packages/ssoinabox-webui/root/usr/local/share/ssoinabox/htdocs/includes/ldap.php
author Dan Fuhry <dan@enanocms.org>
Sat, 23 Feb 2013 14:26:38 -0500
changeset 9 f4bf6556fb9f
parent 8 f68fdcc18df9
permissions -rw-r--r--
Merged
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     1
<?php
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     2
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     3
// BEGIN CONSTANTS
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     4
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     5
$ldap_readonly_attrs = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     6
		'uid'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     7
		, 'objectClass'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     8
		, 'userPassword'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
     9
		, 'homeDirectory'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    10
		, 'uidNumber'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    11
		, 'gidNumber'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    12
	);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    13
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    14
$ldap_field_names = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    15
		'cn' => 'Common name'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    16
		, 'uid' => 'Username'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    17
		, 'givenName' => 'Given name'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    18
		, 'sn' => 'Surname'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    19
		, 'mail' => 'E-mail'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    20
		, 'title' => 'Job title'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    21
		, 'telephoneNumber' => 'Phone'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    22
	);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    23
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    24
$ldap_add_single = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    25
		'title'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    26
		, 'mail'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    27
	);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    28
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    29
$ldap_add_multiple = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    30
		'telephoneNumber'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    31
		, 'mobile'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    32
		, 'mail'
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
    33
		, 'sshPublicKey'
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    34
	);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    35
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    36
// END CONSTANTS
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    37
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    38
global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    39
$_ldapconn = ldap_connect($ldap_server);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    40
if ( !$_ldapconn )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    41
	die("Failed to connect to the LDAP database");
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    42
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    43
if ( !ldap_set_option($_ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    44
	die("Failed to set LDAP version to 3");
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    45
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    46
if ( !ldap_bind($_ldapconn, $ldap_manager['dn'], $ldap_manager['password']) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    47
	die("Failed to bind to LDAP as a manager");
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    48
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    49
register_shutdown_function(function() use ($_ldapconn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    50
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    51
		ldap_unbind($_ldapconn);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    52
	});
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    53
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    54
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    55
function ldap_escape($str)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    56
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    57
	// FIXME escape properly
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    58
	return $str;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    59
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    60
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    61
function ldap_get_user($username)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    62
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    63
	global $_ldapconn, $ldap_user_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    64
	
8
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 4
diff changeset
    65
	static $cache = array();
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 4
diff changeset
    66
	if ( isset($cache[$username]) )
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 4
diff changeset
    67
		return $cache[$username];
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 4
diff changeset
    68
	
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    69
	$search_filter = sprintf("(&(uid=%s)(objectClass=posixAccount))", ldap_escape($username));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    70
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    71
	$search_result = ldap_search($_ldapconn, $ldap_user_basedn, $search_filter);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    72
	if ( ldap_count_entries($_ldapconn, $search_result) !== 1 )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    73
		return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    74
	
8
f68fdcc18df9 Started on the database
Dan Fuhry <dan@enanocms.org>
parents: 4
diff changeset
    75
	return $cache[$username] = ldap_array_cleanup(ldap_get_attributes($_ldapconn, ldap_first_entry($_ldapconn, $search_result)));
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    76
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    77
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    78
function ldap_get_group($group)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    79
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    80
	global $_ldapconn, $ldap_group_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    81
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    82
	$search_filter = sprintf("(&(cn=%s)(objectClass=posixGroup))", ldap_escape($group));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    83
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    84
	$search_result = ldap_search($_ldapconn, $ldap_group_basedn, $search_filter);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    85
	if ( ldap_count_entries($_ldapconn, $search_result) !== 1 )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    86
		return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    87
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    88
	$result = ldap_array_cleanup(ldap_get_attributes($_ldapconn, ldap_first_entry($_ldapconn, $search_result)));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    89
	if ( !isset($result['memberUid']) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    90
		$result['memberUid'] = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    91
	if ( !is_array($result['memberUid']) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    92
		$result['memberUid'] = array($result['memberUid']);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    93
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    94
	return $result;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    95
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    96
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    97
function ldap_update_user($user, $entry)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    98
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
    99
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   100
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   101
	return ldap_modify($_ldapconn, ldap_make_user_dn($user), $entry);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   102
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   103
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   104
function ldap_list_users()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   105
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   106
	global $_ldapconn, $ldap_user_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   107
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   108
	$search_result = ldap_search($_ldapconn, $ldap_user_basedn, '(objectClass=organizationalPerson)');
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   109
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   110
	$results = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   111
	for ( $entry = ldap_first_entry($_ldapconn, $search_result);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   112
			$entry;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   113
			$entry = ldap_next_entry($_ldapconn, $entry) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   114
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   115
		$entry_arr = ldap_array_cleanup(ldap_get_attributes($_ldapconn, $entry));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   116
		$results[$entry_arr['uid']] = $entry_arr;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   117
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   118
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   119
	return $results;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   120
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   121
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   122
function ldap_list_groups()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   123
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   124
	global $_ldapconn, $ldap_group_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   125
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   126
	$search_result = ldap_search($_ldapconn, $ldap_group_basedn, '(objectClass=posixGroup)');
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   127
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   128
	$results = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   129
	for ( $entry = ldap_first_entry($_ldapconn, $search_result);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   130
			$entry;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   131
			$entry = ldap_next_entry($_ldapconn, $entry) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   132
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   133
		$entry_arr = ldap_array_cleanup(ldap_get_attributes($_ldapconn, $entry));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   134
		$results[$entry_arr['cn']] = $entry_arr;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   135
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   136
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   137
	return $results;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   138
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   139
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   140
function ldap_array_cleanup($arr)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   141
{
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   142
	global $ldap_add_multiple;
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   143
	
