dolibarr  16.0.1
ldap.class.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
4  * Copyright (C) 2005-2021 Regis Houssin <regis.houssin@inodbox.com>
5  * Copyright (C) 2006-2021 Laurent Destailleur <eldy@users.sourceforge.net>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  * or see https://www.gnu.org/
20  */
21 
34 class Ldap
35 {
39  public $error = '';
40 
44  public $errors = array();
45 
49  public $server = array();
50 
54  public $connectedServer;
55 
59  public $dn;
63  public $serverType;
67  public $ldapProtocolVersion;
71  public $domain;
76  public $searchUser;
81  public $searchPassword;
85  public $people;
89  public $groups;
93  public $ldapErrorCode;
97  public $ldapErrorText;
98 
99 
100  //Fetch user
101  public $name;
102  public $firstname;
103  public $login;
104  public $phone;
105  public $skype;
106  public $fax;
107  public $mail;
108  public $mobile;
109 
110  public $uacf;
111  public $pwdlastset;
112 
113  public $ldapcharset = 'UTF-8'; // LDAP should be UTF-8 encoded
114 
115 
119  public $connection;
123  public $result;
124 
128  const SYNCHRO_NONE = 0;
129 
133  const SYNCHRO_DOLIBARR_TO_LDAP = 1;
134 
138  const SYNCHRO_LDAP_TO_DOLIBARR = 2;
139 
140 
144  public function __construct()
145  {
146  global $conf;
147 
148  // Server
149  if (!empty($conf->global->LDAP_SERVER_HOST)) {
150  $this->server[] = $conf->global->LDAP_SERVER_HOST;
151  }
152  if (!empty($conf->global->LDAP_SERVER_HOST_SLAVE)) {
153  $this->server[] = $conf->global->LDAP_SERVER_HOST_SLAVE;
154  }
155  $this->serverPort = getDolGlobalInt('LDAP_SERVER_PORT', 389);
156  $this->ldapProtocolVersion = getDolGlobalString('LDAP_SERVER_PROTOCOLVERSION');
157  $this->dn = getDolGlobalString('LDAP_SERVER_DN');
158  $this->serverType = getDolGlobalString('LDAP_SERVER_TYPE');
159 
160  $this->domain = getDolGlobalString('LDAP_SERVER_DN');
161  $this->searchUser = getDolGlobalString('LDAP_ADMIN_DN');
162  $this->searchPassword = getDolGlobalString('LDAP_ADMIN_PASS');
163  $this->people = getDolGlobalString('LDAP_USER_DN');
164  $this->groups = getDolGlobalString('LDAP_GROUP_DN');
165 
166  $this->filter = getDolGlobalString('LDAP_FILTER_CONNECTION'); // Filter on user
167  $this->filtergroup = getDolGlobalString('LDAP_GROUP_FILTER'); // Filter on groups
168  $this->filtermember = getDolGlobalString('LDAP_MEMBER_FILTER'); // Filter on member
169 
170  // Users
171  $this->attr_login = getDolGlobalString('LDAP_FIELD_LOGIN'); //unix
172  $this->attr_sambalogin = getDolGlobalString('LDAP_FIELD_LOGIN_SAMBA'); //samba, activedirectory
173  $this->attr_name = getDolGlobalString('LDAP_FIELD_NAME');
174  $this->attr_firstname = getDolGlobalString('LDAP_FIELD_FIRSTNAME');
175  $this->attr_mail = getDolGlobalString('LDAP_FIELD_MAIL');
176  $this->attr_phone = getDolGlobalString('LDAP_FIELD_PHONE');
177  $this->attr_skype = getDolGlobalString('LDAP_FIELD_SKYPE');
178  $this->attr_fax = getDolGlobalString('LDAP_FIELD_FAX');
179  $this->attr_mobile = getDolGlobalString('LDAP_FIELD_MOBILE');
180  }
181 
182  // Connection handling methods -------------------------------------------
183 
184  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
192  public function connect_bind()
193  {
194  // phpcs:enable
195  global $conf;
196 
197  $connected = 0;
198  $this->bind = 0;
199  $this->error = 0;
200  $this->connectedServer = '';
201 
202  // Check parameters
203  if (count($this->server) == 0 || empty($this->server[0])) {
204  $this->error = 'LDAP setup (file conf.php) is not complete';
205  dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING);
206  return -1;
207  }
208 
209  if (!function_exists("ldap_connect")) {
210  $this->error = 'LDAPFunctionsNotAvailableOnPHP';
211  dol_syslog(get_class($this)."::connect_bind ".$this->error, LOG_WARNING);
212  $return = -1;
213  }
214 
215  if (empty($this->error)) {
216  // Loop on each ldap server
217  foreach ($this->server as $host) {
218  if ($connected) {
219  break;
220  }
221  if (empty($host)) {
222  continue;
223  }
224 
225  if ($this->serverPing($host, $this->serverPort) === true) {
226  $this->connection = ldap_connect($host, $this->serverPort);
227  } else {
228  if (preg_match('/^ldaps/i', $host)) {
229  // With host = ldaps://server, the serverPing to ssl://server sometimes fails, even if the ldap_connect succeed, so
230  // we test this case and continue in suche a case even if serverPing fails.
231  $this->connection = ldap_connect($host, $this->serverPort);
232  } else {
233  continue;
234  }
235  }
236 
237  if (is_resource($this->connection) || is_object($this->connection)) {
238  // Upgrade connexion to TLS, if requested by the configuration
239  if (!empty($conf->global->LDAP_SERVER_USE_TLS)) {
240  // For test/debug
241  //ldap_set_option($this->connection, LDAP_OPT_DEBUG_LEVEL, 7);
242  //ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
243  //ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
244 
245  $resulttls = ldap_start_tls($this->connection);
246  if (!$resulttls) {
247  dol_syslog(get_class($this)."::connect_bind failed to start tls", LOG_WARNING);
248  $this->error = 'ldap_start_tls Failed to start TLS '.ldap_errno($this->connection).' '.ldap_error($this->connection);
249  $connected = 0;
250  $this->unbind();
251  }
252  }
253 
254  // Execute the ldap_set_option here (after connect and before bind)
255  $this->setVersion();
256  ldap_set_option($this->connection, LDAP_OPT_SIZELIMIT, 0); // no limit here. should return true.
