Support Incident Tracker GIT4.x
ldap.inc.php File Reference

Go to the source code of this file.

Enumerations

enum  LDAP_INVALID_USER
enum  LDAP_USERTYPE_ADMIN
enum  LDAP_USERTYPE_MANAGER
enum  LDAP_USERTYPE_USER
enum  LDAP_USERTYPE_CUSTOMER
enum  LDAP_PASSWORD_INCORRECT
enum  LDAP_BASE_INCORRECT
enum  LDAP_ADMIN_GROUP_INCORRECT
enum  LDAP_MANAGER_GROUP_INCORRECT
enum  LDAP_USER_GROUP_INCORRECT
enum  LDAP_CUSTOMER_GROUP_INCORRECT
enum  LDAP_CORRECT
enum  LDAP_EDIR_SURNAME
enum  LDAP_EDIR_FORENAMES
enum  LDAP_EDIR_REALNAME
enum  LDAP_EDIR_JOBTITLE
enum  LDAP_EDIR_EMAIL
enum  LDAP_EDIR_MOBILE
enum  LDAP_EDIR_TELEPHONE
enum  LDAP_EDIR_FAX
enum  LDAP_EDIR_DESCRIPTION
enum  LDAP_EDIR_GRPONUSER
enum  LDAP_EDIR_GRPFULLDN
enum  LDAP_EDIR_USERATTRIBUTE
enum  LDAP_EDIR_USEROBJECTTYPE
enum  LDAP_EDIR_GRPOBJECTTYPE
enum  LDAP_EDIR_GRPATTRIBUTEUSER
enum  LDAP_EDIR_GRPATTRIBUTEGRP
enum  LDAP_EDIR_ADDRESS1
enum  LDAP_EDIR_CITY
enum  LDAP_EDIR_COUNTY
enum  LDAP_EDIR_POSTCODE
enum  LDAP_EDIR_COURTESYTITLE
enum  LDAP_EDIR_LOGINDISABLEDATTRIBUTE
enum  LDAP_EDIR_LOGINDISABLEDVALUE
enum  LDAP_AD_SURNAME
enum  LDAP_AD_FORENAMES
enum  LDAP_AD_REALNAME
enum  LDAP_AD_JOBTITLE
enum  LDAP_AD_EMAIL
enum  LDAP_AD_MOBILE
enum  LDAP_AD_TELEPHONE
enum  LDAP_AD_FAX
enum  LDAP_AD_DESCRIPTION
enum  LDAP_AD_GRPONUSER
enum  LDAP_AD_GRPFULLDN
enum  LDAP_AD_USERATTRIBUTE
enum  LDAP_AD_USEROBJECTTYPE
enum  LDAP_AD_GRPOBJECTTYPE
enum  LDAP_AD_GRPATTRIBUTEUSER
enum  LDAP_AD_GRPATTRIBUTEGRP
enum  LDAP_AD_ADDRESS1
enum  LDAP_AD_CITY
enum  LDAP_AD_COUNTY
enum  LDAP_AD_POSTCODE
enum  LDAP_AD_COURTESYTITLE
enum  LDAP_AD_LOGINDISABLEDATTRIBUTE
enum  LDAP_AD_LOGINDISABLEDVALUE
enum  LDAP_OPENLDAP_SURNAME
enum  LDAP_OPENLDAP_FORENAMES
enum  LDAP_OPENLDAP_REALNAME
enum  LDAP_OPENLDAP_JOBTITLE
enum  LDAP_OPENLDAP_MOBILE
 define ('LDAP_OPENLDAP_EMAIL', 'mail'); More...
enum  LDAP_OPENLDAP_TELEPHONE
enum  LDAP_OPENLDAP_FAX
enum  LDAP_OPENLDAP_DESCRIPTION
enum  LDAP_OPENLDAP_GRPONUSER
enum  LDAP_OPENLDAP_GRPFULLDN
enum  LDAP_OPENLDAP_USERATTRIBUTE
enum  LDAP_OPENLDAP_USEROBJECTTYPE
enum  LDAP_OPENLDAP_GRPOBJECTTYPE
enum  LDAP_OPENLDAP_GRPATTRIBUTEGRP
enum  LDAP_OPENLDAP_ADDRESS1
enum  LDAP_OPENLDAP_CITY
enum  LDAP_OPENLDAP_COUNTY
enum  LDAP_OPENLDAP_POSTCODE
enum  LDAP_OPENLDAP_COURTESYTITLE

