2017-12-13 17:47:38 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
class LdapServer {
|
2017-12-17 18:07:40 +01:00
|
|
|
private $conn=NULL,$login,$base,$superadmin=false,$domains=array();
|
2017-12-13 17:47:38 +01:00
|
|
|
|
2017-12-17 18:07:40 +01:00
|
|
|
static public function getClassFilter() {
|
|
|
|
|
return '(ObjectClass='.static::$objectClass[0].')';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static public function getBaseDN($object, $name=NULL) {
|
|
|
|
|
$class = get_called_class();
|
|
|
|
|
if ($class == "LdapDomain") {
|
|
|
|
|
if (empty($name)) {
|
2017-12-17 19:06:28 +01:00
|
|
|
if ($object->server->isSuperadmin()) {
|
|
|
|
|
return static::$dn.'='.$object->getName().','.LdapServer::getBaseDN($object->server);
|
|
|
|
|
} else {
|
|
|
|
|
$mydomain = preg_replace('/.*@/', '', $object->server->login);
|
|
|
|
|
if ($object->getName() == $mydomain) {
|
|
|
|
|
return $object->server->base;
|
|
|
|
|
} else {
|
|
|
|
|
throw new Exception("Vous n'etes pas autoriser a acceder a cette page");
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-12-17 18:07:40 +01:00
|
|
|
} else {
|
2017-12-17 19:06:28 +01:00
|
|
|
if ($object->isSuperadmin()) {
|
|
|
|
|
return static::$dn.'='.$name.','.LdapServer::getBaseDN($object);
|
|
|
|
|
} else {
|
|
|
|
|
throw new Exception("Vous n'etes pas autoriser a acceder a cette page");
|
|
|
|
|
}
|
2017-12-17 18:07:40 +01:00
|
|
|
}
|
|
|
|
|
} elseif ($class == "LdapAccount") {
|
|
|
|
|
if (empty($name)) {
|
|
|
|
|
return static::$dn.'='.$object->getUid().','.LdapDomain::getBaseDN($object->domain);
|
|
|
|
|
} else {
|
|
|
|
|
return static::$dn.'='.$name.','.LdapDomain::getBaseDN($object);
|
|
|
|
|
}
|
|
|
|
|
} elseif ($class == "LdapAlias") {
|
|
|
|
|
if (empty($name)) {
|
|
|
|
|
return static::$dn.'='.$object->getName().','.LdapDomain::getBaseDN($object->domain);
|
|
|
|
|
} else {
|
|
|
|
|
return static::$dn.'='.$name.','.LdapDomain::getBaseDN($object);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return $object->base;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function __construct($login, $base, $adminDN, $adminPass, $uri='ldap://127.0.0.1') {
|
2017-12-13 17:47:38 +01:00
|
|
|
global $conf;
|
|
|
|
|
$this->login = $login;
|
2017-12-17 18:07:40 +01:00
|
|
|
if (!$this->conn = ldap_connect($uri)) {
|
|
|
|
|
throw new Exception("Impossible de se connecter au serveur LDAP $uri");
|
2017-12-13 23:51:21 +01:00
|
|
|
}
|
2017-12-13 17:47:38 +01:00
|
|
|
if (!ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
2017-12-13 23:51:21 +01:00
|
|
|
throw new Exception("Impossible de modifier la version du protocole LDAP à 3");
|
|
|
|
|
}
|
2017-12-17 18:07:40 +01:00
|
|
|
if (!ldap_bind($this->conn, $adminDN, $adminPass)) {
|
2017-12-13 23:51:21 +01:00
|
|
|
throw new Exception("Authentification LDAP échoué !");
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
if (in_array($this->login, $conf['admin']['logins'])) {
|
|
|
|
|
$this->superadmin = true;
|
2017-12-17 19:06:28 +01:00
|
|
|
$this->base = $base;
|
|
|
|
|
} else {
|
|
|
|
|
$mydomain = preg_replace('/.*@/', '', $login);
|
|
|
|
|
$this->base = LdapDomain::$dn.'='.$mydomain.','.$base;
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function login($password) {
|
2017-12-17 18:07:40 +01:00
|
|
|
$sr=ldap_search($this->conn, self::getBaseDN($this), "(&(uid=".$this->login.")(isAdmin=TRUE))");