257 
258 
259  if ($this->serverType == "activedirectory") {
260  $result = $this->setReferrals();
261  dol_syslog(get_class($this)."::connect_bind try bindauth for activedirectory on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
262  $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
263  if ($this->result) {
264  $this->bind = $this->result;
265  $connected = 2;
266  $this->connectedServer = $host;
267  break;
268  } else {
269  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
270  }
271  } else {
272  // Try in auth mode
273  if ($this->searchUser && $this->searchPassword) {
274  dol_syslog(get_class($this)."::connect_bind try bindauth on ".$host." user=".$this->searchUser." password=".preg_replace('/./', '*', $this->searchPassword), LOG_DEBUG);
275  $this->result = $this->bindauth($this->searchUser, $this->searchPassword);
276  if ($this->result) {
277  $this->bind = $this->result;
278  $connected = 2;
279  $this->connectedServer = $host;
280  break;
281  } else {
282  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
283  }
284  }
285  // Try in anonymous
286  if (!$this->bind) {
287  dol_syslog(get_class($this)."::connect_bind try bind anonymously on ".$host, LOG_DEBUG);
288  $result = $this->bind();
289  if ($result) {
290  $this->bind = $this->result;
291  $connected = 1;
292  $this->connectedServer = $host;
293  break;
294  } else {
295  $this->error = ldap_errno($this->connection).' '.ldap_error($this->connection);
296  }
297  }
298  }
299  }
300 
301  if (!$connected) {
302  $this->unbind();
303  }
304  } // End loop on each server
305  }
306 
307  if ($connected) {
308  $return = $connected;
309  dol_syslog(get_class($this)."::connect_bind return=".$return, LOG_DEBUG);
310  } else {
311  $this->error = 'Failed to connect to LDAP'.($this->error ? ': '.$this->error : '');
312  $return = -1;
313  dol_syslog(get_class($this)."::connect_bind return=".$return.' - '.$this->error, LOG_WARNING);
314  }
315 
316  return $return;
317  }
318 
327  public function close()
328  {
329  $r_type = get_resource_type($this->connection);
330  if ($this->connection && ($r_type === "Unknown" || !@ldap_close($this->connection))) {
331  return false;
332  } else {
333  return true;
334  }
335  }
336 
343  public function bind()
344  {
345  if (!$this->result = @ldap_bind($this->connection)) {
346  $this->ldapErrorCode = ldap_errno($this->connection);
347  $this->ldapErrorText = ldap_error($this->connection);
348  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
349  return false;
350  } else {
351  return true;
352  }
353  }
354 
365  public function bindauth($bindDn, $pass)
366  {
367  if (!$this->result = @ldap_bind($this->connection, $bindDn, $pass)) {
368  $this->ldapErrorCode = ldap_errno($this->connection);
369  $this->ldapErrorText = ldap_error($this->connection);
370  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
371  return false;
372  } else {
373  return true;
374  }
375  }
376 
383  public function unbind()
384  {
385  $this->result = true;
386  if ($this->connection) {
387  $this->result = @ldap_unbind($this->connection);
388  }
389  if ($this->result) {
390  return true;
391  } else {
392  return false;
393  }
394  }
395 
396 
402  public function getVersion()
403  {
404  $version = 0;
405  $version = @ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $version);
406  return $version;
407  }
408 
414  public function setVersion()
415  {
416  // LDAP_OPT_PROTOCOL_VERSION est une constante qui vaut 17
417  $ldapsetversion = ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $this->ldapProtocolVersion);
418  return $ldapsetversion;
419  }
420 
426  public function setReferrals()
427  {
428  // LDAP_OPT_REFERRALS est une constante qui vaut ?
429  $ldapreferrals = ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);
430  return $ldapreferrals;
431  }
432 
433 
443  public function add($dn, $info, $user)
444  {
445  dol_syslog(get_class($this)."::add dn=".$dn." info=".json_encode($info));
446 
447  // Check parameters
448  if (!$this->connection) {
449  $this->error = "NotConnected";
450  return -2;
451  }
452  if (!$this->bind) {
453  $this->error = "NotConnected";
454  return -3;
455  }
456 
457  // Encode to LDAP page code
458  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
459  foreach ($info as $key => $val) {
460  if (!is_array($val)) {
461  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
462  }
463  }
464 
465  $this->dump($dn, $info);
466 
467  //print_r($info);
468  $result = @ldap_add($this->connection, $dn, $info);
469 
470  if ($result) {
471  dol_syslog(get_class($this)."::add successfull", LOG_DEBUG);
472  return 1;
473  } else {
474  $this->ldapErrorCode = @ldap_errno($this->connection);
475  $this->ldapErrorText = @ldap_error($this->connection);
476  $this->error = $this->ldapErrorCode." ".$this->ldapErrorText;
477  dol_syslog(get_class($this)."::add failed: ".$this->error, LOG_ERR);
478  return -1;
479  }
480  }
481 
491  public function modify($dn, $info, $user)
492  {
493  dol_syslog(get_class($this)."::modify dn=".$dn." info=".join(',', $info));
494 
495  // Check parameters
496  if (!$this->connection) {
497  $this->error = "NotConnected";
498  return -2;
499  }
500  if (!$this->bind) {
501  $this->error = "NotConnected";
502  return -3;
503  }
504 
505  // Encode to LDAP page code
506  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
507  foreach ($info as $key => $val) {
508  if (!is_array($val)) {
509  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
510  }
511  }
512 
513  $this->dump($dn, $info);
514 
515  //print_r($info);
516 
517  // For better compatibility with Samba4 AD
518  if ($this->serverType == "activedirectory") {
519  unset($info['cn']); // To avoid error : Operation not allowed on RDN (Code 67)
520 
521  // To avoid error : LDAP Error: 53 (Unwilling to perform)
522  if (isset($info['unicodePwd'])) {
523  $info['unicodePwd'] = mb_convert_encoding("\"".$info['unicodePwd']."\"", "UTF-16LE", "UTF-8");
524  }
525  }
