dolibarr  16.0.5
ldap.class.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
4  * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
5  * Copyright (C) 2006-2021 Laurent Destailleur <eldy@users.sourceforge.net>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  * or see https://www.gnu.org/
20  */
21 
34 class Ldap
35 {
39  public $error = '';
40 
44  public $errors = array();
45 
49  public $server = array();
50 
55 
59  public $dn;
63  public $serverType;
71  public $domain;
76  public $searchUser;
85  public $people;
89  public $groups;
98 
99 
100  //Fetch user
101  public $name;
102  public $firstname;
103  public $login;
104  public $phone;
105  public $skype;
106  public $fax;
107  public $mail;
108  public $mobile;
109 
110  public $uacf;
111  public $pwdlastset;
112 
113  public $ldapcharset = 'UTF-8'; // LDAP should be UTF-8 encoded
114 
115 
119  public $connection;
123  public $result;
124 
128  const SYNCHRO_NONE = 0;
129 
134 
139 
140 
144  public function __construct()
145  {
146  global $conf;
147 
148  // Server
149  if (!empty($conf->global->LDAP_SERVER_HOST)) {
150  $this->server[] = $conf->global->LDAP_SERVER_HOST;
151  }
152  if (!empty($conf->global->LDAP_SERVER_HOST_SLAVE)) {
153  $this->server[] = $conf->global->LDAP_SERVER_HOST_SLAVE;
154  }
155  $this->serverPort = getDolGlobalInt('LDAP_SERVER_PORT', 389);
156  $this->ldapProtocolVersion = getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION');
157  $this->dn = getDolGlobalString('LDAP_SERVER_DN');
158  $this->serverType = getDolGlobalString('LDAP_SERVER_TYPE');
159 
160  $this->domain = getDolGlobalString('LDAP_SERVER_DN');
161  $this->searchUser = getDolGlobalString('LDAP_ADMIN_DN');
162  $this->searchPassword = getDolGlobalString('LDAP_ADMIN_PASS');
163  $this->people = getDolGlobalString('LDAP_USER_DN');
164  $this->groups = getDolGlobalString('LDAP_GROUP_DN');
165 
166  $this->filter = getDolGlobalString('LDAP_FILTER_CONNECTION'); // Filter on user
167  $this->filtergroup = getDolGlobalString('LDAP_GROUP_FILTER'); // Filter on groups
168  $this->filtermember = getDolGlobalString('LDAP_MEMBER_FILTER'); // Filter on member
169 
170  // Users
171  $this->attr_login = getDolGlobalString('LDAP_FIELD_LOGIN'); //unix
172  $this->attr_sambalogin = getDolGlobalString('LDAP_FIELD_LOGIN_SAMBA'); //samba, activedirectory
173  $this->attr_name = getDolGlobalString('LDAP_FIELD_NAME');
174  $this->attr_firstname = getDolGlobalString('LDAP_FIELD_FIRSTNAME');
175  $this->attr_mail = getDolGlobalString('LDAP_FIELD_MAIL');
176  $this->attr_phone = getDolGlobalString('LDAP_FIELD_PHONE');
177  $this->attr_skype = getDolGlobalString('LDAP_FIELD_SKYPE');
178  $this->attr_fax = getDolGlobalString('LDAP_FIELD_FAX');
179  $this->attr_mobile = getDolGlobalString('LDAP_FIELD_MOBILE');
180  }
181 
182  // Connection handling methods -------------------------------------------
183 
184  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
192  public function connect_bind()
193  {
194  // phpcs:enable
195  global $conf;
196  global $dolibarr_main_auth_ldap_debug;
197 
198  $connected = 0;
199  $this->bind = 0;
200  $this->error = 0;
201  $this->connectedServer = '';
202 
203  $ldapdebug = ((empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false") ? false : true);
204 
205  if ($ldapdebug) {
206  dol_syslog(get_class($this)."::connect_bind");
207  print "DEBUG: connect_bind<br>\n";
208  }
209 
210  // Check parameters
211  if (count($this->server) == 0 || empty($this->server[0])) {
212  $this->error = 'LDAP setup (file conf.php) is not complete';
213  dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING);
214  return -1;
215  }
216 
217  if (!function_exists("ldap_connect")) {
218  $this->error = 'LDAPFunctionsNotAvailableOnPHP';
219  dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING);
220  $return = -1;
221  }
222 
223  if (empty($this->error)) {
224  // Loop on each ldap server
225  foreach ($this->server as $host) {
226  if ($connected) {
227  break;
228  }
229  if (empty($host)) {
230  continue;
231  }
232 
233  if ($this->serverPing($host, $this->serverPort) === true) {
234  if ($ldapdebug) {
235  dol_syslog(get_class($this)."::connect_bind serverPing true, we try ldap_connect to ".$host);
236  }
237  $this->connection = ldap_connect($host, $this->serverPort);
238  } else {
239  if (preg_match('/^ldaps/i', $host)) {
240  // With host = ldaps://server, the serverPing to ssl://server sometimes fails, even if the ldap_connect succeed, so
241  // we test this case and continue in such a case even if serverPing fails.
242  if ($ldapdebug) {
243  dol_syslog(get_class($this)."::connect_bind serverPing false, we try ldap_connect to ".$host);
244  }
245  $this->connection = ldap_connect($host, $this->serverPort);
246  } else {
247  continue;
248  }
249  }
250 
251  if (is_resource($this->connection) || is_object($this->connection)) {
252  if ($ldapdebug) {
253  dol_syslog(get_class($this)."::connect_bind this->connection is ok", LOG_DEBUG);
254  }
255 
256  // Upgrade connexion to TLS, if requested by the configuration
257  if (!empty($conf->global->LDAP_SERVER_USE_TLS)) {
258  // For test/debug
259  //ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
260  //ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
261  //ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
262 
263  $resulttls = ldap_start_tls($this->connection);
264  if (!$resulttls) {
265  dol_syslog(get_class($this)."::connect_bind failed to start tls", LOG_WARNING);
266  $this->error = 'ldap_start_tls Failed to start TLS '.ldap_errno($this->connection).' '.ldap_error($this->connection);
267  $connected = 0;
268  $this->unbind();
269  }
270  }
271 
272  // Execute the ldap_set_option here (after connect and before bind)
273  $this->setVersion();
274  ldap_set_option($this->connection, LDAP_OPT_SIZELIMIT, 0); // no limit here. should return true.
