From ccfec5606dae81e6524f6cfcdaca09d4cde7f111 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sat, 7 Dec 2013 23:10:05 +0000 Subject: crlf 2 lf whitespace fixes --- lib/plugins/authad/adLDAP/classes/adLDAPGroups.php | 1262 ++++++++++---------- 1 file changed, 631 insertions(+), 631 deletions(-) (limited to 'lib/plugins/authad/adLDAP/classes/adLDAPGroups.php') diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php index 05e4cc93b..94bc04853 100644 --- a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php +++ b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php @@ -1,631 +1,631 @@ -adldap = $adldap; - } - - /** - * Add a group to a group - * - * @param string $parent The parent group name - * @param string $child The child group name - * @return bool - */ - public function addGroup($parent,$child){ - - // Find the parent group's dn - $parentGroup = $this->ginfo($parent, array("cn")); - if ($parentGroup[0]["dn"] === NULL){ - return false; - } - $parentDn = $parentGroup[0]["dn"]; - - // Find the child group's dn - $childGroup = $this->info($child, array("cn")); - if ($childGroup[0]["dn"] === NULL){ - return false; - } - $childDn = $childGroup[0]["dn"]; - - $add = array(); - $add["member"] = $childDn; - - $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add); - if ($result == false) { - return false; - } - return true; - } - - /** - * Add a user to a group - * - * @param string $group The group to add the user to - * @param string $user The user to add to the group - * @param bool $isGUID Is the username passed a GUID or a samAccountName - * @return bool - */ - public function addUser($group, $user, $isGUID = false) - { - // Adding a user is a bit fiddly, we need to get the full DN of the user - // and add it using the full DN of the group - - // Find the user's dn - $userDn = $this->adldap->user()->dn($user, $isGUID); - if ($userDn === false) { - return false; - } - - // Find the group's dn - $groupInfo = $this->info($group, array("cn")); - if ($groupInfo[0]["dn"] === NULL) { - return false; - } - $groupDn = $groupInfo[0]["dn"]; - - $add = array(); - $add["member"] = $userDn; - - $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add); - if ($result == false) { - return false; - } - return true; - } - - /** - * Add a contact to a group - * - * @param string $group The group to add the contact to - * @param string $contactDn The DN of the contact to add - * @return bool - */ - public function addContact($group, $contactDn) - { - // To add a contact we take the contact's DN - // and add it using the full DN of the group - - // Find the group's dn - $groupInfo = $this->info($group, array("cn")); - if ($groupInfo[0]["dn"] === NULL) { - return false; - } - $groupDn = $groupInfo[0]["dn"]; - - $add = array(); - $add["member"] = $contactDn; - - $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add); - if ($result == false) { - return false; - } - return true; - } - - /** - * Create a group - * - * @param array $attributes Default attributes of the group - * @return bool - */ - public function create($attributes) - { - if (!is_array($attributes)){ return "Attributes must be an array"; } - if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; } - if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; } - if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; } - if (!is_array($attributes["container"])){ return "Container attribute must be an array."; } - $attributes["container"] = array_reverse($attributes["container"]); - - //$member_array = array(); - //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com"; - //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com"; - - $add = array(); - $add["cn"] = $attributes["group_name"]; - $add["samaccountname"] = $attributes["group_name"]; - $add["objectClass"] = "Group"; - $add["description"] = $attributes["description"]; - //$add["member"] = $member_array; UNTESTED - - $container = "OU=" . implode(",OU=", $attributes["container"]); - $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add); - if ($result != true) { - return false; - } - return true; - } - - /** - * Delete a group account - * - * @param string $group The group to delete (please be careful here!) - * - * @return array - */ - public function delete($group) { - if (!$this->adldap->getLdapBind()){ return false; } - if ($group === null){ return "Missing compulsory field [group]"; } - - $groupInfo = $this->info($group, array("*")); - $dn = $groupInfo[0]['distinguishedname'][0]; - $result = $this->adldap->folder()->delete($dn); - if ($result !