526  $result = @ldap_modify($this->connection, $dn, $info);
527 
528  if ($result) {
529  dol_syslog(get_class($this)."::modify successfull", LOG_DEBUG);
530  return 1;
531  } else {
532  $this->error = @ldap_error($this->connection);
533  dol_syslog(get_class($this)."::modify failed: ".$this->error, LOG_ERR);
534  return -1;
535  }
536  }
537 
549  public function rename($dn, $newrdn, $newparent, $user, $deleteoldrdn = true)
550  {
551  dol_syslog(get_class($this)."::modify dn=".$dn." newrdn=".$newrdn." newparent=".$newparent." deleteoldrdn=".($deleteoldrdn ? 1 : 0));
552 
553  // Check parameters
554  if (!$this->connection) {
555  $this->error = "NotConnected";
556  return -2;
557  }
558  if (!$this->bind) {
559  $this->error = "NotConnected";
560  return -3;
561  }
562 
563  // Encode to LDAP page code
564  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
565  $newrdn = $this->convFromOutputCharset($newrdn, $this->ldapcharset);
566  $newparent = $this->convFromOutputCharset($newparent, $this->ldapcharset);
567 
568  //print_r($info);
569  $result = @ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
570 
571  if ($result) {
572  dol_syslog(get_class($this)."::rename successfull", LOG_DEBUG);
573  return 1;
574  } else {
575  $this->error = @ldap_error($this->connection);
576  dol_syslog(get_class($this)."::rename failed: ".$this->error, LOG_ERR);
577  return -1;
578  }
579  }
580 
593  public function update($dn, $info, $user, $olddn, $newrdn = false, $newparent = false)
594  {
595  dol_syslog(get_class($this)."::update dn=".$dn." olddn=".$olddn);
596 
597  // Check parameters
598  if (!$this->connection) {
599  $this->error = "NotConnected";
600  return -2;
601  }
602  if (!$this->bind) {
603  $this->error = "NotConnected";
604  return -3;
605  }
606 
607  if (!$olddn || $olddn != $dn) {
608  if (!empty($olddn) && !empty($newrdn) && !empty($newparent) && $this->ldapProtocolVersion === '3') {
609  // This function currently only works with LDAPv3
610  $result = $this->rename($olddn, $newrdn, $newparent, $user, true);
611  $result = $this->modify($dn, $info, $user); // We force "modify" for avoid some fields not modify
612  } else {
613  // If change we make is rename the key of LDAP record, we create new one and if ok, we delete old one.
614  $result = $this->add($dn, $info, $user);
615  if ($result > 0 && $olddn && $olddn != $dn) {
616  $result = $this->delete($olddn); // If add fails, we do not try to delete old one
617  }
618  }
619  } else {
620  //$result = $this->delete($olddn);
621  $result = $this->add($dn, $info, $user); // If record has been deleted from LDAP, we recreate it. We ignore error if it already exists.
622  $result = $this->modify($dn, $info, $user); // We use add/modify instead of delete/add when olddn is received
623  }
624  if ($result <= 0) {
625  $this->error = ldap_error($this->connection).' (Code '.ldap_errno($this->connection).") ".$this->error;
626  dol_syslog(get_class($this)."::update ".$this->error, LOG_ERR);
627  //print_r($info);
628  return -1;
629  } else {
630  dol_syslog(get_class($this)."::update done successfully");
631  return 1;
632  }
633  }
634 
635 
643  public function delete($dn)
644  {
645  dol_syslog(get_class($this)."::delete Delete LDAP entry dn=".$dn);
646 
647  // Check parameters
648  if (!$this->connection) {
649  $this->error = "NotConnected";
650  return -2;
651  }
652  if (!$this->bind) {
653  $this->error = "NotConnected";
654  return -3;
655  }
656 
657  // Encode to LDAP page code
658  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
659 
660  $result = @ldap_delete($this->connection, $dn);
661 
662  if ($result) {
663  return 1;
664  }
665  return -1;
666  }
667 
668  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
676  public function dump_content($dn, $info)
677  {
678  // phpcs:enable
679  $content = '';
680 
681  // Create file content
682  if (preg_match('/^ldap/', $this->server[0])) {
683  $target = "-H ".join(',', $this->server);
684  } else {
685  $target = "-h ".join(',', $this->server)." -p ".$this->serverPort;
686  }
687  $content .= "# ldapadd $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
688  $content .= "# ldapmodify $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
689  $content .= "# ldapdelete $target -c -v -D ".$this->searchUser." -W -f ldapinput.in\n";
690  if (in_array('localhost', $this->server)) {
691  $content .= "# If commands fails to connect, try without -h and -p\n";
692  }
693  $content .= "dn: ".$dn."\n";
694  foreach ($info as $key => $value) {
695  if (!is_array($value)) {
696  $content .= "$key: $value\n";
697  } else {
698  foreach ($value as $valuevalue) {
699  $content .= "$key: $valuevalue\n";
700  }
701  }
702  }
703  return $content;
704  }
705 
713  public function dump($dn, $info)
714  {
715  global $conf;
716 
717  // Create content
718  $content = $this->dump_content($dn, $info);
719 
720  //Create file
721  $result = dol_mkdir($conf->ldap->dir_temp);
722 
723  $outputfile = $conf->ldap->dir_temp.'/ldapinput.in';
724  $fp = fopen($outputfile, "w");
725  if ($fp) {
726  fputs($fp, $content);
727  fclose($fp);
728  if (!empty($conf->global->MAIN_UMASK)) {
729  @chmod($outputfile, octdec($conf->global->MAIN_UMASK));
730  }
731  return 1;
732  } else {
733  return -1;
734  }
735  }
736 
745  public function serverPing($host, $port = 389, $timeout = 1)
746  {
747  $regs = array();
748  if (preg_match('/^ldaps:\/\/([^\/]+)\/?$/', $host, $regs)) {
749  // Replace ldaps:// by ssl://
750  $host = 'ssl://'.$regs[1];
751  } elseif (preg_match('/^ldap:\/\/([^\/]+)\/?$/', $host, $regs)) {
752  // Remove ldap://
753  $host = $regs[1];
754  }
755 
756  //var_dump($newhostforstream); var_dump($host); var_dump($port);
757  //$host = 'ssl://ldap.test.local:636';
758  //$port = 636;
759 
760  $errno = $errstr = 0;
761  /*
762  if ($methodtochecktcpconnect == 'socket') {
763  Try to use socket_create() method.
764  Method that use stream_context_create() works only on registered listed in stream stream_get_wrappers(): http, https, ftp, ...