275 
276 
277  if ($this->serverType == "activedirectory") {
278  $result = $this->setReferrals();
279  dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
280  $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
281  if ($this->result) {
282  $this->bind = $this->result;
283  $connected = 2;
284  $this->connectedServer = $host;
285  break;
286  } else {
287  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
288  }
289  } else {
290  // Try in auth mode
291  if ($this->searchUser && $this->searchPassword) {
292  dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
293  $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
294  if ($this->result) {
295  $this->bind = $this->result;
296  $connected = 2;
297  $this->connectedServer = $host;
298  break;
299  } else {
300  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
301  }
302  }
303  // Try in anonymous
304  if (!$this->bind) {
305  dol_syslog(get_class($this)."::connect_bind try bind anonymously on ".$host, LOG_DEBUG);
306  $result = $this->bind();
307  if ($result) {
308  $this->bind = $this->result;
309  $connected = 1;
310  $this->connectedServer = $host;
311  break;
312  } else {
313  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
314  }
315  }
316  }
317  }
318 
319  if (!$connected) {
320  $this->unbind();
321  }
322  } // End loop on each server
323  }
324 
325  if ($connected) {
326  $return = $connected;
327  dol_syslog(get_class($this)."::connect_bind return=".$return, LOG_DEBUG);
328  } else {
329  $this->error = 'Failed to connect to LDAP'.($this->error ? ': '.$this->error : '');
330  $return = -1;
331  dol_syslog(get_class($this)."::connect_bind return=".$return.' - '.$this->error, LOG_WARNING);
332  }
333 
334  return $return;
335  }
336 
345  public function close()
346  {
347  $r_type = get_resource_type($this->connection);
348  if ($this->connection && ($r_type === "Unknown" || !@ldap_close($this->connection))) {
349  return false;
350  } else {
351  return true;
352  }
353  }
354 
361  public function bind()
362  {
363  if (!$this->result = @ldap_bind($this->connection)) {
364  $this->ldapErrorCode = ldap_errno($this->connection);
365  $this->ldapErrorText = ldap_error($this->connection);
366  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
367  return false;
368  } else {
369  return true;
370  }
371  }
372 
383  public function bindauth($bindDn, $pass)
384  {
385  if (!$this->result = @ldap_bind($this->connection, $bindDn, $pass)) {
386  $this->ldapErrorCode = ldap_errno($this->connection);
387  $this->ldapErrorText = ldap_error($this->connection);
388  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
389  return false;
390  } else {
391  return true;
392  }
393  }
394 
401  public function unbind()
402  {
403  $this->result = true;
404  if ($this->connection) {
405  $this->result = @ldap_unbind($this->connection);
406  }
407  if ($this->result) {
408  return true;
409  } else {
410  return false;
411  }
412  }
413 
414 
420  public function getVersion()
421  {
422  $version = 0;
423  $version = @ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $version);
424  return $version;
425  }
426 
432  public function setVersion()
433  {
434  // LDAP_OPT_PROTOCOL_VERSION est une constante qui vaut 17
435  $ldapsetversion = ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->ldapProtocolVersion);
436  return $ldapsetversion;
437  }
438 
444  public function setReferrals()
445  {
446  // LDAP_OPT_REFERRALS est une constante qui vaut ?
447  $ldapreferrals = ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
448  return $ldapreferrals;
449  }
450 
451 
461  public function add($dn, $info, $user)
462  {
463  dol_syslog(get_class($this)."::add dn=".$dn." info=".json_encode($info));
464 
465  // Check parameters
466  if (!$this->connection) {
467  $this->error = "NotConnected";
468  return -2;
469  }
470  if (!$this->bind) {
471  $this->error = "NotConnected";
472  return -3;
473  }
474 
475  // Encode to LDAP page code
476  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
477  foreach ($info as $key => $val) {
478  if (!is_array($val)) {
479  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
480  }
481  }
482 
483  $this->dump($dn, $info);
484 
485  //print_r($info);
486  $result = @ldap_add($this->connection, $dn, $info);
487 
488  if ($result) {
489  dol_syslog(get_class($this)."::add successfull", LOG_DEBUG);
490  return 1;
491  } else {
492  $this->ldapErrorCode = @ldap_errno($this->connection);
493  $this->ldapErrorText = @ldap_error($this->connection);
494  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
495  dol_syslog(get_class($this)."::add failed: ".$this->error, LOG_ERR);
496  return -1;
497  }
498  }
499 
509  public function modify($dn, $info, $user)
510  {
511  dol_syslog(get_class($this)."::modify dn=".$dn." info=".join(',', $info));
512 
513  // Check parameters
514  if (!$this->connection) {
515  $this->error = "NotConnected";
516  return -2;
517  }
518  if (!$this->bind) {
519  $this->error = "NotConnected";
520  return -3;
521  }
522 
523  // Encode to LDAP page code
524  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
525  foreach ($info as $key => $val) {
526  if (!is_array($val)) {
527  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
528  }
529  }
530 
531  $this->dump($dn, $info);
532 
533  //print_r($info);
534 
535  // For better compatibility with Samba4 AD
536  if ($this->serverType == "activedirectory") {
537  unset($info['cn']); // To avoid error : Operation not allowed on RDN (Code 67)
538 
539  // To avoid error : LDAP Error: 53 (Unwilling to perform)
540  if (isset($info['unicodePwd'])) {
541  $info['unicodePwd'] = mb_convert_encoding("\"".$info['unicodePwd']."\"", "UTF-16LE", "UTF-8");
542  }
543  }
544  $result = @ldap_modify($this->connection, $dn, $info);
545 
546  if ($result) {
