"__public__", "cal_lastname" => "", "cal_firstname" => "", "cal_is_admin" => "N", "cal_email" => "", "cal_password" => "", "cal_fullname" => $PUBLIC_ACCESS_FULLNAME ); $ds = @ldap_connect ( $ldap_server, $ldap_port ); if ( $ds ) { if ( $ldap_admin_dn != "") { // bind as administrator $r = @ldap_bind ( $ds, $ldap_admin_dn, $ldap_admin_pwd ); } else { $r = @ldap_bind ( $ds ); // bind as anonymous } if (!$r) { $error = "Invalid Admin's login for LDAP Server"; } else { // search for user $sr = @ldap_search ( $ds, $ldap_base_dn, $ldap_user_filter, $ldap_user_attr ); if ( (float)substr(PHP_VERSION,0,3) >= 4.2 ) ldap_sort ( $ds, $sr, "cn"); $info = @ldap_get_entries( $ds, $sr ); for ( $i = 0; $i < $info["count"]; $i++ ) { $ret[$count++] = array ( "cal_login" => $info[$i]["uid"][0], "cal_lastname" => $info[$i]["sn"][0], "cal_firstname" => $info[$i]["givenname"][0], "cal_email" => $info[$i]["mail"][0], // Something to do here : is_admin is needed in one page (admin page) // as it generate a lot of search, we must do it another way "cal_is_admin" => user_is_admin($info[$i]["uid"][0],$Admins), "cal_fullname" => $info[$i]["cn"][0] ); } @ldap_free_result($sr); } @ldap_close ( $ds ); } else { $error = "Error connecting to LDAP server"; } return $ret; } // Test if a user is an admin, that is: if the user is a member of a special // group in the LDAP Server // params: // $values - the login name // returns Y if user is admin, N if not function user_is_admin($values,$Admins) { if ( ! $Admins ) { return "N"; } else if (in_array ($values, $Admins)) { return "Y"; } else { return "N"; } } // Searches $ldap_admin_group_name and returns an array of the group members. // Do this search only once per request. function get_admins() { global $error, $ldap_server, $ldap_port; global $ldap_admin_dn,$ldap_admin_pwd; global $ldap_admin_group_name,$ldap_admin_group_attr,$ldap_admin_group_type; global $cached_admins; if ( ! empty ( $cached_admins ) ) return $cached_admins; $cached_admins = array (); $ds = @ldap_connect ( $ldap_server, $ldap_port ); if ( !$ds ) { $error = "Error connecting to LDAP server"; } else { if ( $ds ) { if ( $ldap_admin_dn != "") { // bind as administrator $r = @ldap_bind ( $ds, $ldap_admin_dn, $ldap_admin_pwd ); } else { $r = @ldap_bind ( $ds ); // bind as anonymous } if (!$r) { $error = "Invalid Admin's login for LDAP Server"; } else { $search_filter = "($ldap_admin_group_attr=*)"; $sr = @ldap_search ( $ds, $ldap_admin_group_name, $search_filter ); $admins = ldap_get_entries( $ds, $sr ); for( $x = 0; $x <= $admins[0][$ldap_admin_group_attr]["count"]; $x ++ ) { if (strtolower($ldap_admin_group_type) != 'posixgroup') { $cached_admins[] = stripdn($admins[0][$ldap_admin_group_attr][$x]); } else { $cached_admins[] = $admins[0][$ldap_admin_group_attr][$x]; } } @ldap_free_result($sr); } @ldap_close ( $ds ); } } $cached_admins_found = true; return $cached_admins; } // Strip everything but the username (uid) from a dn. // params: // $dn - the dn you want to strip the uid from. // // ex: stripdn(uid=jeffh,ou=people,dc=example,dc=com) returns jeffh function stripdn($dn){ list ($uid,$trash) = split (",", $dn, 2); list ($trash,$user) = split ("=", $uid); return($user); } ?>