765  }
766  */
767 
768  // Use the method fsockopen to test tcp connect. No way to ignore ssl certificate errors with this method !
769  $op = @fsockopen($host, $port, $errno, $errstr, $timeout);
770 
771  //var_dump($op);
772  if (!$op) {
773  return false; //DC is N/A
774  } else {
775  fclose($op); //explicitly close open socket connection
776  return true; //DC is up & running, we can safely connect with ldap_connect
777  }
778  }
779 
780 
781  // Attribute methods -----------------------------------------------------
782 
792  public function addAttribute($dn, $info, $user)
793  {
794  dol_syslog(get_class($this)."::addAttribute dn=".$dn." info=".join(',', $info));
795 
796  // Check parameters
797  if (!$this->connection) {
798  $this->error = "NotConnected";
799  return -2;
800  }
801  if (!$this->bind) {
802  $this->error = "NotConnected";
803  return -3;
804  }
805 
806  // Encode to LDAP page code
807  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
808  foreach ($info as $key => $val) {
809  if (!is_array($val)) {
810  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
811  }
812  }
813 
814  $this->dump($dn, $info);
815 
816  //print_r($info);
817  $result = @ldap_mod_add($this->connection, $dn, $info);
818 
819  if ($result) {
820  dol_syslog(get_class($this)."::add_attribute successfull", LOG_DEBUG);
821  return 1;
822  } else {
823  $this->error = @ldap_error($this->connection);
824  dol_syslog(get_class($this)."::add_attribute failed: ".$this->error, LOG_ERR);
825  return -1;
826  }
827  }
828 
838  public function updateAttribute($dn, $info, $user)
839  {
840  dol_syslog(get_class($this)."::updateAttribute dn=".$dn." info=".join(',', $info));
841 
842  // Check parameters
843  if (!$this->connection) {
844  $this->error = "NotConnected";
845  return -2;
846  }
847  if (!$this->bind) {
848  $this->error = "NotConnected";
849  return -3;
850  }
851 
852  // Encode to LDAP page code
853  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
854  foreach ($info as $key => $val) {
855  if (!is_array($val)) {
856  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
857  }
858  }
859 
860  $this->dump($dn, $info);
861 
862  //print_r($info);
863  $result = @ldap_mod_replace($this->connection, $dn, $info);
864 
865  if ($result) {
866  dol_syslog(get_class($this)."::updateAttribute successfull", LOG_DEBUG);
867  return 1;
868  } else {
869  $this->error = @ldap_error($this->connection);
870  dol_syslog(get_class($this)."::updateAttribute failed: ".$this->error, LOG_ERR);
871  return -1;
872  }
873  }
874 
884  public function deleteAttribute($dn, $info, $user)
885  {
886  dol_syslog(get_class($this)."::deleteAttribute dn=".$dn." info=".join(',', $info));
887 
888  // Check parameters
889  if (!$this->connection) {
890  $this->error = "NotConnected";
891  return -2;
892  }
893  if (!$this->bind) {
894  $this->error = "NotConnected";
895  return -3;
896  }
897 
898  // Encode to LDAP page code
899  $dn = $this->convFromOutputCharset($dn, $this->ldapcharset);
900  foreach ($info as $key => $val) {
901  if (!is_array($val)) {
902  $info[$key] = $this->convFromOutputCharset($val, $this->ldapcharset);
903  }
904  }
905 
906  $this->dump($dn, $info);
907 
908  //print_r($info);
909  $result = @ldap_mod_del($this->connection, $dn, $info);
910 
911  if ($result) {
912  dol_syslog(get_class($this)."::deleteAttribute successfull", LOG_DEBUG);
913  return 1;
914  } else {
915  $this->error = @ldap_error($this->connection);
916  dol_syslog(get_class($this)."::deleteAttribute failed: ".$this->error, LOG_ERR);
917  return -1;
918  }
919  }
920 
928  public function getAttribute($dn, $filter)
929  {
930  // Check parameters
931  if (!$this->connection) {
932  $this->error = "NotConnected";
933  return -2;
934  }
935  if (!$this->bind) {
936  $this->error = "NotConnected";
937  return -3;
938  }
939 
940  $search = @ldap_search($this->connection, $dn, $filter);
941 
942  // Only one entry should ever be returned
943  $entry = @ldap_first_entry($this->connection, $search);
944 
945  if (!$entry) {
946  $this->ldapErrorCode = -1;
947  $this->ldapErrorText = "Couldn't find entry";
948  return 0; // Couldn't find entry...
949  }
950 
951  // Get values
952  if (!($values = ldap_get_attributes($this->connection, $entry))) {
953  $this->ldapErrorCode = ldap_errno($this->connection);
954  $this->ldapErrorText = ldap_error($this->connection);
955  return 0; // No matching attributes
956  }
957 
958  // Return an array containing the attributes.
959  return $values;
960  }
961 
969  public function getAttributeValues($filterrecord, $attribute)
970  {
971  $attributes = array();
972  $attributes[0] = $attribute;
973 
974  // We need to search for this user in order to get their entry.
975  $this->result = @ldap_search($this->connection, $this->people, $filterrecord, $attributes);
976 
977  // Pourquoi cette ligne ?
978  //$info = ldap_get_entries($this->connection, $this->result);
979 
980  // Only one entry should ever be returned (no user will have the same uid)
981  $entry = ldap_first_entry($this->connection, $this->result);
982 
983  if (!$entry) {
984  $this->ldapErrorCode = -1;
985  $this->ldapErrorText = "Couldn't find user";
986  return false; // Couldn't find the user...
987  }
988 
989  // Get values
990  if (!$values = @ldap_get_values($this->connection, $entry, $attribute)) {
991  $this->ldapErrorCode = ldap_errno($this->connection);
992  $this->ldapErrorText = ldap_error($this->connection);
993  return false; // No matching attributes
994  }
995 
996  // Return an array containing the attributes.