Functions

if($CONFIG['use_ldap']) ldapOpen ($host='', $port='', $protocol='', $security='', $user='', $password='')
 ldap_storeDetails ($password, $id=0, $user=TRUE, $populateOnly=FALSE, &$ldap_conn, $user_attributes)
 ldap_getDetails ($username, $searchOnEmail, &$ldap_conn)
 authenticateLDAP ($username, $password, $id=0, $user=TRUE, $populateOnly=FALSE, $searchOnEmail=FALSE)
 ldapImportCustomerFromEmail ($email)
 ldapCheckObjectExists ($dn, $objectType)
 ldapCheckGroupExists ($dn, $mapping)
 ldapGroupBrowse ($base, $ldap_host, $ldap_port, $ldap_type, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass)
 ldapNamingContexts ($ldap_host, $ldap_port, $ldap_type, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass)
 ldap_is_account_disabled ($attribute)

Variables

if(realpath(__FILE__)==realpath($_SERVER['SCRIPT_FILENAME'])) $ldap_conn = ""
 $ldap_vars

Enumeration Type Documentation

Definition at line 80 of file ldap.inc.php.

Definition at line 81 of file ldap.inc.php.

Definition at line 82 of file ldap.inc.php.

Definition at line 84 of file ldap.inc.php.

Definition at line 72 of file ldap.inc.php.

Definition at line 68 of file ldap.inc.php.

Definition at line 71 of file ldap.inc.php.

Definition at line 65 of file ldap.inc.php.

Definition at line 79 of file ldap.inc.php.

Definition at line 78 of file ldap.inc.php.

Definition at line 74 of file ldap.inc.php.

Definition at line 77 of file ldap.inc.php.

Definition at line 73 of file ldap.inc.php.

Definition at line 67 of file ldap.inc.php.

Definition at line 85 of file ldap.inc.php.

Definition at line 86 of file ldap.inc.php.

Definition at line 69 of file ldap.inc.php.

Definition at line 83 of file ldap.inc.php.

Definition at line 66 of file ldap.inc.php.

Definition at line 64 of file ldap.inc.php.

Definition at line 70 of file ldap.inc.php.

Definition at line 75 of file ldap.inc.php.

Definition at line 76 of file ldap.inc.php.

Definition at line 33 of file ldap.inc.php.

Definition at line 32 of file ldap.inc.php.

Definition at line 37 of file ldap.inc.php.

Definition at line 36 of file ldap.inc.php.

Definition at line 56 of file ldap.inc.php.

Definition at line 57 of file ldap.inc.php.

Definition at line 58 of file ldap.inc.php.

Definition at line 60 of file ldap.inc.php.

Definition at line 48 of file ldap.inc.php.

Definition at line 44 of file ldap.inc.php.

Definition at line 47 of file ldap.inc.php.

Definition at line 41 of file ldap.inc.php.

Definition at line 55 of file ldap.inc.php.

Definition at line 54 of file ldap.inc.php.

Definition at line 50 of file ldap.inc.php.

Definition at line 53 of file ldap.inc.php.

Definition at line 49 of file ldap.inc.php.

Definition at line 43 of file ldap.inc.php.

Definition at line 61 of file ldap.inc.php.

Definition at line 62 of file ldap.inc.php.

Definition at line 45 of file ldap.inc.php.

Definition at line 59 of file ldap.inc.php.

Definition at line 42 of file ldap.inc.php.

Definition at line 40 of file ldap.inc.php.

Definition at line 46 of file ldap.inc.php.

Definition at line 51 of file ldap.inc.php.

Definition at line 52 of file ldap.inc.php.

Definition at line 24 of file ldap.inc.php.

Definition at line 34 of file ldap.inc.php.

Definition at line 105 of file ldap.inc.php.

Definition at line 106 of file ldap.inc.php.

Definition at line 107 of file ldap.inc.php.

Definition at line 109 of file ldap.inc.php.

Definition at line 97 of file ldap.inc.php.

Definition at line 96 of file ldap.inc.php.

Definition at line 90 of file ldap.inc.php.

Definition at line 104 of file ldap.inc.php.

Definition at line 99 of file ldap.inc.php.

