From ccfec5606dae81e6524f6cfcdaca09d4cde7f111 Mon Sep 17 00:00:00 2001
From: Anika Henke <anika@selfthinker.org>
Date: Sat, 7 Dec 2013 23:10:05 +0000
Subject: [PATCH] crlf 2 lf whitespace fixes
---
.gitattributes | 6 +
_test/tests/inc/common_basicinfo.test.php | 10 +-
_test/tests/inc/common_mediainfo.test.php | 10 +-
_test/tests/inc/common_pageinfo.test.php | 66 +-
_test/tests/test/basic.test.php | 12 +-
lib/plugins/authad/adLDAP/adLDAP.php | 1900 ++++++++---------
.../authad/adLDAP/classes/adLDAPComputers.php | 304 +--
.../authad/adLDAP/classes/adLDAPContacts.php | 588 ++---
.../authad/adLDAP/classes/adLDAPExchange.php | 778 +++----
.../authad/adLDAP/classes/adLDAPFolders.php | 356 +--
.../authad/adLDAP/classes/adLDAPGroups.php | 1262 +++++------
.../authad/adLDAP/classes/adLDAPUsers.php | 1364 ++++++------
.../authad/adLDAP/classes/adLDAPUtils.php | 526 ++---
.../adLDAP/collections/adLDAPCollection.php | 274 +--
.../collections/adLDAPComputerCollection.php | 92 +-
.../collections/adLDAPContactCollection.php | 92 +-
.../collections/adLDAPGroupCollection.php | 92 +-
.../collections/adLDAPUserCollection.php | 92 +-
lib/scripts/jquery/jquery-migrate.js | 1022 ++++-----
lib/scripts/jquery/jquery-migrate.min.js | 2 +-
20 files changed, 4427 insertions(+), 4421 deletions(-)
create mode 100644 .gitattributes
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..0fefdf647
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,6 @@
+* text eol=lf
+
+*.png binary
+*.gif binary
+*.ico binary
+*.xcf binary
diff --git a/_test/tests/inc/common_basicinfo.test.php b/_test/tests/inc/common_basicinfo.test.php
index 0369474c9..8359c0877 100644
--- a/_test/tests/inc/common_basicinfo.test.php
+++ b/_test/tests/inc/common_basicinfo.test.php
@@ -18,12 +18,12 @@ class common_infofunctions_test extends DokuWikiTest {
function _get_info() {
global $USERINFO;
- $info = array (
- 'isadmin' => true,
+ $info = array (
+ 'isadmin' => true,
'ismanager' => true,
- 'userinfo' => $USERINFO,
- 'perm' => 255,
- 'namespace' => false,
+ 'userinfo' => $USERINFO,
+ 'perm' => 255,
+ 'namespace' => false,
'ismobile' => false,
'client' => 'testuser',
);
diff --git a/_test/tests/inc/common_mediainfo.test.php b/_test/tests/inc/common_mediainfo.test.php
index 0e67fbcd9..cc5b17ec7 100644
--- a/_test/tests/inc/common_mediainfo.test.php
+++ b/_test/tests/inc/common_mediainfo.test.php
@@ -18,12 +18,12 @@ class common_basicinfo_test extends DokuWikiTest {
function _get_info() {
global $USERINFO;
- $info = array (
- 'isadmin' => true,
+ $info = array (
+ 'isadmin' => true,
'ismanager' => true,
- 'userinfo' => $USERINFO,
- 'perm' => 255,
- 'namespace' => false,
+ 'userinfo' => $USERINFO,
+ 'perm' => 255,
+ 'namespace' => false,
'ismobile' => false,
'client' => 'testuser',
);
diff --git a/_test/tests/inc/common_pageinfo.test.php b/_test/tests/inc/common_pageinfo.test.php
index c54fbce26..0a1ea0a8f 100644
--- a/_test/tests/inc/common_pageinfo.test.php
+++ b/_test/tests/inc/common_pageinfo.test.php
@@ -31,18 +31,18 @@ class common_pageinfo_test extends DokuWikiTest {
'ismobile' => false,
'client' => 'testuser',
);
- $info['rev'] = null;
- $info['subscribed'] = false;
- $info['locked'] = false;
- $info['exists'] = false;
- $info['writable'] = true;
- $info['editable'] = true;
- $info['lastmod'] = false;
- $info['meta'] = array();
- $info['ip'] = null;
- $info['user'] = null;
- $info['sum'] = null;
- $info['editor'] = null;
+ $info['rev'] = null;
+ $info['subscribed'] = false;
+ $info['locked'] = false;
+ $info['exists'] = false;
+ $info['writable'] = true;
+ $info['editable'] = true;
+ $info['lastmod'] = false;
+ $info['meta'] = array();
+ $info['ip'] = null;
+ $info['user'] = null;
+ $info['sum'] = null;
+ $info['editor'] = null;
return $info;
}
@@ -72,15 +72,15 @@ class common_pageinfo_test extends DokuWikiTest {
$rev = filemtime($filename);
$info = $this->_get_expected_pageinfo();
- $info['id'] = 'wiki:syntax';
+ $info['id'] = 'wiki:syntax';
$info['namespace'] = 'wiki';
$info['filepath'] = $filename;
- $info['exists'] = true;
- $info['lastmod'] = $rev;
- $info['meta'] = p_get_metadata($ID);
+ $info['exists'] = true;
+ $info['lastmod'] = $rev;
+ $info['meta'] = p_get_metadata($ID);
$this->assertEquals($info, pageinfo());
- }
+ }
/**
* check info keys and values for anonymous user
@@ -88,8 +88,8 @@ class common_pageinfo_test extends DokuWikiTest {
function test_anonymoususer(){
global $ID,$conf,$REV;
- unset($_SERVER['REMOTE_USER']);
- global $USERINFO; $USERINFO = array();
+ unset($_SERVER['REMOTE_USER']);
+ global $USERINFO; $USERINFO = array();
$ID = 'wiki:syntax';
$filename = $conf['datadir'].'/wiki/syntax.txt';
@@ -104,15 +104,15 @@ class common_pageinfo_test extends DokuWikiTest {
$info['meta'] = p_get_metadata($ID);
$info['rev'] = '';
- $info = array_merge($info, array(
- 'isadmin' => false,
- 'ismanager' => false,
- 'perm' => 8,
- 'client' => '1.2.3.4',
+ $info = array_merge($info, array(
+ 'isadmin' => false,
+ 'ismanager' => false,
+ 'perm' => 8,
+ 'client' => '1.2.3.4',
));
unset($info['userinfo']);
$this->assertEquals($info, pageinfo());
- }
+ }
/**
* check info keys and values with $REV
@@ -135,7 +135,7 @@ class common_pageinfo_test extends DokuWikiTest {
$this->assertEquals($info, pageinfo());
$this->assertEquals($rev-100, $REV);
- }
+ }
/**
* check info keys and values with $RANGE
@@ -146,7 +146,7 @@ class common_pageinfo_test extends DokuWikiTest {
$ID = 'wiki:syntax';
$filename = $conf['datadir'].'/wiki/syntax.txt';
$rev = filemtime($filename);
- $range = '1000-2000';
+ $range = '1000-2000';
$info = $this->_get_expected_pageinfo();
$info['id'] = 'wiki:syntax';
@@ -160,18 +160,18 @@ class common_pageinfo_test extends DokuWikiTest {
// expected result $RANGE unchanged
$RANGE = $range;
- $this->assertEquals($info, pageinfo());
+ $this->assertEquals($info, pageinfo());
$this->assertFalse(isset($REV));
- $this->assertEquals($range,$RANGE);
+ $this->assertEquals($range,$RANGE);
// check $RANGE with $REV = current
// expected result: $RANGE unchanged, $REV cleared
$REV = $rev;
- $info['rev'] = '';
+ $info['rev'] = '';
- $this->assertEquals($info, pageinfo());
+ $this->assertEquals($info, pageinfo());
$this->assertEquals('',$REV);
- $this->assertEquals($range,$RANGE);
+ $this->assertEquals($range,$RANGE);
// check with a real $REV
// expected result: $REV and $RANGE are cleared
@@ -218,7 +218,7 @@ class common_pageinfo_test extends DokuWikiTest {
p_set_metadata($ID,array('last_change' => false));
$this->assertEquals($info, pageinfo());
- $this->assertEquals($info['meta']['last_change'], p_get_metadata($ID,'last_change'));
+ $this->assertEquals($info['meta']['last_change'], p_get_metadata($ID,'last_change'));
// fake an external edit, pageinfo should clear the last change from meta data
// and not return any editor data
diff --git a/_test/tests/test/basic.test.php b/_test/tests/test/basic.test.php
index 05778ccf9..86acef935 100644
--- a/_test/tests/test/basic.test.php
+++ b/_test/tests/test/basic.test.php
@@ -123,11 +123,11 @@ class InttestsBasicTest extends DokuWikiTest {
$request = new TestRequest();
// doku
- $response = $request->get();
- $this->assertEquals('doku.php',$request->getScript());
+ $response = $request->get();
+ $this->assertEquals('doku.php',$request->getScript());
- $response = $request->get(array(),'/doku.php?id=wiki:dokuwiki&test=foo');
- $this->assertEquals('doku.php',$request->getScript());
+ $response = $request->get(array(),'/doku.php?id=wiki:dokuwiki&test=foo');
+ $this->assertEquals('doku.php',$request->getScript());
// fetch
$response = $request->get(array(),'/lib/exe/fetch.php?media=wiki:dokuwiki-128.png');
@@ -149,8 +149,8 @@ class InttestsBasicTest extends DokuWikiTest {
$request = new TestRequest();
$response = $request->get(array(),'/lib/exe/fetch.php?media=wiki:dokuwiki-128.png');
- $headers = $response->getHeaders();
- $this->assertTrue(!empty($headers));
+ $headers = $response->getHeaders();
+ $this->assertTrue(!empty($headers));
}
function testGetHeader(){
diff --git a/lib/plugins/authad/adLDAP/adLDAP.php b/lib/plugins/authad/adLDAP/adLDAP.php
index a8f33b47e..c1f92abe2 100644
--- a/lib/plugins/authad/adLDAP/adLDAP.php
+++ b/lib/plugins/authad/adLDAP/adLDAP.php
@@ -1,951 +1,951 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 169 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-
-/**
-* Main adLDAP class
-*
-* Can be initialised using $adldap = new adLDAP();
-*
-* Something to keep in mind is that Active Directory is a permissions
-* based directory. If you bind as a domain user, you can't fetch as
-* much information on other users as you could as a domain admin.
-*
-* Before asking questions, please read the Documentation at
-* http://adldap.sourceforge.net/wiki/doku.php?id=api
-*/
-require_once(dirname(__FILE__) . '/collections/adLDAPCollection.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPGroups.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPUsers.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPFolders.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPUtils.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPContacts.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPExchange.php');
-require_once(dirname(__FILE__) . '/classes/adLDAPComputers.php');
-
-class adLDAP {
-
- /**
- * Define the different types of account in AD
- */
- const ADLDAP_NORMAL_ACCOUNT = 805306368;
- const ADLDAP_WORKSTATION_TRUST = 805306369;
- const ADLDAP_INTERDOMAIN_TRUST = 805306370;
- const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
- const ADLDAP_DISTRIBUTION_GROUP = 268435457;
- const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
- const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
- const ADLDAP_FOLDER = 'OU';
- const ADLDAP_CONTAINER = 'CN';
-
- /**
- * The default port for LDAP non-SSL connections
- */
- const ADLDAP_LDAP_PORT = '389';
- /**
- * The default port for LDAPS SSL connections
- */
- const ADLDAP_LDAPS_PORT = '636';
-
- /**
- * The account suffix for your domain, can be set when the class is invoked
- *
- * @var string
- */
- protected $accountSuffix = "@mydomain.local";
-
- /**
- * The base dn for your domain
- *
- * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
- *
- * @var string
- */
- protected $baseDn = "DC=mydomain,DC=local";
-
- /**
- * Port used to talk to the domain controllers.
- *
- * @var int
- */
- protected $adPort = self::ADLDAP_LDAP_PORT;
-
- /**
- * Array of domain controllers. Specifiy multiple controllers if you
- * would like the class to balance the LDAP queries amongst multiple servers
- *
- * @var array
- */
- protected $domainControllers = array("dc01.mydomain.local");
-
- /**
- * Optional account with higher privileges for searching
- * This should be set to a domain admin account
- *
- * @var string
- * @var string
- */
- protected $adminUsername = NULL;
- protected $adminPassword = NULL;
-
- /**
- * AD does not return the primary group. http://support.microsoft.com/?kbid=321360
- * This tweak will resolve the real primary group.
- * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
- * someone's primary group is NOT domain users, this is obviously going to mess up the results
- *
- * @var bool
- */
- protected $realPrimaryGroup = true;
-
- /**
- * Use SSL (LDAPS), your server needs to be setup, please see
- * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
- *
- * @var bool
- */
- protected $useSSL = false;
-
- /**
- * Use TLS
- * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
- *
- * @var bool
- */
- protected $useTLS = false;
-
- /**
- * Use SSO
- * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos
- *
- * @var bool
- */
- protected $useSSO = false;
-
- /**
- * When querying group memberships, do it recursively
- * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
- * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
- *
- * @var bool
- */
- protected $recursiveGroups = true;
-
- // You should not need to edit anything below this line
- //******************************************************************************************
-
- /**
- * Connection and bind default variables
- *
- * @var mixed
- * @var mixed
- */
- protected $ldapConnection;
- protected $ldapBind;
-
- /**
- * Get the active LDAP Connection
- *
- * @return resource
- */
- public function getLdapConnection() {
- if ($this->ldapConnection) {
- return $this->ldapConnection;
- }
- return false;
- }
-
- /**
- * Get the bind status
- *
- * @return bool
- */
- public function getLdapBind() {
- return $this->ldapBind;
- }
-
- /**
- * Get the current base DN
- *
- * @return string
- */
- public function getBaseDn() {
- return $this->baseDn;
- }
-
- /**
- * The group class
- *
- * @var adLDAPGroups
- */
- protected $groupClass;
-
- /**
- * Get the group class interface
- *
- * @return adLDAPGroups
- */
- public function group() {
- if (!$this->groupClass) {
- $this->groupClass = new adLDAPGroups($this);
- }
- return $this->groupClass;
- }
-
- /**
- * The user class
- *
- * @var adLDAPUsers
- */
- protected $userClass;
-
- /**
- * Get the userclass interface
- *
- * @return adLDAPUsers
- */
- public function user() {
- if (!$this->userClass) {
- $this->userClass = new adLDAPUsers($this);
- }
- return $this->userClass;
- }
-
- /**
- * The folders class
- *
- * @var adLDAPFolders
- */
- protected $folderClass;
-
- /**
- * Get the folder class interface
- *
- * @return adLDAPFolders
- */
- public function folder() {
- if (!$this->folderClass) {
- $this->folderClass = new adLDAPFolders($this);
- }
- return $this->folderClass;
- }
-
- /**
- * The utils class
- *
- * @var adLDAPUtils
- */
- protected $utilClass;
-
- /**
- * Get the utils class interface
- *
- * @return adLDAPUtils
- */
- public function utilities() {
- if (!$this->utilClass) {
- $this->utilClass = new adLDAPUtils($this);
- }
- return $this->utilClass;
- }
-
- /**
- * The contacts class
- *
- * @var adLDAPContacts
- */
- protected $contactClass;
-
- /**
- * Get the contacts class interface
- *
- * @return adLDAPContacts
- */
- public function contact() {
- if (!$this->contactClass) {
- $this->contactClass = new adLDAPContacts($this);
- }
- return $this->contactClass;
- }
-
- /**
- * The exchange class
- *
- * @var adLDAPExchange
- */
- protected $exchangeClass;
-
- /**
- * Get the exchange class interface
- *
- * @return adLDAPExchange
- */
- public function exchange() {
- if (!$this->exchangeClass) {
- $this->exchangeClass = new adLDAPExchange($this);
- }
- return $this->exchangeClass;
- }
-
- /**
- * The computers class
- *
- * @var adLDAPComputers
- */
- protected $computersClass;
-
- /**
- * Get the computers class interface
- *
- * @return adLDAPComputers
- */
- public function computer() {
- if (!$this->computerClass) {
- $this->computerClass = new adLDAPComputers($this);
- }
- return $this->computerClass;
- }
-
- /**
- * Getters and Setters
- */
-
- /**
- * Set the account suffix
- *
- * @param string $accountSuffix
- * @return void
- */
- public function setAccountSuffix($accountSuffix)
- {
- $this->accountSuffix = $accountSuffix;
- }
-
- /**
- * Get the account suffix
- *
- * @return string
- */
- public function getAccountSuffix()
- {
- return $this->accountSuffix;
- }
-
- /**
- * Set the domain controllers array
- *
- * @param array $domainControllers
- * @return void
- */
- public function setDomainControllers(array $domainControllers)
- {
- $this->domainControllers = $domainControllers;
- }
-
- /**
- * Get the list of domain controllers
- *
- * @return void
- */
- public function getDomainControllers()
- {
- return $this->domainControllers;
- }
-
- /**
- * Sets the port number your domain controller communicates over
- *
- * @param int $adPort
- */
- public function setPort($adPort)
- {
- $this->adPort = $adPort;
- }
-
- /**
- * Gets the port number your domain controller communicates over
- *
- * @return int
- */
- public function getPort()
- {
- return $this->adPort;
- }
-
- /**
- * Set the username of an account with higher priviledges
- *
- * @param string $adminUsername
- * @return void
- */
- public function setAdminUsername($adminUsername)
- {
- $this->adminUsername = $adminUsername;
- }
-
- /**
- * Get the username of the account with higher priviledges
- *
- * This will throw an exception for security reasons
- */
- public function getAdminUsername()
- {
- throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
- }
-
- /**
- * Set the password of an account with higher priviledges
- *
- * @param string $adminPassword
- * @return void
- */
- public function setAdminPassword($adminPassword)
- {
- $this->adminPassword = $adminPassword;
- }
-
- /**
- * Get the password of the account with higher priviledges
- *
- * This will throw an exception for security reasons
- */
- public function getAdminPassword()
- {
- throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
- }
-
- /**
- * Set whether to detect the true primary group
- *
- * @param bool $realPrimaryGroup
- * @return void
- */
- public function setRealPrimaryGroup($realPrimaryGroup)
- {
- $this->realPrimaryGroup = $realPrimaryGroup;
- }
-
- /**
- * Get the real primary group setting
- *
- * @return bool
- */
- public function getRealPrimaryGroup()
- {
- return $this->realPrimaryGroup;
- }
-
- /**
- * Set whether to use SSL
- *
- * @param bool $useSSL
- * @return void
- */
- public function setUseSSL($useSSL)
- {
- $this->useSSL = $useSSL;
- // Set the default port correctly
- if($this->useSSL) {
- $this->setPort(self::ADLDAP_LDAPS_PORT);
- }
- else {
- $this->setPort(self::ADLDAP_LDAP_PORT);
- }
- }
-
- /**
- * Get the SSL setting
- *
- * @return bool
- */
- public function getUseSSL()
- {
- return $this->useSSL;
- }
-
- /**
- * Set whether to use TLS
- *
- * @param bool $useTLS
- * @return void
- */
- public function setUseTLS($useTLS)
- {
- $this->useTLS = $useTLS;
- }
-
- /**
- * Get the TLS setting
- *
- * @return bool
- */
- public function getUseTLS()
- {
- return $this->useTLS;
- }
-
- /**
- * Set whether to use SSO
- * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
- *
- * @param bool $useSSO
- * @return void
- */
- public function setUseSSO($useSSO)
- {
- if ($useSSO === true && !$this->ldapSaslSupported()) {
- throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
- }
- $this->useSSO = $useSSO;
- }
-
- /**
- * Get the SSO setting
- *
- * @return bool
- */
- public function getUseSSO()
- {
- return $this->useSSO;
- }
-
- /**
- * Set whether to lookup recursive groups
- *
- * @param bool $recursiveGroups
- * @return void
- */
- public function setRecursiveGroups($recursiveGroups)
- {
- $this->recursiveGroups = $recursiveGroups;
- }
-
- /**
- * Get the recursive groups setting
- *
- * @return bool
- */
- public function getRecursiveGroups()
- {
- return $this->recursiveGroups;
- }
-
- /**
- * Default Constructor
- *
- * Tries to bind to the AD domain over LDAP or LDAPs
- *
- * @param array $options Array of options to pass to the constructor
- * @throws Exception - if unable to bind to Domain Controller
- * @return bool
- */
- function __construct($options = array()) {
- // You can specifically overide any of the default configuration options setup above
- if (count($options) > 0) {
- if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
- if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
- if (array_key_exists("domain_controllers",$options)){
- if (!is_array($options["domain_controllers"])) {
- throw new adLDAPException('[domain_controllers] option must be an array');
- }
- $this->domainControllers = $options["domain_controllers"];
- }
- if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
- if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
- if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
- if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
- if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
- if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
- if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); }
- if (array_key_exists("sso",$options)) {
- $this->setUseSSO($options["sso"]);
- if (!$this->ldapSaslSupported()) {
- $this->setUseSSO(false);
- }
- }
- }
-
- if ($this->ldapSupported() === false) {
- throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
- }
-
- return $this->connect();
- }
-
- /**
- * Default Destructor
- *
- * Closes the LDAP connection
- *
- * @return void
- */
- function __destruct() {
- $this->close();
- }
-
- /**
- * Connects and Binds to the Domain Controller
- *
- * @return bool
- */
- public function connect()
- {
- // Connect to the AD/LDAP server as the username/password
- $domainController = $this->randomController();
- if ($this->useSSL) {
- $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
- } else {
- $this->ldapConnection = ldap_connect($domainController, $this->adPort);
- }
-
- // Set some ldap options for talking to AD
- ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
- ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
-
- if ($this->useTLS) {
- ldap_start_tls($this->ldapConnection);
- }
-
- // Bind as a domain admin if they've set it up
- if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
- $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
- if (!$this->ldapBind) {
- if ($this->useSSL && !$this->useTLS) {
- // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
- throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
- }
- else {
- throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
- }
- }
- }
- if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
- putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
- $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
- if (!$this->ldapBind){
- throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
- }
- else {
- return true;
- }
- }
-
-
- if ($this->baseDn == NULL) {
- $this->baseDn = $this->findBaseDn();
- }
-
- return true;
- }
-
- /**
- * Closes the LDAP connection
- *
- * @return void
- */
- public function close() {
- if ($this->ldapConnection) {
- @ldap_close($this->ldapConnection);
- }
- }
-
- /**
- * Validate a user's login credentials
- *
- * @param string $username A user's AD username
- * @param string $password A user's AD password
- * @param bool optional $preventRebind
- * @return bool
- */
- public function authenticate($username, $password, $preventRebind = false) {
- // Prevent null binding
- if ($username === NULL || $password === NULL) { return false; }
- if (empty($username) || empty($password)) { return false; }
-
- // Allow binding over SSO for Kerberos
- if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
- putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
- $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
- if (!$this->ldapBind) {
- throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
- }
- else {
- return true;
- }
- }
-
- // Bind as the user
- $ret = true;
- $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
- if (!$this->ldapBind){
- $ret = false;
- }
-
- // Cnce we've checked their details, kick back into admin mode if we have it
- if ($this->adminUsername !== NULL && !$preventRebind) {
- $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
- if (!$this->ldapBind){
- // This should never happen in theory
- throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
- }
- }
-
- return $ret;
- }
-
- /**
- * Find the Base DN of your domain controller
- *
- * @return string
- */
- public function findBaseDn()
- {
- $namingContext = $this->getRootDse(array('defaultnamingcontext'));
- return $namingContext[0]['defaultnamingcontext'][0];
- }
-
- /**
- * Get the RootDSE properties from a domain controller
- *
- * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
- * @return array
- */
- public function getRootDse($attributes = array("*", "+")) {
- if (!$this->ldapBind){ return (false); }
-
- $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
- $entries = @ldap_get_entries($this->ldapConnection, $sr);
- return $entries;
- }
-
- /**
- * Get last error from Active Directory
- *
- * This function gets the last message from Active Directory
- * This may indeed be a 'Success' message but if you get an unknown error
- * it might be worth calling this function to see what errors were raised
- *
- * return string
- */
- public function getLastError() {
- return @ldap_error($this->ldapConnection);
- }
-
- /**
- * Detect LDAP support in php
- *
- * @return bool
- */
- protected function ldapSupported()
- {
- if (!function_exists('ldap_connect')) {
- return false;
- }
- return true;
- }
-
- /**
- * Detect ldap_sasl_bind support in PHP
- *
- * @return bool
- */
- protected function ldapSaslSupported()
- {
- if (!function_exists('ldap_sasl_bind')) {
- return false;
- }
- return true;
- }
-
- /**
- * Schema
- *
- * @param array $attributes Attributes to be queried
- * @return array
- */
- public function adldap_schema($attributes){
-
- // LDAP doesn't like NULL attributes, only set them if they have values
- // If you wish to remove an attribute you should set it to a space
- // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
- $mod=array();
-
- // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
- array_walk($attributes, array($this, 'encode8bit'));
-
- if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
- if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
- //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
- if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
- if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
- if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
- if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
- if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
- if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
- if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
- if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
- if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
- if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
- if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
- if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
- if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
- if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
- if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
- if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
- if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
- if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
- if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
- if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
- if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
- if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
- if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
- if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
- if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
- if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
- if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
- if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
- if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
- if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
- if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
-
- // Distribution List specific schema
- if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
- if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
-
- // Exchange Schema
- if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
- if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
- if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
- if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
- if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
- if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }
- if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }
- if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; }
- if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }
-
- // This schema is designed for contacts
- if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
- if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
-
- //echo ("<pre>"); print_r($mod);
- /*
- // modifying a name is a bit fiddly
- if ($attributes["firstname"] && $attributes["surname"]){
- $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
- $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
- $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
- }
- */
-
- if (count($mod)==0){ return (false); }
- return ($mod);
- }
-
- /**
- * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
- */
- protected function encode8Bit(&$item, $key) {
- $encode = false;
- if (is_string($item)) {
- for ($i=0; $i<strlen($item); $i++) {
- if (ord($item[$i]) >> 7) {
- $encode = true;
- }
- }
- }
- if ($encode === true && $key != 'password') {
- $item = utf8_encode($item);
- }
- }
-
- /**
- * Select a random domain controller from your domain controller array
- *
- * @return string
- */
- protected function randomController()
- {
- mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
- /*if (sizeof($this->domainControllers) > 1) {
- $adController = $this->domainControllers[array_rand($this->domainControllers)];
- // Test if the controller is responding to pings
- $ping = $this->pingController($adController);
- if ($ping === false) {
- // Find the current key in the domain controllers array
- $key = array_search($adController, $this->domainControllers);
- // Remove it so that we don't end up in a recursive loop
- unset($this->domainControllers[$key]);
- // Select a new controller
- return $this->randomController();
- }
- else {
- return ($adController);
- }
- } */
- return $this->domainControllers[array_rand($this->domainControllers)];
- }
-
- /**
- * Test basic connectivity to controller
- *
- * @return bool
- */
- protected function pingController($host) {
- $port = $this->adPort;
- fsockopen($host, $port, $errno, $errstr, 10);
- if ($errno > 0) {
- return false;
- }
- return true;
- }
-
-}
-
-/**
-* adLDAP Exception Handler
-*
-* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
-* Example:
-* try {
-* $adldap = new adLDAP();
-* }
-* catch (adLDAPException $e) {
-* echo $e;
-* exit();
-* }
-*/
-class adLDAPException extends Exception {}
-
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 169 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+
+/**
+* Main adLDAP class
+*
+* Can be initialised using $adldap = new adLDAP();
+*
+* Something to keep in mind is that Active Directory is a permissions
+* based directory. If you bind as a domain user, you can't fetch as
+* much information on other users as you could as a domain admin.