997  return $values;
998  }
999 
1012  public function getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter = 0, $attributeAsArray = array())
1013  {
1014  $fulllist = array();
1015 
1016  dol_syslog(get_class($this)."::getRecords search=".$search." userDn=".$userDn." useridentifier=".$useridentifier." attributeArray=array(".join(',', $attributeArray).") activefilter=".$activefilter);
1017 
1018  // if the directory is AD, then bind first with the search user first
1019  if ($this->serverType == "activedirectory") {
1020  $this->bindauth($this->searchUser, $this->searchPassword);
1021  dol_syslog(get_class($this)."::bindauth serverType=activedirectory searchUser=".$this->searchUser);
1022  }
1023 
1024  // Define filter
1025  if (!empty($activefilter)) { // Use a predefined trusted filter (defined into setup by admin).
1026  if (((string) $activefilter == '1' || (string) $activefilter == 'user') && $this->filter) {
1027  $filter = '('.$this->filter.')';
1028  } elseif (((string) $activefilter == 'group') && $this->filtergroup ) {
1029  $filter = '('.$this->filtergroup.')';
1030  } elseif (((string) $activefilter == 'member') && $this->filter) {
1031  $filter = '('.$this->filtermember.')';
1032  } else {
1033  // If this->filter/this->filtergroup is empty, make fiter on * (all)
1034  $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'=*)';
1035  }
1036  } else { // Use a filter forged using the $search value
1037  $filter = '('.ldap_escape($useridentifier, '', LDAP_ESCAPE_FILTER).'='.ldap_escape($search, '', LDAP_ESCAPE_FILTER).')';
1038  }
1039 
1040  if (is_array($attributeArray)) {
1041  // Return list with required fields
1042  $attributeArray = array_values($attributeArray); // This is to force to have index reordered from 0 (not make ldap_search fails)
1043  dol_syslog(get_class($this)."::getRecords connection=".$this->connection." userDn=".$userDn." filter=".$filter." attributeArray=(".join(',', $attributeArray).")");
1044  //var_dump($attributeArray);
1045  $this->result = @ldap_search($this->connection, $userDn, $filter, $attributeArray);
1046  } else {
1047  // Return list with fields selected by default
1048  dol_syslog(get_class($this)."::getRecords connection=".$this->connection." userDn=".$userDn." filter=".$filter);
1049  $this->result = @ldap_search($this->connection, $userDn, $filter);
1050  }
1051  if (!$this->result) {
1052  $this->error = 'LDAP search failed: '.ldap_errno($this->connection)." ".ldap_error($this->connection);
1053  return -1;
1054  }
1055 
1056  $info = @ldap_get_entries($this->connection, $this->result);
1057 
1058  // Warning: Dans info, les noms d'attributs sont en minuscule meme si passe
1059  // a ldap_search en majuscule !!!
1060  //print_r($info);
1061 
1062  for ($i = 0; $i < $info["count"]; $i++) {
1063  $recordid = $this->convToOutputCharset($info[$i][strtolower($useridentifier)][0], $this->ldapcharset);
1064  if ($recordid) {
1065  //print "Found record with key $useridentifier=".$recordid."<br>\n";
1066  $fulllist[$recordid][$useridentifier] = $recordid;
1067 
1068  // Add to the array for each attribute in my list
1069  $num = count($attributeArray);
1070  for ($j = 0; $j < $num; $j++) {
1071  $keyattributelower = strtolower($attributeArray[$j]);
1072  //print " Param ".$attributeArray[$j]."=".$info[$i][$keyattributelower][0]."<br>\n";
1073 
1074  //permet de recuperer le SID avec Active Directory
1075  if ($this->serverType == "activedirectory" && $keyattributelower == "objectsid") {
1076  $objectsid = $this->getObjectSid($recordid);
1077  $fulllist[$recordid][$attributeArray[$j]] = $objectsid;
1078  } else {
1079  if (in_array($attributeArray[$j], $attributeAsArray) && is_array($info[$i][$keyattributelower])) {
1080  $valueTab = array();
1081  foreach ($info[$i][$keyattributelower] as $key => $value) {
1082  $valueTab[$key] = $this->convToOutputCharset($value, $this->ldapcharset);
1083  }
1084  $fulllist[$recordid][$attributeArray[$j]] = $valueTab;
1085  } else {
1086  $fulllist[$recordid][$attributeArray[$j]] = $this->convToOutputCharset($info[$i][$keyattributelower][0], $this->ldapcharset);
1087  }
1088  }
1089  }
1090  }
1091  }
1092 
1093  asort($fulllist);
1094  return $fulllist;
1095  }
1096 
1104  public function littleEndian($hex)
1105  {
1106  $result = '';
1107  for ($x = dol_strlen($hex) - 2; $x >= 0; $x = $x - 2) {
1108  $result .= substr($hex, $x, 2);
1109  }
1110  return $result;
1111  }
1112 
1113 
1121  public function getObjectSid($ldapUser)
1122  {
1123  $criteria = '('.$this->getUserIdentifier().'='.$ldapUser.')';
1124  $justthese = array("objectsid");
1125 
1126  // if the directory is AD, then bind first with the search user first
1127  if ($this->serverType == "activedirectory") {
1128  $this->bindauth($this->searchUser, $this->searchPassword);
1129  }
1130 
1131  $i = 0;
1132  $searchDN = $this->people;
1133 
1134  while ($i <= 2) {
1135  $ldapSearchResult = @ldap_search($this->connection, $searchDN, $criteria, $justthese);
1136 
1137  if (!$ldapSearchResult) {
1138  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1139  return -1;
1140  }
1141 
1142  $entry = ldap_first_entry($this->connection, $ldapSearchResult);
1143 
1144  if (!$entry) {
1145  // Si pas de resultat on cherche dans le domaine
1146  $searchDN = $this->domain;
1147  $i++;
1148  } else {
1149  $i++;
1150  $i++;
1151  }
1152  }
