_baseDN = null; $this->_schemaDN = null; $this->server_id = $server_id; $this->name = isset( $servers[$server_id]['name'] ) ? $servers[$server_id]['name'] : ''; $this->auth_type = isset( $servers[$server_id]['auth_type'] ) ? $servers[$server_id]['auth_type'] : ''; if ($this->isValidServer($server_id)) { $this->host = isset( $servers[$server_id]['host'] ) ? $servers[$server_id]['host'] : ''; $this->port = isset( $servers[$server_id]['port'] ) ? $servers[$server_id]['port'] : ''; } else { if (! $ignore) pla_error ( $lang['bad_server_id']." ($server_id)",null,-1,true ); else return null; } $this->login_dn = isset( $servers[$server_id]['login_dn'] ) ? $servers[$server_id]['login_dn'] : false; $this->login_pass = isset( $servers[$server_id]['login_pass'] ) ? $servers[$server_id]['login_pass'] : false; } /** * Checks the specified server id for sanity. Ensures that the server is indeed in the configured * list and active. This is used by many many scripts to ensure that valid server ID values * are passed in POST and GET. * * @param int $server_id the server_id of the LDAP server as defined in config.php * @return bool */ function isValidServer( $server_id ) { global $servers; if( ! is_numeric( $server_id ) || ! isset( $servers[$server_id] ) || ! isset( $servers[$server_id]['host'] ) || trim($servers[$server_id]['host']) == '' ) return false; else return true; } /** * Check if there is sufficent information to Authenticate to the LDAP server. * * Given a server, returns whether or not we have enough information * to authenticate against the server. For example, if the user specifies * auth_type of 'cookie' in the config for that server, it checks the $_COOKIE array to * see if the cookie username and password is set for the server. If the auth_type * is 'session', the $_SESSION array is checked. * * There are three cases for this function depending on the auth_type configured for * the specified server. If the auth_type is session or cookie, then get_logged_in_dn() is * called to verify that the user has logged in. If the auth_type is config, then the * $servers array in config.php is checked to ensure that the user has specified * login information. In any case, if phpLDAPadmin has enough information to login * to the server, true is returned. Otherwise false is returned. * * @return bool * @see get_logged_in_dn */ function haveAuthInfo() { global $servers; // For session or cookie auth_types, we check the session or cookie to see if a user has logged in. if( in_array( $this->auth_type, array( 'session', 'cookie' ) ) ) { // we don't look at get_logged_in_pass() cause it may be null for anonymous binds // get_logged_in_dn() will never return null if someone is really logged in. if( get_logged_in_dn( $this ) ) return true; else return false; } // whether or not the login_dn or pass is specified, we return // true here. (if they are blank, we do an anonymous bind anyway) elseif( ! isset( $server['auth_type'] ) || $server['auth_type'] == 'config' ) { return true; } else { global $lang; pla_error( sprintf($lang['error_auth_type_config'],htmlspecialchars($server['auth_type'])) ); } return false; } /** * Connect to the LDAP server. * @param bool $anonymous Connect as the anonymous user. * @param bool $reconnect Use a cached connetion, or create a new one. * @returns resource|false Connection resource to LDAP server, or false if no connection made. * @todo Need to make changes so that multiple connects can be made. */ function connect($process_error=true,$anonymous=false,$reconnect=false,$connect_num=0) { debug_log(sprintf('%s::connect(): Starting with (%s,%s,%s,%s)',get_class($this),$process_error,$anonymous,$reconnect,$connect_num),8); if (isset($this->connections[$connect_num]['resource']) && ! $reconnect) { debug_log(sprintf('%s::connect(): Returning CACHED connection resource [%s](%s)',get_class($this),$this->connections[$connect_num]['resource' ],$connect_num),7); return $this->connections[$connect_num]['resource']; } else { debug_log(sprintf('%s::connect(): Creating new connection #[%s] for Server ID [%s]',get_class($this),$connect_num,$this->server_id),9); global $servers, $lang; if( $anonymous == true ) { debug_log(sprintf('%s::connect(): This IS an anonymous login',get_class($this)),9); $this->connections[$connect_num]['login_dn'] = null; $this->connections[$connect_num]['login_pass'] = null; } // grab the auth info based on the auth_type for this server elseif( $this->auth_type == 'config' ) { debug_log(sprintf('%s::connect(): This IS a "config" login',get_class($this)),9); $this->connections[$connect_num]['login_dn'] = $servers[$this->server_id]['login_dn']; $this->connections[$connect_num]['login_pass'] = $servers[$this->server_id]['login_pass']; $this->connections[$connect_num]['login_dn'] = expand_dn_with_base( $this, $this->connections[$connect_num]['login_dn'], false ); debug_log(sprintf('%s::connect(): Config settings, DN [%s], PASS [%s]',get_class($this), $this->connections[$connect_num]['login_dn'], $this->connections[$connect_num]['login_pass'] ? md5($this->connections[$connect_num]['login_pass']) : ''),9); } else { debug_log(sprintf('%s::connect(): This IS some other login',get_class($this)),9); $this->connections[$connect_num]['login_dn'] = get_logged_in_dn( $this ); $this->connections[$connect_num]['login_pass'] = get_logged_in_pass( $this ); debug_log(sprintf('%s::connect(): Config settings, DN [%s], PASS [%s]',get_class($this), $this->connections[$connect_num]['login_dn'], $this->connections[$connect_num]['login_pass'] ? md5($this->connections[$connect_num]['login_pass']) : ''),9); // Was this an anonyous bind (the cookie stores 0 if so)? if( 'anonymous' == $this->connections[$connect_num]['login_dn'] ) { $this->connections[$connect_num]['login_dn'] = null; $this->connections[$connect_num]['login_pass'] = null; $anonymous = true; } } if (! $anonymous && ! $this->connections[$connect_num]['login_dn'] && ! $this->connections[$connect_num]['login_pass']) { debug_log(sprintf('%s::connect(): We dont have enough auth info for server [%s]',get_class($this),$this->server_id),9); return false; } run_hook ( 'pre_connect', array ( 'server_id' => $this->server_id, 'connect_num' => $connect_num, 'anonymous' => $anonymous ) ); if( $this->port ) $resource = @ldap_connect( $this->host, $this->port ); else $resource = @ldap_connect( $this->host ); debug_log(sprintf('%s::connect(): LDAP Resource [%s], Host [%s], Port [%s]',get_class($this),$resource,$this->host,$this->port),9); // go with LDAP version 3 if possible (needed for renaming and Novell schema fetching) @ldap_set_option( $resource, LDAP_OPT_PROTOCOL_VERSION, 3 ); // Disabling this makes it possible to browse the tree for Active Directory, and seems // to not affect other LDAP servers (tested with OpenLDAP) as phpLDAPadmin explicitly // specifies deref behavior for each ldap_search operation. @ldap_set_option( $resource, LDAP_OPT_REFERRALS, 0); // try to fire up TLS is specified in the config if( $this->isTLSEnabled() ) { function_exists( 'ldap_start_tls' ) or pla_error( $lang['php_install_not_supports_tls'] ); @ldap_start_tls( $resource ) or pla_error( $lang['could_not_start_tls'], ldap_error($resource)); } $bind_result = @ldap_bind( $resource, $this->connections[$connect_num]['login_dn'], $this->connections[$connect_num]['login_pass'] ); debug_log(sprintf('%s::connect(): Resource [%s], Bind Result [%s]', get_class($this),$resource,$bind_result),9); if( ! $bind_result ) { debug_log(sprintf('%s::connect(): Leaving with FALSE, bind FAILed',get_class($this)),9); if ($process_error) { switch( ldap_errno($resource) ) { case 0x31: pla_error( $lang['bad_user_name_or_password'] ); break; case 0x32: pla_error( $lang['insufficient_access_rights'] ); break; case -1: pla_error( sprintf($lang['could_not_connect_to_host_on_port'],$this->host,$this->port) ); break; default: pla_error( $lang['could_not_bind'], ldap_err2str( $resource ), $resource ); } } else { return false; // ldap_errno( $resource ); } } if (is_resource($resource) && ($bind_result)) { debug_log(sprintf('%s::connect(): Bind successful',get_class($this)),9); $this->connections[$connect_num]['connected'] = true; $this->connections[$connect_num]['resource'] = $resource; /* } else { if ($process_error) { debug_log(sprintf('Server: [%s], Username: [%s], Password: [%s]', $this->server_id, $this->connections[$connect_num]['login_dn'], $this->connections[$connect_num]['login_pass']),9); if( is_numeric( $resource ) ) { switch( $resource ) { case -1: pla_error( $lang['bad_server_id'] ); break; case -2: pla_error( $lang['not_enough_login_info'] ); break; default: pla_error( $lang['ferror_error'] ); break; } // return true; Do we get here? } switch( $resource ) { case 0x31: pla_error( $lang['bad_user_name_or_password'] ); break; case 0x32: pla_error( $lang['insufficient_access_rights'] ); break; case 0x5b: pla_error( $lang['could_not_connect'] ); break; default: pla_error( $lang['could_not_bind'], ldap_err2str( $this->connections[$connect_num]['resource'] ), $this->connections[$connect_num]['resource'] ); } } debug_log(sprintf('%s::connect(): Leaving with FALSE',get_class($this)),9); return false; */ } } debug_log(sprintf('%s::connect(): Leaving with Connect #[%s], Resource [%s]',get_class($this),$connect_num,$this->connections[$connect_num]['resource']),9); return $this->connections[$connect_num]['resource']; } /** * Gets the root DN of the specified LDAPServer, or null if it * can't find it (ie, the server won't give it to us, or it isnt * specified in the configuration file). * * Tested with OpenLDAP 2.0, Netscape iPlanet, and Novell eDirectory 8.7 (nldap.com) * Please report any and all bugs!! * * Please note: On FC systems, it seems that php_ldap uses /etc/openldap/ldap.conf in * the search base if it is blank - so edit that file and comment out the BASE line. * * @return array dn|null The root DN of the server on success (string) or null on error. * @todo Sort the entries, so that they are in the correct DN order. */ function getBaseDN() { global $servers; debug_log(sprintf('%s::getBaseDN(): Looking for BaseDN',get_class($this)),8); // Return the cached entry if we've been here before. if (! is_null($this->_baseDN)) { debug_log(sprintf('%s::getBaseDN(): Return CACHED BaseDN [%s]',get_class($this),implode('|',$this->_baseDN)),7); return $this->_baseDN; } debug_log(sprintf('%s::getBaseDN(): Checking config for BaseDN',get_class($this)),9); // If the base is set in the configuration file, then just return that. // @todo Do we need to test if the config array is blank? if (isset($servers[$this->server_id]['base']) && $servers[$this->server_id]['base']) { $this->_baseDN = is_array($servers[$this->server_id]['base']) ? $servers[$this->server_id]['base'] : array($servers[$this->server_id]['base']); debug_log(sprintf('%s::getBaseDN(): Return BaseDN from Config [%s]',get_class($this),implode('|',$this->_baseDN)),4); return $this->_baseDN; // We need to figure it out. } else { debug_log(sprintf('%s::getBaseDN(): Connect to LDAP to find BaseDN',get_class($this)),9); // Are we connected // @todo This bit needs to be more robust. if ($this->connect()) { $r = @ldap_read( $this->connect(), "", 'objectClass=*', array( 'namingContexts' ) ); debug_log(sprintf('%s::getBaseDN(): Search Results [%s], Resource [%s], Msg [%s]',get_class($this),$r,$this->connect(),ldap_error($this->connect())),9); if( ! $r ) return array(''); $r = @ldap_get_entries( $this->connect(false), $r ); if( isset( $r[0]['namingcontexts'] ) ) { // If we have a count key, delete it - dont need