547  dol_syslog(get_class($this)."::modify successfull", LOG_DEBUG);
548  return 1;
549  } else {
550  $this->error = @ldap_error($this->connection);
551  dol_syslog(get_class($this)."::modify failed: ".$this->error, LOG_ERR);
552  return -1;
553  }
554  }
555 
567  public function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true)
568  {
569  dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn ? 1 : 0));
570 
571  // Check parameters
572  if (!$this->connection) {
573  $this->error = "NotConnected";
574  return -2;
575  }
576  if (!$this->bind) {
577  $this->error = "NotConnected";
578  return -3;
579  }
580 
581  // Encode to LDAP page code
582  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
583  $newrdn = $this->convFromOutputCharset($newrdn, $this->ldapcharset);
584  $newparent = $this->convFromOutputCharset($newparent, $this->ldapcharset);
585 
586  //print_r($info);
587  $result = @ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
588 
589  if ($result) {
590  dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG);
591  return 1;
592  } else {
593  $this->error = @ldap_error($this->connection);
594  dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR);
595  return -1;
596  }
597  }
598 
611  public function update($dn, $info, $user, $olddn, $newrdn = false, $newparent = false)
612  {
613  dol_syslog(get_class($this)."::update dn=".$dn." olddn=".$olddn);
614 
615  // Check parameters
616  if (!$this->connection) {
617  $this->error = "NotConnected";
618  return -2;
619  }
620  if (!$this->bind) {
621  $this->error = "NotConnected";
622  return -3;
623  }
624 
625  if (!$olddn || $olddn != $dn) {
626  if (!empty($olddn) && !empty($newrdn) && !empty($newparent) && $this->ldapProtocolVersion === '3') {
627  // This function currently only works with LDAPv3
628  $result = $this->rename($olddn, $newrdn, $newparent, $user, true);
629  $result = $this->modify($dn, $info, $user); // We force "modify" for avoid some fields not modify
630  } else {
631  // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
632  $result = $this->add($dn, $info, $user);
633  if ($result > 0 && $olddn && $olddn != $dn) {
634  $result = $this->delete($olddn); // If add fails, we do not try to delete old one
635  }
636  }
637  } else {
638  //$result = $this->delete($olddn);
639  $result = $this->add($dn, $info, $user); // If record has been deleted from LDAP, we recreate it. We ignore error if it already exists.
640  $result = $this->modify($dn, $info, $user); // We use add/modify instead of delete/add when olddn is received
641  }
642  if ($result <= 0) {
643  $this->error = ldap_error($this->connection).' (Code '.ldap_errno($this->connection).") ".$this->error;
644  dol_syslog(get_class($this)."::update ".$this->error, LOG_ERR);
645  //print_r($info);
646  return -1;
647  } else {
648  dol_syslog(get_class($this)."::update done successfully");
649  return 1;
650  }
651  }
652 
653 
661  public function delete($dn)
662  {
663  dol_syslog(get_class($this)."::delete Delete LDAP entry dn=".$dn);
664 
665  // Check parameters
666  if (!$this->connection) {
667  $this->error = "NotConnected";
668  return -2;
669  }
670  if (!$this->bind) {
671  $this->error = "NotConnected";
672  return -3;
673  }
674 
675  // Encode to LDAP page code
676  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
677 
678  $result = @ldap_delete($this->connection, $dn);
679 
680  if ($result) {
681  return 1;
682  }
683  return -1;
684  }
685 
686  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
694  public function dump_content($dn, $info)
695  {
696  // phpcs:enable
697  $content = '';
698 
699  // Create file content
700  if (preg_match('/^ldap/', $this->server[0])) {
701  $target = "-H ".join(',', $this->server);
702  } else {
703  $target = "-h ".join(',', $this->server)." -p ".$this->serverPort;
704  }
705  $content .= "# ldapadd $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
706  $content .= "# ldapmodify $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
707  $content .= "# ldapdelete $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
708  if (in_array('localhost', $this->server)) {
709  $content .= "# If commands fails to connect, try without -h and -p\n";
710  }
711  $content .= "dn: ".$dn."\n";
712  foreach ($info as $key => $value) {
713  if (!is_array($value)) {
714  $content .= "$key: $value\n";
715  } else {
716  foreach ($value as $valuevalue) {
717  $content .= "$key: $valuevalue\n";
718  }
719  }
720  }
721  return $content;
722  }
723 
731  public function dump($dn, $info)
732  {
733  global $conf;
734 
735  // Create content
736  $content = $this->dump_content($dn, $info);
737 
738  //Create file
739  $result = dol_mkdir($conf->ldap->dir_temp);
740 
741  $outputfile = $conf->ldap->dir_temp.'/ldapinput.in';
742  $fp = fopen($outputfile, "w");
743  if ($fp) {
744  fputs($fp, $content);
745  fclose($fp);
746  if (!empty($conf->global->MAIN_UMASK)) {
747  @chmod($outputfile, octdec($conf->global->MAIN_UMASK));
748  }
749  return 1;
750  } else {
751  return -1;
752  }
753  }
754 
763  public function serverPing($host, $port = 389, $timeout = 1)
764  {
765  $regs = array();
766  if (preg_match('/^ldaps:\/\/([^\/]+)\/?$/', $host, $regs)) {
767  // Replace ldaps:// by ssl://
768  $host = 'ssl://'.$regs[1];
769  } elseif (preg_match('/^ldap:\/\/([^\/]+)\/?$/', $host, $regs)) {
770  // Remove ldap://
771  $host = $regs[1];
772  }
773 
774  //var_dump($newhostforstream); var_dump($host); var_dump($port);
775  //$host = 'ssl://ldap.test.local:636';
776  //$port = 636;
777 
778  $errno = $errstr = 0;
779  /*
780  if ($methodtochecktcpconnect == 'socket') {
781  Try to use socket_create() method.
782  Method that use stream_context_create() works only on registered listed in stream stream_get_wrappers(): http, https, ftp, ...
