2006-06-24 17:13:29 +02:00
< ? php
2011-10-24 08:59:14 +02:00
/* Copyright ( C ) 2004 Rodolphe Quiedeville < rodolphe @ quiedeville . org >
* Copyright ( C ) 2004 Benoit Mortier < benoit . mortier @ opensides . be >
2017-09-15 18:31:22 +02:00
* Copyright ( C ) 2005 - 2017 Regis Houssin < regis . houssin @ capnetworks . com >
2015-03-17 10:38:25 +01:00
* Copyright ( C ) 2006 - 2015 Laurent Destailleur < eldy @ users . sourceforge . net >
2006-06-24 17:13:29 +02:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
2013-01-16 15:36:08 +01:00
* the Free Software Foundation ; either version 3 of the License , or
2006-06-24 17:13:29 +02:00
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
2011-08-01 01:24:38 +02:00
* along with this program . If not , see < http :// www . gnu . org / licenses />.
2006-06-24 17:13:29 +02:00
* or see http :// www . gnu . org /
*/
/**
2011-10-24 08:53:26 +02:00
* \file htdocs / core / class / ldap . class . php
2010-07-21 13:57:52 +02:00
* \brief File of class to manage LDAP features
2008-12-09 21:14:04 +01:00
*/
2010-07-21 13:57:52 +02:00
/**
2015-03-17 10:38:25 +01:00
* Class to manage LDAP features
2010-07-21 13:57:52 +02:00
*/
2006-11-21 18:38:28 +01:00
class Ldap
{
2015-03-17 10:38:25 +01:00
var $error ;
2008-12-09 21:14:04 +01:00
/**
2010-07-21 13:57:52 +02:00
* Tableau des serveurs ( IP addresses ou nom d ' hotes )
2008-12-09 21:14:04 +01:00
*/
var $server = array ();
/**
* Base DN ( e . g . " dc=foo,dc=com " )
*/
var $dn ;
/**
* type de serveur , actuellement OpenLdap et Active Directory
*/
var $serverType ;
/**
* Version du protocole ldap
*/
var $domain ;
/**
* User administrateur Ldap
* Active Directory ne supporte pas les connexions anonymes
*/
var $searchUser ;
/**
* Mot de passe de l ' administrateur
* Active Directory ne supporte pas les connexions anonymes
*/
var $searchPassword ;
/**
* DN des utilisateurs
*/
var $people ;
/**
* DN des groupes
*/
var $groups ;
/**
2009-12-21 09:02:25 +01:00
* Code erreur retourne par le serveur Ldap
2008-12-09 21:14:04 +01:00
*/
var $ldapErrorCode ;
/**
* Message texte de l ' erreur
*/
var $ldapErrorText ;
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
//Fetch user
var $name ;
var $firstname ;
var $login ;
2015-03-17 10:38:25 +01:00
var $phone ;
2013-11-04 21:41:36 +01:00
var $skype ;
2008-12-09 21:14:04 +01:00
var $fax ;
var $mail ;
var $mobile ;
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
var $uacf ;
var $pwdlastset ;
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
var $ldapcharset = 'UTF-8' ; // LDAP should be UTF-8 encoded
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
/**
2017-10-07 13:09:31 +02:00
* The internal LDAP connection handle
*/
2008-12-09 21:14:04 +01:00
var $connection ;
/**
* Result of any connections etc .
*/
var $result ;
2006-06-24 17:13:29 +02:00
2011-09-11 20:35:38 +02:00
2008-12-09 21:14:04 +01:00
/**
2011-09-11 20:35:38 +02:00
* Constructor
2008-12-09 21:14:04 +01:00
*/
2011-10-24 08:59:14 +02:00
function __construct ()
2008-12-09 21:14:04 +01:00
{
global $conf ;
2006-11-21 18:38:28 +01:00
2015-10-30 19:16:02 +01:00
// Server
2012-09-15 10:01:35 +02:00
if ( ! empty ( $conf -> global -> LDAP_SERVER_HOST )) $this -> server [] = $conf -> global -> LDAP_SERVER_HOST ;
if ( ! empty ( $conf -> global -> LDAP_SERVER_HOST_SLAVE )) $this -> server [] = $conf -> global -> LDAP_SERVER_HOST_SLAVE ;
2008-12-09 21:14:04 +01:00
$this -> serverPort = $conf -> global -> LDAP_SERVER_PORT ;
$this -> ldapProtocolVersion = $conf -> global -> LDAP_SERVER_PROTOCOLVERSION ;
$this -> dn = $conf -> global -> LDAP_SERVER_DN ;
$this -> serverType = $conf -> global -> LDAP_SERVER_TYPE ;
$this -> domain = $conf -> global -> LDAP_SERVER_DN ;
$this -> searchUser = $conf -> global -> LDAP_ADMIN_DN ;
$this -> searchPassword = $conf -> global -> LDAP_ADMIN_PASS ;
$this -> people = $conf -> global -> LDAP_USER_DN ;
$this -> groups = $conf -> global -> LDAP_GROUP_DN ;
2015-10-30 19:16:02 +01:00
$this -> filter = $conf -> global -> LDAP_FILTER_CONNECTION ; // Filter on user
$this -> filtermember = $conf -> global -> LDAP_MEMBER_FILTER ; // Filter on member
2017-09-15 18:02:52 +02:00
2015-10-30 19:16:02 +01:00
// Users
2008-12-09 21:14:04 +01:00
$this -> attr_login = $conf -> global -> LDAP_FIELD_LOGIN ; //unix
$this -> attr_sambalogin = $conf -> global -> LDAP_FIELD_LOGIN_SAMBA ; //samba, activedirectory
$this -> attr_name = $conf -> global -> LDAP_FIELD_NAME ;
$this -> attr_firstname = $conf -> global -> LDAP_FIELD_FIRSTNAME ;
$this -> attr_mail = $conf -> global -> LDAP_FIELD_MAIL ;
$this -> attr_phone = $conf -> global -> LDAP_FIELD_PHONE ;
2014-04-27 14:16:29 +02:00
$this -> attr_skype = $conf -> global -> LDAP_FIELD_SKYPE ;
2008-12-09 21:14:04 +01:00
$this -> attr_fax = $conf -> global -> LDAP_FIELD_FAX ;
$this -> attr_mobile = $conf -> global -> LDAP_FIELD_MOBILE ;
}
2006-11-21 18:38:28 +01:00
2006-11-21 23:51:05 +01:00
2006-06-24 17:13:29 +02:00
2012-01-27 16:10:44 +01:00
// Connection handling methods -------------------------------------------
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Connect and bind
* Use this -> server , this -> serverPort , this -> ldapProtocolVersion , this -> serverType , this -> searchUser , this -> searchPassword
* After return , this -> connection and $this -> bind are defined
*
2012-03-12 15:09:46 +01:00
* @ return int < 0 if KO , 1 if bind anonymous , 2 if bind auth
2008-12-09 21:14:04 +01:00
*/
2006-11-21 23:51:05 +01:00
function connect_bind ()
{
2015-12-13 15:51:52 +01:00
global $langs , $conf ;
2006-11-21 23:51:05 +01:00
$connected = 0 ;
$this -> bind = 0 ;
2014-04-27 14:16:29 +02:00
// Check parameters
if ( count ( $this -> server ) == 0 || empty ( $this -> server [ 0 ]))
{
$this -> error = 'LDAP setup (file conf.php) is not complete' ;
dol_syslog ( get_class ( $this ) . " ::connect_bind " . $this -> error , LOG_WARNING );
2015-09-12 18:21:37 +02:00
return - 1 ;
2014-04-27 14:16:29 +02:00
}
2016-06-04 14:50:32 +02:00
if ( ! function_exists ( " ldap_connect " ))
2015-09-12 18:21:37 +02:00
{
2016-06-04 14:50:32 +02:00
$this -> error = 'LDAPFunctionsNotAvailableOnPHP' ;
2015-09-12 18:21:37 +02:00
dol_syslog ( get_class ( $this ) . " ::connect_bind " . $this -> error , LOG_WARNING );
2016-06-05 00:12:34 +02:00
$return =- 1 ;
2015-09-12 18:21:37 +02:00
}
2006-11-21 23:51:05 +01:00
2016-06-04 14:50:32 +02:00
if ( empty ( $this -> error ))
{
// Loop on each ldap server
foreach ( $this -> server as $key => $host )
2006-11-21 23:51:05 +01:00
{
2016-06-04 14:50:32 +02:00
if ( $connected ) break ;
if ( empty ( $host )) continue ;
2017-09-15 18:02:52 +02:00
2018-03-19 17:59:23 +01:00
if ( $this -> serverPing ( $host , $this -> serverPort ) === true ) {
$this -> connection = ldap_connect ( $host , $this -> serverPort );
2016-06-04 14:50:32 +02:00
}
2018-03-19 17:59:23 +01:00
else continue ;
2017-09-15 18:02:52 +02:00
2016-06-04 14:50:32 +02:00
if ( is_resource ( $this -> connection ))
{
2016-06-05 00:25:08 +02:00
// Begin TLS if requested by the configuration
2017-09-16 17:12:51 +02:00
if ( ! empty ( $conf -> global -> LDAP_SERVER_USE_TLS ))
{
if ( ! ldap_start_tls ( $this -> connection ))
{
dol_syslog ( get_class ( $this ) . " ::connect_bind failed to start tls " , LOG_WARNING );
$connected = 0 ;
$this -> close ();
}
}
2017-09-15 18:02:52 +02:00
2016-06-04 14:50:32 +02:00
// Execute the ldap_set_option here (after connect and before bind)
$this -> setVersion ();
ldap_set_option ( $this -> connection , LDAP_OPT_SIZELIMIT , 0 ); // no limit here. should return true.
