|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* LDAP Access
|
|
|
62b044 |
*
|
|
|
62b044 |
* --
|
|
|
62b044 |
* Alain Reguera Delgado <alain.reguera@gmail.com>
|
|
|
62b044 |
***/
|
|
|
62b044 |
|
|
|
62b044 |
class LDAP
|
|
|
62b044 |
{
|
|
|
62b044 |
public $this_conn;
|
|
|
62b044 |
public $this_host;
|
|
|
62b044 |
public $this_port;
|
|
|
62b044 |
public $this_rootdn;
|
|
|
62b044 |
public $this_rootpw;
|
|
|
62b044 |
public $this_authschema;
|
|
|
62b044 |
public $this_basedn;
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Class initialization
|
|
|
62b044 |
*/
|
|
|
62b044 |
function __construct()
|
|
|
62b044 |
{
|
|
|
62b044 |
// Initialize configuration values
|
|
|
62b044 |
$this->ldap_host = 'localhost';
|
|
|
62b044 |
$this->ldap_port = '389';
|
|
|
62b044 |
$this->ldap_rootdn = 'cn=manager,dc=example,dc=com';
|
|
|
62b044 |
$this->ldap_rootpw = '';
|
|
|
62b044 |
$this->ldap_authschema = '{MD5}';
|
|
|
62b044 |
$this->ldap_basedn = 'ou=people,dc=example,dc=com';
|
|
|
62b044 |
|
|
|
62b044 |
// Reinitialize configuration values
|
|
|
62b044 |
$config = array('ldap_host', 'ldap_port', 'ldap_rootdn',
|
|
|
62b044 |
'ldap_rootpw', 'ldap_authschema','ldap_basedn');
|
|
|
62b044 |
|
|
|
62b044 |
foreach ( $config as $param )
|
|
|
62b044 |
{
|
|
|
62b044 |
if ( ! isset($_SESSION[$param] ) )
|
|
|
62b044 |
{
|
|
|
62b044 |
$_SESSION[$param] = $this->$param;
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
$_SESSION[$param] = isset($_POST[$param])?$_POST[$param]:$_SESSION[$param];
|
|
|
62b044 |
|
|
|
62b044 |
$this->$param = $_SESSION[$param];
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
// Open connection against ldap server
|
|
|
62b044 |
if ( $this->ldap_host && $this->ldap_port )
|
|
|
62b044 |
{
|
|
|
62b044 |
$this->ldap_conn = ldap_connect( $this->ldap_host, $this->ldap_port );
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
// Set protocol version to use LDAPv3
|
|
|
62b044 |
ldap_set_option( $this->ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* LDAP configuration
|
|
|
62b044 |
*/
|
|
|
62b044 |
function get_configForm( $disabled = "" )
|
|
|
62b044 |
{
|
|
|
62b044 |
$htmlblock = array();
|
|
|
62b044 |
|
|
|
62b044 |
array_push( $htmlblock,
|
|
|
62b044 |
|
|
|
62b044 |
'LDAP configuration:', '',
|
|
|
62b044 |
|
|
|
62b044 |
'Host:',
|
|
|
62b044 |
'<input type="text" name="ldap_host" value="'. $this->ldap_host . '" ' . $disabled . ' />',
|
|
|
62b044 |
|
|
|
62b044 |
'Port:',
|
|
|
62b044 |
'<input type="text" name="ldap_port" value="' . $this->ldap_port.'" ' . $disabled . ' />',
|
|
|
62b044 |
|
|
|
62b044 |
'Bind DN:',
|
|
|
62b044 |
'<input type="text" name="ldap_rootdn" value="'. $this->ldap_rootdn .'" size="50" ' . $disabled . ' />',
|
|
|
62b044 |
|
|
|
62b044 |
'Base DN: ',
|
|
|
62b044 |
'<input type="text" name="ldap_basedn" value="' . $this->ldap_basedn . '" size="50" ' . $disabled . ' />',
|
|
|
62b044 |
|
|
|
62b044 |
'Bind Password: ',
|
|
|
62b044 |
'<input type="password" name="ldap_rootpw" value="' . $this->ldap_rootpw.'" ' . $disabled . ' />',
|
|
|
62b044 |
|
|
|
62b044 |
|
|
|
62b044 |
'Schema: ',
|
|
|
62b044 |
'',
|
|
|
62b044 |
'<select name="ldap_authschema" ' . $disabled . '>',
|
|
|
62b044 |
'<option value="{MD5}">{MD5}</option>',
|
|
|
62b044 |
'<option value="{SHA}">{SHA}</option>',
|
|
|
62b044 |
'</select>',
|
|
|
62b044 |
'',
|
|
|
62b044 |
|
|
|
62b044 |
'');
|
|
|
62b044 |
|
|
|
62b044 |
return $htmlblock;
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Verify configuration
|
|
|
62b044 |
*/
|
|
|
62b044 |
function verify_configuration()
|
|
|