it. if (isset($r[0]['namingcontexts']['count'])) unset($r[0]['namingcontexts']['count']); debug_log(sprintf('%s::getBaseDN(): LDAP Entries:%s',get_class($this),implode('|',$r[0]['namingcontexts'])),5); $this->_baseDN = $r[0]['namingcontexts']; // @todo Do we need this session? //$_SESSION[ "pla_root_dn_$this->server_id" ] = $this->_baseDN; return $this->_baseDN; } else { return array(''); } } else { return array(''); } } } /** * Returns true if the specified server is configured to be displayed * in read only mode. * * If a user has logged in via anonymous bind, and config.php specifies * anonymous_bind_implies_read_only as true, then * this also returns true. Servers can be configured read-only in * config.php thus: * * $server[$i]['read_only'] = true; * * * @return bool */ function isReadOnly() { global $servers; if( isset( $servers[$this->server_id]['read_only'] ) && $servers[$this->server_id]['read_only'] == true ) return true; global $anonymous_bind_implies_read_only; if( "anonymous" == get_logged_in_dn( $this ) && isset( $anonymous_bind_implies_read_only ) && $anonymous_bind_implies_read_only == true ) return true; return false; } /** * Returns true if the user has configured the specified server to enable mass deletion. * * Mass deletion is enabled in config.php this: * * $enable_mass_delete = true; * * Notice that mass deletes are not enabled on a per-server basis, but this * function checks that the sever is not in a read-only state as well. * * @return bool */ function isMassDeleteEnabled() { global $enable_mass_delete; if( $this->connect(false) && $this->haveAuthInfo() && ! $this->isReadOnly() && isset( $enable_mass_delete ) && true === $enable_mass_delete ) return true; else return false; } /** * Gets whether the admin has configured phpLDAPadmin to show the "Create New" link in the tree viewer. * * * $server[$i]['show_create'] = true|false; * * If $servers[$server_id]['show_create'] is NOT set, then default to show the Create New item. * If $servers[$server_id]['show_create'] IS set, then return the value (it should be true or false). * * @return bool True if the feature is enabled and false otherwise. */ function isShowCreateEnabled() { global $servers; if( isset( $servers[$this->server_id]['show_create'] )) return $servers[$this->server_id]['show_create']; else return true; } /** * Fetch whether the user has configured a certain server as "low bandwidth". * * Users may choose to configure a server as "low bandwidth" in config.php thus: * * $servers[$i]['low_bandwidth'] = true; * * @return bool */ function isLowBandwidth() { global $servers; if( isset( $servers[$this->server_id]['low_bandwidth'] ) && true == $servers[$this->server_id]['low_bandwidth'] ) return true; else return false; } /** * Should this LDAP server be shown in the tree? * * * $server[$i]['visible'] = true; * * @return bool True if the feature is enabled and false otherwise. */ function isVisible() { global $servers; $is_visible = ( ! isset( $servers[$this->server_id]['visible'] ) || ( $servers[$this->server_id]['visible'] === true ) ); if( $this->isValidServer($this->server_id) && $is_visible ) return true; else return false; } /** * This function will query the ldap server and request the subSchemaSubEntry which should be the Schema DN. * * If we cant connect to the LDAP server, we'll return false. * If we can connect but cant get the entry, then we'll return null. * * @return array|false Schema if available, null if its not or false if we cant connect. * @param bool $debug Switch to true to see some nice and copious output. :) */ function getSchemaDN($dn='', $debug = false) { // If we already got the SchemaDN, then return it. if ($this->_schemaDN) return $this->_schemaDN; if( $debug ) echo "
";

		if (! $this->connect())
			return false;

		$search = @ldap_read( $this->connect(), $dn, 'objectClass=*', array( 'subschemaSubentry' ) );