2017-09-15 18:02:52 +02:00
2016-06-04 14:50:32 +02:00
if ( $this -> serverType == " activedirectory " )
2006-11-21 23:51:05 +01:00
{
2016-06-04 14:50:32 +02:00
$result = $this -> setReferrals ();
dol_syslog ( get_class ( $this ) . " ::connect_bind try bindauth for activedirectory on " . $host . " user= " . $this -> searchUser . " password= " . preg_replace ( '/./' , '*' , $this -> searchPassword ), LOG_DEBUG );
2007-05-29 17:04:59 +02:00
$this -> result = $this -> bindauth ( $this -> searchUser , $this -> searchPassword );
2007-05-29 16:58:32 +02:00
if ( $this -> result )
2006-11-21 23:51:05 +01:00
{
$this -> bind = $this -> result ;
$connected = 2 ;
break ;
}
else
{
$this -> error = ldap_errno ( $this -> connection ) . ' ' . ldap_error ( $this -> connection );
}
}
2016-06-04 14:50:32 +02:00
else
2006-11-21 23:51:05 +01:00
{
2016-06-04 14:50:32 +02:00
// Try in auth mode
if ( $this -> searchUser && $this -> searchPassword )
2006-11-21 23:51:05 +01:00
{
2016-06-04 14:50:32 +02:00
dol_syslog ( get_class ( $this ) . " ::connect_bind try bindauth on " . $host . " user= " . $this -> searchUser . " password= " . preg_replace ( '/./' , '*' , $this -> searchPassword ), LOG_DEBUG );
$this -> result = $this -> bindauth ( $this -> searchUser , $this -> searchPassword );
if ( $this -> result )
{
$this -> bind = $this -> result ;
$connected = 2 ;
break ;
}
else
{
$this -> error = ldap_errno ( $this -> connection ) . ' ' . ldap_error ( $this -> connection );
}
2006-11-21 23:51:05 +01:00
}
2016-06-04 14:50:32 +02:00
// Try in anonymous
if ( ! $this -> bind )
2006-11-21 23:51:05 +01:00
{
2016-06-04 14:50:32 +02:00
dol_syslog ( get_class ( $this ) . " ::connect_bind try bind on " . $host , LOG_DEBUG );
$result = $this -> bind ();
if ( $result )
{
$this -> bind = $this -> result ;
$connected = 1 ;
break ;
}
else
{
$this -> error = ldap_errno ( $this -> connection ) . ' ' . ldap_error ( $this -> connection );
}
2006-11-21 23:51:05 +01:00
}
}
}
2017-09-15 18:02:52 +02:00
2016-06-04 14:50:32 +02:00
if ( ! $connected ) $this -> close ();
2006-11-21 18:38:28 +01:00
}
2006-11-21 23:51:05 +01:00
}
2006-11-21 18:38:28 +01:00
2008-01-11 11:25:26 +01:00
if ( $connected )
{
$return = $connected ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::connect_bind return= " . $return , LOG_DEBUG );
2008-01-11 11:25:26 +01:00
}
else
{
2012-05-11 12:10:47 +02:00
$this -> error = 'Failed to connect to LDAP' . ( $this -> error ? ': ' . $this -> error : '' );
2008-01-11 11:25:26 +01:00
$return =- 1 ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::connect_bind return= " . $return . ' - ' . $this -> error , LOG_WARNING );
2008-01-11 11:25:26 +01:00
}
2006-11-21 23:51:05 +01:00
return $return ;
}
2006-11-21 18:38:28 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Simply closes the connection set up earlier .
2008-12-09 21:14:04 +01:00
* Returns true if OK , false if there was an error .
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ return boolean true or false
2008-12-09 21:14:04 +01:00
*/
function close ()
{
if ( $this -> connection && ! @ ldap_close ( $this -> connection ))
{
return false ;
}
else
{
return true ;
}
}
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Anonymously binds to the connection . After this is done ,
2008-12-09 21:14:04 +01:00
* queries and searches can be done - but read - only .
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ return boolean true or false
2008-12-09 21:14:04 +01:00
*/
function bind ()
{
if ( ! $this -> result =@ ldap_bind ( $this -> connection ))
{
$this -> ldapErrorCode = ldap_errno ( $this -> connection );
$this -> ldapErrorText = ldap_error ( $this -> connection );
$this -> error = $this -> ldapErrorCode . " " . $this -> ldapErrorText ;
return false ;
}
else
{
return true ;
}
}
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Binds as an authenticated user , which usually allows for write
2008-12-09 21:14:04 +01:00
* access . The FULL dn must be passed . For a directory manager , this is
* " cn=Directory Manager " under iPlanet . For a user , it will be something
* like " uid=jbloggs,ou=People,dc=foo,dc=com " .
2012-01-27 16:10:44 +01:00
*
* @ param string $bindDn DN
2012-03-19 17:18:11 +01:00
* @ param string $pass Password
2012-01-27 16:10:44 +01:00
* @ return boolean true or false
2008-12-09 21:14:04 +01:00
*/
function bindauth ( $bindDn , $pass )
{
2012-03-19 17:18:11 +01:00
if ( ! $this -> result = @ ldap_bind ( $this -> connection , $bindDn , $pass ))
2008-12-09 21:14:04 +01:00
{
$this -> ldapErrorCode = ldap_errno ( $this -> connection );
$this -> ldapErrorText = ldap_error ( $this -> connection );
$this -> error = $this -> ldapErrorCode . " " . $this -> ldapErrorText ;
return false ;
}
else
{
return true ;
}
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Unbind du serveur ldap .
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ return boolean true or false
2008-12-09 21:14:04 +01:00
*/
2006-11-21 23:51:05 +01:00
function unbind ()
{
if ( ! $this -> result =@ ldap_unbind ( $this -> connection ))
{
return false ;
} else {
return true ;
}
}
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Verification de la version du serveur ldap .
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ return string version
2008-12-09 21:14:04 +01:00
*/
function getVersion ()
{
$version = 0 ;
$version = @ ldap_get_option ( $this -> connection , LDAP_OPT_PROTOCOL_VERSION , $version );
return $version ;
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Change ldap protocol version to use .
2012-03-19 17:18:11 +01:00
*
2015-04-06 12:25:30 +02:00
* @ return boolean version
2008-12-09 21:14:04 +01:00
*/
function setVersion () {
2006-11-21 23:51:05 +01:00
// LDAP_OPT_PROTOCOL_VERSION est une constante qui vaut 17
2008-12-09 21:14:04 +01:00
$ldapsetversion = ldap_set_option ( $this -> connection , LDAP_OPT_PROTOCOL_VERSION , $this -> ldapProtocolVersion );
return $ldapsetversion ;
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* changement du referrals .
2012-03-19 17:18:11 +01:00
*
2015-04-06 12:25:30 +02:00
* @ return boolean referrals
2008-12-09 21:14:04 +01:00
*/
function setReferrals () {
2006-11-21 23:51:05 +01:00
// LDAP_OPT_REFERRALS est une constante qui vaut ?
