Blame Scripts/Php/Newbb2Phpbb/classes/ldap.php

878a2b
878a2b
/***
878a2b
 * LDAP Access
878a2b
 *
878a2b
 * --
878a2b
 * Alain Reguera Delgado <alain.reguera@gmail.com>
878a2b
 ***/
878a2b
878a2b
class LDAP
878a2b
{
878a2b
    public $this_conn;
878a2b
    public $this_host;
878a2b
    public $this_port;
878a2b
    public $this_rootdn;
878a2b
    public $this_rootpw;
878a2b
    public $this_authschema;
878a2b
    public $this_basedn;
878a2b
878a2b
   /*** 
878a2b
    * Class initialization
878a2b
    */
878a2b
    function __construct()
878a2b
    {
878a2b
        // Initialize configuration values
878a2b
        $this->ldap_host       = 'localhost';
878a2b
        $this->ldap_port       = '389';
878a2b
        $this->ldap_rootdn     = 'cn=manager,dc=example,dc=com';
878a2b
        $this->ldap_rootpw     = '';
878a2b
        $this->ldap_authschema = '{MD5}';
878a2b
        $this->ldap_basedn     = 'ou=people,dc=example,dc=com'; 
878a2b
878a2b
        // Reinitialize configuration values
878a2b
        $config = array('ldap_host',   'ldap_port',      'ldap_rootdn', 
878a2b
                        'ldap_rootpw', 'ldap_authschema','ldap_basedn');
878a2b
878a2b
        foreach ( $config as $param )
878a2b
        {
878a2b
            if ( ! isset($_SESSION[$param] ) )
878a2b
            {
878a2b
                $_SESSION[$param] = $this->$param;
878a2b
            }   
878a2b
878a2b
            $_SESSION[$param] = isset($_POST[$param])?$_POST[$param]:$_SESSION[$param];
878a2b
878a2b
            $this->$param = $_SESSION[$param];
878a2b
        }
878a2b
878a2b
        // Open connection against ldap server
878a2b
        if ( $this->ldap_host && $this->ldap_port )
878a2b
        {
878a2b
            $this->ldap_conn = ldap_connect( $this->ldap_host, $this->ldap_port );
878a2b
        }
878a2b
878a2b
        // Set protocol version to use LDAPv3 
878a2b
        ldap_set_option( $this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
878a2b
    }
878a2b
878a2b
   /***
878a2b
    * LDAP configuration
878a2b
    */
878a2b
    function get_configForm( $disabled = "" )
878a2b
    {
878a2b
        $htmlblock = array();
878a2b
878a2b
        array_push( $htmlblock, 
878a2b
878a2b
        '

LDAP configuration:

', '
',
878a2b
        
878a2b
        '
Host:
',
878a2b
        '
<input type="text" name="ldap_host" value="'. $this->ldap_host . '" ' . $disabled . ' />
',
878a2b
        
878a2b
        '
Port:
',
878a2b
        '
<input type="text" name="ldap_port" value="' . $this->ldap_port.'" ' . $disabled . ' />
',
878a2b
        
878a2b
        '
Bind DN:
',
878a2b
        '
<input type="text" name="ldap_rootdn" value="'. $this->ldap_rootdn .'" size="50" ' . $disabled . ' />
',
878a2b
        
878a2b
        '
Base DN:
',
878a2b
        '
<input type="text" name="ldap_basedn" value="' . $this->ldap_basedn . '" size="50" ' . $disabled . ' />
',
878a2b
        
878a2b
        '
Bind Password:
',
878a2b
        '
<input type="password" name="ldap_rootpw" value="' . $this->ldap_rootpw.'" ' . $disabled . ' />
',
878a2b
        
878a2b
        
878a2b
        '
Schema:
',
878a2b
        '
',
878a2b
        '<select name="ldap_authschema" ' . $disabled . '>',
878a2b
        '<option value="{MD5}">{MD5}</option>',
878a2b
        '<option value="{SHA}">{SHA}</option>',
878a2b
        '</select>',
878a2b
        '',
878a2b
        
