dolibarr 21.0.0-beta
ldap.class.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3 * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
4 * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
5 * Copyright (C) 2006-2021 Laurent Destailleur <eldy@users.sourceforge.net>
6 * Copyright (C) 2024 William Mead <william.mead@manchenumerique.fr>
7 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
8 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 * or see https://www.gnu.org/
23 */
24
38class Ldap
39{
43 public $error = '';
44
48 public $errors = array();
49
53 public $server = array();
54
58 public $connectedServer;
59
63 public $serverPort;
64
69 public $dn;
74 public $serverType;
79 public $ldapProtocolVersion;
84 public $domain;
85
89 public $domainFQDN;
90
94 public $bind;
95
100 public $searchUser;
105 public $searchPassword;
106
110 public $people;
111
115 public $groups;
116
120 public $ldapErrorCode;
121
125 public $ldapErrorText;
126
130 public $filter;
131
135 public $filtergroup;
136
140 public $filtermember;
141
145 public $attr_login;
146
150 public $attr_sambalogin;
151
155 public $attr_name;
156
160 public $attr_firstname;
161
165 public $attr_mail;
166
170 public $attr_phone;
171
175 public $attr_fax;
176
180 public $attr_mobile;
181
185 public $badpwdtime;
186
190 public $ldapUserDN;
191
195 public $name;
196
200 public $firstname;
201
205 public $login;
206
210 public $phone;
211
215 public $fax;
216
220 public $mail;
221
225 public $mobile;
226
230 public $uacf;
231
235 public $pwdlastset;
236
241 public $ldapcharset = 'UTF-8';
242
246 public $connection;
247
251 public $result;
252
256 const SYNCHRO_NONE = 0;
257
261 const SYNCHRO_DOLIBARR_TO_LDAP = 1;
262
266 const SYNCHRO_LDAP_TO_DOLIBARR = 2;
267
271 public function __construct()
272 {
273
274 // Server
275 if (getDolGlobalString('LDAP_SERVER_HOST')) {
276 $this->server[] = getDolGlobalString('LDAP_SERVER_HOST');
277 }
278 if (getDolGlobalString('LDAP_SERVER_HOST_SLAVE')) {
279 $this->server[] = getDolGlobalString('LDAP_SERVER_HOST_SLAVE');
280 }
281 $this->serverPort = getDolGlobalInt('LDAP_SERVER_PORT', 389);
282 $this->ldapProtocolVersion = getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION');
283 $this->dn = getDolGlobalString('LDAP_SERVER_DN');
284 $this->serverType = getDolGlobalString('LDAP_SERVER_TYPE');
285
286 $this->domain = getDolGlobalString('LDAP_SERVER_DN');
287 $this->searchUser = getDolGlobalString('LDAP_ADMIN_DN');
288 $this->searchPassword = getDolGlobalString('LDAP_ADMIN_PASS');
289 $this->people = getDolGlobalString('LDAP_USER_DN');
290 $this->groups = getDolGlobalString('LDAP_GROUP_DN');
291
292 $this->filter = getDolGlobalString('LDAP_FILTER_CONNECTION'); // Filter on user
293 $this->filtergroup = getDolGlobalString('LDAP_GROUP_FILTER'); // Filter on groups
294 $this->filtermember = getDolGlobalString('LDAP_MEMBER_FILTER'); // Filter on member
295
296 // Users
297 $this->attr_login = getDolGlobalString('LDAP_FIELD_LOGIN'); //unix
298 $this->attr_sambalogin = getDolGlobalString('LDAP_FIELD_LOGIN_SAMBA'); //samba, activedirectory
299 $this->attr_name = getDolGlobalString('LDAP_FIELD_NAME');
300 $this->attr_firstname = getDolGlobalString('LDAP_FIELD_FIRSTNAME');
301 $this->attr_mail = getDolGlobalString('LDAP_FIELD_MAIL');
302 $this->attr_phone = getDolGlobalString('LDAP_FIELD_PHONE');
303 $this->attr_fax = getDolGlobalString('LDAP_FIELD_FAX');
304 $this->attr_mobile = getDolGlobalString('LDAP_FIELD_MOBILE');
305 }
306
307 // Connection handling methods -------------------------------------------
308
317 public function connectBind()
318 {
319 global $dolibarr_main_auth_ldap_debug;
320
321 $connected = 0;
322 $this->bind = false;
323 $this->error = '';
324 $this->connectedServer = '';
325
326 $ldapdebug = !((empty($dolibarr_main_auth_ldap_debug) || $dolibarr_main_auth_ldap_debug == "false"));
327
328 if ($ldapdebug) {
329 dol_syslog(get_class($this)."::connectBind");
330 print "DEBUG: connectBind<br>\n";
331 }
332
333 // Check parameters
334 if (count($this->server) == 0 || empty($this->server[0])) {
335 $this->error = 'LDAP setup (file conf.php) is not complete';
336 dol_syslog(get_class($this)."::connectBind ".$this->error, LOG_WARNING);
337 return -1;
338 }
339
340 if (!function_exists("ldap_connect")) {
341 $this->error = 'LDAPFunctionsNotAvailableOnPHP';
342 dol_syslog(get_class($this)."::connectBind ".$this->error, LOG_WARNING);
343 return -1;
344 }
345
346 if (empty($this->error)) {
347 // Loop on each ldap server
348 foreach ($this->server as $host) {
349 if ($connected) {
350 break;
351 }
352 if (empty($host)) {
353 continue;
354 }
355
356 if ($this->serverPing($host, $this->serverPort)) {
357 if ($ldapdebug) {
358 dol_syslog(get_class($this)."::connectBind serverPing true, we try ldap_connect to ".$host, LOG_DEBUG);
359 }
360 if (version_compare(PHP_VERSION, '8.3.0', '>=')) {
361 $uri = $host.':'.$this->serverPort;
362 $this->connection = ldap_connect($uri);
363 } else {
364 $this->connection = ldap_connect($host, $this->serverPort);
365 }
366 } else {
367 if (preg_match('/^ldaps/i', $host)) {
368 // With host = ldaps://server, the serverPing to ssl://server sometimes fails, even if the ldap_connect succeed, so
369 // we test this case and continue in such a case even if serverPing fails.
