * This library is distributed in the hope that it will be useful, 23*76ce1169SAndreas Gohr * but WITHOUT ANY WARRANTY; without even the implied warranty of 24*76ce1169SAndreas Gohr * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 25*76ce1169SAndreas Gohr * Lesser General Public License for more details. 26*76ce1169SAndreas Gohr * 27*76ce1169SAndreas Gohr * @category ToolsAndUtilities 28*76ce1169SAndreas Gohr * @package adLDAP 29*76ce1169SAndreas Gohr * @subpackage Folders 30*76ce1169SAndreas Gohr * @author Scott Barnett, Richard Hyland 31*76ce1169SAndreas Gohr * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland 32*76ce1169SAndreas Gohr * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1 33*76ce1169SAndreas Gohr * @revision $Revision: 97 $ 34*76ce1169SAndreas Gohr * @version 4.0.4 35*76ce1169SAndreas Gohr * @link http://adldap.sourceforge.net/ 36*76ce1169SAndreas Gohr */ 37*76ce1169SAndreas Gohrrequire_once(dirname(__FILE__) . '/../adLDAP.php'); 38*76ce1169SAndreas Gohr 39*76ce1169SAndreas Gohr/** 40*76ce1169SAndreas Gohr* FOLDER / OU MANAGEMENT FUNCTIONS 41*76ce1169SAndreas Gohr*/ 42*76ce1169SAndreas Gohrclass adLDAPFolders { 43*76ce1169SAndreas Gohr /** 44*76ce1169SAndreas Gohr * The current adLDAP connection via dependency injection 45*76ce1169SAndreas Gohr * 46*76ce1169SAndreas Gohr * @var adLDAP 47*76ce1169SAndreas Gohr */ 48*76ce1169SAndreas Gohr protected $adldap; 49*76ce1169SAndreas Gohr 50*76ce1169SAndreas Gohr public function __construct(adLDAP $adldap) { 51*76ce1169SAndreas Gohr $this->adldap = $adldap; 52*76ce1169SAndreas Gohr } 53*76ce1169SAndreas Gohr 54*76ce1169SAndreas Gohr /** 55*76ce1169SAndreas Gohr * Delete a distinguished name from Active Directory 56*76ce1169SAndreas Gohr * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete 57*76ce1169SAndreas Gohr * 58*76ce1169SAndreas Gohr * @param string $dn The distinguished name to delete 59*76ce1169SAndreas Gohr * @return bool 60*76ce1169SAndreas Gohr */ 61*76ce1169SAndreas Gohr public function delete($dn){ 62*76ce1169SAndreas Gohr $result = ldap_delete($this->adldap->getLdapConnection(), $dn); 63*76ce1169SAndreas Gohr if ($result != true) { 64*76ce1169SAndreas Gohr return false; 65*76ce1169SAndreas Gohr } 66*76ce1169SAndreas Gohr return true; 67*76ce1169SAndreas Gohr } 68*76ce1169SAndreas Gohr 69*76ce1169SAndreas Gohr /** 70*76ce1169SAndreas Gohr * Returns a folder listing for a specific OU 71*76ce1169SAndreas Gohr * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions 72*76ce1169SAndreas Gohr * 73*76ce1169SAndreas Gohr * @param array $folderName An array to the OU you wish to list. 74*76ce1169SAndreas Gohr * If set to NULL will list the root, strongly recommended to set 75*76ce1169SAndreas Gohr * $recursive to false in that instance! 76*76ce1169SAndreas Gohr * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER. 77*76ce1169SAndreas Gohr * @param bool $recursive Recursively search sub folders 78*76ce1169SAndreas Gohr * @param bool $type Specify a type of object to search for 79*76ce1169SAndreas Gohr * @return array 80*76ce1169SAndreas Gohr */ 81*76ce1169SAndreas Gohr public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) 82*76ce1169SAndreas Gohr { 83*76ce1169SAndreas Gohr if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it 84*76ce1169SAndreas Gohr if (!$this->adldap->getLdapBind()) { return false; } 85*76ce1169SAndreas Gohr 86*76ce1169SAndreas Gohr $filter = '(&'; 87*76ce1169SAndreas Gohr if ($type !== NULL) { 88*76ce1169SAndreas Gohr switch ($type) { 89*76ce1169SAndreas Gohr case 'contact': 90*76ce1169SAndreas Gohr $filter .= '(objectClass=contact)'; 91*76ce1169SAndreas Gohr break; 92*76ce1169SAndreas Gohr case 'computer': 93*76ce1169SAndreas Gohr $filter .= '(objectClass=computer)'; 94*76ce1169SAndreas Gohr break; 95*76ce1169SAndreas Gohr case 'group': 96*76ce1169SAndreas Gohr $filter .= '(objectClass=group)'; 97*76ce1169SAndreas Gohr break; 98*76ce1169SAndreas Gohr case 'folder': 99*76ce1169SAndreas Gohr $filter .= '(objectClass=organizationalUnit)'; 100*76ce1169SAndreas Gohr break; 101*76ce1169SAndreas Gohr case 'container': 102*76ce1169SAndreas Gohr $filter .= '(objectClass=container)'; 103*76ce1169SAndreas Gohr break; 104*76ce1169SAndreas Gohr case 'domain': 105*76ce1169SAndreas Gohr $filter .= '(objectClass=builtinDomain)'; 106*76ce1169SAndreas Gohr break; 107*76ce1169SAndreas Gohr default: 108*76ce1169SAndreas Gohr $filter .= '(objectClass=user)'; 109*76ce1169SAndreas Gohr break; 110*76ce1169SAndreas Gohr } 111*76ce1169SAndreas Gohr } 112*76ce1169SAndreas Gohr else { 113*76ce1169SAndreas Gohr $filter .= '(objectClass=*)'; 114*76ce1169SAndreas Gohr } 115*76ce1169SAndreas Gohr // If the folder name is null then we will search the root level of AD 116*76ce1169SAndreas Gohr // This requires us to not have an OU= part, just the base_dn 117*76ce1169SAndreas Gohr $searchOu = $this->adldap->getBaseDn(); 118*76ce1169SAndreas Gohr if (is_array($folderName)) { 119*76ce1169SAndreas Gohr $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName); 120*76ce1169SAndreas Gohr $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))'; 121*76ce1169SAndreas Gohr $searchOu = $ou . ',' . $this->adldap->getBaseDn(); 122*76ce1169SAndreas Gohr } 123*76ce1169SAndreas Gohr else { 124*76ce1169SAndreas Gohr $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))'; 125*76ce1169SAndreas Gohr } 126*76ce1169SAndreas Gohr 127*76ce1169SAndreas Gohr if ($recursive === true) { 128*76ce1169SAndreas Gohr $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); 129*76ce1169SAndreas Gohr $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); 130*76ce1169SAndreas Gohr if (is_array($entries)) { 131*76ce1169SAndreas Gohr return $entries; 132*76ce1169SAndreas Gohr } 133*76ce1169SAndreas Gohr } 134*76ce1169SAndreas Gohr else { 135*76ce1169SAndreas Gohr $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname')); 136*76ce1169SAndreas Gohr $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr); 137*76ce1169SAndreas Gohr if (is_array($entries)) { 138*76ce1169SAndreas Gohr return $entries; 139*76ce1169SAndreas Gohr } 140*76ce1169SAndreas Gohr } 141*76ce1169SAndreas Gohr 142*76ce1169SAndreas Gohr return false; 143*76ce1169SAndreas Gohr } 144*76ce1169SAndreas Gohr 145*76ce1169SAndreas Gohr /** 146*76ce1169SAndreas Gohr * Create an organizational unit 147*76ce1169SAndreas Gohr * 148*76ce1169SAndreas Gohr * @param array $attributes Default attributes of the ou 149*76ce1169SAndreas Gohr * @return bool 150*76ce1169SAndreas Gohr */ 151*76ce1169SAndreas Gohr public function create($attributes) 152*76ce1169SAndreas Gohr { 153*76ce1169SAndreas Gohr if (!is_array($attributes)){ return "Attributes must be an array"; } 154*76ce1169SAndreas Gohr if (!is_array($attributes["container"])) { return "Container attribute must be an array."; } 155*76ce1169SAndreas Gohr if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; } 156*76ce1169SAndreas Gohr if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; } 157*76ce1169SAndreas Gohr 158*76ce1169SAndreas Gohr $attributes["container"] = array_reverse($attributes["container"]); 159*76ce1169SAndreas Gohr 160*76ce1169SAndreas Gohr $add=array(); 161*76ce1169SAndreas Gohr $add["objectClass"] = "organizationalUnit"; 162*76ce1169SAndreas Gohr $add["OU"] = $attributes['ou_name']; 163*76ce1169SAndreas Gohr $containers = ""; 164*76ce1169SAndreas Gohr if (count($attributes['container']) > 0) { 165*76ce1169SAndreas Gohr $containers = "OU=" . implode(",OU=", $attributes["container"]) . ","; 166*76ce1169SAndreas Gohr } 167*76ce1169SAndreas Gohr 168*76ce1169SAndreas Gohr $containers = "OU=" . implode(",OU=", $attributes["container"]); 169*76ce1169SAndreas Gohr $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add); 170*76ce1169SAndreas Gohr if ($result != true) { 171*76ce1169SAndreas Gohr return false; 172*76ce1169SAndreas Gohr } 173*76ce1169SAndreas Gohr 174*76ce1169SAndreas Gohr return true; 175*76ce1169SAndreas Gohr } 176*76ce1169SAndreas Gohr 177*76ce1169SAndreas Gohr} 178*76ce1169SAndreas Gohr 179*76ce1169SAndreas Gohr?>