+*
+* Before asking questions, please read the Documentation at
+* http://adldap.sourceforge.net/wiki/doku.php?id=api
+*/
+require_once(dirname(__FILE__) . '/collections/adLDAPCollection.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPGroups.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUsers.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPFolders.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUtils.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPContacts.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPExchange.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPComputers.php');
+
+class adLDAP {
+
+ /**
+ * Define the different types of account in AD
+ */
+ const ADLDAP_NORMAL_ACCOUNT = 805306368;
+ const ADLDAP_WORKSTATION_TRUST = 805306369;
+ const ADLDAP_INTERDOMAIN_TRUST = 805306370;
+ const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
+ const ADLDAP_DISTRIBUTION_GROUP = 268435457;
+ const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
+ const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
+ const ADLDAP_FOLDER = 'OU';
+ const ADLDAP_CONTAINER = 'CN';
+
+ /**
+ * The default port for LDAP non-SSL connections
+ */
+ const ADLDAP_LDAP_PORT = '389';
+ /**
+ * The default port for LDAPS SSL connections
+ */
+ const ADLDAP_LDAPS_PORT = '636';
+
+ /**
+ * The account suffix for your domain, can be set when the class is invoked
+ *
+ * @var string
+ */
+ protected $accountSuffix = "@mydomain.local";
+
+ /**
+ * The base dn for your domain
+ *
+ * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
+ *
+ * @var string
+ */
+ protected $baseDn = "DC=mydomain,DC=local";
+
+ /**
+ * Port used to talk to the domain controllers.
+ *
+ * @var int
+ */
+ protected $adPort = self::ADLDAP_LDAP_PORT;
+
+ /**
+ * Array of domain controllers. Specifiy multiple controllers if you
+ * would like the class to balance the LDAP queries amongst multiple servers
+ *
+ * @var array
+ */
+ protected $domainControllers = array("dc01.mydomain.local");
+
+ /**
+ * Optional account with higher privileges for searching
+ * This should be set to a domain admin account
+ *
+ * @var string
+ * @var string
+ */
+ protected $adminUsername = NULL;
+ protected $adminPassword = NULL;
+
+ /**
+ * AD does not return the primary group. http://support.microsoft.com/?kbid=321360
+ * This tweak will resolve the real primary group.
+ * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
+ * someone's primary group is NOT domain users, this is obviously going to mess up the results
+ *
+ * @var bool
+ */
+ protected $realPrimaryGroup = true;
+
+ /**
+ * Use SSL (LDAPS), your server needs to be setup, please see
+ * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
+ *
+ * @var bool
+ */
+ protected $useSSL = false;
+
+ /**
+ * Use TLS
+ * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
+ *
+ * @var bool
+ */
+ protected $useTLS = false;
+
+ /**
+ * Use SSO
+ * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos
+ *
+ * @var bool
+ */
+ protected $useSSO = false;
+
+ /**
+ * When querying group memberships, do it recursively
+ * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
+ * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
+ *
+ * @var bool
+ */
+ protected $recursiveGroups = true;
+
+ // You should not need to edit anything below this line
+ //******************************************************************************************
+
+ /**
+ * Connection and bind default variables
+ *
+ * @var mixed
+ * @var mixed
+ */
+ protected $ldapConnection;
+ protected $ldapBind;
+
+ /**
+ * Get the active LDAP Connection
+ *
+ * @return resource
+ */
+ public function getLdapConnection() {
+ if ($this->ldapConnection) {
+ return $this->ldapConnection;
+ }
+ return false;
+ }
+
+ /**
+ * Get the bind status
+ *
+ * @return bool
+ */
+ public function getLdapBind() {
+ return $this->ldapBind;
+ }
+
+ /**
+ * Get the current base DN
+ *
+ * @return string
+ */
+ public function getBaseDn() {
+ return $this->baseDn;
+ }
+
+ /**
+ * The group class
+ *
+ * @var adLDAPGroups
+ */
+ protected $groupClass;
+
+ /**
+ * Get the group class interface
+ *
+ * @return adLDAPGroups
+ */
+ public function group() {
+ if (!$this->groupClass) {
+ $this->groupClass = new adLDAPGroups($this);
+ }
+ return $this->groupClass;
+ }
+
+ /**
+ * The user class
+ *
+ * @var adLDAPUsers
+ */
+ protected $userClass;
+
+ /**
+ * Get the userclass interface
+ *
+ * @return adLDAPUsers
+ */
+ public function user() {
+ if (!$this->userClass) {
+ $this->userClass = new adLDAPUsers($this);
+ }
+ return $this->userClass;
+ }
+
+ /**
+ * The folders class
+ *
+ * @var adLDAPFolders
+ */
+ protected $folderClass;
+
+ /**
+ * Get the folder class interface
+ *
+ * @return adLDAPFolders
+ */
+ public function folder() {
+ if (!$this->folderClass) {
+ $this->folderClass = new adLDAPFolders($this);
+ }
+ return $this->folderClass;
+ }
+
+ /**
+ * The utils class
+ *
+ * @var adLDAPUtils
+ */
+ protected $utilClass;
+
+ /**
+ * Get the utils class interface
+ *
+ * @return adLDAPUtils
+ */
+ public function utilities() {
+ if (!$this->utilClass) {
+ $this->utilClass = new adLDAPUtils($this);
+ }
+ return $this->utilClass;
+ }
+
+ /**
+ * The contacts class
+ *
+ * @var adLDAPContacts
+ */
+ protected $contactClass;
+
+ /**
+ * Get the contacts class interface
+ *
+ * @return adLDAPContacts
+ */
+ public function contact() {
+ if (!$this->contactClass) {
+ $this->contactClass = new adLDAPContacts($this);
+ }
+ return $this->contactClass;
+ }
+
+ /**
+ * The exchange class
+ *
+ * @var adLDAPExchange
+ */
+ protected $exchangeClass;
+
+ /**
+ * Get the exchange class interface
+ *
+ * @return adLDAPExchange
+ */
+ public function exchange() {
+ if (!$this->exchangeClass) {
+ $this->exchangeClass = new adLDAPExchange($this);
+ }
+ return $this->exchangeClass;
+ }
+
+ /**
+ * The computers class
+ *
+ * @var adLDAPComputers
+ */
+ protected $computersClass;
+
+ /**
+ * Get the computers class interface
+ *
+ * @return adLDAPComputers
+ */
+ public function computer() {
+ if (!$this->computerClass) {
+ $this->computerClass = new adLDAPComputers($this);
+ }
+ return $this->computerClass;
+ }
+
+ /**
+ * Getters and Setters
+ */
+
+ /**
+ * Set the account suffix
+ *
+ * @param string $accountSuffix
+ * @return void
+ */
+ public function setAccountSuffix($accountSuffix)
+ {
+ $this->accountSuffix = $accountSuffix;
+ }
+
+ /**
+ * Get the account suffix
+ *
+ * @return string
+ */
+ public function getAccountSuffix()
+ {
+ return $this->accountSuffix;
+ }
+
+ /**
+ * Set the domain controllers array
+ *
+ * @param array $domainControllers
+ * @return void
+ */
+ public function setDomainControllers(array $domainControllers)
+ {
+ $this->domainControllers = $domainControllers;
+ }
+
+ /**
+ * Get the list of domain controllers
+ *
+ * @return void
+ */
+ public function getDomainControllers()
+ {
+ return $this->domainControllers;
+ }
+
+ /**
+ * Sets the port number your domain controller communicates over
+ *
+ * @param int $adPort
+ */
+ public function setPort($adPort)
+ {
+ $this->adPort = $adPort;
+ }
+
+ /**
+ * Gets the port number your domain controller communicates over
+ *
+ * @return int
+ */
+ public function getPort()
+ {
+ return $this->adPort;
+ }
+
+ /**
+ * Set the username of an account with higher priviledges
+ *
+ * @param string $adminUsername
+ * @return void
+ */
+ public function setAdminUsername($adminUsername)
+ {
+ $this->adminUsername = $adminUsername;
+ }
+
+ /**
+ * Get the username of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminUsername()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set the password of an account with higher priviledges
+ *
+ * @param string $adminPassword
+ * @return void
+ */
+ public function setAdminPassword($adminPassword)
+ {
+ $this->adminPassword = $adminPassword;
+ }
+
+ /**
+ * Get the password of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminPassword()
+ {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set whether to detect the true primary group
+ *
+ * @param bool $realPrimaryGroup
+ * @return void
+ */
+ public function setRealPrimaryGroup($realPrimaryGroup)
+ {
+ $this->realPrimaryGroup = $realPrimaryGroup;
+ }
+
+ /**
+ * Get the real primary group setting
+ *
+ * @return bool
+ */
+ public function getRealPrimaryGroup()
+ {
+ return $this->realPrimaryGroup;
+ }
+
+ /**
+ * Set whether to use SSL
+ *
+ * @param bool $useSSL
+ * @return void
+ */
+ public function setUseSSL($useSSL)
+ {
+ $this->useSSL = $useSSL;
+ // Set the default port correctly
+ if($this->useSSL) {
+ $this->setPort(self::ADLDAP_LDAPS_PORT);
+ }
+ else {
+ $this->setPort(self::ADLDAP_LDAP_PORT);
+ }
+ }
+
+ /**
+ * Get the SSL setting
+ *
+ * @return bool
+ */
+ public function getUseSSL()
+ {
+ return $this->useSSL;
+ }
+
+ /**
+ * Set whether to use TLS
+ *
+ * @param bool $useTLS
+ * @return void
+ */
+ public function setUseTLS($useTLS)
+ {
+ $this->useTLS = $useTLS;
+ }
+
+ /**
+ * Get the TLS setting
+ *
+ * @return bool
+ */
+ public function getUseTLS()
+ {
+ return $this->useTLS;
+ }
+
+ /**
+ * Set whether to use SSO
+ * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
+ *
+ * @param bool $useSSO
+ * @return void
+ */
+ public function setUseSSO($useSSO)
+ {
+ if ($useSSO === true && !$this->ldapSaslSupported()) {
+ throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
+ }
+ $this->useSSO = $useSSO;
+ }
+
+ /**
+ * Get the SSO setting
+ *
+ * @return bool
+ */
+ public function getUseSSO()
+ {
+ return $this->useSSO;
+ }
+
+ /**
+ * Set whether to lookup recursive groups
+ *
+ * @param bool $recursiveGroups
+ * @return void
+ */
+ public function setRecursiveGroups($recursiveGroups)
+ {
+ $this->recursiveGroups = $recursiveGroups;
+ }
+
+ /**
+ * Get the recursive groups setting
+ *
+ * @return bool
+ */
+ public function getRecursiveGroups()
+ {
+ return $this->recursiveGroups;
+ }
+
+ /**
+ * Default Constructor
+ *
+ * Tries to bind to the AD domain over LDAP or LDAPs
+ *
+ * @param array $options Array of options to pass to the constructor
+ * @throws Exception - if unable to bind to Domain Controller
+ * @return bool
+ */
+ function __construct($options = array()) {
+ // You can specifically overide any of the default configuration options setup above
+ if (count($options) > 0) {
+ if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
+ if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
+ if (array_key_exists("domain_controllers",$options)){
+ if (!is_array($options["domain_controllers"])) {
+ throw new adLDAPException('[domain_controllers] option must be an array');
+ }
+ $this->domainControllers = $options["domain_controllers"];
+ }
+ if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
+ if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
+ if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
+ if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
+ if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
+ if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
+ if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); }
+ if (array_key_exists("sso",$options)) {
+ $this->setUseSSO($options["sso"]);
+ if (!$this->ldapSaslSupported()) {
+ $this->setUseSSO(false);
+ }
+ }
+ }
+
+ if ($this->ldapSupported() === false) {
+ throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
+ }
+
+ return $this->connect();
+ }
+
+ /**
+ * Default Destructor
+ *
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ function __destruct() {
+ $this->close();
+ }
+
+ /**
+ * Connects and Binds to the Domain Controller
+ *
+ * @return bool
+ */
+ public function connect()
+ {
+ // Connect to the AD/LDAP server as the username/password
+ $domainController = $this->randomController();
+ if ($this->useSSL) {
+ $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
+ } else {
+ $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+ }
+
+ // Set some ldap options for talking to AD
+ ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->useTLS) {
+ ldap_start_tls($this->ldapConnection);
+ }
+
+ // Bind as a domain admin if they've set it up
+ if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
+ if (!$this->ldapBind) {
+ if ($this->useSSL && !$this->useTLS) {
+ // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+ throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
+ }
+ else {
+ throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
+ }
+ }
+ }
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind){
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+
+ if ($this->baseDn == NULL) {
+ $this->baseDn = $this->findBaseDn();
+ }
+
+ return true;
+ }
+
+ /**
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ public function close() {
+ if ($this->ldapConnection) {
+ @ldap_close($this->ldapConnection);
+ }
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $preventRebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ // Prevent null binding
+ if ($username === NULL || $password === NULL) { return false; }
+ if (empty($username) || empty($password)) { return false; }
+
+ // Allow binding over SSO for Kerberos
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+ // Bind as the user
+ $ret = true;
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
+ if (!$this->ldapBind){
+ $ret = false;
+ }
+
+ // Cnce we've checked their details, kick back into admin mode if we have it
+ if ($this->adminUsername !== NULL && !$preventRebind) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
+ if (!$this->ldapBind){
+ // This should never happen in theory
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ }
+
+ return $ret;
+ }
+
+ /**
+ * Find the Base DN of your domain controller
+ *
+ * @return string
+ */
+ public function findBaseDn()
+ {
+ $namingContext = $this->getRootDse(array('defaultnamingcontext'));
+ return $namingContext[0]['defaultnamingcontext'][0];
+ }
+
+ /**
+ * Get the RootDSE properties from a domain controller
+ *
+ * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+ * @return array
+ */
+ public function getRootDse($attributes = array("*", "+")) {
+ if (!$this->ldapBind){ return (false); }
+
+ $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+ $entries = @ldap_get_entries($this->ldapConnection, $sr);
+ return $entries;
+ }
+
+ /**
+ * Get last error from Active Directory
+ *
+ * This function gets the last message from Active Directory
+ * This may indeed be a 'Success' message but if you get an unknown error
+ * it might be worth calling this function to see what errors were raised
+ *
+ * return string
+ */
+ public function getLastError() {
+ return @ldap_error($this->ldapConnection);
+ }
+
+ /**
+ * Detect LDAP support in php
+ *
+ * @return bool
+ */
+ protected function ldapSupported()
+ {
+ if (!function_exists('ldap_connect')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Detect ldap_sasl_bind support in PHP
+ *
+ * @return bool
+ */
+ protected function ldapSaslSupported()
+ {
+ if (!function_exists('ldap_sasl_bind')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Schema
+ *
+ * @param array $attributes Attributes to be queried
+ * @return array
+ */
+ public function adldap_schema($attributes){
+
+ // LDAP doesn't like NULL attributes, only set them if they have values
+ // If you wish to remove an attribute you should set it to a space
+ // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+ $mod=array();
+
+ // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+ array_walk($attributes, array($this, 'encode8bit'));
+
+ if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
+ if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
+ //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+ if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
+ if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+ if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
+ if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+ if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
+ if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
+ if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
+ if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
+ if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
+ if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
+ if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+ if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
+ if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+ if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+ if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
+ if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+ if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
+ if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+ if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
+ if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+ if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+ if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
+ if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
+ if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+ if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
+ if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
+ if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+ if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+ if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+ if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+ if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
+
+ // Distribution List specific schema
+ if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+ if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+
+ // Exchange Schema
+ if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+ if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+ if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+ if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+ if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+ if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }
+ if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }
+ if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; }
+ if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }
+
+ // This schema is designed for contacts
+ if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+ if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+
+ //echo ("<pre>"); print_r($mod);
+ /*
+ // modifying a name is a bit fiddly
+ if ($attributes["firstname"] && $attributes["surname"]){
+ $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ }
+ */
+
+ if (count($mod)==0){ return (false); }
+ return ($mod);
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ protected function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i<strlen($item); $i++) {
+ if (ord($item[$i]) >> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Select a random domain controller from your domain controller array
+ *
+ * @return string
+ */
+ protected function randomController()
+ {
+ mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+ /*if (sizeof($this->domainControllers) > 1) {
+ $adController = $this->domainControllers[array_rand($this->domainControllers)];
+ // Test if the controller is responding to pings
+ $ping = $this->pingController($adController);
+ if ($ping === false) {
+ // Find the current key in the domain controllers array
+ $key = array_search($adController, $this->domainControllers);
+ // Remove it so that we don't end up in a recursive loop
+ unset($this->domainControllers[$key]);
+ // Select a new controller
+ return $this->randomController();
+ }
+ else {
+ return ($adController);
+ }
+ } */
+ return $this->domainControllers[array_rand($this->domainControllers)];
+ }
+
+ /**
+ * Test basic connectivity to controller
+ *
+ * @return bool
+ */
+ protected function pingController($host) {
+ $port = $this->adPort;
+ fsockopen($host, $port, $errno, $errstr, 10);
+ if ($errno > 0) {
+ return false;
+ }
+ return true;
+ }
+
+}
+
+/**
+* adLDAP Exception Handler
+*
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+* $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+* echo $e;
+* exit();
+* }
+*/
+class adLDAPException extends Exception {}
+
?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
index 71b24a04f..aabd88fa5 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
@@ -1,153 +1,153 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Computers
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-require_once(dirname(__FILE__) . '/../collections/adLDAPComputerCollection.php');
-
-/**
-* COMPUTER MANAGEMENT FUNCTIONS
-*/
-class adLDAPComputers {
-
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- /**
- * Get information about a specific computer. Returned in a raw array format from AD
- *
- * @param string $computerName The name of the computer
- * @param array $fields Attributes to return
- * @return array
- */
- public function info($computerName, $fields = NULL)
- {
- if ($computerName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
- if ($fields === NULL) {
- $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion");
- }
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- return $entries;
- }
-
- /**
- * Find information about the computers. Returned in a raw array format from AD
- *
- * @param string $computerName The name of the computer
- * @param array $fields Array of parameters to query
- * @return mixed
- */
- public function infoCollection($computerName, $fields = NULL)
- {
- if ($computerName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $info = $this->info($computerName, $fields);
-
- if ($info !== false) {
- $collection = new adLDAPComputerCollection($info, $this->adldap);
- return $collection;
- }
- return false;
- }
-
- /**
- * Check if a computer is in a group
- *
- * @param string $computerName The name of the computer
- * @param string $group The group to check
- * @param bool $recursive Whether to check recursively
- * @return array
- */
- public function inGroup($computerName, $group, $recursive = NULL)
- {
- if ($computerName === NULL) { return false; }
- if ($group === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
-
- //get a list of the groups
- $groups = $this->groups($computerName, array("memberof"), $recursive);
-
- //return true if the specified group is in the group list
- if (in_array($group, $groups)){
- return true;
- }
-
- return false;
- }
-
- /**
- * Get the groups a computer is in
- *
- * @param string $computerName The name of the computer
- * @param bool $recursive Whether to check recursively
- * @return array
- */
- public function groups($computerName, $recursive = NULL)
- {
- if ($computerName === NULL) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
- if (!$this->adldap->getLdapBind()){ return false; }
-
- //search the directory for their information
- $info = @$this->info($computerName, array("memberof", "primarygroupid"));
- $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
-
- if ($recursive === true) {
- foreach ($groups as $id => $groupName){
- $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
- $groups = array_merge($groups, $extraGroups);
- }
- }
-
- return $groups;
- }
-
-}
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Computers
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPComputerCollection.php');
+
+/**
+* COMPUTER MANAGEMENT FUNCTIONS
+*/
+class adLDAPComputers {
+
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Get information about a specific computer. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Attributes to return
+ * @return array
+ */
+ public function info($computerName, $fields = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
+ if ($fields === NULL) {
+ $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ return $entries;
+ }
+
+ /**
+ * Find information about the computers. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($computerName, $fields = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($computerName, $fields);
+
+ if ($info !== false) {
+ $collection = new adLDAPComputerCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Check if a computer is in a group
+ *
+ * @param string $computerName The name of the computer
+ * @param string $group The group to check
+ * @param bool $recursive Whether to check recursively
+ * @return array
+ */
+ public function inGroup($computerName, $group, $recursive = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+ //get a list of the groups
+ $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+ //return true if the specified group is in the group list
+ if (in_array($group, $groups)){
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Get the groups a computer is in
+ *
+ * @param string $computerName The name of the computer
+ * @param bool $recursive Whether to check recursively
+ * @return array
+ */
+ public function groups($computerName, $recursive = NULL)
+ {
+ if ($computerName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ //search the directory for their information
+ $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName){
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+}
?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
index addd3e5f0..42a0d756b 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
@@ -1,294 +1,294 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Contacts
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-require_once(dirname(__FILE__) . '/../collections/adLDAPContactCollection.php');
-
-class adLDAPContacts {
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- //*****************************************************************************************************************
- // CONTACT FUNCTIONS
- // * Still work to do in this area, and new functions to write
-
- /**
- * Create a contact
- *
- * @param array $attributes The attributes to set to the contact
- * @return bool
- */
- public function create($attributes)
- {
- // Check for compulsory fields
- if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
- if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
- if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
- if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
-
- // Translate the schema
- $add = $this->adldap->adldap_schema($attributes);
-
- // Additional stuff only used for adding contacts
- $add["cn"][0] = $attributes["display_name"];
- $add["objectclass"][0] = "top";
- $add["objectclass"][1] = "person";
- $add["objectclass"][2] = "organizationalPerson";
- $add["objectclass"][3] = "contact";
- if (!isset($attributes['exchange_hidefromlists'])) {
- $add["msExchHideFromAddressLists"][0] = "TRUE";
- }
-
- // Determine the container
- $attributes["container"] = array_reverse($attributes["container"]);
- $container= "OU=" . implode(",OU=", $attributes["container"]);
-
- // Add the entry
- $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
- if ($result != true) {
- return false;
- }
-
- return true;
- }
-
- /**
- * Determine the list of groups a contact is a member of
- *
