From ccfec5606dae81e6524f6cfcdaca09d4cde7f111 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sat, 7 Dec 2013 23:10:05 +0000 Subject: crlf 2 lf whitespace fixes --- .gitattributes | 6 + _test/tests/inc/common_basicinfo.test.php | 10 +- _test/tests/inc/common_mediainfo.test.php | 10 +- _test/tests/inc/common_pageinfo.test.php | 66 +- _test/tests/test/basic.test.php | 12 +- lib/plugins/authad/adLDAP/adLDAP.php | 1900 ++++++++++---------- .../authad/adLDAP/classes/adLDAPComputers.php | 304 ++-- .../authad/adLDAP/classes/adLDAPContacts.php | 588 +++--- .../authad/adLDAP/classes/adLDAPExchange.php | 778 ++++---- .../authad/adLDAP/classes/adLDAPFolders.php | 356 ++-- lib/plugins/authad/adLDAP/classes/adLDAPGroups.php | 1262 ++++++------- lib/plugins/authad/adLDAP/classes/adLDAPUsers.php | 1364 +++++++------- lib/plugins/authad/adLDAP/classes/adLDAPUtils.php | 526 +++--- .../authad/adLDAP/collections/adLDAPCollection.php | 274 +-- .../collections/adLDAPComputerCollection.php | 92 +- .../adLDAP/collections/adLDAPContactCollection.php | 92 +- .../adLDAP/collections/adLDAPGroupCollection.php | 92 +- .../adLDAP/collections/adLDAPUserCollection.php | 92 +- lib/scripts/jquery/jquery-migrate.js | 1022 +++++------ lib/scripts/jquery/jquery-migrate.min.js | 2 +- 20 files changed, 4427 insertions(+), 4421 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..0fefdf647 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,6 @@ +* text eol=lf + +*.png binary +*.gif binary +*.ico binary +*.xcf binary diff --git a/_test/tests/inc/common_basicinfo.test.php b/_test/tests/inc/common_basicinfo.test.php index 0369474c9..8359c0877 100644 --- a/_test/tests/inc/common_basicinfo.test.php +++ b/_test/tests/inc/common_basicinfo.test.php @@ -18,12 +18,12 @@ class common_infofunctions_test extends DokuWikiTest { function _get_info() { global $USERINFO; - $info = array ( - 'isadmin' => true, + $info = array ( + 'isadmin' => true, 'ismanager' => true, - 'userinfo' => $USERINFO, - 'perm' => 255, - 'namespace' => false, + 'userinfo' => $USERINFO, + 'perm' => 255, + 'namespace' => false, 'ismobile' => false, 'client' => 'testuser', ); diff --git a/_test/tests/inc/common_mediainfo.test.php b/_test/tests/inc/common_mediainfo.test.php index 0e67fbcd9..cc5b17ec7 100644 --- a/_test/tests/inc/common_mediainfo.test.php +++ b/_test/tests/inc/common_mediainfo.test.php @@ -18,12 +18,12 @@ class common_basicinfo_test extends DokuWikiTest { function _get_info() { global $USERINFO; - $info = array ( - 'isadmin' => true, + $info = array ( + 'isadmin' => true, 'ismanager' => true, - 'userinfo' => $USERINFO, - 'perm' => 255, - 'namespace' => false, + 'userinfo' => $USERINFO, + 'perm' => 255, + 'namespace' => false, 'ismobile' => false, 'client' => 'testuser', ); diff --git a/_test/tests/inc/common_pageinfo.test.php b/_test/tests/inc/common_pageinfo.test.php index c54fbce26..0a1ea0a8f 100644 --- a/_test/tests/inc/common_pageinfo.test.php +++ b/_test/tests/inc/common_pageinfo.test.php @@ -31,18 +31,18 @@ class common_pageinfo_test extends DokuWikiTest { 'ismobile' => false, 'client' => 'testuser', ); - $info['rev'] = null; - $info['subscribed'] = false; - $info['locked'] = false; - $info['exists'] = false; - $info['writable'] = true; - $info['editable'] = true; - $info['lastmod'] = false; - $info['meta'] = array(); - $info['ip'] = null; - $info['user'] = null; - $info['sum'] = null; - $info['editor'] = null; + $info['rev'] = null; + $info['subscribed'] = false; + $info['locked'] = false; + $info['exists'] = false; + $info['writable'] = true; + $info['editable'] = true; + $info['lastmod'] = false; + $info['meta'] = array(); + $info['ip'] = null; + $info['user'] = null; + $info['sum'] = null; + $info['editor'] = null; return $info; } @@ -72,15 +72,15 @@ class common_pageinfo_test extends DokuWikiTest { $rev = filemtime($filename); $info = $this->_get_expected_pageinfo(); - $info['id'] = 'wiki:syntax'; + $info['id'] = 'wiki:syntax'; $info['namespace'] = 'wiki'; $info['filepath'] = $filename; - $info['exists'] = true; - $info['lastmod'] = $rev; - $info['meta'] = p_get_metadata($ID); + $info['exists'] = true; + $info['lastmod'] = $rev; + $info['meta'] = p_get_metadata($ID); $this->assertEquals($info, pageinfo()); - } + } /** * check info keys and values for anonymous user @@ -88,8 +88,8 @@ class common_pageinfo_test extends DokuWikiTest { function test_anonymoususer(){ global $ID,$conf,$REV; - unset($_SERVER['REMOTE_USER']); - global $USERINFO; $USERINFO = array(); + unset($_SERVER['REMOTE_USER']); + global $USERINFO; $USERINFO = array(); $ID = 'wiki:syntax'; $filename = $conf['datadir'].'/wiki/syntax.txt'; @@ -104,15 +104,15 @@ class common_pageinfo_test extends DokuWikiTest { $info['meta'] = p_get_metadata($ID); $info['rev'] = ''; - $info = array_merge($info, array( - 'isadmin' => false, - 'ismanager' => false, - 'perm' => 8, - 'client' => '1.2.3.4', + $info = array_merge($info, array( + 'isadmin' => false, + 'ismanager' => false, + 'perm' => 8, + 'client' => '1.2.3.4', )); unset($info['userinfo']); $this->assertEquals($info, pageinfo()); - } + } /** * check info keys and values with $REV @@ -135,7 +135,7 @@ class common_pageinfo_test extends DokuWikiTest { $this->assertEquals($info, pageinfo()); $this->assertEquals($rev-100, $REV); - } + } /** * check info keys and values with $RANGE @@ -146,7 +146,7 @@ class common_pageinfo_test extends DokuWikiTest { $ID = 'wiki:syntax'; $filename = $conf['datadir'].'/wiki/syntax.txt'; $rev = filemtime($filename); - $range = '1000-2000'; + $range = '1000-2000'; $info = $this->_get_expected_pageinfo(); $info['id'] = 'wiki:syntax'; @@ -160,18 +160,18 @@ class common_pageinfo_test extends DokuWikiTest { // expected result $RANGE unchanged $RANGE = $range; - $this->assertEquals($info, pageinfo()); + $this->assertEquals($info, pageinfo()); $this->assertFalse(isset($REV)); - $this->assertEquals($range,$RANGE); + $this->assertEquals($range,$RANGE); // check $RANGE with $REV = current // expected result: $RANGE unchanged, $REV cleared $REV = $rev; - $info['rev'] = ''; + $info['rev'] = ''; - $this->assertEquals($info, pageinfo()); + $this->assertEquals($info, pageinfo()); $this->assertEquals('',$REV); - $this->assertEquals($range,$RANGE); + $this->assertEquals($range,$RANGE); // check with a real $REV // expected result: $REV and $RANGE are cleared @@ -218,7 +218,7 @@ class common_pageinfo_test extends DokuWikiTest { p_set_metadata($ID,array('last_change' => false)); $this->assertEquals($info, pageinfo()); - $this->assertEquals($info['meta']['last_change'], p_get_metadata($ID,'last_change')); + $this->assertEquals($info['meta']['last_change'], p_get_metadata($ID,'last_change')); // fake an external edit, pageinfo should clear the last change from meta data // and not return any editor data diff --git a/_test/tests/test/basic.test.php b/_test/tests/test/basic.test.php index 05778ccf9..86acef935 100644 --- a/_test/tests/test/basic.test.php +++ b/_test/tests/test/basic.test.php @@ -123,11 +123,11 @@ class InttestsBasicTest extends DokuWikiTest { $request = new TestRequest(); // doku - $response = $request->get(); - $this->assertEquals('doku.php',$request->getScript()); + $response = $request->get(); + $this->assertEquals('doku.php',$request->getScript()); - $response = $request->get(array(),'/doku.php?id=wiki:dokuwiki&test=foo'); - $this->assertEquals('doku.php',$request->getScript()); + $response = $request->get(array(),'/doku.php?id=wiki:dokuwiki&test=foo'); + $this->assertEquals('doku.php',$request->getScript()); // fetch $response = $request->get(array(),'/lib/exe/fetch.php?media=wiki:dokuwiki-128.png'); @@ -149,8 +149,8 @@ class InttestsBasicTest extends DokuWikiTest { $request = new TestRequest(); $response = $request->get(array(),'/lib/exe/fetch.php?media=wiki:dokuwiki-128.png'); - $headers = $response->getHeaders(); - $this->assertTrue(!empty($headers)); + $headers = $response->getHeaders(); + $this->assertTrue(!empty($headers)); } function testGetHeader(){ diff --git a/lib/plugins/authad/adLDAP/adLDAP.php b/lib/plugins/authad/adLDAP/adLDAP.php index a8f33b47e..c1f92abe2 100644 --- a/lib/plugins/authad/adLDAP/adLDAP.php +++ b/lib/plugins/authad/adLDAP/adLDAP.php @@ -1,951 +1,951 @@ -ldapConnection) { - return $this->ldapConnection; - } - return false; - } - - /** - * Get the bind status - * - * @return bool - */ - public function getLdapBind() { - return $this->ldapBind; - } - - /** - * Get the current base DN - * - * @return string - */ - public function getBaseDn() { - return $this->baseDn; - } - - /** - * The group class - * - * @var adLDAPGroups - */ - protected $groupClass; - - /** - * Get the group class interface - * - * @return adLDAPGroups - */ - public function group() { - if (!$this->groupClass) { - $this->groupClass = new adLDAPGroups($this); - } - return $this->groupClass; - } - - /** - * The user class - * - * @var adLDAPUsers - */ - protected $userClass; - - /** - * Get the userclass interface - * - * @return adLDAPUsers - */ - public function user() { - if (!$this->userClass) { - $this->userClass = new adLDAPUsers($this); - } - return $this->userClass; - } - - /** - * The folders class - * - * @var adLDAPFolders - */ - protected $folderClass; - - /** - * Get the folder class interface - * - * @return adLDAPFolders - */ - public function folder() { - if (!$this->folderClass) { - $this->folderClass = new adLDAPFolders($this); - } - return $this->folderClass; - } - - /** - * The utils class - * - * @var adLDAPUtils - */ - protected $utilClass; - - /** - * Get the utils class interface - * - * @return adLDAPUtils - */ - public function utilities() { - if (!$this->utilClass) { - $this->utilClass = new adLDAPUtils($this); - } - return $this->utilClass; - } - - /** - * The contacts class - * - * @var adLDAPContacts - */ - protected $contactClass; - - /** - * Get the contacts class interface - * - * @return adLDAPContacts - */ - public function contact() { - if (!$this->contactClass) { - $this->contactClass = new adLDAPContacts($this); - } - return $this->contactClass; - } - - /** - * The exchange class - * - * @var adLDAPExchange - */ - protected $exchangeClass; - - /** - * Get the exchange class interface - * - * @return adLDAPExchange - */ - public function exchange() { - if (!$this->exchangeClass) { - $this->exchangeClass = new adLDAPExchange($this); - } - return $this->exchangeClass; - } - - /** - * The computers class - * - * @var adLDAPComputers - */ - protected $computersClass; - - /** - * Get the computers class interface - * - * @return adLDAPComputers - */ - public function computer() { - if (!$this->computerClass) { - $this->computerClass = new adLDAPComputers($this); - } - return $this->computerClass; - } - - /** - * Getters and Setters - */ - - /** - * Set the account suffix - * - * @param string $accountSuffix - * @return void - */ - public function setAccountSuffix($accountSuffix) - { - $this->accountSuffix = $accountSuffix; - } - - /** - * Get the account suffix - * - * @return string - */ - public function getAccountSuffix() - { - return $this->accountSuffix; - } - - /** - * Set the domain controllers array - * - * @param array $domainControllers - * @return void - */ - public function setDomainControllers(array $domainControllers) - { - $this->domainControllers = $domainControllers; - } - - /** - * Get the list of domain controllers - * - * @return void - */ - public function getDomainControllers() - { - return $this->domainControllers; - } - - /** - * Sets the port number your domain controller communicates over - * - * @param int $adPort - */ - public function setPort($adPort) - { - $this->adPort = $adPort; - } - - /** - * Gets the port number your domain controller communicates over - * - * @return int - */ - public function getPort() - { - return $this->adPort; - } - - /** - * Set the username of an account with higher priviledges - * - * @param string $adminUsername - * @return void - */ - public function setAdminUsername($adminUsername) - { - $this->adminUsername = $adminUsername; - } - - /** - * Get the username of the account with higher priviledges - * - * This will throw an exception for security reasons - */ - public function getAdminUsername() - { - throw new adLDAPException('For security reasons you cannot access the domain administrator account details'); - } - - /** - * Set the password of an account with higher priviledges - * - * @param string $adminPassword - * @return void - */ - public function setAdminPassword($adminPassword) - { - $this->adminPassword = $adminPassword; - } - - /** - * Get the password of the account with higher priviledges - * - * This will throw an exception for security reasons - */ - public function getAdminPassword() - { - throw new adLDAPException('For security reasons you cannot access the domain administrator account details'); - } - - /** - * Set whether to detect the true primary group - * - * @param bool $realPrimaryGroup - * @return void - */ - public function setRealPrimaryGroup($realPrimaryGroup) - { - $this->realPrimaryGroup = $realPrimaryGroup; - } - - /** - * Get the real primary group setting - * - * @return bool - */ - public function getRealPrimaryGroup() - { - return $this->realPrimaryGroup; - } - - /** - * Set whether to use SSL - * - * @param bool $useSSL - * @return void - */ - public function setUseSSL($useSSL) - { - $this->useSSL = $useSSL; - // Set the default port correctly - if($this->useSSL) { - $this->setPort(self::ADLDAP_LDAPS_PORT); - } - else { - $this->setPort(self::ADLDAP_LDAP_PORT); - } - } - - /** - * Get the SSL setting - * - * @return bool - */ - public function getUseSSL() - { - return $this->useSSL; - } - - /** - * Set whether to use TLS - * - * @param bool $useTLS - * @return void - */ - public function setUseTLS($useTLS) - { - $this->useTLS = $useTLS; - } - - /** - * Get the TLS setting - * - * @return bool - */ - public function getUseTLS() - { - return $this->useTLS; - } - - /** - * Set whether to use SSO - * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined. - * - * @param bool $useSSO - * @return void - */ - public function setUseSSO($useSSO) - { - if ($useSSO === true && !$this->ldapSaslSupported()) { - throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind'); - } - $this->useSSO = $useSSO; - } - - /** - * Get the SSO setting - * - * @return bool - */ - public function getUseSSO() - { - return $this->useSSO; - } - - /** - * Set whether to lookup recursive groups - * - * @param bool $recursiveGroups - * @return void - */ - public function setRecursiveGroups($recursiveGroups) - { - $this->recursiveGroups = $recursiveGroups; - } - - /** - * Get the recursive groups setting - * - * @return bool - */ - public function getRecursiveGroups() - { - return $this->recursiveGroups; - } - - /** - * Default Constructor - * - * Tries to bind to the AD domain over LDAP or LDAPs - * - * @param array $options Array of options to pass to the constructor - * @throws Exception - if unable to bind to Domain Controller - * @return bool - */ - function __construct($options = array()) { - // You can specifically overide any of the default configuration options setup above - if (count($options) > 0) { - if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; } - if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; } - if (array_key_exists("domain_controllers",$options)){ - if (!is_array($options["domain_controllers"])) { - throw new adLDAPException('[domain_controllers] option must be an array'); - } - $this->domainControllers = $options["domain_controllers"]; - } - if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; } - if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; } - if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; } - if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); } - if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; } - if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; } - if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); } - if (array_key_exists("sso",$options)) { - $this->setUseSSO($options["sso"]); - if (!$this->ldapSaslSupported()) { - $this->setUseSSO(false); - } - } - } - - if ($this->ldapSupported() === false) { - throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap'); - } - - return $this->connect(); - } - - /** - * Default Destructor - * - * Closes the LDAP connection - * - * @return void - */ - function __destruct() { - $this->close(); - } - - /** - * Connects and Binds to the Domain Controller - * - * @return bool - */ - public function connect() - { - // Connect to the AD/LDAP server as the username/password - $domainController = $this->randomController(); - if ($this->useSSL) { - $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort); - } else { - $this->ldapConnection = ldap_connect($domainController, $this->adPort); - } - - // Set some ldap options for talking to AD - ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3); - ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0); - - if ($this->useTLS) { - ldap_start_tls($this->ldapConnection); - } - - // Bind as a domain admin if they've set it up - if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) { - $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword); - if (!