-
Notifications
You must be signed in to change notification settings - Fork 5
/
ldap.php
129 lines (109 loc) · 4.21 KB
/
ldap.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
// IF YOU HAVE NOT DONE SO, PLEASE READ THE README FILE FOR DIRECTIONS!!!
/**
* OpenID-LDAP-PHP
* An open source PHP-based OpenID IdP package using LDAP as backend.
*
* By Zdravko Stoychev <zdravko (at) 5group (dot) com> aka Dako.
* Copyright 1996-2011 by 5Group & Co. http://www.5group.com/
* See LICENSE file for more details.
*/
/**
* Search for LDAP account by username. Populate $sreg if found
* string $username
*/
function find_ldap ($username) {
global $sreg, $ldap, $profile;
$no = "no";
$profile['user_found'] = false;
if ($username != "") {
$ds = ldap_connect($ldap['primary']) or $ds = ldap_connect($ldap['fallback']);
if ($ds) {
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,$ldap['protocol']);
if ($ldap['isad'] == true) ldap_set_option($ds,LDAP_OPT_REFERRALS,0);
$r = ldap_bind($ds,$ldap['binddn'],$ldap['password']);
$sr = ldap_search($ds,$ldap['searchdn'],sprintf($ldap['filter'],$username));
$info = ldap_get_entries($ds, $sr);
if ($info["count"] == 1) {
$no = "ok";
$profile['user_found'] = true;
if ($ldap['lookupcn'] == true) $profile['auth_cn'] = $info[0]['cn'][0];
if ($ldap['autodn'] == true) $ldap['testdn'] = $info['0']['dn'];
# Populate user information from LDAP - if (array_key_exists('keyname', $ldap))...
$sreg['nickname'] = $info[0][$ldap['nickname']][0];
$sreg['email'] = $info[0][$ldap['email']][0];
$values = is_array($ldap['fullname']) ? $ldap['fullname'] : array($ldap['fullname']);
$fullname = '';
foreach ($values as $vname) {
$aname = $info[0][$vname][0];
if ($aname != '') $fullname = ($fullname == '' ? $aname : $fullname . ' ' . $aname);
}
$sreg['fullname'] = $fullname;
$sreg['country'] = $info[0][$ldap['country']][0];
# Values not obtained from LDAP
$sreg['language'] = $ldap['def_language'];
$sreg['postcode'] = $ldap['def_postcode'];
$sreg['timezone'] = $ldap['def_timezone'];
}
ldap_close($ds);
}
}
return $no;
}
/**
* Perform LDAP bind test with provided username and password
* string $username, string $password
*/
function test_ldap ($username, $password) {
global $ldap;
$no = "no";
# Ignore empty password as well
if (($username != "") && ($password != "")) {
$ds = ldap_connect($ldap['primary']) or $ds = ldap_connect($ldap['fallback']);
if ($ds) {
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,$ldap['protocol']);
if ($ldap['isad'] == true) ldap_set_option($ds,LDAP_OPT_REFERRALS,0);
if ($ldap['autodn'] == true) {
if (ldap_bind($ds,$ldap['testdn'],$password)) $no = "ok";
} else {
if (ldap_bind($ds,sprintf($ldap['testdn'],$username),$password)) $no = "ok";
}
ldap_close($ds);
}
}
return $no;
}
/* notepad here:
... This was acheived with this stanza in slapd.conf
access to attr=userPassword
by self write
by anonymous auth
by * none
print "<p>Change password ";
if (ldap_mod_replace ($ldapconn, "uid=".$username.",dc=example,dc=com",
array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpass))) {
print "succeded"; } else { print "failed"; }
print ".</p>\n";
+ private String detectActiveDirectory( IRootDSE rootDSE )
+ {
+
+ String result = null;
+
+ // check active directory
+ IAttribute rdncAttribute = rootDSE.getAttribute( "rootDomainNamingContext" );
+ if ( rdncAttribute != null )
+ {
+ IAttribute ffAttribute = rootDSE.getAttribute( "forestFunctionality" );
+ if ( ffAttribute != null )
+ {
+ result = "Microsoft Active Directory 2003";
+ }
+ else
+ {
+ result = "Microsoft Active Directory 2000";
+ }
+ }
+
+ return result;
+ }
*/