1153 
1154  if ($entry) {
1155  $ldapBinary = ldap_get_values_len($this->connection, $entry, "objectsid");
1156  $SIDText = $this->binSIDtoText($ldapBinary[0]);
1157  return $SIDText;
1158  } else {
1159  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1160  return '?';
1161  }
1162  }
1163 
1171  public function binSIDtoText($binsid)
1172  {
1173  $hex_sid = bin2hex($binsid);
1174  $rev = hexdec(substr($hex_sid, 0, 2)); // Get revision-part of SID
1175  $subcount = hexdec(substr($hex_sid, 2, 2)); // Get count of sub-auth entries
1176  $auth = hexdec(substr($hex_sid, 4, 12)); // SECURITY_NT_AUTHORITY
1177  $result = "$rev-$auth";
1178  for ($x = 0; $x < $subcount; $x++) {
1179  $result .= "-".hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8))); // get all SECURITY_NT_AUTHORITY
1180  }
1181  return $result;
1182  }
1183 
1184 
1196  public function search($checkDn, $filter)
1197  {
1198  dol_syslog(get_class($this)."::search checkDn=".$checkDn." filter=".$filter);
1199 
1200  $checkDn = $this->convFromOutputCharset($checkDn, $this->ldapcharset);
1201  $filter = $this->convFromOutputCharset($filter, $this->ldapcharset);
1202 
1203  // if the directory is AD, then bind first with the search user first
1204  if ($this->serverType == "activedirectory") {
1205  $this->bindauth($this->searchUser, $this->searchPassword);
1206  }
1207 
1208  $this->result = @ldap_search($this->connection, $checkDn, $filter);
1209 
1210  $result = @ldap_get_entries($this->connection, $this->result);
1211  if (!$result) {
1212  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1213  return -1;
1214  } else {
1215  ldap_free_result($this->result);
1216  return $result;
1217  }
1218  }
1219 
1220 
1229  public function fetch($user, $filter)
1230  {
1231  // Perform the search and get the entry handles
1232 
1233  // if the directory is AD, then bind first with the search user first
1234  if ($this->serverType == "activedirectory") {
1235  $this->bindauth($this->searchUser, $this->searchPassword);
1236  }
1237 
1238  $searchDN = $this->people; // TODO Why searching in people then domain ?
1239 
1240  $result = '';
1241  $i = 0;
1242  while ($i <= 2) {
1243  dol_syslog(get_class($this)."::fetch search with searchDN=".$searchDN." filter=".$filter);
1244  $this->result = @ldap_search($this->connection, $searchDN, $filter);
1245  if ($this->result) {
1246  $result = @ldap_get_entries($this->connection, $this->result);
1247  if ($result['count'] > 0) {
1248  dol_syslog('Ldap::fetch search found '.$result['count'].' records');
1249  } else {
1250  dol_syslog('Ldap::fetch search returns but found no records');
1251  }
1252  //var_dump($result);exit;
1253  } else {
1254  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1255  dol_syslog(get_class($this)."::fetch search fails");
1256  return -1;
1257  }
1258 
1259  if (!$result) {
1260  // Si pas de resultat on cherche dans le domaine
1261  $searchDN = $this->domain;
1262  $i++;
1263  } else {
1264  break;
1265  }
1266  }
1267 
1268  if (!$result) {
1269  $this->error = ldap_errno($this->connection)." ".ldap_error($this->connection);
1270  return -1;
1271  } else {
1272  $this->name = $this->convToOutputCharset($result[0][$this->attr_name][0], $this->ldapcharset);
1273  $this->firstname = $this->convToOutputCharset($result[0][$this->attr_firstname][0], $this->ldapcharset);
1274  $this->login = $this->convToOutputCharset($result[0][$this->attr_login][0], $this->ldapcharset);
1275  $this->phone = $this->convToOutputCharset($result[0][$this->attr_phone][0], $this->ldapcharset);
1276  $this->skype = $this->convToOutputCharset($result[0][$this->attr_skype][0], $this->ldapcharset);
1277  $this->fax = $this->convToOutputCharset($result[0][$this->attr_fax][0], $this->ldapcharset);
1278  $this->mail = $this->convToOutputCharset($result[0][$this->attr_mail][0], $this->ldapcharset);
1279  $this->mobile = $this->convToOutputCharset($result[0][$this->attr_mobile][0], $this->ldapcharset);
1280 
1281  $this->uacf = $this->parseUACF($this->convToOutputCharset($result[0]["useraccountcontrol"][0], $this->ldapcharset));
1282  if (isset($result[0]["pwdlastset"][0])) { // If expiration on password exists
1283  $this->pwdlastset = ($result[0]["pwdlastset"][0] != 0) ? $this->convert_time($this->convToOutputCharset($result[0]["pwdlastset"][0], $this->ldapcharset)) : 0;
1284  } else {
1285  $this->pwdlastset = -1;
1286  }
1287  if (!$this->name && !$this->login) {
1288  $this->pwdlastset = -1;
1289  }
1290  $this->badpwdtime = $this->convert_time($this->convToOutputCharset($result[0]["badpasswordtime"][0], $this->ldapcharset));
1291 
1292  // FQDN domain
1293  $domain = str_replace('dc=', '', $this->domain);
1294  $domain = str_replace(',', '.', $domain);
1295  $this->domainFQDN = $domain;
1296 
1297  // Set ldapUserDn (each user can have a different dn)
1298  //var_dump($result[0]);exit;
1299  $this->ldapUserDN = $result[0]['dn'];
1300 
1301  ldap_free_result($this->result);
1302  return 1;
1303  }
1304  }
1305 
1306 
1307  // helper methods
1308 
1314  public function getUserIdentifier()
1315  {
1316  if ($this->serverType == "activedirectory") {
1317  return $this->attr_sambalogin;
1318  } else {
1319  return $this->attr_login;
1320  }
1321  }
1322 
1329  public function parseUACF($uacf)
1330  {
1331  //All flags array
1332  $flags = array(
1333  "TRUSTED_TO_AUTH_FOR_DELEGATION" => 16777216,