== true) { - return false; - } return true; - } - - /** - * Remove a group from a group - * - * @param string $parent The parent group name - * @param string $child The child group name - * @return bool - */ - public function removeGroup($parent , $child) - { - - // Find the parent dn - $parentGroup = $this->info($parent, array("cn")); - if ($parentGroup[0]["dn"] === NULL) { - return false; - } - $parentDn = $parentGroup[0]["dn"]; - - // Find the child dn - $childGroup = $this->info($child, array("cn")); - if ($childGroup[0]["dn"] === NULL) { - return false; - } - $childDn = $childGroup[0]["dn"]; - - $del = array(); - $del["member"] = $childDn; - - $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del); - if ($result == false) { - return false; - } - return true; - } - - /** - * Remove a user from a group - * - * @param string $group The group to remove a user from - * @param string $user The AD user to remove from the group - * @param bool $isGUID Is the username passed a GUID or a samAccountName - * @return bool - */ - public function removeUser($group, $user, $isGUID = false) - { - - // Find the parent dn - $groupInfo = $this->info($group, array("cn")); - if ($groupInfo[0]["dn"] === NULL){ - return false; - } - $groupDn = $groupInfo[0]["dn"]; - - // Find the users dn - $userDn = $this->adldap->user()->dn($user, $isGUID); - if ($userDn === false) { - return false; - } - - $del = array(); - $del["member"] = $userDn; - - $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); - if ($result == false) { - return false; - } - return true; - } - - /** - * Remove a contact from a group - * - * @param string $group The group to remove a user from - * @param string $contactDn The DN of a contact to remove from the group - * @return bool - */ - public function removeContact($group, $contactDn) - { - - // Find the parent dn - $groupInfo = $this->info($group, array("cn")); - if ($groupInfo[0]["dn"] === NULL) { - return false; - } - $groupDn = $groupInfo[0]["dn"]; - - $del = array(); - $del["member"] = $contactDn; - - $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); - if ($result == false) { - return false; - } - return true; - } - - /** - * Return a list of groups in a group - * - * @param string $group The group to query - * @param bool $recursive Recursively get groups - * @return array - */ - public function inGroup($group, $recursive = NULL) - { - if (!$this->adldap->getLdapBind()){ return false; } - if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it - - // Search the directory for the members of a group - $info = $this->info($group, array("member","cn")); - $groups = $info[0]["member"]; - if (!is_array($groups)) { - return false; - } - - $groupArray = array(); - - for ($i=0; $i<$groups["count"]; $i++){ - $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))"; - $fields = array("samaccountname", "distinguishedname", "objectClass"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - // not a person, look for a group - if ($entries['count'] == 0 && $recursive == true) { - $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))"; - $fields = array("distinguishedname"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - if (!isset($entries[0]['distinguishedname'][0])) { - continue; - } - $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive); - if (is_array($subGroups)) { - $groupArray = array_merge($groupArray, $subGroups); - $groupArray = array_unique($groupArray); - } - continue; - } - - $groupArray[] = $entries[0]['distinguishedname'][0]; - } - return $groupArray; - } - - /** - * Return a list of members in a group - * - * @param string $group The group to query - * @param bool $recursive Recursively get group members - * @return array - */ - public function members($group, $recursive = NULL) - { - if (!$this->adldap->getLdapBind()){ return false; } - if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it - // Search the directory for the members of a group - $info = $this->info($group, array("member","cn")); - $users = $info[0]["member"]; - if (!is_array($users)) { - return false; - } - - $userArray = array(); - - for ($i=0; $i<$users["count"]; $i++){ - $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; - $fields = array("samaccountname", "distinguishedname", "objectClass"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - // not a person, look for a group - if ($entries['count'] == 0 && $recursive == true) { - $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; - $fields = array("samaccountname"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - if (!isset($entries[0]['samaccountname'][0])) { - continue; - } - $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive); - if (is_array($subUsers)) { - $userArray = array_merge($userArray, $subUsers); - $userArray = array_unique($userArray); - } - continue; - } - else if ($entries['count'] == 0) { - continue; - } - - if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) { - $userArray[] = $entries[0]['distinguishedname'][0]; - } - else if ($entries[0]['samaccountname'][0] !== NULL) { - $userArray[] = $entries[0]['samaccountname'][0]; - } - } - return $userArray; - } - - /** - * Group Information. Returns an array of raw information about a group. - * The group name is case sensitive - * - * @param string $groupName The group name to retrieve info about - * @param array $fields Fields to retrieve - * @return array - */ - public function info($groupName, $fields = NULL) - { - if ($groupName === NULL) { return false; } - if (!$this->adldap->getLdapBind()) { return false; } - - if (stristr($groupName, '+')) { - $groupName = stripslashes($groupName); - } - - $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))"; - if ($fields === NULL) { - $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); - } - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - return $entries; - } - - /** - * Group Information. Returns an collection - * The group name is case sensitive - * - * @param string $groupName The group name to retrieve info about - * @param array $fields Fields to retrieve - * @return adLDAPGroupCollection - */ - public function infoCollection($groupName, $fields = NULL) - { - if ($groupName === NULL) { return false; } - if (!