370 if ($ldapdebug) {
371 dol_syslog(get_class($this)."::connectBind serverPing false, we try ldap_connect to ".$host, LOG_DEBUG);
372 }
373 if (version_compare(PHP_VERSION, '8.3.0', '>=')) {
374 $uri = $host.':'.$this->serverPort;
375 $this->connection = ldap_connect($uri);
376 } else {
377 $this->connection = ldap_connect($host, $this->serverPort);
378 }
379 } else {
380 if ($ldapdebug) {
381 dol_syslog(get_class($this)."::connectBind serverPing false, no ldap_connect ".$host, LOG_DEBUG);
382 }
383 continue;
384 }
385 }
386
387 if (is_resource($this->connection) || is_object($this->connection)) {
388 if ($ldapdebug) {
389 dol_syslog(get_class($this)."::connectBind this->connection is ok", LOG_DEBUG);
390 }
391
392 // Upgrade connection to TLS, if requested by the configuration
393 if (getDolGlobalString('LDAP_SERVER_USE_TLS')) {
394 // For test/debug
395 //ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
396 //ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
397 //ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
398
399 $resulttls = ldap_start_tls($this->connection);
400 if (!$resulttls) {
401 dol_syslog(get_class($this)."::connectBind failed to start tls", LOG_WARNING);
402 $this->error = 'ldap_start_tls Failed to start TLS '.ldap_errno($this->connection).' '.ldap_error($this->connection);
403 $connected = 0;
404 $this->unbind();
405 }
406 }
407
408 // Execute the ldap_set_option here (after connect and before bind)
409 $this->setVersion();
410 $this->setSizeLimit();
411
412 if ($this->serverType == "activedirectory") {
413 $result = $this->setReferrals();
414 dol_syslog(get_class($this)."::connectBind try bindauth for activedirectory on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
415 $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
416 if ($this->result) {
417 $this->bind = $this->result;
418 $connected = 2;
419 $this->connectedServer = $host;
420 break;
421 } else {
422 $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
423 }
424 } else {
425 // Try in auth mode
426 if ($this->searchUser && $this->searchPassword) {
427 dol_syslog(get_class($this)."::connectBind try bindauth on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
428 $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
429 if ($this->result) {
430 $this->bind = $this->result;
431 $connected = 2;
432 $this->connectedServer = $host;
433 break;
434 } else {
435 $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
436 }
437 }
438 // Try in anonymous
439 if (!$this->bind) {
440 dol_syslog(get_class($this)."::connectBind try bind anonymously on ".$host, LOG_DEBUG);
441 $result = $this->bind();
442 if ($result) {
443 $this->bind = $this->result;
444 $connected = 1;
445 $this->connectedServer = $host;
446 break;
447 } else {
448 $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
449 }
450 }
451 }
452 }
453
454 if (!$connected) {
455 $this->unbind();
456 }
457 } // End loop on each server
458 }
459
460 if ($connected) {
461 dol_syslog(get_class($this)."::connectBind ".$connected, LOG_DEBUG);
462 return $connected;
463 } else {
464 $this->error = 'Failed to connect to LDAP'.($this->error ? ': '.$this->error : '');
465 dol_syslog(get_class($this)."::connectBind ".$this->error, LOG_WARNING);
466 return -1;
467 }
468 }
469
478 public function close()
479 {
480 return $this->unbind();
481 }
482
489 public function bind()
490 {
491 if (!$this->result = @ldap_bind($this->connection)) {
492 $this->ldapErrorCode = ldap_errno($this->connection);
493 $this->ldapErrorText = ldap_error($this->connection);
494 $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
495 return false;
496 } else {
497 return true;
498 }
499 }
500
511 public function bindauth($bindDn, $pass)
512 {
513 if (!$this->result = @ldap_bind($this->connection, $bindDn, $pass)) {
514 $this->ldapErrorCode = ldap_errno($this->connection);
515 $this->ldapErrorText = ldap_error($this->connection);
516 $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
517 return false;
518 } else {
519 return true;
520 }
521 }
522
529 public function unbind()
530 {
531 $this->result = true;
532 if (version_compare(PHP_VERSION, '8.1.0', '>=')) {
533 if (is_object($this->connection)) {
534 try {
535 $this->result = ldap_unbind($this->connection);
536 } catch (Throwable $exception) {
537 $this->error = 'Failed to unbind LDAP connection: '.$exception;
538 $this->result = false;
539 dol_syslog(get_class($this).'::unbind - '.$this->error, LOG_WARNING);
540 }
541 }
542 } else {
543 if (is_resource($this->connection)) {
544 // @phan-suppress-next-line PhanTypeMismatchArgumentInternalReal
545 $this->result = @ldap_unbind($this->connection);
546 }
547 }
548 if ($this->result) {
549 return true;
550 } else {
551 return false;
552 }
553 }
554
555
561 public function getVersion()
562 {
563 @ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $version);
564 return $version;
565 }
566