- * @param string $distinguisedname The full DN of a contact
- * @param bool $recursive Recursively check groups
- * @return array
- */
- public function groups($distinguishedName, $recursive = NULL)
- {
- if ($distinguishedName === NULL) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
- if (!$this->adldap->getLdapBind()){ return false; }
-
- // Search the directory for their information
- $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
- $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
-
- if ($recursive === true){
- foreach ($groups as $id => $groupName){
- $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
- $groups = array_merge($groups, $extraGroups);
- }
- }
-
- return $groups;
- }
-
- /**
- * Get contact information. Returned in a raw array format from AD
- *
- * @param string $distinguisedname The full DN of a contact
- * @param array $fields Attributes to be returned
- * @return array
- */
- public function info($distinguishedName, $fields = NULL)
- {
- if ($distinguishedName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $filter = "distinguishedName=" . $distinguishedName;
- if ($fields === NULL) {
- $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
- }
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- if ($entries[0]['count'] >= 1) {
- // AD does not return the primary group in the ldap query, we may need to fudge it
- if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
- //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
- $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
- } else {
- $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
- }
- }
-
- $entries[0]["memberof"]["count"]++;
- return $entries;
- }
-
- /**
- * Find information about the contacts. Returned in a raw array format from AD
- *
- * @param string $distinguishedName The full DN of a contact
- * @param array $fields Array of parameters to query
- * @return mixed
- */
- public function infoCollection($distinguishedName, $fields = NULL)
- {
- if ($distinguishedName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $info = $this->info($distinguishedName, $fields);
-
- if ($info !== false) {
- $collection = new adLDAPContactCollection($info, $this->adldap);
- return $collection;
- }
- return false;
- }
-
- /**
- * Determine if a contact is a member of a group
- *
- * @param string $distinguisedName The full DN of a contact
- * @param string $group The group name to query
- * @param bool $recursive Recursively check groups
- * @return bool
- */
- public function inGroup($distinguisedName, $group, $recursive = NULL)
- {
- if ($distinguisedName === NULL) { return false; }
- if ($group === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
-
- // Get a list of the groups
- $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
-
- // Return true if the specified group is in the group list
- if (in_array($group, $groups)){
- return true;
- }
-
- return false;
- }
-
- /**
- * Modify a contact
- *
- * @param string $distinguishedName The contact to query
- * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
- * @return bool
- */
- public function modify($distinguishedName, $attributes) {
- if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
-
- // Translate the update to the LDAP schema
- $mod = $this->adldap->adldap_schema($attributes);
-
- // Check to see if this is an enabled status update
- if (!$mod) {
- return false;
- }
-
- // Do the update
- $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
-
- /**
- * Delete a contact
- *
- * @param string $distinguishedName The contact dn to delete (please be careful here!)
- * @return array
- */
- public function delete($distinguishedName)
- {
- $result = $this->folder()->delete($distinguishedName);
- if ($result != true) {
- return false;
- }
- return true;
- }
-
- /**
- * Return a list of all contacts
- *
- * @param bool $includeDescription Include a description of a contact
- * @param string $search The search parameters
- * @param bool $sorted Whether to sort the results
- * @return array
- */
- public function all($includeDescription = false, $search = "*", $sorted = true) {
- if (!$this->adldap->getLdapBind()) { return false; }
-
- // Perform the search and grab all their details
- $filter = "(&(objectClass=contact)(cn=" . $search . "))";
- $fields = array("displayname","distinguishedname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- $usersArray = array();
- for ($i=0; $i<$entries["count"]; $i++){
- if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
- $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
- } elseif ($includeDescription){
- $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
- } else {
- array_push($usersArray, $entries[$i]["distinguishedname"][0]);
- }
- }
- if ($sorted) {
- asort($usersArray);
- }
- return $usersArray;
- }
-
- /**
- * Mail enable a contact
- * Allows email to be sent to them through Exchange
- *
- * @param string $distinguishedname The contact to mail enable
- * @param string $emailaddress The email address to allow emails to be sent through
- * @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
- * @return bool
- */
- public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
- return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
- }
-
-
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Contacts
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPContactCollection.php');
+
+class adLDAPContacts {
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ //*****************************************************************************************************************
+ // CONTACT FUNCTIONS
+ // * Still work to do in this area, and new functions to write
+
+ /**
+ * Create a contact
+ *
+ * @param array $attributes The attributes to set to the contact
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ // Check for compulsory fields
+ if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+ if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding contacts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "contact";
+ if (!isset($attributes['exchange_hidefromlists'])) {
+ $add["msExchHideFromAddressLists"][0] = "TRUE";
+ }
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container= "OU=" . implode(",OU=", $attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Determine the list of groups a contact is a member of
+ *
+ * @param string $distinguisedname The full DN of a contact
+ * @param bool $recursive Recursively check groups
+ * @return array
+ */
+ public function groups($distinguishedName, $recursive = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+ if ($recursive === true){
+ foreach ($groups as $id => $groupName){
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Get contact information. Returned in a raw array format from AD
+ *
+ * @param string $distinguisedname The full DN of a contact
+ * @param array $fields Attributes to be returned
+ * @return array
+ */
+ public function info($distinguishedName, $fields = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "distinguishedName=" . $distinguishedName;
+ if ($fields === NULL) {
+ $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($entries[0]['count'] >= 1) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+ }
+ }
+
+ $entries[0]["memberof"]["count"]++;
+ return $entries;
+ }
+
+ /**
+ * Find information about the contacts. Returned in a raw array format from AD
+ *
+ * @param string $distinguishedName The full DN of a contact
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($distinguishedName, $fields = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($distinguishedName, $fields);
+
+ if ($info !== false) {
+ $collection = new adLDAPContactCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a contact is a member of a group
+ *
+ * @param string $distinguisedName The full DN of a contact
+ * @param string $group The group name to query
+ * @param bool $recursive Recursively check groups
+ * @return bool
+ */
+ public function inGroup($distinguisedName, $group, $recursive = NULL)
+ {
+ if ($distinguisedName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+
+ // Return true if the specified group is in the group list
+ if (in_array($group, $groups)){
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Modify a contact
+ *
+ * @param string $distinguishedName The contact to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @return bool
+ */
+ public function modify($distinguishedName, $attributes) {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) {
+ return false;
+ }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Delete a contact
+ *
+ * @param string $distinguishedName The contact dn to delete (please be careful here!)
+ * @return array
+ */
+ public function delete($distinguishedName)
+ {
+ $result = $this->folder()->delete($distinguishedName);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of all contacts
+ *
+ * @param bool $includeDescription Include a description of a contact
+ * @param string $search The search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=contact)(cn=" . $search . "))";
+ $fields = array("displayname","distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription){
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedname The contact to mail enable
+ * @param string $emailaddress The email address to allow emails to be sent through
+ * @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return bool
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
+ return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+ }
+
+
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
index dd0c6de05..d70aac779 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
@@ -1,390 +1,390 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Exchange
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-
-/**
-* MICROSOFT EXCHANGE FUNCTIONS
-*/
-class adLDAPExchange {
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- /**
- * Create an Exchange account
- *
- * @param string $username The username of the user to add the Exchange account to
- * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
- * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
- * @param string $emailAddress The primary email address to add to this user
- * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used
- * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
- * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
- {
- if ($username === NULL){ return "Missing compulsory field [username]"; }
- if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
- if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
- if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
-
- if ($baseDn === NULL) {
- $baseDn = $this->adldap->getBaseDn();
- }
-
- $container = "CN=" . implode(",CN=", $storageGroup);
-
- if ($mailNickname === NULL) {
- $mailNickname = $username;
- }
- $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
-
- $attributes = array(
- 'exchange_homemdb'=>$container.",".$baseDn,
- 'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
- 'exchange_mailnickname'=>$mailNickname,
- 'exchange_usedefaults'=>$mdbUseDefaults
- );
- $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Add an X400 address to Exchange
- * See http://tools.ietf.org/html/rfc1685 for more information.
- * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
- *
- * @param string $username The username of the user to add the X400 to to
- * @param string $country Country
- * @param string $admd Administration Management Domain
- * @param string $pdmd Private Management Domain (often your AD domain)
- * @param string $org Organization
- * @param string $surname Surname
- * @param string $givenName Given name
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false)
- {
- if ($username === NULL){ return "Missing compulsory field [username]"; }
-
- $proxyValue = 'X400:';
-
- // Find the dn of the user
- $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
- if ($user[0]["dn"] === NULL) { return false; }
- $userDn = $user[0]["dn"];
-
- // We do not have to demote an email address from the default so we can just add the new proxy address
- $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
-
- // Translate the update to the LDAP schema
- $add = $this->adldap->adldap_schema($attributes);
-
- if (!$add) { return false; }
-
- // Do the update
- // Take out the @ to see any errors, usually this error might occur because the address already
- // exists in the list of proxyAddresses
- $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
-
- /**
- * Add an address to Exchange
- *
- * @param string $username The username of the user to add the Exchange account to
- * @param string $emailAddress The email address to add to this user
- * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-
- $proxyValue = 'smtp:';
- if ($default === true) {
- $proxyValue = 'SMTP:';
- }
-
- // Find the dn of the user
- $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
- if ($user[0]["dn"] === NULL){ return false; }
- $userDn = $user[0]["dn"];
-
- // We need to scan existing proxy addresses and demote the default one
- if (is_array($user[0]["proxyaddresses"]) && $default === true) {
- $modAddresses = array();
- for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
- if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
- $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
- }
- if ($user[0]['proxyaddresses'][$i] != '') {
- $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
- }
- }
- $modAddresses['proxyAddresses'][(sizeof($user[0]['proxyaddresses'])-1)] = 'SMTP:' . $emailAddress;
-
- $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
- else {
- // We do not have to demote an email address from the default so we can just add the new proxy address
- $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
-
- // Translate the update to the LDAP schema
- $add = $this->adldap->adldap_schema($attributes);
-
- if (!$add) {
- return false;
- }
-
- // Do the update
- // Take out the @ to see any errors, usually this error might occur because the address already
- // exists in the list of proxyAddresses
- $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
- }
-
- /**
- * Remove an address to Exchange
- * If you remove a default address the account will no longer have a default,
- * we recommend changing the default address first
- *
- * @param string $username The username of the user to add the Exchange account to
- * @param string $emailAddress The email address to add to this user
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function deleteAddress($username, $emailAddress, $isGUID=false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-
- // Find the dn of the user
- $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
- if ($user[0]["dn"] === NULL) { return false; }
- $userDn = $user[0]["dn"];
-
- if (is_array($user[0]["proxyaddresses"])) {
- $mod = array();
- for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
- if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false && $user[0]['proxyaddresses'][$i] == 'SMTP:' . $emailAddress) {
- $mod['proxyAddresses'][0] = 'SMTP:' . $emailAddress;
- }
- elseif (strstr($user[0]['proxyaddresses'][$i], 'smtp:') !== false && $user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
- $mod['proxyAddresses'][0] = 'smtp:' . $emailAddress;
- }
- }
-
- $result = @ldap_mod_del($this->adldap->getLdapConnection(), $userDn,$mod);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
- else {
- return false;
- }
- }
- /**
- * Change the default address
- *
- * @param string $username The username of the user to add the Exchange account to
- * @param string $emailAddress The email address to make default
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function primaryAddress($username, $emailAddress, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
-
- // Find the dn of the user
- $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
- if ($user[0]["dn"] === NULL){ return false; }
- $userDn = $user[0]["dn"];
-
- if (is_array($user[0]["proxyaddresses"])) {
- $modAddresses = array();
- for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
- if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
- $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
- }
- if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
- $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
- }
- if ($user[0]['proxyaddresses'][$i] != '') {
- $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
- }
- }
-
- $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
-
- }
-
- /**
- * Mail enable a contact
- * Allows email to be sent to them through Exchange
- *
- * @param string $distinguishedName The contact to mail enable
- * @param string $emailAddress The email address to allow emails to be sent through
- * @param string $mailNickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
- * @return bool
- */
- public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
- {
- if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }
- if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
-
- if ($mailNickname !== NULL) {
- // Find the dn of the user
- $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
- if ($user[0]["displayname"] === NULL) { return false; }
- $mailNickname = $user[0]['displayname'][0];
- }
-
- $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
-
- // Translate the update to the LDAP schema
- $mod = $this->adldap->adldap_schema($attributes);
-
- // Check to see if this is an enabled status update
- if (!$mod) { return false; }
-
- // Do the update
- $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
- if ($result == false) { return false; }
-
- return true;
- }
-
- /**
- * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
- *
- * @param array $attributes An array of the AD attributes you wish to return
- * @return array
- */
- public function servers($attributes = array('cn','distinguishedname','serialnumber'))
- {
- if (!$this->adldap->getLdapBind()){ return false; }
-
- $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
- $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
- $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- return $entries;
- }
-
- /**
- * Returns a list of Storage Groups in Exchange for a given mail server
- *
- * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
- * @param array $attributes An array of the AD attributes you wish to return
- * @param bool $recursive If enabled this will automatically query the databases within a storage group
- * @return array
- */
- public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL)
- {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
-
- $filter = '(&(objectCategory=msExchStorageGroup))';
- $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
- $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- if ($recursive === true) {
- for ($i=0; $i<$entries['count']; $i++) {
- $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
- }
- }
-
- return $entries;
- }
-
- /**
- * Returns a list of Databases within any given storage group in Exchange for a given mail server
- *
- * @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
- * @param array $attributes An array of the AD attributes you wish to return
- * @return array
- */
- public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
-
- $filter = '(&(objectCategory=msExchPrivateMDB))';
- $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
- $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- return $entries;
- }
-}
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Exchange
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* MICROSOFT EXCHANGE FUNCTIONS
+*/
+class adLDAPExchange {
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Create an Exchange account
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+ * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+ * @param string $emailAddress The primary email address to add to this user
+ * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used
+ * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+ * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
+ {
+ if ($username === NULL){ return "Missing compulsory field [username]"; }
+ if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+ if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($baseDn === NULL) {
+ $baseDn = $this->adldap->getBaseDn();
+ }
+
+ $container = "CN=" . implode(",CN=", $storageGroup);
+
+ if ($mailNickname === NULL) {
+ $mailNickname = $username;
+ }
+ $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+
+ $attributes = array(
+ 'exchange_homemdb'=>$container.",".$baseDn,
+ 'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
+ 'exchange_mailnickname'=>$mailNickname,
+ 'exchange_usedefaults'=>$mdbUseDefaults
+ );
+ $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add an X400 address to Exchange
+ * See http://tools.ietf.org/html/rfc1685 for more information.
+ * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+ *
+ * @param string $username The username of the user to add the X400 to to
+ * @param string $country Country
+ * @param string $admd Administration Management Domain
+ * @param string $pdmd Private Management Domain (often your AD domain)
+ * @param string $org Organization
+ * @param string $surname Surname
+ * @param string $givenName Given name
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false)
+ {
+ if ($username === NULL){ return "Missing compulsory field [username]"; }
+
+ $proxyValue = 'X400:';
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) { return false; }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Add an address to Exchange
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ $proxyValue = 'smtp:';
+ if ($default === true) {
+ $proxyValue = 'SMTP:';
+ }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL){ return false; }
+ $userDn = $user[0]["dn"];
+
+ // We need to scan existing proxy addresses and demote the default one
+ if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+ $modAddresses = array();
+ for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+ if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+ $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+ }
+ if ($user[0]['proxyaddresses'][$i] != '') {
+ $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+ }
+ }
+ $modAddresses['proxyAddresses'][(sizeof($user[0]['proxyaddresses'])-1)] = 'SMTP:' . $emailAddress;
+
+ $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+ else {
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) {
+ return false;
+ }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+ }
+
+ /**
+ * Remove an address to Exchange
+ * If you remove a default address the account will no longer have a default,
+ * we recommend changing the default address first
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function deleteAddress($username, $emailAddress, $isGUID=false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $mod = array();
+ for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+ if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false && $user[0]['proxyaddresses'][$i] == 'SMTP:' . $emailAddress) {
+ $mod['proxyAddresses'][0] = 'SMTP:' . $emailAddress;
+ }
+ elseif (strstr($user[0]['proxyaddresses'][$i], 'smtp:') !== false && $user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
+ $mod['proxyAddresses'][0] = 'smtp:' . $emailAddress;
+ }
+ }
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $userDn,$mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+ /**
+ * Change the default address
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to make default
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function primaryAddress($username, $emailAddress, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL){ return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $modAddresses = array();
+ for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+ if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+ $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+ }
+ if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
+ $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
+ }
+ if ($user[0]['proxyaddresses'][$i] != '') {
+ $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+ }
+ }
+
+ $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedName The contact to mail enable
+ * @param string $emailAddress The email address to allow emails to be sent through
+ * @param string $mailNickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return bool
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
+ {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($mailNickname !== NULL) {
+ // Find the dn of the user
+ $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+ if ($user[0]["displayname"] === NULL) { return false; }
+ $mailNickname = $user[0]['displayname'][0];
+ }
+
+ $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) { return false; }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+ *
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function servers($attributes = array('cn','distinguishedname','serialnumber'))
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Storage Groups in Exchange for a given mail server
+ *
+ * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @param bool $recursive If enabled this will automatically query the databases within a storage group
+ * @return array
+ */
+ public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+ $filter = '(&(objectCategory=msExchStorageGroup))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($recursive === true) {
+ for ($i=0; $i<$entries['count']; $i++) {
+ $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
+ }
+ }
+
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Databases within any given storage group in Exchange for a given mail server
+ *
+ * @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+
+ $filter = '(&(objectCategory=msExchPrivateMDB))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+}
?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
index 55120152d..67b1474db 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
@@ -1,179 +1,179 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Folders
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-
-/**
-* FOLDER / OU MANAGEMENT FUNCTIONS
-*/
-class adLDAPFolders {
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- /**
- * Delete a distinguished name from Active Directory
- * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
- *
- * @param string $dn The distinguished name to delete
- * @return bool
- */
- public function delete($dn){
- $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
- if ($result != true) {
- return false;
- }
- return true;
- }
-
- /**
- * Returns a folder listing for a specific OU
- * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
- *
- * @param array $folderName An array to the OU you wish to list.