1334  "PASSWORD_EXPIRED" => 8388608,
1335  "DONT_REQ_PREAUTH" => 4194304,
1336  "USE_DES_KEY_ONLY" => 2097152,
1337  "NOT_DELEGATED" => 1048576,
1338  "TRUSTED_FOR_DELEGATION" => 524288,
1339  "SMARTCARD_REQUIRED" => 262144,
1340  "MNS_LOGON_ACCOUNT" => 131072,
1341  "DONT_EXPIRE_PASSWORD" => 65536,
1342  "SERVER_TRUST_ACCOUNT" => 8192,
1343  "WORKSTATION_TRUST_ACCOUNT" => 4096,
1344  "INTERDOMAIN_TRUST_ACCOUNT" => 2048,
1345  "NORMAL_ACCOUNT" => 512,
1346  "TEMP_DUPLICATE_ACCOUNT" => 256,
1347  "ENCRYPTED_TEXT_PWD_ALLOWED" => 128,
1348  "PASSWD_CANT_CHANGE" => 64,
1349  "PASSWD_NOTREQD" => 32,
1350  "LOCKOUT" => 16,
1351  "HOMEDIR_REQUIRED" => 8,
1352  "ACCOUNTDISABLE" => 2,
1353  "SCRIPT" => 1
1354  );
1355 
1356  //Parse flags to text
1357  $retval = array();
1358  //while (list($flag, $val) = each($flags)) {
1359  foreach ($flags as $flag => $val) {
1360  if ($uacf >= $val) {
1361  $uacf -= $val;
1362  $retval[$val] = $flag;
1363  }
1364  }
1365 
1366  //Return human friendly flags
1367  return($retval);
1368  }
1369 
1376  public function parseSAT($samtype)
1377  {
1378  $stypes = array(
1379  805306368 => "NORMAL_ACCOUNT",
1380  805306369 => "WORKSTATION_TRUST",
1381  805306370 => "INTERDOMAIN_TRUST",
1382  268435456 => "SECURITY_GLOBAL_GROUP",
1383  268435457 => "DISTRIBUTION_GROUP",
1384  536870912 => "SECURITY_LOCAL_GROUP",
1385  536870913 => "DISTRIBUTION_LOCAL_GROUP"
1386  );
1387 
1388  $retval = "";
1389  while (list($sat, $val) = each($stypes)) {
1390  if ($samtype == $sat) {
1391  $retval = $val;
1392  break;
1393  }
1394  }
1395  if (empty($retval)) {
1396  $retval = "UNKNOWN_TYPE_".$samtype;
1397  }
1398 
1399  return($retval);
1400  }
1401 
1402  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
1409  public function convert_time($value)
1410  {
1411  // phpcs:enable
1412  $dateLargeInt = $value; // nano secondes depuis 1601 !!!!
1413  $secsAfterADEpoch = $dateLargeInt / (10000000); // secondes depuis le 1 jan 1601
1414  $ADToUnixConvertor = ((1970 - 1601) * 365.242190) * 86400; // UNIX start date - AD start date * jours * secondes
1415  $unixTimeStamp = intval($secsAfterADEpoch - $ADToUnixConvertor); // Unix time stamp
1416  return $unixTimeStamp;
1417  }
1418 
1419 
1427  private function convToOutputCharset($str, $pagecodefrom = 'UTF-8')
1428  {
1429  global $conf;
1430  if ($pagecodefrom == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1431  $str = utf8_encode($str);
1432  }
1433  if ($pagecodefrom == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1434  $str = utf8_decode($str);
1435  }
1436  return $str;
1437  }
1438 
1446  public function convFromOutputCharset($str, $pagecodeto = 'UTF-8')
1447  {
1448  global $conf;
1449  if ($pagecodeto == 'ISO-8859-1' && $conf->file->character_set_client == 'UTF-8') {
1450  $str = utf8_decode($str);
1451  }
1452  if ($pagecodeto == 'UTF-8' && $conf->file->character_set_client == 'ISO-8859-1') {
1453  $str = utf8_encode($str);
1454  }
1455  return $str;
1456  }
1457 
1458 
1465  public function getNextGroupGid($keygroup = 'LDAP_KEY_GROUPS')
1466  {
1467  global $conf;
1468 
1469  if (empty($keygroup)) {
1470  $keygroup = 'LDAP_KEY_GROUPS';
1471  }
1472 
1473  $search = '('.$conf->global->$keygroup.'=*)';
1474  $result = $this->search($this->groups, $search);
1475  if ($result) {
1476  $c = $result['count'];
1477  $gids = array();
1478  for ($i = 0; $i < $c; $i++) {
1479  $gids[] = $result[$i]['gidnumber'][0];
1480  }
1481  rsort($gids);
1482 
1483  return $gids[0] + 1;
1484  }
1485 
1486  return 0;
1487  }
1488 }
Ldap\setReferrals
setReferrals()
changement du referrals.
Definition: ldap.class.php:426
getDolGlobalInt
getDolGlobalInt($key, $default=0)
Return dolibarr global constant int value.
Definition: functions.lib.php:92
Ldap\deleteAttribute
deleteAttribute($dn, $info, $user)
Delete a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:884
Ldap\getNextGroupGid
getNextGroupGid($keygroup= 'LDAP_KEY_GROUPS')
Return available value of group GID.
Definition: ldap.class.php:1465
Ldap\update
update($dn, $info, $user, $olddn, $newrdn=false, $newparent=false)
Modify a LDAP entry (to use if dn != olddn) Ldap object connect and bind must have been done...
Definition: ldap.class.php:593
Ldap\addAttribute
addAttribute($dn, $info, $user)
Add a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:792
Ldap\binSIDtoText
binSIDtoText($binsid)
Returns the textual SID Indispensable pour Active Directory.
Definition: ldap.class.php:1171
Ldap\add
add($dn, $info, $user)
Add a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:443
dol_mkdir
dol_mkdir($dir, $dataroot= '', $newmask= '')
Creation of a directory (this can create recursive subdir)
Definition: functions.lib.php:6587
Ldap\modify
modify($dn, $info, $user)
Modify a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:491
Ldap\SYNCHRO_NONE
const SYNCHRO_NONE
No Ldap synchronization.
Definition: ldap.class.php:128
Ldap\$domain
$domain
Server DN.
Definition: ldap.class.php:71
Ldap\$connectedServer
$connectedServer
Current connected server.
Definition: ldap.class.php:54
Ldap\getVersion
getVersion()
Verification de la version du serveur ldap.
Definition: ldap.class.php:402
getDolGlobalString
if(!function_exists('utf8_encode')) if(!function_exists('utf8_decode')) getDolGlobalString($key, $default= '')
Return dolibarr global constant string value.