573 public function setVersion()
574 {
575 return ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->ldapProtocolVersion);
576 }
577
583 public function setSizeLimit()
584 {
585 return ldap_set_option($this->connection, LDAP_OPT_SIZELIMIT, 0);
586 }
587
594 public function setReferrals()
595 {
596 return ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
597 }
598
599
609 public function add($dn, $info, $user)
610 {
611 dol_syslog(get_class($this)."::add dn=".$dn." info=".print_r($info, true));
612
613 // Check parameters
614 if (!$this->connection) {
615 $this->error = "NotConnected";
616 return -2;
617 }
618 if (!$this->bind) {
619 $this->error = "NotConnected";
620 return -3;
621 }
622
623 // Encode to LDAP page code
624 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
625 foreach ($info as $key => $val) {
626 if (!is_array($val)) {
627 $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
628 }
629 }
630
631 $this->dump($dn, $info);
632
633 //print_r($info);
634 $result = @ldap_add($this->connection, $dn, $info);
635
636 if ($result) {
637 dol_syslog(get_class($this)."::add successful", LOG_DEBUG);
638 return 1;
639 } else {
640 $this->ldapErrorCode = @ldap_errno($this->connection);
641 $this->ldapErrorText = @ldap_error($this->connection);
642 $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
643 dol_syslog(get_class($this)."::add failed: ".$this->error, LOG_ERR);
644 return -1;
645 }
646 }
647
657 public function modify($dn, $info, $user)
658 {
659 dol_syslog(get_class($this)."::modify dn=".$dn." info=".print_r($info, true));
660
661 // Check parameters
662 if (!$this->connection) {
663 $this->error = "NotConnected";
664 return -2;
665 }
666 if (!$this->bind) {
667 $this->error = "NotConnected";
668 return -3;
669 }
670
671 // Encode to LDAP page code
672 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
673 foreach ($info as $key => $val) {
674 if (!is_array($val)) {
675 $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
676 }
677 }
678
679 $this->dump($dn, $info);
680
681 //print_r($info);
682
683 // For better compatibility with Samba4 AD
684 if ($this->serverType == "activedirectory") {
685 unset($info['cn']); // To avoid error : Operation not allowed on RDN (Code 67)
686
687 // To avoid error : LDAP Error: 53 (Unwilling to perform)
688 if (isset($info['unicodePwd'])) {
689 $info['unicodePwd'] = mb_convert_encoding("\"".$info['unicodePwd']."\"", "UTF-16LE", "UTF-8");
690 }
691 }
692 $result = @ldap_mod_replace($this->connection, $dn, $info);
693
694 if ($result) {
695 dol_syslog(get_class($this)."::modify successful", LOG_DEBUG);
696 return 1;
697 } else {
698 $this->error = @ldap_error($this->connection);
699 dol_syslog(get_class($this)."::modify failed: ".$this->error, LOG_ERR);
700 return -1;
701 }
702 }
703
715 public function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true)
716 {
717 dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn ? 1 : 0));
718
719 // Check parameters
720 if (!$this->connection) {
721 $this->error = "NotConnected";
722 return -2;
723 }
724 if (!$this->bind) {
725 $this->error = "NotConnected";
726 return -3;
727 }
728
729 // Encode to LDAP page code
730 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
731 $newrdn = $this->convFromOutputCharset($newrdn, $this->ldapcharset);
732 $newparent = $this->convFromOutputCharset($newparent, $this->ldapcharset);
733
734 //print_r($info);
735 $result = @ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
736
737 if ($result) {
738 dol_syslog(get_class($this)."::rename successful", LOG_DEBUG);
739 return 1;
740 } else {
741 $this->error = @ldap_error($this->connection);
742 dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR);
743 return -1;
744 }
745 }
746
759 public function update($dn, $info, $user, $olddn, $newrdn = '', $newparent = '')
760 {
761 dol_syslog(get_class($this)."::update dn=".$dn." olddn=".$olddn);
762
763 // Check parameters
764 if (!$this->connection) {
765 $this->error = "NotConnected";
766 return -2;
767 }
768 if (!$this->bind) {
769 $this->error = "NotConnected";
770 return -3;
771 }
772
773 if (!$olddn || $olddn != $dn) {
774 if (!empty($olddn) && !empty($newrdn) && !empty($newparent) && $this->ldapProtocolVersion === '3') {
775 // This function currently only works with LDAPv3
776 $result = $this->rename($olddn, $newrdn, $newparent, $user, true);
777 $result = $this->modify($dn, $info, $user); // We force "modify" for avoid some fields not modify
778 } else {
779 // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
780 $result = $this->add($dn, $info, $user);
781 if ($result > 0 && $olddn && $olddn != $dn) {
782 $result = $this->delete($olddn); // If add fails, we do not try to delete old one
783 }
784 }
785 } else {
786 //$result = $this->delete($olddn);
787 $result = $this->add($dn, $info, $user); // If record has been deleted from LDAP, we recreate it. We ignore error if it already exists.