Definition at line 102 of file ldap.inc.php.

Definition at line 98 of file ldap.inc.php.

Definition at line 92 of file ldap.inc.php.

define ('LDAP_OPENLDAP_EMAIL', 'mail');

Definition at line 94 of file ldap.inc.php.

Definition at line 108 of file ldap.inc.php.

Definition at line 91 of file ldap.inc.php.

Definition at line 89 of file ldap.inc.php.

Definition at line 95 of file ldap.inc.php.

Definition at line 100 of file ldap.inc.php.

Definition at line 101 of file ldap.inc.php.

Definition at line 31 of file ldap.inc.php.

Definition at line 35 of file ldap.inc.php.

Definition at line 25 of file ldap.inc.php.

Definition at line 28 of file ldap.inc.php.

Definition at line 26 of file ldap.inc.php.

Definition at line 27 of file ldap.inc.php.


Function Documentation

authenticateLDAP ( username,
password,
id = 0,
user = TRUE,
populateOnly = FALSE,
searchOnEmail = FALSE 
)

Authenticate a user If successful and the user is new, the user is created in the database If successful and the user is returning, the user record is resynced

Author:
Lea Anthony and Paul Heaney
Parameters:
string$username,.Username
string$password,.Password
int$id,.The userid or contactid, > 0 if you wish to update, else creates new
bool$user,.True for user, false for customer
Returns:
mixed, true if sucessful, false if unsucessful or -1 if connection to LDAP server failed
Return values:
0the credentials were wrong or the user was not found.
1to indicate user is authenticated and allowed to continue.

Definition at line 517 of file ldap.inc.php.

References $_SESSION, $CONFIG, $id, $ldap_conn, $password, $user, $username, debug_log(), E_USER_ERROR, ldap_getDetails(), ldap_storeDetails(), and ldapOpen().

Referenced by authenticate(), authenticateContact(), and ldapImportCustomerFromEmail().

{
    debug_log("authenticateLDAP {$username}", TRUE);

    global $CONFIG;

    $toReturn = false;
    $ldap_conn = ldapOpen();

    if ($ldap_conn != -1)
    {
       /*
        * Search for user DN
        * Authenticate
        * Verify roles
        */
        $entry = ldap_getDetails($username, $searchOnEmail, $ldap_conn);
        
        if (!$entry)
        {
            // Multiple or zero
            trigger_error("Unable to locate user", E_USER_ERROR);
            $toReturn = false;
        }
        else
        {
            // just one
            debug_log("One entry found", TRUE);

            $_SESSION['ldap_user_dn'] = ldap_get_dn($ldap_conn, $entry);
            $user_attributes = ldap_get_attributes($ldap_conn, $entry);

            $toReturn = ldap_storeDetails($password, $id, $user, $populateOnly, $ldap_conn, $user_attributes);
        }
    }
    else
    {
        $toReturn = -1;
    }

    @ldap_close($ldap_conn);

    return $toReturn;
}
ldap_getDetails ( username,
searchOnEmail,
&$  ldap_conn 
)
Author:
Paul Heaney
Todo:
TODO document this function

Definition at line 457 of file ldap.inc.php.

References $base, $CONFIG, $filter, $ldap_conn, $ldap_vars, $username, debug_log(), and E_USER_ERROR.

Referenced by authenticateLDAP(), and saction_ldapSync().

{
    global $CONFIG, $ldap_vars;
    $toReturn = false;

    $base = $CONFIG['ldap_user_base']; 

    if (strpos($username, ",") != FALSE)
    {
        $filter = "(ObjectClass={$CONFIG['ldap_userobjecttype']})";
        $base = $username;
    }
    else if (!$searchOnEmail)
    {
        $filter = "(&(ObjectClass={$CONFIG['ldap_userobjecttype']})({$CONFIG['ldap_userattribute']}={$username}))";
    }
    else
    {
        $filter = "(&(ObjectClass={$CONFIG['ldap_userobjecttype']})({$CONFIG['ldap_email']}={$username}))";
    }

    foreach ($ldap_vars AS $var)
    {
        $attributes[] = $CONFIG[strtolower("ldap_{$var}")];
    }

    debug_log("LDAP Filter: {$filter}", TRUE);
    debug_log("LDAP Base: {$base}", TRUE);
    $sr = ldap_search($ldap_conn, $base, $filter, $attributes);
    
    if (ldap_count_entries($ldap_conn, $sr) != 1)
    {
        // Multiple or zero
        trigger_error("LDAP unable to locate object: '$username', or multiple matches where found. filter: {$filter}", E_USER_ERROR);
        $toReturn = false;
    }
    else
    {            
        // just one
        debug_log("LDAP got details for object: '$username'", TRUE);
        $toReturn  = ldap_first_entry($ldap_conn, $sr);
    }

    return $toReturn;
}
ldap_is_account_disabled ( attribute)