783  }
784  */
785 
786  // Use the method fsockopen to test tcp connect. No way to ignore ssl certificate errors with this method !
787  $op = @fsockopen($host, $port, $errno, $errstr, $timeout);
788 
789  //var_dump($op);
790  if (!$op) {
791  return false; //DC is N/A
792  } else {
793  fclose($op); //explicitly close open socket connection
794  return true; //DC is up & running, we can safely connect with ldap_connect
795  }
796  }
797 
798 
799  // Attribute methods -----------------------------------------------------
800 
810  public function addAttribute($dn, $info, $user)
811  {
812  dol_syslog(get_class($this)."::addAttribute dn=".$dn." info=".join(',', $info));
813 
814  // Check parameters
815  if (!$this->connection) {
816  $this->error = "NotConnected";
817  return -2;
818  }
819  if (!$this->bind) {
820  $this->error = "NotConnected";
821  return -3;
822  }
823 
824  // Encode to LDAP page code
825  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
826  foreach ($info as $key => $val) {
827  if (!is_array($val)) {
828  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
829  }
830  }
831 
832  $this->dump($dn, $info);
833 
834  //print_r($info);
835  $result = @ldap_mod_add($this->connection, $dn, $info);
836 
837  if ($result) {
838  dol_syslog(get_class($this)."::add_attribute successfull", LOG_DEBUG);
839  return 1;
840  } else {
841  $this->error = @ldap_error($this->connection);
842  dol_syslog(get_class($this)."::add_attribute failed: ".$this->error, LOG_ERR);
843  return -1;
844  }
845  }
846 
856  public function updateAttribute($dn, $info, $user)
857  {
858  dol_syslog(get_class($this)."::updateAttribute dn=".$dn." info=".join(',', $info));
859 
860  // Check parameters
861  if (!$this->connection) {
862  $this->error = "NotConnected";
863  return -2;
864  }
865  if (!$this->bind) {
866  $this->error = "NotConnected";
867  return -3;
868  }
869 
870  // Encode to LDAP page code
871  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
872  foreach ($info as $key => $val) {
873  if (!is_array($val)) {
874  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
875  }
876  }
877 
878  $this->dump($dn, $info);
879 
880  //print_r($info);
881  $result = @ldap_mod_replace($this->connection, $dn, $info);
882 
883  if ($result) {
884  dol_syslog(get_class($this)."::updateAttribute successfull", LOG_DEBUG);
885  return 1;
886  } else {
887  $this->error = @ldap_error($this->connection);
888  dol_syslog(get_class($this)."::updateAttribute failed: ".$this->error, LOG_ERR);
889  return -1;
890  }
891  }
892 
902  public function deleteAttribute($dn, $info, $user)
903  {
904  dol_syslog(get_class($this)."::deleteAttribute dn=".$dn." info=".join(',', $info));
905 
906  // Check parameters
907  if (!$this->connection) {
908  $this->error = "NotConnected";
909  return -2;
910  }
911  if (!$this->bind) {
912  $this->error = "NotConnected";
913  return -3;
914  }
915 
916  // Encode to LDAP page code
917  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
918  foreach ($info as $key => $val) {
919  if (!is_array($val)) {
920  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
921  }
922  }
923 
924  $this->dump($dn, $info);
925 
926  //print_r($info);
927  $result = @ldap_mod_del($this->connection, $dn, $info);
928 
929  if ($result) {
930  dol_syslog(get_class($this)."::deleteAttribute successfull", LOG_DEBUG);
931  return 1;
932  } else {
933  $this->error = @ldap_error($this->connection);
934  dol_syslog(get_class($this)."::deleteAttribute failed: ".$this->error, LOG_ERR);
935  return -1;
936  }
937  }
938 
946  public function getAttribute($dn, $filter)
947  {
948  // Check parameters
949  if (!$this->connection) {
950  $this->error = "NotConnected";
951  return -2;
952  }
953  if (!$this->bind) {
954  $this->error = "NotConnected";
955  return -3;
956  }
957 
958  $search = @ldap_search($this->connection, $dn, $filter);
959 
960  // Only one entry should ever be returned
961  $entry = @ldap_first_entry($this->connection, $search);
962 
963  if (!$entry) {
964  $this->ldapErrorCode = -1;
965  $this->ldapErrorText = "Couldn't find entry";
966  return 0; // Couldn't find entry...
967  }
968 
969  // Get values
970  if (!($values = ldap_get_attributes($this->connection, $entry))) {
971  $this->ldapErrorCode = ldap_errno($this->connection);
972  $this->ldapErrorText = ldap_error($this->connection);
973  return 0; // No matching attributes
974  }
975 
976  // Return an array containing the attributes.
977  return $values;
978  }
979 
987  public function getAttributeValues($filterrecord, $attribute)
988  {
989  $attributes = array();
990  $attributes[0] = $attribute;
991 
992  // We need to search for this user in order to get their entry.
993  $this->result = @ldap_search($this->connection, $this->people, $filterrecord, $attributes);
994 
995  // Pourquoi cette ligne ?
996  //$info = ldap_get_entries($this->connection, $this->result);
997 
998  // Only one entry should ever be returned (no user will have the same uid)
999  $entry = ldap_first_entry($this->connection, $this->result);
1000 
1001  if (!$entry) {
1002  $this->ldapErrorCode = -1;
1003  $this->ldapErrorText = "Couldn't find user";
1004  return false; // Couldn't find the user...