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   144
	$result = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   145
	foreach ( $arr as $k => $v )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   146
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   147
		if ( is_int($k) || $k == 'count' )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   148
			continue;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   149
		
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   150
		if ( $v['count'] === 1 && !in_array($k, $ldap_add_multiple) )
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   151
			$v = $v[0];
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   152
		else
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   153
			unset($v['count']);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   154
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   155
		$result[$k] = $v;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   156
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   157
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   158
	return $result;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   159
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   160
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   161
function ldap_make_user_dn($username)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   162
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   163
	global $ldap_user_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   164
	return sprintf('uid=%s,%s', ldap_escape($username), $ldap_user_basedn);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   165
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   166
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   167
function ldap_make_group_dn($group)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   168
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   169
	global $ldap_group_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   170
	return sprintf('cn=%s,%s', ldap_escape($group), $ldap_group_basedn);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   171
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   172
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   173
function ldap_replace_attr($dn, $attribute, $value)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   174
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   175
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   176
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   177
	$ldif = array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   178
			$attribute => array($value)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   179
		);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   180
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   181
	return ldap_mod_replace($_ldapconn, $dn, $ldif);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   182
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   183
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   184
function ldap_delete_user($username)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   185
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   186
	global $_ldapconn, $ldap_user_basedn, $ldap_group_basedn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   187
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   188
	// remove user from all LDAP groups
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   189
	$search_filter = sprintf("(&(memberUid=%s)(objectClass=posixGroup))", ldap_escape($username));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   190
	$search_result = ldap_search($_ldapconn, $ldap_group_basedn, $search_filter);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   191
	for ( $entry = ldap_first_entry($_ldapconn, $search_result);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   192
			$entry;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   193
			$entry = ldap_next_entry($_ldapconn, $entry) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   194
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   195
		$entry_arr = ldap_array_cleanup(ldap_get_attributes($_ldapconn, $entry));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   196
		$dn = ldap_get_dn($_ldapconn, $entry);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   197
		ldap_mod_del($_ldapconn, $dn, array('memberUid' => array($username)));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   198
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   199
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   200
	// delete user DN
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   201
	return ldap_delete($_ldapconn, ldap_make_user_dn($username));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   202
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   203
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   204
function ldap_delete_group_member($gid, $uid)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   205
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   206
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   207
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   208
	return ldap_mod_del($_ldapconn, ldap_make_group_dn($gid), array('memberUid' => array($uid)));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   209
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   210
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   211
function ldap_add_group_member($gid, $uid)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   212
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   213
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   214
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   215
	return ldap_mod_add($_ldapconn, ldap_make_group_dn($gid), array('memberUid' => array($uid)));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   216
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   217
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   218
function get_next_available_uid()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   219
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   220
	$users = ldap_list_users();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   221
	$uids = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   222
	foreach ( $users as $u )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   223
		$uids[] = intval($u['uidNumber']);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   224
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   225
	asort($uids);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   226
	$uid = UID_MIN;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   227
	$last_uid = $uids[0];
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   228
	foreach ( $uids as $u )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   229
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   230
		if ( $u > $last_uid + 1 && ($last_uid + 1) > UID_MIN )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   231
		{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   232
			return $last_uid + 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   233
		}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   234
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   235
		$last_uid = $u;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   236
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   237
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   238
	return max($uids) + 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   239
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   240
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   241
function get_next_available_gid()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   242
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   243
	$groups = ldap_list_groups();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   244
	$gids = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   245
	foreach ( $groups as $g )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   246
		$gids[] = intval($g['gidNumber']);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   247
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   248
	asort($gids);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   249
	$gid = GID_MIN;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   250
	$last_gid = $gids[0];
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   251
	foreach ( $gids as $g )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   252
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   253
		if ( $g > $last_gid + 1 && ($last_gid + 1) > GID_MIN )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   254
		{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   255
			return $last_gid + 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   256
		}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   257
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   258
		$last_gid = $g;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   259
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   260
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   261
	return max($gids) + 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   262
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   263
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   264
function get_next_available_extension()
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   265
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   266
	$users = ldap_list_users();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   267
	$exts = array();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   268
	foreach ( $users as $u )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   269
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   270
		if ( !isset($u['telephoneNumber']) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   271
			continue;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   272
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   273
		if ( !is_array($u['telephoneNumber']) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   274
			$u['telephoneNumber'] = array($u['telephoneNumber']);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   275
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   276
		foreach ( $u['telephoneNumber'] as $n )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   277
		{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   278
			if ( preg_match('/^([0-9]+) \(extension\)$/', $n, $match) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   279
				$exts[] = intval($n);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   280
		}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   281
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   282
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   283
	asort($exts);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   284
	$ext = PHONE_EXT_MIN;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   285
	$last_ext = PHONE_EXT_MIN - 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   286
	foreach ( $exts as $e )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   287
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   288
		if ( $e > $last_ext + 1 && ($last_ext + 1) > UID_MIN )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   289
		{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   290
			return $last_ext + 1;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   291
		}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   292
		