Function to identify whether a user account is disabled handles bit mask filter used by AD

Parameters:
mixed$attributeString or integer value representing the login disabled attribute in LDAP
Returns:
bool TRUE for disabled, false otherwise
Author:
Paul Heaney

Definition at line 822 of file ldap.inc.php.

References $CONFIG.

Referenced by saction_ldapSync().

{
    global $CONFIG;
    
    if ($CONFIG['ldap_type'] == 'AD')
    {
        // Need to use mask
        if ($attribute & $CONFIG['ldap_logindisabledvalue'])
        {
            return true;
        }
        else
        {
            return false;
        }
    }
    else
    {
        if (strtolower($attribute) != strtolower($CONFIG['ldap_logindisabledvalue']))
        {
            return true;
        }
        else
        {
            return false;
        }
    }
}
ldap_storeDetails ( password,
id = 0,
user = TRUE,
populateOnly = FALSE,
&$  ldap_conn,
user_attributes 
)
Author:
Paul Heaney
Todo:
TODO document this function

Definition at line 239 of file ldap.inc.php.

References $_SESSION, $CONFIG, $contact, $filter, $id, $ldap_conn, $password, $result, $status, $user, debug_log(), elseif, and ldapOpen().

Referenced by authenticateLDAP(), and saction_ldapSync().

{
    global $CONFIG;
    $toReturn = false;

    if ($populateOnly)
    {
        $user_bind = true;
    }
    else
    {
        // Authentocate
        $user_bind = @ldap_bind($ldap_conn, $_SESSION['ldap_user_dn'], $password);
    }
    
    if (!$user_bind)
    {
        // Auth failed
        debug_log("LDAP Invalid credentials {$_SESSION['ldap_user_dn']}", TRUE);
        $toReturn = false;
    }
    else
    {
        // Sucessfull
        debug_log("LDAP Valid Credentials", TRUE);
        $usertype = LDAP_INVALID_USER;

        if ($CONFIG['ldap_grponuser'])
        {
            if (is_array($user_attributes[$CONFIG['ldap_grpattributeuser']]))
            {
                // Group stored on user
                foreach ($user_attributes[$CONFIG['ldap_grpattributeuser']] AS $group)
                {
                    if ($user)
                    {
                        // User/Staff
                        // NOTE: we dont have to check about overwriting ADMIN type as we break
                        if (strtolower($group) == strtolower($CONFIG['ldap_admin_group']))
                        {
                            $usertype = LDAP_USERTYPE_ADMIN;
                            break;
                        }
                        elseif (strtolower($group) == strtolower($CONFIG['ldap_manager_group']))
                        {
                            $usertype = LDAP_USERTYPE_MANAGER;
                        }
                        elseif (strtolower($group) == strtolower($CONFIG['ldap_user_group']))
                        {
                            if ($usertype != LDAP_USERTYPE_MANAGER) $usertype = LDAP_USERTYPE_USER;
                        }
                    }
                    else
                    {
                        //Customer
                        if (strtolower($group) == strtolower($CONFIG['ldap_customer_group']))
                        {
                            $usertype = LDAP_USERTYPE_CUSTOMER;
                            break;
                        }
                    }
                }
            }
        }
        else
        {
            ldap_close($ldap_conn);
            $ldap_conn = ldapOpen(); // Need to get an admin thread

            if ($CONFIG['ldap_grpfulldn'])
            {
                $filter = "(&(objectClass={$CONFIG['ldap_grpobjecttype']})({$CONFIG['ldap_grpattributegrp']}={$_SESSION['ldap_user_dn']}))";
            }
            else
            {
                $filter = "(&(objectClass={$CONFIG['ldap_grpobjecttype']})({$CONFIG['ldap_grpattributegrp']}={$user_attributes[$CONFIG['ldap_userattribute']][0]}))";
            }