2008-12-09 21:14:04 +01:00
$ldapreferrals = ldap_set_option ( $this -> connection , LDAP_OPT_REFERRALS , 0 );
return $ldapreferrals ;
}
2006-06-24 17:13:29 +02:00
2006-11-21 18:38:28 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Add a LDAP entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2017-10-04 11:22:41 +02:00
* @ param string $dn DN entry key
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ param User $user Objet user that create
2017-10-04 11:22:41 +02:00
* @ return int < 0 if KO , > 0 if OK
2008-12-09 21:14:04 +01:00
*/
2006-11-21 23:51:05 +01:00
function add ( $dn , $info , $user )
2006-11-18 22:59:10 +01:00
{
2006-11-19 05:56:10 +01:00
global $conf ;
2012-05-12 12:32:24 +02:00
dol_syslog ( get_class ( $this ) . " ::add dn= " . $dn . " info= " . join ( ',' , $info ));
2006-11-26 01:24:10 +01:00
2009-08-11 22:16:58 +02:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
2008-12-09 21:14:04 +01:00
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
2006-11-26 01:24:10 +01:00
foreach ( $info as $key => $val )
2006-11-19 05:56:10 +01:00
{
2008-12-09 21:14:04 +01:00
if ( ! is_array ( $val )) $info [ $key ] = $this -> convFromOutputCharset ( $val , $this -> ldapcharset );
2006-11-19 05:56:10 +01:00
}
2006-11-21 23:51:05 +01:00
2006-11-26 03:59:09 +01:00
$this -> dump ( $dn , $info );
2008-12-09 21:14:04 +01:00
2006-11-18 22:59:10 +01:00
//print_r($info);
$result =@ ldap_add ( $this -> connection , $dn , $info );
2006-11-26 08:00:14 +01:00
if ( $result )
{
2012-05-12 12:32:24 +02:00
dol_syslog ( get_class ( $this ) . " ::add successfull " , LOG_DEBUG );
2006-11-26 08:00:14 +01:00
return 1 ;
}
else
{
2015-03-17 10:38:25 +01:00
$this -> ldapErrorCode = @ ldap_errno ( $this -> connection );
$this -> ldapErrorText = @ ldap_error ( $this -> connection );
$this -> error = $this -> ldapErrorCode . " " . $this -> ldapErrorText ;
dol_syslog ( get_class ( $this ) . " ::add failed: " . $this -> error , LOG_ERR );
2006-11-26 08:00:14 +01:00
return - 1 ;
}
2006-11-18 22:59:10 +01:00
}
2009-08-11 22:16:58 +02:00
/**
2012-01-27 16:10:44 +01:00
* Modify a LDAP entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2017-10-04 11:22:41 +02:00
* @ param User $user Objet user that modify
2012-01-27 16:10:44 +01:00
* @ return int < 0 if KO , > 0 if OK
2009-08-11 22:16:58 +02:00
*/
function modify ( $dn , $info , $user )
{
global $conf ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::modify dn= " . $dn . " info= " . join ( ',' , $info ));
2009-08-11 22:16:58 +02:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
foreach ( $info as $key => $val )
{
if ( ! is_array ( $val )) $info [ $key ] = $this -> convFromOutputCharset ( $val , $this -> ldapcharset );
}
$this -> dump ( $dn , $info );
//print_r($info);
$result =@ ldap_modify ( $this -> connection , $dn , $info );
if ( $result )
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::modify successfull " , LOG_DEBUG );
2009-08-11 22:16:58 +02:00
return 1 ;
}
else
{
$this -> error =@ ldap_error ( $this -> connection );
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::modify failed: " . $this -> error , LOG_ERR );
2009-08-11 22:16:58 +02:00
return - 1 ;
}
}
2017-10-04 11:22:41 +02:00
/**
* Rename a LDAP entry
* Ldap object connect and bind must have been done
*
* @ param string $dn Old DN entry key ( uid = qqq , ou = xxx , dc = aaa , dc = bbb ) ( before update )
* @ param string $newrdn New RDN entry key ( uid = qqq )
* @ param string $newparent New parent ( ou = xxx , dc = aaa , dc = bbb )
* @ param User $user Objet user that modify
2018-04-16 13:51:16 +02:00
* @ param bool $deleteoldrdn If true the old RDN value ( s ) is removed , else the old RDN value ( s ) is retained as non - distinguished values of the entry .
2017-10-04 11:22:41 +02:00
* @ return int < 0 if KO , > 0 if OK
*/
2017-10-04 12:07:17 +02:00
function rename ( $dn , $newrdn , $newparent , $user , $deleteoldrdn = true )
2017-10-04 11:22:41 +02:00
{
global $conf ;
dol_syslog ( get_class ( $this ) . " ::modify dn= " . $dn . " newrdn= " . $newrdn . " newparent= " . $newparent . " deleteoldrdn= " . ( $deleteoldrdn ? 1 : 0 ));
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
$newrdn = $this -> convFromOutputCharset ( $newrdn , $this -> ldapcharset );
$newparent = $this -> convFromOutputCharset ( $newparent , $this -> ldapcharset );
//print_r($info);
$result =@ ldap_rename ( $this -> connection , $dn , $newrdn , $newparent , $deleteoldrdn );
if ( $result )
{
dol_syslog ( get_class ( $this ) . " ::rename successfull " , LOG_DEBUG );
return 1 ;
}
else
{
$this -> error =@ ldap_error ( $this -> connection );
dol_syslog ( get_class ( $this ) . " ::rename failed: " . $this -> error , LOG_ERR );
return - 1 ;
}
}
2009-08-11 22:16:58 +02:00
/**
2012-01-27 16:10:44 +01:00
* Modify a LDAP entry ( to use if dn != olddn )
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2017-10-04 11:22:41 +02:00
* @ param string $dn DN entry key
* @ param array $info Attributes array
* @ param User $user Objet user that update
* @ param string $olddn Old DN entry key ( before update )
* @ param string $newrdn New RDN entry key ( uid = qqq ) ( for ldap_rename )
* @ param string $newparent New parent ( ou = xxx , dc = aaa , dc = bbb ) ( for ldap_rename )
* @ return int < 0 if KO , > 0 if OK
2009-08-11 22:16:58 +02:00
*/
2017-10-04 11:22:41 +02:00
function update ( $dn , $info , $user , $olddn , $newrdn = false , $newparent = false )
2009-08-11 22:16:58 +02:00
{
global $conf ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::update dn= " . $dn . " olddn= " . $olddn );
2009-08-11 22:16:58 +02:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
if ( ! $olddn || $olddn != $dn )
{
2017-10-04 11:22:41 +02:00
if ( ! empty ( $olddn ) && ! empty ( $newrdn ) && ! empty ( $newparent ) && $conf -> global -> LDAP_SERVER_PROTOCOLVERSION === '3' )
{
// This function currently only works with LDAPv3
2017-10-04 12:07:17 +02:00
$result = $this -> rename ( $olddn , $newrdn , $newparent , $user , true );
2017-10-04 11:22:41 +02:00
}
else
{
// If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
$result = $this -> add ( $dn , $info , $user );
if ( $result > 0 && $olddn && $olddn != $dn ) $result = $this -> delete ( $olddn ); // If add fails, we do not try to delete old one
}
2009-08-11 22:16:58 +02:00
}
else
{
2009-08-12 01:42:21 +02:00
//$result = $this->delete($olddn);
$result = $this -> add ( $dn , $info , $user ); // If record has been deleted from LDAP, we recreate it. We ignore error if it already exists.