Definition: functions.lib.php:79
Ldap\$ldapErrorCode
$ldapErrorCode
Code erreur retourne par le serveur Ldap.
Definition: ldap.class.php:93
Ldap\getAttribute
getAttribute($dn, $filter)
Returns an array containing attributes and values for first record.
Definition: ldap.class.php:928
Ldap\SYNCHRO_DOLIBARR_TO_LDAP
const SYNCHRO_DOLIBARR_TO_LDAP
Dolibarr to Ldap synchronization.
Definition: ldap.class.php:133
Ldap\$searchUser
$searchUser
User administrateur Ldap Active Directory ne supporte pas les connexions anonymes.
Definition: ldap.class.php:76
Ldap\$ldapErrorText
$ldapErrorText
Message texte de l&#39;erreur.
Definition: ldap.class.php:97
Ldap\getAttributeValues
getAttributeValues($filterrecord, $attribute)
Returns an array containing values for an attribute and for first record matching filterrecord...
Definition: ldap.class.php:969
Ldap\unbind
unbind()
Unbind of LDAP server (close connection).
Definition: ldap.class.php:383
name
$conf db name
Only used if Module[ID]Name translation string is not found.
Definition: repair.php:122
Ldap\bind
bind()
Anonymously binds to the connection.
Definition: ldap.class.php:343
Ldap\parseUACF
parseUACF($uacf)
UserAccountControl Flgs to more human understandable form...
Definition: ldap.class.php:1329
Ldap\convFromOutputCharset
convFromOutputCharset($str, $pagecodeto= 'UTF-8')
Convert a string from output/memory charset.
Definition: ldap.class.php:1446
Ldap\convert_time
convert_time($value)
Convertit le temps ActiveDirectory en Unix timestamp.
Definition: ldap.class.php:1409
Ldap\$ldapProtocolVersion
$ldapProtocolVersion
Version du protocole ldap.
Definition: ldap.class.php:67
Ldap\updateAttribute
updateAttribute($dn, $info, $user)
Update a LDAP attribute in entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:838
Ldap\$people
$people
DN des utilisateurs.
Definition: ldap.class.php:85
Ldap\$searchPassword
$searchPassword
Mot de passe de l&#39;administrateur Active Directory ne supporte pas les connexions anonymes.
Definition: ldap.class.php:81
Ldap\$result
$result
Result of any connections etc.
Definition: ldap.class.php:123
Ldap\convToOutputCharset
convToOutputCharset($str, $pagecodefrom= 'UTF-8')
Convert a string into output/memory charset.
Definition: ldap.class.php:1427
Ldap\dump
dump($dn, $info)
Dump a LDAP message to ldapinput.in file.
Definition: ldap.class.php:713
Ldap\serverPing
serverPing($host, $port=389, $timeout=1)
Ping a server before ldap_connect for avoid waiting.
Definition: ldap.class.php:745
dol_strlen
dol_strlen($string, $stringencoding= 'UTF-8')
Make a strlen call.
Definition: functions.lib.php:3732
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename= '', $restricttologhandler= '', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1588
Ldap\dump_content
dump_content($dn, $info)
Build a LDAP message.
Definition: ldap.class.php:676
Ldap\bindauth
bindauth($bindDn, $pass)
Binds as an authenticated user, which usually allows for write access.
Definition: ldap.class.php:365
Ldap\$groups
$groups
DN des groupes.
Definition: ldap.class.php:89
Ldap\getRecords
getRecords($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
Returns an array containing a details or list of LDAP record(s) ldapsearch -LLLx -hlocalhost -Dcn=adm...
Definition: ldap.class.php:1012
Ldap\parseSAT
parseSAT($samtype)
SamAccountType value to text.
Definition: ldap.class.php:1376
Ldap\SYNCHRO_LDAP_TO_DOLIBARR
const SYNCHRO_LDAP_TO_DOLIBARR
Ldap to Dolibarr synchronization.
Definition: ldap.class.php:138
Ldap\$dn
$dn
Base DN (e.g.
Definition: ldap.class.php:59
Ldap\__construct
__construct()
Constructor.
Definition: ldap.class.php:144
Ldap\search
search($checkDn, $filter)
Fonction de recherche avec filtre this-&gt;connection doit etre defini donc la methode bind ou bindauth d...
Definition: ldap.class.php:1196
Ldap\littleEndian
littleEndian($hex)
Converts a little-endian hex-number to one, that &#39;hexdec&#39; can convert Required by Active Directory...
Definition: ldap.class.php:1104
Ldap
Class to manage LDAP features.
Definition: ldap.class.php:34
Ldap\close
close()
Simply closes the connection set up earlier.
Definition: ldap.class.php:327
Ldap\rename
rename($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
Rename a LDAP entry Ldap object connect and bind must have been done.
Definition: ldap.class.php:549
Ldap\fetch
fetch($user, $filter)
Load all attribute of a LDAP user.
Definition: ldap.class.php:1229
Ldap\setVersion
setVersion()
Change ldap protocol version to use.
Definition: ldap.class.php:414
Ldap\getObjectSid
getObjectSid($ldapUser)
Recupere le SID de l&#39;utilisateur Required by Active Directory.
Definition: ldap.class.php:1121
Ldap\$server
$server
Tableau des serveurs (IP addresses ou nom d&#39;hotes)
Definition: ldap.class.php:49
Ldap\getUserIdentifier
getUserIdentifier()
Returns the correct user identifier to use, based on the ldap server type.
Definition: ldap.class.php:1314
Ldap\$connection
$connection
The internal LDAP connection handle.
Definition: ldap.class.php:119
Ldap\$serverType
$serverType
type de serveur, actuellement OpenLdap et Active Directory
Definition: ldap.class.php:63
Ldap\connect_bind
connect_bind()
Connect and bind Use this-&gt;server, this-&gt;serverPort, this-&gt;ldapProtocolVersion, this-&gt;serverType, this-&gt;searchUser, this-&gt;searchPassword After return, this-&gt;connection and $this-&gt;bind are defined.
Definition: ldap.class.php:192
Generated on Wed Dec 14 2022 01:34:30 for dolibarr by Doxygen 1.8.5