            if ($user)
            {
                debug_log("USER: {$filter}" , TRUE);
                /*
                 * Locate
                 */
                if (ldap_count_entries($ldap_conn, ldap_search($ldap_conn, $CONFIG['ldap_admin_group'], $filter)))
                {
                    $usertype = LDAP_USERTYPE_ADMIN;
                    debug_log("ADMIN", TRUE);
                }
                elseif (ldap_count_entries($ldap_conn, ldap_search($ldap_conn, $CONFIG['ldap_manager_group'], $filter)))
                {
                    $usertype = LDAP_USERTYPE_MANAGER;
                    debug_log("MANAGER", TRUE);
                }
                elseif (ldap_count_entries($ldap_conn, ldap_search($ldap_conn, $CONFIG['ldap_user_group'], $filter)))
                {
                    $usertype = LDAP_USERTYPE_USER;
                    debug_log("USER", TRUE);
                }
                else
                {
                    debug_log("INVALID USER", TRUE);
                }
            }
            else
            {
                // get back customer group
                $result = ldap_search($ldap_conn, $CONFIG['ldap_customer_group'], $filter);
                if (ldap_count_entries($ldap_conn, $result))
                {
                    $usertype = LDAP_USERTYPE_CUSTOMER;
                    debug_log("CUSTOMER", TRUE);
                }
                else
                {
                    debug_log("INVALID CUSTOMER", TRUE);
                }
            }
        }

        if ($usertype != LDAP_INVALID_USER AND $user)
        {
            // get attributes
            $user = new User();
            $user->username = $user_attributes[$CONFIG['ldap_userattribute']][0];
            if ($CONFIG['ldap_cache_passwords']) $user->password = $password;
            $user->realname = $user_attributes[$CONFIG['ldap_realname']][0];
            $user->jobtitle = $user_attributes[$CONFIG['ldap_jobtitle']][0];
            $user->email = $user_attributes[$CONFIG['ldap_email']][0];
            $user->phone = $user_attributes[$CONFIG['ldap_telephone']][0];
            $user->mobile = $user_attributes[$CONFIG['ldap_mobile']][0];
            $user->fax = $user_attributes[$CONFIG['ldap_fax']][0];
            $user->message = $user_attributes[$CONFIG['ldap_description']][0];
            $user->source = 'ldap';

            // TODO FIXME this doesn't take into account custom roles'
            switch ($usertype)
            {
                case LDAP_USERTYPE_ADMIN:
                    $user->roleid =  1;
                    break;
                case LDAP_USERTYPE_MANAGER:
                    $user->roleid = 2;
                    break;
                default:
                    $user->roleid = 3;
            }

            if ($id == 0)
            {
                $user->status = $CONFIG['ldap_default_user_status'];
                $user->holiday_entitlement = $CONFIG['default_entitlement'];
                $status = $user->add();
            }
            else
            {
                // Modify
                $user->id = $id;
                $status = $user->edit();
            }
            
            if ($status) $toReturn = true;
            else $toReturn = false;
        }
        elseif ($usertype == LDAP_USERTYPE_CUSTOMER AND !$user)
        {
            // Contact  
            debug_log("Adding contact TYPE {$usertype} USER {$user}", TRUE);
            debug_log("User attributes: ".print_r($user_attributes, TRUE), TRUE);
            $contact = new Contact();
            $contact->username = $user_attributes[$CONFIG['ldap_userattribute']][0];
            if ($CONFIG['ldap_cache_passwords']) $contact->password = $password;
            $contact->surname = $user_attributes[$CONFIG['ldap_surname']][0];
            $contact->forenames = $user_attributes[$CONFIG['ldap_forenames']][0];
            $contact->jobtitle = $user_attributes[$CONFIG['ldap_jobtitle']][0];
            $contact->email = $user_attributes[$CONFIG['ldap_email']][0];
            $contact->phone = $user_attributes[$CONFIG['ldap_telephone']][0];
            $contact->mobile = $user_attributes[$CONFIG['ldap_mobile']][0];
            $contact->fax = $user_attributes[$CONFIG['ldap_fax']][0];
            $contact->address1 = $user_attributes[$CONFIG['ldap_address1']][0];
            $contact->city = $user_attributes[$CONFIG['ldap_city']][0];
            $contact->county = $user_attributes[$CONFIG['ldap_county']][0];
            $contact->postcode = $user_attributes[$CONFIG['ldap_postcode']][0];
            $contact->courtesytitle = $user_attributes[$CONFIG['ldap_courtesytitle']][0];
            $contact->emailonadd = false;
            $contact->source = 'ldap';