62b044 |
{
|
|
|
62b044 |
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Bind to LDAP server
|
|
|
62b044 |
*/
|
|
|
62b044 |
function do_bind()
|
|
|
62b044 |
{
|
|
|
62b044 |
return ldap_bind( $this->ldap_conn, $this->ldap_rootdn, $this->ldap_rootpw );
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Verify LDAP uid's value uniqness
|
|
|
62b044 |
*/
|
|
|
62b044 |
function is_uid_present( $uid )
|
|
|
62b044 |
{
|
|
|
62b044 |
$filter = 'uid=' . $uid;
|
|
|
62b044 |
$result = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);
|
|
|
62b044 |
$entry = ldap_get_entries( $this->ldap_conn, $result);
|
|
|
62b044 |
|
|
|
62b044 |
if ( $uid != '' && $entry['count'] == 1 )
|
|
|
62b044 |
{
|
|
|
62b044 |
return true;
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
return false;
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Prepare LDAP userPassword attribute
|
|
|
62b044 |
*/
|
|
|
62b044 |
function prepare_userpassword( $userpassword )
|
|
|
62b044 |
{
|
|
|
62b044 |
$dirty['userpassword'] = $userpassword;
|
|
|
62b044 |
$clean['userpassword'] = '';
|
|
|
62b044 |
|
|
|
62b044 |
switch ( $this->ldap_authschema )
|
|
|
62b044 |
{
|
|
|
62b044 |
case '{MD5}':
|
|
|
62b044 |
$clean['userpassword'] = '{MD5}' . base64_encode( pack( 'H*', md5( $dirty['userpassword'] ) ) );
|
|
|
62b044 |
break;
|
|
|
62b044 |
|
|
|
62b044 |
case '{SHA}':
|
|
|
62b044 |
$clean['userpassword'] = '{SHA}' . base64_encode( pack( 'H*', sha1( $dirty['userpassword'] ) ) );
|
|
|
62b044 |
break;
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
return $clean['userpassword'];
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Add User
|
|
|
62b044 |
*/
|
|
|
62b044 |
function add_User( $entry )
|
|
|
62b044 |
{
|
|
|
62b044 |
$this_entry = array();
|
|
|
62b044 |
|
|
|
62b044 |
// Define user DN
|
|
|
62b044 |
$dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;
|
|
|
62b044 |
|
|
|
62b044 |
// Remove user if exists
|
|
|
62b044 |
if ( $this->is_uid_present( $entry['uname'] ) === true )
|
|
|
62b044 |
{
|
|
|
62b044 |
$this->delete_User( $entry );
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
// Prepare userPassword and other attributes for insertion in LDAP directory.
|
|
|
62b044 |
$this_entry['objectclass'] = 'inetOrgPerson';
|
|
|
62b044 |
$this_entry['cn'] = $entry['name'];
|
|
|
62b044 |
$this_entry['mail'] = $entry['email'];
|
|
|
62b044 |
$this_entry['userpassword'] = $this->prepare_userpassword($entry['pass']);
|
|
|
62b044 |
$this_entry['sn'] = preg_replace('/^([a-zA-Z0-9_]+ ?)/','', $this_entry['cn']);
|
|
|
62b044 |
$this_entry['uid'][0] = $this_entry['mail'];
|
|
|
62b044 |
$this_entry['uid'][1] = $entry['uname'];
|
|
|
62b044 |
$this_entry['displayname'] = $entry['uname'];
|
|
|
62b044 |
$this_entry['employeetype'] = 'writer';
|
|
|
62b044 |
$this_entry['preferredlanguage'] = 'en';
|
|
|
62b044 |
|
|
|
62b044 |
if ( $this->do_bind() && ldap_add( $this->ldap_conn, $dn, $this_entry ))
|
|
|
62b044 |
{
|
|
|
62b044 |
return true;
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
return false;
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Delete User
|
|
|
62b044 |
*/
|
|
|
62b044 |
function delete_User( $entry )
|
|
|
62b044 |
{
|
|
|
62b044 |
// Define user DN
|
|
|
62b044 |
$dn = 'uid=' . $entry['email'] . ',' . $this->ldap_basedn;
|
|
|
62b044 |
|
|
|
62b044 |
if ( $this->do_bind() && ldap_delete( $this->ldap_conn, $dn ) )
|
|
|
62b044 |
{
|
|
|
62b044 |
return true;
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
return false;
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Update LDAP userPassword only.