$result = $this -> modify ( $dn , $info , $user ); // We use add/modify instead of delete/add when olddn is received
2009-08-11 22:16:58 +02:00
}
if ( $result <= 0 )
{
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection ) . " " . $this -> error ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::update " . $this -> error , LOG_ERR );
2009-08-11 22:16:58 +02:00
//print_r($info);
return - 1 ;
}
else
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::update done successfully " );
2009-08-11 22:16:58 +02:00
return 1 ;
}
}
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Delete a LDAP entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param string $dn DN entry key
* @ return int < 0 if KO , > 0 if OK
2008-12-09 21:14:04 +01:00
*/
2006-11-18 22:59:10 +01:00
function delete ( $dn )
{
2006-11-19 05:56:10 +01:00
global $conf ;
2006-11-21 23:51:05 +01:00
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::delete Delete LDAP entry dn= " . $dn );
2006-11-18 22:59:10 +01:00
2009-08-11 22:16:58 +02:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
2008-12-09 21:14:04 +01:00
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
2006-11-26 01:24:10 +01:00
2006-11-18 22:59:10 +01:00
$result =@ ldap_delete ( $this -> connection , $dn );
if ( $result ) return 1 ;
return - 1 ;
}
2009-12-21 10:05:49 +01:00
/**
2012-01-27 16:10:44 +01:00
* Build a LDAP message
2012-03-19 17:18:11 +01:00
*
2014-04-23 14:57:47 +02:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ return string Content of file
2009-12-21 10:05:49 +01:00
*/
function dump_content ( $dn , $info )
{
$content = '' ;
// Create file content
if ( preg_match ( '/^ldap/' , $this -> server [ 0 ]))
{
$target = " -H " . join ( ',' , $this -> server );
}
else
{
$target = " -h " . join ( ',' , $this -> server ) . " -p " . $this -> serverPort ;
}
$content .= " # ldapadd $target -c -v -D " . $this -> searchUser . " -W -f ldapinput.in \n " ;
$content .= " # ldapmodify $target -c -v -D " . $this -> searchUser . " -W -f ldapinput.in \n " ;
$content .= " # ldapdelete $target -c -v -D " . $this -> searchUser . " -W -f ldapinput.in \n " ;
2010-01-17 14:51:08 +01:00
if ( in_array ( 'localhost' , $this -> server )) $content .= " # If commands fails to connect, try without -h and -p \n " ;
2009-12-21 10:05:49 +01:00
$content .= " dn: " . $dn . " \n " ;
foreach ( $info as $key => $value )
{
if ( ! is_array ( $value ))
{
$content .= " $key : $value\n " ;
}
else
{
foreach ( $value as $valuekey => $valuevalue )
{
$content .= " $key : $valuevalue\n " ;
}
}
}
return $content ;
}
/**
2012-01-27 16:10:44 +01:00
* Dump a LDAP message to ldapinput . in file
2012-03-19 17:18:11 +01:00
*
2014-04-23 14:57:47 +02:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ return int < 0 if KO , > 0 if OK
2009-12-21 10:05:49 +01:00
*/
function dump ( $dn , $info )
{
global $conf ;
// Create content
$content = $this -> dump_content ( $dn , $info );
//Create file
2012-02-19 18:34:22 +01:00
$result = dol_mkdir ( $conf -> ldap -> dir_temp );
2009-12-21 10:05:49 +01:00
2011-12-05 17:13:48 +01:00
$outputfile = $conf -> ldap -> dir_temp . '/ldapinput.in' ;
$fp = fopen ( $outputfile , " w " );
2009-12-21 10:05:49 +01:00
if ( $fp )
{
fputs ( $fp , $content );
fclose ( $fp );
if ( ! empty ( $conf -> global -> MAIN_UMASK ))
@ chmod ( $outputfile , octdec ( $conf -> global -> MAIN_UMASK ));
return 1 ;
}
else
{
return - 1 ;
}
}
2017-09-15 18:02:52 +02:00
/**
* Ping a server before ldap_connect for avoid waiting
*
* @ param string $host Server host or address
* @ param int $port Server port ( default 389 )
* @ param int $timeout Timeout in second ( default 1 s )
* @ return boolean true or false
*/
function serverPing ( $host , $port = 389 , $timeout = 1 )
{
2018-03-19 12:11:59 +01:00
// Replace ldaps:// by ssl://
2018-03-19 12:37:53 +01:00
if ( preg_match ( '/^ldaps:\/\/([^\/]+)\/?$/' , $host , $regs )) {
2018-03-19 12:11:59 +01:00
$host = 'ssl://' . $regs [ 1 ];
}
2018-03-19 17:59:23 +01:00
// Remove ldap://
if ( preg_match ( '/^ldap:\/\/([^\/]+)\/?$/' , $host , $regs )) {
$host = $regs [ 1 ];
}
2017-09-15 18:02:52 +02:00
$op = @ fsockopen ( $host , $port , $errno , $errstr , $timeout );
if ( ! $op ) return false ; //DC is N/A
else {
2017-09-15 18:31:22 +02:00
fclose ( $op ); //explicitly close open socket connection
2017-09-15 18:02:52 +02:00
return true ; //DC is up & running, we can safely connect with ldap_connect
}
}
2009-12-21 10:05:49 +01:00
2012-01-27 16:10:44 +01:00
// Attribute methods -----------------------------------------------------
2010-01-17 14:51:08 +01:00
2017-10-07 13:09:31 +02:00
/**
2012-01-27 16:10:44 +01:00
* Add a LDAP attribute in entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2014-04-23 14:57:47 +02:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ param User $user Objet user that create
* @ return int < 0 if KO , > 0 if OK
2009-12-21 09:02:25 +01:00
*/
2009-12-21 10:05:49 +01:00
function addAttribute ( $dn , $info , $user )
2009-12-21 09:02:25 +01:00
{
global $conf ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::addAttribute dn= " . $dn . " info= " . join ( ',' , $info ));
2009-12-21 09:02:25 +01:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
foreach ( $info as $key => $val )
{
if ( ! is_array ( $val )) $info [ $key ] = $this -> convFromOutputCharset ( $val , $this -> ldapcharset );
}
$this -> dump ( $dn , $info );
//print_r($info);
$result =@ ldap_mod_add ( $this -> connection , $dn , $info );
if ( $result )
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::add_attribute successfull " , LOG_DEBUG );
2009-12-21 09:02:25 +01:00
return 1 ;
}
else
{
$this -> error =@ ldap_error ( $this -> connection );
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::add_attribute failed: " . $this -> error , LOG_ERR );
2009-12-21 09:02:25 +01:00
return - 1 ;
}
}
2010-01-17 14:51:08 +01:00
2017-10-07 13:09:31 +02:00
/**
2012-01-27 16:10:44 +01:00
* Update a LDAP attribute in entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2014-04-23 14:57:47 +02:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ param User $user Objet user that create
* @ return int < 0 if KO , > 0 if OK
2009-12-21 09:02:25 +01:00
*/
2009-12-21 10:05:49 +01:00
function updateAttribute ( $dn , $info , $user )
2009-12-21 09:02:25 +01:00
{
global $conf ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::updateAttribute dn= " . $dn . " info= " . join ( ',' , $info ));
2009-12-21 09:02:25 +01:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
2006-11-18 22:59:10 +01:00
2009-12-21 09:02:25 +01:00
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
foreach ( $info as $key => $val )
{
if ( ! is_array ( $val )) $info [ $key ] = $this -> convFromOutputCharset ( $val , $this -> ldapcharset );
}
$this -> dump ( $dn , $info );
//print_r($info);
$result =@ ldap_mod_replace ( $this -> connection , $dn , $info );
if ( $result )
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::updateAttribute successfull " , LOG_DEBUG );
2009-12-21 09:02:25 +01:00
return 1 ;
}
else
{
$this -> error =@ ldap_error ( $this -> connection );
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::updateAttribute failed: " . $this -> error , LOG_ERR );
2009-12-21 09:02:25 +01:00
return - 1 ;
}
}
2010-01-17 14:51:08 +01:00
2017-10-07 13:09:31 +02:00
/**
2012-01-27 16:10:44 +01:00
* Delete a LDAP attribute in entry
* Ldap object connect and bind must have been done
2012-03-19 17:18:11 +01:00
*
2014-04-23 14:57:47 +02:00
* @ param string $dn DN entry key
2014-09-27 16:00:11 +02:00
* @ param array $info Attributes array
2014-04-23 14:57:47 +02:00
* @ param User $user Objet user that create
* @ return int < 0 if KO , > 0 if OK
2009-12-21 09:02:25 +01:00
*/
2009-12-21 10:05:49 +01:00
function deleteAttribute ( $dn , $info , $user )
2009-12-21 09:02:25 +01:00
{
global $conf ;
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::deleteAttribute dn= " . $dn . " info= " . join ( ',' , $info ));
2009-12-21 09:02:25 +01:00
// Check parameters
if ( ! $this -> connection )
{
$this -> error = " NotConnected " ;
return - 2 ;
}
if ( ! $this -> bind )
{
$this -> error = " NotConnected " ;
return - 3 ;
}
// Encode to LDAP page code
$dn = $this -> convFromOutputCharset ( $dn , $this -> ldapcharset );
foreach ( $info as $key => $val )
{
if ( ! is_array ( $val )) $info [ $key ] = $this -> convFromOutputCharset ( $val , $this -> ldapcharset );
}
$this -> dump ( $dn , $info );
//print_r($info);
$result =@ ldap_mod_del ( $this -> connection , $dn , $info );
if ( $result )
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::deleteAttribute successfull " , LOG_DEBUG );
2009-12-21 09:02:25 +01:00
return 1 ;
}
else
{
$this -> error =@ ldap_error ( $this -> connection );
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::deleteAttribute failed: " . $this -> error , LOG_ERR );
2009-12-21 09:02:25 +01:00
return - 1 ;
}
}
2010-01-17 14:51:08 +01:00
2017-10-07 13:09:31 +02:00
/**
2009-12-21 10:05:49 +01:00
* Returns an array containing attributes and values for first record
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param string $dn DN entry key
* @ param string $filter Filter
2016-05-29 11:20:12 +02:00
* @ return int | array < 0 or false if KO , array if OK
2008-12-09 21:14:04 +01:00
*/
2009-12-21 10:05:49 +01:00
function getAttribute ( $dn , $filter )
2010-01-17 14:51:08 +01:00
{
2009-12-21 10:05:49 +01:00
// Check parameters
if ( ! $this -> connection )
2007-05-01 18:26:12 +02:00
{
2009-12-21 10:05:49 +01:00
$this -> error = " NotConnected " ;
return - 2 ;
2007-05-01 18:26:12 +02:00
}
2009-12-21 10:05:49 +01:00
if ( ! $this -> bind )
2007-05-01 18:26:12 +02:00
{
2009-12-21 10:05:49 +01:00
$this -> error = " NotConnected " ;
return - 3 ;
2007-05-01 18:26:12 +02:00
}
2010-01-17 14:51:08 +01:00
2009-12-21 10:05:49 +01:00
$search = ldap_search ( $this -> connection , $dn , $filter );
2008-12-09 21:14:04 +01:00
2009-12-21 10:05:49 +01:00
// Only one entry should ever be returned
$entry = ldap_first_entry ( $this -> connection , $search );
2008-12-09 21:14:04 +01:00
2009-12-21 10:05:49 +01:00
if ( ! $entry )
2007-05-01 18:26:12 +02:00
{
2009-12-21 10:05:49 +01:00
$this -> ldapErrorCode = - 1 ;
$this -> ldapErrorText = " Couldn't find entry " ;
2016-05-29 11:20:12 +02:00
return 0 ; // Couldn't find entry...