- * If set to NULL will list the root, strongly recommended to set
- * $recursive to false in that instance!
- * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
- * @param bool $recursive Recursively search sub folders
- * @param bool $type Specify a type of object to search for
- * @return array
- */
- public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL)
- {
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $filter = '(&';
- if ($type !== NULL) {
- switch ($type) {
- case 'contact':
- $filter .= '(objectClass=contact)';
- break;
- case 'computer':
- $filter .= '(objectClass=computer)';
- break;
- case 'group':
- $filter .= '(objectClass=group)';
- break;
- case 'folder':
- $filter .= '(objectClass=organizationalUnit)';
- break;
- case 'container':
- $filter .= '(objectClass=container)';
- break;
- case 'domain':
- $filter .= '(objectClass=builtinDomain)';
- break;
- default:
- $filter .= '(objectClass=user)';
- break;
- }
- }
- else {
- $filter .= '(objectClass=*)';
- }
- // If the folder name is null then we will search the root level of AD
- // This requires us to not have an OU= part, just the base_dn
- $searchOu = $this->adldap->getBaseDn();
- if (is_array($folderName)) {
- $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
- $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
- $searchOu = $ou . ',' . $this->adldap->getBaseDn();
- }
- else {
- $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
- }
-
- if ($recursive === true) {
- $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
- $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- if (is_array($entries)) {
- return $entries;
- }
- }
- else {
- $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
- $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- if (is_array($entries)) {
- return $entries;
- }
- }
-
- return false;
- }
-
- /**
- * Create an organizational unit
- *
- * @param array $attributes Default attributes of the ou
- * @return bool
- */
- public function create($attributes)
- {
- if (!is_array($attributes)){ return "Attributes must be an array"; }
- if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
- if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
- if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
-
- $attributes["container"] = array_reverse($attributes["container"]);
-
- $add=array();
- $add["objectClass"] = "organizationalUnit";
- $add["OU"] = $attributes['ou_name'];
- $containers = "";
- if (count($attributes['container']) > 0) {
- $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
- }
-
- $containers = "OU=" . implode(",OU=", $attributes["container"]);
- $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
- if ($result != true) {
- return false;
- }
-
- return true;
- }
-
-}
-
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Folders
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* FOLDER / OU MANAGEMENT FUNCTIONS
+*/
+class adLDAPFolders {
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Delete a distinguished name from Active Directory
+ * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+ *
+ * @param string $dn The distinguished name to delete
+ * @return bool
+ */
+ public function delete($dn){
+ $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a folder listing for a specific OU
+ * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+ *
+ * @param array $folderName An array to the OU you wish to list.
+ * If set to NULL will list the root, strongly recommended to set
+ * $recursive to false in that instance!
+ * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+ * @param bool $recursive Recursively search sub folders
+ * @param bool $type Specify a type of object to search for
+ * @return array
+ */
+ public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL)
+ {
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&';
+ if ($type !== NULL) {
+ switch ($type) {
+ case 'contact':
+ $filter .= '(objectClass=contact)';
+ break;
+ case 'computer':
+ $filter .= '(objectClass=computer)';
+ break;
+ case 'group':
+ $filter .= '(objectClass=group)';
+ break;
+ case 'folder':
+ $filter .= '(objectClass=organizationalUnit)';
+ break;
+ case 'container':
+ $filter .= '(objectClass=container)';
+ break;
+ case 'domain':
+ $filter .= '(objectClass=builtinDomain)';
+ break;
+ default:
+ $filter .= '(objectClass=user)';
+ break;
+ }
+ }
+ else {
+ $filter .= '(objectClass=*)';
+ }
+ // If the folder name is null then we will search the root level of AD
+ // This requires us to not have an OU= part, just the base_dn
+ $searchOu = $this->adldap->getBaseDn();
+ if (is_array($folderName)) {
+ $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+ $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+ $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+ }
+ else {
+ $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+ }
+
+ if ($recursive === true) {
+ $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+ else {
+ $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Create an organizational unit
+ *
+ * @param array $attributes Default attributes of the ou
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ if (!is_array($attributes)){ return "Attributes must be an array"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+ if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+ if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ $add=array();
+ $add["objectClass"] = "organizationalUnit";
+ $add["OU"] = $attributes['ou_name'];
+ $containers = "";
+ if (count($attributes['container']) > 0) {
+ $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+ }
+
+ $containers = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+}
+
?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
index 05e4cc93b..94bc04853 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
@@ -1,631 +1,631 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Groups
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-require_once(dirname(__FILE__) . '/../collections/adLDAPGroupCollection.php');
-
-/**
-* GROUP FUNCTIONS
-*/
-class adLDAPGroups {
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- /**
- * Add a group to a group
- *
- * @param string $parent The parent group name
- * @param string $child The child group name
- * @return bool
- */
- public function addGroup($parent,$child){
-
- // Find the parent group's dn
- $parentGroup = $this->ginfo($parent, array("cn"));
- if ($parentGroup[0]["dn"] === NULL){
- return false;
- }
- $parentDn = $parentGroup[0]["dn"];
-
- // Find the child group's dn
- $childGroup = $this->info($child, array("cn"));
- if ($childGroup[0]["dn"] === NULL){
- return false;
- }
- $childDn = $childGroup[0]["dn"];
-
- $add = array();
- $add["member"] = $childDn;
-
- $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Add a user to a group
- *
- * @param string $group The group to add the user to
- * @param string $user The user to add to the group
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function addUser($group, $user, $isGUID = false)
- {
- // Adding a user is a bit fiddly, we need to get the full DN of the user
- // and add it using the full DN of the group
-
- // Find the user's dn
- $userDn = $this->adldap->user()->dn($user, $isGUID);
- if ($userDn === false) {
- return false;
- }
-
- // Find the group's dn
- $groupInfo = $this->info($group, array("cn"));
- if ($groupInfo[0]["dn"] === NULL) {
- return false;
- }
- $groupDn = $groupInfo[0]["dn"];
-
- $add = array();
- $add["member"] = $userDn;
-
- $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Add a contact to a group
- *
- * @param string $group The group to add the contact to
- * @param string $contactDn The DN of the contact to add
- * @return bool
- */
- public function addContact($group, $contactDn)
- {
- // To add a contact we take the contact's DN
- // and add it using the full DN of the group
-
- // Find the group's dn
- $groupInfo = $this->info($group, array("cn"));
- if ($groupInfo[0]["dn"] === NULL) {
- return false;
- }
- $groupDn = $groupInfo[0]["dn"];
-
- $add = array();
- $add["member"] = $contactDn;
-
- $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Create a group
- *
- * @param array $attributes Default attributes of the group
- * @return bool
- */
- public function create($attributes)
- {
- if (!is_array($attributes)){ return "Attributes must be an array"; }
- if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
- if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
- if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
- if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
- $attributes["container"] = array_reverse($attributes["container"]);
-
- //$member_array = array();
- //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
- //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
-
- $add = array();
- $add["cn"] = $attributes["group_name"];
- $add["samaccountname"] = $attributes["group_name"];
- $add["objectClass"] = "Group";
- $add["description"] = $attributes["description"];
- //$add["member"] = $member_array; UNTESTED
-
- $container = "OU=" . implode(",OU=", $attributes["container"]);
- $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
- if ($result != true) {
- return false;
- }
- return true;
- }
-
- /**
- * Delete a group account
- *
- * @param string $group The group to delete (please be careful here!)
- *
- * @return array
- */
- public function delete($group) {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($group === null){ return "Missing compulsory field [group]"; }
-
- $groupInfo = $this->info($group, array("*"));
- $dn = $groupInfo[0]['distinguishedname'][0];
- $result = $this->adldap->folder()->delete($dn);
- if ($result !== true) {
- return false;
- } return true;
- }
-
- /**
- * Remove a group from a group
- *
- * @param string $parent The parent group name
- * @param string $child The child group name
- * @return bool
- */
- public function removeGroup($parent , $child)
- {
-
- // Find the parent dn
- $parentGroup = $this->info($parent, array("cn"));
- if ($parentGroup[0]["dn"] === NULL) {
- return false;
- }
- $parentDn = $parentGroup[0]["dn"];
-
- // Find the child dn
- $childGroup = $this->info($child, array("cn"));
- if ($childGroup[0]["dn"] === NULL) {
- return false;
- }
- $childDn = $childGroup[0]["dn"];
-
- $del = array();
- $del["member"] = $childDn;
-
- $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Remove a user from a group
- *
- * @param string $group The group to remove a user from
- * @param string $user The AD user to remove from the group
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function removeUser($group, $user, $isGUID = false)
- {
-
- // Find the parent dn
- $groupInfo = $this->info($group, array("cn"));
- if ($groupInfo[0]["dn"] === NULL){
- return false;
- }
- $groupDn = $groupInfo[0]["dn"];
-
- // Find the users dn
- $userDn = $this->adldap->user()->dn($user, $isGUID);
- if ($userDn === false) {
- return false;
- }
-
- $del = array();
- $del["member"] = $userDn;
-
- $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Remove a contact from a group
- *
- * @param string $group The group to remove a user from
- * @param string $contactDn The DN of a contact to remove from the group
- * @return bool
- */
- public function removeContact($group, $contactDn)
- {
-
- // Find the parent dn
- $groupInfo = $this->info($group, array("cn"));
- if ($groupInfo[0]["dn"] === NULL) {
- return false;
- }
- $groupDn = $groupInfo[0]["dn"];
-
- $del = array();
- $del["member"] = $contactDn;
-
- $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
- if ($result == false) {
- return false;
- }
- return true;
- }
-
- /**
- * Return a list of groups in a group
- *
- * @param string $group The group to query
- * @param bool $recursive Recursively get groups
- * @return array
- */
- public function inGroup($group, $recursive = NULL)
- {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
-
- // Search the directory for the members of a group
- $info = $this->info($group, array("member","cn"));
- $groups = $info[0]["member"];
- if (!is_array($groups)) {
- return false;
- }
-
- $groupArray = array();
-
- for ($i=0; $i<$groups["count"]; $i++){
- $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
- $fields = array("samaccountname", "distinguishedname", "objectClass");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- // not a person, look for a group
- if ($entries['count'] == 0 && $recursive == true) {
- $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
- $fields = array("distinguishedname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- if (!isset($entries[0]['distinguishedname'][0])) {
- continue;
- }
- $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);
- if (is_array($subGroups)) {
- $groupArray = array_merge($groupArray, $subGroups);
- $groupArray = array_unique($groupArray);
- }
- continue;
- }
-
- $groupArray[] = $entries[0]['distinguishedname'][0];
- }
- return $groupArray;
- }
-
- /**
- * Return a list of members in a group
- *
- * @param string $group The group to query
- * @param bool $recursive Recursively get group members
- * @return array
- */
- public function members($group, $recursive = NULL)
- {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
- // Search the directory for the members of a group
- $info = $this->info($group, array("member","cn"));
- $users = $info[0]["member"];
- if (!is_array($users)) {
- return false;
- }
-
- $userArray = array();
-
- for ($i=0; $i<$users["count"]; $i++){
- $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
- $fields = array("samaccountname", "distinguishedname", "objectClass");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- // not a person, look for a group
- if ($entries['count'] == 0 && $recursive == true) {
- $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
- $fields = array("samaccountname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- if (!isset($entries[0]['samaccountname'][0])) {
- continue;
- }
- $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
- if (is_array($subUsers)) {
- $userArray = array_merge($userArray, $subUsers);
- $userArray = array_unique($userArray);
- }
- continue;
- }
- else if ($entries['count'] == 0) {
- continue;
- }
-
- if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
- $userArray[] = $entries[0]['distinguishedname'][0];
- }
- else if ($entries[0]['samaccountname'][0] !== NULL) {
- $userArray[] = $entries[0]['samaccountname'][0];
- }
- }
- return $userArray;
- }
-
- /**
- * Group Information. Returns an array of raw information about a group.
- * The group name is case sensitive
- *
- * @param string $groupName The group name to retrieve info about
- * @param array $fields Fields to retrieve
- * @return array
- */
- public function info($groupName, $fields = NULL)
- {
- if ($groupName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- if (stristr($groupName, '+')) {
- $groupName = stripslashes($groupName);
- }
-
- $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
- if ($fields === NULL) {
- $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname");
- }
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- return $entries;
- }
-
- /**
- * Group Information. Returns an collection
- * The group name is case sensitive
- *
- * @param string $groupName The group name to retrieve info about
- * @param array $fields Fields to retrieve
- * @return adLDAPGroupCollection
- */
- public function infoCollection($groupName, $fields = NULL)
- {
- if ($groupName === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $info = $this->info($groupName, $fields);
- if ($info !== false) {
- $collection = new adLDAPGroupCollection($info, $this->adldap);
- return $collection;
- }
- return false;
- }
-
- /**
- * Return a complete list of "groups in groups"
- *
- * @param string $group The group to get the list from
- * @return array
- */
- public function recursiveGroups($group)
- {
- if ($group === NULL) { return false; }
-
- $stack = array();
- $processed = array();
- $retGroups = array();
-
- array_push($stack, $group); // Initial Group to Start with
- while (count($stack) > 0) {
- $parent = array_pop($stack);
- array_push($processed, $parent);
-
- $info = $this->info($parent, array("memberof"));
-
- if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
- $groups = $info[0]["memberof"];
- if ($groups) {
- $groupNames = $this->adldap->utilities()->niceNames($groups);
- $retGroups = array_merge($retGroups, $groupNames); //final groups to return
- foreach ($groupNames as $id => $groupName) {
- if (!in_array($groupName, $processed)) {
- array_push($stack, $groupName);
- }
- }
- }
- }
- }
-
- return $retGroups;
- }
-
- /**
- * Returns a complete list of the groups in AD based on a SAM Account Type
- *
- * @param string $sAMAaccountType The account type to return
- * @param bool $includeDescription Whether to return a description
- * @param string $search Search parameters
- * @param bool $sorted Whether to sort the results
- * @return array
- */
- public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $filter = '(&(objectCategory=group)';
- if ($sAMAaccountType !== null) {
- $filter .= '(samaccounttype='. $sAMAaccountType .')';
- }
- $filter .= '(cn=' . $search . '))';
- // Perform the search and grab all their details
- $fields = array("samaccountname", "description");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- $groupsArray = array();
- for ($i=0; $i<$entries["count"]; $i++){
- if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
- $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
- }
- else if ($includeDescription){
- $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
- }
- else {
- array_push($groupsArray, $entries[$i]["samaccountname"][0]);
- }
- }
- if ($sorted) {
- asort($groupsArray);
- }
- return $groupsArray;
- }
-
- /**
- * Returns a complete list of all groups in AD
- *
- * @param bool $includeDescription Whether to return a description
- * @param string $search Search parameters
- * @param bool $sorted Whether to sort the results
- * @return array
- */
- public function all($includeDescription = false, $search = "*", $sorted = true){
- $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
- return $groupsArray;
- }
-
- /**
- * Returns a complete list of security groups in AD
- *
- * @param bool $includeDescription Whether to return a description
- * @param string $search Search parameters
- * @param bool $sorted Whether to sort the results
- * @return array
- */
- public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
- $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
- return $groupsArray;
- }
-
- /**
- * Returns a complete list of distribution lists in AD
- *
- * @param bool $includeDescription Whether to return a description
- * @param string $search Search parameters
- * @param bool $sorted Whether to sort the results
- * @return array
- */
- public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
- $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
- return $groupsArray;
- }
-
- /**
- * Coping with AD not returning the primary group
- * http://support.microsoft.com/?kbid=321360
- *
- * This is a re-write based on code submitted by Bruce which prevents the
- * need to search each security group to find the true primary group
- *
- * @param string $gid Group ID
- * @param string $usersid User's Object SID
- * @return mixed
- */
- public function getPrimaryGroup($gid, $usersid)
- {
- if ($gid === NULL || $usersid === NULL) { return false; }
- $sr = false;
-
- $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
- $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
- $fields = array("samaccountname","distinguishedname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- if (isset($entries[0]['distinguishedname'][0])) {
- return $entries[0]['distinguishedname'][0];
- }
- return false;
- }
-
- /**
- * Coping with AD not returning the primary group
- * http://support.microsoft.com/?kbid=321360
- *
- * For some reason it's not possible to search on primarygrouptoken=XXX
- * If someone can show otherwise, I'd like to know about it :)
- * this way is resource intensive and generally a pain in the @#%^
- *
- * @deprecated deprecated since version 3.1, see get get_primary_group
- * @param string $gid Group ID
- * @return string
- */
- public function cn($gid){
- if ($gid === NULL) { return false; }
- $sr = false;
- $r = '';
-
- $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
- $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- for ($i=0; $i<$entries["count"]; $i++){
- if ($entries[$i]["primarygrouptoken"][0] == $gid) {
- $r = $entries[$i]["distinguishedname"][0];
- $i = $entries["count"];
- }
- }
-
- return $r;
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Groups
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPGroupCollection.php');
+
+/**
+* GROUP FUNCTIONS
+*/
+class adLDAPGroups {
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Add a group to a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function addGroup($parent,$child){
+
+ // Find the parent group's dn
+ $parentGroup = $this->ginfo($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL){
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child group's dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL){
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $add = array();
+ $add["member"] = $childDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a user to a group
+ *
+ * @param string $group The group to add the user to
+ * @param string $user The user to add to the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addUser($group, $user, $isGUID = false)
+ {
+ // Adding a user is a bit fiddly, we need to get the full DN of the user
+ // and add it using the full DN of the group
+
+ // Find the user's dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $userDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a contact to a group
+ *
+ * @param string $group The group to add the contact to
+ * @param string $contactDn The DN of the contact to add
+ * @return bool
+ */
+ public function addContact($group, $contactDn)
+ {
+ // To add a contact we take the contact's DN
+ // and add it using the full DN of the group
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $contactDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Create a group
+ *
+ * @param array $attributes Default attributes of the group
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ if (!is_array($attributes)){ return "Attributes must be an array"; }
+ if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
+ if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+ if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
+ if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ //$member_array = array();
+ //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+ //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+
+ $add = array();
+ $add["cn"] = $attributes["group_name"];
+ $add["samaccountname"] = $attributes["group_name"];
+ $add["objectClass"] = "Group";
+ $add["description"] = $attributes["description"];
+ //$add["member"] = $member_array; UNTESTED
+
+ $container = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Delete a group account
+ *
+ * @param string $group The group to delete (please be careful here!)
+ *
+ * @return array
+ */
+ public function delete($group) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($group === null){ return "Missing compulsory field [group]"; }
+
+ $groupInfo = $this->info($group, array("*"));
+ $dn = $groupInfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result !== true) {
+ return false;
+ } return true;
+ }
+
+ /**
+ * Remove a group from a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function removeGroup($parent , $child)
+ {
+
+ // Find the parent dn
+ $parentGroup = $this->info($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $del = array();
+ $del["member"] = $childDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a user from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $user The AD user to remove from the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function removeUser($group, $user, $isGUID = false)
+ {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL){
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ // Find the users dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $del = array();
+ $del["member"] = $userDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a contact from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $contactDn The DN of a contact to remove from the group
+ * @return bool
+ */
+ public function removeContact($group, $contactDn)
+ {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $del = array();
+ $del["member"] = $contactDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of groups in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get groups
+ * @return array
+ */
+ public function inGroup($group, $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $groups = $info[0]["member"];
+ if (!is_array($groups)) {
+ return false;
+ }
+
+ $groupArray = array();
+
+ for ($i=0; $i<$groups["count"]; $i++){
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['distinguishedname'][0])) {
+ continue;
+ }
+ $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);
+ if (is_array($subGroups)) {
+ $groupArray = array_merge($groupArray, $subGroups);
+ $groupArray = array_unique($groupArray);
+ }
+ continue;
+ }
+
+ $groupArray[] = $entries[0]['distinguishedname'][0];
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Return a list of members in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get group members
+ * @return array
+ */
+ public function members($group, $recursive = NULL)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $users = $info[0]["member"];
+ if (!is_array($users)) {
+ return false;
+ }
+
+ $userArray = array();
+
+ for ($i=0; $i<$users["count"]; $i++){
+ $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['samaccountname'][0])) {
+ continue;
+ }
+ $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
+ if (is_array($subUsers)) {
+ $userArray = array_merge($userArray, $subUsers);
+ $userArray = array_unique($userArray);
+ }
+ continue;
+ }
+ else if ($entries['count'] == 0) {
+ continue;
+ }
+
+ if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+ $userArray[] = $entries[0]['distinguishedname'][0];
+ }
+ else if ($entries[0]['samaccountname'][0] !== NULL) {
+ $userArray[] = $entries[0]['samaccountname'][0];
+ }
+ }
+ return $userArray;
+ }
+
+ /**
+ * Group Information. Returns an array of raw information about a group.
