#!/usr/local/bin/php -f $value) { $result[$key] = $value; } return $result; } function get_ldap_members($group,$user,$password) { global $ldap_host; global $ldap_dn; $LDAPFieldsToFind = array("member"); $ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP"); // OPTIONS TO AD ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3); ldap_set_option($ldap, LDAP_OPT_REFERRALS,0); ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP"); $results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind); $member_list = ldap_get_entries($ldap, $results); $group_member_details = array(); if (is_array($member_list[0])) foreach($member_list[0] as $list) if (is_array($list)) foreach($list as $member) { $member_dn = explode_dn($member); $member_cn = str_replace("CN=","",$member_dn[0]); $member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")"); $member_details = ldap_get_entries($ldap, $member_search); $group_member_details[] = array($member_details[0]['samaccountname'][0], $member_details[0]['displayname'][0]); } ldap_close($ldap); array_shift($group_member_details); return $group_member_details; ldap_unbind($ldap); } // Read Pfsense config global $config,$g; #mount filesystem writable conf_mount_rw(); $id=0; $apply_config=0; if (is_array($config['installedpackages']['dansguardiangroups']['config'])) foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) { #ignore default group if ($id > 1) if ($argv[1] == "" || $argv[1] == $group['name']){ $members=""; $ldap_servers= explode (',',$group['ldap']); echo "Group : " . $group['name']."\n"; if (is_array($config['installedpackages']['dansguardianldap']['config'])) foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){ if (in_array($server['dc'],$ldap_servers)){ $ldap_dn = $server['dn']; $ldap_host=$server['dc']; $result = get_ldap_members($group['name'],$server['username'].','.$server['dn'],$server['password']); foreach($result as $key => $value) { if (preg_match ("/\w+/",$value[0])){ #var_dump($value); $name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]); $pattern[0]="/USER/"; $pattern[1]="/,/"; $pattern[2]="/NAME/"; $replace[0]=$value[0]; $replace[1]="\n"; $replace[2]="$name"; $members .= preg_replace($pattern,$replace,$server['mask'])."\n"; } } } } if (!empty($members)){ $import_users = explode("\n", $members); asort($import_users); $members=base64_encode(implode("\n", $import_users)); if($config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] != $members){ $config['installedpackages']['dansguardianusers']['config'][0][strtolower($group['name'])] = $members; $apply_config++; } } } $id++; } if ($apply_config > 0){ print "user list from LDAP is different from current group, applying new configuration..."; write_config(); include("/usr/local/pkg/dansguardian.inc"); sync_package_dansguardian(); print "done\n"; } #mount filesystem read-only conf_mount_ro(); ?>