2007-05-01 18:26:12 +02:00
}
2009-12-21 10:05:49 +01:00
// Get values
2012-03-19 17:18:11 +01:00
if ( ! $values = ldap_get_attributes ( $this -> connection , $entry ))
2007-05-01 18:26:12 +02:00
{
2011-09-20 11:40:27 +02:00
$this -> ldapErrorCode = ldap_errno ( $this -> connection );
$this -> ldapErrorText = ldap_error ( $this -> connection );
2016-05-29 11:20:12 +02:00
return 0 ; // No matching attributes
2006-11-26 03:59:09 +01:00
}
2009-12-21 10:05:49 +01:00
// Return an array containing the attributes.
return $values ;
}
2006-11-19 05:56:10 +01:00
2008-12-09 21:14:04 +01:00
/**
2009-12-21 10:05:49 +01:00
* Returns an array containing values for an attribute and for first record matching filterrecord
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param string $filterrecord Record
* @ param string $attribute Attributes
* @ return void
2009-12-21 10:05:49 +01:00
*/
function getAttributeValues ( $filterrecord , $attribute )
2008-12-09 21:14:04 +01:00
{
2014-11-15 15:19:37 +01:00
$attributes = array ();
2008-12-09 21:14:04 +01:00
$attributes [ 0 ] = $attribute ;
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
// We need to search for this user in order to get their entry.
$this -> result = @ ldap_search ( $this -> connection , $this -> people , $filterrecord , $attributes );
2006-11-21 18:38:28 +01:00
// Pourquoi cette ligne ?
2008-12-09 21:14:04 +01:00
//$info = ldap_get_entries($this->connection, $this->result);
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
// Only one entry should ever be returned (no user will have the same uid)
$entry = ldap_first_entry ( $this -> connection , $this -> result );
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
if ( ! $entry )
2006-11-21 18:38:28 +01:00
{
2008-12-09 21:14:04 +01:00
$this -> ldapErrorCode = - 1 ;
$this -> ldapErrorText = " Couldn't find user " ;
return false ; // Couldn't find the user...
}
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
// Get values
2012-03-19 17:18:11 +01:00
if ( ! $values = @ ldap_get_values ( $this -> connection , $entry , $attribute ))
2006-11-21 18:38:28 +01:00
{
2011-09-20 11:40:27 +02:00
$this -> ldapErrorCode = ldap_errno ( $this -> connection );
$this -> ldapErrorText = ldap_error ( $this -> connection );
2008-12-09 21:14:04 +01:00
return false ; // No matching attributes
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
// Return an array containing the attributes.
return $values ;
}
2006-06-25 01:15:46 +02:00
2008-12-09 21:14:04 +01:00
/**
2015-10-30 19:16:02 +01:00
* Returns an array containing a details or list of LDAP record ( s )
2012-01-27 16:10:44 +01:00
* ldapsearch - LLLx - hlocalhost - Dcn = admin , dc = parinux , dc = org - w password - b " ou=adherents,ou=people,dc=parinux,dc=org " userPassword
2012-03-19 17:18:11 +01:00
*
2015-10-30 19:16:02 +01:00
* @ param string $search Value of fiel to search , '*' for all . Not used if $activefilter is set .
2012-01-27 16:10:44 +01:00
* @ param string $userDn DN ( Ex : ou = adherents , ou = people , dc = parinux , dc = org )
* @ param string $useridentifier Name of key field ( Ex : uid )
2012-10-24 17:32:10 +02:00
* @ param array $attributeArray Array of fields required . Note this array must also contains field $useridentifier ( Ex : sn , userPassword )
2015-10-30 19:16:02 +01:00
* @ param int $activefilter '1' or 'user' = use field this -> filter as filter instead of parameter $search , 'member' = use field this -> filtermember as filter
2013-02-25 11:57:52 +01:00
* @ param array $attributeAsArray Array of fields wanted as an array not a string
2012-01-27 16:10:44 +01:00
* @ return array Array of [ id_record ][ ldap_field ] = value
2008-12-09 21:14:04 +01:00
*/
2013-02-25 11:57:52 +01:00
function getRecords ( $search , $userDn , $useridentifier , $attributeArray , $activefilter = 0 , $attributeAsArray = array ())
2008-12-09 21:14:04 +01:00
{
$fulllist = array ();
2015-10-30 19:16:02 +01:00
dol_syslog ( get_class ( $this ) . " ::getRecords search= " . $search . " userDn= " . $userDn . " useridentifier= " . $useridentifier . " attributeArray=array( " . join ( ',' , $attributeArray ) . " ) activefilter= " . $activefilter );
2008-12-09 21:14:04 +01:00
// if the directory is AD, then bind first with the search user first
if ( $this -> serverType == " activedirectory " )
{
$this -> bindauth ( $this -> searchUser , $this -> searchPassword );
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::bindauth serverType=activedirectory searchUser= " . $this -> searchUser );
2008-12-09 21:14:04 +01:00
}
// Define filter
2015-10-30 19:16:02 +01:00
if ( ! empty ( $activefilter ))
2008-12-09 21:14:04 +01:00
{
2015-10-30 19:16:02 +01:00
if ((( string ) $activefilter == '1' || ( string ) $activefilter == 'user' ) && $this -> filter )
2008-12-09 21:14:04 +01:00
{
$filter = '(' . $this -> filter . ')' ;
}
2015-10-30 19:16:02 +01:00
elseif ((( string ) $activefilter == 'member' ) && $this -> filter )
{
$filter = '(' . $this -> filtermember . ')' ;
}
else // If this->filter is empty, make fiter on * (all)
2008-12-09 21:14:04 +01:00
{
2015-10-30 19:16:02 +01:00
$filter = '(' . $useridentifier . '=*)' ;
2008-12-09 21:14:04 +01:00
}
}
else
{
$filter = '(' . $useridentifier . '=' . $search . ')' ;
}
if ( is_array ( $attributeArray ))
{
// Return list with required fields
2012-10-24 16:25:09 +02:00
$attributeArray = array_values ( $attributeArray ); // This is to force to have index reordered from 0 (not make ldap_search fails)
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::getRecords connection= " . $this -> connection . " userDn= " . $userDn . " filter= " . $filter . " attributeArray=( " . join ( ',' , $attributeArray ) . " ) " );
2012-10-24 16:25:09 +02:00
//var_dump($attributeArray);
2008-12-09 21:14:04 +01:00
$this -> result = @ ldap_search ( $this -> connection , $userDn , $filter , $attributeArray );
}
else
{
// Return list with fields selected by default
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::getRecords connection= " . $this -> connection . " userDn= " . $userDn . " filter= " . $filter );
2008-12-09 21:14:04 +01:00
$this -> result = @ ldap_search ( $this -> connection , $userDn , $filter );
}
if ( ! $this -> result )
{
$this -> error = 'LDAP search failed: ' . ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
return - 1 ;
}
$info = @ ldap_get_entries ( $this -> connection , $this -> result );
2007-04-26 02:08:06 +02:00
2009-12-21 10:05:49 +01:00
// Warning: Dans info, les noms d'attributs sont en minuscule meme si passe
2007-04-26 02:08:06 +02:00
// a ldap_search en majuscule !!!