$this->ldapBind) { - if ($this->useSSL && !$this->useTLS) { - // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message - throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError()); - } - else { - throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError()); - } - } - } - if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) { - putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']); - $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); - if (!$this->ldapBind){ - throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); - } - else { - return true; - } - } - - - if ($this->baseDn == NULL) { - $this->baseDn = $this->findBaseDn(); - } - - return true; - } - - /** - * Closes the LDAP connection - * - * @return void - */ - public function close() { - if ($this->ldapConnection) { - @ldap_close($this->ldapConnection); - } - } - - /** - * Validate a user's login credentials - * - * @param string $username A user's AD username - * @param string $password A user's AD password - * @param bool optional $preventRebind - * @return bool - */ - public function authenticate($username, $password, $preventRebind = false) { - // Prevent null binding - if ($username === NULL || $password === NULL) { return false; } - if (empty($username) || empty($password)) { return false; } - - // Allow binding over SSO for Kerberos - if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) { - putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']); - $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); - if (!$this->ldapBind) { - throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); - } - else { - return true; - } - } - - // Bind as the user - $ret = true; - $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password); - if (!$this->ldapBind){ - $ret = false; - } - - // Cnce we've checked their details, kick back into admin mode if we have it - if ($this->adminUsername !== NULL && !$preventRebind) { - $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword); - if (!$this->ldapBind){ - // This should never happen in theory - throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); - } - } - - return $ret; - } - - /** - * Find the Base DN of your domain controller - * - * @return string - */ - public function findBaseDn() - { - $namingContext = $this->getRootDse(array('defaultnamingcontext')); - return $namingContext[0]['defaultnamingcontext'][0]; - } - - /** - * Get the RootDSE properties from a domain controller - * - * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext - * @return array - */ - public function getRootDse($attributes = array("*", "+")) { - if (!$this->ldapBind){ return (false); } - - $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes); - $entries = @ldap_get_entries($this->ldapConnection, $sr); - return $entries; - } - - /** - * Get last error from Active Directory - * - * This function gets the last message from Active Directory - * This may indeed be a 'Success' message but if you get an unknown error - * it might be worth calling this function to see what errors were raised - * - * return string - */ - public function getLastError() { - return @ldap_error($this->ldapConnection); - } - - /** - * Detect LDAP support in php - * - * @return bool - */ - protected function ldapSupported() - { - if (!function_exists('ldap_connect')) { - return false; - } - return true; - } - - /** - * Detect ldap_sasl_bind support in PHP - * - * @return bool - */ - protected function ldapSaslSupported() - { - if (!function_exists('ldap_sasl_bind')) { - return false; - } - return true; - } - - /** - * Schema - * - * @param array $attributes Attributes to be queried - * @return array - */ - public function adldap_schema($attributes){ - - // LDAP doesn't like NULL attributes, only set them if they have values - // If you wish to remove an attribute you should set it to a space - // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute - $mod=array(); - - // Check every attribute to see if it contains 8bit characters and then UTF8 encode them - array_walk($attributes, array($this, 'encode8bit')); - - if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; } - if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; } - //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes? - if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; } - if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; } - if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; } - if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; } - if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; } - if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; } - if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; } - if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; } - if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; } - if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; } - if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format? - if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; } - if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; } - if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; } - if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; } - if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; } - if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName*** - if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; } - if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); } - if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; } - if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; } - if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; } - if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; } - if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; } - if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; } - if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; } - if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; } - if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; } - if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; } - if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; } - if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; } - - // Distribution List specific schema - if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; } - if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; } - - // Exchange Schema - if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; } - if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; } - if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; } - if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; } - if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; } - if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; } - if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; } - if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; } - if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; } - - // This schema is designed for contacts - if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; } - if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; } - - //echo ("
"); print_r($mod);
-        /*
-        // modifying a name is a bit fiddly
-        if ($attributes["firstname"] && $attributes["surname"]){
-            $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
-            $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
-            $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
-        }
-        */
-
-        if (count($mod)==0){ return (false); }
-        return ($mod);
-    }
-    
-    /**
-    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
-    */
-    protected function encode8Bit(&$item, $key) {
-        $encode = false;
-        if (is_string($item)) {
-            for ($i=0; $i> 7) {
-                    $encode = true;
-                }
-            }
-        }
-        if ($encode === true && $key != 'password') {
-            $item = utf8_encode($item);   
-        }
-    }
-    
-    /**
-    * Select a random domain controller from your domain controller array
-    * 
-    * @return string
-    */
-    protected function randomController() 
-    {
-        mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
-        /*if (sizeof($this->domainControllers) > 1) {
-            $adController = $this->domainControllers[array_rand($this->domainControllers)]; 
-            // Test if the controller is responding to pings
-            $ping = $this->pingController($adController); 
-            if ($ping === false) { 
-                // Find the current key in the domain controllers array
-                $key = array_search($adController, $this->domainControllers);
-                // Remove it so that we don't end up in a recursive loop
-                unset($this->domainControllers[$key]);
-                // Select a new controller
-                return $this->randomController(); 
-            }
-            else { 
-                return ($adController); 
-            }
-        } */
-        return $this->domainControllers[array_rand($this->domainControllers)];
-    }  
-    
-    /** 
-    * Test basic connectivity to controller 
-    * 
-    * @return bool
-    */ 
-    protected function pingController($host) {
-        $port = $this->adPort; 
-        fsockopen($host, $port, $errno, $errstr, 10); 
-        if ($errno > 0) {
-            return false;
-        }
-        return true;
-    }
-
-}
-
-/**
-* adLDAP Exception Handler
-* 
-* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
-* Example:
-* try {
-*   $adldap = new adLDAP();
-* }
-* catch (adLDAPException $e) {
-*   echo $e;
-*   exit();
-* }
-*/
-class adLDAPException extends Exception {}
-
+ldapConnection) {
+            return $this->ldapConnection;   
+        }
+        return false;
+    }
+    
+    /**
+    * Get the bind status
+    * 
+    * @return bool
+    */
+    public function getLdapBind() {
+        return $this->ldapBind;
+    }
+    
+    /**
+    * Get the current base DN
+    * 
+    * @return string
+    */
+    public function getBaseDn() {
+        return $this->baseDn;   
+    }
+    
+    /**
+    * The group class
+    * 
+    * @var adLDAPGroups
+    */
+    protected $groupClass;
+    
+    /**
+    * Get the group class interface
+    * 
+    * @return adLDAPGroups
+    */
+    public function group() {
+        if (!$this->groupClass) {
+            $this->groupClass = new adLDAPGroups($this);
+        }   
+        return $this->groupClass;
+    }
+    
+    /**
+    * The user class
+    * 
+    * @var adLDAPUsers
+    */
+    protected $userClass;
+    
+    /**
+    * Get the userclass interface
+    * 
+    * @return adLDAPUsers
+    */
+    public function user() {
+        if (!$this->userClass) {
+            $this->userClass = new adLDAPUsers($this);
+        }   
+        return $this->userClass;
+    }
+    
+    /**
+    * The folders class
+    * 
+    * @var adLDAPFolders
+    */
+    protected $folderClass;
+    
+    /**
+    * Get the folder class interface
+    * 
+    * @return adLDAPFolders
+    */
+    public function folder() {
+        if (!$this->folderClass) {
+            $this->folderClass = new adLDAPFolders($this);
+        }   
+        return $this->folderClass;
+    }
+    
+    /**
+    * The utils class
+    * 
+    * @var adLDAPUtils
+    */
+    protected $utilClass;
+    
+    /**
+    * Get the utils class interface
+    * 
+    * @return adLDAPUtils
+    */
+    public function utilities() {
+        if (!$this->utilClass) {
+            $this->utilClass = new adLDAPUtils($this);
+        }   
+        return $this->utilClass;
+    }
+    
+    /**
+    * The contacts class
+    * 
+    * @var adLDAPContacts
+    */
+    protected $contactClass;
+    
+    /**
+    * Get the contacts class interface
+    * 
+    * @return adLDAPContacts
+    */
+    public function contact() {
+        if (!$this->contactClass) {
+            $this->contactClass = new adLDAPContacts($this);
+        }   
+        return $this->contactClass;
+    }
+    
+    /**
+    * The exchange class
+    * 
+    * @var adLDAPExchange
+    */
+    protected $exchangeClass;
+    
+    /**
+    * Get the exchange class interface
+    * 
+    * @return adLDAPExchange
+    */
+    public function exchange() {
+        if (!$this->exchangeClass) {
+            $this->exchangeClass = new adLDAPExchange($this);
+        }   
+        return $this->exchangeClass;
+    }
+    
+    /**
+    * The computers class
+    * 
+    * @var adLDAPComputers
+    */
+    protected $computersClass;
+    
+    /**
+    * Get the computers class interface
+    * 
+    * @return adLDAPComputers
+    */
+    public function computer() {
+        if (!$this->computerClass) {
+            $this->computerClass = new adLDAPComputers($this);
+        }   
+        return $this->computerClass;
+    }
+
+    /**
+    * Getters and Setters
+    */
+    
+    /**
+    * Set the account suffix
+    * 
+    * @param string $accountSuffix
+    * @return void
+    */
+    public function setAccountSuffix($accountSuffix)
+    {
+          $this->accountSuffix = $accountSuffix;
+    }
+
+    /**
+    * Get the account suffix
+    * 
+    * @return string
+    */
+    public function getAccountSuffix()
+    {
+          return $this->accountSuffix;
+    }
+    
+    /**
+    * Set the domain controllers array
+    * 
+    * @param array $domainControllers
+    * @return void
+    */
+    public function setDomainControllers(array $domainControllers)
+    {
+          $this->domainControllers = $domainControllers;
+    }
+
+    /**
+    * Get the list of domain controllers
+    * 
+    * @return void
+    */
+    public function getDomainControllers()
+    {
+          return $this->domainControllers;
+    }
+    
+    /**
+    * Sets the port number your domain controller communicates over
+    * 
+    * @param int $adPort
+    */
+    public function setPort($adPort) 
+    { 
+        $this->adPort = $adPort; 
+    } 
+    
+    /**
+    * Gets the port number your domain controller communicates over
+    * 
+    * @return int
+    */
+    public function getPort() 
+    { 
+        return $this->adPort; 
+    } 
+    
+    /**
+    * Set the username of an account with higher priviledges
+    * 
+    * @param string $adminUsername
+    * @return void
+    */
+    public function setAdminUsername($adminUsername)
+    {
+          $this->adminUsername = $adminUsername;
+    }
+
+    /**
+    * Get the username of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function getAdminUsername()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set the password of an account with higher priviledges
+    * 
+    * @param string $adminPassword
+    * @return void
+    */
+    public function setAdminPassword($adminPassword)
+    {
+          $this->adminPassword = $adminPassword;
+    }
+
+    /**
+    * Get the password of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function getAdminPassword()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set whether to detect the true primary group
+    * 
+    * @param bool $realPrimaryGroup
+    * @return void
+    */
+    public function setRealPrimaryGroup($realPrimaryGroup)
+    {
+          $this->realPrimaryGroup = $realPrimaryGroup;
+    }
+
+    /**
+    * Get the real primary group setting
+    * 
+    * @return bool
+    */
+    public function getRealPrimaryGroup()
+    {
+          return $this->realPrimaryGroup;
+    }
+    
+    /**
+    * Set whether to use SSL
+    * 
+    * @param bool $useSSL
+    * @return void
+    */
+    public function setUseSSL($useSSL)
+    {
+          $this->useSSL = $useSSL;
+          // Set the default port correctly 
+          if($this->useSSL) { 
+            $this->setPort(self::ADLDAP_LDAPS_PORT); 
+          }
+          else { 
+            $this->setPort(self::ADLDAP_LDAP_PORT); 
+          } 
+    }
+
+    /**
+    * Get the SSL setting
+    * 
+    * @return bool
+    */
+    public function getUseSSL()
+    {
+          return $this->useSSL;
+    }
+    
+    /**
+    * Set whether to use TLS
+    * 
+    * @param bool $useTLS
+    * @return void
+    */
+    public function setUseTLS($useTLS)
+    {
+          $this->useTLS = $useTLS;
+    }
+
+    /**
+    * Get the TLS setting
+    * 
+    * @return bool
+    */
+    public function getUseTLS()
+    {
+          return $this->useTLS;
+    }
+    
+    /**
+    * Set whether to use SSO
+    * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined. 