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   293
		$last_ext = $e;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   294
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   295
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   296
	return count($exts) ? max($exts) + 1 : PHONE_EXT_MIN;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   297
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   298
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   299
function ldap_create_user($username, $gn, $sn, $cn, $title)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   300
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   301
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   302
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   303
	$krb_realm = get_default_kerberos_realm();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   304
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   305
	if ( !ldap_add($_ldapconn, ldap_make_user_dn($username), array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   306
			'cn' => array($cn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   307
			, 'uid' => array($username)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   308
			, 'objectClass' => array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   309
				'top'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   310
				, 'person'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   311
				, 'inetOrgPerson'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   312
				, 'organizationalPerson'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   313
				, 'posixAccount'
4
2212b2ded8bf Added OpenSSH public key support in LDAP
Dan Fuhry <dan@fuhry.us>
parents: 3
diff changeset
   314
				, 'ldapPublicKey'
0
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   315
				)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   316
			, 'gn' => array($gn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   317
			, 'sn' => array($sn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   318
			, 'userPassword' => array("{SASL}$username@$krb_realm")
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   319
			, 'loginShell' => array('/bin/bash')
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   320
			, 'homeDirectory' => array("/home/users/$username")
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   321
			, 'uidNumber' => array(get_next_available_uid())
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   322
			, 'gidNumber' => array(500)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   323
			, 'title' => array($title)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   324
		)) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   325
		return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   326
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   327
	if ( !ldap_mod_add($_ldapconn, ldap_make_group_dn('users'), array('memberUid' => array($username))) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   328
		return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   329
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   330
	return true;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   331
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   332
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   333
function ldap_create_group($cn, $description)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   334
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   335
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   336
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   337
	if ( !ldap_add($_ldapconn, ldap_make_group_dn($cn), array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   338
			'cn' => array($cn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   339
			, 'description' => array($description)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   340
			, 'gidNumber' => array(get_next_available_gid())
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   341
			, 'objectClass' => array(
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   342
				'top'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   343
				, 'posixGroup'
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   344
				)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   345
		)) )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   346
		return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   347
}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   348
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   349
function ldap_delete_group($cn)
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   350
{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   351
	global $_ldapconn;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   352
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   353
	$group = ldap_get_group($cn);
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   354
	$users = ldap_list_users();
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   355
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   356
	foreach ( $users as $u )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   357
	{
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   358
		if ( $u['gidNumber'] === $group['gidNumber'] )
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   359
			return false;
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   360
	}
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   361
	
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   362
	return ldap_delete($_ldapconn, ldap_make_group_dn($cn));
3906ca745819 First commit!
Dan Fuhry <dan@fuhry.us>
parents:
diff changeset
   363
}
3
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   364
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   365
/**
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   366
 * Is the given username in the specified LDAP group?
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   367
 * @param string username
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   368
 * @param string Group name
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   369
 * @return bool
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   370
 */
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   371
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   372
function ldap_test_group_membership($username, $group)
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   373
{
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   374
	global $_ldapconn, $ldap_group_basedn;
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   375
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   376
	$filter = sprintf('(&(memberUid=%s)(cn=%s)(objectClass=posixGroup))', ldap_escape($username), ldap_escape($group));
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   377
	
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   378
	$result = ldap_search($_ldapconn, $ldap_group_basedn, $filter);
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   379
	return ldap_count_entries($_ldapconn, $result) > 0;
a044870a9d3d Added password reset function
Dan Fuhry <dan@fuhry.us>
parents: 0
diff changeset
   380
}