2006-11-26 01:24:10 +01:00
//print_r($info);
2007-04-26 02:08:06 +02:00
for ( $i = 0 ; $i < $info [ " count " ]; $i ++ )
{
2008-12-09 21:14:04 +01:00
$recordid = $this -> convToOutputCharset ( $info [ $i ][ $useridentifier ][ 0 ], $this -> ldapcharset );
2007-04-26 02:08:06 +02:00
if ( $recordid )
{
//print "Found record with key $useridentifier=".$recordid."<br>\n";
2007-05-02 00:13:34 +02:00
$fulllist [ $recordid ][ $useridentifier ] = $recordid ;
2008-12-09 21:14:04 +01:00
2007-04-26 02:08:06 +02:00
// Add to the array for each attribute in my list
2011-09-20 18:12:52 +02:00
$num = count ( $attributeArray );
for ( $j = 0 ; $j < $num ; $j ++ )
2007-04-26 02:08:06 +02:00
{
$keyattributelower = strtolower ( $attributeArray [ $j ]);
//print " Param ".$attributeArray[$j]."=".$info[$i][$keyattributelower][0]."<br>\n";
2009-01-29 13:39:52 +01:00
2009-12-21 10:05:49 +01:00
//permet de recuperer le SID avec Active Directory
2007-04-26 02:08:06 +02:00
if ( $this -> serverType == " activedirectory " && $keyattributelower == " objectsid " )
{
$objectsid = $this -> getObjectSid ( $recordid );
2007-05-02 00:13:34 +02:00
$fulllist [ $recordid ][ $attributeArray [ $j ]] = $objectsid ;
2007-04-26 02:08:06 +02:00
}
else
{
2013-02-25 11:57:52 +01:00
if ( in_array ( $attributeArray [ $j ], $attributeAsArray ) && is_array ( $info [ $i ][ $keyattributelower ])) {
$valueTab = array ();
foreach ( $info [ $i ][ $keyattributelower ] as $key => $value ) {
$valueTab [ $key ] = $this -> convToOutputCharset ( $value , $this -> ldapcharset );
}
$fulllist [ $recordid ][ $attributeArray [ $j ]] = $valueTab ;
} else {
$fulllist [ $recordid ][ $attributeArray [ $j ]] = $this -> convToOutputCharset ( $info [ $i ][ $keyattributelower ][ 0 ], $this -> ldapcharset );
}
2007-04-26 02:08:06 +02:00
}
}
}
}
2006-06-24 17:13:29 +02:00
2008-12-09 21:14:04 +01:00
asort ( $fulllist );
return $fulllist ;
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
/**
* Converts a little - endian hex - number to one , that 'hexdec' can convert
2012-01-27 16:10:44 +01:00
* Required by Active Directory
*
2012-03-20 12:46:57 +01:00
* @ param string $hex Hex value
2012-04-16 12:01:32 +02:00
* @ return string Little endian
2008-12-09 21:14:04 +01:00
*/
2012-03-19 17:18:11 +01:00
function littleEndian ( $hex )
2012-01-27 16:10:44 +01:00
{
2010-08-24 21:51:56 +02:00
for ( $x = dol_strlen ( $hex ) - 2 ; $x >= 0 ; $x = $x - 2 ) {
2008-12-09 21:14:04 +01:00
$result .= substr ( $hex , $x , 2 );
}
return $result ;
}
/**
2012-03-19 17:18:11 +01:00
* Recupere le SID de l ' utilisateur
2012-01-27 16:10:44 +01:00
* Required by Active Directory
2012-03-19 17:18:11 +01:00
*
2012-04-16 12:01:32 +02:00
* @ param string $ldapUser Login de l ' utilisateur
2012-03-19 17:18:11 +01:00
* @ return string Sid
2008-12-09 21:14:04 +01:00
*/
function getObjectSid ( $ldapUser )
{
$criteria = '(' . $this -> getUserIdentifier () . '=' . $ldapUser . ')' ;
$justthese = array ( " objectsid " );
2009-01-29 13:39:52 +01:00
2008-12-09 21:14:04 +01:00
// if the directory is AD, then bind first with the search user first
if ( $this -> serverType == " activedirectory " )
{
$this -> bindauth ( $this -> searchUser , $this -> searchPassword );
}
$i = 0 ;
$searchDN = $this -> people ;
while ( $i <= 2 )
{
$ldapSearchResult = @ ldap_search ( $this -> connection , $searchDN , $criteria , $justthese );
2009-01-29 13:39:52 +01:00
2008-12-09 21:14:04 +01:00
if ( ! $ldapSearchResult )
{
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
return - 1 ;
}
$entry = ldap_first_entry ( $this -> connection , $ldapSearchResult );
if ( ! $entry )
{
2012-03-19 17:18:11 +01:00
// Si pas de resultat on cherche dans le domaine
2008-12-09 21:14:04 +01:00
$searchDN = $this -> domain ;
$i ++ ;
2007-06-02 13:30:06 +02:00
}
else
2008-12-09 21:14:04 +01:00
{
$i ++ ;
$i ++ ;
}
}
if ( $entry )
{
2012-03-19 17:18:11 +01:00
$ldapBinary = ldap_get_values_len ( $this -> connection , $entry , " objectsid " );
2008-12-09 21:14:04 +01:00
$SIDText = $this -> binSIDtoText ( $ldapBinary [ 0 ]);
return $SIDText ;
}
else
{
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
return '?' ;
}
}
2009-01-29 13:39:52 +01:00
2008-12-09 21:14:04 +01:00
/**
* Returns the textual SID
* Indispensable pour Active Directory
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param string $binsid Binary SID
* @ return string Textual SID
2008-12-09 21:14:04 +01:00
*/
2012-03-19 17:18:11 +01:00
function binSIDtoText ( $binsid )
2012-01-27 16:10:44 +01:00
{
2008-12-09 21:14:04 +01:00
$hex_sid = bin2hex ( $binsid );
$rev = hexdec ( substr ( $hex_sid , 0 , 2 )); // Get revision-part of SID
$subcount = hexdec ( substr ( $hex_sid , 2 , 2 )); // Get count of sub-auth entries
$auth = hexdec ( substr ( $hex_sid , 4 , 12 )); // SECURITY_NT_AUTHORITY
$result = " $rev - $auth " ;
2014-11-15 15:19:37 +01:00
for ( $x = 0 ; $x < $subcount ; $x ++ )
{
$result .= " - " . hexdec ( $this -> littleEndian ( substr ( $hex_sid , 16 + ( $x * 8 ), 8 ))); // get all SECURITY_NT_AUTHORITY
2008-12-09 21:14:04 +01:00
}
return $result ;
}
2009-01-29 13:39:52 +01:00
2006-11-21 23:51:05 +01:00
2006-11-19 05:56:10 +01:00
/**
2012-01-27 16:10:44 +01:00
* Fonction de recherche avec filtre
* this -> connection doit etre defini donc la methode bind ou bindauth doit avoir deja ete appelee
* Ne pas utiliser pour recherche d ' une liste donnee de proprietes
* car conflit majuscule - minuscule . A n ' utiliser que pour les pages
* 'Fiche LDAP' qui affiche champ lisibles par defaut .