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return array
+ */
+ public function info($groupName, $fields = NULL)
+ {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if (stristr($groupName, '+')) {
+ $groupName = stripslashes($groupName);
+ }
+
+ $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+ if ($fields === NULL) {
+ $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ return $entries;
+ }
+
+ /**
+ * Group Information. Returns an collection
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return adLDAPGroupCollection
+ */
+ public function infoCollection($groupName, $fields = NULL)
+ {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($groupName, $fields);
+ if ($info !== false) {
+ $collection = new adLDAPGroupCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Return a complete list of "groups in groups"
+ *
+ * @param string $group The group to get the list from
+ * @return array
+ */
+ public function recursiveGroups($group)
+ {
+ if ($group === NULL) { return false; }
+
+ $stack = array();
+ $processed = array();
+ $retGroups = array();
+
+ array_push($stack, $group); // Initial Group to Start with
+ while (count($stack) > 0) {
+ $parent = array_pop($stack);
+ array_push($processed, $parent);
+
+ $info = $this->info($parent, array("memberof"));
+
+ if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+ $groups = $info[0]["memberof"];
+ if ($groups) {
+ $groupNames = $this->adldap->utilities()->niceNames($groups);
+ $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+ foreach ($groupNames as $id => $groupName) {
+ if (!in_array($groupName, $processed)) {
+ array_push($stack, $groupName);
+ }
+ }
+ }
+ }
+ }
+
+ return $retGroups;
+ }
+
+ /**
+ * Returns a complete list of the groups in AD based on a SAM Account Type
+ *
+ * @param string $sAMAaccountType The account type to return
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&(objectCategory=group)';
+ if ($sAMAaccountType !== null) {
+ $filter .= '(samaccounttype='. $sAMAaccountType .')';
+ }
+ $filter .= '(cn=' . $search . '))';
+ // Perform the search and grab all their details
+ $fields = array("samaccountname", "description");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $groupsArray = array();
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+ }
+ else if ($includeDescription){
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($groupsArray);
+ }
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of all groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of security groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of distribution lists in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
+ $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * This is a re-write based on code submitted by Bruce which prevents the
+ * need to search each security group to find the true primary group
+ *
+ * @param string $gid Group ID
+ * @param string $usersid User's Object SID
+ * @return mixed
+ */
+ public function getPrimaryGroup($gid, $usersid)
+ {
+ if ($gid === NULL || $usersid === NULL) { return false; }
+ $sr = false;
+
+ $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+ $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+ $fields = array("samaccountname","distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if (isset($entries[0]['distinguishedname'][0])) {
+ return $entries[0]['distinguishedname'][0];
+ }
+ return false;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * For some reason it's not possible to search on primarygrouptoken=XXX
+ * If someone can show otherwise, I'd like to know about it :)
+ * this way is resource intensive and generally a pain in the @#%^
+ *
+ * @deprecated deprecated since version 3.1, see get get_primary_group
+ * @param string $gid Group ID
+ * @return string
+ */
+ public function cn($gid){
+ if ($gid === NULL) { return false; }
+ $sr = false;
+ $r = '';
+
+ $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+ $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+ $r = $entries[$i]["distinguishedname"][0];
+ $i = $entries["count"];
+ }
+ }
+
+ return $r;
+ }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
index 96a93b512..839fd592d 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
@@ -1,682 +1,682 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage User
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-require_once(dirname(__FILE__) . '/../collections/adLDAPUserCollection.php');
-
-/**
-* USER FUNCTIONS
-*/
-class adLDAPUsers {
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
- /**
- * Validate a user's login credentials
- *
- * @param string $username A user's AD username
- * @param string $password A user's AD password
- * @param bool optional $prevent_rebind
- * @return bool
- */
- public function authenticate($username, $password, $preventRebind = false) {
- return $this->adldap->authenticate($username, $password, $preventRebind);
- }
-
- /**
- * Create a user
- *
- * If you specify a password here, this can only be performed over SSL
- *
- * @param array $attributes The attributes to set to the user account
- * @return bool
- */
- public function create($attributes)
- {
- // Check for compulsory fields
- if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
- if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
- if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
- if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
- if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
- if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
-
- if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){
- throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
- }
-
- if (!array_key_exists("display_name", $attributes)) {
- $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
- }
-
- // Translate the schema
- $add = $this->adldap->adldap_schema($attributes);
-
- // Additional stuff only used for adding accounts
- $add["cn"][0] = $attributes["display_name"];
- $add["samaccountname"][0] = $attributes["username"];
- $add["objectclass"][0] = "top";
- $add["objectclass"][1] = "person";
- $add["objectclass"][2] = "organizationalPerson";
- $add["objectclass"][3] = "user"; //person?
- //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
-
- // Set the account control attribute
- $control_options = array("NORMAL_ACCOUNT");
- if (!$attributes["enabled"]) {
- $control_options[] = "ACCOUNTDISABLE";
- }
- $add["userAccountControl"][0] = $this->accountControl($control_options);
-
- // Determine the container
- $attributes["container"] = array_reverse($attributes["container"]);
- $container = "OU=" . implode(", OU=",$attributes["container"]);
-
- // Add the entry
- $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
- if ($result != true) {
- return false;
- }
-
- return true;
- }
-
- /**
- * Account control options
- *
- * @param array $options The options to convert to int
- * @return int
- */
- protected function accountControl($options)
- {
- $val=0;
-
- if (is_array($options)) {
- if (in_array("SCRIPT",$options)){ $val=$val+1; }
- if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
- if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
- if (in_array("LOCKOUT",$options)){ $val=$val+16; }
- if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
- //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
- //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
- if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
- if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
- if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
- if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
- if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
- if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
- if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
- if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
- if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
- if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
- if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
- if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
- if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; }
- if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
- if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
- }
- return $val;
- }
-
- /**
- * Delete a user account
- *
- * @param string $username The username to delete (please be careful here!)
- * @param bool $isGUID Is the username a GUID or a samAccountName
- * @return array
- */
- public function delete($username, $isGUID = false)
- {
- $userinfo = $this->info($username, array("*"), $isGUID);
- $dn = $userinfo[0]['distinguishedname'][0];
- $result = $this->adldap->folder()->delete($dn);
- if ($result != true) {
- return false;
- }
- return true;
- }
-
- /**
- * Groups the user is a member of
- *
- * @param string $username The username to query
- * @param bool $recursive Recursive list of groups
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return array
- */
- public function groups($username, $recursive = NULL, $isGUID = false)
- {
- if ($username === NULL) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
- if (!$this->adldap->getLdapBind()) { return false; }
-
- // Search the directory for their information
- $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
- $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
-
- if ($recursive === true){
- foreach ($groups as $id => $groupName){
- $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
- $groups = array_merge($groups, $extraGroups);
- }
- }
-
- return $groups;
- }
-
- /**
- * Find information about the users. Returned in a raw array format from AD
- *
- * @param string $username The username to query
- * @param array $fields Array of parameters to query
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return array
- */
- public function info($username, $fields = NULL, $isGUID = false)
- {
- if ($username === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- if ($isGUID === true) {
- $username = $this->adldap->utilities()->strGuidToHex($username);
- $filter = "objectguid=" . $username;
- }
- else if (strstr($username, "@")) {
- $filter = "userPrincipalName=" . $username;
- }
- else {
- $filter = "samaccountname=" . $username;
- }
- $filter = "(&(objectCategory=person)({$filter}))";
- if ($fields === NULL) {
- $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid");
- }
- if (!in_array("objectsid", $fields)) {
- $fields[] = "objectsid";
- }
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- if (isset($entries[0])) {
- if ($entries[0]['count'] >= 1) {
- if (in_array("memberof", $fields)) {
- // AD does not return the primary group in the ldap query, we may need to fudge it
- if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
- //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
- $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
- } else {
- $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
- }
- if (!isset($entries[0]["memberof"]["count"])) {
- $entries[0]["memberof"]["count"] = 0;
- }
- $entries[0]["memberof"]["count"]++;
- }
- }
-
- return $entries;
- }
- return false;
- }
-
- /**
- * Find information about the users. Returned in a raw array format from AD
- *
- * @param string $username The username to query
- * @param array $fields Array of parameters to query
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return mixed
- */
- public function infoCollection($username, $fields = NULL, $isGUID = false)
- {
- if ($username === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
-
- $info = $this->info($username, $fields, $isGUID);
-
- if ($info !== false) {
- $collection = new adLDAPUserCollection($info, $this->adldap);
- return $collection;
- }
- return false;
- }
-
- /**
- * Determine if a user is in a specific group
- *
- * @param string $username The username to query
- * @param string $group The name of the group to check against
- * @param bool $recursive Check groups recursively
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
- {
- if ($username === NULL) { return false; }
- if ($group === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
- if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
-
- // Get a list of the groups
- $groups = $this->groups($username, $recursive, $isGUID);
-
- // Return true if the specified group is in the group list
- if (in_array($group, $groups)) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Determine a user's password expiry date
- *
- * @param string $username The username to query
- * @param book $isGUID Is the username passed a GUID or a samAccountName
- * @requires bcmath http://www.php.net/manual/en/book.bc.php
- * @return array
- */
- public function passwordExpiry($username, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- if (!$this->adldap->getLdapBind()) { return false; }
- if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
-
- $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
- $pwdLastSet = $userInfo[0]['pwdlastset'][0];
- $status = array();
-
- if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
- // Password does not expire
- return "Does not expire";
- }
- if ($pwdLastSet === '0') {
- // Password has already expired
- return "Password has expired";
- }
-
- // Password expiry in AD can be calculated from TWO values:
- // - User's own pwdLastSet attribute: stores the last time the password was changed
- // - Domain's maxPwdAge attribute: how long passwords last in the domain
- //
- // Although Microsoft chose to use a different base and unit for time measurements.
- // This function will convert them to Unix timestamps
- $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
- if (!$sr) {
- return false;
- }
- $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
- $maxPwdAge = $info[0]['maxpwdage'][0];
-
-
- // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
- //
- // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC),
- // stored in a 64 bit integer.
- //
- // The number of seconds between this date and Unix epoch is 11644473600.
- //
- // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
- // intervals from the time the password was set before the password expires.
- //
- // We also need to scale this to seconds but also this value is a _negative_ quantity!
- //
- // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
- //
- // Unfortunately the maths involved are too big for PHP integers, so I've had to require
- // BCMath functions to work with arbitrary precision numbers.
- if (bcmod($maxPwdAge, 4294967296) === '0') {
- return "Domain does not expire passwords";
- }
-
- // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
- // time units. Because maxpwd age is negative we need to subtract it.
- $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
-
- // Convert MS's time to Unix time
- $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
- $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
-
- return $status;
- }
-
- /**
- * Modify a user
- *
- * @param string $username The username to query
- * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function modify($username, $attributes, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
- throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
- }
-
- // Find the dn of the user
- $userDn = $this->dn($username, $isGUID);
- if ($userDn === false) {
- return false;
- }
-
- // Translate the update to the LDAP schema
- $mod = $this->adldap->adldap_schema($attributes);
-
- // Check to see if this is an enabled status update
- if (!$mod && !array_key_exists("enabled", $attributes)){
- return false;
- }
-
- // Set the account control attribute (only if specified)
- if (array_key_exists("enabled", $attributes)){
- if ($attributes["enabled"]){
- $controlOptions = array("NORMAL_ACCOUNT");
- }
- else {
- $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE");
- }
- $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
- }
-
- // Do the update
- $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
- if ($result == false) {
- return false;
- }
-
- return true;
- }
-
- /**
- * Disable a user account
- *
- * @param string $username The username to disable
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function disable($username, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- $attributes = array("enabled" => 0);
- $result = $this->modify($username, $attributes, $isGUID);
- if ($result == false) { return false; }
-
- return true;
- }
-
- /**
- * Enable a user account
- *
- * @param string $username The username to enable
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function enable($username, $isGUID = false)
- {
- if ($username === NULL) { return "Missing compulsory field [username]"; }
- $attributes = array("enabled" => 1);
- $result = $this->modify($username, $attributes, $isGUID);
- if ($result == false) { return false; }
-
- return true;
- }
-
- /**
- * Set the password of a user - This must be performed over SSL
- *
- * @param string $username The username to modify
- * @param string $password The new password
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return bool
- */
- public function password($username, $password, $isGUID = false)
- {
- if ($username === NULL) { return false; }
- if ($password === NULL) { return false; }
- if (!$this->adldap->getLdapBind()) { return false; }
- if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
- throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
- }
-
- $userDn = $this->dn($username, $isGUID);
- if ($userDn === false) {
- return false;
- }
-
- $add=array();
- $add["unicodePwd"][0] = $this->encodePassword($password);
-
- $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
- if ($result === false){
- $err = ldap_errno($this->adldap->getLdapConnection());
- if ($err) {
- $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
- if($err == 53) {
- $msg .= ' Your password might not match the password policy.';
- }
- throw new adLDAPException($msg);
- }
- else {
- return false;
- }
- }
-
- return true;
- }
-
- /**
- * Encode a password for transmission over LDAP
- *
- * @param string $password The password to encode
- * @return string
- */
- public function encodePassword($password)
- {
- $password="\"".$password."\"";
- $encoded="";
- for ($i=0; $i <strlen($password); $i++){ $encoded.="{$password{$i}}\000"; }
- return $encoded;
- }
-
- /**
- * Obtain the user's distinguished name based on their userid
- *
- *
- * @param string $username The username
- * @param bool $isGUID Is the username passed a GUID or a samAccountName
- * @return string
- */
- public function dn($username, $isGUID=false)
- {
- $user = $this->info($username, array("cn"), $isGUID);
- if ($user[0]["dn"] === NULL) {
- return false;
- }
- $userDn = $user[0]["dn"];
- return $userDn;
- }
-
- /**
- * Return a list of all users in AD
- *
- * @param bool $includeDescription Return a description of the user
- * @param string $search Search parameter
- * @param bool $sorted Sort the user accounts
- * @return array
- */
- public function all($includeDescription = false, $search = "*", $sorted = true)
- {
- if (!$this->adldap->getLdapBind()) { return false; }
-
- // Perform the search and grab all their details
- $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
- $fields = array("samaccountname","displayname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- $usersArray = array();
- for ($i=0; $i<$entries["count"]; $i++){
- if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
- $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
- } elseif ($includeDescription){
- $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
- } else {
- array_push($usersArray, $entries[$i]["samaccountname"][0]);
- }
- }
- if ($sorted) {
- asort($usersArray);
- }
- return $usersArray;
- }
-
- /**
- * Converts a username (samAccountName) to a GUID
- *
- * @param string $username The username to query
- * @return string
- */
- public function usernameToGuid($username)
- {
- if (!$this->adldap->getLdapBind()){ return false; }
- if ($username === null){ return "Missing compulsory field [username]"; }
-
- $filter = "samaccountname=" . $username;
- $fields = array("objectGUID");
- $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
- $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
- $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
- $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
- return $strGUID;
- }
- return false;
- }
-
- /**
- * Return a list of all users in AD that have a specific value in a field
- *
- * @param bool $includeDescription Return a description of the user
- * @param string $searchField Field to search search for
- * @param string $searchFilter Value to search for in the specified field
- * @param bool $sorted Sort the user accounts
- * @return array
- */
- public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
- if (!$this->adldap->getLdapBind()){ return false; }
-
- // Perform the search and grab all their details
- $searchParams = "";
- if ($searchField) {
- $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
- }
- $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
- $fields = array("samaccountname","displayname");
- $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
- $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
-
- $usersArray = array();
- for ($i=0; $i < $entries["count"]; $i++) {
- if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
- $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
- }
- else if ($includeDescription) {
- $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
- }
- else {
- array_push($usersArray, $entries[$i]["samaccountname"][0]);
- }
- }
- if ($sorted){
- asort($usersArray);
- }
- return ($usersArray);
- }
-
- /**
- * Move a user account to a different OU
- *
- * @param string $username The username to move (please be careful here!)
- * @param array $container The container or containers to move the user to (please be careful here!).
- * accepts containers in 1. parent 2. child order
- * @return array
- */
- public function move($username, $container)
- {
- if (!$this->adldap->getLdapBind()) { return false; }
- if ($username === null) { return "Missing compulsory field [username]"; }
- if ($container === null) { return "Missing compulsory field [container]"; }
- if (!is_array($container)) { return "Container must be an array"; }
-
- $userInfo = $this->info($username, array("*"));
- $dn = $userInfo[0]['distinguishedname'][0];
- $newRDn = "cn=" . $username;
- $container = array_reverse($container);
- $newContainer = "ou=" . implode(",ou=",$container);
- $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
- $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
- if ($result !== true) {
- return false;
- }
- return true;
- }
-
- /**
- * Get the last logon time of any user as a Unix timestamp
- *
- * @param string $username
- * @return long $unixTimestamp
- */
- public function getLastLogon($username) {
- if (!$this->adldap->getLdapBind()) { return false; }
- if ($username === null) { return "Missing compulsory field [username]"; }
- $userInfo = $this->info($username, array("lastLogonTimestamp"));
- $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
- return $lastLogon;
- }
-
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage User
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPUserCollection.php');
+
+/**
+* USER FUNCTIONS
+*/
+class adLDAPUsers {
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $prevent_rebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ return $this->adldap->authenticate($username, $password, $preventRebind);
+ }
+
+ /**
+ * Create a user
+ *
+ * If you specify a password here, this can only be performed over SSL
+ *
+ * @param array $attributes The attributes to set to the user account
+ * @return bool
+ */
+ public function create($attributes)
+ {
+ // Check for compulsory fields
+ if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
+ if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
+ if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
+ if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+
+ if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){
+ throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ if (!array_key_exists("display_name", $attributes)) {
+ $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
+ }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding accounts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["samaccountname"][0] = $attributes["username"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "user"; //person?
+ //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+ // Set the account control attribute
+ $control_options = array("NORMAL_ACCOUNT");
+ if (!$attributes["enabled"]) {
+ $control_options[] = "ACCOUNTDISABLE";
+ }
+ $add["userAccountControl"][0] = $this->accountControl($control_options);
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Account control options
+ *
+ * @param array $options The options to convert to int
+ * @return int
+ */
+ protected function accountControl($options)
+ {
+ $val=0;
+
+ if (is_array($options)) {
+ if (in_array("SCRIPT",$options)){ $val=$val+1; }
+ if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+ if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+ if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+ if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+ //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+ //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+ if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+ if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+ if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+ if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+ if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+ if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+ if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+ if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+ if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+ if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+ if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+ if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+ if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; }
+ if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+ if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+ }
+ return $val;
+ }
+
+ /**
+ * Delete a user account
+ *
+ * @param string $username The username to delete (please be careful here!)
+ * @param bool $isGUID Is the username a GUID or a samAccountName
+ * @return array
+ */
+ public function delete($username, $isGUID = false)
+ {
+ $userinfo = $this->info($username, array("*"), $isGUID);
+ $dn = $userinfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Groups the user is a member of
+ *
+ * @param string $username The username to query
+ * @param bool $recursive Recursive list of groups
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function groups($username, $recursive = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true){
+ foreach ($groups as $id => $groupName){
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function info($username, $fields = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if ($isGUID === true) {
+ $username = $this->adldap->utilities()->strGuidToHex($username);
+ $filter = "objectguid=" . $username;
+ }
+ else if (strstr($username, "@")) {
+ $filter = "userPrincipalName=" . $username;
+ }
+ else {
+ $filter = "samaccountname=" . $username;
+ }
+ $filter = "(&(objectCategory=person)({$filter}))";
+ if ($fields === NULL) {
+ $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid");
+ }
+ if (!in_array("objectsid", $fields)) {
+ $fields[] = "objectsid";
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if (isset($entries[0])) {
+ if ($entries[0]['count'] >= 1) {
+ if (in_array("memberof", $fields)) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+ }
+ if (!isset($entries[0]["memberof"]["count"])) {
+ $entries[0]["memberof"]["count"] = 0;
+ }
+ $entries[0]["memberof"]["count"]++;
+ }
+ }
+
+ return $entries;
+ }
+ return false;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return mixed
+ */
+ public function infoCollection($username, $fields = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($username, $fields, $isGUID);
+
+ if ($info !== false) {
+ $collection = new adLDAPUserCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a user is in a specific group
+ *
+ * @param string $username The username to query
+ * @param string $group The name of the group to check against
+ * @param bool $recursive Check groups recursively
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($username, $recursive, $isGUID);
+
+ // Return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Determine a user's password expiry date
+ *
+ * @param string $username The username to query
+ * @param book $isGUID Is the username passed a GUID or a samAccountName
+ * @requires bcmath http://www.php.net/manual/en/book.bc.php
+ * @return array
+ */
+ public function passwordExpiry($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+
+ $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+ $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+ $status = array();
+
+ if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+ // Password does not expire
+ return "Does not expire";
+ }
+ if ($pwdLastSet === '0') {
+ // Password has already expired
+ return "Password has expired";
+ }
+
+ // Password expiry in AD can be calculated from TWO values:
+ // - User's own pwdLastSet attribute: stores the last time the password was changed
+ // - Domain's maxPwdAge attribute: how long passwords last in the domain
+ //
+ // Although Microsoft chose to use a different base and unit for time measurements.
+ // This function will convert them to Unix timestamps
+ $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+ if (!$sr) {
+ return false;
+ }
+ $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ $maxPwdAge = $info[0]['maxpwdage'][0];
+
+
+ // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+ //
+ // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC),
+ // stored in a 64 bit integer.
+ //
+ // The number of seconds between this date and Unix epoch is 11644473600.
+ //
+ // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+ // intervals from the time the password was set before the password expires.
+ //
+ // We also need to scale this to seconds but also this value is a _negative_ quantity!
+ //
+ // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+ //
+ // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+ // BCMath functions to work with arbitrary precision numbers.
+ if (bcmod($maxPwdAge, 4294967296) === '0') {
+ return "Domain does not expire passwords";
+ }
+
+ // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+ // time units. Because maxpwd age is negative we need to subtract it.