+    * 
+    * @param bool $useSSO
+    * @return void
+    */
+    public function setUseSSO($useSSO)
+    {
+          if ($useSSO === true && !$this->ldapSaslSupported()) {
+              throw new adLDAPException('No LDAP SASL support for PHP.  See: http://www.php.net/ldap_sasl_bind');
+          }
+          $this->useSSO = $useSSO;
+    }
+
+    /**
+    * Get the SSO setting
+    * 
+    * @return bool
+    */
+    public function getUseSSO()
+    {
+          return $this->useSSO;
+    }
+    
+    /**
+    * Set whether to lookup recursive groups
+    * 
+    * @param bool $recursiveGroups
+    * @return void
+    */
+    public function setRecursiveGroups($recursiveGroups)
+    {
+          $this->recursiveGroups = $recursiveGroups;
+    }
+
+    /**
+    * Get the recursive groups setting
+    * 
+    * @return bool
+    */
+    public function getRecursiveGroups()
+    {
+          return $this->recursiveGroups;
+    }
+
+    /**
+    * Default Constructor
+    * 
+    * Tries to bind to the AD domain over LDAP or LDAPs
+    * 
+    * @param array $options Array of options to pass to the constructor
+    * @throws Exception - if unable to bind to Domain Controller
+    * @return bool
+    */
+    function __construct($options = array()) {
+        // You can specifically overide any of the default configuration options setup above
+        if (count($options) > 0) {
+            if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
+            if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
+            if (array_key_exists("domain_controllers",$options)){ 
+                if (!is_array($options["domain_controllers"])) { 
+                    throw new adLDAPException('[domain_controllers] option must be an array');
+                }
+                $this->domainControllers = $options["domain_controllers"]; 
+            }
+            if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
+            if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
+            if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
+            if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
+            if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
+            if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
+            if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); } 
+            if (array_key_exists("sso",$options)) { 
+                $this->setUseSSO($options["sso"]);
+                if (!$this->ldapSaslSupported()) {
+                    $this->setUseSSO(false);
+                }
+            } 
+        }
+        
+        if ($this->ldapSupported() === false) {
+            throw new adLDAPException('No LDAP support for PHP.  See: http://www.php.net/ldap');
+        }
+
+        return $this->connect();
+    }
+
+    /**
+    * Default Destructor
+    * 
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    function __destruct() { 
+        $this->close(); 
+    }
+
+    /**
+    * Connects and Binds to the Domain Controller
+    * 
+    * @return bool
+    */
+    public function connect() 
+    {
+        // Connect to the AD/LDAP server as the username/password
+        $domainController = $this->randomController();
+        if ($this->useSSL) {
+            $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
+        } else {
+            $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+        }
+               
+        // Set some ldap options for talking to AD
+        ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+        
+        if ($this->useTLS) {
+            ldap_start_tls($this->ldapConnection);
+        }
+               
+        // Bind as a domain admin if they've set it up
+        if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+            $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
+            if (!$this->ldapBind) {
+                if ($this->useSSL && !$this->useTLS) {
+                    // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+                    throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
+                }
+                else {
+                    throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
+                }
+            }
+        }
+        if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+            putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);  
+            $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); 
+            if (!$this->ldapBind){ 
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); 
+            }
+            else {
+                return true;
+            }
+        }
+                
+        
+        if ($this->baseDn == NULL) {
+            $this->baseDn = $this->findBaseDn();   
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    public function close() {
+        if ($this->ldapConnection) {
+            @ldap_close($this->ldapConnection);
+        }
+    }
+    
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $preventRebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $preventRebind = false) {
+        // Prevent null binding
+        if ($username === NULL || $password === NULL) { return false; } 
+        if (empty($username) || empty($password)) { return false; }
+        
+        // Allow binding over SSO for Kerberos
+        if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) { 
+            putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+            $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+            if (!$this->ldapBind) {
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+            }
+            else {
+                return true;
+            }
+        }
+        
+        // Bind as the user        
+        $ret = true;
+        $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
+        if (!$this->ldapBind){ 
+            $ret = false; 
+        }
+        
+        // Cnce we've checked their details, kick back into admin mode if we have it
+        if ($this->adminUsername !== NULL && !$preventRebind) {
+            $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
+            if (!$this->ldapBind){
+                // This should never happen in theory
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+            } 
+        } 
+        
+        return $ret;
+    }
+    
+    /**
+    * Find the Base DN of your domain controller
+    * 
+    * @return string
+    */
+    public function findBaseDn() 
+    {
+        $namingContext = $this->getRootDse(array('defaultnamingcontext'));   
+        return $namingContext[0]['defaultnamingcontext'][0];
+    }
+    
+    /**
+    * Get the RootDSE properties from a domain controller
+    * 
+    * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+    * @return array
+    */
+    public function getRootDse($attributes = array("*", "+")) {
+        if (!$this->ldapBind){ return (false); }
+        
+        $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+        $entries = @ldap_get_entries($this->ldapConnection, $sr);
+        return $entries;
+    }
+
+    /**
+    * Get last error from Active Directory
+    * 
+    * This function gets the last message from Active Directory
+    * This may indeed be a 'Success' message but if you get an unknown error
+    * it might be worth calling this function to see what errors were raised
+    * 
+    * return string
+    */
+    public function getLastError() {
+        return @ldap_error($this->ldapConnection);
+    }
+    
+    /**
+    * Detect LDAP support in php
+    * 
+    * @return bool
+    */    
+    protected function ldapSupported()
+    {
+        if (!function_exists('ldap_connect')) {
+            return false;   
+        }
+        return true;
+    }
+    
+    /**
+    * Detect ldap_sasl_bind support in PHP
+    * 
+    * @return bool
+    */
+    protected function ldapSaslSupported()
+    {
+        if (!function_exists('ldap_sasl_bind')) {
+            return false;
+        }
+        return true;
+    }
+    
+    /**
+    * Schema
+    * 
+    * @param array $attributes Attributes to be queried
+    * @return array
+    */    
+    public function adldap_schema($attributes){
+    
+        // LDAP doesn't like NULL attributes, only set them if they have values
+        // If you wish to remove an attribute you should set it to a space
+        // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+        $mod=array();
+        
+        // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+        array_walk($attributes, array($this, 'encode8bit'));
+
+        if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
+        if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
+        //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+        if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
+        if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+        if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
+        if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+        if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
+        if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
+        if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
+        if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
+        if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
+        if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
+        if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+        if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
+        if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+        if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+        if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
+        if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+        if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; }  //UNTESTED ***Use DistinguishedName***
+        if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+        if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
+        if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+        if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+        if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
+        if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
+        if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+        if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
+        if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
+        if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+        if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+        if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+        if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+        if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
+        
+        // Distribution List specific schema
+        if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+        if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+        
+        // Exchange Schema
+        if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+        if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+        if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+        if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+        if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+        if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }       
+        if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }    
+        if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; } 
+        if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }    
+        
+        // This schema is designed for contacts
+        if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+        if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+        
+        //echo ("
"); print_r($mod);
+        /*
+        // modifying a name is a bit fiddly
+        if ($attributes["firstname"] && $attributes["surname"]){
+            $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+        }
+        */
+
+        if (count($mod)==0){ return (false); }
+        return ($mod);
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    protected function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }
+    
+    /**
+    * Select a random domain controller from your domain controller array
+    * 
+    * @return string
+    */
+    protected function randomController() 
+    {
+        mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+        /*if (sizeof($this->domainControllers) > 1) {
+            $adController = $this->domainControllers[array_rand($this->domainControllers)]; 
+            // Test if the controller is responding to pings
+            $ping = $this->pingController($adController); 
+            if ($ping === false) { 
+                // Find the current key in the domain controllers array
+                $key = array_search($adController, $this->domainControllers);
+                // Remove it so that we don't end up in a recursive loop
+                unset($this->domainControllers[$key]);
+                // Select a new controller
+                return $this->randomController(); 
+            }
+            else { 
+                return ($adController); 
+            }
+        } */
+        return $this->domainControllers[array_rand($this->domainControllers)];
+    }  
+    
+    /** 
+    * Test basic connectivity to controller 
+    * 
+    * @return bool
+    */ 
+    protected function pingController($host) {
+        $port = $this->adPort; 
+        fsockopen($host, $port, $errno, $errstr, 10); 
+        if ($errno > 0) {
+            return false;
+        }
+        return true;
+    }
+
+}
+
+/**
+* adLDAP Exception Handler
+* 
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+*   $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+*   echo $e;
+*   exit();
+* }
+*/
+class adLDAPException extends Exception {}
+
 ?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
index 71b24a04f..aabd88fa5 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
@@ -1,153 +1,153 @@
-adldap = $adldap;
-    }
-    
-    /**
-    * Get information about a specific computer. Returned in a raw array format from AD
-    * 
-    * @param string $computerName The name of the computer
-    * @param array $fields Attributes to return
-    * @return array
-    */
-    public function info($computerName, $fields = NULL)
-    {
-        if ($computerName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-
-        $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
-        if ($fields === NULL) { 
-            $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion"); 
-        }
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        
-        return $entries;
-    }
-    
-    /**
-    * Find information about the computers. Returned in a raw array format from AD
-    * 
-    * @param string $computerName The name of the computer
-    * @param array $fields Array of parameters to query
-    * @return mixed
-    */
-    public function infoCollection($computerName, $fields = NULL)
-    {
-        if ($computerName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        $info = $this->info($computerName, $fields);
-        
-        if ($info !== false) {
-            $collection = new adLDAPComputerCollection($info, $this->adldap);
-            return $collection;
-        }
-        return false;
-    }
-    
-    /**
-    * Check if a computer is in a group
-    * 
-    * @param string $computerName The name of the computer
-    * @param string $group The group to check
-    * @param bool $recursive Whether to check recursively
-    * @return array
-    */
-    public function inGroup($computerName, $group, $recursive = NULL)
-    {
-        if ($computerName === NULL) { return false; }
-        if ($group === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
-
-        //get a list of the groups
-        $groups = $this->groups($computerName, array("memberof"), $recursive);
-
-        //return true if the specified group is in the group list
-        if (in_array($group, $groups)){ 
-            return true; 
-        }
-
-        return false;
-    }
-    
-    /**
-    * Get the groups a computer is in
-    * 
-    * @param string $computerName The name of the computer
-    * @param bool $recursive Whether to check recursively
-    * @return array
-    */
-    public function groups($computerName, $recursive = NULL)
-    {
-        if ($computerName === NULL) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
-        if (!$this->adldap->getLdapBind()){ return false; }
-
-        //search the directory for their information
-        $info = @$this->info($computerName, array("memberof", "primarygroupid"));
-        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
-
-        if ($recursive === true) {
-            foreach ($groups as $id => $groupName){
-              $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
-              $groups = array_merge($groups, $extraGroups);
-            }
-        }
-
-        return $groups;
-    }
-    
-}
+adldap = $adldap;
+    }
+    
+    /**
+    * Get information about a specific computer. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Attributes to return
+    * @return array
+    */
+    public function info($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
+        if ($fields === NULL) { 
+            $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        return $entries;
+    }
+    
+    /**
+    * Find information about the computers. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($computerName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPComputerCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Check if a computer is in a group
+    * 
+    * @param string $computerName The name of the computer
+    * @param string $group The group to check
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function inGroup($computerName, $group, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+        //get a list of the groups
+        $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+        //return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Get the groups a computer is in
+    * 
+    * @param string $computerName The name of the computer
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function groups($computerName, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+
+        //search the directory for their information
+        $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true) {
+            foreach ($groups as $id => $groupName){
+              $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+              $groups = array_merge($groups, $extraGroups);
+            }
+        }
+
+        return $groups;
+    }
+    
+}
 ?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
index addd3e5f0..42a0d756b 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
@@ -1,294 +1,294 @@
-adldap = $adldap;
-    }
-    
-    //*****************************************************************************************************************
-    // CONTACT FUNCTIONS
-    // * Still work to do in this area, and new functions to write
-    
-    /**
-    * Create a contact
-    * 
-    * @param array $attributes The attributes to set to the contact
-    * @return bool
-    */
-    public function create($attributes)
-    {
-        // Check for compulsory fields
-        if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
-        if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
-        if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
-        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
-
-        // Translate the schema
-        $add = $this->adldap->adldap_schema($attributes);
-        
-        // Additional stuff only used for adding contacts
-        $add["cn"][0] = $attributes["display_name"];
-        $add["objectclass"][0] = "top";
-        $add["objectclass"][1] = "person";
-        $add["objectclass"][2] = "organizationalPerson";
-        $add["objectclass"][3] = "contact"; 
-        if (!isset($attributes['exchange_hidefromlists'])) {
-            $add["msExchHideFromAddressLists"][0] = "TRUE";
-        }
-
-        // Determine the container
-        $attributes["container"] = array_reverse($attributes["container"]);
-        $container= "OU=" . implode(",OU=", $attributes["container"]);
-
-        // Add the entry
-        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
-        if ($result != true) { 
-            return false; 
-        }
-        
-        return true;
-    }  
-    
-    /**
-    * Determine the list of groups a contact is a member of
-    * 
-    * @param string $distinguisedname The full DN of a contact
-    * @param bool $recursive Recursively check groups
-    * @return array
-    */
-    public function groups($distinguishedName, $recursive = NULL)
-    {
-        if ($distinguishedName === NULL) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
-        if (!$this->adldap->getLdapBind()){ return false; }
-        
-        // Search the directory for their information
-        $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
-        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
-
-        if ($recursive === true){
-            foreach ($groups as $id => $groupName){
-                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
-                $groups = array_merge($groups, $extraGroups);
-            }
-        }
-        
-        return $groups;
-    }
-    
-    /**
-    * Get contact information. Returned in a raw array format from AD
-    * 
-    * @param string $distinguisedname The full DN of a contact
-    * @param array $fields Attributes to be returned
-    * @return array
-    */
-    public function info($distinguishedName, $fields = NULL)
-    {
-        if ($distinguishedName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-
-        $filter = "distinguishedName=" . $distinguishedName;
-        if ($fields === NULL) { 
-            $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); 
-        }
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        
-        if ($entries[0]['count'] >= 1) {
-            // AD does not return the primary group in the ldap query, we may need to fudge it
-            if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
-                //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
-                $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
-            } else {
-                $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
-            }
-        }
-        
-        $entries[0]["memberof"]["count"]++;
-        return $entries;
-    }
-    
-    /**
-    * Find information about the contacts. Returned in a raw array format from AD
-    * 
-    * @param string $distinguishedName The full DN of a contact 
-    * @param array $fields Array of parameters to query
-    * @return mixed
-    */
-    public function infoCollection($distinguishedName, $fields = NULL)
-    {
-        if ($distinguishedName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        $info = $this->info($distinguishedName, $fields);
-        
-        if ($info !== false) {
-            $collection = new adLDAPContactCollection($info, $this->adldap);
-            return $collection;
-        }
-        return false;
-    }
-    
-    /**
-    * Determine if a contact is a member of a group
-    * 
-    * @param string $distinguisedName The full DN of a contact
-    * @param string $group The group name to query
-    * @param bool $recursive Recursively check groups
-    * @return bool
-    */
-    public function inGroup($distinguisedName, $group, $recursive = NULL)
-    {
-        if ($distinguisedName === NULL) { return false; }
-        if ($group === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
-        
-        // Get a list of the groups
-        $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
-        
-        // Return true if the specified group is in the group list
-        if (in_array($group, $groups)){ 
-            return true; 
-        }
-
-        return false;
-    }          
-    
-    /**
-    * Modify a contact
-    * 
-    * @param string $distinguishedName The contact to query
-    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
-    * @return bool
-    */
-    public function modify($distinguishedName, $attributes) {
-        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
-        
-        // Translate the update to the LDAP schema                
-        $mod = $this->adldap->adldap_schema($attributes);
-        
-        // Check to see if this is an enabled status update
-        if (!$mod) { 
-            return false; 
-        }
-        
-        // Do the update
-        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
-        if ($result == false) { 
-            return false; 
-        }
-        
-        return true;
-    }
-    
-    /**
-    * Delete a contact
-    * 
-    * @param string $distinguishedName The contact dn to delete (please be careful here!)
-    * @return array
-    */
-    public function delete($distinguishedName) 
-    {
-        $result = $this->folder()->delete($distinguishedName);
-        if ($result != true) { 
-            return false; 
-        }       
-        return true;
-    }
-    
-    /**
-    * Return a list of all contacts
-    * 
-    * @param bool $includeDescription Include a description of a contact
-    * @param string $search The search parameters
-    * @param bool $sorted Whether to sort the results
-    * @return array
-    */
-    public function all($includeDescription = false, $search = "*", $sorted = true) {
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        // Perform the search and grab all their details
-        $filter = "(&(objectClass=contact)(cn=" . $search . "))";
-        $fields = array("displayname","distinguishedname");           
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        $usersArray = array();
-        for ($i=0; $i<$entries["count"]; $i++){
-            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
-                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
-            } elseif ($includeDescription){
-                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
-            } else {
-                array_push($usersArray, $entries[$i]["distinguishedname"][0]);
-            }
-        }
-        if ($sorted) { 
-            asort($usersArray); 
-        }
-        return $usersArray;
-    }
-    
-    /**
-    * Mail enable a contact
-    * Allows email to be sent to them through Exchange
-    * 
-    * @param string $distinguishedname The contact to mail enable
-    * @param string $emailaddress The email address to allow emails to be sent through
-    * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
-    * @return bool
-    */
-    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
-        return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
-    }
-    
-    
-}
-?>
+adldap = $adldap;
+    }
+    
+    //*****************************************************************************************************************
+    // CONTACT FUNCTIONS
+    // * Still work to do in this area, and new functions to write
+    
+    /**
+    * Create a contact
+    * 
+    * @param array $attributes The attributes to set to the contact
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+        if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding contacts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "contact"; 
+        if (!isset($attributes['exchange_hidefromlists'])) {
+            $add["msExchHideFromAddressLists"][0] = "TRUE";
+        }
+
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container= "OU=" . implode(",OU=", $attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }  
+    
+    /**
+    * Determine the list of groups a contact is a member of
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param bool $recursive Recursively check groups
+    * @return array
+    */
+    public function groups($distinguishedName, $recursive = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Get contact information. Returned in a raw array format from AD
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param array $fields Attributes to be returned
+    * @return array
+    */
+    public function info($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "distinguishedName=" . $distinguishedName;
+        if ($fields === NULL) { 
+            $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if ($entries[0]['count'] >= 1) {
+            // AD does not return the primary group in the ldap query, we may need to fudge it
+            if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
+                //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+            } else {
+                $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+            }
+        }
+        
+        $entries[0]["memberof"]["count"]++;
+        return $entries;
+    }
+    
+    /**
+    * Find information about the contacts. Returned in a raw array format from AD
+    * 
+    * @param string $distinguishedName The full DN of a contact 
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($distinguishedName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPContactCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a contact is a member of a group
+    * 
+    * @param string $distinguisedName The full DN of a contact
+    * @param string $group The group name to query
+    * @param bool $recursive Recursively check groups
+    * @return bool
+    */
+    public function inGroup($distinguisedName, $group, $recursive = NULL)
+    {
+        if ($distinguisedName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }          
+    
+    /**
+    * Modify a contact
+    * 
+    * @param string $distinguishedName The contact to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @return bool
+    */
+    public function modify($distinguishedName, $attributes) {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { 
+            return false; 
+        }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Delete a contact
+    * 
+    * @param string $distinguishedName The contact dn to delete (please be careful here!)