		if( $debug ) { printf("%s::getSchemaDN(): ldap_read: ",get_class($this)); var_dump( $search ); echo "\n"; }
		if( ! $search ) {
			if( $debug ) printf("%s::getSchemaDN(): returning null. (search result is blank)
",get_class($this)); return null; } if( @ldap_count_entries( $this->connect(), $search ) == 0 ) { if( $debug ) printf("%s::getSchemaDN(): returning null. (ldap_count_entries() == 0)
",get_class($this)); return null; } $entries = @ldap_get_entries( $this->connect(), $search ); if( $debug ) { echo "Entries (ldap_get_entries): "; var_dump( $entries ); echo "\n"; } if( ! $entries || ! is_array( $entries ) ) { if( $debug ) printf("%s::getSchemaDN(): returning null. (Bad entries, false or not array)
",get_class($this)); return null; } $entry = isset( $entries[0] ) ? $entries[0] : false; if( ! $entry ) { if( $debug ) printf("%s::getSchemaDN(): returning null. (entry is false)
",get_class($this)); return null; } $sub_schema_sub_entry = isset( $entry[0] ) ? $entry[0] : false; if( ! $sub_schema_sub_entry ) { if( $debug ) printf("%s::getSchemaDN(): returning null. (sub_schema_sub_entry val is false)
",get_class($this)); return null; } $this->_schemaDN = isset( $entry[ $sub_schema_sub_entry ][0] ) ? $entry[ $sub_schema_sub_entry ][0] : false; if( $debug ) printf("%s::getSchemaDN(): returning (%s)
",get_class($this),$this->_schemaDN); return $this->_schemaDN; } /** * Fetches the raw schema array for the subschemaSubentry of the server. Note, * this function has grown many hairs to accomodate more LDAP servers. It is * needfully complicated as it now supports many popular LDAP servers that * don't necessarily expose their schema "the right way". * * Please note: On FC systems, it seems that php_ldap uses /etc/openldap/ldap.conf in * the search base if it is blank - so edit that file and comment out the BASE line. * * @param string $schema_to_fetch - A string indicating which type of schema to * fetch. Five valid values: 'objectclasses', 'attributetypes', * 'ldapsyntaxes', 'matchingruleuse', or 'matchingrules'. * Case insensitive. * @param dn $dn (optional) This paremeter is the DN of the entry whose schema you * would like to fetch. Entries have the option of specifying * their own subschemaSubentry that points to the DN of the system * schema entry which applies to this attribute. If unspecified, * this will try to retrieve the schema from the RootDSE subschemaSubentry. * Failing that, we use some commonly known schema DNs. Default * value is the Root DSE DN (zero-length string) * @return array an array of strings of this form: * Array ( * [0] => "( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' DESC 'Pool ... * [1] => "( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' DESC 'Sa ... * etc. */ function getRawSchema($schema_to_fetch, $dn='') { global $lang; // Swith to true to enable verbose output of schema fetching progress $debug = false; if (! $this->connect()) return false; // error checking $schema_to_fetch = strtolower( $schema_to_fetch ); $valid_schema_to_fetch = array( 'objectclasses', 'attributetypes', 'ldapsyntaxes', 'matchingrules', 'matchingruleuse' ); if( ! in_array( $schema_to_fetch, $valid_schema_to_fetch ) ) // This error message is not localized as only developers should ever see it pla_error( "Bad parameter provided to function to ". get_class($this) ."::getRawSchema(). '" . htmlspecialchars( $schema_to_fetch ) . "' is not valid for the schema_to_fetch parameter." ); // Try to get the schema DN from the specified entry. $schema_dn = $this->getSchemaDN($dn,$debug); // Do we need to try again with the Root DSE? if( ! $schema_dn ) $schema_dn = $this->getSchemaDN('', $debug); // Store the eventual schema retrieval in $schema_search $schema_search = null; if( $schema_dn ) { if( $debug ) { printf("%s::getRawSchema(): Found the Schema DN:
",get_class($this)); var_dump( $schema_dn ); echo "\n"; } $schema_search = @ldap_read( $this->connect(), $schema_dn, '(objectClass=*)', array( $schema_to_fetch ), 0, 0, 0, LDAP_DEREF_ALWAYS ); // Were we not able to fetch the schema from the $schema_dn? $schema_entries = @ldap_get_entries( $this->connect(), $schema_search ); if( $schema_search === false || 0 == @ldap_count_entries( $this->connect(), $schema_search ) || ! isset( $schema_entries[0][$schema_to_fetch] ) ) { // Try again with a different filter (some servers require (objectClass=subschema) like M-Vault) if( $debug ) printf("%s::getRawSchema(): Did not find the schema with (objectClass=*). Attempting with (objetClass=subschema):
",get_class($this)); $schema_search = @ldap_read( $this->connect(), $schema_dn, '(objectClass=subschema)', array( $schema_to_fetch ), 0, 0, 0, LDAP_DEREF_ALWAYS ); $schema_entries = @ldap_get_entries( $this->connect(), $schema_search ); // Still didn't get it? if( $schema_search === false || 0 == @ldap_count_entries( $this->connect(), $schema_search ) || ! isset( $schema_entries[0][$schema_to_fetch] ) ) { if( $debug ) printf("%s::getRawSchema(): Did not find the schema with DN: %s (with objectClass=* nor objectClass=subschema)
",get_class($this),$schema_dn); unset( $schema_entries ); $schema_search = null; } else { if( $debug ) printf("%s::getRawSchema(): Found the schema at DN: %s (objectClass=subschema)
",get_class($this),$schema_dn); } } else { if( $debug ) printf("%s::getRawSchema(): Found the schema at DN: %s (objectClass=*)
",get_class($this),$schema_dn); } } // Second chance: If the DN or Root DSE didn't give us the subschemaSubentry, ie $schema_search // is still null, use some common subSchemaSubentry DNs as a work-around. if ($schema_search == null) { if( $debug ) printf("%s::getRawSchema(): Attempting work-arounds for 'broken' LDAP servers...
",get_class($this)); // OpenLDAP and Novell // @todo Fix expand_dn_with_base - no longer works since getBaseDN is now an arrya. $ldap['OpenLDAP']['cn=subschema'] = '(objectClass=*)'; // $ldap['W2K3 AD'][expand_dn_with_base($this,'cn=Aggregate,cn=Schema,cn=configuration,',true)] = '(objectClass=*)'; // $ldap['W2K AD'][expand_dn_with_base($this,'cn=Schema,cn=configuration,',true)] = '(objectClass=*)'; // $ldap['W2K AD'][expand_dn_with_base($this,'cn=Schema,ou=Admin,',true)] = '(objectClass=*)'; foreach ($ldap as $ldap_server_name => $ldap_options) { foreach ($ldap_options as $ldap_dn => $ldap_filter) { if( $debug ) printf("%s::getRawSchema(): Attempting [%s] (%s) (%s)
",get_class($this),$ldap_server_name,$ldap_dn,$ldap_filter); $schema_search = @ldap_read($this->connect(), $ldap_dn, $ldap_filter, array( $schema_to_fetch ), 0, 0, 0, LDAP_DEREF_ALWAYS ); } if ($schema_search) break; } // Still cant find the schema, try with the RootDSE // Attempt to pull schema from Root DSE with scope "base", or // Attempt to pull schema from Root DSE with scope "one" (work-around for Isode M-Vault X.500/LDAP) } if ($schema_search == null) { foreach (array('base','one') as $ldap_scope) { if( $debug ) printf("%s::getRawSchema(): Attempting [%s] (%s) (%s) - %s
",get_class($this),'RootDSE','','(objectClass=*)',$ldap_scope); if ($ldap_scope == 'base') $schema_search = @ldap_read($this->connect(), '', '(objectClass=*)', array( $schema_to_fetch ), 0, 0, 0, LDAP_DEREF_ALWAYS ); else $schema_search = @ldap_list($this->connect(), '', '(objectClass=*)', array( $schema_to_fetch ), 0, 0, 0, LDAP_DEREF_ALWAYS ); $schema_entries = @ldap_get_entries( $this->connect(), $schema_search ); if( ! isset( $schema_entries[0][$schema_to_fetch] ) ) $schema_search = null; else break; } } // Shall we just give up? if( $schema_search == null ) { if( $debug ) printf("%s::getRawSchema(): Returning false since schema_search came back null",get_class($this)); set_schema_cache_unavailable( $this->server_id, $schema_to_fetch ); return false; } // Did we get something unrecognizable? if( 'resource' != gettype( $schema_search ) ) { if( $debug ) printf("%s::getRawSchema(): Returning false since schema_search is not of type 'resource', here is a dump:",get_class($this)); if( $debug ) var_dump( $schema_search ); if( $debug ) echo "
