$this_id) { $this_id = $record[$record_attribute][0]; } } } } return($this_id); } ################################## function ldap_get_group_list($ldap_connection,$start=0,$entries=NULL,$sort="asc",$filters=NULL) { global $log_prefix, $LDAP; $ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(&(objectclass=*)$filters)"); $result = ldap_get_entries($ldap_connection, $ldap_search); $records = array(); foreach ($result as $record) { if (isset($record['cn'][0])) { array_push($records, $record['cn'][0]); } } if ($sort == "asc") { sort($records); } else { rsort($records); } return(array_slice($records,$start,$entries)); } ################################## function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=NULL,$sort="asc") { global $log_prefix, $LDAP; $ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)", array($LDAP['group_membership_attribute'])); $result = ldap_get_entries($ldap_connection, $ldap_search); $records = array(); foreach ($result[0][$LDAP['group_membership_attribute']] as $record => $value) { if ($record != 'count' and isset($value)) { array_push($records, $value); } } if ($sort == "asc") { sort($records); } else { rsort($records); } return(array_slice($records,$start,$entries)); } ################################## function ldap_is_group_member($ldap_connection,$group_name,$username) { global $log_prefix, $LDAP; $ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)"); $result = ldap_get_entries($ldap_connection, $ldap_search); if ($LDAP['group_membership_uses_uid'] == FALSE) { $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"; } if (preg_grep ("/^${username}$/i", $result[0][$LDAP['group_membership_attribute']])) { return TRUE; } else { return FALSE; } } ################################## function ldap_new_group($ldap_connection,$group_name) { global $log_prefix, $LDAP; if (isset($group_name)) { $ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name,${LDAP['group_dn']})"); $result = ldap_get_entries($ldap_connection, $ldap_search); if ($result['count'] == 0) { $highest_gid = ldap_get_highest_id($ldap_connection,'gid'); $new_gid = $highest_gid + 1; $add_group = ldap_add($ldap_connection, "cn=$group_name,${LDAP['group_dn']}", array( 'objectClass' => array( 'top', 'groupOfUniqueNames', 'posixGroup' ), 'cn' => $group_name, 'gidNumber' => $new_gid, $LDAP['group_membership_attribute'] => '' ) ); if ($add_group) { error_log("$log_prefix Added new group $group_name",0); $update_gid = ldap_mod_replace($ldap_connection, "cn=lastGID,${LDAP['base_dn']}", array( 'serialNumber' => $new_gid )); if ($update_gid) { error_log("$log_prefix Updated cn=lastGID with $new_gid",0); return TRUE; } else { error_log("$log_prefix Failed to update cn=lastGID",0); } } } else { error_log("$log_prefix Create group; group $group_name already exists.",0); } } else { error_log("$log_prefix Create group; group name wasn't set.",0); } return FALSE; } ################################## function ldap_delete_group($ldap_connection,$group_name) { global $log_prefix, $LDAP; if (isset($group_name)) { $delete = ldap_delete($ldap_connection, "cn=$group_name,${LDAP['group_dn']}"); if ($delete) { error_log("$log_prefix Deleted group $group_name",0); return TRUE; } else { error_log("$log_prefix Couldn't delete group $group_name",0); return FALSE; } } } ################################## function ldap_get_gid_of_group($ldap_connection,$group_name) { global $log_prefix, $LDAP; if (isset($group_name)) { $ldap_search = ldap_search($ldap_connection, "${LDAP['group_dn']}", "(cn=$group_name)", array("gidNumber")); $result = ldap_get_entries($ldap_connection, $ldap_search); if (isset($result[0]['gidnumber'][0]) and is_numeric($result[0]['gidnumber'][0])) { return $result[0]['gidnumber'][0]; } } return FALSE; } ################################## function ldap_new_account($ldap_connection,$first_name,$last_name,$username,$password) { global $log_prefix, $LDAP, $DEFAULT_USER_SHELL, $DEFAULT_USER_GROUP, $EMAIL_DOMAIN; if (isset($first_name) and isset($last_name) and isset($username) and isset($password)) { $ldap_search = ldap_search($ldap_connection, "${LDAP['user_dn']}", "(${LDAP['account_attribute']}=$username,${LDAP['user_dn']})"); $result = ldap_get_entries($ldap_connection, $ldap_search); if ($result['count'] == 0) { $highest_uid = ldap_get_highest_id($ldap_connection,'uid'); $new_uid = $highest_uid + 1; $default_gid = ldap_get_gid_of_group($ldap_connection,$DEFAULT_USER_GROUP); if (!is_numeric($default_gid)) { $group_add = ldap_new_group($ldap_connection,$username); $gid = ldap_get_gid_of_group($ldap_connection,$username); $add_to_group = $username; } else { $gid = $default_gid; $add_to_group = $DEFAULT_USER_GROUP; } $hashed_pass = ldap_hashed_password($password); $user_info = array( 'objectClass' => array( 'person', 'inetOrgPerson', 'posixAccount' ), 'uid' => $username, 'givenName' => $first_name, 'sn' => $last_name, 'cn' => "$first_name $last_name", 'displayName' => "$first_name $last_name", 'uidNumber' => $new_uid, 'gidNumber' => $gid, 'loginShell' => $DEFAULT_USER_SHELL, 'homeDirectory' => "/home/$username", 'userPassword' => $hashed_pass ); if (isset($EMAIL_DOMAIN)) { array_push($user_info, ['mail' => "$username@$EMAIL_DOMAIN"]); } $add_account = ldap_add($ldap_connection, "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}", $user_info ); if ($add_account) { error_log("$log_prefix Created new account: $username",0); ldap_add_member_to_group($ldap_connection,$add_to_group,$username); $update_uid = ldap_mod_replace($ldap_connection, "cn=lastUID,${LDAP['base_dn']}", array( 'serialNumber' => $new_uid )); if ($update_uid) { error_log("$log_prefix Create account; Updated cn=lastUID with $new_uid",0); return TRUE; } else { error_log("$log_prefix Create account; Failed to update cn=lastUID",0); } } else { error_log("$log_prefix Create account; couldn't create the account for $username",0); } } else { error_log("$log_prefix Create account; Account for $username already exists",0); } } else { error_log("$log_prefix Create account; missing parameters",0); } return FALSE; } ################################## function ldap_delete_account($ldap_connection,$username) { global $log_prefix, $LDAP; if (isset($username)) { $delete = ldap_delete($ldap_connection, "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"); if ($delete) { error_log("$log_prefix Deleted account for $username",0); return TRUE; } else { error_log("$log_prefix Couldn't delete account for $username",0); return FALSE; } } } ################################## function ldap_add_member_to_group($ldap_connection,$group_name,$username) { global $log_prefix, $LDAP; $group_dn = "cn=${group_name},${LDAP['group_dn']}"; if ($LDAP['group_membership_uses_uid'] == FALSE) { $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"; } $group_update = array($LDAP['group_membership_attribute'] => $username); $update = ldap_mod_add($ldap_connection,$group_dn,$group_update); if ($update) { error_log("$log_prefix Added $username to $group_name",0); return TRUE; } else { error_log("$log_prefix Couldn't add $username to $group_name",0); return FALSE; } } ################################## function ldap_delete_member_from_group($ldap_connection,$group_name,$username) { global $log_prefix, $LDAP; $group_dn = "cn=${group_name},${LDAP['group_dn']}"; if ($LDAP['group_membership_uses_uid'] == FALSE) { $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}"; } $group_update = array($LDAP['group_membership_attribute'] => $username); $update = ldap_mod_del($ldap_connection,$group_dn,$group_update); if ($update) { error_log("$log_prefix Removed $username from $group_name",0); return TRUE; } else { error_log("$log_prefix Couldn't remove $username from $group_name",0); return FALSE; } } ################################## function ldap_change_password($ldap_connection,$username,$new_password) { global $log_prefix, $LDAP; #Find DN of user $ldap_search = ldap_search( $ldap_connection, $LDAP['base_dn'], "${LDAP['account_attribute']}=${username}"); if ($ldap_search) { $result = ldap_get_entries($ldap_connection, $ldap_search); if ($result["count"] == 1) { $this_dn=$result[0]['dn']; } else { error_log("$log_prefix Couldn't find the DN for user $username"); return FALSE; } } else { error_log("$log_prefix Couldn't perform an LDAP search for ${LDAP['account_attribute']}=${username}",0); return FALSE; } #Hash password $hashed_pass = ldap_hashed_password($new_password); $entries["userPassword"] = $new_password; $update = ldap_mod_replace($ldap_connection, $this_dn, $entries); if ($update) { error_log("$log_prefix Updated the password for $username"); return TRUE; } else { error_log("$log_prefix Couldn't update the password for $username"); return TRUE; } } ?>