878a2b
        '');
878a2b
878a2b
        return $htmlblock;
878a2b
    }
878a2b
878a2b
878a2b
   /***
878a2b
    * Verify configuration
878a2b
    */
878a2b
    function verify_configuration()
878a2b
    {
878a2b
    
878a2b
    }
878a2b
878a2b
   /***
878a2b
    * Bind to LDAP server
878a2b
    */
878a2b
    function do_bind()
878a2b
    {
878a2b
        return ldap_bind( $this->ldap_conn, $this->ldap_rootdn, $this->ldap_rootpw );
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Verify LDAP uid's value uniqness
878a2b
    */
878a2b
    function is_uid_present( $uid )
878a2b
    {
878a2b
        $filter     = 'uid=' . $uid;
878a2b
        $result     = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);
878a2b
        $entry      = ldap_get_entries( $this->ldap_conn, $result);
878a2b
878a2b
        if ( $uid != '' && $entry['count'] == 1 )
878a2b
        {
878a2b
            return true;
878a2b
        }
878a2b
        else
878a2b
        {
878a2b
            return false;
878a2b
        }
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Prepare LDAP userPassword attribute
878a2b
    */
878a2b
    function prepare_userpassword( $userpassword )
878a2b
    {
878a2b
        $dirty['userpassword'] = $userpassword;
878a2b
        $clean['userpassword'] = '';
878a2b
878a2b
        switch ( $this->ldap_authschema )
878a2b
        {
878a2b
            case '{MD5}':
878a2b
            $clean['userpassword'] = '{MD5}' . base64_encode( pack( 'H*', md5( $dirty['userpassword'] ) ) );
878a2b
            break;
878a2b
    
878a2b
            case '{SHA}':
878a2b
            $clean['userpassword'] = '{SHA}' . base64_encode( pack( 'H*', sha1( $dirty['userpassword'] ) ) );
878a2b
            break;
878a2b
        }
878a2b
878a2b
        return $clean['userpassword'];
878a2b
    }
878a2b
878a2b
878a2b
   /*** 
878a2b
    * Add User
878a2b
    */
878a2b
    function add_User( $entry )
878a2b
    {
878a2b
        $this_entry = array();
878a2b
878a2b
        // Define user DN
878a2b
        $dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;
878a2b
                
878a2b
        // Remove user if exists
878a2b
        if ( $this->is_uid_present( $entry['uname'] ) === true )
878a2b
        {
878a2b
            $this->delete_User( $entry );
878a2b
        }
878a2b
878a2b
        // Prepare userPassword and other attributes for insertion in LDAP directory.
878a2b
        $this_entry['objectclass']  = 'inetOrgPerson';
878a2b
        $this_entry['cn']           = $entry['name'];
878a2b
        $this_entry['mail']         = $entry['email'];
878a2b
        $this_entry['userpassword'] = $this->prepare_userpassword($entry['pass']);
878a2b
        $this_entry['sn']           = preg_replace('/^([a-zA-Z0-9_]+ ?)/','', $this_entry['cn']);
878a2b
        $this_entry['uid'][0]       = $this_entry['mail'];
878a2b
        $this_entry['uid'][1]       = $entry['uname'];
878a2b
        $this_entry['displayname']  = $entry['uname'];
878a2b
        $this_entry['employeetype'] = 'writer';
878a2b
        $this_entry['preferredlanguage'] = 'en';
878a2b
878a2b
        if ( $this->do_bind() && ldap_add( $this->ldap_conn, $dn, $this_entry ))
878a2b
        {
878a2b
            return true; 
878a2b
        } 
878a2b
        else
878a2b
        {
878a2b
            return false;
878a2b
        }
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Delete User 
878a2b
    */
878a2b
    function delete_User( $entry )
878a2b
    {
878a2b
        // Define user DN
878a2b
        $dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;
878a2b
878a2b
        if ( $this->do_bind() && ldap_delete( $this->ldap_conn, $dn ) ) 
878a2b
        {
878a2b
            return true;
878a2b
        }
878a2b
        else
878a2b
        {
878a2b
            return false;
878a2b
        }
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Update LDAP userPassword only.
878a2b
    */
878a2b
    function update_userPassword( $dn, $userPassword )
878a2b
    {
878a2b
        $entry = array('userpassword' => $userPassword ); 
878a2b
878a2b
        if ( $this->do_bind() && ldap_modify( $this->ldap_conn, $dn, $entry) ) 
878a2b
        {
878a2b
            return true; 
878a2b
        }
878a2b
        else
878a2b
        {
878a2b
            return false; 
878a2b
        }
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Get LDAP user list 
878a2b
    * ----------------------------------------------------
878a2b
    * 1. Show a form with a list of all users inserted from xoops.users table.
878a2b
    * 2.  Generate random passwords for each user and codify them into
878a2b
    * userPassword format. 
878a2b
    * 3. Real passwords are not displayed.
878a2b
    */
878a2b
    function get_userList()
878a2b
    {
878a2b
        global $newbb_to_phpbb;
878a2b
        global $mail;
878a2b
878a2b
        // Get users from LDAP server
878a2b
        $filter = 'objectclass=inetorgperson';
878a2b
        $result = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);
878a2b
        $users = ldap_get_entries( $this->ldap_conn, $result );
878a2b
        