788 $result = $this->modify($dn, $info, $user); // We use add/modify instead of delete/add when olddn is received
789 }
790 if ($result <= 0) {
791 $this->error = ldap_error($this->connection).' (Code '.ldap_errno($this->connection).") ".$this->error;
792 dol_syslog(get_class($this)."::update ".$this->error, LOG_ERR);
793 //print_r($info);
794 return -1;
795 } else {
796 dol_syslog(get_class($this)."::update done successfully");
797 return 1;
798 }
799 }
800
801
809 public function delete($dn)
810 {
811 dol_syslog(get_class($this)."::delete Delete LDAP entry dn=".$dn);
812
813 // Check parameters
814 if (!$this->connection) {
815 $this->error = "NotConnected";
816 return -2;
817 }
818 if (!$this->bind) {
819 $this->error = "NotConnected";
820 return -3;
821 }
822
823 // Encode to LDAP page code
824 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
825
826 $result = @ldap_delete($this->connection, $dn);
827
828 if ($result) {
829 return 1;
830 }
831 return -1;
832 }
833
842 public function dumpContent($dn, $info)
843 {
844 $content = '';
845
846 // Create file content
847 if (preg_match('/^ldap/', $this->server[0])) {
848 $target = "-H ".implode(',', $this->server);
849 } else {
850 $target = "-h ".implode(',', $this->server)." -p ".$this->serverPort;
851 }
852 $content .= "# ldapadd $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
853 $content .= "# ldapmodify $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
854 $content .= "# ldapdelete $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
855 if (in_array('localhost', $this->server)) {
856 $content .= "# If commands fails to connect, try without -h and -p\n";
857 }
858 $content .= "dn: ".$dn."\n";
859 foreach ($info as $key => $value) {
860 if (!is_array($value)) {
861 $content .= "$key: $value\n";
862 } else {
863 foreach ($value as $valuevalue) {
864 $content .= "$key: $valuevalue\n";
865 }
866 }
867 }
868 return $content;
869 }
870
878 public function dump($dn, $info)
879 {
880 global $conf;
881 $ldapDirTemp = $conf->ldap->dir_temp;
882 // Create content
883 $content = $this->dumpContent($dn, $info);
884
885 //Create directory & file
886 $result = dol_mkdir($ldapDirTemp);
887 if ($result != 0) {
888 $outputfile = $ldapDirTemp.'/ldapinput.in';
889 $fp = fopen($outputfile, "w");
890 if ($fp) {
891 fwrite($fp, $content);
892 fclose($fp);
893 dolChmod($outputfile);
894 return 1;
895 } else {
896 return -1;
897 }
898 } else {
899 return -1;
900 }
901 }
902
911 public function serverPing($host, $port = 389, $timeout = 1)
912 {
913 $regs = array();
914 if (preg_match('/^ldaps:\/\/([^\/]+)\/?$/', $host, $regs)) {
915 // Replace ldaps:// by ssl://
916 $host = 'ssl://'.$regs[1];
917 } elseif (preg_match('/^ldap:\/\/([^\/]+)\/?$/', $host, $regs)) {
918 // Remove ldap://
919 $host = $regs[1];
920 }
921
922 //var_dump($newhostforstream); var_dump($host); var_dump($port);
923 //$host = 'ssl://ldap.test.local:636';
924 //$port = 636;
925
926 $errno = $errstr = 0;
927 /*
928 if ($methodtochecktcpconnect == 'socket') {
929 Try to use socket_create() method.
930 Method that use stream_context_create() works only on registered listed in stream stream_get_wrappers(): http, https, ftp, ...
931 }
932 */
933
934 // Use the method fsockopen to test tcp connect. No way to ignore ssl certificate errors with this method !
935 $op = @fsockopen($host, $port, $errno, $errstr, $timeout);
936
937 //var_dump($op);
938 if (!$op) {
939 return false; //DC is N/A
940 } else {
941 fclose($op); //explicitly close open socket connection
942 return true; //DC is up & running, we can safely connect with ldap_connect
943 }
944 }
945
946
947 // Attribute methods -----------------------------------------------------
948
958 public function addAttribute($dn, $info, $user)
959 {
960 dol_syslog(get_class($this)."::addAttribute dn=".$dn." info=".implode(',', $info));
961
962 // Check parameters
963 if (!$this->connection) {
964 $this->error = "NotConnected";
965 return -2;
966 }
967 if (!$this->bind) {
968 $this->error = "NotConnected";
969 return -3;
970 }
971
972 // Encode to LDAP page code
973 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
974 foreach ($info as $key => $val) {
975 if (!is_array($val)) {
976 $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
977 }
978 }
979
980 $this->dump($dn, $info);
981
982 //print_r($info);
983 $result = @ldap_mod_add($this->connection, $dn, $info);
984
985 if ($result) {
986 dol_syslog(get_class($this)."::add_attribute successful", LOG_DEBUG);
987 return 1;
988 } else {
989 $this->error = @ldap_error($this->connection);
990 dol_syslog(get_class($this)."::add_attribute failed: ".$this->error, LOG_ERR);
991 return -1;
992 }
993 }
994
1004 public function updateAttribute($dn, $info, $user)
1005 {
1006 dol_syslog(get_class($this)."::updateAttribute dn=".$dn." info=".implode(',', $info));
1007
1008 // Check parameters
1009 if (!$this->connection) {
1010 $this->error = "NotConnected";
1011 return -2;
1012 }
1013 if (!$this->bind) {
1014 $this->error = "NotConnected";
1015 return -3;
1016 }
1017
1018 // Encode to LDAP page code
1019 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
1020 foreach ($info as $key => $val) {
1021 if (!is_array($val)) {
1022 $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
1023 }
1024 }
1025
1026 $this->dump($dn, $info);
1027
1028 //print_r($info);
1029 $result = @ldap_mod_replace($this->connection, $dn, $info);
1030
1031 if ($result) {
1032 dol_syslog(get_class($this)."::updateAttribute successful", LOG_DEBUG);
1033 return 1;
1034 } else {
1035 $this->error = @ldap_error($this->connection);
1036 dol_syslog(get_class($this)."::updateAttribute failed: ".$this->error, LOG_ERR);
1037 return -1;
1038 }
1039 }
1040
1050 public function deleteAttribute($dn, $info, $user)
1051 {
1052 dol_syslog(get_class($this)."::deleteAttribute dn=".$dn." info=".implode(',', $info));
1053
1054 // Check parameters
1055 if (!$this->connection) {
1056 $this->error = "NotConnected";
1057 return -2;
1058 }
1059 if (!$this->bind) {
1060 $this->error = "NotConnected";
1061 return -3;
1062 }
1063
1064 // Encode to LDAP page code
1065 $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
1066 foreach ($info as $key => $val) {
1067 if (!is_array($val)) {
1068 $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
1069 }
1070 }
1071
1072 $this->dump($dn, $info);
1073
1074 //print_r($info);
1075 $result = @ldap_mod_del($this->connection, $dn, $info);
1076
1077 if ($result) {
1078 dol_syslog(get_class($this)."::deleteAttribute successful", LOG_DEBUG);
1079 return 1;
1080 } else {
1081 $this->error = @ldap_error($this->connection);
1082 dol_syslog(get_class($this)."::deleteAttribute failed: ".$this->error, LOG_ERR);
1083 return -1;
1084 }
1085 }
1086
1096 public function getAttribute($dn, $filter)
1097 {
1098 // Check parameters
1099 if (!$this->connection) {
1100 $this->error = "NotConnected";
1101 return -2;
1102 }
1103 if (!$this->bind) {
1104 $this->error = "NotConnected";
1105 return -3;
1106 }
1107
1108 $search = @ldap_search($this->connection, $dn, $filter);
1109
1110 // Only one entry should ever be returned
1111 $entry = @ldap_first_entry($this->connection, $search);
1112
1113 if (!$entry) {
1114 $this->ldapErrorCode = -1;
1115 $this->ldapErrorText = "Couldn't find entry";
1116 return 0; // Couldn't find entry...