1005  }
1006 
1007  // Get values
1008  if (!$values = @ldap_get_values($this->connection, $entry, $attribute)) {
1009  $this->ldapErrorCode = ldap_errno($this->connection);
1010  $this->ldapErrorText = ldap_error($this->connection);
1011  return false; // No matching attributes
1012  }
1013 
1014  // Return an array containing the attributes.
1015  return $values;
1016  }
1017 
1030  public function getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter = 0, $attributeAsArray = array())
1031  {
1032  $fulllist = array();
1033 
1034  dol_syslog(get_class($this)."::getRecords search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=array(".join(',', $attributeArray).") activefilter=".$activefilter);
1035 
1036  // if the directory is AD, then bind first with the search user first
1037  if ($this->serverType == "activedirectory") {
1038  $this->bindauth($this->searchUser, $this->searchPassword);
1039  dol_syslog(get_class($this)."::bindauth serverType=activedirectory searchUser=".$this->searchUser);
1040  }
1041 
1042  // Define filter
1043  if (!empty($activefilter)) { // Use a predefined trusted filter (defined into setup by admin).
1044  if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
1045  $filter = '('.$this->filter.')';
1046  } elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
1047  $filter = '('.$this->filtergroup.')';
1048  } elseif (((string) $activefilter == 'member') && $this->filter) {
1049  $filter = '('.$this->filtermember.')';
1050  } else {
1051  // If this->filter/this->filtergroup is empty, make fiter on * (all)
1052  $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'=*)';
1053  }
1054  } else { // Use a filter forged using the $search value
1055  $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'='.ldap_escape($search, '', LDAP_ESCAPE_FILTER).')';
1056  }
1057 
1058  if (is_array($attributeArray)) {
1059  // Return list with required fields
1060  $attributeArray = array_values($attributeArray); // This is to force to have index reordered from 0 (not make ldap_search fails)
1061  dol_syslog(get_class($this)."::getRecords connection=".$this->connectedServer.":".$this->serverPort." userDn=".$userDn." filter=".$filter." attributeArray=(".join(',', $attributeArray).")");
1062  //var_dump($attributeArray);
1063  $this->result = @ldap_search($this->connection, $userDn, $filter, $attributeArray);
1064  } else {
1065  // Return list with fields selected by default
1066  dol_syslog(get_class($this)."::getRecords connection=".$this->connection." userDn=".$userDn." filter=".$filter);
1067  $this->result = @ldap_search($this->connection, $userDn, $filter);
1068  }
1069  if (!$this->result) {
1070  $this->error = 'LDAP search failed: '.ldap_errno($this->connection)." ".ldap_error($this->connection);
1071  return -1;
1072  }
1073 
1074  $info = @ldap_get_entries($this->connection, $this->result);
1075 
1076  // Warning: Dans info, les noms d'attributs sont en minuscule meme si passe
1077  // a ldap_search en majuscule !!!
1078  //print_r($info);
1079 
1080  for ($i = 0; $i < $info["count"]; $i++) {
1081  $recordid = $this->convToOutputCharset($info[$i][strtolower($useridentifier)][0], $this->ldapcharset);
1082  if ($recordid) {
1083  //print "Found record with key $useridentifier=".$recordid."<br>\n";
1084  $fulllist[$recordid][$useridentifier] = $recordid;
1085 
1086  // Add to the array for each attribute in my list
1087  $num = count($attributeArray);
1088  for ($j = 0; $j < $num; $j++) {
1089  $keyattributelower = strtolower($attributeArray[$j]);
1090  //print " Param ".$attributeArray[$j]."=".$info[$i][$keyattributelower][0]."<br>\n";
1091 
1092  //permet de recuperer le SID avec Active Directory
1093  if ($this->serverType == "activedirectory" && $keyattributelower == "objectsid") {
1094  $objectsid = $this->getObjectSid($recordid);
1095  $fulllist[$recordid][$attributeArray[$j]] = $objectsid;
1096  } else {
1097  if (in_array($attributeArray[$j], $attributeAsArray) && is_array($info[$i][$keyattributelower])) {
1098  $valueTab = array();
1099  foreach ($info[$i][$keyattributelower] as $key => $value) {
1100  $valueTab[$key] = $this->convToOutputCharset($value, $this->ldapcharset);
1101  }
1102  $fulllist[$recordid][$attributeArray[$j]] = $valueTab;
1103  } else {
1104  $fulllist[$recordid][$attributeArray[$j]] = $this->convToOutputCharset($info[$i][$keyattributelower][0], $this->ldapcharset);
1105  }
1106  }
1107  }
1108  }
1109  }
1110 
1111  asort($fulllist);
1112  return $fulllist;
1113  }
1114 
1122  public function littleEndian($hex)
1123  {
1124  $result = '';
1125  for ($x = dol_strlen($hex) - 2; $x >= 0; $x = $x - 2) {
1126  $result .= substr($hex, $x, 2);
1127  }
1128  return $result;
1129  }
1130 
1131 
1139  public function getObjectSid($ldapUser)
1140  {
1141  $criteria = '('.$this->getUserIdentifier().'='.$ldapUser.')';
1142  $justthese = array("objectsid");
1143 
1144  // if the directory is AD, then bind first with the search user first
1145  if ($this->serverType == "activedirectory") {
1146  $this->bindauth($this->searchUser, $this->searchPassword);
1147  }
1148 
1149  $i = 0;
1150  $searchDN = $this->people;
1151 
1152  while ($i <= 2) {