+ $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+
+ // Convert MS's time to Unix time
+ $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+ $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+
+ return $status;
+ }
+
+ /**
+ * Modify a user
+ *
+ * @param string $username The username to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function modify($username, $attributes, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ // Find the dn of the user
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod && !array_key_exists("enabled", $attributes)){
+ return false;
+ }
+
+ // Set the account control attribute (only if specified)
+ if (array_key_exists("enabled", $attributes)){
+ if ($attributes["enabled"]){
+ $controlOptions = array("NORMAL_ACCOUNT");
+ }
+ else {
+ $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE");
+ }
+ $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+ }
+
+ // Do the update
+ $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+ if ($result == false) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * Disable a user account
+ *
+ * @param string $username The username to disable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function disable($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 0);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Enable a user account
+ *
+ * @param string $username The username to enable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function enable($username, $isGUID = false)
+ {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 1);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Set the password of a user - This must be performed over SSL
+ *
+ * @param string $username The username to modify
+ * @param string $password The new password
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function password($username, $password, $isGUID = false)
+ {
+ if ($username === NULL) { return false; }
+ if ($password === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $add=array();
+ $add["unicodePwd"][0] = $this->encodePassword($password);
+
+ $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result === false){
+ $err = ldap_errno($this->adldap->getLdapConnection());
+ if ($err) {
+ $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+ if($err == 53) {
+ $msg .= ' Your password might not match the password policy.';
+ }
+ throw new adLDAPException($msg);
+ }
+ else {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Encode a password for transmission over LDAP
+ *
+ * @param string $password The password to encode
+ * @return string
+ */
+ public function encodePassword($password)
+ {
+ $password="\"".$password."\"";
+ $encoded="";
+ for ($i=0; $i <strlen($password); $i++){ $encoded.="{$password{$i}}\000"; }
+ return $encoded;
+ }
+
+ /**
+ * Obtain the user's distinguished name based on their userid
+ *
+ *
+ * @param string $username The username
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return string
+ */
+ public function dn($username, $isGUID=false)
+ {
+ $user = $this->info($username, array("cn"), $isGUID);
+ if ($user[0]["dn"] === NULL) {
+ return false;
+ }
+ $userDn = $user[0]["dn"];
+ return $userDn;
+ }
+
+ /**
+ * Return a list of all users in AD
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $search Search parameter
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true)
+ {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i<$entries["count"]; $i++){
+ if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription){
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Converts a username (samAccountName) to a GUID
+ *
+ * @param string $username The username to query
+ * @return string
+ */
+ public function usernameToGuid($username)
+ {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($username === null){ return "Missing compulsory field [username]"; }
+
+ $filter = "samaccountname=" . $username;
+ $fields = array("objectGUID");
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
+ $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
+ $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
+ $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
+ return $strGUID;
+ }
+ return false;
+ }
+
+ /**
+ * Return a list of all users in AD that have a specific value in a field
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $searchField Field to search search for
+ * @param string $searchFilter Value to search for in the specified field
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ // Perform the search and grab all their details
+ $searchParams = "";
+ if ($searchField) {
+ $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+ }
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i < $entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ }
+ else if ($includeDescription) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted){
+ asort($usersArray);
+ }
+ return ($usersArray);
+ }
+
+ /**
+ * Move a user account to a different OU
+ *
+ * @param string $username The username to move (please be careful here!)
+ * @param array $container The container or containers to move the user to (please be careful here!).
+ * accepts containers in 1. parent 2. child order
+ * @return array
+ */
+ public function move($username, $container)
+ {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ if ($container === null) { return "Missing compulsory field [container]"; }
+ if (!is_array($container)) { return "Container must be an array"; }
+
+ $userInfo = $this->info($username, array("*"));
+ $dn = $userInfo[0]['distinguishedname'][0];
+ $newRDn = "cn=" . $username;
+ $container = array_reverse($container);
+ $newContainer = "ou=" . implode(",ou=",$container);
+ $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+ $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+ if ($result !== true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Get the last logon time of any user as a Unix timestamp
+ *
+ * @param string $username
+ * @return long $unixTimestamp
+ */
+ public function getLastLogon($username) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ $userInfo = $this->info($username, array("lastLogonTimestamp"));
+ $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+ return $lastLogon;
+ }
+
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
index f039a4290..5e8644188 100644
--- a/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
+++ b/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
@@ -1,264 +1,264 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Utils
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
- */
-require_once(dirname(__FILE__) . '/../adLDAP.php');
-
-/**
-* UTILITY FUNCTIONS
-*/
-class adLDAPUtils {
- const ADLDAP_VERSION = '4.0.4';
-
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- public function __construct(adLDAP $adldap) {
- $this->adldap = $adldap;
- }
-
-
- /**
- * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
- *
- * @param array $groups
- * @return array
- */
- public function niceNames($groups)
- {
-
- $groupArray = array();
- for ($i=0; $i<$groups["count"]; $i++){ // For each group
- $line = $groups[$i];
-
- if (strlen($line)>0) {
- // More presumptions, they're all prefixed with CN=
- // so we ditch the first three characters and the group
- // name goes up to the first comma
- $bits=explode(",", $line);
- $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
- }
- }
- return $groupArray;
- }
-
- /**
- * Escape characters for use in an ldap_create function
- *
- * @param string $str
- * @return string
- */
- public function escapeCharacters($str) {
- $str = str_replace(",", "\,", $str);
- return $str;
- }
-
- /**
- * Escape strings for the use in LDAP filters
- *
- * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
- * Ported from Perl's Net::LDAP::Util escape_filter_value
- *
- * @param string $str The string the parse
- * @author Port by Andreas Gohr <andi@splitbrain.org>
- * @return string
- */
- public function ldapSlashes($str){
- return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
- '"\\\\\".join("",unpack("H2","$1"))',
- $str);
- }
-
- /**
- * Converts a string GUID to a hexdecimal value so it can be queried
- *
- * @param string $strGUID A string representation of a GUID
- * @return string
- */
- public function strGuidToHex($strGUID)
- {
- $strGUID = str_replace('-', '', $strGUID);
-
- $octet_str = '\\' . substr($strGUID, 6, 2);
- $octet_str .= '\\' . substr($strGUID, 4, 2);
- $octet_str .= '\\' . substr($strGUID, 2, 2);
- $octet_str .= '\\' . substr($strGUID, 0, 2);
- $octet_str .= '\\' . substr($strGUID, 10, 2);
- $octet_str .= '\\' . substr($strGUID, 8, 2);
- $octet_str .= '\\' . substr($strGUID, 14, 2);
- $octet_str .= '\\' . substr($strGUID, 12, 2);
- //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
- for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
- if (($i % 2) == 0) {
- $octet_str .= '\\' . substr($strGUID, $i, 2);
- }
- }
-
- return $octet_str;
- }
-
- /**
- * Convert a binary SID to a text SID
- *
- * @param string $binsid A Binary SID
- * @return string
- */
- public function getTextSID($binsid) {
- $hex_sid = bin2hex($binsid);
- $rev = hexdec(substr($hex_sid, 0, 2));
- $subcount = hexdec(substr($hex_sid, 2, 2));
- $auth = hexdec(substr($hex_sid, 4, 12));
- $result = "$rev-$auth";
-
- for ($x=0;$x < $subcount; $x++) {
- $subauth[$x] =
- hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
- $result .= "-" . $subauth[$x];
- }
-
- // Cheat by tacking on the S-
- return 'S-' . $result;
- }
-
- /**
- * Converts a little-endian hex number to one that hexdec() can convert
- *
- * @param string $hex A hex code
- * @return string
- */
- public function littleEndian($hex)
- {
- $result = '';
- for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
- $result .= substr($hex, $x, 2);
- }
- return $result;
- }
-
- /**
- * Converts a binary attribute to a string
- *
- * @param string $bin A binary LDAP attribute
- * @return string
- */
- public function binaryToText($bin)
- {
- $hex_guid = bin2hex($bin);
- $hex_guid_to_guid_str = '';
- for($k = 1; $k <= 4; ++$k) {
- $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
- }
- $hex_guid_to_guid_str .= '-';
- for($k = 1; $k <= 2; ++$k) {
- $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
- }
- $hex_guid_to_guid_str .= '-';
- for($k = 1; $k <= 2; ++$k) {
- $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
- }
- $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
- $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
- return strtoupper($hex_guid_to_guid_str);
- }
-
- /**
- * Converts a binary GUID to a string GUID
- *
- * @param string $binaryGuid The binary GUID attribute to convert
- * @return string
- */
- public function decodeGuid($binaryGuid)
- {
- if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
-
- $strGUID = $this->binaryToText($binaryGuid);
- return $strGUID;
- }
-
- /**
- * Convert a boolean value to a string
- * You should never need to call this yourself
- *
- * @param bool $bool Boolean value
- * @return string
- */
- public function boolToStr($bool)
- {
- return ($bool) ? 'TRUE' : 'FALSE';
- }
-
- /**
- * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
- */
- public function encode8Bit(&$item, $key) {
- $encode = false;
- if (is_string($item)) {
- for ($i=0; $i<strlen($item); $i++) {
- if (ord($item[$i]) >> 7) {
- $encode = true;
- }
- }
- }
- if ($encode === true && $key != 'password') {
- $item = utf8_encode($item);
- }
- }
-
- /**
- * Get the current class version number
- *
- * @return string
- */
- public function getVersion() {
- return self::ADLDAP_VERSION;
- }
-
- /**
- * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
- *
- * @param long $windowsTime
- * @return long $unixTime
- */
- public static function convertWindowsTimeToUnixTime($windowsTime) {
- $unixTime = round($windowsTime / 10000000) - 11644477200;
- return $unixTime;
- }
-}
-
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Utils
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* UTILITY FUNCTIONS
+*/
+class adLDAPUtils {
+ const ADLDAP_VERSION = '4.0.4';
+
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ public function __construct(adLDAP $adldap) {
+ $this->adldap = $adldap;
+ }
+
+
+ /**
+ * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+ *
+ * @param array $groups
+ * @return array
+ */
+ public function niceNames($groups)
+ {
+
+ $groupArray = array();
+ for ($i=0; $i<$groups["count"]; $i++){ // For each group
+ $line = $groups[$i];
+
+ if (strlen($line)>0) {
+ // More presumptions, they're all prefixed with CN=
+ // so we ditch the first three characters and the group
+ // name goes up to the first comma
+ $bits=explode(",", $line);
+ $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+ }
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Escape characters for use in an ldap_create function
+ *
+ * @param string $str
+ * @return string
+ */
+ public function escapeCharacters($str) {
+ $str = str_replace(",", "\,", $str);
+ return $str;
+ }
+
+ /**
+ * Escape strings for the use in LDAP filters
+ *
+ * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @param string $str The string the parse
+ * @author Port by Andreas Gohr <andi@splitbrain.org>
+ * @return string
+ */
+ public function ldapSlashes($str){
+ return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+ '"\\\\\".join("",unpack("H2","$1"))',
+ $str);
+ }
+
+ /**
+ * Converts a string GUID to a hexdecimal value so it can be queried
+ *
+ * @param string $strGUID A string representation of a GUID
+ * @return string
+ */
+ public function strGuidToHex($strGUID)
+ {
+ $strGUID = str_replace('-', '', $strGUID);
+
+ $octet_str = '\\' . substr($strGUID, 6, 2);
+ $octet_str .= '\\' . substr($strGUID, 4, 2);
+ $octet_str .= '\\' . substr($strGUID, 2, 2);
+ $octet_str .= '\\' . substr($strGUID, 0, 2);
+ $octet_str .= '\\' . substr($strGUID, 10, 2);
+ $octet_str .= '\\' . substr($strGUID, 8, 2);
+ $octet_str .= '\\' . substr($strGUID, 14, 2);
+ $octet_str .= '\\' . substr($strGUID, 12, 2);
+ //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+ for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+ if (($i % 2) == 0) {
+ $octet_str .= '\\' . substr($strGUID, $i, 2);
+ }
+ }
+
+ return $octet_str;
+ }
+
+ /**
+ * Convert a binary SID to a text SID
+ *
+ * @param string $binsid A Binary SID
+ * @return string
+ */
+ public function getTextSID($binsid) {
+ $hex_sid = bin2hex($binsid);
+ $rev = hexdec(substr($hex_sid, 0, 2));
+ $subcount = hexdec(substr($hex_sid, 2, 2));
+ $auth = hexdec(substr($hex_sid, 4, 12));
+ $result = "$rev-$auth";
+
+ for ($x=0;$x < $subcount; $x++) {
+ $subauth[$x] =
+ hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+ $result .= "-" . $subauth[$x];
+ }
+
+ // Cheat by tacking on the S-
+ return 'S-' . $result;
+ }
+
+ /**
+ * Converts a little-endian hex number to one that hexdec() can convert
+ *
+ * @param string $hex A hex code
+ * @return string
+ */
+ public function littleEndian($hex)
+ {
+ $result = '';
+ for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+ $result .= substr($hex, $x, 2);
+ }
+ return $result;
+ }
+
+ /**
+ * Converts a binary attribute to a string
+ *
+ * @param string $bin A binary LDAP attribute
+ * @return string
+ */
+ public function binaryToText($bin)
+ {
+ $hex_guid = bin2hex($bin);
+ $hex_guid_to_guid_str = '';
+ for($k = 1; $k <= 4; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+ return strtoupper($hex_guid_to_guid_str);
+ }
+
+ /**
+ * Converts a binary GUID to a string GUID
+ *
+ * @param string $binaryGuid The binary GUID attribute to convert
+ * @return string
+ */
+ public function decodeGuid($binaryGuid)
+ {
+ if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+
+ $strGUID = $this->binaryToText($binaryGuid);
+ return $strGUID;
+ }
+
+ /**
+ * Convert a boolean value to a string
+ * You should never need to call this yourself
+ *
+ * @param bool $bool Boolean value
+ * @return string
+ */
+ public function boolToStr($bool)
+ {
+ return ($bool) ? 'TRUE' : 'FALSE';
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ public function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i<strlen($item); $i++) {
+ if (ord($item[$i]) >> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Get the current class version number
+ *
+ * @return string
+ */
+ public function getVersion() {
+ return self::ADLDAP_VERSION;
+ }
+
+ /**
+ * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+ *
+ * @param long $windowsTime
+ * @return long $unixTime
+ */
+ public static function convertWindowsTimeToUnixTime($windowsTime) {
+ $unixTime = round($windowsTime / 10000000) - 11644477200;
+ return $unixTime;
+ }
+}
+
?>
\ No newline at end of file
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
index c0a2eb2fa..433d39f18 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
@@ -1,137 +1,137 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage Collection
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
-*/
-
-abstract class adLDAPCollection
-{
- /**
- * The current adLDAP connection via dependency injection
- *
- * @var adLDAP
- */
- protected $adldap;
-
- /**
- * The current object being modifed / called
- *
- * @var mixed
- */
- protected $currentObject;
-
- /**
- * The raw info array from Active Directory
- *
- * @var array
- */
- protected $info;
-
- public function __construct($info, adLDAP $adldap)
- {
- $this->setInfo($info);
- $this->adldap = $adldap;
- }
-
- /**
- * Set the raw info array from Active Directory
- *
- * @param array $info
- */
- public function setInfo(array $info)
- {
- if ($this->info && sizeof($info) >= 1) {
- unset($this->info);
- }
- $this->info = $info;
- }
-
- /**
- * Magic get method to retrieve data from the raw array in a formatted way
- *
- * @param string $attribute
- * @return mixed
- */
- public function __get($attribute)
- {
- if (isset($this->info[0]) && is_array($this->info[0])) {
- foreach ($this->info[0] as $keyAttr => $valueAttr) {
- if (strtolower($keyAttr) == strtolower($attribute)) {
- if ($this->info[0][strtolower($attribute)]['count'] == 1) {
- return $this->info[0][strtolower($attribute)][0];
- }
- else {
- $array = array();
- foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
- if ((string)$key != 'count') {
- $array[$key] = $value;
- }
- }
- return $array;
- }
- }
- }
- }
- else {
- return NULL;
- }
- }
-
- /**
- * Magic set method to update an attribute
- *
- * @param string $attribute
- * @param string $value
- * @return bool
- */
- abstract public function __set($attribute, $value);
-
- /**
- * Magic isset method to check for the existence of an attribute
- *
- * @param string $attribute
- * @return bool
- */
- public function __isset($attribute) {
- if (isset($this->info[0]) && is_array($this->info[0])) {
- foreach ($this->info[0] as $keyAttr => $valueAttr) {
- if (strtolower($keyAttr) == strtolower($attribute)) {
- return true;
- }
- }
- }
- return false;
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Collection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+abstract class adLDAPCollection
+{
+ /**
+ * The current adLDAP connection via dependency injection
+ *
+ * @var adLDAP
+ */
+ protected $adldap;
+
+ /**
+ * The current object being modifed / called
+ *
+ * @var mixed
+ */
+ protected $currentObject;
+
+ /**
+ * The raw info array from Active Directory
+ *
+ * @var array
+ */
+ protected $info;
+
+ public function __construct($info, adLDAP $adldap)
+ {
+ $this->setInfo($info);
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Set the raw info array from Active Directory
+ *
+ * @param array $info
+ */
+ public function setInfo(array $info)
+ {
+ if ($this->info && sizeof($info) >= 1) {
+ unset($this->info);
+ }
+ $this->info = $info;
+ }
+
+ /**
+ * Magic get method to retrieve data from the raw array in a formatted way
+ *
+ * @param string $attribute
+ * @return mixed
+ */
+ public function __get($attribute)
+ {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+ return $this->info[0][strtolower($attribute)][0];
+ }
+ else {
+ $array = array();
+ foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+ if ((string)$key != 'count') {
+ $array[$key] = $value;
+ }
+ }
+ return $array;
+ }
+ }
+ }
+ }
+ else {
+ return NULL;
+ }
+ }
+
+ /**
+ * Magic set method to update an attribute
+ *
+ * @param string $attribute
+ * @param string $value
+ * @return bool
+ */
+ abstract public function __set($attribute, $value);
+
+ /**
+ * Magic isset method to check for the existence of an attribute
+ *
+ * @param string $attribute
+ * @return bool
+ */
+ public function __isset($attribute) {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
index 4f11d8f41..09f82cadc 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
@@ -1,46 +1,46 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage ComputerCollection
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
-*/
-
-class adLDAPComputerCollection extends adLDAPCollection
-{
-
- public function __set($attribute, $value)
- {
-
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage ComputerCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPComputerCollection extends adLDAPCollection
+{
+
+ public function __set($attribute, $value)
+ {
+
+ }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
index d42fe6d4c..a9efad5a9 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
@@ -1,46 +1,46 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage ContactCollection
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
-*/
-
-class adLDAPContactCollection extends adLDAPCollection
-{
-
- public function __set($attribute, $value)
- {
-
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage ContactCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPContactCollection extends adLDAPCollection
+{
+
+ public function __set($attribute, $value)
+ {
+
+ }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
index cff12fc20..ef4af8df2 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
@@ -1,46 +1,46 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage GroupCollection
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
-*/
-
-class adLDAPGroupCollection extends adLDAPCollection
-{
-
- public function __set($attribute, $value)
- {
-
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage GroupCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPGroupCollection extends adLDAPCollection
+{
+
+ public function __set($attribute, $value)
+ {
+
+ }
+}
+?>
diff --git a/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
index 801d90296..63fce5f96 100644
--- a/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
+++ b/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
@@ -1,46 +1,46 @@
-<?php
-/**
- * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
- * Version 4.0.4
- *
- * PHP Version 5 with SSL and LDAP support
- *
- * Written by Scott Barnett, Richard Hyland
- * email: scott@wiggumworld.com, adldap@richardhyland.com
- * http://adldap.sourceforge.net/
- *
- * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- *
- * We'd appreciate any improvements or additions to be submitted back
- * to benefit the entire community :)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * @category ToolsAndUtilities
- * @package adLDAP
- * @subpackage UserCollection
- * @author Scott Barnett, Richard Hyland
- * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
- * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
- * @revision $Revision: 97 $
- * @version 4.0.4
- * @link http://adldap.sourceforge.net/
-*/
-
-class adLDAPUserCollection extends adLDAPCollection
-{
-
- public function __set($attribute, $value)
- {
-
- }
-}
-?>
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY
+ * Version 4.0.4
+ *
+ * PHP Version 5 with SSL and LDAP support
+ *
+ * Written by Scott Barnett, Richard Hyland
+ * email: scott@wiggumworld.com, adldap@richardhyland.com
+ * http://adldap.sourceforge.net/
+ *
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ *
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage UserCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPUserCollection extends adLDAPCollection
+{
+
+ public function __set($attribute, $value)
+ {
+
+ }
+}
+?>
diff --git a/lib/scripts/jquery/jquery-migrate.js b/lib/scripts/jquery/jquery-migrate.js
index e99f954e6..942cb8b4d 100644
--- a/lib/scripts/jquery/jquery-migrate.js
+++ b/lib/scripts/jquery/jquery-migrate.js
@@ -1,511 +1,511 @@
-/*!