1117 }
1118
1119 // Get values
1120 if (!($values = ldap_get_attributes($this->connection, $entry))) {
1121 $this->ldapErrorCode = ldap_errno($this->connection);
1122 $this->ldapErrorText = ldap_error($this->connection);
1123 return 0; // No matching attributes
1124 }
1125
1126 // Return an array containing the attributes.
1127 return $values;
1128 }
1129
1137 public function getAttributeValues($filterrecord, $attribute)
1138 {
1139 $attributes = array();
1140 $attributes[0] = $attribute;
1141
1142 // We need to search for this user in order to get their entry.
1143 $this->result = @ldap_search($this->connection, $this->people, $filterrecord, $attributes);
1144
1145 // Pourquoi cette ligne ?
1146 //$info = ldap_get_entries($this->connection, $this->result);
1147
1148 // Only one entry should ever be returned (no user will have the same uid)
1149 $entry = ldap_first_entry($this->connection, $this->result);
1150
1151 if (!$entry) {
1152 $this->ldapErrorCode = -1;
1153 $this->ldapErrorText = "Couldn't find user";
1154 return false; // Couldn't find the user...
1155 }
1156
1157 // Get values
1158 if (!$values = @ldap_get_values_len($this->connection, $entry, $attribute)) {
1159 $this->ldapErrorCode = ldap_errno($this->connection);
1160 $this->ldapErrorText = ldap_error($this->connection);
1161 return false; // No matching attributes
1162 }
1163
1164 // Return an array containing the attributes.
1165 return $values;
1166 }
1167
1180 public function getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter = 0, $attributeAsArray = array())
1181 {
1182 $fulllist = array();
1183
1184 dol_syslog(get_class($this)."::getRecords search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=array(".implode(',', $attributeArray).") activefilter=".$activefilter);
1185
1186 // if the directory is AD, then bind first with the search user first
1187 if ($this->serverType == "activedirectory") {
1188 $this->bindauth($this->searchUser, $this->searchPassword);
1189 dol_syslog(get_class($this)."::bindauth serverType=activedirectory searchUser=".$this->searchUser);
1190 }
1191
1192 // Define filter
1193 if (!empty($activefilter)) { // Use a predefined trusted filter (defined into setup by admin).
1194 if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
1195 $filter = '('.$this->filter.')';
1196 } elseif (((string) $activefilter == 'group') && $this->filtergroup) {
1197 $filter = '('.$this->filtergroup.')';
1198 } elseif (((string) $activefilter == 'member') && $this->filter) {
1199 $filter = '('.$this->filtermember.')';
1200 } else {
1201 // If this->filter/this->filtergroup is empty, make filter on * (all)
1202 $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'=*)';
1203 }
1204 } else { // Use a filter forged using the $search value
1205 $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'='.ldap_escape($search, '', LDAP_ESCAPE_FILTER).')';
1206 }
1207
1208 if (is_array($attributeArray)) {
1209 // Return list with required fields
1210 $attributeArray = array_values($attributeArray); // This is to force to have index reordered from 0 (not make ldap_search fails)
1211 dol_syslog(get_class($this)."::getRecords connection=".$this->connectedServer.":".$this->serverPort." userDn=".$userDn." filter=".$filter." attributeArray=(".implode(',', $attributeArray).")");
1212 //var_dump($attributeArray);
1213 $this->result = @ldap_search($this->connection, $userDn, $filter, $attributeArray);
1214 } else {
1215 // Return list with fields selected by default
1216 dol_syslog(get_class($this)."::getRecords connection=".$this->connectedServer.":".$this->serverPort." userDn=".$userDn." filter=".$filter);
1217 $this->result = @ldap_search($this->connection, $userDn, $filter);
1218 }
1219 if (!$this->result) {
1220 $this->error = 'LDAP search failed: '.ldap_errno($this->connection)." ".ldap_error($this->connection);
1221 return -1;
1222 }
1223
1224 $info = @ldap_get_entries($this->connection, $this->result);
1225
1226 // Warning: Dans info, les noms d'attributs sont en minuscule meme si passe
1227 // a ldap_search en majuscule !!!