|
2017-12-13 17:47:38 +01:00
|
|
|
$info = ldap_get_entries($this->conn, $sr);
|
2017-12-17 18:22:49 +01:00
|
|
|
if (!$info['count'] || !@ldap_bind($this->conn, $info[0]['dn'], $password)) {
|
|
|
|
|
throw new Exception("Échec de l'authentification, utilisateur ou mot de passe incorrect.");
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getDomains() {
|
|
|
|
|
if (count($this->domains) == 0) {
|
2017-12-17 19:06:28 +01:00
|
|
|
$sr = ldap_search($this->conn, self::getBaseDN($this), LdapDomain::getClassFilter());
|
|
|
|
|
$objects = ldap_get_entries($this->conn, $sr);
|
|
|
|
|
foreach($objects as $object) {
|
|
|
|
|
if(!empty($object[LdapDomain::$dn][0])) {
|
|
|
|
|
$domain = new LdapDomain($this, $object[LdapDomain::$dn][0]);
|
|
|
|
|
array_push($this->domains, $domain);
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
2017-12-17 19:06:28 +01:00
|
|
|
sort($this->domains);
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
return $this->domains;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-15 15:36:22 +01:00
|
|
|
public function addDomain($name,$active=false) {
|
2017-12-17 18:07:40 +01:00
|
|
|
$info[LdapDomain::$dn]=$name;
|
2017-12-17 16:00:47 +01:00
|
|
|
$info["objectclass"] = LdapDomain::$objectClass;
|
2017-12-15 15:36:22 +01:00
|
|
|
$info["isActive"] = ($active) ? 'TRUE' : 'FALSE';
|
2017-12-13 17:47:38 +01:00
|
|
|
$info["gidNumber"]= getfreegid();
|
|
|
|
|
|
2017-12-17 18:07:40 +01:00
|
|
|
if (!@ldap_add($this->conn, LdapDomain::getBaseDN($this, $name), $info)) {
|
2017-12-14 00:32:58 +01:00
|
|
|
$error = ldap_error($this->conn);
|
|
|
|
|
throw new Exception("Erreur dans l'ajout du domaine : $error");
|
2017-12-13 17:47:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-15 11:42:04 +01:00
|
|
|
public function delDomain($name) {
|
2017-12-17 18:07:40 +01:00
|
|
|
if ($domain = new LdapDomain($this, $name)) {
|
2017-12-15 11:42:04 +01:00
|
|
|
// Delete aliases
|
2017-12-17 18:07:40 +01:00
|
|
|
foreach($domain->getAlias() as $alias) {
|
|
|
|
|
$domain->delAlias($alias->getName());
|
2017-12-15 11:42:04 +01:00
|
|
|
}
|
|
|
|
|
// Delete accounts
|
2017-12-17 18:07:40 +01:00
|
|
|
foreach($domain->getAccounts() as $account) {
|
|
|
|
|
$domain->delAccount($account->getUid());
|
2017-12-15 11:42:04 +01:00
|
|
|
}
|
|
|
|
|
// Delete domain
|
2017-12-17 18:07:40 +01:00
|
|
|
$dn = LdapDomain::getBaseDN($this, $name);
|
2017-12-15 11:42:04 +01:00
|
|
|
if (!ldap_delete($this->conn, $dn)) {
|
|
|
|
|
$error = ldap_error($this->conn);
|
|
|
|
|
throw new Exception("Erreur dans la suppression du domaine $dn : $error");
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
throw new Exception("Ce domaine n'existe pas !");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-13 17:47:38 +01:00
|
|
|
public function isSuperAdmin() {
|
|
|
|
|
return $this->superadmin;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getLogin() {
|
|
|
|
|
return $this->login;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getDn() {
|
|
|
|
|
return $this->dn;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-17 18:07:40 +01:00
|
|
|
public function getConn() {
|
|
|
|
|
return $this->conn;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-13 17:47:38 +01:00
|
|
|
public function __destruct() {
|
|
|
|
|
ldap_unbind($this->conn);
|
|
|
|
|
}
|
|
|
|
|
}
|