+    * @return array
+    */
+    public function delete($distinguishedName) 
+    {
+        $result = $this->folder()->delete($distinguishedName);
+        if ($result != true) { 
+            return false; 
+        }       
+        return true;
+    }
+    
+    /**
+    * Return a list of all contacts
+    * 
+    * @param bool $includeDescription Include a description of a contact
+    * @param string $search The search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=contact)(cn=" . $search . "))";
+        $fields = array("displayname","distinguishedname");           
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedname The contact to mail enable
+    * @param string $emailaddress The email address to allow emails to be sent through
+    * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
+        return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+    }
+    
+    
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
index dd0c6de05..d70aac779 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
@@ -1,390 +1,390 @@
-adldap = $adldap;
-    }
-    
-    /**
-    * Create an Exchange account
-    * 
-    * @param string $username The username of the user to add the Exchange account to
-    * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
-    *                            If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
-    * @param string $emailAddress The primary email address to add to this user
-    * @param string $mailNickname The mail nick name.  If mail nickname is blank, the username will be used
-    * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
-    * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
-    {
-        if ($username === NULL){ return "Missing compulsory field [username]"; }     
-        if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
-        if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
-        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
-        
-        if ($baseDn === NULL) {
-            $baseDn = $this->adldap->getBaseDn();   
-        }
-        
-        $container = "CN=" . implode(",CN=", $storageGroup);
-        
-        if ($mailNickname === NULL) { 
-            $mailNickname = $username; 
-        }
-        $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
-        
-        $attributes = array(
-            'exchange_homemdb'=>$container.",".$baseDn,
-            'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
-            'exchange_mailnickname'=>$mailNickname,
-            'exchange_usedefaults'=>$mdbUseDefaults
-        );
-        $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Add an X400 address to Exchange
-    * See http://tools.ietf.org/html/rfc1685 for more information.
-    * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
-    * 
-    * @param string $username The username of the user to add the X400 to to
-    * @param string $country Country
-    * @param string $admd Administration Management Domain
-    * @param string $pdmd Private Management Domain (often your AD domain)
-    * @param string $org Organization
-    * @param string $surname Surname
-    * @param string $givenName Given name
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false) 
-    {
-        if ($username === NULL){ return "Missing compulsory field [username]"; }     
-        
-        $proxyValue = 'X400:';
-            
-        // Find the dn of the user
-        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
-        if ($user[0]["dn"] === NULL) { return false; }
-        $userDn = $user[0]["dn"];
-        
-        // We do not have to demote an email address from the default so we can just add the new proxy address
-        $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
-       
-        // Translate the update to the LDAP schema                
-        $add = $this->adldap->adldap_schema($attributes);
-        
-        if (!$add) { return false; }
-        
-        // Do the update
-        // Take out the @ to see any errors, usually this error might occur because the address already
-        // exists in the list of proxyAddresses
-        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
-        if ($result == false) { 
-            return false; 
-        }
-        
-        return true;
-    }
-    
-    /**
-    * Add an address to Exchange
-    * 
-    * @param string $username The username of the user to add the Exchange account to
-    * @param string $emailAddress The email address to add to this user
-    * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false) 
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }     
-        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-        
-        $proxyValue = 'smtp:';
-        if ($default === true) {
-            $proxyValue = 'SMTP:';
-        }
-              
-        // Find the dn of the user
-        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
-        if ($user[0]["dn"] === NULL){ return false; }
-        $userDn = $user[0]["dn"];
-        
-        // We need to scan existing proxy addresses and demote the default one
-        if (is_array($user[0]["proxyaddresses"]) && $default === true) {
-            $modAddresses = array();
-            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
-            if ($result == false) { 
-                return false; 
-            }
-            
-            return true;
-        }
-        else {
-            // We do not have to demote an email address from the default so we can just add the new proxy address
-            $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
-            
-            // Translate the update to the LDAP schema                
-            $add = $this->adldap->adldap_schema($attributes);
-            
-            if (!$add) { 
-                return false; 
-            }
-            
-            // Do the update
-            // Take out the @ to see any errors, usually this error might occur because the address already
-            // exists in the list of proxyAddresses
-            $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
-            if ($result == false) { 
-                return false; 
-            }
-            
-            return true;
-        }
-    }
-    
-    /**
-    * Remove an address to Exchange
-    * If you remove a default address the account will no longer have a default, 
-    * we recommend changing the default address first
-    * 
-    * @param string $username The username of the user to add the Exchange account to
-    * @param string $emailAddress The email address to add to this user
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function deleteAddress($username, $emailAddress, $isGUID=false) 
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }     
-        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-        
-        // Find the dn of the user
-        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
-        if ($user[0]["dn"] === NULL) { return false; }
-        $userDn = $user[0]["dn"];
-        
-        if (is_array($user[0]["proxyaddresses"])) {
-            $mod = array();
-            for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
-            if ($result == false) { 
-                return false; 
-            }
-            
-            return true;
-        }
-        else {
-            return false;
-        }
-    }
-    /**
-    * Change the default address
-    * 
-    * @param string $username The username of the user to add the Exchange account to
-    * @param string $emailAddress The email address to make default
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function primaryAddress($username, $emailAddress, $isGUID = false) 
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }     
-        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-        
-        // Find the dn of the user
-        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
-        if ($user[0]["dn"] === NULL){ return false; }
-        $userDn = $user[0]["dn"];
-        
-        if (is_array($user[0]["proxyaddresses"])) {
-            $modAddresses = array();
-            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
-            if ($result == false) { 
-                return false; 
-            }
-            
-            return true;
-        }
-        
-    }
-    
-    /**
-    * Mail enable a contact
-    * Allows email to be sent to them through Exchange
-    * 
-    * @param string $distinguishedName The contact to mail enable
-    * @param string $emailAddress The email address to allow emails to be sent through
-    * @param string $mailNickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
-    * @return bool
-    */
-    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
-    {
-        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }   
-        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }  
-        
-        if ($mailNickname !== NULL) {
-            // Find the dn of the user
-            $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
-            if ($user[0]["displayname"] === NULL) { return false; }
-            $mailNickname = $user[0]['displayname'][0];
-        }
-        
-        $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
-         
-        // Translate the update to the LDAP schema                
-        $mod = $this->adldap->adldap_schema($attributes);
-        
-        // Check to see if this is an enabled status update
-        if (!$mod) { return false; }
-        
-        // Do the update
-        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
-        if ($result == false) { return false; }
-        
-        return true;
-    }
-    
-    /**
-    * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
-    * 
-    * @param array $attributes An array of the AD attributes you wish to return
-    * @return array
-    */
-    public function servers($attributes = array('cn','distinguishedname','serialnumber')) 
-    {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        
-        $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
-        $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
-        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        return $entries;
-    }
-    
-    /**
-    * Returns a list of Storage Groups in Exchange for a given mail server
-    * 
-    * @param string $exchangeServer The full DN of an Exchange server.  You can use exchange_servers() to find the DN for your server
-    * @param array $attributes An array of the AD attributes you wish to return
-    * @param bool $recursive If enabled this will automatically query the databases within a storage group
-    * @return array
-    */
-    public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) 
-    {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
-
-        $filter = '(&(objectCategory=msExchStorageGroup))';
-        $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
-        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        if ($recursive === true) {
-            for ($i=0; $i<$entries['count']; $i++) {
-                $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);       
-            }
-        }
-        
-        return $entries;
-    }
-    
-    /**
-    * Returns a list of Databases within any given storage group in Exchange for a given mail server
-    * 
-    * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
-    * @param array $attributes An array of the AD attributes you wish to return
-    * @return array
-    */
-    public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
-        
-        $filter = '(&(objectCategory=msExchPrivateMDB))';
-        $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
-        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        return $entries;
-    }
-}
+adldap = $adldap;
+    }
+    
+    /**
+    * Create an Exchange account
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+    *                            If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+    * @param string $emailAddress The primary email address to add to this user
+    * @param string $mailNickname The mail nick name.  If mail nickname is blank, the username will be used
+    * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+    * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+        if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+        
+        if ($baseDn === NULL) {
+            $baseDn = $this->adldap->getBaseDn();   
+        }
+        
+        $container = "CN=" . implode(",CN=", $storageGroup);
+        
+        if ($mailNickname === NULL) { 
+            $mailNickname = $username; 
+        }
+        $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+        
+        $attributes = array(
+            'exchange_homemdb'=>$container.",".$baseDn,
+            'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
+            'exchange_mailnickname'=>$mailNickname,
+            'exchange_usedefaults'=>$mdbUseDefaults
+        );
+        $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add an X400 address to Exchange
+    * See http://tools.ietf.org/html/rfc1685 for more information.
+    * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+    * 
+    * @param string $username The username of the user to add the X400 to to
+    * @param string $country Country
+    * @param string $admd Administration Management Domain
+    * @param string $pdmd Private Management Domain (often your AD domain)
+    * @param string $org Organization
+    * @param string $surname Surname
+    * @param string $givenName Given name
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false) 
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        
+        $proxyValue = 'X400:';
+            
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We do not have to demote an email address from the default so we can just add the new proxy address
+        $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+       
+        // Translate the update to the LDAP schema                
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        if (!$add) { return false; }
+        
+        // Do the update
+        // Take out the @ to see any errors, usually this error might occur because the address already
+        // exists in the list of proxyAddresses
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Add an address to Exchange
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        $proxyValue = 'smtp:';
+        if ($default === true) {
+            $proxyValue = 'SMTP:';
+        }
+              
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We need to scan existing proxy addresses and demote the default one
+        if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+            $modAddresses = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            // We do not have to demote an email address from the default so we can just add the new proxy address
+            $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
+            
+            // Translate the update to the LDAP schema                
+            $add = $this->adldap->adldap_schema($attributes);
+            
+            if (!$add) { 
+                return false; 
+            }
+            
+            // Do the update
+            // Take out the @ to see any errors, usually this error might occur because the address already
+            // exists in the list of proxyAddresses
+            $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+    }
+    
+    /**
+    * Remove an address to Exchange
+    * If you remove a default address the account will no longer have a default, 
+    * we recommend changing the default address first
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function deleteAddress($username, $emailAddress, $isGUID=false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $mod = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
+    /**
+    * Change the default address
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to make default
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function primaryAddress($username, $emailAddress, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $modAddresses = array();
+            for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedName The contact to mail enable
+    * @param string $emailAddress The email address to allow emails to be sent through
+    * @param string $mailNickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
+    {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }   
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }  
+        
+        if ($mailNickname !== NULL) {
+            // Find the dn of the user
+            $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+            if ($user[0]["displayname"] === NULL) { return false; }
+            $mailNickname = $user[0]['displayname'][0];
+        }
+        
+        $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+         
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { return false; }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+    * 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function servers($attributes = array('cn','distinguishedname','serialnumber')) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Storage Groups in Exchange for a given mail server
+    * 
+    * @param string $exchangeServer The full DN of an Exchange server.  You can use exchange_servers() to find the DN for your server
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @param bool $recursive If enabled this will automatically query the databases within a storage group
+    * @return array
+    */
+    public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+        $filter = '(&(objectCategory=msExchStorageGroup))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if ($recursive === true) {
+            for ($i=0; $i<$entries['count']; $i++) {
+                $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);       
+            }
+        }
+        
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Databases within any given storage group in Exchange for a given mail server
+    * 
+    * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+        
+        $filter = '(&(objectCategory=msExchPrivateMDB))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+}
 ?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
index 55120152d..67b1474db 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
@@ -1,179 +1,179 @@
-adldap = $adldap;
-    }
-    
-    /**
-    * Delete a distinguished name from Active Directory
-    * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
-    *
-    * @param string $dn The distinguished name to delete
-    * @return bool
-    */
-    public function delete($dn){ 
-        $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
-        if ($result != true) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Returns a folder listing for a specific OU
-    * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
-    * 
-    * @param array $folderName An array to the OU you wish to list. 
-    *                           If set to NULL will list the root, strongly recommended to set 
-    *                           $recursive to false in that instance!
-    * @param string $dnType The type of record to list.  This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
-    * @param bool $recursive Recursively search sub folders
-    * @param bool $type Specify a type of object to search for
-    * @return array
-    */
-    public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) 
-    {
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
-        if (!$this->adldap->getLdapBind()) { return false; }
-
-        $filter = '(&';
-        if ($type !== NULL) {
-            switch ($type) {
-                case 'contact':
-                    $filter .= '(objectClass=contact)';
-                    break;
-                case 'computer':
-                    $filter .= '(objectClass=computer)';
-                    break;
-                case 'group':
-                    $filter .= '(objectClass=group)';
-                    break;
-                case 'folder':
-                    $filter .= '(objectClass=organizationalUnit)';
-                    break;
-                case 'container':
-                    $filter .= '(objectClass=container)';
-                    break;
-                case 'domain':
-                    $filter .= '(objectClass=builtinDomain)';
-                    break;
-                default:
-                    $filter .= '(objectClass=user)';
-                    break;   
-            }
-        }
-        else {
-            $filter .= '(objectClass=*)';   
-        }
-        // If the folder name is null then we will search the root level of AD
-        // This requires us to not have an OU= part, just the base_dn
-        $searchOu = $this->adldap->getBaseDn();
-        if (is_array($folderName)) {
-            $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
-            $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
-            $searchOu = $ou . ',' . $this->adldap->getBaseDn();
-        }
-        else {
-            $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
-        }
-
-        if ($recursive === true) {
-            $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
-            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-            if (is_array($entries)) {
-                return $entries;
-            }
-        }
-        else {
-            $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
-            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-            if (is_array($entries)) {
-                return $entries;
-            }
-        }
-        
-        return false;
-    }
-
-    /**
-    * Create an organizational unit
-    * 
-    * @param array $attributes Default attributes of the ou
-    * @return bool
-    */
-    public function create($attributes)
-    {
-        if (!is_array($attributes)){ return "Attributes must be an array"; }
-        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
-        if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
-        if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
-        
-        $attributes["container"] = array_reverse($attributes["container"]);
-
-        $add=array();
-        $add["objectClass"] = "organizationalUnit";
-        $add["OU"] = $attributes['ou_name'];
-        $containers = "";
-        if (count($attributes['container']) > 0) {
-            $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
-        }
-
-        $containers = "OU=" . implode(",OU=", $attributes["container"]);
-        $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
-        if ($result != true) { 
-            return false; 
-        }
-        
-        return true;
-    }
-    
-}
-
+adldap = $adldap;
+    }
+    
+    /**
+    * Delete a distinguished name from Active Directory
+    * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+    *
+    * @param string $dn The distinguished name to delete
+    * @return bool
+    */
+    public function delete($dn){ 
+        $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Returns a folder listing for a specific OU
+    * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+    * 
+    * @param array $folderName An array to the OU you wish to list. 
+    *                           If set to NULL will list the root, strongly recommended to set 
+    *                           $recursive to false in that instance!