1228 //print_r($info);
1229
1230 for ($i = 0; $i < $info["count"]; $i++) {
1231 $recordid = $this->convToOutputCharset($info[$i][strtolower($useridentifier)][0], $this->ldapcharset);
1232 if ($recordid) {
1233 //print "Found record with key $useridentifier=".$recordid."<br>\n";
1234 $fulllist[$recordid][$useridentifier] = $recordid;
1235
1236 // Add to the array for each attribute in my list
1237 $num = count($attributeArray);
1238 for ($j = 0; $j < $num; $j++) {
1239 $keyattributelower = strtolower($attributeArray[$j]);
1240 //print " Param ".$attributeArray[$j]."=".$info[$i][$keyattributelower][0]."<br>\n";
1241
1242 //permet de recuperer le SID avec Active Directory
1243 if ($this->serverType == "activedirectory" && $keyattributelower == "objectsid") {
1244 $objectsid = $this->getObjectSid($recordid);
1245 $fulllist[$recordid][$attributeArray[$j]] = $objectsid;
1246 } else {
1247 if (in_array($attributeArray[$j], $attributeAsArray) && is_array($info[$i][$keyattributelower])) {
1248 $valueTab = array();
1249 foreach ($info[$i][$keyattributelower] as $key => $value) {
1250 $valueTab[$key] = $this->convToOutputCharset($value, $this->ldapcharset);
1251 }
1252 $fulllist[$recordid][$attributeArray[$j]] = $valueTab;
1253 } else {
1254 $fulllist[$recordid][$attributeArray[$j]] = $this->convToOutputCharset($info[$i][$keyattributelower][0], $this->ldapcharset);
1255 }
1256 }
1257 }
1258 }
1259 }
1260
1261 asort($fulllist);
1262 return $fulllist;
1263 }
1264
1272 public function littleEndian($hex)
1273 {
1274 $result = '';
1275 for ($x = dol_strlen($hex) - 2; $x >= 0; $x -= 2) {
1276 $result .= substr($hex, $x, 2);
1277 }
1278 return $result;
1279 }
1280
1281
1289 public function getObjectSid($ldapUser)
1290 {
1291 $criteria = '('.$this->getUserIdentifier().'='.$ldapUser.')';
1292 $justthese = array("objectsid");
1293
1294 // if the directory is AD, then bind first with the search user first
1295 if ($this->serverType == "activedirectory") {
1296 $this->bindauth($this->searchUser, $this->searchPassword);
1297 }
1298
1299 $i = 0;
1300 $entry = null;
1301 $searchDN = $this->people;
1302
1303 while ($i <= 2) {
1304 $ldapSearchResult = @ldap_search($this->connection, $searchDN, $criteria, $justthese);
1305
1306 if (!$ldapSearchResult) {
1307 $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1308 return -1;
1309 }
1310
1311 $entry = ldap_first_entry($this->connection, $ldapSearchResult);
1312
1313 if (!$entry) {
1314 // Si pas de resultat on cherche dans le domaine
1315 $searchDN = $this->domain;
1316 $i++;
1317 } else {
1318 $i++;
1319 $i++;
1320 }
1321 }
1322
1323 if ($entry) {
1324 $ldapBinary = ldap_get_values_len($this->connection, $entry, "objectsid");
1325 $SIDText = $this->binSIDtoText($ldapBinary[0]);
1326 return $SIDText;
1327 } else {
1328 $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1329 return -1;
1330 }
1331 }
1332
1340 public function binSIDtoText($binsid)
1341 {
1342 $hex_sid = bin2hex($binsid);
1343 $rev = hexdec(substr($hex_sid, 0, 2)); // Get revision-part of SID
1344 $subcount = hexdec(substr($hex_sid, 2, 2)); // Get count of sub-auth entries
1345 $auth = hexdec(substr($hex_sid, 4, 12)); // SECURITY_NT_AUTHORITY
1346 $result = "$rev-$auth";
1347 for ($x = 0; $x < $subcount; $x++) {
1348 $result .= "-".hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8))); // get all SECURITY_NT_AUTHORITY
1349 }
1350 return $result;
1351 }
1352
1353
1367 public function search($checkDn, $filter)
1368 {
1369 dol_syslog(get_class($this)."::search checkDn=".$checkDn." filter=".$filter);
1370
1371 $checkDn = $this->convFromOutputCharset($checkDn, $this->ldapcharset);
1372 $filter = $this->convFromOutputCharset($filter, $this->ldapcharset);
1373
1374 // if the directory is AD, then bind first with the search user first
1375 if ($this->serverType == "activedirectory") {
1376 $this->bindauth($this->searchUser, $this->searchPassword);
1377 }
1378
1379 $this->result = @ldap_search($this->connection, $checkDn, $filter);
1380
1381 $result = @ldap_get_entries($this->connection, $this->result);
1382 if (!$result) {
1383 $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1384 return -1;
1385 } else {
1386 ldap_free_result($this->result);
1387 return $result;
1388 }
1389 }
1390
1391
1400 public function fetch($user, $filter)
1401 {
1402 // Perform the search and get the entry handles
1403
1404 // if the directory is AD, then bind first with the search user first
1405 if ($this->serverType == "activedirectory") {
1406 $this->bindauth($this->searchUser, $this->searchPassword);
1407 }
1408
1409 $searchDN = $this->people; // TODO Why searching in people then domain ?
