PHPXRef 0.7 : DokuWiki : Detail view of adLDAP.php

Class: adLDAP - X-Ref

Main adLDAP class

Can be initialised using $adldap = new adLDAP();

Something to keep in mind is that Active Directory is a permissions
based directory. If you bind as a domain user, you can't fetch as
much information on other users as you could as a domain admin.

Before asking questions, please read the Documentation at
http://adldap.sourceforge.net/wiki/doku.php?id=api

set_account_suffix($_account_suffix) X-Ref

Set the account suffix

param: string $_account_suffix
return: void

get_account_suffix() X-Ref

Get the account suffix

return: string

set_domain_controllers(array $_domain_controllers) X-Ref

Set the domain controllers array

param: array $_domain_controllers
return: void

get_domain_controllers() X-Ref

Get the list of domain controllers

return: void

set_ad_username($_ad_username) X-Ref

Set the username of an account with higher priviledges

param: string $_ad_username
return: void

get_ad_username() X-Ref

Get the username of the account with higher priviledges

This will throw an exception for security reasons

set_ad_password($_ad_password) X-Ref

Set the password of an account with higher priviledges

param: string $_ad_password
return: void

get_ad_password() X-Ref

Get the password of the account with higher priviledges

This will throw an exception for security reasons

set_real_primarygroup($_real_primarygroup) X-Ref

Set whether to detect the true primary group

param: bool $_real_primary_group
return: void

get_real_primarygroup() X-Ref

Get the real primary group setting

return: bool

set_use_ssl($_use_ssl) X-Ref

Set whether to use SSL

param: bool $_use_ssl
return: void

get_use_ssl() X-Ref

Get the SSL setting

return: bool

set_use_tls($_use_tls) X-Ref

Set whether to use TLS

param: bool $_use_tls
return: void

get_use_tls() X-Ref

Get the TLS setting

return: bool

set_recursive_groups($_recursive_groups) X-Ref

Set whether to lookup recursive groups

param: bool $_recursive_groups
return: void

get_recursive_groups() X-Ref

Get the recursive groups setting

return: bool

__construct($options=array() X-Ref

Default Constructor

Tries to bind to the AD domain over LDAP or LDAPs

param: array $options Array of options to pass to the constructor
return: bool

__destruct() X-Ref

Default Destructor

Closes the LDAP connection

return: void

connect() X-Ref

Connects and Binds to the Domain Controller

return: bool

close() X-Ref

Closes the LDAP connection

return: void

authenticate($username, $password, $prevent_rebind = false) X-Ref

Validate a user's login credentials

param: string $username A user's AD username
param: string $password A user's AD password
param: bool optional $prevent_rebind
return: bool

group_add_group($parent,$child) X-Ref

No description

group_add_user($group,$user,$isGUID=false) X-Ref

Add a user to a group

param: string $group The group to add the user to
param: string $user The user to add to the group
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

group_add_contact($group,$contact_dn) X-Ref

Add a contact to a group

param: string $group The group to add the contact to
param: string $contact_dn The DN of the contact to add
return: bool

group_create($attributes) X-Ref

Create a group

param: array $attributes Default attributes of the group
return: bool

group_del_group($parent,$child) X-Ref

Remove a group from a group

param: string $parent The parent group name
param: string $child The child group name
return: bool

group_del_user($group,$user,$isGUID=false) X-Ref

Remove a user from a group

param: string $group The group to remove a user from
param: string $user The AD user to remove from the group
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

group_del_contact($group,$contact_dn) X-Ref

Remove a contact from a group

param: string $group The group to remove a user from
param: string $contact_dn The DN of a contact to remove from the group
return: bool

groups_in_group($group, $recursive = NULL) X-Ref

Return a list of groups in a group

param: string $group The group to query
param: bool $recursive Recursively get groups
return: array

group_members($group, $recursive = NULL) X-Ref

Return a list of members in a group

param: string $group The group to query
param: bool $recursive Recursively get group members
return: array

group_info($group_name,$fields=NULL) X-Ref

Group Information. Returns an array of information about a group.
The group name is case sensitive

param: string $group_name The group name to retrieve info about
param: array $fields Fields to retrieve
return: array

recursive_groups($group) X-Ref

Return a complete list of "groups in groups"

param: string $group The group to get the list from
return: array

search_groups($samaccounttype = ADLDAP_SECURITY_GLOBAL_GROUP, $include_desc = false, $search = "*", $sorted = true) X-Ref

Returns a complete list of the groups in AD based on a SAM Account Type

param: string $samaccounttype The account type to return
param: bool $include_desc Whether to return a description
param: string $search Search parameters
param: bool $sorted Whether to sort the results
return: array

all_groups($include_desc = false, $search = "*", $sorted = true) X-Ref

Returns a complete list of all groups in AD

param: bool $include_desc Whether to return a description
param: string $search Search parameters
param: bool $sorted Whether to sort the results
return: array

all_security_groups($include_desc = false, $search = "*", $sorted = true) X-Ref

Returns a complete list of security groups in AD

param: bool $include_desc Whether to return a description
param: string $search Search parameters
param: bool $sorted Whether to sort the results
return: array

all_distribution_groups($include_desc = false, $search = "*", $sorted = true) X-Ref