*
2014-11-15 15:19:37 +01:00
* @ param string $checkDn DN de recherche ( Ex : ou = users , cn = my - domain , cn = com )
* @ param string $filter Search filter ( ex : ( sn = nom_personne ) )
* @ return array | int Array with answers ( key lowercased - value )
2008-12-09 21:14:04 +01:00
*/
2006-11-19 17:02:53 +01:00
function search ( $checkDn , $filter )
{
2012-10-24 17:32:10 +02:00
dol_syslog ( get_class ( $this ) . " ::search checkDn= " . $checkDn . " filter= " . $filter );
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
$checkDn = $this -> convFromOutputCharset ( $checkDn , $this -> ldapcharset );
$filter = $this -> convFromOutputCharset ( $filter , $this -> ldapcharset );
2006-11-26 01:24:10 +01:00
2006-11-19 05:56:10 +01:00
// if the directory is AD, then bind first with the search user first
if ( $this -> serverType == " activedirectory " ) {
2006-11-26 03:59:09 +01:00
$this -> bindauth ( $this -> searchUser , $this -> searchPassword );
2006-11-19 05:56:10 +01:00
}
2006-11-21 23:51:05 +01:00
2006-11-19 17:02:53 +01:00
$this -> result = @ ldap_search ( $this -> connection , $checkDn , $filter );
2006-11-21 23:51:05 +01:00
2006-11-19 17:02:53 +01:00
$result = @ ldap_get_entries ( $this -> connection , $this -> result );
2006-11-26 01:24:10 +01:00
if ( ! $result )
2006-11-19 05:56:10 +01:00
{
2006-11-26 01:24:10 +01:00
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
return - 1 ;
2006-11-19 05:56:10 +01:00
}
else
{
ldap_free_result ( $this -> result );
return $result ;
}
}
2006-06-25 16:29:29 +02:00
2008-12-09 21:14:04 +01:00
/**
2011-05-28 02:16:12 +02:00
* Load all attribute of a LDAP user
2012-03-19 17:18:11 +01:00
*
2012-01-27 16:10:44 +01:00
* @ param User $user User to search for . Not used if a filter is provided .
* @ param string $filter Filter for search . Must start with &.
* Examples : & ( objectClass = inetOrgPerson ) & ( objectClass = user )( objectCategory = person ) & ( isMemberOf = cn = Sales , ou = Groups , dc = opencsi , dc = com )
* @ return int > 0 if OK , < 0 if KO
2008-12-09 21:14:04 +01:00
*/
2011-05-28 02:16:12 +02:00
function fetch ( $user , $filter )
2008-01-25 23:13:25 +01:00
{
// Perform the search and get the entry handles
2006-11-21 23:51:05 +01:00
2008-01-25 23:13:25 +01:00
// if the directory is AD, then bind first with the search user first
if ( $this -> serverType == " activedirectory " ) {
$this -> bindauth ( $this -> searchUser , $this -> searchPassword );
}
2006-06-25 19:09:43 +02:00
2011-05-28 05:34:20 +02:00
$searchDN = $this -> people ; // TODO Why searching in people then domain ?
2008-12-09 21:14:04 +01:00
2008-01-25 23:13:25 +01:00
$result = '' ;
2011-05-28 02:16:12 +02:00
$i = 0 ;
2008-01-25 23:13:25 +01:00
while ( $i <= 2 )
{
2017-10-07 13:09:31 +02:00
dol_syslog ( get_class ( $this ) . " ::fetch search with searchDN= " . $searchDN . " filter= " . $filter );
2008-01-25 23:13:25 +01:00
$this -> result = @ ldap_search ( $this -> connection , $searchDN , $filter );
if ( $this -> result )
{
$result = @ ldap_get_entries ( $this -> connection , $this -> result );
2011-05-28 13:50:51 +02:00
if ( $result [ 'count' ] > 0 ) dol_syslog ( 'Ldap::fetch search found ' . $result [ 'count' ] . ' records' );
else dol_syslog ( 'Ldap::fetch search returns but found no records' );
2011-05-28 05:34:20 +02:00
//var_dump($result);exit;
2008-01-25 23:13:25 +01:00
}
else
{
2017-10-07 13:09:31 +02:00
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
dol_syslog ( get_class ( $this ) . " ::fetch search fails " );
return - 1 ;
2008-01-25 23:13:25 +01:00
}
2009-01-29 13:39:52 +01:00
2011-05-28 02:16:12 +02:00
if ( ! $result )
2008-01-25 23:13:25 +01:00
{
2009-12-21 10:05:49 +01:00
// Si pas de resultat on cherche dans le domaine
2008-01-25 23:13:25 +01:00
$searchDN = $this -> domain ;
$i ++ ;
}
else
{
2011-05-28 02:16:12 +02:00
break ;
2008-01-25 23:13:25 +01:00
}
}
2006-06-25 19:09:43 +02:00
2008-01-25 23:13:25 +01:00
if ( ! $result )
{
$this -> error = ldap_errno ( $this -> connection ) . " " . ldap_error ( $this -> connection );
return - 1 ;
}
else
{
2008-12-09 21:14:04 +01:00
$this -> name = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_name ][ 0 ], $this -> ldapcharset );
$this -> firstname = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_firstname ][ 0 ], $this -> ldapcharset );
2011-05-28 02:16:12 +02:00
$this -> login = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_login ][ 0 ], $this -> ldapcharset );
2008-12-09 21:14:04 +01:00
$this -> phone = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_phone ][ 0 ], $this -> ldapcharset );
2017-10-02 08:43:53 +02:00
$this -> skype = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_skype ][ 0 ], $this -> ldapcharset );
2008-12-09 21:14:04 +01:00
$this -> fax = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_fax ][ 0 ], $this -> ldapcharset );
$this -> mail = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_mail ][ 0 ], $this -> ldapcharset );
$this -> mobile = $this -> convToOutputCharset ( $result [ 0 ][ $this -> attr_mobile ][ 0 ], $this -> ldapcharset );
$this -> uacf = $this -> parseUACF ( $this -> convToOutputCharset ( $result [ 0 ][ " useraccountcontrol " ][ 0 ], $this -> ldapcharset ));
2008-01-25 23:13:25 +01:00
if ( isset ( $result [ 0 ][ " pwdlastset " ][ 0 ])) // If expiration on password exists
{
2008-12-09 21:14:04 +01:00
$this -> pwdlastset = ( $result [ 0 ][ " pwdlastset " ][ 0 ] != 0 ) ? $this -> convert_time ( $this -> convToOutputCharset ( $result [ 0 ][ " pwdlastset " ][ 0 ], $this -> ldapcharset )) : 0 ;
2008-01-25 23:13:25 +01:00
}
else
{
$this -> pwdlastset = - 1 ;
}
if ( ! $this -> name && ! $this -> login ) $this -> pwdlastset = - 1 ;
2008-12-09 21:14:04 +01:00
$this -> badpwdtime = $this -> convert_time ( $this -> convToOutputCharset ( $result [ 0 ][ " badpasswordtime " ][ 0 ], $this -> ldapcharset ));
2009-01-29 13:39:52 +01:00
2008-01-25 23:13:25 +01:00
// FQDN domain
2009-10-21 19:42:31 +02:00
$domain = str_replace ( 'dc=' , '' , $this -> domain );
$domain = str_replace ( ',' , '.' , $domain );
2008-01-25 23:13:25 +01:00
$this -> domainFQDN = $domain ;
2006-11-21 23:51:05 +01:00
2011-05-28 05:34:20 +02:00
// Set ldapUserDn (each user can have a different dn)
2017-10-07 13:09:31 +02:00
//var_dump($result[0]);exit;
2011-05-28 05:34:20 +02:00
$this -> ldapUserDN = $result [ 0 ][ 'dn' ];
2008-01-25 23:13:25 +01:00
ldap_free_result ( $this -> result );
return 1 ;
}
2007-04-28 14:57:13 +02:00
}
2006-06-24 17:13:29 +02:00
2006-11-21 23:51:05 +01:00
2012-01-27 16:10:44 +01:00
// helper methods
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
/**
2012-01-27 16:10:44 +01:00
* Returns the correct user identifier to use , based on the ldap server type
2012-03-19 17:18:11 +01:00
*
* @ return string Login
2008-12-09 21:14:04 +01:00
*/
2012-03-19 17:18:11 +01:00
function getUserIdentifier ()
2012-01-27 16:10:44 +01:00
{
2008-12-09 21:14:04 +01:00
if ( $this -> serverType == " activedirectory " ) {
return $this -> attr_sambalogin ;
} else {
return $this -> attr_login ;
}
}
2006-11-21 23:51:05 +01:00
2009-12-21 10:05:49 +01:00
/**
2017-10-07 13:09:31 +02:00
* UserAccountControl Flgs to more human understandable form ...