+    * @param string $dnType The type of record to list.  This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+    * @param bool $recursive Recursively search sub folders
+    * @param bool $type Specify a type of object to search for
+    * @return array
+    */
+    public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) 
+    {
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = '(&';
+        if ($type !== NULL) {
+            switch ($type) {
+                case 'contact':
+                    $filter .= '(objectClass=contact)';
+                    break;
+                case 'computer':
+                    $filter .= '(objectClass=computer)';
+                    break;
+                case 'group':
+                    $filter .= '(objectClass=group)';
+                    break;
+                case 'folder':
+                    $filter .= '(objectClass=organizationalUnit)';
+                    break;
+                case 'container':
+                    $filter .= '(objectClass=container)';
+                    break;
+                case 'domain':
+                    $filter .= '(objectClass=builtinDomain)';
+                    break;
+                default:
+                    $filter .= '(objectClass=user)';
+                    break;   
+            }
+        }
+        else {
+            $filter .= '(objectClass=*)';   
+        }
+        // If the folder name is null then we will search the root level of AD
+        // This requires us to not have an OU= part, just the base_dn
+        $searchOu = $this->adldap->getBaseDn();
+        if (is_array($folderName)) {
+            $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+            $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+            $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+        }
+        else {
+            $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+        }
+
+        if ($recursive === true) {
+            $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        else {
+            $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        
+        return false;
+    }
+
+    /**
+    * Create an organizational unit
+    * 
+    * @param array $attributes Default attributes of the ou
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+        if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+        if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+        
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        $add=array();
+        $add["objectClass"] = "organizationalUnit";
+        $add["OU"] = $attributes['ou_name'];
+        $containers = "";
+        if (count($attributes['container']) > 0) {
+            $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+        }
+
+        $containers = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+}
+
 ?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
index 05e4cc93b..94bc04853 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
@@ -1,631 +1,631 @@
-adldap = $adldap;
-    }
-    
-    /**
-    * Add a group to a group
-    * 
-    * @param string $parent The parent group name
-    * @param string $child The child group name
-    * @return bool
-    */
-    public function addGroup($parent,$child){
-
-        // Find the parent group's dn
-        $parentGroup = $this->ginfo($parent, array("cn"));
-        if ($parentGroup[0]["dn"] === NULL){
-            return false; 
-        }
-        $parentDn = $parentGroup[0]["dn"];
-        
-        // Find the child group's dn
-        $childGroup = $this->info($child, array("cn"));
-        if ($childGroup[0]["dn"] === NULL){ 
-            return false; 
-        }
-        $childDn = $childGroup[0]["dn"];
-                
-        $add = array();
-        $add["member"] = $childDn;
-        
-        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Add a user to a group
-    * 
-    * @param string $group The group to add the user to
-    * @param string $user The user to add to the group
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function addUser($group, $user, $isGUID = false)
-    {
-        // Adding a user is a bit fiddly, we need to get the full DN of the user
-        // and add it using the full DN of the group
-        
-        // Find the user's dn
-        $userDn = $this->adldap->user()->dn($user, $isGUID);
-        if ($userDn === false) { 
-            return false; 
-        }
-        
-        // Find the group's dn
-        $groupInfo = $this->info($group, array("cn"));
-        if ($groupInfo[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $groupDn = $groupInfo[0]["dn"];
-        
-        $add = array();
-        $add["member"] = $userDn;
-        
-        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Add a contact to a group
-    * 
-    * @param string $group The group to add the contact to
-    * @param string $contactDn The DN of the contact to add
-    * @return bool
-    */
-    public function addContact($group, $contactDn)
-    {
-        // To add a contact we take the contact's DN
-        // and add it using the full DN of the group
-        
-        // Find the group's dn
-        $groupInfo = $this->info($group, array("cn"));
-        if ($groupInfo[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $groupDn = $groupInfo[0]["dn"];
-        
-        $add = array();
-        $add["member"] = $contactDn;
-        
-        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-
-    /**
-    * Create a group
-    * 
-    * @param array $attributes Default attributes of the group
-    * @return bool
-    */
-    public function create($attributes)
-    {
-        if (!is_array($attributes)){ return "Attributes must be an array"; }
-        if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
-        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
-        if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
-        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
-        $attributes["container"] = array_reverse($attributes["container"]);
-
-        //$member_array = array();
-        //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
-        //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
-        
-        $add = array();
-        $add["cn"] = $attributes["group_name"];
-        $add["samaccountname"] = $attributes["group_name"];
-        $add["objectClass"] = "Group";
-        $add["description"] = $attributes["description"];
-        //$add["member"] = $member_array; UNTESTED
-
-        $container = "OU=" . implode(",OU=", $attributes["container"]);
-        $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
-        if ($result != true) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Delete a group account 
-    * 
-    * @param string $group The group to delete (please be careful here!) 
-    * 
-    * @return array 
-    */
-    public function delete($group) {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($group === null){ return "Missing compulsory field [group]"; }
-        
-        $groupInfo = $this->info($group, array("*"));
-        $dn = $groupInfo[0]['distinguishedname'][0]; 
-        $result = $this->adldap->folder()->delete($dn); 
-        if ($result !== true) { 
-            return false; 
-        } return true;   
-    }
-
-    /**
-    * Remove a group from a group
-    * 
-    * @param string $parent The parent group name
-    * @param string $child The child group name
-    * @return bool
-    */
-    public function removeGroup($parent , $child)
-    {
-    
-        // Find the parent dn
-        $parentGroup = $this->info($parent, array("cn"));
-        if ($parentGroup[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $parentDn = $parentGroup[0]["dn"];
-        
-        // Find the child dn
-        $childGroup = $this->info($child, array("cn"));
-        if ($childGroup[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $childDn = $childGroup[0]["dn"];
-        
-        $del = array();
-        $del["member"] = $childDn;
-        
-        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Remove a user from a group
-    * 
-    * @param string $group The group to remove a user from
-    * @param string $user The AD user to remove from the group
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function removeUser($group, $user, $isGUID = false)
-    {
-    
-        // Find the parent dn
-        $groupInfo = $this->info($group, array("cn"));
-        if ($groupInfo[0]["dn"] === NULL){ 
-            return false; 
-        }
-        $groupDn = $groupInfo[0]["dn"];
-        
-        // Find the users dn
-        $userDn = $this->adldap->user()->dn($user, $isGUID);
-        if ($userDn === false) {
-            return false; 
-        }
-
-        $del = array();
-        $del["member"] = $userDn;
-        
-        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
-        if ($result == false) {
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Remove a contact from a group
-    * 
-    * @param string $group The group to remove a user from
-    * @param string $contactDn The DN of a contact to remove from the group
-    * @return bool
-    */
-    public function removeContact($group, $contactDn)
-    {
-    
-        // Find the parent dn
-        $groupInfo = $this->info($group, array("cn"));
-        if ($groupInfo[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $groupDn = $groupInfo[0]["dn"];
-    
-        $del = array();
-        $del["member"] = $contactDn;
-        
-        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
-        if ($result == false) { 
-            return false; 
-        }
-        return true;
-    }
-    
-    /**
-    * Return a list of groups in a group
-    * 
-    * @param string $group The group to query
-    * @param bool $recursive Recursively get groups
-    * @return array
-    */
-    public function inGroup($group, $recursive = NULL)
-    {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
-        
-        // Search the directory for the members of a group
-        $info = $this->info($group, array("member","cn"));
-        $groups = $info[0]["member"];
-        if (!is_array($groups)) {
-            return false;   
-        }
- 
-        $groupArray = array();
-
-        for ($i=0; $i<$groups["count"]; $i++){ 
-             $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
-             $fields = array("samaccountname", "distinguishedname", "objectClass");
-             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-             // not a person, look for a group  
-             if ($entries['count'] == 0 && $recursive == true) {  
-                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";  
-                $fields = array("distinguishedname");  
-                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
-                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
-                if (!isset($entries[0]['distinguishedname'][0])) {
-                    continue;  
-                }
-                $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);  
-                if (is_array($subGroups)) {
-                    $groupArray = array_merge($groupArray, $subGroups); 
-                    $groupArray = array_unique($groupArray);  
-                }
-                continue;  
-             } 
-
-             $groupArray[] = $entries[0]['distinguishedname'][0];
-        }
-        return $groupArray;
-    }
-    
-    /**
-    * Return a list of members in a group
-    * 
-    * @param string $group The group to query
-    * @param bool $recursive Recursively get group members
-    * @return array
-    */
-    public function members($group, $recursive = NULL)
-    {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
-        // Search the directory for the members of a group
-        $info = $this->info($group, array("member","cn"));
-        $users = $info[0]["member"];
-        if (!is_array($users)) {
-            return false;   
-        }
- 
-        $userArray = array();
-
-        for ($i=0; $i<$users["count"]; $i++){ 
-             $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
-             $fields = array("samaccountname", "distinguishedname", "objectClass");
-             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-             // not a person, look for a group  
-             if ($entries['count'] == 0 && $recursive == true) {  
-                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";  
-                $fields = array("samaccountname");  
-                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
-                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
-                if (!isset($entries[0]['samaccountname'][0])) {
-                    continue;  
-                }
-                $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);  
-                if (is_array($subUsers)) {
-                    $userArray = array_merge($userArray, $subUsers); 
-                    $userArray = array_unique($userArray);  
-                }
-                continue;  
-             } 
-             else if ($entries['count'] == 0) {   
-                continue; 
-             } 
-
-             if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
-                 $userArray[] = $entries[0]['distinguishedname'][0];
-             }
-             else if ($entries[0]['samaccountname'][0] !== NULL) {
-                $userArray[] = $entries[0]['samaccountname'][0];
-             }
-        }
-        return $userArray;
-    }
-    
-    /**
-    * Group Information.  Returns an array of raw information about a group.
-    * The group name is case sensitive
-    * 
-    * @param string $groupName The group name to retrieve info about
-    * @param array $fields Fields to retrieve
-    * @return array
-    */
-    public function info($groupName, $fields = NULL)
-    {
-        if ($groupName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        if (stristr($groupName, '+')) {
-            $groupName = stripslashes($groupName);   
-        }
-        
-        $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
-        if ($fields === NULL) { 
-            $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); 
-        }
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        return $entries;
-    }
-    
-    /**
-    * Group Information.  Returns an collection
-    * The group name is case sensitive
-    * 
-    * @param string $groupName The group name to retrieve info about
-    * @param array $fields Fields to retrieve
-    * @return adLDAPGroupCollection
-    */
-    public function infoCollection($groupName, $fields = NULL)
-    {
-        if ($groupName === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        $info = $this->info($groupName, $fields);
-        if ($info !== false) {
-            $collection = new adLDAPGroupCollection($info, $this->adldap);
-            return $collection;
-        }
-        return false;
-    }
-    
-    /**
-    * Return a complete list of "groups in groups"
-    * 
-    * @param string $group The group to get the list from
-    * @return array
-    */
-    public function recursiveGroups($group)
-    {
-        if ($group === NULL) { return false; }
-
-        $stack = array(); 
-        $processed = array(); 
-        $retGroups = array(); 
-     
-        array_push($stack, $group); // Initial Group to Start with 
-        while (count($stack) > 0) {
-            $parent = array_pop($stack);
-            array_push($processed, $parent);
-            
-            $info = $this->info($parent, array("memberof"));
-            
-            if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
-                $groups = $info[0]["memberof"]; 
-                if ($groups) {
-                    $groupNames = $this->adldap->utilities()->niceNames($groups);  
-                    $retGroups = array_merge($retGroups, $groupNames); //final groups to return
-                    foreach ($groupNames as $id => $groupName) { 
-                        if (!in_array($groupName, $processed)) {
-                            array_push($stack, $groupName);
-                        }
-                    }
-                }
-            }
-        }
-        
-        return $retGroups;
-    }
-    
-    /**
-    * Returns a complete list of the groups in AD based on a SAM Account Type  
-    * 
-    * @param string $sAMAaccountType The account type to return
-    * @param bool $includeDescription Whether to return a description
-    * @param string $search Search parameters
-    * @param bool $sorted Whether to sort the results
-    * @return array
-    */
-    public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        $filter = '(&(objectCategory=group)';
-        if ($sAMAaccountType !== null) {
-            $filter .= '(samaccounttype='. $sAMAaccountType .')';
-        }
-        $filter .= '(cn=' . $search . '))';
-        // Perform the search and grab all their details
-        $fields = array("samaccountname", "description");
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        $groupsArray = array();        
-        for ($i=0; $i<$entries["count"]; $i++){
-            if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
-                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
-            }
-            else if ($includeDescription){
-                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
-            }
-            else {
-                array_push($groupsArray, $entries[$i]["samaccountname"][0]);
-            }
-        }
-        if ($sorted) { 
-            asort($groupsArray); 
-        }
-        return $groupsArray;
-    }
-    
-    /**
-    * Returns a complete list of all groups in AD
-    * 
-    * @param bool $includeDescription Whether to return a description
-    * @param string $search Search parameters
-    * @param bool $sorted Whether to sort the results
-    * @return array
-    */
-    public function all($includeDescription = false, $search = "*", $sorted = true){
-        $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
-        return $groupsArray;
-    }
-    
-    /**
-    * Returns a complete list of security groups in AD
-    * 
-    * @param bool $includeDescription Whether to return a description
-    * @param string $search Search parameters
-    * @param bool $sorted Whether to sort the results
-    * @return array
-    */
-    public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
-        $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
-        return $groupsArray;
-    }
-    
-    /**
-    * Returns a complete list of distribution lists in AD
-    * 
-    * @param bool $includeDescription Whether to return a description
-    * @param string $search Search parameters
-    * @param bool $sorted Whether to sort the results
-    * @return array
-    */
-    public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
-        $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
-        return $groupsArray;
-    }
-    
-    /**
-    * Coping with AD not returning the primary group
-    * http://support.microsoft.com/?kbid=321360 
-    * 
-    * This is a re-write based on code submitted by Bruce which prevents the 
-    * need to search each security group to find the true primary group
-    * 
-    * @param string $gid Group ID
-    * @param string $usersid User's Object SID
-    * @return mixed
-    */
-    public function getPrimaryGroup($gid, $usersid)
-    {
-        if ($gid === NULL || $usersid === NULL) { return false; }
-        $sr = false;
-
-        $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
-        $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
-        $fields = array("samaccountname","distinguishedname");
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        if (isset($entries[0]['distinguishedname'][0])) {
-            return $entries[0]['distinguishedname'][0];
-        }
-        return false;
-     }
-     
-     /**
-    * Coping with AD not returning the primary group
-    * http://support.microsoft.com/?kbid=321360 
-    * 
-    * For some reason it's not possible to search on primarygrouptoken=XXX
-    * If someone can show otherwise, I'd like to know about it :)
-    * this way is resource intensive and generally a pain in the @#%^
-    * 
-    * @deprecated deprecated since version 3.1, see get get_primary_group
-    * @param string $gid Group ID
-    * @return string
-    */
-    public function cn($gid){    
-        if ($gid === NULL) { return false; }
-        $sr = false;
-        $r = '';
-        
-        $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
-        $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        
-        for ($i=0; $i<$entries["count"]; $i++){
-            if ($entries[$i]["primarygrouptoken"][0] == $gid) {
-                $r = $entries[$i]["distinguishedname"][0];
-                $i = $entries["count"];
-            }
-        }
-
-        return $r;
-    }
-}
-?>
+adldap = $adldap;
+    }
+    
+    /**
+    * Add a group to a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function addGroup($parent,$child){
+
+        // Find the parent group's dn
+        $parentGroup = $this->ginfo($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL){
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child group's dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+                
+        $add = array();
+        $add["member"] = $childDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a user to a group
+    * 
+    * @param string $group The group to add the user to
+    * @param string $user The user to add to the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addUser($group, $user, $isGUID = false)
+    {
+        // Adding a user is a bit fiddly, we need to get the full DN of the user
+        // and add it using the full DN of the group
+        
+        // Find the user's dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $userDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a contact to a group
+    * 
+    * @param string $group The group to add the contact to
+    * @param string $contactDn The DN of the contact to add
+    * @return bool
+    */
+    public function addContact($group, $contactDn)
+    {
+        // To add a contact we take the contact's DN
+        // and add it using the full DN of the group
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $contactDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+
+    /**
+    * Create a group
+    * 
+    * @param array $attributes Default attributes of the group
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        //$member_array = array();
+        //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+        //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+        
+        $add = array();
+        $add["cn"] = $attributes["group_name"];
+        $add["samaccountname"] = $attributes["group_name"];
+        $add["objectClass"] = "Group";
+        $add["description"] = $attributes["description"];
+        //$add["member"] = $member_array; UNTESTED
+
+        $container = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Delete a group account 
+    * 
+    * @param string $group The group to delete (please be careful here!) 