Returns a complete list of distribution lists in AD

param: bool $include_desc Whether to return a description
param: string $search Search parameters
param: bool $sorted Whether to sort the results
return: array

user_create($attributes) X-Ref

No description

user_delete($username,$isGUID=false) X-Ref

Delete a user account

param: string $username The username to delete (please be careful here!)
param: bool $isGUID Is the username a GUID or a samAccountName
return: array

user_groups($username,$recursive=NULL,$isGUID=false) X-Ref

Groups the user is a member of

param: string $username The username to query
param: bool $recursive Recursive list of groups
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: array

user_info($username,$fields=NULL,$isGUID=false) X-Ref

Find information about the users

param: string $username The username to query
param: array $fields Array of parameters to query
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: array

user_ingroup($username,$group,$recursive=NULL,$isGUID=false) X-Ref

Determine if a user is in a specific group

param: string $username The username to query
param: string $group The name of the group to check against
param: bool $recursive Check groups recursively
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

domain_info($fields) X-Ref

Return info about the domain itself

param: array $fields The fields to query
return: array

user_password_expiry($username,$isGUID=false) X-Ref

Determine a user's password expiry date

param: string $username The username to query
param: book $isGUID Is the username passed a GUID or a samAccountName
return: array

user_modify($username,$attributes,$isGUID=false) X-Ref

Modify a user

param: string $username The username to query
param: array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

user_disable($username,$isGUID=false) X-Ref

Disable a user account

param: string $username The username to disable
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

user_enable($username,$isGUID=false) X-Ref

Enable a user account

param: string $username The username to enable
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

user_password($username,$password,$isGUID=false) X-Ref

Set the password of a user - This must be performed over SSL

param: string $username The username to modify
param: string $password The new password
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

all_users($include_desc = false, $search = "*", $sorted = true) X-Ref

Return a list of all users in AD

param: bool $include_desc Return a description of the user
param: string $search Search parameter
param: bool $sorted Sort the user accounts
return: array

username2guid($username) X-Ref

Converts a username (samAccountName) to a GUID

param: string $username The username to query
return: string

user_move($username, $container) X-Ref

Move a user account to a different OU

param: string $username The username to move (please be careful here!)
param: array $container The container or containers to move the user to (please be careful here!).
return: array

contact_create($attributes) X-Ref

No description

contact_groups($distinguishedname,$recursive=NULL) X-Ref

Determine the list of groups a contact is a member of

param: string $distinguisedname The full DN of a contact
param: bool $recursive Recursively check groups
return: array

contact_info($distinguishedname,$fields=NULL) X-Ref

Get contact information

param: string $distinguisedname The full DN of a contact
param: array $fields Attributes to be returned
return: array

contact_ingroup($distinguisedname,$group,$recursive=NULL) X-Ref

Determine if a contact is a member of a group

param: string $distinguisedname The full DN of a contact
param: string $group The group name to query
param: bool $recursive Recursively check groups
return: bool

contact_modify($distinguishedname,$attributes) X-Ref

Modify a contact

param: string $distinguishedname The contact to query
param: array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
return: bool

contact_delete($distinguishedname) X-Ref

Delete a contact

param: string $distinguishedname The contact dn to delete (please be careful here!)
return: array

all_contacts($include_desc = false, $search = "*", $sorted = true) X-Ref

Return a list of all contacts

param: bool $include_desc Include a description of a contact
param: string $search The search parameters
param: bool $sorted Whether to sort the results
return: array

folder_list($folder_name = NULL, $dn_type = ADLDAP_FOLDER, $recursive = NULL, $type = NULL) X-Ref

No description

computer_info($computer_name,$fields=NULL) X-Ref

No description

computer_ingroup($computer_name,$group,$recursive=NULL) X-Ref

Check if a computer is in a group

param: string $computer_name The name of the computer
param: string $group The group to check
param: bool $recursive Whether to check recursively
return: array

computer_groups($computer_name,$recursive=NULL) X-Ref

Get the groups a computer is in

param: string $computer_name The name of the computer
param: bool $recursive Whether to check recursively
return: array

ou_create($attributes) X-Ref

No description

exchange_create_mailbox($username, $storagegroup, $emailaddress, $mailnickname=NULL, $usedefaults=TRUE, $base_dn=NULL, $isGUID=false) X-Ref

No description

exchange_add_X400($username, $country, $admd, $pdmd, $org, $surname, $givenname, $isGUID=false) X-Ref

Add an X400 address to Exchange
See http://tools.ietf.org/html/rfc1685 for more information.
An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;

param: string $username The username of the user to add the X400 to to
param: string $country Country
param: string $admd Administration Management Domain
param: string $pdmd Private Management Domain (often your AD domain)
param: string $org Organization
param: string $surname Surname
param: string $givenName Given name
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

exchange_add_address($username, $emailaddress, $default=FALSE, $isGUID=false) X-Ref