|
|
|
62b044 |
*/
|
|
|
62b044 |
function update_userPassword( $dn, $userPassword )
|
|
|
62b044 |
{
|
|
|
62b044 |
$entry = array('userpassword' => $userPassword );
|
|
|
62b044 |
|
|
|
62b044 |
if ( $this->do_bind() && ldap_modify( $this->ldap_conn, $dn, $entry) )
|
|
|
62b044 |
{
|
|
|
62b044 |
return true;
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
return false;
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Get LDAP user list
|
|
|
62b044 |
* ----------------------------------------------------
|
|
|
62b044 |
* 1. Show a form with a list of all users inserted from xoops.users table.
|
|
|
62b044 |
* 2. Generate random passwords for each user and codify them into
|
|
|
62b044 |
* userPassword format.
|
|
|
62b044 |
* 3. Real passwords are not displayed.
|
|
|
62b044 |
*/
|
|
|
62b044 |
function get_userList()
|
|
|
62b044 |
{
|
|
|
62b044 |
global $newbb_to_phpbb;
|
|
|
62b044 |
global $mail;
|
|
|
62b044 |
|
|
|
62b044 |
// Get users from LDAP server
|
|
|
62b044 |
$filter = 'objectclass=inetorgperson';
|
|
|
62b044 |
$result = ldap_search( $this->ldap_conn, $this->ldap_basedn, $filter);
|
|
|
62b044 |
$users = ldap_get_entries( $this->ldap_conn, $result );
|
|
|
62b044 |
|
|
|
62b044 |
$htmlblock = array(''.$users['count'].' password(s) reset under: '.$this->ldap_basedn.' ',
|
|
|
62b044 |
'',
|
|
|
62b044 |
'',
|
|
|
62b044 |
'DN',
|
|
|
62b044 |
'CN',
|
|
|
62b044 |
'NewPass',
|
|
|
62b044 |
'userPassword',
|
|
|
62b044 |
'Password Updated',
|
|
|
62b044 |
'Email Notification',
|
|
|
62b044 |
'');
|
|
|
62b044 |
|
|
|
62b044 |
for ($i = 0; $i < $users['count']; $i++)
|
|
|
62b044 |
{
|
|
|
62b044 |
// Reset userPassword value in a random manner
|
|
|
62b044 |
$newPassword = $newbb_to_phpbb->get_randomPass();
|
|
|
62b044 |
$userPassword = $this->prepare_userpassword($newPassword);
|
|
|
62b044 |
|
|
|
62b044 |
array_push($htmlblock, '',
|
|
|
62b044 |
'' . $users[$i]['dn'] . '',
|
|
|
62b044 |
'' . $users[$i]['cn'][0] . '',
|
|
|
62b044 |
'' . $newPassword . '',
|
|
|
62b044 |
'' . $userPassword . '');
|
|
|
62b044 |
|
|
|
62b044 |
// Update LDAP userPassword field
|
|
|
62b044 |
if ( $this->update_userPassword( $users[$i]['dn'], $userPassword ) === true )
|
|
|
62b044 |
{
|
|
|
62b044 |
array_push($htmlblock,'YES');
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
array_push($htmlblock,'NO');
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
// Send email notification
|
|
|
62b044 |
$info = array('mailto' => $users[$i]['mail'][0],
|
|
|
62b044 |
'cn' => $users[$i]['cn'][0],
|
|
|
62b044 |
'dn' => $users[$i]['dn'],
|
|
|
62b044 |
'uid1' => $users[$i]['uid'][0],
|
|
|
62b044 |
'uid2' => $users[$i]['uid'][1],
|
|
|
62b044 |
'sn' => $users[$i]['sn'][0],
|
|
|
62b044 |
'employeetype' => $users[$i]['employeetype'][0],
|
|
|
62b044 |
'preferredlanguage' => $users[$i]['preferredlanguage'][0],
|
|
|
62b044 |
'displayname' => $users[$i]['displayname'][0],
|
|
|
62b044 |
'userpassword' => $newPassword);
|
|
|
62b044 |
if ( $mail->send( $info ) === true )
|
|
|
62b044 |
{
|
|
|
62b044 |
array_push($htmlblock,'SENT');
|
|
|
62b044 |
}
|
|
|
62b044 |
else
|
|
|
62b044 |
{
|
|
|
62b044 |
array_push($htmlblock,'NOT SENT');
|
|
|
62b044 |
}
|
|
|
62b044 |
array_push($htmlblock,'');
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
array_push($htmlblock,'');
|
|
|
62b044 |
|
|
|
62b044 |
return $htmlblock;
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
/***
|
|
|
62b044 |
* Class destruct
|
|
|
62b044 |
*/
|
|
|
62b044 |
function __destruct()
|
|
|
62b044 |
{
|
|
|
62b044 |
if ( isset( $this->ldap_conn ) )
|
|
|
62b044 |
{
|
|
|
62b044 |
ldap_unbind( $this->ldap_conn );
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
}
|
|
|
62b044 |
|
|
|
62b044 |
$ldap = new LDAP;
|
|
|
62b044 |
?>
|