            if ($id == 0)
            {
                // Set a couple of defaults on first login
                $contact->siteid = $CONFIG['ldap_default_customer_siteid'];
                $status = $contact->add();
            }
            else
            {
                debug_log("MODIFY CONTACT {$id}", TRUE);
                $contact->id = $id;
                $status = $contact->edit();
            }
            
            if ($status) $toReturn = true;
            else $toReturn = false;
        }
        else
        {
            $toReturn = false;
        }
    }
    
    return $toReturn;
}
ldapCheckGroupExists ( dn,
mapping 
)

Checks if a group exists in LDAP Paul Heaney

Parameters:
string$dnthe DN of the group to check it exists
string$mappingthe LDAP name mapping to use
Returns:
bool TRUE for exists, FALSE otherwise

Definition at line 681 of file ldap.inc.php.

References ldapCheckObjectExists().

{
    $toReturn = false;

    $mapping = strtoupper($mapping);

    $o = constant("LDAP_{$mapping}_GRPOBJECTTYPE");

    return ldapCheckObjectExists($dn, $o);
}
ldapCheckObjectExists ( dn,
objectType 
)

Checks if a object exists in LDAP Paul Heaney

Parameters:
string$dnthe DN of the object to check it exists
string$objectTypeThe type of object we are looking for
Returns:
bool TRUE for exists, FALSE otherwise

Definition at line 640 of file ldap.inc.php.

References $filter, $ldap_conn, debug_log(), and ldapOpen().

Referenced by ldapCheckGroupExists().

{
    $toReturn = false;

    $filter = "(ObjectClass={$objectType})";
    
    $ldap_conn = ldapOpen(); // Need to get an admin thread

    debug_log("LDAP Filter: {$filter}", TRUE);
    debug_log("LDAP Object: {$dn}", TRUE);

    // Need to surpress this error otherwise we get an warning cascaded back to the user rather than ours 
    $sr = @ldap_read($ldap_conn, $dn, $filter);
    if ($sr)
    {
        if (ldap_count_entries($ldap_conn, $sr) != 1)
        {
            // Multiple or zero
            $toReturn = false;
        }
        else
        {
            // just one
            $toReturn  = true;
        } 
    }
    else
    {
        $toReturn = false;
    }
    return $toReturn;
}
ldapGroupBrowse ( base,
ldap_host,
ldap_port,
ldap_type,
ldap_protocol,
ldap_security,
ldap_bind_user,
ldap_bind_pass 
)

Definition at line 693 of file ldap.inc.php.

References $base, $CONFIG, $filter, $j, $ldap_bind_pass, $ldap_bind_user, $ldap_conn, $ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_type, $return, $type, debug_log(), ldapNamingContexts(), and ldapOpen().

Referenced by ldapNamingContexts().

{
    global $CONFIG;
    
    debug_log("ldapGroupBrowse");
   
    $return = array();
    
    if (!empty($base))
    {
        $ldap_conn = ldapOpen($ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass);
        
         if ($ldap_conn != -1)
         {   
            if ($base == '[root]') $base = '';
            
            $groupObjType = constant("LDAP_{$ldap_type}_GRPOBJECTTYPE");
            $filter = "(|(objectClass=Organization)(objectClass=OrganizationalUnit)(objectClass=domain)(objectClass={$groupObjType}))";
            $attribs = array('dn', 'objectClass');
            debug_log("LDAP Filter: {$filter}", TRUE);
        
            $sr = ldap_list($ldap_conn, $base, $filter, $attribs);
            
            if ($sr)
            {
                $return[] = array('status' => 'ok');

                $entries = ldap_get_entries($ldap_conn, $sr);
        
                $a = array();
                
                for ($i = 0; $i < $entries['count']; $i++)
                {
                    $type = 'container'; 
                    for ($j = 0; $j < $entries[$i]['objectclass']['count']; $j++)
                    {
                        if (strtolower($entries[$i]['objectclass'][$j]) == strtolower($groupObjType))
                        {
                            $type = 'group';
                        }
                    }
                    
                    $name = explode(',', $entries[$i]['dn']);
                    $cn = explode('=', $name[0]);
                    
                    $return[] = array('dn' => $entries[$i]['dn'], 'cn' => $cn[1], 'type' => $type);
                }
            }
        }
        else
        {
            $return[] = array('status' => 'bad');
        }
    }
    else
    {
        $return = ldapNamingContexts($ldap_host, $ldap_port, $ldap_type, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass); 
    }
    
    
    return $return;
}
ldapImportCustomerFromEmail ( email)

Checks that the email address given is a contact that has not yet been imported into the DB, then imports them.