"; set_schema_cache_unavailable( $this->server_id, $schema_to_fetch ); return false; } $schema = @ldap_get_entries( $this->connect(), $schema_search ); if( $schema == false ) { if( $debug ) printf("%s::getRawSchema(): Returning false since ldap_get_entries() returned false.",get_class($this)); set_schema_cache_unavailable( $this->server_id, $schema_to_fetch ); return false; } if( ! isset( $schema[0][$schema_to_fetch] ) ) { if( $debug ) printf("%s::getRawSchema(): Returning false since '%s' isn't in the schema array. Showing schema array:\n",get_class($this),$schema_to_fetch); if( $debug ) var_dump( $schema ); if( $debug ) echo ""; set_schema_cache_unavailable( $this->server_id,$schema_to_fetch ); return false; } // Make a nice array of this form: // Array ( // [0] => "( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' DESC 'Pool ... // [1] => "( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' DESC 'Sa ... // etc. $schema = $schema[0][$schema_to_fetch]; unset( $schema['count'] ); if( $debug ) var_dump( $schema ); if( $debug ) echo ""; return $schema; } /** * Fetches whether the login_attr feature is enabled for a specified server. * * This is configured in config.php thus: * * $servers[$server_id]['login_attr'] = 'uid'; * * By virtue of the fact that the login_attr is not blank and not 'dn', the * feature is configured to be enabled. * * @return bool */ function isLoginAttrEnabled() { global $servers; if( isset( $servers[$this->server_id]['login_attr'] ) && 0 != strcasecmp( $servers[$this->server_id]['login_attr'], "dn" ) && trim( $servers[$this->server_id]['login_attr'] != "" ) ) return true; else return false; } /** * Fetches whether the login_attr feature is enabled for a specified server. * * This is configured in config.php thus: * * $servers[$server_id]['login_attr'] = 'uid'; * * * @return bool */ function isLoginStringEnabled() { global $servers; if( isset( $servers[$this->server_id]['login_attr'] ) && 0 == strcasecmp( $servers[$this->server_id]['login_attr'], "string" ) ) return true; else return false; } /** * Fetches the login_attr string if enabled for a specified server. * * This is configured in config.php thus: * * $servers[$server_id]['login_attr'] = 'uid'; * * * @return string|false */ function getLoginString( $server_id ) { global $servers; if( isset( $servers[$this->server_id]['login_string'] ) ) return $servers[$this->server_id]['login_string']; else return false; } /** * Fetch whether the user has configured a certain server login to be non anonymous * * * $servers[$i]['disable_anon_bind'] = true; * * @return bool */ function isAnonBindAllowed() { global $servers; // If only_login_allowed_dns is set, then we cant have anonymous. if ( isset( $servers[$this->server_id]['only_login_allowed_dns'] ) && is_array( $servers[$this->server_id]['only_login_allowed_dns'] ) && count($servers[$this->server_id]['only_login_allowed_dns'] ) > 0 ) return false; else return ( ! isset( $servers[$this->server_id]['disable_anon_bind'] ) || false == $servers[$this->server_id]['disable_anon_bind'] ) ? true : false; } /** * Fetches whether TLS has been configured for use with a certain server. * * Users may configure phpLDAPadmin to use TLS in config,php thus: * * $servers[$i]['tls'] = true; * * @param int $server_id The ID of the server of interest from config.php. * @return bool */ function isTLSEnabled() { global $servers; if( isset( $servers[$this->server_id]['tls'] ) && true == $servers[$this->server_id]['tls'] ) return true; else return false; } } ?>