+    * 
+    * @return array 
+    */
+    public function delete($group) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($group === null){ return "Missing compulsory field [group]"; }
+        
+        $groupInfo = $this->info($group, array("*"));
+        $dn = $groupInfo[0]['distinguishedname'][0]; 
+        $result = $this->adldap->folder()->delete($dn); 
+        if ($result !== true) { 
+            return false; 
+        } return true;   
+    }
+
+    /**
+    * Remove a group from a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function removeGroup($parent , $child)
+    {
+    
+        // Find the parent dn
+        $parentGroup = $this->info($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+        
+        $del = array();
+        $del["member"] = $childDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a user from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $user The AD user to remove from the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function removeUser($group, $user, $isGUID = false)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        // Find the users dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) {
+            return false; 
+        }
+
+        $del = array();
+        $del["member"] = $userDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) {
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a contact from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $contactDn The DN of a contact to remove from the group
+    * @return bool
+    */
+    public function removeContact($group, $contactDn)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+    
+        $del = array();
+        $del["member"] = $contactDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Return a list of groups in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get groups
+    * @return array
+    */
+    public function inGroup($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $groups = $info[0]["member"];
+        if (!is_array($groups)) {
+            return false;   
+        }
+ 
+        $groupArray = array();
+
+        for ($i=0; $i<$groups["count"]; $i++){ 
+             $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";  
+                $fields = array("distinguishedname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['distinguishedname'][0])) {
+                    continue;  
+                }
+                $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);  
+                if (is_array($subGroups)) {
+                    $groupArray = array_merge($groupArray, $subGroups); 
+                    $groupArray = array_unique($groupArray);  
+                }
+                continue;  
+             } 
+
+             $groupArray[] = $entries[0]['distinguishedname'][0];
+        }
+        return $groupArray;
+    }
+    
+    /**
+    * Return a list of members in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get group members
+    * @return array
+    */
+    public function members($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $users = $info[0]["member"];
+        if (!is_array($users)) {
+            return false;   
+        }
+ 
+        $userArray = array();
+
+        for ($i=0; $i<$users["count"]; $i++){ 
+             $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";  
+                $fields = array("samaccountname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['samaccountname'][0])) {
+                    continue;  
+                }
+                $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);  
+                if (is_array($subUsers)) {
+                    $userArray = array_merge($userArray, $subUsers); 
+                    $userArray = array_unique($userArray);  
+                }
+                continue;  
+             } 
+             else if ($entries['count'] == 0) {   
+                continue; 
+             } 
+
+             if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+                 $userArray[] = $entries[0]['distinguishedname'][0];
+             }
+             else if ($entries[0]['samaccountname'][0] !== NULL) {
+                $userArray[] = $entries[0]['samaccountname'][0];
+             }
+        }
+        return $userArray;
+    }
+    
+    /**
+    * Group Information.  Returns an array of raw information about a group.
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return array
+    */
+    public function info($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        if (stristr($groupName, '+')) {
+            $groupName = stripslashes($groupName);   
+        }
+        
+        $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+        if ($fields === NULL) { 
+            $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        return $entries;
+    }
+    
+    /**
+    * Group Information.  Returns an collection
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return adLDAPGroupCollection
+    */
+    public function infoCollection($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($groupName, $fields);
+        if ($info !== false) {
+            $collection = new adLDAPGroupCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Return a complete list of "groups in groups"
+    * 
+    * @param string $group The group to get the list from
+    * @return array
+    */
+    public function recursiveGroups($group)
+    {
+        if ($group === NULL) { return false; }
+
+        $stack = array(); 
+        $processed = array(); 
+        $retGroups = array(); 
+     
+        array_push($stack, $group); // Initial Group to Start with 
+        while (count($stack) > 0) {
+            $parent = array_pop($stack);
+            array_push($processed, $parent);
+            
+            $info = $this->info($parent, array("memberof"));
+            
+            if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+                $groups = $info[0]["memberof"]; 
+                if ($groups) {
+                    $groupNames = $this->adldap->utilities()->niceNames($groups);  
+                    $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+                    foreach ($groupNames as $id => $groupName) { 
+                        if (!in_array($groupName, $processed)) {
+                            array_push($stack, $groupName);
+                        }
+                    }
+                }
+            }
+        }
+        
+        return $retGroups;
+    }
+    
+    /**
+    * Returns a complete list of the groups in AD based on a SAM Account Type  
+    * 
+    * @param string $sAMAaccountType The account type to return
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $filter = '(&(objectCategory=group)';
+        if ($sAMAaccountType !== null) {
+            $filter .= '(samaccounttype='. $sAMAaccountType .')';
+        }
+        $filter .= '(cn=' . $search . '))';
+        // Perform the search and grab all their details
+        $fields = array("samaccountname", "description");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $groupsArray = array();        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+            }
+            else if ($includeDescription){
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($groupsArray); 
+        }
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of all groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of security groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of distribution lists in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * This is a re-write based on code submitted by Bruce which prevents the 
+    * need to search each security group to find the true primary group
+    * 
+    * @param string $gid Group ID
+    * @param string $usersid User's Object SID
+    * @return mixed
+    */
+    public function getPrimaryGroup($gid, $usersid)
+    {
+        if ($gid === NULL || $usersid === NULL) { return false; }
+        $sr = false;
+
+        $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+        $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+        $fields = array("samaccountname","distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if (isset($entries[0]['distinguishedname'][0])) {
+            return $entries[0]['distinguishedname'][0];
+        }
+        return false;
+     }
+     
+     /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * For some reason it's not possible to search on primarygrouptoken=XXX
+    * If someone can show otherwise, I'd like to know about it :)
+    * this way is resource intensive and generally a pain in the @#%^
+    * 
+    * @deprecated deprecated since version 3.1, see get get_primary_group
+    * @param string $gid Group ID
+    * @return string
+    */
+    public function cn($gid){    
+        if ($gid === NULL) { return false; }
+        $sr = false;
+        $r = '';
+        
+        $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+        $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+                $r = $entries[$i]["distinguishedname"][0];
+                $i = $entries["count"];
+            }
+        }
+
+        return $r;
+    }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
index 96a93b512..839fd592d 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
@@ -1,682 +1,682 @@
-adldap = $adldap;
-    }
-    
-    /**
-    * Validate a user's login credentials
-    * 
-    * @param string $username A user's AD username
-    * @param string $password A user's AD password
-    * @param bool optional $prevent_rebind
-    * @return bool
-    */
-    public function authenticate($username, $password, $preventRebind = false) {
-        return $this->adldap->authenticate($username, $password, $preventRebind);
-    }
-    
-    /**
-    * Create a user
-    * 
-    * If you specify a password here, this can only be performed over SSL
-    * 
-    * @param array $attributes The attributes to set to the user account
-    * @return bool
-    */
-    public function create($attributes)
-    {
-        // Check for compulsory fields
-        if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
-        if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
-        if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
-        if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
-        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
-        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
-
-        if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){ 
-            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
-        }
-
-        if (!array_key_exists("display_name", $attributes)) { 
-            $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"]; 
-        }
-
-        // Translate the schema
-        $add = $this->adldap->adldap_schema($attributes);
-        
-        // Additional stuff only used for adding accounts
-        $add["cn"][0] = $attributes["display_name"];
-        $add["samaccountname"][0] = $attributes["username"];
-        $add["objectclass"][0] = "top";
-        $add["objectclass"][1] = "person";
-        $add["objectclass"][2] = "organizationalPerson";
-        $add["objectclass"][3] = "user"; //person?
-        //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
-
-        // Set the account control attribute
-        $control_options = array("NORMAL_ACCOUNT");
-        if (!$attributes["enabled"]) { 
-            $control_options[] = "ACCOUNTDISABLE"; 
-        }
-        $add["userAccountControl"][0] = $this->accountControl($control_options);
-        
-        // Determine the container
-        $attributes["container"] = array_reverse($attributes["container"]);
-        $container = "OU=" . implode(", OU=",$attributes["container"]);
-
-        // Add the entry
-        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
-        if ($result != true) { 
-            return false; 
-        }
-        
-        return true;
-    }
-    
-    /**
-    * Account control options
-    *
-    * @param array $options The options to convert to int 
-    * @return int
-    */
-    protected function accountControl($options)
-    {
-        $val=0;
-
-        if (is_array($options)) {
-            if (in_array("SCRIPT",$options)){ $val=$val+1; }
-            if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
-            if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
-            if (in_array("LOCKOUT",$options)){ $val=$val+16; }
-            if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
-            //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
-            //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
-            if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
-            if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
-            if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
-            if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
-            if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
-            if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
-            if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
-            if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
-            if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
-            if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
-            if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
-            if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
-            if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; } 
-            if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
-            if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
-        }
-        return $val;
-    }
-    
-    /**
-    * Delete a user account
-    * 
-    * @param string $username The username to delete (please be careful here!)
-    * @param bool $isGUID Is the username a GUID or a samAccountName
-    * @return array
-    */
-    public function delete($username, $isGUID = false) 
-    {      
-        $userinfo = $this->info($username, array("*"), $isGUID);
-        $dn = $userinfo[0]['distinguishedname'][0];
-        $result = $this->adldap->folder()->delete($dn);
-        if ($result != true) { 
-            return false;
-        }        
-        return true;
-    }
-    
-    /**
-    * Groups the user is a member of
-    * 
-    * @param string $username The username to query
-    * @param bool $recursive Recursive list of groups
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return array
-    */
-    public function groups($username, $recursive = NULL, $isGUID = false)
-    {
-        if ($username === NULL) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        // Search the directory for their information
-        $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
-        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
-
-        if ($recursive === true){
-            foreach ($groups as $id => $groupName){
-                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
-                $groups = array_merge($groups, $extraGroups);
-            }
-        }
-        
-        return $groups;
-    }
-    
-    /**
-    * Find information about the users. Returned in a raw array format from AD
-    * 
-    * @param string $username The username to query
-    * @param array $fields Array of parameters to query
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return array
-    */
-    public function info($username, $fields = NULL, $isGUID = false)
-    {
-        if ($username === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-
-        if ($isGUID === true) {
-            $username = $this->adldap->utilities()->strGuidToHex($username);
-            $filter = "objectguid=" . $username;
-        }
-        else if (strstr($username, "@")) {
-             $filter = "userPrincipalName=" . $username;
-        }
-        else {
-             $filter = "samaccountname=" . $username;
-        }
-        $filter = "(&(objectCategory=person)({$filter}))";
-        if ($fields === NULL) { 
-            $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); 
-        }
-        if (!in_array("objectsid", $fields)) {
-            $fields[] = "objectsid";
-        }
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-        
-        if (isset($entries[0])) {
-            if ($entries[0]['count'] >= 1) {
-                if (in_array("memberof", $fields)) {
-                    // AD does not return the primary group in the ldap query, we may need to fudge it
-                    if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
-                        //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
-                        $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
-                    } else {
-                        $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
-                    }
-                    if (!isset($entries[0]["memberof"]["count"])) {
-                        $entries[0]["memberof"]["count"] = 0;
-                    }
-                    $entries[0]["memberof"]["count"]++;
-                }
-            }
-            
-            return $entries;
-        }
-        return false;
-    }
-    
-    /**
-    * Find information about the users. Returned in a raw array format from AD
-    * 
-    * @param string $username The username to query
-    * @param array $fields Array of parameters to query
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return mixed
-    */
-    public function infoCollection($username, $fields = NULL, $isGUID = false)
-    {
-        if ($username === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        $info = $this->info($username, $fields, $isGUID);
-        
-        if ($info !== false) {
-            $collection = new adLDAPUserCollection($info, $this->adldap);
-            return $collection;
-        }
-        return false;
-    }
-    
-    /**
-    * Determine if a user is in a specific group
-    * 
-    * @param string $username The username to query
-    * @param string $group The name of the group to check against
-    * @param bool $recursive Check groups recursively
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
-    {
-        if ($username === NULL) { return false; }
-        if ($group === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
-        
-        // Get a list of the groups
-        $groups = $this->groups($username, $recursive, $isGUID);
-        
-        // Return true if the specified group is in the group list
-        if (in_array($group, $groups)) { 
-            return true; 
-        }
-
-        return false;
-    }
-    
-    /**
-    * Determine a user's password expiry date
-    * 
-    * @param string $username The username to query
-    * @param book $isGUID Is the username passed a GUID or a samAccountName
-    * @requires bcmath http://www.php.net/manual/en/book.bc.php
-    * @return array
-    */
-    public function passwordExpiry($username, $isGUID = false) 
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
-        
-        $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
-        $pwdLastSet = $userInfo[0]['pwdlastset'][0];
-        $status = array();
-        
-        if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
-            // Password does not expire
-            return "Does not expire";
-        }
-        if ($pwdLastSet === '0') {
-            // Password has already expired
-            return "Password has expired";
-        }
-        
-         // Password expiry in AD can be calculated from TWO values:
-         //   - User's own pwdLastSet attribute: stores the last time the password was changed
-         //   - Domain's maxPwdAge attribute: how long passwords last in the domain
-         //
-         // Although Microsoft chose to use a different base and unit for time measurements.
-         // This function will convert them to Unix timestamps
-         $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
-         if (!$sr) {
-             return false;
-         }
-         $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-         $maxPwdAge = $info[0]['maxpwdage'][0];
-         
-
-         // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
-         //
-         // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC), 
-         // stored in a 64 bit integer. 
-         //
-         // The number of seconds between this date and Unix epoch is 11644473600.
-         //
-         // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
-         // intervals from the time the password was set before the password expires.
-         //
-         // We also need to scale this to seconds but also this value is a _negative_ quantity!
-         //
-         // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
-         //
-         // Unfortunately the maths involved are too big for PHP integers, so I've had to require
-         // BCMath functions to work with arbitrary precision numbers.
-         if (bcmod($maxPwdAge, 4294967296) === '0') {
-            return "Domain does not expire passwords";
-        }
-        
-        // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
-        // time units.  Because maxpwd age is negative we need to subtract it.