Author:
Lea Anthony
Parameters:
string$email,.Email
Returns:
An array of the user data (if found)

Definition at line 569 of file ldap.inc.php.

References $CONFIG, $email, $obj, $result, $sql, authenticateLDAP(), debug_log(), E_USER_WARNING, and elseif.

{
    global $CONFIG;
    $toReturn = false;

    /*
     * Check if contact exists
     * is contact sit
     *   return
     * if ldap enabled
     *   is contact ldap
     *     sync
     *   else
     *     try and find in LDAP
     * 
     */
     debug_log ("ldapImportCustomerFromEmail {$email}");
     if (!empty($email))
     {
        $sql = "SELECT id, username, contact_source FROM `{$GLOBALS['dbContacts']}` WHERE email = '{$email}'";
        debug_log($sql, TRUE);
        $result = mysql_query($sql);
        if (mysql_error()) trigger_error("MySQL Query Error ".mysql_error(), E_USER_WARNING);
        if (mysql_num_rows($result) == 1)
        {
            debug_log ("just one");
            // Can only deal with the case where one exists, if multiple contacts have the same email address its difficult to deal with
            $obj = mysql_fetch_object($result);

            if ($obj->contact_source == 'sit')
            {
                $toReturn = true;
            }
            elseif ($obj->contact_source == 'ldap')
            {
                if (authenticateLDAP($obj->username, '', $obj->id, false, true, false)) $toReturn = true;
            }
            else
            {
                // Exists but of some other type
                $toReturn = true;
            }
        }
        elseif (mysql_num_rows($result) > 1)
        {
            debug_log ("More than one contact was found in LDAP with this address '{$email}', not importing", TRUE);
            // Contact does exists with these details, just theres more than one of them
            $toReturn = true;
        }
        else
        {
            // Zero found
            if ($CONFIG['use_ldap'])
            {
                // Try and search
                if (authenticateLDAP($email, '', 0, false, true, true)) $toReturn = true;
            }
        }
    }

    return $toReturn;
}
ldapNamingContexts ( ldap_host,
ldap_port,
ldap_type,
ldap_protocol,
ldap_security,
ldap_bind_user,
ldap_bind_pass 
)

Definition at line 757 of file ldap.inc.php.

References $filter, $ldap_bind_pass, $ldap_bind_user, $ldap_conn, $ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_type, $return, debug_log(), ldapGroupBrowse(), and ldapOpen().

Referenced by ldapGroupBrowse().

{
    debug_log("ldapNamingContexts");

    $ldap_conn = ldapOpen($ldap_host, $ldap_port, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass);

    $return = array();
    
    if ($ldap_conn != -1)
    {
        $filter = "(objectClass=*)";
        $attribs = array('namingContexts', 'rootDomainNamingContext', 'defaultNamingContext');
        
        debug_log("LDAP Filter: {$filter}", TRUE);
        
        $sr = ldap_read($ldap_conn, "", $filter, $attribs);

        if ($sr)
        {
            $return[] = array('status' => 'ok');
            $entries = ldap_get_entries($ldap_conn, $sr);
    