$this->adldap->getLdapBind()) { return false; } - - $info = $this->info($groupName, $fields); - if ($info !== false) { - $collection = new adLDAPGroupCollection($info, $this->adldap); - return $collection; - } - return false; - } - - /** - * Return a complete list of "groups in groups" - * - * @param string $group The group to get the list from - * @return array - */ - public function recursiveGroups($group) - { - if ($group === NULL) { return false; } - - $stack = array(); - $processed = array(); - $retGroups = array(); - - array_push($stack, $group); // Initial Group to Start with - while (count($stack) > 0) { - $parent = array_pop($stack); - array_push($processed, $parent); - - $info = $this->info($parent, array("memberof")); - - if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) { - $groups = $info[0]["memberof"]; - if ($groups) { - $groupNames = $this->adldap->utilities()->niceNames($groups); - $retGroups = array_merge($retGroups, $groupNames); //final groups to return - foreach ($groupNames as $id => $groupName) { - if (!in_array($groupName, $processed)) { - array_push($stack, $groupName); - } - } - } - } - } - - return $retGroups; - } - - /** - * Returns a complete list of the groups in AD based on a SAM Account Type - * - * @param string $sAMAaccountType The account type to return - * @param bool $includeDescription Whether to return a description - * @param string $search Search parameters - * @param bool $sorted Whether to sort the results - * @return array - */ - public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) { - if (!$this->adldap->getLdapBind()) { return false; } - - $filter = '(&(objectCategory=group)'; - if ($sAMAaccountType !== null) { - $filter .= '(samaccounttype='. $sAMAaccountType .')'; - } - $filter .= '(cn=' . $search . '))'; - // Perform the search and grab all their details - $fields = array("samaccountname", "description"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - $groupsArray = array(); - for ($i=0; $i<$entries["count"]; $i++){ - if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) { - $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0]; - } - else if ($includeDescription){ - $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0]; - } - else { - array_push($groupsArray, $entries[$i]["samaccountname"][0]); - } - } - if ($sorted) { - asort($groupsArray); - } - return $groupsArray; - } - - /** - * Returns a complete list of all groups in AD - * - * @param bool $includeDescription Whether to return a description - * @param string $search Search parameters - * @param bool $sorted Whether to sort the results - * @return array - */ - public function all($includeDescription = false, $search = "*", $sorted = true){ - $groupsArray = $this->search(null, $includeDescription, $search, $sorted); - return $groupsArray; - } - - /** - * Returns a complete list of security groups in AD - * - * @param bool $includeDescription Whether to return a description - * @param string $search Search parameters - * @param bool $sorted Whether to sort the results - * @return array - */ - public function allSecurity($includeDescription = false, $search = "*", $sorted = true){ - $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted); - return $groupsArray; - } - - /** - * Returns a complete list of distribution lists in AD - * - * @param bool $includeDescription Whether to return a description - * @param string $search Search parameters - * @param bool $sorted Whether to sort the results - * @return array - */ - public function allDistribution($includeDescription = false, $search = "*", $sorted = true){ - $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted); - return $groupsArray; - } - - /** - * Coping with AD not returning the primary group - * http://support.microsoft.com/?kbid=321360 - * - * This is a re-write based on code submitted by Bruce which prevents the - * need to search each security group to find the true primary group - * - * @param string $gid Group ID - * @param string $usersid User's Object SID - * @return mixed - */ - public function getPrimaryGroup($gid, $usersid) - { - if ($gid === NULL || $usersid === NULL) { return false; } - $sr = false; - - $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4); - $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')'; - $fields = array("samaccountname","distinguishedname"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - if (isset($entries[0]['distinguishedname'][0])) { - return $entries[0]['distinguishedname'][0]; - } - return false; - } - - /** - * Coping with AD not returning the primary group - * http://support.microsoft.com/?kbid=321360 - * - * For some reason it's not possible to search on primarygrouptoken=XXX - * If someone can show otherwise, I'd like to know about it :) - * this way is resource intensive and generally a pain in the @#%^ - * - * @deprecated deprecated since version 3.1, see get get_primary_group - * @param string $gid Group ID - * @return string - */ - public function cn($gid){ - if ($gid === NULL) { return false; } - $sr = false; - $r = ''; - - $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))"; - $fields = array("primarygrouptoken", "samaccountname", "distinguishedname"); - $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); - $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); - - for ($i=0; $i<$entries["count"]; $i++){ - if ($entries[$i]["primarygrouptoken"][0] == $gid) { - $r = $entries[$i]["distinguishedname"][0]; - $i = $entries["count"]; - } - } - - return $r; - } -} -?