- * jQuery Migrate - v1.1.1 - 2013-02-16
- * https://github.com/jquery/jquery-migrate
- * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors; Licensed MIT
- */
-(function( jQuery, window, undefined ) {
-// See http://bugs.jquery.com/ticket/13335
-// "use strict";
-
-
-var warnedAbout = {};
-
-// List of warnings already given; public read only
-jQuery.migrateWarnings = [];
-
-// Set to true to prevent console output; migrateWarnings still maintained
-// jQuery.migrateMute = false;
-
-// Show a message on the console so devs know we're active
-if ( !jQuery.migrateMute && window.console && console.log ) {
- console.log("JQMIGRATE: Logging is active");
-}
-
-// Set to false to disable traces that appear with warnings
-if ( jQuery.migrateTrace === undefined ) {
- jQuery.migrateTrace = true;
-}
-
-// Forget any warnings we've already given; public
-jQuery.migrateReset = function() {
- warnedAbout = {};
- jQuery.migrateWarnings.length = 0;
-};
-
-function migrateWarn( msg) {
- if ( !warnedAbout[ msg ] ) {
- warnedAbout[ msg ] = true;
- jQuery.migrateWarnings.push( msg );
- if ( window.console && console.warn && !jQuery.migrateMute ) {
- console.warn( "JQMIGRATE: " + msg );
- if ( jQuery.migrateTrace && console.trace ) {
- console.trace();
- }
- }
- }
-}
-
-function migrateWarnProp( obj, prop, value, msg ) {
- if ( Object.defineProperty ) {
- // On ES5 browsers (non-oldIE), warn if the code tries to get prop;
- // allow property to be overwritten in case some other plugin wants it
- try {
- Object.defineProperty( obj, prop, {
- configurable: true,
- enumerable: true,
- get: function() {
- migrateWarn( msg );
- return value;
- },
- set: function( newValue ) {
- migrateWarn( msg );
- value = newValue;
- }
- });
- return;
- } catch( err ) {
- // IE8 is a dope about Object.defineProperty, can't warn there
- }
- }
-
- // Non-ES5 (or broken) browser; just set the property
- jQuery._definePropertyBroken = true;
- obj[ prop ] = value;
-}
-
-if ( document.compatMode === "BackCompat" ) {
- // jQuery has never supported or tested Quirks Mode
- migrateWarn( "jQuery is not compatible with Quirks Mode" );
-}
-
-
-var attrFn = jQuery( "<input/>", { size: 1 } ).attr("size") && jQuery.attrFn,
- oldAttr = jQuery.attr,
- valueAttrGet = jQuery.attrHooks.value && jQuery.attrHooks.value.get ||
- function() { return null; },
- valueAttrSet = jQuery.attrHooks.value && jQuery.attrHooks.value.set ||
- function() { return undefined; },
- rnoType = /^(?:input|button)$/i,
- rnoAttrNodeType = /^[238]$/,
- rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,
- ruseDefault = /^(?:checked|selected)$/i;
-
-// jQuery.attrFn
-migrateWarnProp( jQuery, "attrFn", attrFn || {}, "jQuery.attrFn is deprecated" );
-
-jQuery.attr = function( elem, name, value, pass ) {
- var lowerName = name.toLowerCase(),
- nType = elem && elem.nodeType;
-
- if ( pass ) {
- // Since pass is used internally, we only warn for new jQuery
- // versions where there isn't a pass arg in the formal params
- if ( oldAttr.length < 4 ) {
- migrateWarn("jQuery.fn.attr( props, pass ) is deprecated");
- }
- if ( elem && !rnoAttrNodeType.test( nType ) &&
- (attrFn ? name in attrFn : jQuery.isFunction(jQuery.fn[name])) ) {
- return jQuery( elem )[ name ]( value );
- }
- }
-
- // Warn if user tries to set `type`, since it breaks on IE 6/7/8; by checking
- // for disconnected elements we don't warn on $( "<button>", { type: "button" } ).
- if ( name === "type" && value !== undefined && rnoType.test( elem.nodeName ) && elem.parentNode ) {
- migrateWarn("Can't change the 'type' of an input or button in IE 6/7/8");
- }
-
- // Restore boolHook for boolean property/attribute synchronization
- if ( !jQuery.attrHooks[ lowerName ] && rboolean.test( lowerName ) ) {
- jQuery.attrHooks[ lowerName ] = {
- get: function( elem, name ) {
- // Align boolean attributes with corresponding properties
- // Fall back to attribute presence where some booleans are not supported
- var attrNode,
- property = jQuery.prop( elem, name );
- return property === true || typeof property !== "boolean" &&
- ( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ?
-
- name.toLowerCase() :
- undefined;
- },
- set: function( elem, value, name ) {
- var propName;
- if ( value === false ) {
- // Remove boolean attributes when set to false
- jQuery.removeAttr( elem, name );
- } else {
- // value is true since we know at this point it's type boolean and not false
- // Set boolean attributes to the same name and set the DOM property
- propName = jQuery.propFix[ name ] || name;
- if ( propName in elem ) {
- // Only set the IDL specifically if it already exists on the element
- elem[ propName ] = true;
- }
-
- elem.setAttribute( name, name.toLowerCase() );
- }
- return name;
- }
- };
-
- // Warn only for attributes that can remain distinct from their properties post-1.9
- if ( ruseDefault.test( lowerName ) ) {
- migrateWarn( "jQuery.fn.attr('" + lowerName + "') may use property instead of attribute" );
- }
- }
-
- return oldAttr.call( jQuery, elem, name, value );
-};
-
-// attrHooks: value
-jQuery.attrHooks.value = {
- get: function( elem, name ) {
- var nodeName = ( elem.nodeName || "" ).toLowerCase();
- if ( nodeName === "button" ) {
- return valueAttrGet.apply( this, arguments );
- }
- if ( nodeName !== "input" && nodeName !== "option" ) {
- migrateWarn("jQuery.fn.attr('value') no longer gets properties");
- }
- return name in elem ?
- elem.value :
- null;
- },
- set: function( elem, value ) {
- var nodeName = ( elem.nodeName || "" ).toLowerCase();
- if ( nodeName === "button" ) {
- return valueAttrSet.apply( this, arguments );
- }
- if ( nodeName !== "input" && nodeName !== "option" ) {
- migrateWarn("jQuery.fn.attr('value', val) no longer sets properties");
- }
- // Does not return so that setAttribute is also used
- elem.value = value;
- }
-};
-
-
-var matched, browser,
- oldInit = jQuery.fn.init,
- oldParseJSON = jQuery.parseJSON,
- // Note this does NOT include the #9521 XSS fix from 1.7!
- rquickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*|#([\w\-]*))$/;
-
-// $(html) "looks like html" rule change
-jQuery.fn.init = function( selector, context, rootjQuery ) {
- var match;
-
- if ( selector && typeof selector === "string" && !jQuery.isPlainObject( context ) &&
- (match = rquickExpr.exec( selector )) && match[1] ) {
- // This is an HTML string according to the "old" rules; is it still?
- if ( selector.charAt( 0 ) !== "<" ) {
- migrateWarn("$(html) HTML strings must start with '<' character");
- }
- // Now process using loose rules; let pre-1.8 play too
- if ( context && context.context ) {
- // jQuery object as context; parseHTML expects a DOM object
- context = context.context;
- }
- if ( jQuery.parseHTML ) {
- return oldInit.call( this, jQuery.parseHTML( jQuery.trim(selector), context, true ),
- context, rootjQuery );
- }
- }
- return oldInit.apply( this, arguments );
-};
-jQuery.fn.init.prototype = jQuery.fn;
-
-// Let $.parseJSON(falsy_value) return null
-jQuery.parseJSON = function( json ) {
- if ( !json && json !== null ) {
- migrateWarn("jQuery.parseJSON requires a valid JSON string");
- return null;
- }
- return oldParseJSON.apply( this, arguments );
-};
-
-jQuery.uaMatch = function( ua ) {
- ua = ua.toLowerCase();
-
- var match = /(chrome)[ \/]([\w.]+)/.exec( ua ) ||
- /(webkit)[ \/]([\w.]+)/.exec( ua ) ||
- /(opera)(?:.*version|)[ \/]([\w.]+)/.exec( ua ) ||
- /(msie) ([\w.]+)/.exec( ua ) ||
- ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec( ua ) ||
- [];
-
- return {
- browser: match[ 1 ] || "",
- version: match[ 2 ] || "0"
- };
-};
-
-// Don't clobber any existing jQuery.browser in case it's different
-if ( !jQuery.browser ) {
- matched = jQuery.uaMatch( navigator.userAgent );
- browser = {};
-
- if ( matched.browser ) {
- browser[ matched.browser ] = true;
- browser.version = matched.version;
- }
-
- // Chrome is Webkit, but Webkit is also Safari.
- if ( browser.chrome ) {
- browser.webkit = true;
- } else if ( browser.webkit ) {
- browser.safari = true;
- }
-
- jQuery.browser = browser;
-}
-
-// Warn if the code tries to get jQuery.browser
-migrateWarnProp( jQuery, "browser", jQuery.browser, "jQuery.browser is deprecated" );
-
-jQuery.sub = function() {
- function jQuerySub( selector, context ) {
- return new jQuerySub.fn.init( selector, context );
- }
- jQuery.extend( true, jQuerySub, this );
- jQuerySub.superclass = this;
- jQuerySub.fn = jQuerySub.prototype = this();
- jQuerySub.fn.constructor = jQuerySub;
- jQuerySub.sub = this.sub;
- jQuerySub.fn.init = function init( selector, context ) {
- if ( context && context instanceof jQuery && !(context instanceof jQuerySub) ) {
- context = jQuerySub( context );
- }
-
- return jQuery.fn.init.call( this, selector, context, rootjQuerySub );
- };
- jQuerySub.fn.init.prototype = jQuerySub.fn;
- var rootjQuerySub = jQuerySub(document);
- migrateWarn( "jQuery.sub() is deprecated" );
- return jQuerySub;
-};
-
-
-// Ensure that $.ajax gets the new parseJSON defined in core.js
-jQuery.ajaxSetup({
- converters: {
- "text json": jQuery.parseJSON
- }
-});
-
-
-var oldFnData = jQuery.fn.data;
-
-jQuery.fn.data = function( name ) {
- var ret, evt,
- elem = this[0];
-
- // Handles 1.7 which has this behavior and 1.8 which doesn't
- if ( elem && name === "events" && arguments.length === 1 ) {
- ret = jQuery.data( elem, name );
- evt = jQuery._data( elem, name );
- if ( ( ret === undefined || ret === evt ) && evt !== undefined ) {
- migrateWarn("Use of jQuery.fn.data('events') is deprecated");
- return evt;
- }
- }
- return oldFnData.apply( this, arguments );
-};
-
-
-var rscriptType = /\/(java|ecma)script/i,
- oldSelf = jQuery.fn.andSelf || jQuery.fn.addBack;
-
-jQuery.fn.andSelf = function() {
- migrateWarn("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()");
- return oldSelf.apply( this, arguments );
-};
-
-// Since jQuery.clean is used internally on older versions, we only shim if it's missing
-if ( !jQuery.clean ) {
- jQuery.clean = function( elems, context, fragment, scripts ) {
- // Set context per 1.8 logic
- context = context || document;
- context = !context.nodeType && context[0] || context;
- context = context.ownerDocument || context;
-
- migrateWarn("jQuery.clean() is deprecated");
-
- var i, elem, handleScript, jsTags,
- ret = [];
-
- jQuery.merge( ret, jQuery.buildFragment( elems, context ).childNodes );
-
- // Complex logic lifted directly from jQuery 1.8
- if ( fragment ) {
- // Special handling of each script element
- handleScript = function( elem ) {
- // Check if we consider it executable
- if ( !elem.type || rscriptType.test( elem.type ) ) {
- // Detach the script and store it in the scripts array (if provided) or the fragment
- // Return truthy to indicate that it has been handled
- return scripts ?
- scripts.push( elem.parentNode ? elem.parentNode.removeChild( elem ) : elem ) :
- fragment.appendChild( elem );
- }
- };
-
- for ( i = 0; (elem = ret[i]) != null; i++ ) {
- // Check if we're done after handling an executable script
- if ( !( jQuery.nodeName( elem, "script" ) && handleScript( elem ) ) ) {
- // Append to fragment and handle embedded scripts
- fragment.appendChild( elem );
- if ( typeof elem.getElementsByTagName !== "undefined" ) {
- // handleScript alters the DOM, so use jQuery.merge to ensure snapshot iteration
- jsTags = jQuery.grep( jQuery.merge( [], elem.getElementsByTagName("script") ), handleScript );
-
- // Splice the scripts into ret after their former ancestor and advance our index beyond them
- ret.splice.apply( ret, [i + 1, 0].concat( jsTags ) );
- i += jsTags.length;
- }
- }
- }
- }
-
- return ret;
- };
-}
-
-var eventAdd = jQuery.event.add,
- eventRemove = jQuery.event.remove,
- eventTrigger = jQuery.event.trigger,
- oldToggle = jQuery.fn.toggle,
- oldLive = jQuery.fn.live,
- oldDie = jQuery.fn.die,
- ajaxEvents = "ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",
- rajaxEvent = new RegExp( "\\b(?:" + ajaxEvents + ")\\b" ),
- rhoverHack = /(?:^|\s)hover(\.\S+|)\b/,
- hoverHack = function( events ) {
- if ( typeof( events ) !== "string" || jQuery.event.special.hover ) {
- return events;
- }
- if ( rhoverHack.test( events ) ) {
- migrateWarn("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'");
- }
- return events && events.replace( rhoverHack, "mouseenter$1 mouseleave$1" );
- };
-
-// Event props removed in 1.9, put them back if needed; no practical way to warn them
-if ( jQuery.event.props && jQuery.event.props[ 0 ] !== "attrChange" ) {
- jQuery.event.props.unshift( "attrChange", "attrName", "relatedNode", "srcElement" );
-}
-
-// Undocumented jQuery.event.handle was "deprecated" in jQuery 1.7
-if ( jQuery.event.dispatch ) {
- migrateWarnProp( jQuery.event, "handle", jQuery.event.dispatch, "jQuery.event.handle is undocumented and deprecated" );
-}
-
-// Support for 'hover' pseudo-event and ajax event warnings
-jQuery.event.add = function( elem, types, handler, data, selector ){
- if ( elem !== document && rajaxEvent.test( types ) ) {
- migrateWarn( "AJAX events should be attached to document: " + types );
- }
- eventAdd.call( this, elem, hoverHack( types || "" ), handler, data, selector );
-};
-jQuery.event.remove = function( elem, types, handler, selector, mappedTypes ){
- eventRemove.call( this, elem, hoverHack( types ) || "", handler, selector, mappedTypes );
-};
-
-jQuery.fn.error = function() {
- var args = Array.prototype.slice.call( arguments, 0);
- migrateWarn("jQuery.fn.error() is deprecated");
- args.splice( 0, 0, "error" );
- if ( arguments.length ) {
- return this.bind.apply( this, args );
- }
- // error event should not bubble to window, although it does pre-1.7
- this.triggerHandler.apply( this, args );
- return this;
-};
-
-jQuery.fn.toggle = function( fn, fn2 ) {
-
- // Don't mess with animation or css toggles
- if ( !jQuery.isFunction( fn ) || !jQuery.isFunction( fn2 ) ) {
- return oldToggle.apply( this, arguments );
- }
- migrateWarn("jQuery.fn.toggle(handler, handler...) is deprecated");
-
- // Save reference to arguments for access in closure
- var args = arguments,
- guid = fn.guid || jQuery.guid++,
- i = 0,
- toggler = function( event ) {
- // Figure out which function to execute
- var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i;
- jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 );
-
- // Make sure that clicks stop
- event.preventDefault();
-
- // and execute the function
- return args[ lastToggle ].apply( this, arguments ) || false;
- };
-
- // link all the functions, so any of them can unbind this click handler
- toggler.guid = guid;
- while ( i < args.length ) {
- args[ i++ ].guid = guid;
- }
-
- return this.click( toggler );
-};
-
-jQuery.fn.live = function( types, data, fn ) {
- migrateWarn("jQuery.fn.live() is deprecated");
- if ( oldLive ) {
- return oldLive.apply( this, arguments );
- }
- jQuery( this.context ).on( types, this.selector, data, fn );
- return this;
-};
-
-jQuery.fn.die = function( types, fn ) {
- migrateWarn("jQuery.fn.die() is deprecated");
- if ( oldDie ) {
- return oldDie.apply( this, arguments );
- }
- jQuery( this.context ).off( types, this.selector || "**", fn );
- return this;
-};
-
-// Turn global events into document-triggered events
-jQuery.event.trigger = function( event, data, elem, onlyHandlers ){
- if ( !elem && !rajaxEvent.test( event ) ) {
- migrateWarn( "Global events are undocumented and deprecated" );
- }
- return eventTrigger.call( this, event, data, elem || document, onlyHandlers );
-};
-jQuery.each( ajaxEvents.split("|"),
- function( _, name ) {
- jQuery.event.special[ name ] = {
- setup: function() {
- var elem = this;
-
- // The document needs no shimming; must be !== for oldIE
- if ( elem !== document ) {
- jQuery.event.add( document, name + "." + jQuery.guid, function() {
- jQuery.event.trigger( name, null, elem, true );
- });
- jQuery._data( this, name, jQuery.guid++ );
- }
- return false;
- },
- teardown: function() {
- if ( this !== document ) {
- jQuery.event.remove( document, name + "." + jQuery._data( this, name ) );
- }
- return false;
- }
- };
- }
-);
-
-
-})( jQuery, window );
+/*!
+ * jQuery Migrate - v1.1.1 - 2013-02-16
+ * https://github.com/jquery/jquery-migrate
+ * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors; Licensed MIT
+ */
+(function( jQuery, window, undefined ) {
+// See http://bugs.jquery.com/ticket/13335
+// "use strict";
+
+
+var warnedAbout = {};
+
+// List of warnings already given; public read only
+jQuery.migrateWarnings = [];
+
+// Set to true to prevent console output; migrateWarnings still maintained
+// jQuery.migrateMute = false;
+
+// Show a message on the console so devs know we're active
+if ( !jQuery.migrateMute && window.console && console.log ) {
+ console.log("JQMIGRATE: Logging is active");
+}
+
+// Set to false to disable traces that appear with warnings
+if ( jQuery.migrateTrace === undefined ) {
+ jQuery.migrateTrace = true;
+}
+
+// Forget any warnings we've already given; public
+jQuery.migrateReset = function() {
+ warnedAbout = {};
+ jQuery.migrateWarnings.length = 0;
+};
+
+function migrateWarn( msg) {
+ if ( !warnedAbout[ msg ] ) {
+ warnedAbout[ msg ] = true;
+ jQuery.migrateWarnings.push( msg );
+ if ( window.console && console.warn && !jQuery.migrateMute ) {
+ console.warn( "JQMIGRATE: " + msg );
+ if ( jQuery.migrateTrace && console.trace ) {
+ console.trace();
+ }
+ }
+ }
+}
+
+function migrateWarnProp( obj, prop, value, msg ) {
+ if ( Object.defineProperty ) {
+ // On ES5 browsers (non-oldIE), warn if the code tries to get prop;
+ // allow property to be overwritten in case some other plugin wants it
+ try {
+ Object.defineProperty( obj, prop, {
+ configurable: true,
+ enumerable: true,
+ get: function() {
+ migrateWarn( msg );
+ return value;
+ },
+ set: function( newValue ) {
+ migrateWarn( msg );
+ value = newValue;
+ }
+ });
+ return;
+ } catch( err ) {
+ // IE8 is a dope about Object.defineProperty, can't warn there
+ }
+ }
+
+ // Non-ES5 (or broken) browser; just set the property
+ jQuery._definePropertyBroken = true;
+ obj[ prop ] = value;
+}
+
+if ( document.compatMode === "BackCompat" ) {
+ // jQuery has never supported or tested Quirks Mode
+ migrateWarn( "jQuery is not compatible with Quirks Mode" );
+}
+
+
+var attrFn = jQuery( "<input/>", { size: 1 } ).attr("size") && jQuery.attrFn,
+ oldAttr = jQuery.attr,
+ valueAttrGet = jQuery.attrHooks.value && jQuery.attrHooks.value.get ||
+ function() { return null; },
+ valueAttrSet = jQuery.attrHooks.value && jQuery.attrHooks.value.set ||
+ function() { return undefined; },
+ rnoType = /^(?:input|button)$/i,
+ rnoAttrNodeType = /^[238]$/,
+ rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,
+ ruseDefault = /^(?:checked|selected)$/i;
+
+// jQuery.attrFn
+migrateWarnProp( jQuery, "attrFn", attrFn || {}, "jQuery.attrFn is deprecated" );
+
+jQuery.attr = function( elem, name, value, pass ) {
+ var lowerName = name.toLowerCase(),
+ nType = elem && elem.nodeType;
+
+ if ( pass ) {
+ // Since pass is used internally, we only warn for new jQuery
+ // versions where there isn't a pass arg in the formal params
+ if ( oldAttr.length < 4 ) {
+ migrateWarn("jQuery.fn.attr( props, pass ) is deprecated");
+ }
+ if ( elem && !rnoAttrNodeType.test( nType ) &&
+ (attrFn ? name in attrFn : jQuery.isFunction(jQuery.fn[name])) ) {
+ return jQuery( elem )[ name ]( value );
+ }
+ }
+
+ // Warn if user tries to set `type`, since it breaks on IE 6/7/8; by checking
+ // for disconnected elements we don't warn on $( "<button>", { type: "button" } ).
+ if ( name === "type" && value !== undefined && rnoType.test( elem.nodeName ) && elem.parentNode ) {
+ migrateWarn("Can't change the 'type' of an input or button in IE 6/7/8");
+ }
+
+ // Restore boolHook for boolean property/attribute synchronization
+ if ( !jQuery.attrHooks[ lowerName ] && rboolean.test( lowerName ) ) {
+ jQuery.attrHooks[ lowerName ] = {
+ get: function( elem, name ) {
+ // Align boolean attributes with corresponding properties
+ // Fall back to attribute presence where some booleans are not supported
+ var attrNode,
+ property = jQuery.prop( elem, name );
+ return property === true || typeof property !== "boolean" &&
+ ( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ?
+
+ name.toLowerCase() :
+ undefined;
+ },
+ set: function( elem, value, name ) {
+ var propName;
+ if ( value === false ) {
+ // Remove boolean attributes when set to false
+ jQuery.removeAttr( elem, name );
+ } else {
+ // value is true since we know at this point it's type boolean and not false
+ // Set boolean attributes to the same name and set the DOM property
+ propName = jQuery.propFix[ name ] || name;
+ if ( propName in elem ) {
+ // Only set the IDL specifically if it already exists on the element
+ elem[ propName ] = true;
+ }
+
+ elem.setAttribute( name, name.toLowerCase() );
+ }
+ return name;
+ }
+ };
+
+ // Warn only for attributes that can remain distinct from their properties post-1.9
+ if ( ruseDefault.test( lowerName ) ) {
+ migrateWarn( "jQuery.fn.attr('" + lowerName + "') may use property instead of attribute" );
+ }
+ }
+
+ return oldAttr.call( jQuery, elem, name, value );
+};
+
+// attrHooks: value
+jQuery.attrHooks.value = {
+ get: function( elem, name ) {
+ var nodeName = ( elem.nodeName || "" ).toLowerCase();
+ if ( nodeName === "button" ) {
+ return valueAttrGet.apply( this, arguments );
+ }
+ if ( nodeName !== "input" && nodeName !== "option" ) {
+ migrateWarn("jQuery.fn.attr('value') no longer gets properties");
+ }
+ return name in elem ?