*
* @ param string $uacf UACF
* @ return void
*/
2012-03-19 17:18:11 +01:00
function parseUACF ( $uacf )
2012-01-27 16:10:44 +01:00
{
2008-12-09 21:14:04 +01:00
//All flags array
2017-10-02 08:43:53 +02:00
$flags = array (
" TRUSTED_TO_AUTH_FOR_DELEGATION " => 16777216 ,
" PASSWORD_EXPIRED " => 8388608 ,
" DONT_REQ_PREAUTH " => 4194304 ,
" USE_DES_KEY_ONLY " => 2097152 ,
" NOT_DELEGATED " => 1048576 ,
" TRUSTED_FOR_DELEGATION " => 524288 ,
" SMARTCARD_REQUIRED " => 262144 ,
" MNS_LOGON_ACCOUNT " => 131072 ,
" DONT_EXPIRE_PASSWORD " => 65536 ,
" SERVER_TRUST_ACCOUNT " => 8192 ,
" WORKSTATION_TRUST_ACCOUNT " => 4096 ,
" INTERDOMAIN_TRUST_ACCOUNT " => 2048 ,
" NORMAL_ACCOUNT " => 512 ,
" TEMP_DUPLICATE_ACCOUNT " => 256 ,
" ENCRYPTED_TEXT_PWD_ALLOWED " => 128 ,
" PASSWD_CANT_CHANGE " => 64 ,
" PASSWD_NOTREQD " => 32 ,
" LOCKOUT " => 16 ,
" HOMEDIR_REQUIRED " => 8 ,
" ACCOUNTDISABLE " => 2 ,
" SCRIPT " => 1
);
2006-06-25 16:29:29 +02:00
2008-12-09 21:14:04 +01:00
//Parse flags to text
$retval = array ();
while ( list ( $flag , $val ) = each ( $flags )) {
if ( $uacf >= $val ) {
$uacf -= $val ;
$retval [ $val ] = $flag ;
}
}
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
//Return human friendly flags
return ( $retval );
}
2006-11-21 23:51:05 +01:00
2009-12-21 10:05:49 +01:00
/**
2017-10-07 13:09:31 +02:00
* SamAccountType value to text
*
* @ param string $samtype SamType
* @ return string Sam string
*/
2012-03-19 17:18:11 +01:00
function parseSAT ( $samtype )
2012-01-27 16:10:44 +01:00
{
2017-10-02 08:43:53 +02:00
$stypes = array (
805306368 => " NORMAL_ACCOUNT " ,
805306369 => " WORKSTATION_TRUST " ,
805306370 => " INTERDOMAIN_TRUST " ,
268435456 => " SECURITY_GLOBAL_GROUP " ,
268435457 => " DISTRIBUTION_GROUP " ,
536870912 => " SECURITY_LOCAL_GROUP " ,
536870913 => " DISTRIBUTION_LOCAL_GROUP "
);
2008-12-09 21:14:04 +01:00
$retval = " " ;
while ( list ( $sat , $val ) = each ( $stypes )) {
if ( $samtype == $sat ) {
$retval = $val ;
break ;
}
}
if ( empty ( $retval )) $retval = " UNKNOWN_TYPE_ " . $samtype ;
2006-11-21 23:51:05 +01:00
2008-12-09 21:14:04 +01:00
return ( $retval );
}
2006-11-21 23:51:05 +01:00
2009-12-21 10:05:49 +01:00
/**
2012-01-27 16:10:44 +01:00
* Convertit le temps ActiveDirectory en Unix timestamp
*
* @ param string $value AD time to convert
2015-04-06 12:25:30 +02:00
* @ return integer Unix timestamp
2008-12-09 21:14:04 +01:00
*/
function convert_time ( $value )
2006-11-26 01:24:10 +01:00
{
2008-12-09 21:14:04 +01:00
$dateLargeInt = $value ; // nano secondes depuis 1601 !!!!
$secsAfterADEpoch = $dateLargeInt / ( 10000000 ); // secondes depuis le 1 jan 1601
$ADToUnixConvertor = (( 1970 - 1601 ) * 365.242190 ) * 86400 ; // UNIX start date - AD start date * jours * secondes
$unixTimeStamp = intval ( $secsAfterADEpoch - $ADToUnixConvertor ); // Unix time stamp
return $unixTimeStamp ;
2006-11-26 01:24:10 +01:00
}
2009-01-29 13:39:52 +01:00
2008-12-09 21:14:04 +01:00
/**
2011-12-07 18:10:24 +01:00
* Convert a string into output / memory charset
2017-10-07 13:09:31 +02:00
*
2012-01-27 16:10:44 +01:00
* @ param string $str String to convert
* @ param string $pagecodefrom Page code of src string
* @ return string Converted string
2009-08-11 22:16:58 +02:00
*/
2011-12-07 18:10:24 +01:00
private function convToOutputCharset ( $str , $pagecodefrom = 'UTF-8' )
2009-08-11 22:16:58 +02:00
{
global $conf ;
if ( $pagecodefrom == 'ISO-8859-1' && $conf -> file -> character_set_client == 'UTF-8' ) $str = utf8_encode ( $str );
2009-05-08 03:11:04 +02:00
if ( $pagecodefrom == 'UTF-8' && $conf -> file -> character_set_client == 'ISO-8859-1' ) $str = utf8_decode ( $str );
2008-12-09 21:14:04 +01:00
return $str ;
2009-08-11 22:16:58 +02:00
}
2006-11-26 01:24:10 +01:00
2008-12-09 21:14:04 +01:00
/**
2011-12-07 18:10:24 +01:00
* Convert a string from output / memory charset
2017-10-07 13:09:31 +02:00
*
2012-01-27 16:10:44 +01:00
* @ param string $str String to convert
* @ param string $pagecodeto Page code for result string
* @ return string Converted string
2009-08-11 22:16:58 +02:00
*/
function convFromOutputCharset ( $str , $pagecodeto = 'UTF-8' )
{
global $conf ;
2012-01-27 16:10:44 +01:00
if ( $pagecodeto == 'ISO-8859-1' && $conf -> file -> character_set_client == 'UTF-8' ) $str = utf8_decode ( $str );
if ( $pagecodeto == 'UTF-8' && $conf -> file -> character_set_client == 'ISO-8859-1' ) $str = utf8_encode ( $str );
2008-12-09 21:14:04 +01:00
return $str ;
2009-08-11 22:16:58 +02:00
}
2011-12-07 18:10:24 +01:00
2011-10-23 20:02:15 +02:00
/**
2011-12-07 18:10:24 +01:00
* Return available value of group GID
2012-01-27 16:10:44 +01:00
*
2017-09-16 21:58:05 +02:00
* @ param string $keygroup Key of group
* @ return int gid number
2011-12-07 18:10:24 +01:00
*/
2017-09-16 17:51:18 +02:00
function getNextGroupGid ( $keygroup = 'LDAP_KEY_GROUPS' )
2011-10-24 08:59:14 +02:00
{
2011-10-23 20:02:15 +02:00
global $conf ;
2011-12-07 18:10:24 +01:00
2017-09-16 17:51:18 +02:00
if ( empty ( $keygroup )) $keygroup = 'LDAP_KEY_GROUPS' ;
$search = '(' . $conf -> global -> $keygroup . '=*)' ;
2011-10-23 20:02:15 +02:00
$result = $this -> search ( $this -> groups , $search );
2017-10-02 08:43:53 +02:00
if ( $result )
2011-10-23 20:02:15 +02:00
{
2011-10-24 08:59:14 +02:00
$c = $result [ 'count' ];
$gids = array ();
for ( $i = 0 ; $i < $c ; $i ++ )
{
$gids [] = $result [ $i ][ 'gidnumber' ][ 0 ];
}
rsort ( $gids );
2011-12-07 18:10:24 +01:00
2011-10-24 08:59:14 +02:00
return $gids [ 0 ] + 1 ;
2011-10-23 20:02:15 +02:00
}
2011-12-07 18:10:24 +01:00
return 0 ;
2011-10-23 20:02:15 +02:00
}
2006-11-26 01:24:10 +01:00
}
