SHOW:
|
|
- or go back to the newest paste.
| 1 | function getDN($ad, $samaccountname, $basedn) {
| |
| 2 | $attributes = array('dn');
| |
| 3 | $result = ldap_search($ad, $basedn, | |
| 4 | "(samaccountname={$samaccountname})", $attributes);
| |
| 5 | if ($result === FALSE) { return ''; }
| |
| 6 | $entries = ldap_get_entries($ad, $result); | |
| 7 | if ($entries['count']>0) { return $entries[0]['dn']; }
| |
| 8 | else { return ''; };
| |
| 9 | } | |
| 10 | ||
| 11 | /* | |
| 12 | * This function retrieves and returns CN from given DN | |
| 13 | */ | |
| 14 | function getCN($dn) {
| |
| 15 | preg_match('/[^,]*/', $dn, $matchs, PREG_OFFSET_CAPTURE, 3);
| |
| 16 | return $matchs[0][0]; | |
| 17 | } | |
| 18 | ||
| 19 | /* | |
| 20 | * This function checks group membership of the user, searching only | |
| 21 | * in specified group (not recursively). | |
| 22 | */ | |
| 23 | function checkGroup($ad, $userdn, $groupdn) {
| |
| 24 | $attributes = array('members');
| |
| 25 | $result = ldap_read($ad, $userdn, "(memberof={$groupdn})", $attributes);
| |
| 26 | if ($result === FALSE) { return FALSE; };
| |
| 27 | $entries = ldap_get_entries($ad, $result); | |
| 28 | return ($entries['count'] > 0); | |
| 29 | } | |
| 30 | ||
| 31 | /* | |
| 32 | * This function checks group membership of the user, searching | |
| 33 | * in specified group and groups which is its members (recursively). | |
| 34 | */ | |
| 35 | function checkGroupEx($ad, $userdn, $groupdn) {
| |
| 36 | $attributes = array('memberof');
| |
| 37 | $result = ldap_read($ad, $userdn, '(objectclass=*)', $attributes); | |
| 38 | if ($result === FALSE) { return FALSE; };
| |
| 39 | $entries = ldap_get_entries($ad, $result); | |
| 40 | if ($entries['count'] <= 0) { return FALSE; };
| |
| 41 | if (empty($entries[0]['memberof'])) { return FALSE; } else {
| |
| 42 | for ($i = 0; $i < $entries[0]['memberof']['count']; $i++) {
| |
| 43 | if ($entries[0]['memberof'][$i] == $groupdn) { return TRUE; }
| |
| 44 | elseif (checkGroupEx($ad, $entries[0]['memberof'][$i], $groupdn)) { return TRUE; };
| |
| 45 | }; | |
| 46 | }; | |
| 47 | return FALSE; | |
| 48 | - | } |
| 48 | + | |
| 49 | ||
| 50 | $ad = ldap_connect("ldap://{$host}.{$domain}") or die('Could not connect to LDAP server.');
| |
| 51 | ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); | |
| 52 | ldap_set_option($ad, LDAP_OPT_REFERRALS, 0); | |
| 53 | ldap_bind($ad, "{$username}@{$domain}", $password) or die('Could not bind to AD.'); $userdn = getDN($ad, $username, $basedn); |