-        $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
-    
-        // Convert MS's time to Unix time
-        $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
-        $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
-        
-        return $status;
-    }
-    
-    /**
-    * Modify a user
-    * 
-    * @param string $username The username to query
-    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function modify($username, $attributes, $isGUID = false)
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }
-        if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
-            throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
-        }
-
-        // Find the dn of the user
-        $userDn = $this->dn($username, $isGUID);
-        if ($userDn === false) { 
-            return false; 
-        }
-        
-        // Translate the update to the LDAP schema                
-        $mod = $this->adldap->adldap_schema($attributes);
-        
-        // Check to see if this is an enabled status update
-        if (!$mod && !array_key_exists("enabled", $attributes)){ 
-            return false; 
-        }
-        
-        // Set the account control attribute (only if specified)
-        if (array_key_exists("enabled", $attributes)){
-            if ($attributes["enabled"]){ 
-                $controlOptions = array("NORMAL_ACCOUNT"); 
-            }
-            else { 
-                $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE"); 
-            }
-            $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
-        }
-
-        // Do the update
-        $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
-        if ($result == false) { 
-            return false; 
-        }
-        
-        return true;
-    }
-    
-    /**
-    * Disable a user account
-    * 
-    * @param string $username The username to disable
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function disable($username, $isGUID = false)
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }
-        $attributes = array("enabled" => 0);
-        $result = $this->modify($username, $attributes, $isGUID);
-        if ($result == false) { return false; }
-        
-        return true;
-    }
-    
-    /**
-    * Enable a user account
-    * 
-    * @param string $username The username to enable
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function enable($username, $isGUID = false)
-    {
-        if ($username === NULL) { return "Missing compulsory field [username]"; }
-        $attributes = array("enabled" => 1);
-        $result = $this->modify($username, $attributes, $isGUID);
-        if ($result == false) { return false; }
-        
-        return true;
-    }
-    
-    /**
-    * Set the password of a user - This must be performed over SSL
-    * 
-    * @param string $username The username to modify
-    * @param string $password The new password
-    * @param bool $isGUID Is the username passed a GUID or a samAccountName
-    * @return bool
-    */
-    public function password($username, $password, $isGUID = false)
-    {
-        if ($username === NULL) { return false; }
-        if ($password === NULL) { return false; }
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
-            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
-        }
-        
-        $userDn = $this->dn($username, $isGUID);
-        if ($userDn === false) { 
-            return false; 
-        }
-                
-        $add=array();
-        $add["unicodePwd"][0] = $this->encodePassword($password);
-        
-        $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
-        if ($result === false){
-            $err = ldap_errno($this->adldap->getLdapConnection());
-            if ($err) {
-                $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
-                if($err == 53) {
-                    $msg .= ' Your password might not match the password policy.';
-                }
-                throw new adLDAPException($msg);
-            }
-            else {
-                return false;
-            }
-        }
-        
-        return true;
-    }
-    
-    /**
-    * Encode a password for transmission over LDAP
-    *
-    * @param string $password The password to encode
-    * @return string
-    */
-    public function encodePassword($password)
-    {
-        $password="\"".$password."\"";
-        $encoded="";
-        for ($i=0; $i info($username, array("cn"), $isGUID);
-        if ($user[0]["dn"] === NULL) { 
-            return false; 
-        }
-        $userDn = $user[0]["dn"];
-        return $userDn;
-    }
-    
-    /**
-    * Return a list of all users in AD
-    * 
-    * @param bool $includeDescription Return a description of the user
-    * @param string $search Search parameter
-    * @param bool $sorted Sort the user accounts
-    * @return array
-    */
-    public function all($includeDescription = false, $search = "*", $sorted = true)
-    {
-        if (!$this->adldap->getLdapBind()) { return false; }
-        
-        // Perform the search and grab all their details
-        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
-        $fields = array("samaccountname","displayname");
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        $usersArray = array();
-        for ($i=0; $i<$entries["count"]; $i++){
-            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
-                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
-            } elseif ($includeDescription){
-                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
-            } else {
-                array_push($usersArray, $entries[$i]["samaccountname"][0]);
-            }
-        }
-        if ($sorted) { 
-            asort($usersArray); 
-        }
-        return $usersArray;
-    }
-    
-    /**
-    * Converts a username (samAccountName) to a GUID
-    * 
-    * @param string $username The username to query
-    * @return string
-    */
-    public function usernameToGuid($username) 
-    {
-        if (!$this->adldap->getLdapBind()){ return false; }
-        if ($username === null){ return "Missing compulsory field [username]"; }
-        
-        $filter = "samaccountname=" . $username; 
-        $fields = array("objectGUID"); 
-        $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); 
-        if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) { 
-            $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr); 
-            $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID'); 
-            $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);          
-            return $strGUID; 
-        }
-        return false; 
-    }
-    
-    /**
-    * Return a list of all users in AD that have a specific value in a field
-    *
-    * @param bool $includeDescription Return a description of the user
-    * @param string $searchField Field to search search for
-    * @param string $searchFilter Value to search for in the specified field
-    * @param bool $sorted Sort the user accounts
-    * @return array
-    */
-    public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
-        if (!$this->adldap->getLdapBind()){ return false; }
-          
-        // Perform the search and grab all their details
-        $searchParams = "";
-        if ($searchField) {
-            $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
-        }                           
-        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
-        $fields = array("samaccountname","displayname");
-        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
-        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
-        $usersArray = array();
-        for ($i=0; $i < $entries["count"]; $i++) {
-            if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
-                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
-            }
-            else if ($includeDescription) {
-                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
-            }
-            else {
-                array_push($usersArray, $entries[$i]["samaccountname"][0]);
-            }
-        }
-        if ($sorted){ 
-          asort($usersArray); 
-        }
-        return ($usersArray);
-    }
-    
-    /**
-    * Move a user account to a different OU
-    *
-    * @param string $username The username to move (please be careful here!)
-    * @param array $container The container or containers to move the user to (please be careful here!).
-    * accepts containers in 1. parent 2. child order
-    * @return array
-    */
-    public function move($username, $container) 
-    {
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if ($username === null) { return "Missing compulsory field [username]"; }
-        if ($container === null) { return "Missing compulsory field [container]"; }
-        if (!is_array($container)) { return "Container must be an array"; }
-        
-        $userInfo = $this->info($username, array("*"));
-        $dn = $userInfo[0]['distinguishedname'][0];
-        $newRDn = "cn=" . $username;
-        $container = array_reverse($container);
-        $newContainer = "ou=" . implode(",ou=",$container);
-        $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
-        $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
-        if ($result !== true) {
-            return false;
-        }
-        return true;
-    }
-    
-    /**
-    * Get the last logon time of any user as a Unix timestamp
-    * 
-    * @param string $username
-    * @return long $unixTimestamp
-    */
-    public function getLastLogon($username) {
-        if (!$this->adldap->getLdapBind()) { return false; }
-        if ($username === null) { return "Missing compulsory field [username]"; }
-        $userInfo = $this->info($username, array("lastLogonTimestamp"));
-        $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
-        return $lastLogon;
-    }
-    
-}
-?>
+adldap = $adldap;
+    }
+    
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $prevent_rebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $preventRebind = false) {
+        return $this->adldap->authenticate($username, $password, $preventRebind);
+    }
+    
+    /**
+    * Create a user
+    * 
+    * If you specify a password here, this can only be performed over SSL
+    * 
+    * @param array $attributes The attributes to set to the user account
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
+        if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
+        if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
+        if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+
+        if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        if (!array_key_exists("display_name", $attributes)) { 
+            $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"]; 
+        }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding accounts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["samaccountname"][0] = $attributes["username"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "user"; //person?
+        //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+        // Set the account control attribute
+        $control_options = array("NORMAL_ACCOUNT");
+        if (!$attributes["enabled"]) { 
+            $control_options[] = "ACCOUNTDISABLE"; 
+        }
+        $add["userAccountControl"][0] = $this->accountControl($control_options);
+        
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Account control options
+    *
+    * @param array $options The options to convert to int 
+    * @return int
+    */
+    protected function accountControl($options)
+    {
+        $val=0;
+
+        if (is_array($options)) {
+            if (in_array("SCRIPT",$options)){ $val=$val+1; }
+            if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+            if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+            if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+            if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+            //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+            //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+            if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+            if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+            if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+            if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+            if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+            if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+            if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+            if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+            if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+            if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+            if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+            if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+            if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; } 
+            if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+            if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+        }
+        return $val;
+    }
+    
+    /**
+    * Delete a user account
+    * 
+    * @param string $username The username to delete (please be careful here!)
+    * @param bool $isGUID Is the username a GUID or a samAccountName
+    * @return array
+    */
+    public function delete($username, $isGUID = false) 
+    {      
+        $userinfo = $this->info($username, array("*"), $isGUID);
+        $dn = $userinfo[0]['distinguishedname'][0];
+        $result = $this->adldap->folder()->delete($dn);
+        if ($result != true) { 
+            return false;
+        }        
+        return true;
+    }
+    
+    /**
+    * Groups the user is a member of
+    * 
+    * @param string $username The username to query
+    * @param bool $recursive Recursive list of groups
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function groups($username, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function info($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        if ($isGUID === true) {
+            $username = $this->adldap->utilities()->strGuidToHex($username);
+            $filter = "objectguid=" . $username;
+        }
+        else if (strstr($username, "@")) {
+             $filter = "userPrincipalName=" . $username;
+        }
+        else {
+             $filter = "samaccountname=" . $username;
+        }
+        $filter = "(&(objectCategory=person)({$filter}))";
+        if ($fields === NULL) { 
+            $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); 
+        }
+        if (!in_array("objectsid", $fields)) {
+            $fields[] = "objectsid";
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if (isset($entries[0])) {
+            if ($entries[0]['count'] >= 1) {
+                if (in_array("memberof", $fields)) {
+                    // AD does not return the primary group in the ldap query, we may need to fudge it
+                    if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+                        //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                        $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+                    } else {
+                        $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+                    }
+                    if (!isset($entries[0]["memberof"]["count"])) {
+                        $entries[0]["memberof"]["count"] = 0;
+                    }
+                    $entries[0]["memberof"]["count"]++;
+                }
+            }
+            
+            return $entries;
+        }
+        return false;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return mixed
+    */
+    public function infoCollection($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($username, $fields, $isGUID);
+        
+        if ($info !== false) {
+            $collection = new adLDAPUserCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a user is in a specific group
+    * 
+    * @param string $username The username to query
+    * @param string $group The name of the group to check against
+    * @param bool $recursive Check groups recursively
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($username, $recursive, $isGUID);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)) { 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Determine a user's password expiry date
+    * 
+    * @param string $username The username to query
+    * @param book $isGUID Is the username passed a GUID or a samAccountName
+    * @requires bcmath http://www.php.net/manual/en/book.bc.php
+    * @return array
+    */
+    public function passwordExpiry($username, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+        
+        $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+        $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+        $status = array();
+        
+        if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+            // Password does not expire
+            return "Does not expire";
+        }
+        if ($pwdLastSet === '0') {
+            // Password has already expired
+            return "Password has expired";
+        }
+        
+         // Password expiry in AD can be calculated from TWO values:
+         //   - User's own pwdLastSet attribute: stores the last time the password was changed
+         //   - Domain's maxPwdAge attribute: how long passwords last in the domain
+         //
+         // Although Microsoft chose to use a different base and unit for time measurements.
+         // This function will convert them to Unix timestamps
+         $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+         if (!$sr) {
+             return false;
+         }
+         $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+         $maxPwdAge = $info[0]['maxpwdage'][0];
+         
+
+         // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+         //
+         // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC), 
+         // stored in a 64 bit integer. 
+         //
+         // The number of seconds between this date and Unix epoch is 11644473600.
+         //
+         // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+         // intervals from the time the password was set before the password expires.
+         //
+         // We also need to scale this to seconds but also this value is a _negative_ quantity!
+         //
+         // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+         //
+         // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+         // BCMath functions to work with arbitrary precision numbers.
+         if (bcmod($maxPwdAge, 4294967296) === '0') {
+            return "Domain does not expire passwords";
+        }
+        
+        // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+        // time units.  Because maxpwd age is negative we need to subtract it.
+        $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+    
+        // Convert MS's time to Unix time
+        $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+        $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+        
+        return $status;
+    }
+    
+    /**
+    * Modify a user
+    * 
+    * @param string $username The username to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function modify($username, $attributes, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        // Find the dn of the user
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod && !array_key_exists("enabled", $attributes)){ 
+            return false; 
+        }
+        
+        // Set the account control attribute (only if specified)
+        if (array_key_exists("enabled", $attributes)){
+            if ($attributes["enabled"]){ 
+                $controlOptions = array("NORMAL_ACCOUNT"); 
+            }
+            else { 
+                $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE"); 
+            }
+            $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+        }
+
+        // Do the update
+        $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Disable a user account
+    * 
+    * @param string $username The username to disable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function disable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 0);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Enable a user account
+    * 
+    * @param string $username The username to enable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function enable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 1);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Set the password of a user - This must be performed over SSL
+    * 
+    * @param string $username The username to modify
+    * @param string $password The new password
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function password($username, $password, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($password === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+        
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+                
+        $add=array();
+        $add["unicodePwd"][0] = $this->encodePassword($password);
+        
+        $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result === false){
+            $err = ldap_errno($this->adldap->getLdapConnection());
+            if ($err) {
+                $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+                if($err == 53) {
+                    $msg .= ' Your password might not match the password policy.';
+                }
+                throw new adLDAPException($msg);
+            }
+            else {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Encode a password for transmission over LDAP
+    *
+    * @param string $password The password to encode
+    * @return string
+    */
+    public function encodePassword($password)
+    {
+        $password="\"".$password."\"";
+        $encoded="";
+        for ($i=0; $i info($username, array("cn"), $isGUID);
+        if ($user[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $userDn = $user[0]["dn"];
+        return $userDn;
+    }
+    
+    /**
+    * Return a list of all users in AD
+    * 
+    * @param bool $includeDescription Return a description of the user
+    * @param string $search Search parameter
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true)
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Converts a username (samAccountName) to a GUID
+    * 
+    * @param string $username The username to query
+    * @return string
+    */
+    public function usernameToGuid($username) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($username === null){ return "Missing compulsory field [username]"; }
+        
+        $filter = "samaccountname=" . $username; 
+        $fields = array("objectGUID"); 
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); 
+        if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) { 
+            $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr); 
+            $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID'); 
+            $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);          
+            return $strGUID; 
+        }
+        return false; 
+    }
+    
+    /**
+    * Return a list of all users in AD that have a specific value in a field
+    *
+    * @param bool $includeDescription Return a description of the user
+    * @param string $searchField Field to search search for
+    * @param string $searchFilter Value to search for in the specified field
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
+        if (!$this->adldap->getLdapBind()){ return false; }
+          
+        // Perform the search and grab all their details
+        $searchParams = "";
+        if ($searchField) {
+            $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+        }                           
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i < $entries["count"]; $i++) {
+            if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            }
+            else if ($includeDescription) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted){ 
+          asort($usersArray); 
+        }
+        return ($usersArray);
+    }
+    
+    /**
+    * Move a user account to a different OU
+    *
+    * @param string $username The username to move (please be careful here!)
+    * @param array $container The container or containers to move the user to (please be careful here!).