> +adldap = $adldap; + } + + /** + * Add a group to a group + * + * @param string $parent The parent group name + * @param string $child The child group name + * @return bool + */ + public function addGroup($parent,$child){ + + // Find the parent group's dn + $parentGroup = $this->ginfo($parent, array("cn")); + if ($parentGroup[0]["dn"] === NULL){ + return false; + } + $parentDn = $parentGroup[0]["dn"]; + + // Find the child group's dn + $childGroup = $this->info($child, array("cn")); + if ($childGroup[0]["dn"] === NULL){ + return false; + } + $childDn = $childGroup[0]["dn"]; + + $add = array(); + $add["member"] = $childDn; + + $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add); + if ($result == false) { + return false; + } + return true; + } + + /** + * Add a user to a group + * + * @param string $group The group to add the user to + * @param string $user The user to add to the group + * @param bool $isGUID Is the username passed a GUID or a samAccountName + * @return bool + */ + public function addUser($group, $user, $isGUID = false) + { + // Adding a user is a bit fiddly, we need to get the full DN of the user + // and add it using the full DN of the group + + // Find the user's dn + $userDn = $this->adldap->user()->dn($user, $isGUID); + if ($userDn === false) { + return false; + } + + // Find the group's dn + $groupInfo = $this->info($group, array("cn")); + if ($groupInfo[0]["dn"] === NULL) { + return false; + } + $groupDn = $groupInfo[0]["dn"]; + + $add = array(); + $add["member"] = $userDn; + + $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add); + if ($result == false) { + return false; + } + return true; + } + + /** + * Add a contact to a group + * + * @param string $group The group to add the contact to + * @param string $contactDn The DN of the contact to add + * @return bool + */ + public function addContact($group, $contactDn) + { + // To add a contact we take the contact's DN + // and add it using the full DN of the group + + // Find the group's dn + $groupInfo = $this->info($group, array("cn")); + if ($groupInfo[0]["dn"] === NULL) { + return false; + } + $groupDn = $groupInfo[0]["dn"]; + + $add = array(); + $add["member"] = $contactDn; + + $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add); + if ($result == false) { + return false; + } + return true; + } + + /** + * Create a group + * + * @param array $attributes Default attributes of the group + * @return bool + */ + public function create($attributes) + { + if (!is_array($attributes)){ return "Attributes must be an array"; } + if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; } + if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; } + if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; } + if (!is_array($attributes["container"])){ return "Container attribute must be an array."; } + $attributes["container"] = array_reverse($attributes["container"]); + + //$member_array = array(); + //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com"; + //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com"; + + $add = array(); + $add["cn"] = $attributes["group_name"]; + $add["samaccountname"] = $attributes["group_name"]; + $add["objectClass"] = "Group"; + $add["description"] = $attributes["description"]; + //$add["member"] = $member_array; UNTESTED + + $container = "OU=" . implode(",OU=", $attributes["container"]); + $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add); + if ($result != true) { + return false; + } + return true; + } + + /** + * Delete a group account + * + * @param string $group The group to delete (please be careful here!) + * + * @return array + */ + public function delete($group) { + if (!$this->adldap->getLdapBind()){ return false; } + if ($group === null){ return "Missing compulsory field [group]"; } + + $groupInfo = $this->info($group, array("*")); + $dn = $groupInfo[0]['distinguishedname'][0]; + $result = $this->adldap->folder()->delete($dn); + if ($result !== true) { + return false; + } return true; + } + + /** + * Remove a group from a group + * + * @param string $parent The parent group name + * @param string $child The child group name + * @return bool + */ + public function removeGroup($parent , $child) + { + + // Find the parent dn + $parentGroup = $this->info($parent, array("cn")); + if ($parentGroup[0]["dn"] === NULL) { + return false; + } + $parentDn = $parentGroup[0]["dn"]; + + // Find the child dn + $childGroup = $this->info($child, array("cn")); + if ($childGroup[0]["dn"] === NULL) { + return false; + } + $childDn = $childGroup[0]["dn"]; + + $del = array(); + $del["member"] = $childDn; + + $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del); + if ($result == false) { + return false; + } + return true; + } + + /** + * Remove a user from a group + * + * @param string $group The group to remove a user from + * @param string $user The AD user to remove from the group + * @param bool $isGUID Is the username passed a GUID or a samAccountName + * @return bool + */ + public function removeUser($group, $user, $isGUID = false) + { + + // Find the parent dn + $groupInfo = $this->info($group, array("cn")); + if ($groupInfo[0]["dn"] === NULL){ + return false; + } + $groupDn = $groupInfo[0]["dn"]; + + // Find the users dn + $userDn = $this->adldap->user()->dn($user, $isGUID); + if ($userDn === false) { + return false; + } + + $del = array(); + $del["member"] = $userDn; + + $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); + if ($result == false) { + return false; + } + return true; + } + + /** + * Remove a contact from a group + * + * @param string $group The group to remove a user from + * @param string $contactDn The DN of a contact to remove from the group + * @return bool + */ + public function removeContact($group, $contactDn) + { + + // Find the parent dn + $groupInfo = $this->info($group, array("cn")); + if ($groupInfo[0]["dn"] === NULL) { + return false; + } + $groupDn = $groupInfo[0]["dn"]; + + $del = array(); + $del["member"] = $contactDn; + + $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del); + if ($result == false) { + return false; + } + return true; + } + + /** + * Return a list of groups in a group + * + * @param string $group The group to query + * @param bool $recursive Recursively get groups + * @return array + */ + public function inGroup($group, $recursive = NULL) + { + if (!$this->adldap->getLdapBind()){ return false; } + if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it + + // Search the directory for the members of a group + $info = $this->info($group, array("member","cn")); + $groups = $info[0]["member"]; + if (!is_array($groups)) { + return false; + } + + $groupArray = array(); + + for ($i=0; $i<$groups["count"]; $i++){ + $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))"; + $fields = array("samaccountname", "distinguishedname", "objectClass"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + // not a person, look for a group + if ($entries['count'] == 0 && $recursive == true) { + $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))"; + $fields = array("distinguishedname"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + if (!isset($entries[0]['distinguishedname'][0])) { + continue; + } + $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive); + if (is_array($subGroups)) { + $groupArray = array_merge($groupArray, $subGroups); + $groupArray = array_unique($groupArray); + } + continue; + } + + $groupArray[] = $entries[0]['distinguishedname'][0]; + } + return $groupArray; + } + + /** + * Return a list of members in a group + * + * @param string $group The group to query + * @param bool $recursive Recursively get group members + * @return array + */ + public function members($group, $recursive = NULL) + { + if (!$this->adldap->getLdapBind()){ return false; } + if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it + // Search the directory for the members of a group + $info = $this->info($group, array("member","cn")); + $users = $info[0]["member"]; + if (!is_array($users)) { + return false; + } + + $userArray = array(); + + for ($i=0; $i<$users["count"]; $i++){ + $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; + $fields = array("samaccountname", "distinguishedname", "objectClass"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + // not a person, look for a group + if ($entries['count'] == 0 && $recursive == true) { + $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))"; + $fields = array("samaccountname"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + if (!isset($entries[0]['samaccountname'][0])) { + continue; + } + $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive); + if (is_array($subUsers)) { + $userArray = array_merge($userArray, $subUsers); + $userArray = array_unique($userArray); + } + continue; + } + else if ($entries['count'] == 0) { + continue; + } + + if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) { + $userArray[] = $entries[0]['distinguishedname'][0]; + } + else if ($entries[0]['samaccountname'][0] !== NULL) { + $userArray[] = $entries[0]['samaccountname'][0]; + } + } + return $userArray; + } + + /** + * Group Information. Returns an array of raw information about a group. + * The group name is case sensitive + * + * @param string $groupName The group name to retrieve info about + * @param array $fields Fields to retrieve + * @return array + */ + public function info($groupName, $fields = NULL) + { + if ($groupName === NULL) { return false; } + if (!$this->adldap->getLdapBind()) { return false; } + + if (stristr($groupName, '+')) { + $groupName = stripslashes($groupName); + } + + $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))"; + if ($fields === NULL) { + $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); + } + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + return $entries; + } + + /** + * Group Information. Returns an collection + * The group name is case sensitive + * + * @param string $groupName The group name to retrieve info about + * @param array $fields Fields to retrieve + * @return adLDAPGroupCollection + */ + public function infoCollection($groupName, $fields = NULL) + { + if ($groupName === NULL) { return false; } + if (!$this->adldap->getLdapBind()) { return false; } + + $info = $this->info($groupName, $fields); + if ($info !