function getDN($ad, $samaccountname, $basedn) {
$attributes = array('dn');
$result = ldap_search($ad, $basedn,
"(samaccountname={$samaccountname})", $attributes);
if ($result === FALSE) { return ''; }
$entries = ldap_get_entries($ad, $result);
if ($entries['count']>0) { return $entries[0]['dn']; }
else { return ''; };
}
/*
* This function retrieves and returns CN from given DN
*/
function getCN($dn) {
preg_match('/[^,]*/', $dn, $matchs, PREG_OFFSET_CAPTURE, 3);
return $matchs[0][0];
}
/*
* This function checks group membership of the user, searching only
* in specified group (not recursively).
*/
function checkGroup($ad, $userdn, $groupdn) {
$attributes = array('members');
$result = ldap_read($ad, $userdn, "(memberof={$groupdn})", $attributes);
if ($result === FALSE) { return FALSE; };
$entries = ldap_get_entries($ad, $result);
return ($entries['count'] > 0);
}
/*
* This function checks group membership of the user, searching
* in specified group and groups which is its members (recursively).
*/
function checkGroupEx($ad, $userdn, $groupdn) {
$attributes = array('memberof');
$result = ldap_read($ad, $userdn, '(objectclass=*)', $attributes);
if ($result === FALSE) { return FALSE; };
$entries = ldap_get_entries($ad, $result);
if ($entries['count'] <= 0) { return FALSE; };
if (empty($entries[0]['memberof'])) { return FALSE; } else {
for ($i = 0; $i < $entries[0]['memberof']['count']; $i++) {
if ($entries[0]['memberof'][$i] == $groupdn) { return TRUE; }
elseif (checkGroupEx($ad, $entries[0]['memberof'][$i], $groupdn)) { return TRUE; };
};
};
return FALSE;
}
$ad = ldap_connect("ldap://{$host}.{$domain}") or die('Could not connect to LDAP server.');
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
ldap_bind($ad, "{$username}@{$domain}", $password) or die('Could not bind to AD.'); $userdn = getDN($ad, $username, $basedn);