SHOW:
|
|
- or go back to the newest paste.
1 | function getDN($ad, $samaccountname, $basedn) { | |
2 | $attributes = array('dn'); | |
3 | $result = ldap_search($ad, $basedn, | |
4 | "(samaccountname={$samaccountname})", $attributes); | |
5 | if ($result === FALSE) { return ''; } | |
6 | $entries = ldap_get_entries($ad, $result); | |
7 | if ($entries['count']>0) { return $entries[0]['dn']; } | |
8 | else { return ''; }; | |
9 | } | |
10 | ||
11 | /* | |
12 | * This function retrieves and returns CN from given DN | |
13 | */ | |
14 | function getCN($dn) { | |
15 | preg_match('/[^,]*/', $dn, $matchs, PREG_OFFSET_CAPTURE, 3); | |
16 | return $matchs[0][0]; | |
17 | } | |
18 | ||
19 | /* | |
20 | * This function checks group membership of the user, searching only | |
21 | * in specified group (not recursively). | |
22 | */ | |
23 | function checkGroup($ad, $userdn, $groupdn) { | |
24 | $attributes = array('members'); | |
25 | $result = ldap_read($ad, $userdn, "(memberof={$groupdn})", $attributes); | |
26 | if ($result === FALSE) { return FALSE; }; | |
27 | $entries = ldap_get_entries($ad, $result); | |
28 | return ($entries['count'] > 0); | |
29 | } | |
30 | ||
31 | /* | |
32 | * This function checks group membership of the user, searching | |
33 | * in specified group and groups which is its members (recursively). | |
34 | */ | |
35 | function checkGroupEx($ad, $userdn, $groupdn) { | |
36 | $attributes = array('memberof'); | |
37 | $result = ldap_read($ad, $userdn, '(objectclass=*)', $attributes); | |
38 | if ($result === FALSE) { return FALSE; }; | |
39 | $entries = ldap_get_entries($ad, $result); | |
40 | if ($entries['count'] <= 0) { return FALSE; }; | |
41 | if (empty($entries[0]['memberof'])) { return FALSE; } else { | |
42 | for ($i = 0; $i < $entries[0]['memberof']['count']; $i++) { | |
43 | if ($entries[0]['memberof'][$i] == $groupdn) { return TRUE; } | |
44 | elseif (checkGroupEx($ad, $entries[0]['memberof'][$i], $groupdn)) { return TRUE; }; | |
45 | }; | |
46 | }; | |
47 | return FALSE; | |
48 | - | } |
48 | + | |
49 | ||
50 | $ad = ldap_connect("ldap://{$host}.{$domain}") or die('Could not connect to LDAP server.'); | |
51 | ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); | |
52 | ldap_set_option($ad, LDAP_OPT_REFERRALS, 0); | |
53 | ldap_bind($ad, "{$username}@{$domain}", $password) or die('Could not bind to AD.'); $userdn = getDN($ad, $username, $basedn); |