+    * accepts containers in 1. parent 2. child order
+    * @return array
+    */
+    public function move($username, $container) 
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        if ($container === null) { return "Missing compulsory field [container]"; }
+        if (!is_array($container)) { return "Container must be an array"; }
+        
+        $userInfo = $this->info($username, array("*"));
+        $dn = $userInfo[0]['distinguishedname'][0];
+        $newRDn = "cn=" . $username;
+        $container = array_reverse($container);
+        $newContainer = "ou=" . implode(",ou=",$container);
+        $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+        $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+        if ($result !== true) {
+            return false;
+        }
+        return true;
+    }
+    
+    /**
+    * Get the last logon time of any user as a Unix timestamp
+    * 
+    * @param string $username
+    * @return long $unixTimestamp
+    */
+    public function getLastLogon($username) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        $userInfo = $this->info($username, array("lastLogonTimestamp"));
+        $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+        return $lastLogon;
+    }
+    
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
index f039a4290..5e8644188 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
@@ -1,264 +1,264 @@
-adldap = $adldap;
-    }
-    
-    
-    /**
-    * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
-    *
-    * @param array $groups
-    * @return array
-    */
-    public function niceNames($groups)
-    {
-
-        $groupArray = array();
-        for ($i=0; $i<$groups["count"]; $i++){ // For each group
-            $line = $groups[$i];
-            
-            if (strlen($line)>0) { 
-                // More presumptions, they're all prefixed with CN=
-                // so we ditch the first three characters and the group
-                // name goes up to the first comma
-                $bits=explode(",", $line);
-                $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
-            }
-        }
-        return $groupArray;    
-    }
-    
-    /**
-    * Escape characters for use in an ldap_create function
-    * 
-    * @param string $str
-    * @return string
-    */
-    public function escapeCharacters($str) {
-        $str = str_replace(",", "\,", $str);
-        return $str;
-    }
-    
-    /**
-    * Escape strings for the use in LDAP filters
-    * 
-    * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
-    * Ported from Perl's Net::LDAP::Util escape_filter_value
-    *
-    * @param string $str The string the parse
-    * @author Port by Andreas Gohr 
-    * @return string
-    */
-    public function ldapSlashes($str){
-        return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
-                            '"\\\\\".join("",unpack("H2","$1"))',
-                            $str);
-    }
-    
-    /**
-    * Converts a string GUID to a hexdecimal value so it can be queried
-    * 
-    * @param string $strGUID A string representation of a GUID
-    * @return string
-    */
-    public function strGuidToHex($strGUID) 
-    {
-        $strGUID = str_replace('-', '', $strGUID);
-
-        $octet_str = '\\' . substr($strGUID, 6, 2);
-        $octet_str .= '\\' . substr($strGUID, 4, 2);
-        $octet_str .= '\\' . substr($strGUID, 2, 2);
-        $octet_str .= '\\' . substr($strGUID, 0, 2);
-        $octet_str .= '\\' . substr($strGUID, 10, 2);
-        $octet_str .= '\\' . substr($strGUID, 8, 2);
-        $octet_str .= '\\' . substr($strGUID, 14, 2);
-        $octet_str .= '\\' . substr($strGUID, 12, 2);
-        //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
-        for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
-            if (($i % 2) == 0) {
-                $octet_str .= '\\' . substr($strGUID, $i, 2);
-            }
-        }
-        
-        return $octet_str;
-    }
-    
-    /**
-    * Convert a binary SID to a text SID
-    * 
-    * @param string $binsid A Binary SID
-    * @return string
-    */
-     public function getTextSID($binsid) {
-        $hex_sid = bin2hex($binsid);
-        $rev = hexdec(substr($hex_sid, 0, 2));
-        $subcount = hexdec(substr($hex_sid, 2, 2));
-        $auth = hexdec(substr($hex_sid, 4, 12));
-        $result = "$rev-$auth";
-
-        for ($x=0;$x < $subcount; $x++) {
-            $subauth[$x] =
-                hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
-                $result .= "-" . $subauth[$x];
-        }
-
-        // Cheat by tacking on the S-
-        return 'S-' . $result;
-     }
-     
-    /**
-    * Converts a little-endian hex number to one that hexdec() can convert
-    * 
-    * @param string $hex A hex code
-    * @return string
-    */
-     public function littleEndian($hex) 
-     {
-        $result = '';
-        for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
-            $result .= substr($hex, $x, 2);
-        }
-        return $result;
-     }
-     
-     /**
-    * Converts a binary attribute to a string
-    * 
-    * @param string $bin A binary LDAP attribute
-    * @return string
-    */
-    public function binaryToText($bin) 
-    {
-        $hex_guid = bin2hex($bin); 
-        $hex_guid_to_guid_str = ''; 
-        for($k = 1; $k <= 4; ++$k) { 
-            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); 
-        } 
-        $hex_guid_to_guid_str .= '-'; 
-        for($k = 1; $k <= 2; ++$k) { 
-            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); 
-        } 
-        $hex_guid_to_guid_str .= '-'; 
-        for($k = 1; $k <= 2; ++$k) { 
-            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); 
-        } 
-        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); 
-        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); 
-        return strtoupper($hex_guid_to_guid_str);   
-    }
-    
-    /**
-    * Converts a binary GUID to a string GUID
-    * 
-    * @param string $binaryGuid The binary GUID attribute to convert
-    * @return string
-    */
-    public function decodeGuid($binaryGuid) 
-    {
-        if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
-        
-        $strGUID = $this->binaryToText($binaryGuid);          
-        return $strGUID; 
-    }
-    
-    /**
-    * Convert a boolean value to a string
-    * You should never need to call this yourself
-    *
-    * @param bool $bool Boolean value
-    * @return string
-    */
-    public function boolToStr($bool) 
-    {
-        return ($bool) ? 'TRUE' : 'FALSE';
-    }
-    
-    /**
-    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
-    */
-    public function encode8Bit(&$item, $key) {
-        $encode = false;
-        if (is_string($item)) {
-            for ($i=0; $i> 7) {
-                    $encode = true;
-                }
-            }
-        }
-        if ($encode === true && $key != 'password') {
-            $item = utf8_encode($item);   
-        }
-    }  
-    
-    /**
-    * Get the current class version number
-    * 
-    * @return string
-    */
-    public function getVersion() {
-        return self::ADLDAP_VERSION;
-    }
-    
-    /**
-    * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
-    * 
-    * @param long $windowsTime
-    * @return long $unixTime
-    */
-    public static function convertWindowsTimeToUnixTime($windowsTime) {
-      $unixTime = round($windowsTime / 10000000) - 11644477200; 
-      return $unixTime; 
-    }
-}
-
+adldap = $adldap;
+    }
+    
+    
+    /**
+    * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+    *
+    * @param array $groups
+    * @return array
+    */
+    public function niceNames($groups)
+    {
+
+        $groupArray = array();
+        for ($i=0; $i<$groups["count"]; $i++){ // For each group
+            $line = $groups[$i];
+            
+            if (strlen($line)>0) { 
+                // More presumptions, they're all prefixed with CN=
+                // so we ditch the first three characters and the group
+                // name goes up to the first comma
+                $bits=explode(",", $line);
+                $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+            }
+        }
+        return $groupArray;    
+    }
+    
+    /**
+    * Escape characters for use in an ldap_create function
+    * 
+    * @param string $str
+    * @return string
+    */
+    public function escapeCharacters($str) {
+        $str = str_replace(",", "\,", $str);
+        return $str;
+    }
+    
+    /**
+    * Escape strings for the use in LDAP filters
+    * 
+    * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+    * Ported from Perl's Net::LDAP::Util escape_filter_value
+    *
+    * @param string $str The string the parse
+    * @author Port by Andreas Gohr 
+    * @return string
+    */
+    public function ldapSlashes($str){
+        return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $str);
+    }
+    
+    /**
+    * Converts a string GUID to a hexdecimal value so it can be queried
+    * 
+    * @param string $strGUID A string representation of a GUID
+    * @return string
+    */
+    public function strGuidToHex($strGUID) 
+    {
+        $strGUID = str_replace('-', '', $strGUID);
+
+        $octet_str = '\\' . substr($strGUID, 6, 2);
+        $octet_str .= '\\' . substr($strGUID, 4, 2);
+        $octet_str .= '\\' . substr($strGUID, 2, 2);
+        $octet_str .= '\\' . substr($strGUID, 0, 2);
+        $octet_str .= '\\' . substr($strGUID, 10, 2);
+        $octet_str .= '\\' . substr($strGUID, 8, 2);
+        $octet_str .= '\\' . substr($strGUID, 14, 2);
+        $octet_str .= '\\' . substr($strGUID, 12, 2);
+        //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+        for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+            if (($i % 2) == 0) {
+                $octet_str .= '\\' . substr($strGUID, $i, 2);
+            }
+        }
+        
+        return $octet_str;
+    }
+    
+    /**
+    * Convert a binary SID to a text SID
+    * 
+    * @param string $binsid A Binary SID
+    * @return string
+    */
+     public function getTextSID($binsid) {
+        $hex_sid = bin2hex($binsid);
+        $rev = hexdec(substr($hex_sid, 0, 2));
+        $subcount = hexdec(substr($hex_sid, 2, 2));
+        $auth = hexdec(substr($hex_sid, 4, 12));
+        $result = "$rev-$auth";
+
+        for ($x=0;$x < $subcount; $x++) {
+            $subauth[$x] =
+                hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+                $result .= "-" . $subauth[$x];
+        }
+
+        // Cheat by tacking on the S-
+        return 'S-' . $result;
+     }
+     
+    /**
+    * Converts a little-endian hex number to one that hexdec() can convert
+    * 
+    * @param string $hex A hex code
+    * @return string
+    */
+     public function littleEndian($hex) 
+     {
+        $result = '';
+        for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+            $result .= substr($hex, $x, 2);
+        }
+        return $result;
+     }
+     
+     /**
+    * Converts a binary attribute to a string
+    * 
+    * @param string $bin A binary LDAP attribute
+    * @return string
+    */
+    public function binaryToText($bin) 
+    {
+        $hex_guid = bin2hex($bin); 
+        $hex_guid_to_guid_str = ''; 
+        for($k = 1; $k <= 4; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); 
+        return strtoupper($hex_guid_to_guid_str);   
+    }
+    
+    /**
+    * Converts a binary GUID to a string GUID
+    * 
+    * @param string $binaryGuid The binary GUID attribute to convert
+    * @return string
+    */
+    public function decodeGuid($binaryGuid) 
+    {
+        if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+        
+        $strGUID = $this->binaryToText($binaryGuid);          
+        return $strGUID; 
+    }
+    
+    /**
+    * Convert a boolean value to a string
+    * You should never need to call this yourself
+    *
+    * @param bool $bool Boolean value
+    * @return string
+    */
+    public function boolToStr($bool) 
+    {
+        return ($bool) ? 'TRUE' : 'FALSE';
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    public function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }  
+    
+    /**
+    * Get the current class version number
+    * 
+    * @return string
+    */
+    public function getVersion() {
+        return self::ADLDAP_VERSION;
+    }
+    
+    /**
+    * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+    * 
+    * @param long $windowsTime
+    * @return long $unixTime
+    */
+    public static function convertWindowsTimeToUnixTime($windowsTime) {
+      $unixTime = round($windowsTime / 10000000) - 11644477200; 
+      return $unixTime; 
+    }
+}
+
 ?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
index c0a2eb2fa..433d39f18 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
@@ -1,137 +1,137 @@
-setInfo($info);   
-        $this->adldap = $adldap;
-    }
-    
-    /**
-    * Set the raw info array from Active Directory
-    * 
-    * @param array $info
-    */
-    public function setInfo(array $info) 
-    {
-        if ($this->info && sizeof($info) >= 1) {
-            unset($this->info);
-        }
-        $this->info = $info;   
-    }
-    
-    /**
-    * Magic get method to retrieve data from the raw array in a formatted way
-    * 
-    * @param string $attribute
-    * @return mixed
-    */
-    public function __get($attribute)
-    {
-        if (isset($this->info[0]) && is_array($this->info[0])) {
-            foreach ($this->info[0] as $keyAttr => $valueAttr) {
-                if (strtolower($keyAttr) == strtolower($attribute)) {
-                    if ($this->info[0][strtolower($attribute)]['count'] == 1) {
-                        return $this->info[0][strtolower($attribute)][0];   
-                    }
-                    else {
-                        $array = array();
-                        foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
-                            if ((string)$key != 'count') {
-                                $array[$key] = $value;
-                            } 
-                        }  
-                        return $array;   
-                    }
-                }   
-            }
-        }
-        else {
-            return NULL;   
-        }
-    }    
-    
-    /**
-    * Magic set method to update an attribute
-    * 
-    * @param string $attribute
-    * @param string $value
-    * @return bool
-    */
-    abstract public function __set($attribute, $value);
-    
-    /** 
-    * Magic isset method to check for the existence of an attribute 
-    * 
-    * @param string $attribute 
-    * @return bool 
-    */ 
-    public function __isset($attribute) {
-        if (isset($this->info[0]) && is_array($this->info[0])) { 
-            foreach ($this->info[0] as $keyAttr => $valueAttr) { 
-                if (strtolower($keyAttr) == strtolower($attribute)) { 
-                    return true; 
-                } 
-            } 
-        } 
-        return false; 
-     } 
-}
-?>
+setInfo($info);   
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Set the raw info array from Active Directory
+    * 
+    * @param array $info
+    */
+    public function setInfo(array $info) 
+    {
+        if ($this->info && sizeof($info) >= 1) {
+            unset($this->info);
+        }
+        $this->info = $info;   
+    }
+    
+    /**
+    * Magic get method to retrieve data from the raw array in a formatted way
+    * 
+    * @param string $attribute
+    * @return mixed
+    */
+    public function __get($attribute)
+    {
+        if (isset($this->info[0]) && is_array($this->info[0])) {
+            foreach ($this->info[0] as $keyAttr => $valueAttr) {
+                if (strtolower($keyAttr) == strtolower($attribute)) {
+                    if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+                        return $this->info[0][strtolower($attribute)][0];   
+                    }
+                    else {
+                        $array = array();
+                        foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+                            if ((string)$key != 'count') {
+                                $array[$key] = $value;
+                            } 
+                        }  
+                        return $array;   
+                    }
+                }   
+            }
+        }
+        else {
+            return NULL;   
+        }
+    }    
+    
+    /**
+    * Magic set method to update an attribute
+    * 
+    * @param string $attribute
+    * @param string $value
+    * @return bool
+    */
+    abstract public function __set($attribute, $value);
+    
+    /** 
+    * Magic isset method to check for the existence of an attribute 
+    * 
+    * @param string $attribute 
+    * @return bool 
+    */ 
+    public function __isset($attribute) {
+        if (isset($this->info[0]) && is_array($this->info[0])) { 
+            foreach ($this->info[0] as $keyAttr => $valueAttr) { 
+                if (strtolower($keyAttr) == strtolower($attribute)) { 
+                    return true; 
+                } 
+            } 
+        } 
+        return false; 
+     } 
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
index 4f11d8f41..09f82cadc 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
@@ -1,46 +1,46 @@
-
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
index d42fe6d4c..a9efad5a9 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
@@ -1,46 +1,46 @@
-
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
index cff12fc20..ef4af8df2 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
@@ -1,46 +1,46 @@
-
+
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
index 801d90296..63fce5f96 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
@@ -1,46 +1,46 @@
-
+
diff --git a/lib/scripts/jquery/jquery-migrate.js b/lib/scripts/jquery/jquery-migrate.js
index e99f954e6..942cb8b4d 100644
--- a/lib/scripts/jquery/jquery-migrate.js
+++ b/lib/scripts/jquery/jquery-migrate.js
@@ -1,511 +1,511 @@
-/*!
- * jQuery Migrate - v1.1.1 - 2013-02-16
- * https://github.com/jquery/jquery-migrate
- * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors; Licensed MIT
- */
-(function( jQuery, window, undefined ) {
-// See http://bugs.jquery.com/ticket/13335
-// "use strict";
-
-
-var warnedAbout = {};
-
-// List of warnings already given; public read only
-jQuery.migrateWarnings = [];
-
-// Set to true to prevent console output; migrateWarnings still maintained
-// jQuery.migrateMute = false;
-
-// Show a message on the console so devs know we're active
-if ( !jQuery.migrateMute && window.console && console.log ) {
-	console.log("JQMIGRATE: Logging is active");
-}
-
-// Set to false to disable traces that appear with warnings
-if ( jQuery.migrateTrace === undefined ) {
-	jQuery.migrateTrace = true;
-}
-
-// Forget any warnings we've already given; public
-jQuery.migrateReset = function() {
-	warnedAbout = {};
-	jQuery.migrateWarnings.length = 0;
-};
-
-function migrateWarn( msg) {
-	if ( !warnedAbout[ msg ] ) {
-		warnedAbout[ msg ] = true;
-		jQuery.migrateWarnings.push( msg );
-		if ( window.console && console.warn && !jQuery.migrateMute ) {
-			console.warn( "JQMIGRATE: " + msg );
-			if ( jQuery.migrateTrace && console.trace ) {
-				console.trace();
-			}
-		}
-	}
-}
-
-function migrateWarnProp( obj, prop, value, msg ) {
-	if ( Object.defineProperty ) {
-		// On ES5 browsers (non-oldIE), warn if the code tries to get prop;
-		// allow property to be overwritten in case some other plugin wants it
-		try {
-			Object.defineProperty( obj, prop, {
-				configurable: true,
-				enumerable: true,
-				get: function() {
-					migrateWarn( msg );
-					return value;
-				},
-				set: function( newValue ) {
-					migrateWarn( msg );
-					value = newValue;
-				}
-			});
-			return;
-		} catch( err ) {
-			// IE8 is a dope about Object.defineProperty, can't warn there
-		}
-	}
-
-	// Non-ES5 (or broken) browser; just set the property
-	jQuery._definePropertyBroken = true;
-	obj[ prop ] = value;
-}
-
-if ( document.compatMode === "BackCompat" ) {
-	// jQuery has never supported or tested Quirks Mode
-	migrateWarn( "jQuery is not compatible with Quirks Mode" );
-}
-
-
-var attrFn = jQuery( "", { size: 1 } ).attr("size") && jQuery.attrFn,
-	oldAttr = jQuery.attr,
-	valueAttrGet = jQuery.attrHooks.value && jQuery.attrHooks.value.get ||
-		function() { return null; },
-	valueAttrSet = jQuery.attrHooks.value && jQuery.attrHooks.value.set ||
-		function() { return undefined; },
-	rnoType = /^(?:input|button)$/i,
-	rnoAttrNodeType = /^[238]$/,
-	rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,
-	ruseDefault = /^(?:checked|selected)$/i;
-
-// jQuery.attrFn
-migrateWarnProp( jQuery, "attrFn", attrFn || {}, "jQuery.attrFn is deprecated" );
-
-jQuery.attr = function( elem, name, value, pass ) {
-	var lowerName = name.toLowerCase(),
-		nType = elem && elem.nodeType;
-
-	if ( pass ) {
-		// Since pass is used internally, we only warn for new jQuery
-		// versions where there isn't a pass arg in the formal params
-		if ( oldAttr.length < 4 ) {
-			migrateWarn("jQuery.fn.attr( props, pass ) is deprecated");
-		}
-		if ( elem && !rnoAttrNodeType.test( nType ) &&
-			(attrFn ? name in attrFn : jQuery.isFunction(jQuery.fn[name])) ) {
-			return jQuery( elem )[ name ]( value );
-		}
-	}
-
-	// Warn if user tries to set `type`, since it breaks on IE 6/7/8; by checking
-	// for disconnected elements we don't warn on $( "