1410
1411 $result = '';
1412 $i = 0;
1413 while ($i <= 2) {
1414 dol_syslog(get_class($this)."::fetch search with searchDN=".$searchDN." filter=".$filter);
1415 $this->result = @ldap_search($this->connection, $searchDN, $filter);
1416 if ($this->result) {
1417 $result = @ldap_get_entries($this->connection, $this->result);
1418 if ($result['count'] > 0) {
1419 dol_syslog('Ldap::fetch search found '.$result['count'].' records');
1420 } else {
1421 dol_syslog('Ldap::fetch search returns but found no records');
1422 }
1423 //var_dump($result);exit;
1424 } else {
1425 $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1426 dol_syslog(get_class($this)."::fetch search fails");
1427 return -1;
1428 }
1429
1430 if (!$result) {
1431 // Si pas de resultat on cherche dans le domaine
1432 $searchDN = $this->domain;
1433 $i++;
1434 } else {
1435 break;
1436 }
1437 }
1438
1439 if (!$result) {
1440 $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1441 return -1;
1442 } else {
1443 $this->name = $this->convToOutputCharset($result[0][$this->attr_name][0], $this->ldapcharset);
1444 $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0], $this->ldapcharset);
1445 $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0], $this->ldapcharset);
1446 $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0], $this->ldapcharset);
1447 $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0], $this->ldapcharset);
1448 $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0], $this->ldapcharset);
1449 $this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0], $this->ldapcharset);
1450
1451 $this->uacf = $this->parseUACF($this->convToOutputCharset($result[0]["useraccountcontrol"][0], $this->ldapcharset));
1452 if (isset($result[0]["pwdlastset"][0])) { // If expiration on password exists
1453 $this->pwdlastset = ($result[0]["pwdlastset"][0] != 0) ? $this->convertTime($this->convToOutputCharset($result[0]["pwdlastset"][0], $this->ldapcharset)) : 0;
1454 } else {
1455 $this->pwdlastset = -1;
1456 }
1457 if (!$this->name && !$this->login) {
1458 $this->pwdlastset = -1;
1459 }
1460 $this->badpwdtime = $this->convertTime($this->convToOutputCharset($result[0]["badpasswordtime"][0], $this->ldapcharset));
1461
1462 // FQDN domain
1463 $domain = str_replace('dc=', '', $this->domain);
1464 $domain = str_replace(',', '.', $domain);
1465 $this->domainFQDN = $domain;
1466
1467 // Set ldapUserDn (each user can have a different dn)
1468 //var_dump($result[0]);exit;
1469 $this->ldapUserDN = $result[0]['dn'];
1470
1471 ldap_free_result($this->result);
1472 return 1;
1473 }
1474 }
1475
1476
1477 // helper methods
1478
1484 public function getUserIdentifier()
1485 {
1486 if ($this->serverType == "activedirectory") {
1487 return $this->attr_sambalogin;
1488 } else {
1489 return $this->attr_login;
1490 }
1491 }
1492
1499 public function parseUACF($uacf)
1500 {
1501 //All flags array
1502 $flags = array(
1503 "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216,
1504 "PASSWORD_EXPIRED" => 8388608,
1505 "DONT_REQ_PREAUTH" => 4194304,
1506 "USE_DES_KEY_ONLY" => 2097152,
1507 "NOT_DELEGATED" => 1048576,
1508 "TRUSTED_FOR_DELEGATION" => 524288,
1509 "SMARTCARD_REQUIRED" => 262144,
1510 "MNS_LOGON_ACCOUNT" => 131072,
1511 "DONT_EXPIRE_PASSWORD" => 65536,
1512 "SERVER_TRUST_ACCOUNT" => 8192,
1513 "WORKSTATION_TRUST_ACCOUNT" => 4096,
1514 "INTERDOMAIN_TRUST_ACCOUNT" => 2048,
1515 "NORMAL_ACCOUNT" => 512,
1516 "TEMP_DUPLICATE_ACCOUNT" => 256,
1517 "ENCRYPTED_TEXT_PWD_ALLOWED" => 128,
1518 "PASSWD_CANT_CHANGE" => 64,
1519 "PASSWD_NOTREQD" => 32,
1520 "LOCKOUT" => 16,
1521 "HOMEDIR_REQUIRED" => 8,
1522 "ACCOUNTDISABLE" => 2,
1523 "SCRIPT" => 1
1524 );
1525
1526 //Parse flags to text
1527 $retval = array();
1528 //while (list($flag, $val) = each($flags)) {
1529 foreach ($flags as $flag => $val) {
1530 if ($uacf >= $val) {
1531 $uacf -= $val;
1532 $retval[$val] = $flag;
1533 }
1534 }
1535
1536 //Return human friendly flags
1537 return $retval;
1538 }
1539
1546 public function parseSAT($samtype)
1547 {
1548 $stypes = array(
1549 805306368 => "NORMAL_ACCOUNT",
1550 805306369 => "WORKSTATION_TRUST",
1551 805306370 => "INTERDOMAIN_TRUST",
1552 268435456 => "SECURITY_GLOBAL_GROUP",
1553 268435457 => "DISTRIBUTION_GROUP",
1554 536870912 => "SECURITY_LOCAL_GROUP",
1555 536870913 => "DISTRIBUTION_LOCAL_GROUP"
1556 );
1557
1558 $retval = "";
1559 foreach ($stypes as $sat => $val) {
1560 if ($samtype == $sat) {
1561 $retval = $val;
1562 break;
1563 }
1564 }
1565 if (empty($retval)) {
1566 $retval = "UNKNOWN_TYPE_".$samtype;
1567 }
1568
1569 return $retval;
1570 }
1571
1578 public function convertTime($value)
1579 {
1580 $dateLargeInt = $value; // nano secondes depuis 1601 !!!!
1581 if (PHP_INT_SIZE < 8) {
1582 // 32 bit platform
1583 $secsAfterADEpoch = (float) $dateLargeInt / (10000000.); // secondes depuis le 1 jan 1601
1584 } else {
1585 // At least 64 bit platform
1586 $secsAfterADEpoch = (int) $dateLargeInt / (10000000); // secondes depuis le 1 jan 1601
1587 }
1588 $ADToUnixConvertor = ((1970 - 1601) * 365.242190) * 86400; // UNIX start date - AD start date * jours * secondes
1589 $unixTimeStamp = intval($secsAfterADEpoch - $ADToUnixConvertor); // Unix time stamp
1590 return $unixTimeStamp;
1591 }
1592
1593
1601 private function convToOutputCharset($str, $pagecodefrom = 'UTF-8')
1602 {
1603 global $conf;
1604 if ($pagecodefrom == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1605 $str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
1606 }
1607 if ($pagecodefrom == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1608 $str = mb_convert_encoding($str, 'ISO-8859-1');
1609 }
1610 return $str;
1611 }
1612
1620 public function convFromOutputCharset($str, $pagecodeto = 'UTF-8')
1621 {
1622 global $conf;
1623 if ($pagecodeto == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1624 $str = mb_convert_encoding($str, 'ISO-8859-1');
1625 }
1626 if ($pagecodeto == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1627 $str = mb_convert_encoding($str, 'UTF-8', 'ISO-8859-1');
1628 }
1629 return $str;
1630 }
1631
1632
1639 public function getNextGroupGid($keygroup = 'LDAP_KEY_GROUPS')
1640 {
1641
1642 if (empty($keygroup)) {
1643 $keygroup = 'LDAP_KEY_GROUPS';
1644 }
1645
1646 $search = '(' . getDolGlobalString($keygroup).'=*)';
1647 $result = $this->search($this->groups, $search);
1648 if ($result) {
1649 $c = $result['count'];
1650 $gids = array();
1651 for ($i = 0; $i < $c; $i++) {
1652 $gids[] = $result[$i]['gidnumber'][0];
1653 }
1654 rsort($gids);
1655
1656 return $gids[0] + 1;
1657 }
1658
1659 return 0;
1660 }
1661}
Ldap
Class to manage LDAP features.