+ elem.value :
+ null;
+ },
+ set: function( elem, value ) {
+ var nodeName = ( elem.nodeName || "" ).toLowerCase();
+ if ( nodeName === "button" ) {
+ return valueAttrSet.apply( this, arguments );
+ }
+ if ( nodeName !== "input" && nodeName !== "option" ) {
+ migrateWarn("jQuery.fn.attr('value', val) no longer sets properties");
+ }
+ // Does not return so that setAttribute is also used
+ elem.value = value;
+ }
+};
+
+
+var matched, browser,
+ oldInit = jQuery.fn.init,
+ oldParseJSON = jQuery.parseJSON,
+ // Note this does NOT include the #9521 XSS fix from 1.7!
+ rquickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*|#([\w\-]*))$/;
+
+// $(html) "looks like html" rule change
+jQuery.fn.init = function( selector, context, rootjQuery ) {
+ var match;
+
+ if ( selector && typeof selector === "string" && !jQuery.isPlainObject( context ) &&
+ (match = rquickExpr.exec( selector )) && match[1] ) {
+ // This is an HTML string according to the "old" rules; is it still?
+ if ( selector.charAt( 0 ) !== "<" ) {
+ migrateWarn("$(html) HTML strings must start with '<' character");
+ }
+ // Now process using loose rules; let pre-1.8 play too
+ if ( context && context.context ) {
+ // jQuery object as context; parseHTML expects a DOM object
+ context = context.context;
+ }
+ if ( jQuery.parseHTML ) {
+ return oldInit.call( this, jQuery.parseHTML( jQuery.trim(selector), context, true ),
+ context, rootjQuery );
+ }
+ }
+ return oldInit.apply( this, arguments );
+};
+jQuery.fn.init.prototype = jQuery.fn;
+
+// Let $.parseJSON(falsy_value) return null
+jQuery.parseJSON = function( json ) {
+ if ( !json && json !== null ) {
+ migrateWarn("jQuery.parseJSON requires a valid JSON string");
+ return null;
+ }
+ return oldParseJSON.apply( this, arguments );
+};
+
+jQuery.uaMatch = function( ua ) {
+ ua = ua.toLowerCase();
+
+ var match = /(chrome)[ \/]([\w.]+)/.exec( ua ) ||
+ /(webkit)[ \/]([\w.]+)/.exec( ua ) ||
+ /(opera)(?:.*version|)[ \/]([\w.]+)/.exec( ua ) ||
+ /(msie) ([\w.]+)/.exec( ua ) ||
+ ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec( ua ) ||
+ [];
+
+ return {
+ browser: match[ 1 ] || "",
+ version: match[ 2 ] || "0"
+ };
+};
+
+// Don't clobber any existing jQuery.browser in case it's different
+if ( !jQuery.browser ) {
+ matched = jQuery.uaMatch( navigator.userAgent );
+ browser = {};
+
+ if ( matched.browser ) {
+ browser[ matched.browser ] = true;
+ browser.version = matched.version;
+ }
+
+ // Chrome is Webkit, but Webkit is also Safari.
+ if ( browser.chrome ) {
+ browser.webkit = true;
+ } else if ( browser.webkit ) {
+ browser.safari = true;
+ }
+
+ jQuery.browser = browser;
+}
+
+// Warn if the code tries to get jQuery.browser
+migrateWarnProp( jQuery, "browser", jQuery.browser, "jQuery.browser is deprecated" );
+
+jQuery.sub = function() {
+ function jQuerySub( selector, context ) {
+ return new jQuerySub.fn.init( selector, context );
+ }
+ jQuery.extend( true, jQuerySub, this );
+ jQuerySub.superclass = this;
+ jQuerySub.fn = jQuerySub.prototype = this();
+ jQuerySub.fn.constructor = jQuerySub;
+ jQuerySub.sub = this.sub;
+ jQuerySub.fn.init = function init( selector, context ) {
+ if ( context && context instanceof jQuery && !(context instanceof jQuerySub) ) {
+ context = jQuerySub( context );
+ }
+
+ return jQuery.fn.init.call( this, selector, context, rootjQuerySub );
+ };
+ jQuerySub.fn.init.prototype = jQuerySub.fn;
+ var rootjQuerySub = jQuerySub(document);
+ migrateWarn( "jQuery.sub() is deprecated" );
+ return jQuerySub;
+};
+
+
+// Ensure that $.ajax gets the new parseJSON defined in core.js
+jQuery.ajaxSetup({
+ converters: {
+ "text json": jQuery.parseJSON
+ }
+});
+
+
+var oldFnData = jQuery.fn.data;
+
+jQuery.fn.data = function( name ) {
+ var ret, evt,
+ elem = this[0];
+
+ // Handles 1.7 which has this behavior and 1.8 which doesn't
+ if ( elem && name === "events" && arguments.length === 1 ) {
+ ret = jQuery.data( elem, name );
+ evt = jQuery._data( elem, name );
+ if ( ( ret === undefined || ret === evt ) && evt !== undefined ) {
+ migrateWarn("Use of jQuery.fn.data('events') is deprecated");
+ return evt;
+ }
+ }
+ return oldFnData.apply( this, arguments );
+};
+
+
+var rscriptType = /\/(java|ecma)script/i,
+ oldSelf = jQuery.fn.andSelf || jQuery.fn.addBack;
+
+jQuery.fn.andSelf = function() {
+ migrateWarn("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()");
+ return oldSelf.apply( this, arguments );
+};
+
+// Since jQuery.clean is used internally on older versions, we only shim if it's missing
+if ( !jQuery.clean ) {
+ jQuery.clean = function( elems, context, fragment, scripts ) {
+ // Set context per 1.8 logic
+ context = context || document;
+ context = !context.nodeType && context[0] || context;
+ context = context.ownerDocument || context;
+
+ migrateWarn("jQuery.clean() is deprecated");
+
+ var i, elem, handleScript, jsTags,
+ ret = [];
+
+ jQuery.merge( ret, jQuery.buildFragment( elems, context ).childNodes );
+
+ // Complex logic lifted directly from jQuery 1.8
+ if ( fragment ) {
+ // Special handling of each script element
+ handleScript = function( elem ) {
+ // Check if we consider it executable
+ if ( !elem.type || rscriptType.test( elem.type ) ) {
+ // Detach the script and store it in the scripts array (if provided) or the fragment
+ // Return truthy to indicate that it has been handled
+ return scripts ?
+ scripts.push( elem.parentNode ? elem.parentNode.removeChild( elem ) : elem ) :
+ fragment.appendChild( elem );
+ }
+ };
+
+ for ( i = 0; (elem = ret[i]) != null; i++ ) {
+ // Check if we're done after handling an executable script
+ if ( !( jQuery.nodeName( elem, "script" ) && handleScript( elem ) ) ) {
+ // Append to fragment and handle embedded scripts
+ fragment.appendChild( elem );
+ if ( typeof elem.getElementsByTagName !== "undefined" ) {
+ // handleScript alters the DOM, so use jQuery.merge to ensure snapshot iteration
+ jsTags = jQuery.grep( jQuery.merge( [], elem.getElementsByTagName("script") ), handleScript );
+
+ // Splice the scripts into ret after their former ancestor and advance our index beyond them
+ ret.splice.apply( ret, [i + 1, 0].concat( jsTags ) );
+ i += jsTags.length;
+ }
+ }
+ }
+ }
+
+ return ret;
+ };
+}
+
+var eventAdd = jQuery.event.add,
+ eventRemove = jQuery.event.remove,
+ eventTrigger = jQuery.event.trigger,
+ oldToggle = jQuery.fn.toggle,
+ oldLive = jQuery.fn.live,
+ oldDie = jQuery.fn.die,
+ ajaxEvents = "ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",
+ rajaxEvent = new RegExp( "\\b(?:" + ajaxEvents + ")\\b" ),
+ rhoverHack = /(?:^|\s)hover(\.\S+|)\b/,
+ hoverHack = function( events ) {
+ if ( typeof( events ) !== "string" || jQuery.event.special.hover ) {
+ return events;
+ }
+ if ( rhoverHack.test( events ) ) {
+ migrateWarn("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'");
+ }
+ return events && events.replace( rhoverHack, "mouseenter$1 mouseleave$1" );
+ };
+
+// Event props removed in 1.9, put them back if needed; no practical way to warn them
+if ( jQuery.event.props && jQuery.event.props[ 0 ] !== "attrChange" ) {
+ jQuery.event.props.unshift( "attrChange", "attrName", "relatedNode", "srcElement" );
+}
+
+// Undocumented jQuery.event.handle was "deprecated" in jQuery 1.7
+if ( jQuery.event.dispatch ) {
+ migrateWarnProp( jQuery.event, "handle", jQuery.event.dispatch, "jQuery.event.handle is undocumented and deprecated" );
+}
+
+// Support for 'hover' pseudo-event and ajax event warnings
+jQuery.event.add = function( elem, types, handler, data, selector ){
+ if ( elem !== document && rajaxEvent.test( types ) ) {
+ migrateWarn( "AJAX events should be attached to document: " + types );
+ }
+ eventAdd.call( this, elem, hoverHack( types || "" ), handler, data, selector );
+};
+jQuery.event.remove = function( elem, types, handler, selector, mappedTypes ){
+ eventRemove.call( this, elem, hoverHack( types ) || "", handler, selector, mappedTypes );
+};
+
+jQuery.fn.error = function() {
+ var args = Array.prototype.slice.call( arguments, 0);
+ migrateWarn("jQuery.fn.error() is deprecated");
+ args.splice( 0, 0, "error" );
+ if ( arguments.length ) {
+ return this.bind.apply( this, args );
+ }
+ // error event should not bubble to window, although it does pre-1.7
+ this.triggerHandler.apply( this, args );
+ return this;
+};
+
+jQuery.fn.toggle = function( fn, fn2 ) {
+
+ // Don't mess with animation or css toggles
+ if ( !jQuery.isFunction( fn ) || !jQuery.isFunction( fn2 ) ) {
+ return oldToggle.apply( this, arguments );
+ }
+ migrateWarn("jQuery.fn.toggle(handler, handler...) is deprecated");
+
+ // Save reference to arguments for access in closure
+ var args = arguments,
+ guid = fn.guid || jQuery.guid++,
+ i = 0,
+ toggler = function( event ) {
+ // Figure out which function to execute
+ var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i;
+ jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 );
+
+ // Make sure that clicks stop
+ event.preventDefault();
+
+ // and execute the function
+ return args[ lastToggle ].apply( this, arguments ) || false;
+ };
+
+ // link all the functions, so any of them can unbind this click handler
+ toggler.guid = guid;
+ while ( i < args.length ) {
+ args[ i++ ].guid = guid;
+ }
+
+ return this.click( toggler );
+};
+
+jQuery.fn.live = function( types, data, fn ) {
+ migrateWarn("jQuery.fn.live() is deprecated");
+ if ( oldLive ) {
+ return oldLive.apply( this, arguments );
+ }
+ jQuery( this.context ).on( types, this.selector, data, fn );
+ return this;
+};
+
+jQuery.fn.die = function( types, fn ) {
+ migrateWarn("jQuery.fn.die() is deprecated");
+ if ( oldDie ) {
+ return oldDie.apply( this, arguments );
+ }
+ jQuery( this.context ).off( types, this.selector || "**", fn );
+ return this;
+};
+
+// Turn global events into document-triggered events
+jQuery.event.trigger = function( event, data, elem, onlyHandlers ){
+ if ( !elem && !rajaxEvent.test( event ) ) {
+ migrateWarn( "Global events are undocumented and deprecated" );
+ }
+ return eventTrigger.call( this, event, data, elem || document, onlyHandlers );
+};
+jQuery.each( ajaxEvents.split("|"),
+ function( _, name ) {
+ jQuery.event.special[ name ] = {
+ setup: function() {
+ var elem = this;
+
+ // The document needs no shimming; must be !== for oldIE
+ if ( elem !== document ) {
+ jQuery.event.add( document, name + "." + jQuery.guid, function() {
+ jQuery.event.trigger( name, null, elem, true );
+ });
+ jQuery._data( this, name, jQuery.guid++ );
+ }
+ return false;
+ },
+ teardown: function() {
+ if ( this !== document ) {
+ jQuery.event.remove( document, name + "." + jQuery._data( this, name ) );
+ }
+ return false;
+ }
+ };
+ }
+);
+
+
+})( jQuery, window );
diff --git a/lib/scripts/jquery/jquery-migrate.min.js b/lib/scripts/jquery/jquery-migrate.min.js
index 759f35e85..eb3ecb1b3 100644
--- a/lib/scripts/jquery/jquery-migrate.min.js
+++ b/lib/scripts/jquery/jquery-migrate.min.js
@@ -1,3 +1,3 @@
-/*! jQuery Migrate v1.1.1 | (c) 2005, 2013 jQuery Foundation, Inc. and other contributors | jquery.org/license */
+/*! jQuery Migrate v1.1.1 | (c) 2005, 2013 jQuery Foundation, Inc. and other contributors | jquery.org/license */
jQuery.migrateMute===void 0&&(jQuery.migrateMute=!0),function(e,t,n){function r(n){o[n]||(o[n]=!0,e.migrateWarnings.push(n),t.console&&console.warn&&!e.migrateMute&&(console.warn("JQMIGRATE: "+n),e.migrateTrace&&console.trace&&console.trace()))}function a(t,a,o,i){if(Object.defineProperty)try{return Object.defineProperty(t,a,{configurable:!0,enumerable:!0,get:function(){return r(i),o},set:function(e){r(i),o=e}}),n}catch(s){}e._definePropertyBroken=!0,t[a]=o}var o={};e.migrateWarnings=[],!e.migrateMute&&t.console&&console.log&&console.log("JQMIGRATE: Logging is active"),e.migrateTrace===n&&(e.migrateTrace=!0),e.migrateReset=function(){o={},e.migrateWarnings.length=0},"BackCompat"===document.compatMode&&r("jQuery is not compatible with Quirks Mode");var i=e("<input/>",{size:1}).attr("size")&&e.attrFn,s=e.attr,u=e.attrHooks.value&&e.attrHooks.value.get||function(){return null},c=e.attrHooks.value&&e.attrHooks.value.set||function(){return n},l=/^(?:input|button)$/i,d=/^[238]$/,p=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,f=/^(?:checked|selected)$/i;a(e,"attrFn",i||{},"jQuery.attrFn is deprecated"),e.attr=function(t,a,o,u){var c=a.toLowerCase(),g=t&&t.nodeType;return u&&(4>s.length&&r("jQuery.fn.attr( props, pass ) is deprecated"),t&&!d.test(g)&&(i?a in i:e.isFunction(e.fn[a])))?e(t)[a](o):("type"===a&&o!==n&&l.test(t.nodeName)&&t.parentNode&&r("Can't change the 'type' of an input or button in IE 6/7/8"),!e.attrHooks[c]&&p.test(c)&&(e.attrHooks[c]={get:function(t,r){var a,o=e.prop(t,r);return o===!0||"boolean"!=typeof o&&(a=t.getAttributeNode(r))&&a.nodeValue!==!1?r.toLowerCase():n},set:function(t,n,r){var a;return n===!1?e.removeAttr(t,r):(a=e.propFix[r]||r,a in t&&(t[a]=!0),t.setAttribute(r,r.toLowerCase())),r}},f.test(c)&&r("jQuery.fn.attr('"+c+"') may use property instead of attribute")),s.call(e,t,a,o))},e.attrHooks.value={get:function(e,t){var n=(e.nodeName||"").toLowerCase();return"button"===n?u.apply(this,arguments):("input"!==n&&"option"!==n&&r("jQuery.fn.attr('value') no longer gets properties"),t in e?e.value:null)},set:function(e,t){var a=(e.nodeName||"").toLowerCase();return"button"===a?c.apply(this,arguments):("input"!==a&&"option"!==a&&r("jQuery.fn.attr('value', val) no longer sets properties"),e.value=t,n)}};var g,h,v=e.fn.init,m=e.parseJSON,y=/^(?:[^<]*(<[\w\W]+>)[^>]*|#([\w\-]*))$/;e.fn.init=function(t,n,a){var o;return t&&"string"==typeof t&&!e.isPlainObject(n)&&(o=y.exec(t))&&o[1]&&("<"!==t.charAt(0)&&r("$(html) HTML strings must start with '<' character"),n&&n.context&&(n=n.context),e.parseHTML)?v.call(this,e.parseHTML(e.trim(t),n,!0),n,a):v.apply(this,arguments)},e.fn.init.prototype=e.fn,e.parseJSON=function(e){return e||null===e?m.apply(this,arguments):(r("jQuery.parseJSON requires a valid JSON string"),null)},e.uaMatch=function(e){e=e.toLowerCase();var t=/(chrome)[ \/]([\w.]+)/.exec(e)||/(webkit)[ \/]([\w.]+)/.exec(e)||/(opera)(?:.*version|)[ \/]([\w.]+)/.exec(e)||/(msie) ([\w.]+)/.exec(e)||0>e.indexOf("compatible")&&/(mozilla)(?:.*? rv:([\w.]+)|)/.exec(e)||[];return{browser:t[1]||"",version:t[2]||"0"}},e.browser||(g=e.uaMatch(navigator.userAgent),h={},g.browser&&(h[g.browser]=!0,h.version=g.version),h.chrome?h.webkit=!0:h.webkit&&(h.safari=!0),e.browser=h),a(e,"browser",e.browser,"jQuery.browser is deprecated"),e.sub=function(){function t(e,n){return new t.fn.init(e,n)}e.extend(!0,t,this),t.superclass=this,t.fn=t.prototype=this(),t.fn.constructor=t,t.sub=this.sub,t.fn.init=function(r,a){return a&&a instanceof e&&!(a instanceof t)&&(a=t(a)),e.fn.init.call(this,r,a,n)},t.fn.init.prototype=t.fn;var n=t(document);return r("jQuery.sub() is deprecated"),t},e.ajaxSetup({converters:{"text json":e.parseJSON}});var b=e.fn.data;e.fn.data=function(t){var a,o,i=this[0];return!i||"events"!==t||1!==arguments.length||(a=e.data(i,t),o=e._data(i,t),a!==n&&a!==o||o===n)?b.apply(this,arguments):(r("Use of jQuery.fn.data('events') is deprecated"),o)};var j=/\/(java|ecma)script/i,w=e.fn.andSelf||e.fn.addBack;e.fn.andSelf=function(){return r("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()"),w.apply(this,arguments)},e.clean||(e.clean=function(t,a,o,i){a=a||document,a=!a.nodeType&&a[0]||a,a=a.ownerDocument||a,r("jQuery.clean() is deprecated");var s,u,c,l,d=[];if(e.merge(d,e.buildFragment(t,a).childNodes),o)for(c=function(e){return!e.type||j.test(e.type)?i?i.push(e.parentNode?e.parentNode.removeChild(e):e):o.appendChild(e):n},s=0;null!=(u=d[s]);s++)e.nodeName(u,"script")&&c(u)||(o.appendChild(u),u.getElementsByTagName!==n&&(l=e.grep(e.merge([],u.getElementsByTagName("script")),c),d.splice.apply(d,[s+1,0].concat(l)),s+=l.length));return d});var Q=e.event.add,x=e.event.remove,k=e.event.trigger,N=e.fn.toggle,C=e.fn.live,S=e.fn.die,T="ajaxStart|ajaxStop|ajaxSend|ajaxComplete|ajaxError|ajaxSuccess",M=RegExp("\\b(?:"+T+")\\b"),H=/(?:^|\s)hover(\.\S+|)\b/,A=function(t){return"string"!=typeof t||e.event.special.hover?t:(H.test(t)&&r("'hover' pseudo-event is deprecated, use 'mouseenter mouseleave'"),t&&t.replace(H,"mouseenter$1 mouseleave$1"))};e.event.props&&"attrChange"!==e.event.props[0]&&e.event.props.unshift("attrChange","attrName","relatedNode","srcElement"),e.event.dispatch&&a(e.event,"handle",e.event.dispatch,"jQuery.event.handle is undocumented and deprecated"),e.event.add=function(e,t,n,a,o){e!==document&&M.test(t)&&r("AJAX events should be attached to document: "+t),Q.call(this,e,A(t||""),n,a,o)},e.event.remove=function(e,t,n,r,a){x.call(this,e,A(t)||"",n,r,a)},e.fn.error=function(){var e=Array.prototype.slice.call(arguments,0);return r("jQuery.fn.error() is deprecated"),e.splice(0,0,"error"),arguments.length?this.bind.apply(this,e):(this.triggerHandler.apply(this,e),this)},e.fn.toggle=function(t,n){if(!e.isFunction(t)||!e.isFunction(n))return N.apply(this,arguments);r("jQuery.fn.toggle(handler, handler...) is deprecated");var a=arguments,o=t.guid||e.guid++,i=0,s=function(n){var r=(e._data(this,"lastToggle"+t.guid)||0)%i;return e._data(this,"lastToggle"+t.guid,r+1),n.preventDefault(),a[r].apply(this,arguments)||!1};for(s.guid=o;a.length>i;)a[i++].guid=o;return this.click(s)},e.fn.live=function(t,n,a){return r("jQuery.fn.live() is deprecated"),C?C.apply(this,arguments):(e(this.context).on(t,this.selector,n,a),this)},e.fn.die=function(t,n){return r("jQuery.fn.die() is deprecated"),S?S.apply(this,arguments):(e(this.context).off(t,this.selector||"**",n),this)},e.event.trigger=function(e,t,n,a){return n||M.test(e)||r("Global events are undocumented and deprecated"),k.call(this,e,t,n||document,a)},e.each(T.split("|"),function(t,n){e.event.special[n]={setup:function(){var t=this;return t!==document&&(e.event.add(document,n+"."+e.guid,function(){e.event.trigger(n,null,t,!0)}),e._data(this,n,e.guid++)),!1},teardown:function(){return this!==document&&e.event.remove(document,n+"."+e._data(this,n)),!1}}})}(jQuery,window);
//@ sourceMappingURL=dist/jquery-migrate.min.map
\ No newline at end of file
--
GitLab