1153  $ldapSearchResult = @ldap_search($this->connection, $searchDN, $criteria, $justthese);
1154 
1155  if (!$ldapSearchResult) {
1156  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1157  return -1;
1158  }
1159 
1160  $entry = ldap_first_entry($this->connection, $ldapSearchResult);
1161 
1162  if (!$entry) {
1163  // Si pas de resultat on cherche dans le domaine
1164  $searchDN = $this->domain;
1165  $i++;
1166  } else {
1167  $i++;
1168  $i++;
1169  }
1170  }
1171 
1172  if ($entry) {
1173  $ldapBinary = ldap_get_values_len($this->connection, $entry, "objectsid");
1174  $SIDText = $this->binSIDtoText($ldapBinary[0]);
1175  return $SIDText;
1176  } else {
1177  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1178  return '?';
1179  }
1180  }
1181 
1189  public function binSIDtoText($binsid)
1190  {
1191  $hex_sid = bin2hex($binsid);
1192  $rev = hexdec(substr($hex_sid, 0, 2)); // Get revision-part of SID
1193  $subcount = hexdec(substr($hex_sid, 2, 2)); // Get count of sub-auth entries
1194  $auth = hexdec(substr($hex_sid, 4, 12)); // SECURITY_NT_AUTHORITY
1195  $result = "$rev-$auth";
1196  for ($x = 0; $x < $subcount; $x++) {
1197  $result .= "-".hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8))); // get all SECURITY_NT_AUTHORITY
1198  }
1199  return $result;
1200  }
1201 
1202 
1214  public function search($checkDn, $filter)
1215  {
1216  dol_syslog(get_class($this)."::search checkDn=".$checkDn." filter=".$filter);
1217 
1218  $checkDn = $this->convFromOutputCharset($checkDn, $this->ldapcharset);
1219  $filter = $this->convFromOutputCharset($filter, $this->ldapcharset);
1220 
1221  // if the directory is AD, then bind first with the search user first
1222  if ($this->serverType == "activedirectory") {
1223  $this->bindauth($this->searchUser, $this->searchPassword);
1224  }
1225 
1226  $this->result = @ldap_search($this->connection, $checkDn, $filter);
1227 
1228  $result = @ldap_get_entries($this->connection, $this->result);
1229  if (!$result) {
1230  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1231  return -1;
1232  } else {
1233  ldap_free_result($this->result);
1234  return $result;
1235  }
1236  }
1237 
1238 
1247  public function fetch($user, $filter)
1248  {
1249  // Perform the search and get the entry handles
1250 
1251  // if the directory is AD, then bind first with the search user first
1252  if ($this->serverType == "activedirectory") {
1253  $this->bindauth($this->searchUser, $this->searchPassword);
1254  }
1255 
1256  $searchDN = $this->people; // TODO Why searching in people then domain ?
1257 
1258  $result = '';
1259  $i = 0;
1260  while ($i <= 2) {
1261  dol_syslog(get_class($this)."::fetch search with searchDN=".$searchDN." filter=".$filter);
1262  $this->result = @ldap_search($this->connection, $searchDN, $filter);
1263  if ($this->result) {
1264  $result = @ldap_get_entries($this->connection, $this->result);
1265  if ($result['count'] > 0) {
1266  dol_syslog('Ldap::fetch search found '.$result['count'].' records');
1267  } else {
1268  dol_syslog('Ldap::fetch search returns but found no records');
1269  }
1270  //var_dump($result);exit;
1271  } else {
1272  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1273  dol_syslog(get_class($this)."::fetch search fails");
1274  return -1;
1275  }
1276 
1277  if (!$result) {
1278  // Si pas de resultat on cherche dans le domaine
1279  $searchDN = $this->domain;
1280  $i++;
1281  } else {
1282  break;
1283  }
1284  }
1285 
1286  if (!$result) {
1287  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1288  return -1;
1289  } else {
1290  $this->name = $this->convToOutputCharset($result[0][$this->attr_name][0], $this->ldapcharset);
1291  $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0], $this->ldapcharset);
1292  $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0], $this->ldapcharset);
1293  $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0], $this->ldapcharset);
1294  $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0], $this->ldapcharset);
1295  $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0], $this->ldapcharset);
1296  $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0], $this->ldapcharset);
1297  $this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0], $this->ldapcharset);
1298 
1299  $this->uacf = $this->parseUACF($this->convToOutputCharset($result[0]["useraccountcontrol"][0], $this->ldapcharset));
1300  if (isset($result[0]["pwdlastset"][0])) { // If expiration on password exists
1301  $this->pwdlastset = ($result[0]["pwdlastset"][0] != 0) ? $this->convert_time($this->convToOutputCharset($result[0]["pwdlastset"][0], $this->ldapcharset)) : 0;
1302  } else {
1303  $this->pwdlastset = -1;
1304  }
1305  if (!$this->name && !$this->login) {
1306  $this->pwdlastset = -1;
1307  }
1308  $this->badpwdtime = $this->convert_time($this->convToOutputCharset($result[0]["badpasswordtime"][0], $this->ldapcharset));
1309 
1310  // FQDN domain
1311  $domain = str_replace('dc=', '', $this->domain);
1312  $domain = str_replace(',', '.', $domain);
1313  $this->domainFQDN = $domain;
1314 
1315  // Set ldapUserDn (each user can have a different dn)