Definition ldap.class.php:39
Ldap\add
add($dn, $info, $user)
Add an LDAP entry LDAP object connect and bind must have been done.
Definition ldap.class.php:609
Ldap\convertTime
convertTime($value)
Converts ActiveDirectory time to Unix timestamp.
Definition ldap.class.php:1578
Ldap\modify
modify($dn, $info, $user)
Modify an LDAP entry LDAP object connect and bind must have been done.
Definition ldap.class.php:657
Ldap\deleteAttribute
deleteAttribute($dn, $info, $user)
Delete an LDAP attribute in entry LDAP object connect and bind must have been done.
Definition ldap.class.php:1050
Ldap\setVersion
setVersion()
Set LDAP protocol version.
Definition ldap.class.php:573
Ldap\convToOutputCharset
convToOutputCharset($str, $pagecodefrom='UTF-8')
Convert a string into output/memory charset.
Definition ldap.class.php:1601
Ldap\littleEndian
littleEndian($hex)
Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.
Definition ldap.class.php:1272
Ldap\fetch
fetch($user, $filter)
Load all attributes of an LDAP user.
Definition ldap.class.php:1400
Ldap\update
update($dn, $info, $user, $olddn, $newrdn='', $newparent='')
Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.
Definition ldap.class.php:759
Ldap\getObjectSid
getObjectSid($ldapUser)
Gets LDAP user SID.
Definition ldap.class.php:1289
Ldap\updateAttribute
updateAttribute($dn, $info, $user)
Update an LDAP attribute in entry LDAP object connect and bind must have been done.
Definition ldap.class.php:1004
Ldap\getUserIdentifier
getUserIdentifier()
Returns the correct user identifier to use, based on the LDAP server type.
Definition ldap.class.php:1484
Ldap\getAttribute
getAttribute($dn, $filter)
Returns an array containing attributes and values for first record.
Definition ldap.class.php:1096
Ldap\close
close()
Simply closes the connection set up earlier.
Definition ldap.class.php:478
Ldap\parseSAT
parseSAT($samtype)
SamAccountType value to text.
Definition ldap.class.php:1546
Ldap\rename
rename($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
Rename an LDAP entry LDAP object connect and bind must have been done.
Definition ldap.class.php:715
Ldap\getNextGroupGid
getNextGroupGid($keygroup='LDAP_KEY_GROUPS')
Return available value of group GID.
Definition ldap.class.php:1639
Ldap\setSizeLimit
setSizeLimit()
Set LDAP size limit.
Definition ldap.class.php:583
Ldap\binSIDtoText
binSIDtoText($binsid)
Returns the textual SID Required by Active Directory.
Definition ldap.class.php:1340
Ldap\connectBind
connectBind()
Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType,...
Definition ldap.class.php:317
Ldap\setReferrals
setReferrals()
Set LDAP referrals.
Definition ldap.class.php:594
Ldap\search
search($checkDn, $filter)
Search method with filter this->connection must be defined.
Definition ldap.class.php:1367
Ldap\getRecords
getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
Returns an array containing a details or list of LDAP record(s).
Definition ldap.class.php:1180
Ldap\getVersion
getVersion()
Verify LDAP server version.
Definition ldap.class.php:561
Ldap\dumpContent
dumpContent($dn, $info)
Build an LDAP message.
Definition ldap.class.php:842
Ldap\getAttributeValues
getAttributeValues($filterrecord, $attribute)
Returns an array containing values for an attribute and for first record matching filterrecord.
Definition ldap.class.php:1137
Ldap\parseUACF
parseUACF($uacf)
UserAccountControl Flags to more human understandable form...
Definition ldap.class.php:1499
Ldap\__construct
__construct()
Constructor.
Definition ldap.class.php:271
Ldap\convFromOutputCharset
convFromOutputCharset($str, $pagecodeto='UTF-8')
Convert a string from output/memory charset.
Definition ldap.class.php:1620
Ldap\serverPing
serverPing($host, $port=389, $timeout=1)
Ping a server before ldap_connect for avoid waiting.
Definition ldap.class.php:911
Ldap\bind
bind()
Anonymously binds to the connection.
Definition ldap.class.php:489
Ldap\unbind
unbind()
Unbind of LDAP server (close connection).
Definition ldap.class.php:529
Ldap\bindauth
bindauth($bindDn, $pass)
Binds as an authenticated user, which usually allows for write access.
Definition ldap.class.php:511
Ldap\dump
dump($dn, $info)
Dump an LDAP message to ldapinput.in file.
Definition ldap.class.php:878
Ldap\addAttribute
addAttribute($dn, $info, $user)
Add an LDAP attribute in entry LDAP object connect and bind must have been done.
Definition ldap.class.php:958
dol_strlen
dol_strlen($string, $stringencoding='UTF-8')
Make a strlen call.
Definition functions.lib.php:4792
dolChmod
dolChmod($filepath, $newmask='')
Change mod of a file.
Definition functions.lib.php:7987
getDolGlobalInt
getDolGlobalInt($key, $default=0)
Return a Dolibarr global constant int value.
Definition functions.lib.php:232
getDolGlobalString
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
Definition functions.lib.php:217
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition functions.lib.php:2253
dol_mkdir
dol_mkdir($dir, $dataroot='', $newmask='')
Creation of a directory (this can create recursive subdir)
Definition functions.lib.php:7915
$conf
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
name
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition repair.php:152
Generated on Sun Dec 1 2024 01:00:26 for dolibarr by Doxygen 1.11.0