<?php// error_reporting(E_ALL);// connect to ldap server$domain = "example.c

1. <?php
2. // error_reporting(E_ALL);
3.  
4. // connect to ldap server
5. $domain = "example.com";
6. $ldap = new LDAP();
7.  
8. class LDAP{
9. public $ldapconn = "";
10. public $ldap_sadmin;
11.  
12. function __construct(){
13. global $ldap_sadmin;
14. $this->ldap_sadmin = $ldap_sadmin;
15.  
16. $this->ldapconn = ldap_connect("ldap://" . $this->ldap_sadmin['ldapServer']) or die("Could not connect to LDAP server.");
17. ldap_set_option($this->ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
18. ldap_set_option($this->ldapconn, LDAP_OPT_REFERRALS, 0);
19. }
20.  
21. public function login($username, $password){
22. $ldapbind = ldap_bind($this->ldapconn, $username . "@" . $this->ldap_sadmin['domain'] , $password);
23. if (!$ldapbind) return false;
24. $_SESSION['username'] = $username;
25. $_SESSION['password'] = $password;
26.  
27. $userAttr = $this->getLdapUserAttr($username);
28.  
29. foreach($userAttr as $attr => $value)
30. $_SESSION[$attr] = $value;
31.  
32. if(isset($userAttr['groups'])){
33. $group = $this->checkGroup($userAttr['groups']);
34. if($group){
35. $_SESSION['level'] = "admin";
36. return true;
37. }
38. }
39. $_SESSION['level'] = "user";
40. return true;
41. // exit();
42. }
43.  
44. public function changePassword($username, $password, $npassword){
45. // $npassword = "";
46. global $ldap_sadmin;
47. $ldap_root_username = $ldap_sadmin['username'];
48.  
49. $ldap_root_password = $ldap_sadmin['password'];
50.  
51.  
52.  
53. if ($username != $_SESSION['username']){
54. if ($_SESSION['level'] != "admin")
55. return "You don't have enough permissions to change another user password!";
56. } else {
57. ldap_bind($this->ldapconn, $username . "@" . $domain, $password) or die("Wrong password");
58. }
59.  
60. $ldapbind = ldap_bind($this->ldapconn, $ldap_root_username . "@" . $domain, $ldap_root_password);
61.  
62. $newPassw = "";
63. $newPassword = "\"" . $npassword . "\"";
64. $len = strlen($newPassword);
65. for ($i = 0; $i < $len; $i++)
66. $newPassw .= "{$newPassword{$i}}\000";
67.  
68. $newPassword = $newPassw;
69. $userdata["unicodePwd"] = $newPassword;
70.  
71. $userAttr = $this->getLdapUserAttr($username);
72. if(ldap_mod_replace($this->ldapconn, $userAttr['distinguishedname'], $userdata)){
73. if(!ldap_errno($this->ldapconn)) return "Error"; // (" . ldap_errno($this->ldapconn) . "): " . ldap_error($this->ldapconn);
74. }
75.  
76. return true;
77.  
78. }
79.  
80.  
81. function getLdapUserAttr($username){
82. $searchFilter = "(sAMAccountName=" . $username. ")";
83. $searchAttr = array("displayName","description","cn","distinguishedName","givenName","sn","mail","company","displayName","memberof");
84. $user_search = ldap_search($this->ldapconn,$this->ldap_sadmin['domainDN'],$searchFilter, $searchAttr) or die ("Error in search query");
85. $user_get = ldap_get_entries($this->ldapconn, $user_search);
86.  
87. foreach($searchAttr as $key){
88. $key = strtolower($key);
89. if (!isset($user_get[0][$key])) continue;
90. if ($key == "memberof" && is_array($user_get[0]["memberof"])){
91. foreach($user_get[0][$key] as $groupID => $groupDN)
92. if (!is_numeric($groupDN))
93. $ldap_user_attr['groups'][] = $groupDN;
94. } elseif (isset($user_get[0][$key][0])){
95. $ldap_user_attr[$key] = $user_get[0][$key][0];
96. }
97. }
98. //$ldap_user_attr["user_dn"] = $data = ldap_get_dn($this->ldapconn, $user_search);
99.  