1316  //var_dump($result[0]);exit;
1317  $this->ldapUserDN = $result[0]['dn'];
1318 
1319  ldap_free_result($this->result);
1320  return 1;
1321  }
1322  }
1323 
1324 
1325  // helper methods
1326 
1332  public function getUserIdentifier()
1333  {
1334  if ($this->serverType == "activedirectory") {
1335  return $this->attr_sambalogin;
1336  } else {
1337  return $this->attr_login;
1338  }
1339  }
1340 
1347  public function parseUACF($uacf)
1348  {
1349  //All flags array
1350  $flags = array(
1351  "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216,
1352  "PASSWORD_EXPIRED" => 8388608,
1353  "DONT_REQ_PREAUTH" => 4194304,
1354  "USE_DES_KEY_ONLY" => 2097152,
1355  "NOT_DELEGATED" => 1048576,
1356  "TRUSTED_FOR_DELEGATION" => 524288,
1357  "SMARTCARD_REQUIRED" => 262144,
1358  "MNS_LOGON_ACCOUNT" => 131072,
1359  "DONT_EXPIRE_PASSWORD" => 65536,
1360  "SERVER_TRUST_ACCOUNT" => 8192,
1361  "WORKSTATION_TRUST_ACCOUNT" => 4096,
1362  "INTERDOMAIN_TRUST_ACCOUNT" => 2048,
1363  "NORMAL_ACCOUNT" => 512,
1364  "TEMP_DUPLICATE_ACCOUNT" => 256,
1365  "ENCRYPTED_TEXT_PWD_ALLOWED" => 128,
1366  "PASSWD_CANT_CHANGE" => 64,
1367  "PASSWD_NOTREQD" => 32,
1368  "LOCKOUT" => 16,
1369  "HOMEDIR_REQUIRED" => 8,
1370  "ACCOUNTDISABLE" => 2,
1371  "SCRIPT" => 1
1372  );
1373 
1374  //Parse flags to text
1375  $retval = array();
1376  //while (list($flag, $val) = each($flags)) {
1377  foreach ($flags as $flag => $val) {
1378  if ($uacf >= $val) {
1379  $uacf -= $val;
1380  $retval[$val] = $flag;
1381  }
1382  }
1383 
1384  //Return human friendly flags
1385  return($retval);
1386  }
1387 
1394  public function parseSAT($samtype)
1395  {
1396  $stypes = array(
1397  805306368 => "NORMAL_ACCOUNT",
1398  805306369 => "WORKSTATION_TRUST",
1399  805306370 => "INTERDOMAIN_TRUST",
1400  268435456 => "SECURITY_GLOBAL_GROUP",
1401  268435457 => "DISTRIBUTION_GROUP",
1402  536870912 => "SECURITY_LOCAL_GROUP",
1403  536870913 => "DISTRIBUTION_LOCAL_GROUP"
1404  );
1405 
1406  $retval = "";
1407  while (list($sat, $val) = each($stypes)) {
1408  if ($samtype == $sat) {
1409  $retval = $val;
1410  break;
1411  }
1412  }
1413  if (empty($retval)) {
1414  $retval = "UNKNOWN_TYPE_".$samtype;
1415  }
1416 
1417  return($retval);
1418  }
1419 
1420  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
1427  public function convert_time($value)
1428  {
1429  // phpcs:enable
1430  $dateLargeInt = $value; // nano secondes depuis 1601 !!!!
1431  $secsAfterADEpoch = $dateLargeInt / (10000000); // secondes depuis le 1 jan 1601
1432  $ADToUnixConvertor = ((1970 - 1601) * 365.242190) * 86400; // UNIX start date - AD start date * jours * secondes
1433  $unixTimeStamp = intval($secsAfterADEpoch - $ADToUnixConvertor); // Unix time stamp
1434  return $unixTimeStamp;
1435  }
1436 
1437 
1445  private function convToOutputCharset($str, $pagecodefrom = 'UTF-8')
1446  {
1447  global $conf;
1448  if ($pagecodefrom == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1449  $str = utf8_encode($str);
1450  }
1451  if ($pagecodefrom == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1452  $str = utf8_decode($str);
1453  }
1454  return $str;
1455  }
1456 
1464  public function convFromOutputCharset($str, $pagecodeto = 'UTF-8')
1465  {
1466  global $conf;
1467  if ($pagecodeto == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1468  $str = utf8_decode($str);
1469  }
1470  if ($pagecodeto == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1471  $str = utf8_encode($str);
1472  }
1473  return $str;
1474  }
1475 
1476 
1483  public function getNextGroupGid($keygroup = 'LDAP_KEY_GROUPS')
1484  {
1485  global $conf;
1486 
1487  if (empty($keygroup)) {
1488  $keygroup = 'LDAP_KEY_GROUPS';
1489  }
1490 
1491  $search = '('.$conf->global->$keygroup.'=*)';
1492  $result = $this->search($this->groups, $search);
1493  if ($result) {
1494  $c = $result['count'];
1495  $gids = array();
1496  for ($i = 0; $i < $c; $i++) {
1497  $gids[] = $result[$i]['gidnumber'][0];
1498  }
1499  rsort($gids);
1500 
1501  return $gids[0] + 1;
1502  }
1503 
1504  return 0;
1505  }
1506 }
Ldap\$serverType
$serverType
type de serveur, actuellement OpenLdap et Active Directory
Definition: ldap.class.php:63
Ldap
Class to manage LDAP features.
Definition: ldap.class.php:34
Ldap\getObjectSid
getObjectSid($ldapUser)
Recupere le SID de l'utilisateur Required by Active Directory.
Definition: ldap.class.php:1139
Ldap\$server
$server
Tableau des serveurs (IP addresses ou nom d'hotes)
Definition: ldap.class.php:49
Ldap\$connection
$connection
The internal LDAP connection handle.
Definition: ldap.class.php:119
Ldap\deleteAttribute
deleteAttribute($dn, $info, $user)
Delete a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:902
Ldap\addAttribute
addAttribute($dn, $info, $user)
Add a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:810
Ldap\getVersion
getVersion()
Verification de la version du serveur ldap.
Definition: ldap.class.php:420
Ldap\connect_bind
connect_bind()
Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType,...
Definition: ldap.class.php:192
Ldap\SYNCHRO_NONE
const SYNCHRO_NONE
No Ldap synchronization.
Definition: ldap.class.php:128
Ldap\$domain
$domain
Server DN.
