Advertisement
Guest User

LDAP PHP 2

a guest
Jul 17th, 2012
95
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. function getDN($ad, $samaccountname, $basedn) {
  2.     $attributes = array('dn');
  3.     $result = ldap_search($ad, $basedn,
  4.         "(samaccountname={$samaccountname})", $attributes);
  5.     if ($result === FALSE) { return ''; }
  6.     $entries = ldap_get_entries($ad, $result);
  7.     if ($entries['count']>0) { return $entries[0]['dn']; }
  8.     else { return ''; };
  9. }
  10.  
  11. /*
  12. * This function retrieves and returns CN from given DN
  13. */
  14. function getCN($dn) {
  15.     preg_match('/[^,]*/', $dn, $matchs, PREG_OFFSET_CAPTURE, 3);
  16.     return $matchs[0][0];
  17. }
  18.  
  19. /*
  20. * This function checks group membership of the user, searching only
  21. * in specified group (not recursively).
  22. */
  23. function checkGroup($ad, $userdn, $groupdn) {
  24.     $attributes = array('members');
  25.     $result = ldap_read($ad, $userdn, "(memberof={$groupdn})", $attributes);
  26.     if ($result === FALSE) { return FALSE; };
  27.     $entries = ldap_get_entries($ad, $result);
  28.     return ($entries['count'] > 0);
  29. }
  30.  
  31. /*
  32. * This function checks group membership of the user, searching
  33. * in specified group and groups which is its members (recursively).
  34. */
  35. function checkGroupEx($ad, $userdn, $groupdn) {
  36.     $attributes = array('memberof');
  37.     $result = ldap_read($ad, $userdn, '(objectclass=*)', $attributes);
  38.     if ($result === FALSE) { return FALSE; };
  39.     $entries = ldap_get_entries($ad, $result);
  40.     if ($entries['count'] <= 0) { return FALSE; };
  41.     if (empty($entries[0]['memberof'])) { return FALSE; } else {
  42.         for ($i = 0; $i < $entries[0]['memberof']['count']; $i++) {
  43.             if ($entries[0]['memberof'][$i] == $groupdn) { return TRUE; }
  44.             elseif (checkGroupEx($ad, $entries[0]['memberof'][$i], $groupdn)) { return TRUE; };
  45.         };
  46.     };
  47.     return FALSE;
  48. }
  49.  
  50. $ad = ldap_connect("ldap://{$host}.{$domain}") or die('Could not connect to LDAP server.');
  51. ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
  52. ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
  53. ldap_bind($ad, "{$username}@{$domain}", $password) or die('Could not bind to AD.');         $userdn = getDN($ad, $username, $basedn);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement