diff --git a/src/mibew/configs/default_config.yml b/src/mibew/configs/default_config.yml
index 9e3e1ee5..b7123ee0 100644
--- a/src/mibew/configs/default_config.yml
+++ b/src/mibew/configs/default_config.yml
@@ -1,6 +1,21 @@
# IMPORTANT: Before install mibew copy this file to config.yml and fill it with
# your own settings!
+# Active Directory LDAP parameters
+adldap:
+ ### required
+ domain: "some.domain.com"
+ search_username: "username"
+ search_password: "password"
+ operator_group: "domain users"
+ admin_group: "domain admins"
+ ### optional
+# account_suffix: "@some.domain.com"
+# base_dn: "DC=some,DC=domain,DC=com"
+# domain_controllers: ["dc1.some.domain.com", "dc2.some.domain.com"]
+# port: 389
+# useSSL: false # strongly recommended use one of SSL or TLS
+# useTLS: false # cannot be true simultaneously with SSL
# MySQL Database parameters
database:
diff --git a/src/mibew/js/source/chat/model_views/messages/message_form.js b/src/mibew/js/source/chat/model_views/messages/message_form.js
index 69a8d134..043693ce 100644
--- a/src/mibew/js/source/chat/model_views/messages/message_form.js
+++ b/src/mibew/js/source/chat/model_views/messages/message_form.js
@@ -84,6 +84,9 @@
* Get, check and post message
*/
postMessage: function() {
+ if (this.isDisabledInput()){
+ return;
+ }
var msg = this.ui.message.val();
// TODO: Think about it
// Cut multiple line breaks
@@ -129,6 +132,13 @@
},
/**
+ * Check is disabled message input area
+ */
+ isDisabledInput: function() {
+ return this.ui.message.attr('disabled') == 'disabled';
+ },
+
+ /**svn
* Clear message input area
*/
clearInput: function() {
diff --git a/src/mibew/js/source/chat/models/auto_close/listener.js b/src/mibew/js/source/chat/models/auto_close/listener.js
new file mode 100644
index 00000000..aba2bcb8
--- /dev/null
+++ b/src/mibew/js/source/chat/models/auto_close/listener.js
@@ -0,0 +1,56 @@
+/*!
+ * This file is a part of Mibew Messenger.
+ *
+ * Copyright 2005-2015 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+(function (Mibew, _) {
+
+ Mibew.Models.AutoChatCloser = Backbone.Model.extend({
+ defaults: {
+ timeout: 60 * 10,
+ last_activity_time: new Date().getTime() / 1000,
+ activity_timer: null
+ },
+
+ initialize: function () {
+ this.updateLastActivityTime();
+ Mibew.Objects.Collections.messages.on('multiple:add', this.updateLastActivityTime, this);
+ },
+
+ updateLastActivityTime: function () {
+ this.set({last_activity_time: new Date().getTime() / 1000});
+ var timer = this.get('activity_timer');
+ if (timer != null) {
+ clearTimeout(timer);
+ }
+ this.setIdleTimer(this.get('timeout'));
+ },
+
+ close_chat_window: function () {
+ var idleSeconds = (new Date().getTime() / 1000) - this.get('last_activity_time');
+ if (idleSeconds >= this.get('timeout')) {
+ Mibew.Utils.closeChatPopup()
+ } else {
+ this.setIdleTimer(this.get('timeout') - idleSeconds);
+ }
+ },
+
+ setIdleTimer: function (timeoutInSec) {
+ var timer = setTimeout(_.bind(this.close_chat_window, this), timeoutInSec * 1000);
+ this.set({activity_timer: timer});
+ }
+ });
+})(Mibew, _);
\ No newline at end of file
diff --git a/src/mibew/js/source/chat/models/avatar.js b/src/mibew/js/source/chat/models/avatar.js
index 3194e7c4..eda30737 100644
--- a/src/mibew/js/source/chat/models/avatar.js
+++ b/src/mibew/js/source/chat/models/avatar.js
@@ -33,7 +33,12 @@
* An URL of the avatar image or false by default.
* @type String|Boolean
*/
- imageLink: false
+ imageLink: false,
+ /**
+ * An operator name
+ * @type String|Boolean
+ */
+ operatorName: false
},
/**
@@ -79,7 +84,10 @@
* @param args {Object} An object of passed arguments
*/
apiSetupAvatar: function(args) {
- this.set({imageLink: (args.imageLink || false)});
+ this.set({
+ imageLink: (args.imageLink || false),
+ operatorName: (args.operatorName || false)
+ });
},
/**
@@ -89,7 +97,7 @@
setFromThread: function(thread) {
if (!thread.get('agentId')) {
// There is no operator. Hide the avatar.
- this.set({imageLink: false});
+ this.set({imageLink: false, operatorName: false});
return;
}
@@ -101,7 +109,8 @@
'arguments': {
'references': {},
'return': {
- 'imageLink': 'imageLink'
+ 'imageLink': 'imageLink',
+ 'operatorName': 'operatorName'
},
'threadId': thread.get('id'),
'token': thread.get('token')
diff --git a/src/mibew/js/source/chat/modules/chat.js b/src/mibew/js/source/chat/modules/chat.js
index 6640da0f..9970a143 100644
--- a/src/mibew/js/source/chat/modules/chat.js
+++ b/src/mibew/js/source/chat/modules/chat.js
@@ -159,7 +159,8 @@
// Initialize avatar only for user
if (! models.user.get('isAgent')) {
models.avatar = new Mibew.Models.Avatar({
- imageLink: (options.avatar || false)
+ imageLink: (options.avatar || false),
+ operatorName: (options.operatorName || false)
});
layout.avatarRegion.show(new Mibew.Views.Avatar({
model: models.avatar
@@ -188,6 +189,10 @@
models.soundManager = new Mibew.Models.ChatSoundManager();
+ if (!models.user.get('isAgent')){
+ models.autoCloser = new Mibew.Models.AutoChatCloser();
+ }
+
// If the chat is ran inside an iframe we need to tell the parent page
// that the chat is started. This is needed to reopen chat when the user
// navigates to another page.
diff --git a/src/mibew/js/source/chat_popup.js b/src/mibew/js/source/chat_popup.js
index 8bdad90f..d439fcce 100644
--- a/src/mibew/js/source/chat_popup.js
+++ b/src/mibew/js/source/chat_popup.js
@@ -278,7 +278,7 @@ var Mibew = Mibew || {};
return this.url
+ ((this.url.indexOf('?') === -1) ? '?' : '&') + 'url=' + encodeURIComponent(href)
- + '&referrer=' + encodeURIComponent(referrer);
+ + '&referrer=' + encodeURIComponent(referrer) + "&_t=" + new Date().getTime();
}
/**
@@ -308,7 +308,7 @@ var Mibew = Mibew || {};
// are loading.
this.attachDefaultStyles();
// Load extra style sheets.
- Mibew.Utils.loadScript(this.styleLoader);
+ Mibew.Utils.loadScript(this.styleLoader + "?_t=" + new Date().getTime());
// Check if the popup should be reopened.
var openedChatUrl = Mibew.Utils.readCookie('mibew-chat-frame-' + this.id);
diff --git a/src/mibew/js/source/default/handlebars_helpers.js b/src/mibew/js/source/default/handlebars_helpers.js
index 063f0f26..1cae527e 100644
--- a/src/mibew/js/source/default/handlebars_helpers.js
+++ b/src/mibew/js/source/default/handlebars_helpers.js
@@ -17,6 +17,26 @@
*/
(function(Mibew, Handlebars){
+ /**
+ * Registers "ifAgentSide" helper.
+ *
+ * This helper checks if this chat window opened by agent
+ *
+ * {{#ifAgentSide}}
+ * Render some specific agent element
+ * {{else}}
+ * Render some specific client element
+ * {{/ifEqual}}
+ *
+ */
+ Handlebars.registerHelper('ifAgentSide', function(options) {
+ if (Mibew.Objects.Models.user.get('isAgent')) {
+ return options.fn(this);
+ } else {
+ return options.inverse(this);
+ }
+ });
+
/**
* Register 'formatTime' Handlebars helper.
*
diff --git a/src/mibew/libs/adldap/adLDAP.php b/src/mibew/libs/adldap/adLDAP.php
new file mode 100644
index 00000000..8e039afc
--- /dev/null
+++ b/src/mibew/libs/adldap/adLDAP.php
@@ -0,0 +1,993 @@
+ldapConnection) {
+ return $this->ldapConnection;
+ }
+ return false;
+ }
+
+ /**
+ * Get the bind status
+ *
+ * @return bool
+ */
+ public function getLdapBind() {
+ return $this->ldapBind;
+ }
+
+ /**
+ * Get the current base DN
+ *
+ * @return string
+ */
+ public function getBaseDn() {
+ return $this->baseDn;
+ }
+
+ /**
+ * Set the current base DN
+ *
+ * @param string $baseDn
+ */
+ public function setBaseDn($baseDn) {
+ $this->baseDn = $baseDn;
+ }
+
+ /**
+ * The group class
+ *
+ * @var \adLDAP\classes\adLDAPGroups
+ */
+ protected $groupClass;
+
+ /**
+ * Get the group class interface
+ *
+ * @return \adLDAP\classes\adLDAPGroups
+ */
+ public function group() {
+ if (!$this->groupClass) {
+ $this->groupClass = new \adLDAP\classes\adLDAPGroups($this);
+ }
+ return $this->groupClass;
+ }
+
+ /**
+ * The user class
+ *
+ * @var \adLDAP\classes\adLDAPUsers
+ */
+ protected $userClass;
+
+ /**
+ * Get the userclass interface
+ *
+ * @return \adLDAP\classes\adLDAPUsers
+ */
+ public function user() {
+ if (!$this->userClass) {
+ $this->userClass = new \adLDAP\classes\adLDAPUsers($this);
+ }
+ return $this->userClass;
+ }
+
+ /**
+ * The folders class
+ *
+ * @var \adLDAP\classes\adLDAPFolders
+ */
+ protected $folderClass;
+
+ /**
+ * Get the folder class interface
+ *
+ * @return \adLDAP\classes\adLDAPFolders
+ */
+ public function folder() {
+ if (!$this->folderClass) {
+ $this->folderClass = new \adLDAP\classes\adLDAPFolders($this);
+ }
+ return $this->folderClass;
+ }
+
+ /**
+ * The utils class
+ *
+ * @var \adLDAP\classes\adLDAPUtils
+ */
+ protected $utilClass;
+
+ /**
+ * Get the utils class interface
+ *
+ * @return \adLDAP\classes\adLDAPUtils
+ */
+ public function utilities() {
+ if (!$this->utilClass) {
+ $this->utilClass = new \adLDAP\classes\adLDAPUtils($this);
+ }
+ return $this->utilClass;
+ }
+
+ /**
+ * The contacts class
+ *
+ * @var \adLDAP\classes\adLDAPContacts
+ */
+ protected $contactClass;
+
+ /**
+ * Get the contacts class interface
+ *
+ * @return \adLDAP\classes\adLDAPContacts
+ */
+ public function contact() {
+ if (!$this->contactClass) {
+ $this->contactClass = new \adLDAP\classes\adLDAPContacts($this);
+ }
+ return $this->contactClass;
+ }
+
+ /**
+ * The exchange class
+ *
+ * @var \adLDAP\classes\adLDAPExchange
+ */
+ protected $exchangeClass;
+
+ /**
+ * Get the exchange class interface
+ *
+ * @return \adLDAP\classes\adLDAPExchange
+ */
+ public function exchange() {
+ if (!$this->exchangeClass) {
+ $this->exchangeClass = new \adLDAP\classes\adLDAPExchange($this);
+ }
+ return $this->exchangeClass;
+ }
+
+ /**
+ * The computers class
+ *
+ * @var \adLDAP\classes\adLDAPComputers
+ */
+ protected $computersClass;
+
+ /**
+ * Get the computers class interface
+ *
+ * @return \adLDAP\classes\adLDAPComputers
+ */
+ public function computer() {
+ if (!$this->computerClass) {
+ $this->computerClass = new \adLDAP\classes\adLDAPComputers($this);
+ }
+ return $this->computerClass;
+ }
+
+ /**
+ * Getters and Setters
+ */
+
+ /**
+ * Set the account suffix
+ *
+ * @param string $accountSuffix
+ * @return void
+ */
+ public function setAccountSuffix($accountSuffix) {
+ $this->accountSuffix = $accountSuffix;
+ }
+
+ /**
+ * Get the account suffix
+ *
+ * @return string
+ */
+ public function getAccountSuffix() {
+ return $this->accountSuffix;
+ }
+
+ /**
+ * Set the domain controllers array
+ *
+ * @param array $domainControllers
+ * @return void
+ */
+ public function setDomainControllers(array $domainControllers) {
+ $this->domainControllers = $domainControllers;
+ }
+
+ /**
+ * Get the list of domain controllers
+ *
+ * @return void
+ */
+ public function getDomainControllers() {
+ return $this->domainControllers;
+ }
+
+ /**
+ * Sets the port number your domain controller communicates over
+ *
+ * @param int $adPort
+ */
+ public function setPort($adPort) {
+ $this->adPort = $adPort;
+ }
+
+ /**
+ * Gets the port number your domain controller communicates over
+ *
+ * @return int
+ */
+ public function getPort() {
+ return $this->adPort;
+ }
+
+ /**
+ * Set the username of an account with higher priviledges
+ *
+ * @param string $adminUsername
+ * @return void
+ */
+ public function setAdminUsername($adminUsername) {
+ $this->adminUsername = $adminUsername;
+ }
+
+ /**
+ * Get the username of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminUsername() {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set the password of an account with higher priviledges
+ *
+ * @param string $adminPassword
+ * @return void
+ */
+ public function setAdminPassword($adminPassword) {
+ $this->adminPassword = $adminPassword;
+ }
+
+ /**
+ * Get the password of the account with higher priviledges
+ *
+ * This will throw an exception for security reasons
+ */
+ public function getAdminPassword() {
+ throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+ }
+
+ /**
+ * Set whether to detect the true primary group
+ *
+ * @param bool $realPrimaryGroup
+ * @return void
+ */
+ public function setRealPrimaryGroup($realPrimaryGroup) {
+ $this->realPrimaryGroup = $realPrimaryGroup;
+ }
+
+ /**
+ * Get the real primary group setting
+ *
+ * @return bool
+ */
+ public function getRealPrimaryGroup() {
+ return $this->realPrimaryGroup;
+ }
+
+ /**
+ * Set whether to use SSL
+ *
+ * @param bool $useSSL
+ * @return void
+ */
+ public function setUseSSL($useSSL) {
+ $this->useSSL = $useSSL;
+ // Set the default port correctly
+ if($this->useSSL) {
+ $this->setPort(self::ADLDAP_LDAPS_PORT);
+ }
+ else {
+ $this->setPort(self::ADLDAP_LDAP_PORT);
+ }
+ }
+
+ /**
+ * Get the SSL setting
+ *
+ * @return bool
+ */
+ public function getUseSSL() {
+ return $this->useSSL;
+ }
+
+ /**
+ * Set whether to use TLS
+ *
+ * @param bool $useTLS
+ * @return void
+ */
+ public function setUseTLS($useTLS) {
+ $this->useTLS = $useTLS;
+ }
+
+ /**
+ * Get the TLS setting
+ *
+ * @return bool
+ */
+ public function getUseTLS() {
+ return $this->useTLS;
+ }
+
+ /**
+ * Set whether to use SSO
+ * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
+ *
+ * @param bool $useSSO
+ * @return void
+ */
+ public function setUseSSO($useSSO) {
+ if ($useSSO === true && !$this->ldapSaslSupported()) {
+ throw new adLDAPException('No LDAP SASL support for PHP. See: http://www.php.net/ldap_sasl_bind');
+ }
+ $this->useSSO = $useSSO;
+ }
+
+ /**
+ * Get the SSO setting
+ *
+ * @return bool
+ */
+ public function getUseSSO() {
+ return $this->useSSO;
+ }
+
+ /**
+ * Set whether to lookup recursive groups
+ *
+ * @param bool $recursiveGroups
+ * @return void
+ */
+ public function setRecursiveGroups($recursiveGroups) {
+ $this->recursiveGroups = $recursiveGroups;
+ }
+
+ /**
+ * Get the recursive groups setting
+ *
+ * @return bool
+ */
+ public function getRecursiveGroups() {
+ return $this->recursiveGroups;
+ }
+
+ /**
+ * Default Constructor
+ *
+ * Tries to bind to the AD domain over LDAP or LDAPs
+ *
+ * @param array $options Array of options to pass to the constructor
+ * @throws \Exception - if unable to bind to Domain Controller
+ * @return bool
+ */
+ function __construct($options = array()) {
+ // You can specifically overide any of the default configuration options setup above
+ if (count($options)>0) {
+ if (array_key_exists("account_suffix",$options)) { $this->accountSuffix = $options["account_suffix"]; }
+ if (array_key_exists("base_dn",$options)) { $this->baseDn = $options["base_dn"]; }
+ if (array_key_exists("domain_controllers",$options)) {
+ if (!is_array($options["domain_controllers"])) {
+ throw new adLDAPException('[domain_controllers] option must be an array');
+ }
+ $this->domainControllers = $options["domain_controllers"];
+ }
+ if (array_key_exists("admin_username",$options)) { $this->adminUsername = $options["admin_username"]; }
+ if (array_key_exists("admin_password",$options)) { $this->adminPassword = $options["admin_password"]; }
+ if (array_key_exists("real_primarygroup",$options)) { $this->realPrimaryGroup = $options["real_primarygroup"]; }
+ if (array_key_exists("use_ssl",$options)) { $this->setUseSSL($options["use_ssl"]); }
+ if (array_key_exists("use_tls",$options)) { $this->useTLS = $options["use_tls"]; }
+ if (array_key_exists("recursive_groups",$options)) { $this->recursiveGroups = $options["recursive_groups"]; }
+ if (array_key_exists("ad_port",$options)) { $this->setPort($options["ad_port"]); }
+ if (array_key_exists("sso",$options)) {
+ $this->setUseSSO($options["sso"]);
+ if (!$this->ldapSaslSupported()) {
+ $this->setUseSSO(false);
+ }
+ }
+ }
+
+ if ($this->ldapSupported() === false) {
+ throw new adLDAPException('No LDAP support for PHP. See: http://www.php.net/ldap');
+ }
+
+ return $this->connect();
+ }
+
+ /**
+ * Default Destructor
+ *
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ function __destruct() {
+ $this->close();
+ }
+
+ /**
+ * Connects and Binds to the Domain Controller
+ *
+ * @return bool
+ */
+ public function connect() {
+ // Connect to the AD/LDAP server as the username/password
+ $domainController = $this->randomController();
+ if ($this->useSSL) {
+ $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
+ } else {
+ $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+ }
+
+ // Set some ldap options for talking to AD
+ ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+ ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+
+ if ($this->useTLS) {
+ ldap_start_tls($this->ldapConnection);
+ }
+
+ // Bind as a domain admin if they've set it up
+ if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
+ if (!$this->ldapBind) {
+ if ($this->useSSL && !$this->useTLS) {
+ // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+ throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
+ }
+ else {
+ throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
+ }
+ }
+ }
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+ if ($this->baseDn == NULL) {
+ $this->baseDn = $this->findBaseDn();
+ }
+ return true;
+ }
+
+ /**
+ * Closes the LDAP connection
+ *
+ * @return void
+ */
+ public function close() {
+ if ($this->ldapConnection) {
+ @ldap_close($this->ldapConnection);
+ }
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $preventRebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ // Prevent null binding
+ if ($username === NULL || $password === NULL) { return false; }
+ if (empty($username) || empty($password)) { return false; }
+
+ // Allow binding over SSO for Kerberos
+ if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) {
+ putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+ $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+ if (!$this->ldapBind) {
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ else {
+ return true;
+ }
+ }
+
+ // Bind as the user
+ $ret = true;
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
+ if (!$this->ldapBind) {
+ $ret = false;
+ }
+
+ // Cnce we've checked their details, kick back into admin mode if we have it
+ if ($this->adminUsername !== NULL && !$preventRebind) {
+ $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
+ if (!$this->ldapBind) {
+ // This should never happen in theory
+ throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+ }
+ }
+ return $ret;
+ }
+
+ /**
+ * Return a list of all found objects (except computer) in AD
+ * $search has to match either cn, displayname, samaccountname or sn
+ *
+ * @param bool $includeDescription Return a description,cn, displayname and distinguishedname of the user
+ * @param string $search Search parameter
+ * @param bool $sorted Sort the user accounts
+ * @return array, if $includeDescription=true then a multi-dimensional array
+ */
+ public function search($includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ //$filter = "(|(cn=" . $search . ")(displayname=" . $search . ")(samaccountname=" . $search . "))";
+ $filter = "(&(!(objectClass=computer))(|(anr=" . $search . ")))";
+ $fields = array("cn","description","displayname","distinguishedname","samaccountname");
+ $sr = ldap_search($this->getLdapConnection(), $this->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->getLdapConnection(), $sr);
+
+ $objectArray = array();
+ for ($i=0; $i<$entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["description"][0])>0) {
+ $objectArray[$entries[$i]["samaccountname"][0]] = array($entries[$i]["cn"][0],$entries[$i]["description"][0],$entries[$i]["displayname"][0],$entries[$i]["distinguishedname"][0]);
+ } elseif ($includeDescription) {
+ // description is set to displayname if no description is present
+ $objectArray[$entries[$i]["samaccountname"][0]] = array($entries[$i]["cn"][0],$entries[$i]["displayname"][0],$entries[$i]["displayname"][0],$entries[$i]["distinguishedname"][0]);
+ } else {
+ if (in_array("samaccountname", $entries[$i], true)) {
+ array_push($objectArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ }
+ if ($sorted) {
+ asort($objectArray);
+ }
+ return $objectArray;
+ }
+
+ /**
+ * Returns objectClass in an array
+ *
+ * @param string $distinguisedName The full DN of a contact
+ * @return array
+ */
+ public function getObjectClass($distinguishedName) {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->getLdapBind()) { return false; }
+
+ $filter = "distinguishedName=" . $this->utilities()->ldapSlashes($distinguishedName);
+
+ $fields = array("objectclass");
+ $sr = ldap_search($this->getLdapConnection(), $this->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->getLdapConnection(), $sr);
+
+ $objects = array();
+ for ($i=0; $i<$entries[0]["objectclass"]["count"]; $i++) {
+ array_push($objects, $entries[0]["objectclass"][$i]);
+ }
+ return $objects;
+ }
+
+ /**
+ * Find the Base DN of your domain controller
+ *
+ * @return string
+ */
+ public function findBaseDn() {
+ $namingContext = $this->getRootDse(array('defaultnamingcontext'));
+ return $namingContext[0]['defaultnamingcontext'][0];
+ }
+
+ /**
+ * Get the RootDSE properties from a domain controller
+ *
+ * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+ * @return array
+ */
+ public function getRootDse($attributes = array("*", "+")) {
+ if (!$this->ldapBind) { return (false); }
+
+ $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+ $entries = @ldap_get_entries($this->ldapConnection, $sr);
+ return $entries;
+ }
+
+ /**
+ * Get last error from Active Directory
+ *
+ * This function gets the last message from Active Directory
+ * This may indeed be a 'Success' message but if you get an unknown error
+ * it might be worth calling this function to see what errors were raised
+ *
+ * return string
+ */
+ public function getLastError() {
+ return @ldap_error($this->ldapConnection);
+ }
+
+ /**
+ * Detect LDAP support in php
+ *
+ * @return bool
+ */
+ protected function ldapSupported() {
+ if (!function_exists('ldap_connect')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Detect ldap_sasl_bind support in PHP
+ *
+ * @return bool
+ */
+ protected function ldapSaslSupported() {
+ if (!function_exists('ldap_sasl_bind')) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Schema
+ *
+ * @param array $attributes Attributes to be queried
+ * @return array
+ */
+ public function adldap_schema($attributes) {
+
+ // LDAP doesn't like NULL attributes, only set them if they have values
+ // If you wish to remove an attribute you should set it to a space
+ // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+ $mod=array();
+
+ // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+ array_walk($attributes, array($this, 'encode8bit'));
+
+ if (isset($attributes["address_city"])){ $mod["l"][0]=$attributes["address_city"]; }
+ if (isset($attributes["address_code"])){ $mod["postalCode"][0]=$attributes["address_code"]; }
+ //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+ if (isset($attributes["address_country"])){ $mod["c"][0]=$attributes["address_country"]; }
+ if (isset($attributes["address_pobox"])){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+ if (isset($attributes["address_state"])){ $mod["st"][0]=$attributes["address_state"]; }
+ if (isset($attributes["address_street"])){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+ if (isset($attributes["company"])){ $mod["company"][0]=$attributes["company"]; }
+ if (isset($attributes["change_password"])){ $mod["pwdLastSet"][0]=0; }
+ if (isset($attributes["department"])){ $mod["department"][0]=$attributes["department"]; }
+ if (isset($attributes["description"])){ $mod["description"][0]=$attributes["description"]; }
+ if (isset($attributes["display_name"])){ $mod["displayName"][0]=$attributes["display_name"]; }
+ if (isset($attributes["email"])){ $mod["mail"][0]=$attributes["email"]; }
+ if (isset($attributes["expires"])){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+ if (isset($attributes["firstname"])){ $mod["givenName"][0]=$attributes["firstname"]; }
+ if (isset($attributes["home_directory"])){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+ if (isset($attributes["home_drive"])){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+ if (isset($attributes["initials"])){ $mod["initials"][0]=$attributes["initials"]; }
+ if (isset($attributes["logon_name"])){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+ if (isset($attributes["manager"])){ $mod["manager"][0]=$attributes["manager"]; } //UNTESTED ***Use DistinguishedName***
+ if (isset($attributes["office"])){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+ if (isset($attributes["password"])){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
+ if (isset($attributes["profile_path"])){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+ if (isset($attributes["script_path"])){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+ if (isset($attributes["surname"])){ $mod["sn"][0]=$attributes["surname"]; }
+ if (isset($attributes["title"])){ $mod["title"][0]=$attributes["title"]; }
+ if (isset($attributes["telephone"])){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+ if (isset($attributes["mobile"])){ $mod["mobile"][0]=$attributes["mobile"]; }
+ if (isset($attributes["pager"])){ $mod["pager"][0]=$attributes["pager"]; }
+ if (isset($attributes["ipphone"])){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+ if (isset($attributes["web_page"])){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+ if (isset($attributes["fax"])){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+ if (isset($attributes["enabled"])){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+ if (isset($attributes["homephone"])){ $mod["homephone"][0]=$attributes["homephone"]; }
+
+ // Distribution List specific schema
+ if (isset($attributes["group_sendpermission"])){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+ if (isset($attributes["group_rejectpermission"])){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+
+ // Exchange Schema
+ if (isset($attributes["exchange_homemdb"])){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+ if (isset($attributes["exchange_mailnickname"])){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+ if (isset($attributes["exchange_proxyaddress"])){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+ if (isset($attributes["exchange_usedefaults"])){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+ if (isset($attributes["exchange_policyexclude"])){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+ if (isset($attributes["exchange_policyinclude"])){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }
+ if (isset($attributes["exchange_addressbook"])){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }
+ if (isset($attributes["exchange_altrecipient"])){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; }
+ if (isset($attributes["exchange_deliverandredirect"])){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }
+
+ // This schema is designed for contacts
+ if (isset($attributes["exchange_hidefromlists"])){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+ if (isset($attributes["contact_email"])){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+
+ //echo (""); print_r($mod);
+ /*
+ // modifying a name is a bit fiddly
+ if ($attributes["firstname"] && $attributes["surname"]){
+ $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+ }
+ */
+
+ if (count($mod)==0) { return (false); }
+ return ($mod);
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ protected function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Select a random domain controller from your domain controller array
+ *
+ * @return string
+ */
+ protected function randomController() {
+ mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+ /*if (sizeof($this->domainControllers) > 1) {
+ $adController = $this->domainControllers[array_rand($this->domainControllers)];
+ // Test if the controller is responding to pings
+ $ping = $this->pingController($adController);
+ if ($ping === false) {
+ // Find the current key in the domain controllers array
+ $key = array_search($adController, $this->domainControllers);
+ // Remove it so that we don't end up in a recursive loop
+ unset($this->domainControllers[$key]);
+ // Select a new controller
+ return $this->randomController();
+ }
+ else {
+ return ($adController);
+ }
+ } */
+ return $this->domainControllers[array_rand($this->domainControllers)];
+ }
+
+ /**
+ * Test basic connectivity to controller
+ *
+ * @return bool
+ */
+ protected function pingController($host) {
+ $port = $this->adPort;
+ fsockopen($host, $port, $errno, $errstr, 10);
+ if ($errno > 0) {
+ return false;
+ }
+ return true;
+ }
+
+}
+
+/**
+* adLDAP Exception Handler
+*
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+* $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+* echo $e;
+* exit();
+* }
+*/
+class adLDAPException extends \Exception {}
+
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPComputers.php b/src/mibew/libs/adldap/classes/adLDAPComputers.php
new file mode 100644
index 00000000..d56f9997
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPComputers.php
@@ -0,0 +1,147 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Get information about a specific computer. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Attributes to return
+ * @return array
+ */
+ public function info($computerName, $fields = NULL) {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
+ if ($fields === NULL) {
+ $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ return $entries;
+ }
+
+ /**
+ * Find information about the computers. Returned in a raw array format from AD
+ *
+ * @param string $computerName The name of the computer
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($computerName, $fields = NULL) {
+ if ($computerName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($computerName, $fields);
+
+ if ($info !== false) {
+ $collection = new \adLDAP\collections\adLDAPComputerCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Check if a computer is in a group
+ *
+ * @param string $computerName The name of the computer
+ * @param string $group The group to check
+ * @param bool $recursive Whether to check recursively
+ * @return array
+ */
+ public function inGroup($computerName, $group, $recursive = NULL) {
+ if ($computerName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+ //get a list of the groups
+ $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+ //return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Get the groups a computer is in
+ *
+ * @param string $computerName The name of the computer
+ * @param bool $recursive Whether to check recursively
+ * @return array
+ */
+ public function groups($computerName, $recursive = NULL) {
+ if ($computerName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ //search the directory for their information
+ $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName){
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+ return $groups;
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPContacts.php b/src/mibew/libs/adldap/classes/adLDAPContacts.php
new file mode 100644
index 00000000..cbfa90d7
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPContacts.php
@@ -0,0 +1,283 @@
+adldap = $adldap;
+ }
+
+ //*****************************************************************************************************************
+ // CONTACT FUNCTIONS
+ // * Still work to do in this area, and new functions to write
+
+ /**
+ * Create a contact
+ *
+ * @param array $attributes The attributes to set to the contact
+ * @return bool
+ */
+ public function create($attributes) {
+ // Check for compulsory fields
+ if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+ if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding contacts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "contact";
+ if (!isset($attributes['exchange_hidefromlists'])) {
+ $add["msExchHideFromAddressLists"][0] = "TRUE";
+ }
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container= "OU=" . implode(",OU=", $attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Determine the list of groups a contact is a member of
+ *
+ * @param string $distinguisedname The full DN of a contact
+ * @param bool $recursive Recursively check groups
+ * @return array
+ */
+ public function groups($distinguishedName, $recursive = NULL) {
+ if ($distinguishedName === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()){ return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName) {
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+ return $groups;
+ }
+
+ /**
+ * Get contact information. Returned in a raw array format from AD
+ *
+ * @param string $distinguisedname The full DN of a contact
+ * @param array $fields Attributes to be returned
+ * @return array
+ */
+ public function info($distinguishedName, $fields = NULL)
+ {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = "distinguishedName=" . $this->adldap->utilities()->ldapSlashes($distinguishedName);
+ if ($fields === NULL) {
+ $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($entries[0]['count'] >= 1) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])) {
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+ }
+ }
+
+ $entries[0]["memberof"]["count"]++;
+ return $entries;
+ }
+
+ /**
+ * Find information about the contacts. Returned in a raw array format from AD
+ *
+ * @param string $distinguishedName The full DN of a contact
+ * @param array $fields Array of parameters to query
+ * @return mixed
+ */
+ public function infoCollection($distinguishedName, $fields = NULL) {
+ if ($distinguishedName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($distinguishedName, $fields);
+
+ if ($info !== false) {
+ $collection = new \adLDAP\collections\adLDAPContactCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a contact is a member of a group
+ *
+ * @param string $distinguisedName The full DN of a contact
+ * @param string $group The group name to query
+ * @param bool $recursive Recursively check groups
+ * @return bool
+ */
+ public function inGroup($distinguisedName, $group, $recursive = NULL) {
+ if ($distinguisedName === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+
+ // Return true if the specified group is in the group list
+ if (in_array($group, $groups)) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Modify a contact
+ *
+ * @param string $distinguishedName The contact to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @return bool
+ */
+ public function modify($distinguishedName, $attributes) {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) {
+ return false;
+ }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Delete a contact
+ *
+ * @param string $distinguishedName The contact dn to delete (please be careful here!)
+ * @return array
+ */
+ public function delete($distinguishedName) {
+ $result = $this->folder()->delete($distinguishedName);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of all contacts
+ *
+ * @param bool $includeDescription Include a description of a contact
+ * @param string $search The search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=contact)(cn=" . $search . "))";
+ $fields = array("displayname","distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i<$entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription){
+ $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedname The contact to mail enable
+ * @param string $emailaddress The email address to allow emails to be sent through
+ * @param string $mailnickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return bool
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL) {
+ return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPExchange.php b/src/mibew/libs/adldap/classes/adLDAPExchange.php
new file mode 100644
index 00000000..fcdb8a44
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPExchange.php
@@ -0,0 +1,376 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Create an Exchange account
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+ * If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+ * @param string $emailAddress The primary email address to add to this user
+ * @param string $mailNickname The mail nick name. If mail nickname is blank, the username will be used
+ * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+ * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false) {
+ if ($username === NULL){ return "Missing compulsory field [username]"; }
+ if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+ if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($baseDn === NULL) {
+ $baseDn = $this->adldap->getBaseDn();
+ }
+
+ $container = "CN=" . implode(",CN=", $storageGroup);
+
+ if ($mailNickname === NULL) {
+ $mailNickname = $username;
+ }
+ $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+
+ $attributes = array(
+ 'exchange_homemdb'=>$container.",".$baseDn,
+ 'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
+ 'exchange_mailnickname'=>$mailNickname,
+ 'exchange_usedefaults'=>$mdbUseDefaults
+ );
+ $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add an X400 address to Exchange
+ * See http://tools.ietf.org/html/rfc1685 for more information.
+ * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+ *
+ * @param string $username The username of the user to add the X400 to to
+ * @param string $country Country
+ * @param string $admd Administration Management Domain
+ * @param string $pdmd Private Management Domain (often your AD domain)
+ * @param string $org Organization
+ * @param string $surname Surname
+ * @param string $givenName Given name
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+
+ $proxyValue = 'X400:';
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) { return false; }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add an address to Exchange
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ $proxyValue = 'smtp:';
+ if ($default === true) {
+ $proxyValue = 'SMTP:';
+ }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL){ return false; }
+ $userDn = $user[0]["dn"];
+
+ // We need to scan existing proxy addresses and demote the default one
+ if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+ $modAddresses = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+ else {
+ // We do not have to demote an email address from the default so we can just add the new proxy address
+ $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
+
+ // Translate the update to the LDAP schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ if (!$add) {
+ return false;
+ }
+
+ // Do the update
+ // Take out the @ to see any errors, usually this error might occur because the address already
+ // exists in the list of proxyAddresses
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+ }
+
+ /**
+ * Remove an address to Exchange
+ * If you remove a default address the account will no longer have a default,
+ * we recommend changing the default address first
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to add to this user
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function deleteAddress($username, $emailAddress, $isGUID=false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $mod = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn,$mod);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+ /**
+ * Change the default address
+ *
+ * @param string $username The username of the user to add the Exchange account to
+ * @param string $emailAddress The email address to make default
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function primaryAddress($username, $emailAddress, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+
+ // Find the dn of the user
+ $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+ if ($user[0]["dn"] === NULL) { return false; }
+ $userDn = $user[0]["dn"];
+
+ if (is_array($user[0]["proxyaddresses"])) {
+ $modAddresses = array();
+ for ($i=0;$iadldap->getLdapConnection(), $userDn, $modAddresses);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+ }
+
+ /**
+ * Mail enable a contact
+ * Allows email to be sent to them through Exchange
+ *
+ * @param string $distinguishedName The contact to mail enable
+ * @param string $emailAddress The email address to allow emails to be sent through
+ * @param string $mailNickname The mailnickname for the contact in Exchange. If NULL this will be set to the display name
+ * @return bool
+ */
+ public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL) {
+ if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }
+ if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+
+ if ($mailNickname !== NULL) {
+ // Find the dn of the user
+ $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+ if ($user[0]["displayname"] === NULL) { return false; }
+ $mailNickname = $user[0]['displayname'][0];
+ }
+
+ $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod) { return false; }
+
+ // Do the update
+ $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+ *
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function servers($attributes = array('cn','distinguishedname','serialnumber')) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Storage Groups in Exchange for a given mail server
+ *
+ * @param string $exchangeServer The full DN of an Exchange server. You can use exchange_servers() to find the DN for your server
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @param bool $recursive If enabled this will automatically query the databases within a storage group
+ * @return array
+ */
+ public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+ $filter = '(&(objectCategory=msExchStorageGroup))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if ($recursive === true) {
+ for ($i=0; $i<$entries['count']; $i++) {
+ $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);
+ }
+ }
+ return $entries;
+ }
+
+ /**
+ * Returns a list of Databases within any given storage group in Exchange for a given mail server
+ *
+ * @param string $storageGroup The full DN of an Storage Group. You can use exchange_storage_groups() to find the DN
+ * @param array $attributes An array of the AD attributes you wish to return
+ * @return array
+ */
+ public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+
+ $filter = '(&(objectCategory=msExchPrivateMDB))';
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ return $entries;
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPFolders.php b/src/mibew/libs/adldap/classes/adLDAPFolders.php
new file mode 100644
index 00000000..99fb0530
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPFolders.php
@@ -0,0 +1,175 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Delete a distinguished name from Active Directory
+ * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+ *
+ * @param string $dn The distinguished name to delete
+ * @return bool
+ */
+ public function delete($dn) {
+ $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Returns a folder listing for a specific OU
+ * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+ *
+ * @param array $folderName An array to the OU you wish to list.
+ * If set to NULL will list the root, strongly recommended to set
+ * $recursive to false in that instance!
+ * @param string $dnType The type of record to list. This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+ * @param bool $recursive Recursively search sub folders
+ * @param bool $type Specify a type of object to search for
+ * @return array
+ */
+ public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) {
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&';
+ if ($type !== NULL) {
+ switch ($type) {
+ case 'contact':
+ $filter .= '(objectClass=contact)';
+ break;
+ case 'computer':
+ $filter .= '(objectClass=computer)';
+ break;
+ case 'group':
+ $filter .= '(objectClass=group)';
+ break;
+ case 'folder':
+ $filter .= '(objectClass=organizationalUnit)';
+ break;
+ case 'container':
+ $filter .= '(objectClass=container)';
+ break;
+ case 'domain':
+ $filter .= '(objectClass=builtinDomain)';
+ break;
+ default:
+ $filter .= '(objectClass=user)';
+ break;
+ }
+ }
+ else {
+ $filter .= '(objectClass=*)';
+ }
+ // If the folder name is null then we will search the root level of AD
+ // This requires us to not have an OU= part, just the base_dn
+ $searchOu = $this->adldap->getBaseDn();
+ if (is_array($folderName)) {
+ $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+ $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+ $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+ }
+ else {
+ $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+ }
+
+ if ($recursive === true) {
+ $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+ else {
+ $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+ $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (is_array($entries)) {
+ return $entries;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Create an organizational unit
+ *
+ * @param array $attributes Default attributes of the ou
+ * @return bool
+ */
+ public function create($attributes) {
+ if (!is_array($attributes)) { return "Attributes must be an array"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+ if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+ if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ $add=array();
+ $add["objectClass"] = "organizationalUnit";
+ $add["OU"] = $attributes['ou_name'];
+ $containers = "";
+ if (count($attributes['container']) > 0) {
+ $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+ }
+
+ $containers = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+}
+
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPGroups.php b/src/mibew/libs/adldap/classes/adLDAPGroups.php
new file mode 100644
index 00000000..fa6657c1
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPGroups.php
@@ -0,0 +1,656 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Add a group to a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function addGroup($parent,$child) {
+
+ // Find the parent group's dn
+ $parentGroup = $this->ginfo($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child group's dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $add = array();
+ $add["member"] = $childDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a user to a group
+ *
+ * @param string $group The group to add the user to
+ * @param string $user The user to add to the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function addUser($group, $user, $isGUID = false) {
+ // Adding a user is a bit fiddly, we need to get the full DN of the user
+ // and add it using the full DN of the group
+
+ // Find the user's dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $userDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Add a contact to a group
+ *
+ * @param string $group The group to add the contact to
+ * @param string $contactDn The DN of the contact to add
+ * @return bool
+ */
+ public function addContact($group, $contactDn)
+ {
+ // To add a contact we take the contact's DN
+ // and add it using the full DN of the group
+
+ // Find the group's dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $add = array();
+ $add["member"] = $contactDn;
+
+ $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Create a group
+ *
+ * @param array $attributes Default attributes of the group
+ * @return bool
+ */
+ public function create($attributes) {
+ if (!is_array($attributes)) { return "Attributes must be an array"; }
+ if (!array_key_exists("group_name", $attributes)) { return "Missing compulsory field [group_name]"; }
+ if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+ if (!array_key_exists("description", $attributes)) { return "Missing compulsory field [description]"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+ $attributes["container"] = array_reverse($attributes["container"]);
+
+ //$member_array = array();
+ //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+ //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+
+ $add = array();
+ $add["cn"] = $attributes["group_name"];
+ $add["samaccountname"] = $attributes["group_name"];
+ $add["objectClass"] = "Group";
+ $add["description"] = $attributes["description"];
+ //$add["member"] = $member_array; UNTESTED
+
+ $container = "OU=" . implode(",OU=", $attributes["container"]);
+ $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Delete a group account
+ *
+ * @param string $group The group to delete (please be careful here!)
+ *
+ * @return array
+ */
+ public function delete($group) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($group === null) { return "Missing compulsory field [group]"; }
+
+ $groupInfo = $this->info($group, array("*"));
+ $dn = $groupInfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result !== true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a group from a group
+ *
+ * @param string $parent The parent group name
+ * @param string $child The child group name
+ * @return bool
+ */
+ public function removeGroup($parent , $child) {
+
+ // Find the parent dn
+ $parentGroup = $this->info($parent, array("cn"));
+ if ($parentGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $parentDn = $parentGroup[0]["dn"];
+
+ // Find the child dn
+ $childGroup = $this->info($child, array("cn"));
+ if ($childGroup[0]["dn"] === NULL) {
+ return false;
+ }
+ $childDn = $childGroup[0]["dn"];
+
+ $del = array();
+ $del["member"] = $childDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a user from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $user The AD user to remove from the group
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function removeUser($group, $user, $isGUID = false) {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ // Find the users dn
+ $userDn = $this->adldap->user()->dn($user, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $del = array();
+ $del["member"] = $userDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Remove a contact from a group
+ *
+ * @param string $group The group to remove a user from
+ * @param string $contactDn The DN of a contact to remove from the group
+ * @return bool
+ */
+ public function removeContact($group, $contactDn) {
+
+ // Find the parent dn
+ $groupInfo = $this->info($group, array("cn"));
+ if ($groupInfo[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $groupInfo[0]["dn"];
+
+ $del = array();
+ $del["member"] = $contactDn;
+
+ $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Return a list of groups in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get groups
+ * @return array
+ */
+ public function inGroup($group, $recursive = NULL) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $groups = $info[0]["member"];
+ if (!is_array($groups)) {
+ return false;
+ }
+
+ $groupArray = array();
+
+ for ($i=0; $i<$groups["count"]; $i++) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+ $fields = array("distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['distinguishedname'][0])) {
+ continue;
+ }
+ $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);
+ if (is_array($subGroups)) {
+ $groupArray = array_merge($groupArray, $subGroups);
+ $groupArray = array_unique($groupArray);
+ }
+ continue;
+ }
+ $groupArray[] = $entries[0]['distinguishedname'][0];
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Return a list of members in a group
+ *
+ * @param string $group The group to query
+ * @param bool $recursive Recursively get group members
+ * @return array
+ */
+ public function members($group, $recursive = NULL) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ // Search the directory for the members of a group
+ $info = $this->info($group, array("member","cn"));
+ $users = $info[0]["member"];
+ if (!is_array($users)) {
+ return false;
+ }
+
+ $userArray = array();
+
+ for ($i=0; $i<$users["count"]; $i++) {
+ $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname", "distinguishedname", "objectClass");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // not a person, look for a group
+ if ($entries['count'] == 0 && $recursive == true) {
+ $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+ $fields = array("samaccountname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ if (!isset($entries[0]['samaccountname'][0])) {
+ continue;
+ }
+ $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);
+ if (is_array($subUsers)) {
+ $userArray = array_merge($userArray, $subUsers);
+ $userArray = array_unique($userArray);
+ }
+ continue;
+ }
+ else if ($entries['count'] == 0) {
+ continue;
+ }
+
+ if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+ $userArray[] = $entries[0]['distinguishedname'][0];
+ }
+ else if ($entries[0]['samaccountname'][0] !== NULL) {
+ $userArray[] = $entries[0]['samaccountname'][0];
+ }
+ }
+ return $userArray;
+ }
+
+ /**
+ * Group Information. Returns an array of raw information about a group.
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return array
+ */
+ public function info($groupName, $fields = NULL) {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if (stristr($groupName, '+')) {
+ $groupName = stripslashes($groupName);
+ }
+
+ $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+ if ($fields === NULL) {
+ $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname");
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ // Windows 2003: Returns up to 1500 values (Windows 2000 only 1000 is not supported).
+ if (isset($entries[0]['member;range=0-1499']) && $entries[0]['member;range=0-1499']['count'] == 1500) {
+ $entries[0]['member']['count'] = "0";
+ $rangestep = 1499; // Step site
+ $rangelow = 0; // Initial low range
+ $rangehigh = $rangelow + $rangestep; // Initial high range
+ // do until array_keys($members[0])[0] ends with a '*', e. g. member;range=1499-*. It indicates end of the range
+ do {
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, array("member;range=" . $rangelow . "-" . $rangehigh));
+ $members = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ $memberrange = array_keys($members[0]);
+ $membercount = $members[0][$memberrange[0]]['count'];
+ // Copy range entries to member
+ for ($i = 0; $i <= $membercount -1; $i++) {
+ $entries[0]['member'][] = $members[0][$memberrange[0]][$i];
+ }
+ $entries[0]['member']['count'] += $membercount;
+ $rangelow += $rangestep +1;
+ $rangehigh += $rangestep +1;
+ } while (substr($memberrange[0], -1) != '*');
+ }
+ return $entries;
+ }
+
+ /**
+ * Group Information. Returns an collection
+ * The group name is case sensitive
+ *
+ * @param string $groupName The group name to retrieve info about
+ * @param array $fields Fields to retrieve
+ * @return \adLDAP\collections\adLDAPGroupCollection
+ */
+ public function infoCollection($groupName, $fields = NULL) {
+ if ($groupName === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($groupName, $fields);
+ if ($info !== false) {
+ $collection = new \adLDAP\collections\adLDAPGroupCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Return a complete list of "groups in groups"
+ *
+ * @param string $group The group to get the list from
+ * @return array
+ */
+ public function recursiveGroups($group) {
+ if ($group === NULL) { return false; }
+
+ $stack = array();
+ $processed = array();
+ $retGroups = array();
+
+ array_push($stack, $group); // Initial Group to Start with
+ while (count($stack) > 0) {
+ $parent = array_pop($stack);
+ array_push($processed, $parent);
+
+ $info = $this->info($parent, array("memberof"));
+
+ if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+ $groups = $info[0]["memberof"];
+ if ($groups) {
+ $groupNames = $this->adldap->utilities()->niceNames($groups);
+ $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+ foreach ($groupNames as $id => $groupName) {
+ if (!in_array($groupName, $processed)) {
+ array_push($stack, $groupName);
+ }
+ }
+ }
+ }
+ }
+ return $retGroups;
+ }
+
+ /**
+ * Returns a complete list of the groups in AD based on a SAM Account Type
+ *
+ * @param string $sAMAaccountType The account type to return
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $filter = '(&(objectCategory=group)';
+ if ($sAMAaccountType !== null) {
+ $filter .= '(samaccounttype='. $sAMAaccountType .')';
+ }
+ $filter .= '(cn=' . $search . '))';
+ // Perform the search and grab all their details
+ $fields = array("samaccountname", "description");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $groupsArray = array();
+ for ($i=0; $i<$entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+ }
+ else if ($includeDescription) {
+ $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($groupsArray);
+ }
+ return $groupsArray;
+ }
+
+ /**
+ * Obtain the group's distinguished name based on their groupid
+ *
+ *
+ * @param string $groupname The groupname
+ * @return string
+ */
+ public function dn($groupname) {
+ $group = $this->info($groupname, array("cn"));
+ if ($group[0]["dn"] === NULL) {
+ return false;
+ }
+ $groupDn = $group[0]["dn"];
+ return $groupDn;
+ }
+
+ /**
+ * Returns a complete list of all groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true) {
+ $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of security groups in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allSecurity($includeDescription = false, $search = "*", $sorted = true) {
+ $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Returns a complete list of distribution lists in AD
+ *
+ * @param bool $includeDescription Whether to return a description
+ * @param string $search Search parameters
+ * @param bool $sorted Whether to sort the results
+ * @return array
+ */
+ public function allDistribution($includeDescription = false, $search = "*", $sorted = true) {
+ $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+ return $groupsArray;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * This is a re-write based on code submitted by Bruce which prevents the
+ * need to search each security group to find the true primary group
+ *
+ * @param string $gid Group ID
+ * @param string $usersid User's Object SID
+ * @return mixed
+ */
+ public function getPrimaryGroup($gid, $usersid) {
+ if ($gid === NULL || $usersid === NULL) { return false; }
+ $sr = false;
+
+ $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+ $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+ $fields = array("samaccountname","distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if (isset($entries[0]['distinguishedname'][0])) {
+ return $entries[0]['distinguishedname'][0];
+ }
+ return false;
+ }
+
+ /**
+ * Coping with AD not returning the primary group
+ * http://support.microsoft.com/?kbid=321360
+ *
+ * For some reason it's not possible to search on primarygrouptoken=XXX
+ * If someone can show otherwise, I'd like to know about it :)
+ * this way is resource intensive and generally a pain in the @#%^
+ *
+ * @deprecated deprecated since version 3.1, see get get_primary_group
+ * @param string $gid Group ID
+ * @return string
+ */
+ public function cn($gid) {
+ if ($gid === NULL) { return false; }
+ $sr = false;
+ $r = '';
+
+ $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+ $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ for ($i=0; $i<$entries["count"]; $i++) {
+ if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+ $r = $entries[$i]["distinguishedname"][0];
+ $i = $entries["count"];
+ }
+ }
+ return $r;
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPUsers.php b/src/mibew/libs/adldap/classes/adLDAPUsers.php
new file mode 100644
index 00000000..98ac035c
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPUsers.php
@@ -0,0 +1,656 @@
+adldap = $adldap;
+ }
+
+ /**
+ * Validate a user's login credentials
+ *
+ * @param string $username A user's AD username
+ * @param string $password A user's AD password
+ * @param bool optional $prevent_rebind
+ * @return bool
+ */
+ public function authenticate($username, $password, $preventRebind = false) {
+ return $this->adldap->authenticate($username, $password, $preventRebind);
+ }
+
+ /**
+ * Create a user
+ *
+ * If you specify a password here, this can only be performed over SSL
+ *
+ * @param array $attributes The attributes to set to the user account
+ * @return bool
+ */
+ public function create($attributes) {
+ // Check for compulsory fields
+ if (!array_key_exists("username", $attributes)) { return "Missing compulsory field [username]"; }
+ if (!array_key_exists("firstname", $attributes)) { return "Missing compulsory field [firstname]"; }
+ if (!array_key_exists("surname", $attributes)) { return "Missing compulsory field [surname]"; }
+ if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+ if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+ if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+ if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())) {
+ throw new \adLDAP\adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ if (!array_key_exists("display_name", $attributes)) {
+ $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"];
+ }
+
+ // Translate the schema
+ $add = $this->adldap->adldap_schema($attributes);
+
+ // Additional stuff only used for adding accounts
+ $add["cn"][0] = $attributes["display_name"];
+ $add["samaccountname"][0] = $attributes["username"];
+ $add["objectclass"][0] = "top";
+ $add["objectclass"][1] = "person";
+ $add["objectclass"][2] = "organizationalPerson";
+ $add["objectclass"][3] = "user"; //person?
+ //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+ // Set the account control attribute
+ $control_options = array("NORMAL_ACCOUNT");
+ if (!$attributes["enabled"]) {
+ $control_options[] = "ACCOUNTDISABLE";
+ }
+ $add["userAccountControl"][0] = $this->accountControl($control_options);
+
+ // Determine the container
+ $attributes["container"] = array_reverse($attributes["container"]);
+ $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+ // Add the entry
+ $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Account control options
+ *
+ * @param array $options The options to convert to int
+ * @return int
+ */
+ protected function accountControl($options) {
+ $val=0;
+
+ if (is_array($options)) {
+ if (in_array("SCRIPT",$options)) { $val=$val+1; }
+ if (in_array("ACCOUNTDISABLE",$options)) { $val=$val+2; }
+ if (in_array("HOMEDIR_REQUIRED",$options)) { $val=$val+8; }
+ if (in_array("LOCKOUT",$options)) { $val=$val+16; }
+ if (in_array("PASSWD_NOTREQD",$options)) { $val=$val+32; }
+ //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+ //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+ if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)) { $val=$val+128; }
+ if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)) { $val=$val+256; }
+ if (in_array("NORMAL_ACCOUNT",$options)) { $val=$val+512; }
+ if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)) { $val=$val+2048; }
+ if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)) { $val=$val+4096; }
+ if (in_array("SERVER_TRUST_ACCOUNT",$options)) { $val=$val+8192; }
+ if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+ if (in_array("MNS_LOGON_ACCOUNT",$options)) { $val=$val+131072; }
+ if (in_array("SMARTCARD_REQUIRED",$options)) { $val=$val+262144; }
+ if (in_array("TRUSTED_FOR_DELEGATION",$options)) { $val=$val+524288; }
+ if (in_array("NOT_DELEGATED",$options)) { $val=$val+1048576; }
+ if (in_array("USE_DES_KEY_ONLY",$options)) { $val=$val+2097152; }
+ if (in_array("DONT_REQ_PREAUTH",$options)) { $val=$val+4194304; }
+ if (in_array("PASSWORD_EXPIRED",$options)) { $val=$val+8388608; }
+ if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)) { $val=$val+16777216; }
+ }
+ return $val;
+ }
+
+ /**
+ * Delete a user account
+ *
+ * @param string $username The username to delete (please be careful here!)
+ * @param bool $isGUID Is the username a GUID or a samAccountName
+ * @return array
+ */
+ public function delete($username, $isGUID = false) {
+ $userinfo = $this->info($username, array("*"), $isGUID);
+ $dn = $userinfo[0]['distinguishedname'][0];
+ $result = $this->adldap->folder()->delete($dn);
+ if ($result != true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Groups the user is a member of
+ *
+ * @param string $username The username to query
+ * @param bool $recursive Recursive list of groups
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function groups($username, $recursive = NULL, $isGUID = false) {
+ if ($username === NULL) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Search the directory for their information
+ $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+ $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+ if ($recursive === true) {
+ foreach ($groups as $id => $groupName) {
+ $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+ $groups = array_merge($groups, $extraGroups);
+ }
+ }
+ return $groups;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return array
+ */
+ public function info($username, $fields = NULL, $isGUID = false) {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ if ($isGUID === true) {
+ $username = $this->adldap->utilities()->strGuidToHex($username);
+ $filter = "objectguid=" . $username;
+ }
+ else if (strstr($username, "@")) {
+ $filter = "userPrincipalName=" . $username;
+ }
+ else {
+ $filter = "samaccountname=" . $username;
+ }
+ $filter = "(&(objectCategory=person)({$filter}))";
+ if ($fields === NULL) {
+ $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid");
+ }
+ if (!in_array("objectsid", $fields)) {
+ $fields[] = "objectsid";
+ }
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ if (isset($entries[0])) {
+ if ($entries[0]['count'] >= 1) {
+ if (in_array("memberof", $fields)) {
+ // AD does not return the primary group in the ldap query, we may need to fudge it
+ if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])) {
+ //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+ $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+ } else {
+ $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+ }
+ if (!isset($entries[0]["memberof"]["count"])) {
+ $entries[0]["memberof"]["count"] = 0;
+ }
+ $entries[0]["memberof"]["count"]++;
+ }
+ }
+ return $entries;
+ }
+ return false;
+ }
+
+ /**
+ * Find information about the users. Returned in a raw array format from AD
+ *
+ * @param string $username The username to query
+ * @param array $fields Array of parameters to query
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return mixed
+ */
+ public function infoCollection($username, $fields = NULL, $isGUID = false) {
+ if ($username === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ $info = $this->info($username, $fields, $isGUID);
+
+ if ($info !== false) {
+ $collection = new \adLDAP\collections\adLDAPUserCollection($info, $this->adldap);
+ return $collection;
+ }
+ return false;
+ }
+
+ /**
+ * Determine if a user is in a specific group
+ *
+ * @param string $username The username to query
+ * @param string $group The name of the group to check against
+ * @param bool $recursive Check groups recursively
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function inGroup($username, $group, $recursive = NULL, $isGUID = false) {
+ if ($username === NULL) { return false; }
+ if ($group === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+
+ // Get a list of the groups
+ $groups = $this->groups($username, $recursive, $isGUID);
+ $search_array = array_combine(array_map('strtolower',$groups),$groups);
+
+ // Return true if the specified group is in the group list
+ return !is_null($search_array[strtolower($group)]);
+ }
+
+ /**
+ * Determine a user's password expiry date
+ *
+ * @param string $username The username to query
+ * @param book $isGUID Is the username passed a GUID or a samAccountName
+ * @requires bcmath http://www.php.net/manual/en/book.bc.php
+ * @return array
+ */
+ public function passwordExpiry($username, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!function_exists('bcmod')) { throw new \adLDAP\adLDAPException("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+
+ $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+ $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+ $status = array();
+
+ if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+ // Password does not expire
+ return "Does not expire";
+ }
+ if ($pwdLastSet === '0') {
+ // Password has already expired
+ return "Password has expired";
+ }
+
+ // Password expiry in AD can be calculated from TWO values:
+ // - User's own pwdLastSet attribute: stores the last time the password was changed
+ // - Domain's maxPwdAge attribute: how long passwords last in the domain
+ //
+ // Although Microsoft chose to use a different base and unit for time measurements.
+ // This function will convert them to Unix timestamps
+ $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+ if (!$sr) {
+ return false;
+ }
+ $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+ $maxPwdAge = $info[0]['maxpwdage'][0];
+
+ // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+ //
+ // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC),
+ // stored in a 64 bit integer.
+ //
+ // The number of seconds between this date and Unix epoch is 11644473600.
+ //
+ // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+ // intervals from the time the password was set before the password expires.
+ //
+ // We also need to scale this to seconds but also this value is a _negative_ quantity!
+ //
+ // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+ //
+ // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+ // BCMath functions to work with arbitrary precision numbers.
+ if (bcmod($maxPwdAge, 4294967296) === '0') {
+ return "Domain does not expire passwords";
+ }
+
+ // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+ // time units. Because maxpwd age is negative we need to subtract it.
+ $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+
+ // Convert MS's time to Unix time
+ $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+ $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+
+ return $status;
+ }
+
+ /**
+ * Modify a user
+ *
+ * @param string $username The username to query
+ * @param array $attributes The attributes to modify. Note if you set the enabled attribute you must not specify any other attributes
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function modify($username, $attributes, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new \adLDAP\adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ // Find the dn of the user
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ // Translate the update to the LDAP schema
+ $mod = $this->adldap->adldap_schema($attributes);
+
+ // Check to see if this is an enabled status update
+ if (!$mod && !array_key_exists("enabled", $attributes)) {
+ return false;
+ }
+
+ // Set the account control attribute (only if specified)
+ if (array_key_exists("enabled", $attributes)) {
+ if ($attributes["enabled"]) {
+ $controlOptions = array("NORMAL_ACCOUNT");
+ }
+ else {
+ $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE");
+ }
+ $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+ }
+
+ // Do the update
+ $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+ if ($result == false) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Disable a user account
+ *
+ * @param string $username The username to disable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function disable($username, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 0);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Enable a user account
+ *
+ * @param string $username The username to enable
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function enable($username, $isGUID = false) {
+ if ($username === NULL) { return "Missing compulsory field [username]"; }
+ $attributes = array("enabled" => 1);
+ $result = $this->modify($username, $attributes, $isGUID);
+ if ($result == false) { return false; }
+
+ return true;
+ }
+
+ /**
+ * Set the password of a user - This must be performed over SSL
+ *
+ * @param string $username The username to modify
+ * @param string $password The new password
+ * @param bool $isGUID Is the username passed a GUID or a samAccountName
+ * @return bool
+ */
+ public function password($username, $password, $isGUID = false) {
+ if ($username === NULL) { return false; }
+ if ($password === NULL) { return false; }
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) {
+ throw new \adLDAP\adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+ }
+
+ $userDn = $this->dn($username, $isGUID);
+ if ($userDn === false) {
+ return false;
+ }
+
+ $add=array();
+ $add["unicodePwd"][0] = $this->encodePassword($password);
+
+ $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+ if ($result === false) {
+ $err = ldap_errno($this->adldap->getLdapConnection());
+ if ($err) {
+ $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+ if($err == 53) {
+ $msg .= ' Your password might not match the password policy.';
+ }
+ throw new \adLDAP\adLDAPException($msg);
+ }
+ else {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Encode a password for transmission over LDAP
+ *
+ * @param string $password The password to encode
+ * @return string
+ */
+ public function encodePassword($password) {
+ $password="\"".$password."\"";
+ $encoded="";
+ for ($i=0; $i info($username, array("cn"), $isGUID);
+ if ($user[0]["dn"] === NULL) {
+ return false;
+ }
+ $userDn = $user[0]["dn"];
+ return $userDn;
+ }
+
+ /**
+ * Return a list of all users in AD
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $search Search parameter
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function all($includeDescription = false, $search = "*", $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i<$entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0])>0) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ } elseif ($includeDescription) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ } else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return $usersArray;
+ }
+
+ /**
+ * Converts a username (samAccountName) to a GUID
+ *
+ * @param string $username The username to query
+ * @return string
+ */
+ public function usernameToGuid($username) {
+ if (!$this->adldap->getLdapBind()){ return false; }
+ if ($username === null){ return "Missing compulsory field [username]"; }
+
+ $filter = "samaccountname=" . $username;
+ $fields = array("objectGUID");
+ $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) {
+ $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr);
+ $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID');
+ $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);
+ return $strGUID;
+ }
+ return false;
+ }
+
+ /**
+ * Return a list of all users in AD that have a specific value in a field
+ *
+ * @param bool $includeDescription Return a description of the user
+ * @param string $searchField Field to search search for
+ * @param string $searchFilter Value to search for in the specified field
+ * @param bool $sorted Sort the user accounts
+ * @return array
+ */
+ public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+
+ // Perform the search and grab all their details
+ $searchParams = "";
+ if ($searchField) {
+ $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+ }
+ $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+ $fields = array("samaccountname","displayname");
+ $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+ $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+ $usersArray = array();
+ for ($i=0; $i < $entries["count"]; $i++) {
+ if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+ }
+ else if ($includeDescription) {
+ $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+ }
+ else {
+ array_push($usersArray, $entries[$i]["samaccountname"][0]);
+ }
+ }
+ if ($sorted) {
+ asort($usersArray);
+ }
+ return ($usersArray);
+ }
+
+ /**
+ * Move a user account to a different OU
+ *
+ * @param string $username The username to move (please be careful here!)
+ * @param array $container The container or containers to move the user to (please be careful here!).
+ * accepts containers in 1. parent 2. child order
+ * @return array
+ */
+ public function move($username, $container) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ if ($container === null) { return "Missing compulsory field [container]"; }
+ if (!is_array($container)) { return "Container must be an array"; }
+
+ $userInfo = $this->info($username, array("*"));
+ $dn = $userInfo[0]['distinguishedname'][0];
+ $newRDn = "cn=" . $username;
+ $container = array_reverse($container);
+ $newContainer = "ou=" . implode(",ou=",$container);
+ $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+ $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+ if ($result !== true) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Get the last logon time of any user as a Unix timestamp
+ *
+ * @param string $username
+ * @return long $unixTimestamp
+ */
+ public function getLastLogon($username) {
+ if (!$this->adldap->getLdapBind()) { return false; }
+ if ($username === null) { return "Missing compulsory field [username]"; }
+ $userInfo = $this->info($username, array("lastLogonTimestamp"));
+ $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+ return $lastLogon;
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/classes/adLDAPUtils.php b/src/mibew/libs/adldap/classes/adLDAPUtils.php
new file mode 100644
index 00000000..32f9c659
--- /dev/null
+++ b/src/mibew/libs/adldap/classes/adLDAPUtils.php
@@ -0,0 +1,264 @@
+adldap = $adldap;
+ }
+
+
+ /**
+ * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+ *
+ * @param array $groups
+ * @return array
+ */
+ public function niceNames($groups) {
+
+ $groupArray = array();
+ for ($i=0; $i<$groups["count"]; $i++) { // For each group
+ $line = $groups[$i];
+
+ if (strlen($line)>0) {
+ // More presumptions, they're all prefixed with CN=
+ // so we ditch the first three characters and the group
+ // name goes up to the first comma
+ $bits=explode(",", $line);
+ $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+ }
+ }
+ return $groupArray;
+ }
+
+ /**
+ * Escape characters for use in an ldap_create function
+ *
+ * @param string $str
+ * @return string
+ */
+ public function escapeCharacters($str) {
+ $str = str_replace(",", "\,", $str);
+ return $str;
+ }
+
+ /**
+ * Escape strings for the use in LDAP filters
+ *
+ * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+ * Ported from Perl's Net::LDAP::Util escape_filter_value
+ *
+ * @param string $str The string the parse
+ * @author Port by Andreas Gohr
+ * @author Modified for PHP55 by Esteban Santana Santana
+ * @return string
+ */
+ public function ldapSlashes($str) {
+ return preg_replace_callback(
+ '/([\x00-\x1F\*\(\)\\\\])/',
+ function ($matches) {
+ return "\\".join("", unpack("H2", $matches[1]));
+ },
+ $str
+ );
+ }
+
+ /**
+ * Converts a string GUID to a hexdecimal value so it can be queried
+ *
+ * @param string $strGUID A string representation of a GUID
+ * @return string
+ */
+ public function strGuidToHex($strGUID) {
+ $strGUID = str_replace('-', '', $strGUID);
+
+ $octet_str = '\\' . substr($strGUID, 6, 2);
+ $octet_str .= '\\' . substr($strGUID, 4, 2);
+ $octet_str .= '\\' . substr($strGUID, 2, 2);
+ $octet_str .= '\\' . substr($strGUID, 0, 2);
+ $octet_str .= '\\' . substr($strGUID, 10, 2);
+ $octet_str .= '\\' . substr($strGUID, 8, 2);
+ $octet_str .= '\\' . substr($strGUID, 14, 2);
+ $octet_str .= '\\' . substr($strGUID, 12, 2);
+ //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+ for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+ if (($i % 2) == 0) {
+ $octet_str .= '\\' . substr($strGUID, $i, 2);
+ }
+ }
+
+ return $octet_str;
+ }
+
+ /**
+ * Convert a binary SID to a text SID
+ *
+ * @param string $binsid A Binary SID
+ * @return string
+ */
+ public function getTextSID($binsid) {
+ $hex_sid = bin2hex($binsid);
+ $rev = hexdec(substr($hex_sid, 0, 2));
+ $subcount = hexdec(substr($hex_sid, 2, 2));
+ $auth = hexdec(substr($hex_sid, 4, 12));
+ $result = "$rev-$auth";
+
+ for ($x=0;$x < $subcount; $x++) {
+ $subauth[$x] =
+ hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+ $result .= "-" . $subauth[$x];
+ }
+
+ // Cheat by tacking on the S-
+ return 'S-' . $result;
+ }
+
+ /**
+ * Converts a little-endian hex number to one that hexdec() can convert
+ *
+ * @param string $hex A hex code
+ * @return string
+ */
+ public function littleEndian($hex) {
+ $result = '';
+ for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+ $result .= substr($hex, $x, 2);
+ }
+ return $result;
+ }
+
+ /**
+ * Converts a binary attribute to a string
+ *
+ * @param string $bin A binary LDAP attribute
+ * @return string
+ */
+ public function binaryToText($bin) {
+ $hex_guid = bin2hex($bin);
+ $hex_guid_to_guid_str = '';
+ for($k = 1; $k <= 4; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-';
+ for($k = 1; $k <= 2; ++$k) {
+ $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
+ }
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
+ $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
+ return strtoupper($hex_guid_to_guid_str);
+ }
+
+ /**
+ * Converts a binary GUID to a string GUID
+ *
+ * @param string $binaryGuid The binary GUID attribute to convert
+ * @return string
+ */
+ public function decodeGuid($binaryGuid) {
+ if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+
+ $strGUID = $this->binaryToText($binaryGuid);
+ return $strGUID;
+ }
+
+ /**
+ * Convert a boolean value to a string
+ * You should never need to call this yourself
+ *
+ * @param bool $bool Boolean value
+ * @return string
+ */
+ public function boolToStr($bool) {
+ return ($bool) ? 'TRUE' : 'FALSE';
+ }
+
+ /**
+ * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+ */
+ public function encode8Bit(&$item, $key) {
+ $encode = false;
+ if (is_string($item)) {
+ for ($i=0; $i> 7) {
+ $encode = true;
+ }
+ }
+ }
+ if ($encode === true && $key != 'password') {
+ $item = utf8_encode($item);
+ }
+ }
+
+ /**
+ * Get the current class version number
+ *
+ * @return string
+ */
+ public function getVersion() {
+ return self::ADLDAP_VERSION;
+ }
+
+ /**
+ * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+ *
+ * @param long $windowsTime
+ * @return long $unixTime
+ */
+ public static function convertWindowsTimeToUnixTime($windowsTime) {
+ $unixTime = round($windowsTime / 10000000) - 11644477200;
+ return $unixTime;
+ }
+}
+
+?>
diff --git a/src/mibew/libs/adldap/collections/adLDAPCollection.php b/src/mibew/libs/adldap/collections/adLDAPCollection.php
new file mode 100644
index 00000000..6a01d1ca
--- /dev/null
+++ b/src/mibew/libs/adldap/collections/adLDAPCollection.php
@@ -0,0 +1,134 @@
+setInfo($info);
+ $this->adldap = $adldap;
+ }
+
+ /**
+ * Set the raw info array from Active Directory
+ *
+ * @param array $info
+ */
+ public function setInfo(array $info) {
+ if ($this->info && sizeof($info) >= 1) {
+ unset($this->info);
+ }
+ $this->info = $info;
+ }
+
+ /**
+ * Magic get method to retrieve data from the raw array in a formatted way
+ *
+ * @param string $attribute
+ * @return mixed
+ */
+ public function __get($attribute) {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+ return $this->info[0][strtolower($attribute)][0];
+ }
+ else {
+ $array = array();
+ foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+ if ((string)$key != 'count') {
+ $array[$key] = $value;
+ }
+ }
+ return $array;
+ }
+ }
+ }
+ }
+ else {
+ return NULL;
+ }
+ }
+
+ /**
+ * Magic set method to update an attribute
+ *
+ * @param string $attribute
+ * @param string $value
+ * @return bool
+ */
+ abstract public function __set($attribute, $value);
+
+ /**
+ * Magic isset method to check for the existence of an attribute
+ *
+ * @param string $attribute
+ * @return bool
+ */
+ public function __isset($attribute) {
+ if (isset($this->info[0]) && is_array($this->info[0])) {
+ foreach ($this->info[0] as $keyAttr => $valueAttr) {
+ if (strtolower($keyAttr) == strtolower($attribute)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+}
+?>
diff --git a/src/mibew/libs/adldap/collections/adLDAPComputerCollection.php b/src/mibew/libs/adldap/collections/adLDAPComputerCollection.php
new file mode 100644
index 00000000..0ae25b06
--- /dev/null
+++ b/src/mibew/libs/adldap/collections/adLDAPComputerCollection.php
@@ -0,0 +1,45 @@
+
diff --git a/src/mibew/libs/adldap/collections/adLDAPContactCollection.php b/src/mibew/libs/adldap/collections/adLDAPContactCollection.php
new file mode 100644
index 00000000..9da6d712
--- /dev/null
+++ b/src/mibew/libs/adldap/collections/adLDAPContactCollection.php
@@ -0,0 +1,45 @@
+
diff --git a/src/mibew/libs/adldap/collections/adLDAPGroupCollection.php b/src/mibew/libs/adldap/collections/adLDAPGroupCollection.php
new file mode 100644
index 00000000..f71e87e9
--- /dev/null
+++ b/src/mibew/libs/adldap/collections/adLDAPGroupCollection.php
@@ -0,0 +1,45 @@
+
diff --git a/src/mibew/libs/adldap/collections/adLDAPUserCollection.php b/src/mibew/libs/adldap/collections/adLDAPUserCollection.php
new file mode 100644
index 00000000..a4e8f516
--- /dev/null
+++ b/src/mibew/libs/adldap/collections/adLDAPUserCollection.php
@@ -0,0 +1,45 @@
+
diff --git a/src/mibew/libs/chat.php b/src/mibew/libs/chat.php
index 12431eb3..ed34a7c5 100644
--- a/src/mibew/libs/chat.php
+++ b/src/mibew/libs/chat.php
@@ -20,11 +20,11 @@
use Mibew\Asset\Generator\UrlGeneratorInterface as AssetUrlGeneratorInterface;
use Mibew\EventDispatcher\EventDispatcher;
use Mibew\EventDispatcher\Events;
+use Mibew\Routing\Generator\SecureUrlGeneratorInterface as UrlGeneratorInterface;
use Mibew\Settings;
-use Mibew\Thread;
use Mibew\Style\ChatStyle;
use Mibew\Style\PageStyle;
-use Mibew\Routing\Generator\SecureUrlGeneratorInterface as UrlGeneratorInterface;
+use Mibew\Thread;
use Symfony\Component\HttpFoundation\Request;
/**
@@ -169,7 +169,7 @@ function setup_leavemessage($name, $email, $group_id, $info, $referrer)
'groupName' => $group_name,
'info' => $info,
'referrer' => $referrer,
- 'showCaptcha' => (bool) (Settings::get("enablecaptcha") == "1" && can_show_captcha()),
+ 'showCaptcha' => (bool)(Settings::get("enablecaptcha") == "1" && can_show_captcha()),
);
$data['page.title'] = (empty($group_name) ? '' : $group_name . ': ')
@@ -211,9 +211,9 @@ function setup_survey($name, $email, $group_id, $info, $referrer)
'email' => $email,
'info' => $info,
'referrer' => $referrer,
- 'showEmail' => (bool) (Settings::get("surveyaskmail") == "1"),
- 'showMessage' => (bool) (Settings::get("surveyaskmessage") == "1"),
- 'canChangeName' => (bool) (Settings::get('usercanchangename') == "1"),
+ 'showEmail' => (bool)(Settings::get("surveyaskmail") == "1"),
+ 'showMessage' => (bool)(Settings::get("surveyaskmessage") == "1"),
+ 'canChangeName' => (bool)(Settings::get('usercanchangename') == "1"),
);
$data['page.title'] = getlocal('Live support');
@@ -265,7 +265,7 @@ function prepare_groups_select($group_id)
$selected_group_id = $group_id;
foreach ($all_groups as $group) {
- $group_is_empty = (bool) ($group['inumofagents'] == 0);
+ $group_is_empty = (bool)($group['inumofagents'] == 0);
$group_related_with_specified = empty($group_id)
|| $group['parent'] == $group_id
|| $group['groupid'] == $group_id;
@@ -283,7 +283,7 @@ function prepare_groups_select($group_id)
'name' => get_group_name($group),
'description' => get_group_description($group),
'online' => group_is_online($group),
- 'selected' => (bool) ($group['groupid'] == $selected_group_id),
+ 'selected' => (bool)($group['groupid'] == $selected_group_id),
);
}
@@ -341,7 +341,7 @@ function setup_chatview(Thread $thread)
);
$data['page.title'] = empty($group['vcchattitle'])
- ? Settings::get('chattitle')
+ ? getlocal(Settings::get('chattitle'), null, get_current_locale(), true)
: $group['vcchattitle'];
$data['chat']['page'] = array(
'title' => $data['page.title']
@@ -395,8 +395,8 @@ function setup_chatview_for_user(
// Set user info
$data['chat']['user'] = array(
'name' => htmlspecialchars($thread->userName),
- 'canChangeName' => (bool) (Settings::get('usercanchangename') == "1"),
- 'defaultName' => (bool) (getlocal("Guest") != $thread->userName),
+ 'canChangeName' => (bool)(Settings::get('usercanchangename') == "1"),
+ 'defaultName' => (bool)(getlocal("Guest") != $thread->userName),
'canPost' => true,
'isAgent' => false,
);
@@ -438,6 +438,8 @@ function setup_chatview_for_user(
? $asset_url_generator->generate($operator['vcavatar'])
: '';
+ $data['chat']['operatorName'] = $operator['vclocalename'];
+
return $data;
}
@@ -467,7 +469,7 @@ function setup_chatview_for_operator(
$thread->userId
)
),
- 'canPost' => (bool) ($thread->agentId == $operator['operatorid']),
+ 'canPost' => (bool)($thread->agentId == $operator['operatorid']),
'isAgent' => true,
);
@@ -551,7 +553,7 @@ function visitor_from_request()
$default_name = getlocal("Guest");
$user_name = $default_name;
if (isset($_COOKIE[USERNAME_COOKIE_NAME])) {
- $data = base64_decode(strtr($_COOKIE[USERNAME_COOKIE_NAME], '-_,', '+/='));
+ $data = base64_decode(strtr($_COOKIE[USERNAME_COOKIE_NAME], ' -_,', '++/='));
if (strlen($data) > 0) {
$user_name = $data;
}
@@ -690,7 +692,7 @@ function chat_start_for_user(
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
- getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)
+ getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
);
}
if ($requested_operator && !$requested_operator_online) {
@@ -704,10 +706,10 @@ function chat_start_for_user(
)
);
} else {
- $thread->postMessage(
- Thread::KIND_INFO,
+ $thread->postMessage(
+ Thread::KIND_INFO,
getlocal('Thank you for contacting us. An operator will be with you shortly.', null, get_current_locale(), true)
- );
+ );
}
}
diff --git a/src/mibew/libs/classes/Mibew/Controller/LoginController.php b/src/mibew/libs/classes/Mibew/Controller/LoginController.php
index 4223875a..74a4d773 100644
--- a/src/mibew/libs/classes/Mibew/Controller/LoginController.php
+++ b/src/mibew/libs/classes/Mibew/Controller/LoginController.php
@@ -92,7 +92,8 @@ class LoginController extends AbstractController
$operator = operator_by_login($login);
$operator_can_login = $operator
&& isset($operator['vcpassword'])
- && check_password_hash($operator['vclogin'], $password, $operator['vcpassword'])
+ && ( authenticate_operator_in_ad($operator['vclogin'], $password)
+ || check_password_hash($operator['vclogin'], $password, $operator['vcpassword']) )
&& !operator_is_disabled($operator);
if ($operator_can_login) {
diff --git a/src/mibew/libs/classes/Mibew/Ldap.php b/src/mibew/libs/classes/Mibew/Ldap.php
new file mode 100644
index 00000000..5c6cc00f
--- /dev/null
+++ b/src/mibew/libs/classes/Mibew/Ldap.php
@@ -0,0 +1,300 @@
+__destruct();
+ self::$instance = null;
+ }
+ }
+
+ /**
+ * Initialize Ldap
+ *
+ * Set internal LDAP connection and properties. Create Ldap object.
+ *
+ * @param string $account_suffix Account suffix by default ("@mydomain.local")
+ * @param string $base_dn Base DN ("DC=mydomain,DC=local")
+ * @param array $domain_controllers Array of domain controllers names (["dc1.mydomain.local"])
+ * @param string $operator_group Name of AD group, which belongs operators
+ * @param string $admin_group Name of AD group, which belongs administrators
+ * @param string $admin_username Name of admin user for search
+ * @param string $admin_password Password of admin user for search
+ * @param integer $port Port number to connect. Use default if null
+ * @param bool $useSSL
+ * @param bool $useTLS
+ */
+ public static function initialize($domain, $account_suffix, $base_dn, $domain_controllers, $operator_group, $admin_group,
+ $admin_username, $admin_password, $port, $useSSL, $useTLS)
+ {
+ // Check if initialization
+ if (!is_null(self::$instance)) {
+ throw new \Exception('LDAP already initialized');
+ }
+
+ // Create LDAP instance
+ $instance = new Ldap();
+
+ // Set database and connection properties
+ $instance->account_suffix = $account_suffix ?: "@" . $domain;
+ $instance->domain_controllers = $domain_controllers ?: [$domain];
+ $instance->base_dn = $base_dn;
+ if (is_null($base_dn)) {
+ $arr = explode(".", $domain);
+ for($i = 0; $i < count($arr); $i++) {
+ $arr[$i] = "DC=" . $arr[$i];
+ }
+ $instance->base_dn = implode(",", $arr);
+ }
+ $instance->operator_group = $operator_group;
+ $instance->admin_group = $admin_group;
+ $instance->admin_username = $admin_username;
+ $instance->admin_password = $admin_password;
+ $instance->port = $port;
+ $instance->useSSL = $useSSL ?: false;
+ $instance->useTLS = $useTLS ?: false;
+
+ $ldap_params = [
+ "account_suffix" => $instance->account_suffix,
+ "base_dn" => $instance->base_dn,
+ "domain_controllers" => $instance->domain_controllers,
+ "admin_username" => $instance->admin_username,
+ "admin_password" => $instance->admin_password,
+ "use_ssl" => $instance->useSSL,
+ "use_tls" => $instance->useTLS
+ ];
+
+ if (!is_null($port)) {
+ $ldap_params['ad_port'] = $port;
+ }
+
+ // Create adLDAP object
+ $instance->adLDAP = new adLDAP($ldap_params);
+
+ // Store instance
+ self::$instance = $instance;
+
+ // Check groups
+ if (is_null($operator_group)) {
+ throw new \Exception('Operator group is not specified');
+ }
+ if (is_null($admin_group)) {
+ throw new \Exception('Admin group is not specified');
+ }
+ if (!$instance->adLDAP->group()->info($operator_group,["name"])) {
+ throw new \Exception('Operator group ' . $operator_group . ' was not found in AD');
+ }
+ if (!$instance->adLDAP->group()->info($admin_group,["name"])) {
+ throw new \Exception('Admin group ' . $admin_group . ' was not found in AD');
+ }
+ }
+
+ /**
+ * Checks if the LDAP was initialized correctly.
+ *
+ * @return boolean True if the LDAP was initialized correctly and false
+ * otherwise.
+ */
+ public static function isInitialized()
+ {
+ return !is_null(self::$instance);
+ }
+
+ /**
+ * Database class destructor.
+ */
+ public function __destruct()
+ {
+ $this->adLDAP = null;
+ self::$instance = null;
+ }
+
+ /**
+ * Forbid external object creation
+ */
+ protected function __construct()
+ {
+ }
+
+ /**
+ * Forbid clone objects
+ */
+ final private function __clone()
+ {
+ }
+
+ /**
+ * Handles errors
+ * @param \Exception $e
+ */
+ protected function handleError(\Exception $e)
+ {
+ if ($this->useExceptions) {
+ throw $e;
+ }
+ die($e->getMessage());
+ }
+
+ /**
+ * Authenticate user with password in the Active Direcory by the LDAP
+ *
+ * @param string $username login of user in AD
+ * @param string $password user password
+ * @return bool authenticate result
+ */
+ public function authenticate($username, $password) {
+ try {
+ return $this->adLDAP->authenticate($username, $password);
+ } catch (\Exception $e) {
+ $this->handleError($e);
+ return null;
+ }
+ }
+
+ public function searchForOperator($username) {
+ $users = $this->adLDAP->search(false, $username);
+ foreach ($users as $userNameFound) {
+ if ( (strcasecmp($userNameFound, $username) == 0)
+ && ( $this->adLDAP->user()->inGroup($userNameFound,$this->operator_group,true)
+ || $this->adLDAP->user()->inGroup($userNameFound,$this->admin_group,true) )) {
+ return $userNameFound;
+ }
+ }
+ return false;
+ }
+
+ public function userIsAdmin($username) {
+ return $this->adLDAP->user()->inGroup($username,$this->admin_group,true);
+ }
+
+ public function getOperatorData($username) {
+ $infoList = $this->adLDAP->user()->info($username, ["samaccountname", "displayname", "mail", "thumbnailPhoto", "jpegPhoto"]);
+ if (!$infoList) return false;
+ if ($infoList['count'] < 1 ) return false;
+ foreach ($infoList as $idx => $info) {
+ if (strcasecmp($info['samaccountname'][0], $username) == 0) {
+ $commonname = in_array("displayname", $info, true) ? $info["displayname"][0] : null;
+ $email = in_array("mail", $info, true) ? $info["mail"][0] : null;
+ $avatar = in_array("jpegphoto", $info, true) ? $info["jpegphoto"][0] : null;
+ $avatar = is_null($avatar) && in_array("thumbnailphoto", $info, true) ? $info["thumbnailphoto"][0] : $avatar;
+ return array(
+ 'commonname' => $commonname,
+ 'email' => $email,
+ 'avatar' => $avatar
+ );
+ }
+ }
+ return false;
+ }
+}
\ No newline at end of file
diff --git a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
index 810a508b..668ec81e 100644
--- a/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
+++ b/src/mibew/libs/classes/Mibew/RequestProcessor/ThreadProcessor.php
@@ -772,6 +772,9 @@ class ThreadProcessor extends ClientSideProcessor implements
if (!locale_is_available($message_locale)) {
$message_locale = get_home_locale();
}
+ if ($name == ""){
+ $name = $visitor["name"];
+ }
// Create thread
$thread = new Thread();
@@ -783,6 +786,7 @@ class ThreadProcessor extends ClientSideProcessor implements
$thread->userId = $visitor['id'];
$thread->userAgent = $user_browser;
$thread->state = Thread::STATE_LEFT;
+ $thread->messageCount = $thread->messageCount + 1;
$thread->closed = time();
$thread->save();
@@ -790,7 +794,7 @@ class ThreadProcessor extends ClientSideProcessor implements
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
- getlocal('Vistor came from page {0}', array($referrer), get_current_locale(), true)
+ getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
);
}
if ($email) {
@@ -851,6 +855,7 @@ class ThreadProcessor extends ClientSideProcessor implements
* - 'token': Token of the thread.
* @return array Array of results. It contains following keys:
* - 'imageLink': string, relative path to operator's avatar.
+ * - 'operatorName': string, operator's name
*/
protected function apiGetAvatar($args)
{
@@ -858,14 +863,16 @@ class ThreadProcessor extends ClientSideProcessor implements
$thread = self::getThread($args['threadId'], $args['token']);
$image_link = false;
+ $operator_name = false;
if ($thread->agentId) {
$operator = operator_by_id($thread->agentId);
+ $operator_name = $operator['vclocalename'];
if ($operator['vcavatar']) {
$url_generator = $this->getAssetManager()->getUrlGenerator();
$image_link = $url_generator->generate($operator['vcavatar']);
}
}
- return array('imageLink' => $image_link);
+ return array('imageLink' => $image_link, 'operatorName' => $operator_name);
}
}
diff --git a/src/mibew/libs/classes/Mibew/Thread.php b/src/mibew/libs/classes/Mibew/Thread.php
index a3948ac2..1ead36e8 100644
--- a/src/mibew/libs/classes/Mibew/Thread.php
+++ b/src/mibew/libs/classes/Mibew/Thread.php
@@ -437,6 +437,7 @@ class Thread
$thread->modified = $now;
$thread->closed = $now;
$thread->state = self::STATE_CLOSED;
+ $thread->messageCount = $thread->getUserMessageCount();
$thread->save();
unset($thread);
}
@@ -908,6 +909,26 @@ class Thread
);
}
+ public function getUserMessageCount() {
+ // Get messages count
+ $db = Database::getInstance();
+
+ list($message_count) = $db->query(
+ ("SELECT COUNT(*) FROM {message} "
+ . "WHERE {message}.threadid = :threadid AND ikind = :kind_user"),
+ array(
+ ':threadid' => $this->id,
+ ':kind_user' => Thread::KIND_USER,
+ ),
+ array(
+ 'return_rows' => Database::RETURN_ONE_ROW,
+ 'fetch_type' => Database::FETCH_NUM,
+ )
+ );
+
+ return $message_count;
+ }
+
/**
* Close thread and send closing messages to the conversation members
*
@@ -953,27 +974,11 @@ class Thread
}
}
- // Get messages count
- $db = Database::getInstance();
-
- list($message_count) = $db->query(
- ("SELECT COUNT(*) FROM {message} "
- . "WHERE {message}.threadid = :threadid AND ikind = :kind_user"),
- array(
- ':threadid' => $this->id,
- ':kind_user' => Thread::KIND_USER,
- ),
- array(
- 'return_rows' => Database::RETURN_ONE_ROW,
- 'fetch_type' => Database::FETCH_NUM,
- )
- );
-
// Close thread if it's not already closed
if ($this->state != self::STATE_CLOSED) {
$this->state = self::STATE_CLOSED;
$this->closed = time();
- $this->messageCount = $message_count;
+ $this->messageCount = $this->getUserMessageCount();
$this->save();
$args = array('thread' => $this);
diff --git a/src/mibew/libs/init.php b/src/mibew/libs/init.php
index 3591fe2a..cbda8b11 100644
--- a/src/mibew/libs/init.php
+++ b/src/mibew/libs/init.php
@@ -44,6 +44,9 @@ require_once(MIBEW_FS_ROOT . '/libs/common/request.php');
require_once(MIBEW_FS_ROOT . '/libs/common/response.php');
require_once(MIBEW_FS_ROOT . '/libs/common/string.php');
+// Include adLDAP lib
+require_once(MIBEW_FS_ROOT . '/libs/adldap/adLDAP.php');
+
// We need to get some info from the request. Use symfony wrapper because it's
// the simplest way.
$tmp_request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
@@ -80,6 +83,20 @@ if (get_maintenance_mode() === false) {
$configs['database']['db'],
$configs['database']['tables_prefix']
);
+ // Initialize the LDAP
+ \Mibew\Ldap::initialize(
+ $configs['adldap']['domain'],
+ $configs['adldap']['account_suffix'],
+ $configs['adldap']['base_dn'],
+ $configs['adldap']['domain_controllers'],
+ $configs['adldap']['operator_group'],
+ $configs['adldap']['admin_group'],
+ $configs['adldap']['search_username'],
+ $configs['adldap']['search_password'],
+ $configs['adldap']['port'],
+ $configs['adldap']['useSSL'],
+ $configs['adldap']['useTLS']
+ );
}
// Load all other libraries
diff --git a/src/mibew/libs/operator.php b/src/mibew/libs/operator.php
index b478b5ce..40d3f467 100644
--- a/src/mibew/libs/operator.php
+++ b/src/mibew/libs/operator.php
@@ -21,6 +21,7 @@
use Mibew\Database;
use Mibew\EventDispatcher\EventDispatcher;
use Mibew\EventDispatcher\Events;
+use Mibew\Ldap;
use Mibew\Settings;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
@@ -99,6 +100,14 @@ function update_operator_permissions($operator_id, $perm)
}
function operator_by_login($login)
+{
+ if (operator_can_login_by_ad($login)) {
+ auto_update_operator_from_ad($login);
+ }
+ return operator_by_login_from_db($login);
+}
+
+function operator_by_login_from_db($login)
{
$db = Database::getInstance();
@@ -109,6 +118,119 @@ function operator_by_login($login)
);
}
+function operator_can_login_by_ad($login)
+{
+ $ldap = Ldap::getInstance();
+ return $ldap->searchForOperator($login);
+}
+
+function authenticate_operator_in_ad($login, $password) {
+ $ldap = Ldap::getInstance();
+ return $ldap->authenticate($login, $password);
+}
+
+function auto_update_operator_from_ad($login) {
+ $operatorDb = operator_by_login_from_db($login);
+ $ldap = Ldap::getInstance();
+
+ $operatorData = $ldap->getOperatorData($login);
+ $userperm = 6;
+ if ($ldap->userIsAdmin($login)) {
+ $userperm += 1;
+ }
+ if ($operatorDb) {
+ if ($operatorDb['vclocalename'] == null) {
+ $operatorDb['vclocalename'] = $operatorData['commonname'];
+ }
+ if ($operatorDb['vccommonname'] == null) {
+ $operatorDb['vccommonname'] = $operatorData['commonname'];
+ }
+ $operatorDb['vcemail'] = $operatorData['email'];
+ } else {
+ $operatorDb = create_operator($login, $operatorData['email'], generateStrongPassword(), $operatorData['commonname'],
+ $operatorData['commonname'], null, null);
+ }
+ if ($operatorDb['vclogin'] != 'admin') {
+ $operatorDb['iperm'] = $userperm;
+ }
+ $operatorDb = save_operator_avatar($operatorDb, $operatorData['avatar']);
+ update_operator($operatorDb);
+ return $operatorDb;
+}
+
+function save_operator_avatar($operator, $avatar_data) {
+ $avatar = $operator['vcavatar'];
+ if (!is_null($avatar_data)) {
+ $ext = "." . getImgType($avatar_data);
+ $new_avatar = 'files/avatar/' . intval($operator['operatorid']) . $ext;
+ $full_file_path = MIBEW_FS_ROOT . "/" . $new_avatar;
+ $file = fopen($full_file_path, "wb");
+ fwrite($file,$avatar_data);
+ fclose($file);
+ } else {
+ $new_avatar = null;
+ }
+ if (!is_null($avatar) && $avatar != $new_avatar) {
+ unlink(MIBEW_FS_ROOT . "/" . $avatar);
+ }
+ $operator['vcavatar'] = $new_avatar;
+ return $operator;
+}
+
+function getImgType($filedata) {
+ $types = array('jpeg' => "\xFF\xD8\xFF", 'gif' => 'GIF', 'png' => "\x89\x50\x4e\x47\x0d\x0a", 'bmp' => 'BM', 'psd' => '8BPS', 'swf' => 'FWS');
+ $bytes = substr($filedata, 0, 8);
+ $found = 'other';
+
+ foreach ($types as $type => $header) {
+ if (strpos($bytes, $header) === 0) {
+ $found = $type;
+ break;
+ }
+ }
+ return $found;
+}
+
+function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds')
+{
+ $sets = array();
+ if(strpos($available_sets, 'l') !== false)
+ $sets[] = 'abcdefghjkmnpqrstuvwxyz';
+ if(strpos($available_sets, 'u') !== false)
+ $sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
+ if(strpos($available_sets, 'd') !== false)
+ $sets[] = '23456789';
+ if(strpos($available_sets, 's') !== false)
+ $sets[] = '!@#$%&*?';
+
+ $all = '';
+ $password = '';
+ foreach($sets as $set)
+ {
+ $password .= $set[array_rand(str_split($set))];
+ $all .= $set;
+ }
+
+ $all = str_split($all);
+ for($i = 0; $i < $length - count($sets); $i++)
+ $password .= $all[array_rand($all)];
+
+ $password = str_shuffle($password);
+
+ if(!$add_dashes)
+ return $password;
+
+ $dash_len = floor(sqrt($length));
+ $dash_str = '';
+ while(strlen($password) > $dash_len)
+ {
+ $dash_str .= substr($password, 0, $dash_len) . '-';
+ $password = substr($password, $dash_len);
+ }
+ $dash_str .= $password;
+ return $dash_str;
+}
+
function operator_by_email($mail)
{
$db = Database::getInstance();
diff --git a/src/mibew/styles/chats/default/chat.css b/src/mibew/styles/chats/default/chat.css
index df261ffa..1d4b0585 100644
--- a/src/mibew/styles/chats/default/chat.css
+++ b/src/mibew/styles/chats/default/chat.css
@@ -263,6 +263,13 @@ a:hover .image-close-window {
font-size: 12px;
color: #333333;
}
+#status-region .typing-icon {
+ display: inline-block;
+ height: 16px;
+ width: 18px;
+ background: transparent url("images/user_typing.png") scroll no-repeat;
+ vertical-align: middle;
+}
.status {
float: left;
padding-right: 10px;
@@ -285,11 +292,35 @@ a:hover .image-close-window {
background: transparent url("images/avatar.jpg") scroll no-repeat 50% 10px;
width: 100px;
height: 100px;
+ display: inline-block;
+ vertical-align: middle;
}
.avatar img {
max-width: 100px;
border: none;
+ vertical-align: middle;
}
+#avatar-img {
+ display: inline-block;
+}
+#operator-text {
+ display: inline-block;
+ vertical-align: middle;
+}
+
+.operator-name {
+ font-size: 14px;
+ line-height: 20px;
+ margin-left: 6px;
+}
+
+.operator-depart {
+ font-size: 13px;
+ line-height: 32px;
+ margin-left: 6px;
+ color: #80787a;
+}
+
#messages-region {
height: 200px;
min-height: 150px;
diff --git a/src/mibew/styles/chats/default/images/user_typing.png b/src/mibew/styles/chats/default/images/user_typing.png
new file mode 100644
index 00000000..d2fefea6
Binary files /dev/null and b/src/mibew/styles/chats/default/images/user_typing.png differ
diff --git a/src/mibew/styles/chats/default/templates_src/client_side/chat/avatar.handlebars b/src/mibew/styles/chats/default/templates_src/client_side/chat/avatar.handlebars
index 2a679aa6..3cbcb92f 100644
--- a/src/mibew/styles/chats/default/templates_src/client_side/chat/avatar.handlebars
+++ b/src/mibew/styles/chats/default/templates_src/client_side/chat/avatar.handlebars
@@ -1 +1,3 @@
-{{#if imageLink}}
{{else}}{{/if}}
\ No newline at end of file
+{{#if imageLink}}
{{else}}
{{/if}}
{{#if operatorName}}{{operatorName}}
{{/if}}
+{{l10n "Support service"}}
\ No newline at end of file
diff --git a/src/mibew/styles/chats/default/templates_src/client_side/chat/message.handlebars b/src/mibew/styles/chats/default/templates_src/client_side/chat/message.handlebars
index 8756d438..80bc338b 100644
--- a/src/mibew/styles/chats/default/templates_src/client_side/chat/message.handlebars
+++ b/src/mibew/styles/chats/default/templates_src/client_side/chat/message.handlebars
@@ -1,3 +1,9 @@
-{{formatTime created}}
-{{#if name}}{{name}}: {{/if}}
+{{formatTime created}}
+{{#if name}}
+ {{#ifAgentSide}}
+ {{name}}:
+ {{else}}
+ {{#ifEqual kindName "user"}}{{l10n "You"}}{{else}}{{name}}{{/ifEqual}}:
+ {{/ifAgentSide}}
+{{/if}}
{{#replace "\n" "
"}}{{urlReplace message}}{{/replace}}
\ No newline at end of file
diff --git a/src/mibew/styles/chats/default/templates_src/client_side/chat/status/typing.handlebars b/src/mibew/styles/chats/default/templates_src/client_side/chat/status/typing.handlebars
index 8453b950..8779e824 100644
--- a/src/mibew/styles/chats/default/templates_src/client_side/chat/status/typing.handlebars
+++ b/src/mibew/styles/chats/default/templates_src/client_side/chat/status/typing.handlebars
@@ -1 +1 @@
-{{l10n "Remote user is typing..."}}
\ No newline at end of file
+{{l10n "Remote user is typing..."}}