100. return $ldap_user_attr;
101. }
102.  
103. function checkGroup($userMemberOf){
104. foreach($userMemberOf as $groupID => $groupDN){
105. $searchResult = strpos($groupDN, $this->ldap_sadmin['admin_group']);
106. if( $searchResult > 0 )
107. return true;
108. }
109. return false;
110. }
111.  
112. public function addOrganization($orgFullName, $orgShortName ){
113. if ($_SESSION['level'] != 'admin')
114. return "You have no enough permissions to perform this action!";
115.  
116. $nOrgDN = "OU=" . $orgShortName . "," . $this->ldap_sadmin["domainClientsDN"];
117. $newou["objectClass"][0] = "top";
118. $newou["objectClass"][1] = "organizationalUnit";
119. $newou["ou"] = $orgShortName;
120. $result = ldap_add($this->ldapconn,$nOrgDN,$newou);
121.  
122. if (!$result){
123. return false;
124. } else {
125. return true;
126. }
127. }
128.  
129. public function addOrganizationUser($arrNewUser){
130. if ($_SESSION['level'] != "admin")
131. return "You have no enough permissions to perform this action!";
132.  
133. $userinfo['cn'] = $arrNewUser['name'] . " " . $arrNewUser['surname'];
134. $userinfo['sn'] = $arrNewUser['surname'];
135. $userinfo['mail'] = $arrNewUser['mail'];
136. $userinfo['name'] = $userinfo['name'];
137. $userinfo['givenName'] = $arrNewUser['name'];
138. $userinfo['displayName'] = $userinfo['cn'];
139. $userinfo['userpassword'] = $arrNewUser['password'];
140. $userinfo['sAMAccountName'] = $arrNewUser['username'];
141. $userinfo['UserPrincipalName'] = $arrNewUser['mail'];
142. // $userinfo['useraccountcontrol'] = 512; // Normal Account
143. $userinfo['useraccountcontrol'] = 65536; // Don't expire password
144. $userinfo['objectclass'][0] = 'top';
145. $userinfo['objectclass'][3] = 'user';
146. $userinfo['objectclass'][1] = 'person';
147. $userinfo['objectclass'][2] = 'organizationalPerson';
148.  
149. $nuserDN = "CN=" . $userinfo['cn'] . ",OU=" . $arrNewUser["clOrganization"] . "," . $this->ldap_sadmin["domainClientsDN"];
150.  
151. $result = ldap_add($this->ldapconn, $nuserDN, $userinfo);
152.  
153. if (!$result)
154. return "Error: (" . ldap_errno($this->ldapconn) . ") - ". ldap_error($this->ldapconn);
155. else
156. return "OK";
157.  
158. }
159.  
160. public function listOrganization(){
161.  
162. $listOnly = array("ou");
163. $searchOU = ldap_list($this->ldapconn, $this->ldap_sadmin['domainClientsDN'], "ou=*", $listOnly);
164. $OUs = ldap_get_entries($this->ldapconn, $searchOU);
165.  
166. $arrOrganizations = array();
167. for ($i=0; $i < $OUs["count"]; $i++) {
168. $arrOrganizations[] = $OUs[$i]["ou"][0];
169. }
170. asort($arrOrganizations);
171. return $arrOrganizations;
172. }
173.  
174.  
175. }
176.  
177.  
178. // function addUser(ldapconn, $arrNewUser){
179. // if ($_SESSION['level'] != "admin")
180. // return "You have no enough permissions to perform this action!";
181.  
182. // $nuserDN = "CN=" . explode(" ", $arrNewUser)[0];
183. // $nuserDN .= ",CN=" . $arrNewUser["clOrganization"] . "," . $ldap_sadmin["domainDN"];
184.  
185. // $result = ldap_add(ldapconn, $nuserDN, $arrNewUser['attr']);
186.  
187. // if (!$result){
188. // return "Error: (" . ldap_errno(ldapconn) . ") - ". ldap_error(ldapconn);
189. // } else {
190. // return "OK";
191. // }
192. // }