            if (!empty($entries[0]['defaultnamingcontext']))
            {
                $return[] = array('dn' => $entries[0]['defaultnamingcontext'][0], 'cn' => $entries[0]['defaultnamingcontext'][0], 'type' => 'container');
            }
            else if (!empty($entries[0]['rootdomainnamingcontext']))
            {
                $return[] = array('dn' => $entries[0]['rootdomainnamingcontext'][0], 'cn' => $entries[0]['rootdomainnamingcontext'][0], 'type' => 'container');
            }
            else
            {
                for ($i = 0; $i < $entries[0]['namingcontexts']['count']; $i++)
                {
                    if (empty($entries[0]['namingcontexts'][$i]))
                    {
                        $return = ldapGroupBrowse('[root]', $ldap_host, $ldap_port, $ldap_type, $ldap_protocol, $ldap_security, $ldap_bind_user, $ldap_bind_pass);
                        break;
                    }
                    else
                    {
                        $return[] = array('dn' => $entries[0]['namingcontexts'][$i], 'cn' => $entries[0]['namingcontexts'][$i], 'type' => 'container');
                    }
                }
            }
        }
    }
    else
    {
        $return[] = array('status' => 'connectfailed');
    }
    
    return $return;
}
if ($CONFIG['use_ldap']) ldapOpen ( host = '',
port = '',
protocol = '',
security = '',
user = '',
password = '' 
)

Opens a connection to the LDAP host

Author:
Lea Anthony
Returns:
the handle of the opened connection

Definition at line 161 of file ldap.inc.php.

References $CONFIG, $ldap_conn, $password, $user, debug_log(), E_USER_ERROR, and E_USER_WARNING.

Referenced by authenticateLDAP(), ldap_storeDetails(), ldapCheckObjectExists(), ldapGroupBrowse(), ldapNamingContexts(), and saction_ldapSync().

{
    debug_log("ldapOpen", TRUE);
    global $CONFIG, $ldap_conn;

    if (empty($host)) $host = $CONFIG['ldap_host'];
    if (empty($port)) $port = $CONFIG['ldap_port'];
    if (empty($protocol)) $protocol = $CONFIG['ldap_protocol'];
    if (empty($security)) $security = $CONFIG['ldap_security'];
    if (empty($user)) $user = $CONFIG['ldap_bind_user'];
    if (empty($password)) $password = $CONFIG['ldap_bind_pass'];

    // Use a default port if one isn't specified
    if (empty($port))
    {
        if ($security == 'SSL') $port = '636';
        else $port = '389';
    }

    $toReturn = -1;

    $ldap_url = "ldap://{$host}:{$port}";

    if ($security == 'SSL')
    {
        $ldap_url = "ldaps://{$host}:{$port}";
    }

    debug_log ("LDAP TYPE: {$CONFIG['ldap_type']}", TRUE);
    debug_log ("LDAP URL: {$ldap_url}", TRUE);
    $ldap_conn = @ldap_connect($ldap_url);


    if ($ldap_conn)
    {
        // Set protocol version
        ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $protocol);
        ldap_set_option($ldap_conn, LDAP_OPT_REFERRALS, 0);
    
        if ( $security == 'TLS' )
        {
            // Protocol V3 required for start_tls
            if ( $protocol == 3 )
            {
                if ( !ldap_start_tls($ldap_conn) )
                {
                    trigger_error("Ldap_start_tls failed", E_USER_ERROR);
                }
            }
            else
            {
                trigger_error("LDAP Protocol v3 required for TLS", E_USER_ERROR);
            }
        }
    
        if ( isset($user) && mb_strlen($user) > 0 )
        {
            $r = @ldap_bind($ldap_conn, $user, $password);
            if ( ! $r )
            {
                // Could not bind!
                trigger_error("Could not bind to LDAP server with credentials '{$user}'", E_USER_WARNING);
            }
            else
            {
                $toReturn = $ldap_conn;
            }
        }
    }

    return $toReturn;
}

Variable Documentation

if (realpath(__FILE__)==realpath($_SERVER['SCRIPT_FILENAME'])) $ldap_conn = ""

Definition at line 21 of file ldap.inc.php.

$ldap_vars
Initial value:
 array("SURNAME", "FORENAMES", "REALNAME", "JOBTITLE", "EMAIL", "MOBILE",
                    "TELEPHONE", "FAX", "DESCRIPTION", "GRPONUSER", "GRPFULLDN", "USERATTRIBUTE",
                    "USEROBJECTTYPE", "GRPOBJECTTYPE", "GRPATTRIBUTEUSER", "GRPATTRIBUTEGRP", 
                    "ADDRESS1", "CITY", "COUNTY", "POSTCODE", "COURTESYTITLE", "LOGINDISABLEDATTRIBUTE",
                    "LOGINDISABLEDVALUE")

Definition at line 136 of file ldap.inc.php.

Referenced by ldap_getDetails().