diff options
| author | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-05-29 21:19:09 -0300 |
|---|---|---|
| committer | Marcello Coutinho <marcellocoutinho@gmail.com> | 2013-05-29 21:19:09 -0300 |
| commit | 4aaf03abd52f4142ca7879c9ca50807037e0504d (patch) | |
| tree | 7d1d6f34ad1993e960b863405288701601ba6e93 /config/dansguardian/dansguardian_ldap.php | |
| parent | 34cd568c3400cb224708604332b9a5bdbbc14899 (diff) | |
| download | pfsense-packages-4aaf03abd52f4142ca7879c9ca50807037e0504d.tar.gz pfsense-packages-4aaf03abd52f4142ca7879c9ca50807037e0504d.tar.bz2 pfsense-packages-4aaf03abd52f4142ca7879c9ca50807037e0504d.zip | |
dansguardian - improve ldap fetch code and fix cron problem on 2.1
Diffstat (limited to 'config/dansguardian/dansguardian_ldap.php')
| -rw-r--r-- | config/dansguardian/dansguardian_ldap.php | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php index 33cbee91..01d4764e 100644 --- a/config/dansguardian/dansguardian_ldap.php +++ b/config/dansguardian/dansguardian_ldap.php @@ -56,6 +56,7 @@ function get_ldap_members($group,$user,$password) { global $ldap_host; global $ldap_dn; $LDAPFieldsToFind = array("member"); + print "{$ldap_host} {$ldap_dn}\n"; $ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP"); // OPTIONS TO AD @@ -64,7 +65,10 @@ function get_ldap_members($group,$user,$password) { ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP"); - $results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind); + //check if group is just a name or an ldap string + $group_cn=(preg_match("/cn=/i",$group)? $group : "cn={$group}"); + + $results = ldap_search($ldap,$ldap_dn,$group_cn,$LDAPFieldsToFind); $member_list = ldap_get_entries($ldap, $results); $group_member_details = array(); @@ -77,7 +81,8 @@ function get_ldap_members($group,$user,$password) { $member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")"); $member_details = ldap_get_entries($ldap, $member_search); $group_member_details[] = array($member_details[0]['samaccountname'][0], - $member_details[0]['displayname'][0]); + $member_details[0]['displayname'][0], + $member_details[0]['useraccountcontrol'][0]); } ldap_close($ldap); array_shift($group_member_details); @@ -96,11 +101,12 @@ $apply_config=0; if (is_array($config['installedpackages']['dansguardiangroups']['config'])) foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) { #ignore default group - if ($id > 0) - if ($argv[1] == "" || $argv[1] == $group['name']){ + if ($id > 0){ + $ldap_group_source=(preg_match("/description/",$argv[1]) ? "description" : "name"); + if ($argv[2] == $group[$ldap_group_source]){ $members=""; $ldap_servers= explode (',',$group['ldap']); - echo "Group : " . $group['name']."\n"; + echo "Group : {$group['name']}({$group['description']})\n"; if (is_array($config['installedpackages']['dansguardianldap']['config'])) foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){ if (in_array($server['dc'],$ldap_servers)){ @@ -113,18 +119,28 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config'])) $ldap_username=$server['username']; #$domainuser=split("cn=",$server['username']); #$ldap_username=preg_replace("/,\./","@",$domainuser[1].preg_replace("/(,|)DC=/i",".",$server['dn'])); - $result = get_ldap_members($group['name'],$ldap_username,$server['password']); - foreach($result as $key => $value) { - if (preg_match ("/\w+/",$value[0])){ + $result = get_ldap_members($group[$ldap_group_source],$ldap_username,$server['password']); + if ($group['useraccountcontrol'] !="") + $valid_account_codes=explode(",",$group['useraccountcontrol']); + foreach($result as $mvalue) { + if (preg_match ("/\w+/",$mvalue[0])){ #var_dump($value); - $name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]); + $name= preg_replace("/&([a-z])[a-z]+;/i", "$1", htmlentities($mvalue[1]));//preg_replace('/[^(\x20-\x7F)]*/','', $mvalue[1]); $pattern[0]="/USER/"; $pattern[1]="/,/"; $pattern[2]="/NAME/"; - $replace[0]=$value[0]; + $replace[0]=$mvalue[0]; $replace[1]="\n"; $replace[2]="$name"; - $members .= preg_replace($pattern,$replace,$mask)."\n"; + + if (is_array($valid_account_codes)){ + if (in_array($mvalue[2],$valid_account_codes,true)) + $members .= preg_replace($pattern,$replace,$mask)."\n"; + } + else + { + $members .= preg_replace($pattern,$replace,$mask)."\n"; + } } } } @@ -144,8 +160,9 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config'])) $apply_config++; } } - } - $id++; + } + } + $id++; } if ($apply_config > 0){ print "User list from LDAP is different from current group, applying new configuration..."; |