Add an address to Exchange

param: string $username The username of the user to add the Exchange account to
param: string $emailaddress The email address to add to this user
param: bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

exchange_del_address($username, $emailaddress, $isGUID=false) X-Ref

Remove an address to Exchange
If you remove a default address the account will no longer have a default,
we recommend changing the default address first

param: string $username The username of the user to add the Exchange account to
param: string $emailaddress The email address to add to this user
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

exchange_primary_address($username, $emailaddress, $isGUID=false) X-Ref

Change the default address

param: string $username The username of the user to add the Exchange account to
param: string $emailaddress The email address to make default
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: bool

exchange_contact_mailenable($distinguishedname, $emailaddress, $mailnickname=NULL) X-Ref

Mail enable a contact
Allows email to be sent to them through Exchange

param: string $distinguishedname The contact to mail enable
param: string $emailaddress The email address to allow emails to be sent through
param: string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
return: bool

exchange_servers($attributes = array('cn','distinguishedname','serialnumber') X-Ref

Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain

param: array $attributes An array of the AD attributes you wish to return
return: array

exchange_storage_groups($exchangeServer, $attributes = array('cn','distinguishedname') X-Ref

Returns a list of Storage Groups in Exchange for a given mail server

param: string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
param: array $attributes An array of the AD attributes you wish to return
param: bool $recursive If enabled this will automatically query the databases within a storage group
return: array

exchange_storage_databases($storageGroup, $attributes = array('cn','distinguishedname','displayname') X-Ref

Returns a list of Databases within any given storage group in Exchange for a given mail server

param: string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
param: array $attributes An array of the AD attributes you wish to return
return: array

find_base_dn() X-Ref

No description

get_root_dse($attributes = array("*", "+") X-Ref

Get the RootDSE properties from a domain controller

param: array $attributes The attributes you wish to query e.g. defaultnamingcontext
return: array

get_last_error() X-Ref

No description

ldap_supported() X-Ref

Detect LDAP support in php

return: bool

adldap_schema($attributes) X-Ref

Schema

param: array $attributes Attributes to be queried
return: array

group_cn($gid) X-Ref

Coping with AD not returning the primary group
http://support.microsoft.com/?kbid=321360

For some reason it's not possible to search on primarygrouptoken=XXX
If someone can show otherwise, I'd like to know about it :)
this way is resource intensive and generally a pain in the @#%^

param: string $gid Group ID
return: string

get_primary_group($gid, $usersid) X-Ref

Coping with AD not returning the primary group
http://support.microsoft.com/?kbid=321360

This is a re-write based on code submitted by Bruce which prevents the
need to search each security group to find the true primary group

param: string $gid Group ID
param: string $usersid User's Object SID
return: string

getTextSID($binsid) X-Ref

Convert a binary SID to a text SID

param: string $binsid A Binary SID
return: string

little_endian($hex) X-Ref

Converts a little-endian hex number to one that hexdec() can convert

param: string $hex A hex code
return: string

binary2text($bin) X-Ref

Converts a binary attribute to a string

param: string $bin A binary LDAP attribute
return: string

decodeGuid($binaryGuid) X-Ref

Converts a binary GUID to a string GUID

param: string $binaryGuid The binary GUID attribute to convert
return: string

strguid2hex($strGUID) X-Ref

Converts a string GUID to a hexdecimal value so it can be queried

param: string $strGUID A string representation of a GUID
return: string

user_dn($username,$isGUID=false) X-Ref

Obtain the user's distinguished name based on their userid

param: string $username The username
param: bool $isGUID Is the username passed a GUID or a samAccountName
return: string

encode_password($password) X-Ref

Encode a password for transmission over LDAP

param: string $password The password to encode
return: string

ldap_slashes($str) X-Ref

Escape strings for the use in LDAP filters

DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
Ported from Perl's Net::LDAP::Util escape_filter_value

author: Port by Andreas Gohr <andi@splitbrain.org>
param: string $str The string the parse
return: string

random_controller() X-Ref

Select a random domain controller from your domain controller array

return: string

account_control($options) X-Ref

Account control options

param: array $options The options to convert to int
return: int

nice_names($groups) X-Ref

Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)

param: array $groups
return: array

dn_delete($dn) X-Ref

Delete a distinguished name from Active Directory
You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete

param: string $dn The distinguished name to delete
return: bool

bool2str($bool) X-Ref

Convert a boolean value to a string
You should never need to call this yourself

param: bool $bool Boolean value
return: string

encode8bit(&$item, $key) X-Ref

Convert 8bit characters e.g. accented characters to UTF8 encoded characters

Class: adLDAPException - X-Ref

adLDAP Exception Handler

Exceptions of this type are thrown on bind failure or when SSL is required but not configured
Example:
try {
$adldap = new adLDAP();
}
catch (adLDAPException $e) {
echo $e;
exit();
}

Author:	Scott Barnett, Richard Hyland
Copyright:	(c) 2006-2010 Scott Barnett, Richard Hyland
License:	http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
Link:	http://adldap.sourceforge.net/
Version:	3.3.2
File Size:	2442 lines (95 kb)
Included or required:	1 time
Referenced:	0 times
Includes or requires:	0 files

PHP Cross Reference of DokuWiki

/inc/ -> adLDAP.php (summary)

Defines 2 classes