878a2b
        $htmlblock = array('

'.$users['count'].' password(s) reset under: '.$this->ldap_basedn.'

',
878a2b
                           '',
878a2b
                           '',
878a2b
                           'DN',
878a2b
                           'CN',
878a2b
                           'NewPass',
878a2b
                           'userPassword',
878a2b
                           'Password Updated',
878a2b
                           'Email Notification',
878a2b
                           '');
878a2b
878a2b
        for ($i = 0; $i < $users['count']; $i++)
878a2b
        {
878a2b
            // Reset userPassword value in a random manner
878a2b
            $newPassword = $newbb_to_phpbb->get_randomPass();
878a2b
            $userPassword = $this->prepare_userpassword($newPassword);
878a2b
878a2b
            array_push($htmlblock, '',
878a2b
                                   '' . $users[$i]['dn'] . '',
878a2b
                                   '' . $users[$i]['cn'][0] . '',
878a2b
                                   '' . $newPassword . '',
878a2b
                                   '' . $userPassword . '');
878a2b
878a2b
            // Update LDAP userPassword field
878a2b
            if ( $this->update_userPassword( $users[$i]['dn'], $userPassword ) === true )
878a2b
            {
878a2b
                array_push($htmlblock,'YES');
878a2b
            }
878a2b
            else
878a2b
            {
878a2b
                array_push($htmlblock,'NO');
878a2b
            }
878a2b
            
878a2b
            // Send email notification
878a2b
            $info = array('mailto'              => $users[$i]['mail'][0],
878a2b
                          'cn'                  => $users[$i]['cn'][0],
878a2b
                          'dn'                  => $users[$i]['dn'],
878a2b
                          'uid1'                => $users[$i]['uid'][0],
878a2b
                          'uid2'                => $users[$i]['uid'][1],
878a2b
                          'sn'                  => $users[$i]['sn'][0],
878a2b
                          'employeetype'        => $users[$i]['employeetype'][0],
878a2b
                          'preferredlanguage'   => $users[$i]['preferredlanguage'][0],
878a2b
                          'displayname'         => $users[$i]['displayname'][0],
878a2b
                          'userpassword'        => $newPassword);
878a2b
            if ( $mail->send( $info ) === true )
878a2b
            {
878a2b
                array_push($htmlblock,'SENT');
878a2b
            }
878a2b
            else
878a2b
            {
878a2b
                array_push($htmlblock,'NOT SENT');
878a2b
            }
878a2b
            array_push($htmlblock,'');
878a2b
        }
878a2b
         
878a2b
        array_push($htmlblock,'');
878a2b
878a2b
        return $htmlblock;
878a2b
    }
878a2b
878a2b
   /*** 
878a2b
    * Class destruct
878a2b
    */
878a2b
    function __destruct()
878a2b
    {
878a2b
        if ( isset( $this->ldap_conn ) ) 
878a2b
        {
878a2b
            ldap_unbind( $this->ldap_conn );
878a2b
        }
878a2b
    }
878a2b
}
878a2b
878a2b
$ldap = new LDAP;
878a2b
?>