Definition: ldap.class.php:71
Ldap\setReferrals
setReferrals()
changement du referrals.
Definition: ldap.class.php:444
Ldap\getAttributeValues
getAttributeValues($filterrecord, $attribute)
Returns an array containing values for an attribute and for first record matching filterrecord.
Definition: ldap.class.php:987
Ldap\update
update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false)
Modify a LDAP entry (to use if dn != olddn) Ldap object connect and bind must have been done.
Definition: ldap.class.php:611
Ldap\unbind
unbind()
Unbind of LDAP server (close connection).
Definition: ldap.class.php:401
Ldap\getAttribute
getAttribute($dn, $filter)
Returns an array containing attributes and values for first record.
Definition: ldap.class.php:946
Ldap\parseUACF
parseUACF($uacf)
UserAccountControl Flgs to more human understandable form...
Definition: ldap.class.php:1347
Ldap\$ldapErrorCode
$ldapErrorCode
Code erreur retourne par le serveur Ldap.
Definition: ldap.class.php:93
Ldap\add
add($dn, $info, $user)
Add a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:461
Ldap\$connectedServer
$connectedServer
Current connected server.
Definition: ldap.class.php:54
Ldap\binSIDtoText
binSIDtoText($binsid)
Returns the textual SID Indispensable pour Active Directory.
Definition: ldap.class.php:1189
Ldap\modify
modify($dn, $info, $user)
Modify a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:509
Ldap\$searchUser
$searchUser
User administrateur Ldap Active Directory ne supporte pas les connexions anonymes.
Definition: ldap.class.php:76
name
$conf db name
Definition: repair.php:122
Ldap\$people
$people
DN des utilisateurs.
Definition: ldap.class.php:85
Ldap\bind
bind()
Anonymously binds to the connection.
Definition: ldap.class.php:361
Ldap\$searchPassword
$searchPassword
Mot de passe de l'administrateur Active Directory ne supporte pas les connexions anonymes.
Definition: ldap.class.php:81
Ldap\convert_time
convert_time($value)
Convertit le temps ActiveDirectory en Unix timestamp.
Definition: ldap.class.php:1427
Ldap\dump
dump($dn, $info)
Dump a LDAP message to ldapinput.in file.
Definition: ldap.class.php:731
Ldap\updateAttribute
updateAttribute($dn, $info, $user)
Update a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:856
Ldap\$result
$result
Result of any connections etc.
Definition: ldap.class.php:123
Ldap\SYNCHRO_DOLIBARR_TO_LDAP
const SYNCHRO_DOLIBARR_TO_LDAP
Dolibarr to Ldap synchronization.
Definition: ldap.class.php:133
Ldap\convToOutputCharset
convToOutputCharset($str, $pagecodefrom='UTF-8')
Convert a string into output/memory charset.
Definition: ldap.class.php:1445
Ldap\convFromOutputCharset
convFromOutputCharset($str, $pagecodeto='UTF-8')
Convert a string from output/memory charset.
Definition: ldap.class.php:1464
Ldap\$ldapErrorText
$ldapErrorText
Message texte de l'erreur.
Definition: ldap.class.php:97
Ldap\$dn
$dn
Base DN (e.g.
Definition: ldap.class.php:59
Ldap\bindauth
bindauth($bindDn, $pass)
Binds as an authenticated user, which usually allows for write access.
Definition: ldap.class.php:383
Ldap\$ldapProtocolVersion
$ldapProtocolVersion
Version du protocole ldap.
Definition: ldap.class.php:67
Ldap\search
search($checkDn, $filter)
Fonction de recherche avec filtre this->connection doit etre defini donc la methode bind ou bindauth ...
Definition: ldap.class.php:1214
Ldap\serverPing
serverPing($host, $port=389, $timeout=1)
Ping a server before ldap_connect for avoid waiting.
Definition: ldap.class.php:763
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1603
Ldap\getRecords
getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
Returns an array containing a details or list of LDAP record(s) ldapsearch -LLLx -hlocalhost -Dcn=adm...
Definition: ldap.class.php:1030
Ldap\getNextGroupGid
getNextGroupGid($keygroup='LDAP_KEY_GROUPS')
Return available value of group GID.
Definition: ldap.class.php:1483
Ldap\close
close()
Simply closes the connection set up earlier.
Definition: ldap.class.php:345
getDolGlobalString
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
Definition: functions.lib.php:80
dol_strlen
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
Definition: functions.lib.php:3747
Ldap\fetch
fetch($user, $filter)
Load all attribute of a LDAP user.
Definition: ldap.class.php:1247
Ldap\setVersion
setVersion()
Change ldap protocol version to use.
Definition: ldap.class.php:432
Ldap\__construct
__construct()
Constructor.
Definition: ldap.class.php:144
Ldap\dump_content
dump_content($dn, $info)
Build a LDAP message.
Definition: ldap.class.php:694
Ldap\$groups
$groups
DN des groupes.
Definition: ldap.class.php:89
Ldap\parseSAT
parseSAT($samtype)
SamAccountType value to text.
Definition: ldap.class.php:1394
Ldap\rename
rename($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
Rename a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:567
Ldap\SYNCHRO_LDAP_TO_DOLIBARR
const SYNCHRO_LDAP_TO_DOLIBARR
Ldap to Dolibarr synchronization.
Definition: ldap.class.php:138
Ldap\littleEndian
littleEndian($hex)
Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.
Definition: ldap.class.php:1122
dol_mkdir
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
Definition: functions.lib.php:6603
getDolGlobalInt
getDolGlobalInt($key, $default=0)
Return dolibarr global constant int value.
Definition: functions.lib.php:93
Ldap\getUserIdentifier
getUserIdentifier()
Returns the correct user identifier to use, based on the ldap server type.
Definition: ldap.class.php:1332