== false) { + $collection = new adLDAPGroupCollection($info, $this->adldap); + return $collection; + } + return false; + } + + /** + * Return a complete list of "groups in groups" + * + * @param string $group The group to get the list from + * @return array + */ + public function recursiveGroups($group) + { + if ($group === NULL) { return false; } + + $stack = array(); + $processed = array(); + $retGroups = array(); + + array_push($stack, $group); // Initial Group to Start with + while (count($stack) > 0) { + $parent = array_pop($stack); + array_push($processed, $parent); + + $info = $this->info($parent, array("memberof")); + + if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) { + $groups = $info[0]["memberof"]; + if ($groups) { + $groupNames = $this->adldap->utilities()->niceNames($groups); + $retGroups = array_merge($retGroups, $groupNames); //final groups to return + foreach ($groupNames as $id => $groupName) { + if (!in_array($groupName, $processed)) { + array_push($stack, $groupName); + } + } + } + } + } + + return $retGroups; + } + + /** + * Returns a complete list of the groups in AD based on a SAM Account Type + * + * @param string $sAMAaccountType The account type to return + * @param bool $includeDescription Whether to return a description + * @param string $search Search parameters + * @param bool $sorted Whether to sort the results + * @return array + */ + public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) { + if (!$this->adldap->getLdapBind()) { return false; } + + $filter = '(&(objectCategory=group)'; + if ($sAMAaccountType !== null) { + $filter .= '(samaccounttype='. $sAMAaccountType .')'; + } + $filter .= '(cn=' . $search . '))'; + // Perform the search and grab all their details + $fields = array("samaccountname", "description"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + $groupsArray = array(); + for ($i=0; $i<$entries["count"]; $i++){ + if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) { + $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0]; + } + else if ($includeDescription){ + $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0]; + } + else { + array_push($groupsArray, $entries[$i]["samaccountname"][0]); + } + } + if ($sorted) { + asort($groupsArray); + } + return $groupsArray; + } + + /** + * Returns a complete list of all groups in AD + * + * @param bool $includeDescription Whether to return a description + * @param string $search Search parameters + * @param bool $sorted Whether to sort the results + * @return array + */ + public function all($includeDescription = false, $search = "*", $sorted = true){ + $groupsArray = $this->search(null, $includeDescription, $search, $sorted); + return $groupsArray; + } + + /** + * Returns a complete list of security groups in AD + * + * @param bool $includeDescription Whether to return a description + * @param string $search Search parameters + * @param bool $sorted Whether to sort the results + * @return array + */ + public function allSecurity($includeDescription = false, $search = "*", $sorted = true){ + $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted); + return $groupsArray; + } + + /** + * Returns a complete list of distribution lists in AD + * + * @param bool $includeDescription Whether to return a description + * @param string $search Search parameters + * @param bool $sorted Whether to sort the results + * @return array + */ + public function allDistribution($includeDescription = false, $search = "*", $sorted = true){ + $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted); + return $groupsArray; + } + + /** + * Coping with AD not returning the primary group + * http://support.microsoft.com/?kbid=321360 + * + * This is a re-write based on code submitted by Bruce which prevents the + * need to search each security group to find the true primary group + * + * @param string $gid Group ID + * @param string $usersid User's Object SID + * @return mixed + */ + public function getPrimaryGroup($gid, $usersid) + { + if ($gid === NULL || $usersid === NULL) { return false; } + $sr = false; + + $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4); + $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')'; + $fields = array("samaccountname","distinguishedname"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + if (isset($entries[0]['distinguishedname'][0])) { + return $entries[0]['distinguishedname'][0]; + } + return false; + } + + /** + * Coping with AD not returning the primary group + * http://support.microsoft.com/?kbid=321360 + * + * For some reason it's not possible to search on primarygrouptoken=XXX + * If someone can show otherwise, I'd like to know about it :) + * this way is resource intensive and generally a pain in the @#%^ + * + * @deprecated deprecated since version 3.1, see get get_primary_group + * @param string $gid Group ID + * @return string + */ + public function cn($gid){ + if ($gid === NULL) { return false; } + $sr = false; + $r = ''; + + $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))"; + $fields = array("primarygrouptoken", "samaccountname", "distinguishedname"); + $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); + $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); + + for ($i=0; $i<$entries["count"]; $i++){ + if ($entries[$i]["primarygrouptoken"][0] == $gid) { + $r = $entries[$i]["distinguishedname"][0]; + $i = $entries["count"]; + } + } + + return $r; + } +} +?> -- cgit v1.2.3