ldap.php

<?php

include_once "User.php";
use \User as User;

function debug($msg)
{
        include 'config.php';
        if ($DEBUG)
                echo $msg . "\n";
}
function generateSalt($length = 10)
{
        $chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

        $string = "";
        for ($i = 0; $i < $length; $i++) {
                $string .= substr($chars, rand(0, strlen($chars) - 1), 1);
        }

        return $string;
}


function ldap_search_query($query, $filter = "cn")
{
        include 'config.php';
        $ldap_host = $HOST;
        $ldap_port = $PORT;
        $ldaptree = explode("{},", $BASE_DN)[1];

        $ldap_user = "cn=" . $USER . "," . join(",", array_slice(explode(",", $ldaptree), 1));
        $ldap_pass = $PASSWORD;

        //First: Connect to  LDAP Server
        $connect = ldap_connect($ldap_host, $ldap_port)
                or debug(">>Could not connect to LDAP server to add user $ldap_user<<");
        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);

        //Login to LDAP
        $bind = ldap_bind($connect, $ldap_user, $ldap_pass);
        if (!$bind) {
             debug(">>Could not bind to $ldap_host to add user $ldap_user<<");
            if (ldap_get_option($connect, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
               debug("Error Binding to LDAP: $extended_error");
             } else {
               debug("Error Binding to LDAP: No additional information is available.");
             }
         }

        $result = ldap_search($connect, $ldaptree, "(" . $filter . "=" . $query . ")") or die("Error in search query: " . ldap_error($connect));
        $data = ldap_get_entries($connect, $result);
        return $data;
}

function ldap_add_user(User $user)
{
        include 'config.php';
        $ldap_host = $HOST;
        $ldap_port = $PORT;
        $base_dn = str_replace('{}', $user->username, $BASE_DN);
        $ldaptree = explode("{},", $BASE_DN)[1];


        $info["givenName"] = $user->first_name;
        $info["sn"] = $user->last_name;
        $info["uid"] = $user->username;
        #$info["homeDirectory"]="/home/";
        $info["mail"] = $user->email;
        $info["o"] = $user->organization;
        $info["displayName"] = $user->first_name . " " . $user->last_name;
        #$info["departmentNumber"]=$user->id;
        $info["cn"] = $user->username;
        $info["userPassword"] = $user->user_hash;
        $info["l"] = $user->city;
        $info["street"] = $user->street;
        $info["postalcode"] = $user->zip;
        $info["l"] = $user->city;
        $info["co"] = $user->country;
        $info["telephoneNumber"] = $user->phone;

        $info["objectclass"][0] = "top";
        $info["objectclass"][1] = "person";
        $info["objectclass"][2] = "inetOrgPerson";
        $info["objectclass"][3] = "organizationalPerson";
        $info["objectclass"][4] = "extensibleObject";

        $ldap_user = "cn=" . $USER . "," . join(",", array_slice(explode(",", $ldaptree), 1));
        $ldap_pass = $PASSWORD;

        //First: Connect to  LDAP Server
        $connect = ldap_connect($ldap_host, $ldap_port)
                or debug(">>Could not connect to LDAP server to add user<<");
        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);

        //Login to LDAP
        ldap_bind($connect, $ldap_user, $ldap_pass)
                or debug(">>Could not bind to $ldap_host to add user<<");

        // Adding new user

        $add = ldap_add($connect, $base_dn, $info);
        if (!$add) {
              debug(">>Not able to add user $info<<");
             debug(">>Could not bind to $ldap_host to add user $ldap_user<<");
            if (ldap_get_option($connect, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
               debug("Error Binding to LDAP: $extended_error");
             } else {
               debug("Error Binding to LDAP: No additional information is available.");
             }
         }

        // Close connection
        ldap_close($connect);

        // Return value of operation

        return $add;
}
function ldap_user_count(string $user)
{
        return ldap_search_query($user)["count"];
}
function ldap_mail_count($email)
{
        return ldap_search_query($email, "mail")["count"];
}

function change_password($email, $new_password)
{
        include 'config.php';
        $ldap_host = $HOST;
        $ldap_port = $PORT;
        $ldaptree = explode("{},", $BASE_DN)[1];

        $ldap_user = "cn=" . $USER . "," . join(",", array_slice(explode(",", $ldaptree), 1));
        $ldap_pass = $PASSWORD;

        //First: Connect to  LDAP Server
        $connect = ldap_connect($ldap_host, $ldap_port)
                or debug(">>Could not connect to LDAP server to add user<<");
        ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);

        //Login to LDAP
        ldap_bind($connect, $ldap_user, $ldap_pass)
                or debug(">>Could not bind to $ldap_host to add user<<");


        $result = ldap_search($connect, $ldaptree, "(mail=" . $email . ")") or die("Error in search query: " . ldap_error($connect));
        $data = ldap_get_entries($connect, $result);
        if (!$data['count'] || !isset($data[0]["dn"]) || empty($data[0]["dn"])) {
                return false;
        }
        $dn = $data[0]["dn"];

        if ($ENCRYPT_PASSWORDS) {
                # $newEntry = ['userPassword' => "{crypt}" . crypt($new_password, '$6$' . generateSalt(10) . '$')];
                # $newEntry = ['userPassword' => "{SHA}" .  base64_encode(sha1($new_password, true))];
                $salt = generateSalt(10);
                $newEntry = ['userPassword' => "{SSHA}" . base64_encode( sha1( $new_password . $salt, true) . $salt )];
        } else {
                $newEntry = ['userPassword' => "{CLEAR}" .  $new_password];
        }
        if (ldap_mod_replace($connect, $dn, $newEntry))
                return true;
        else
                return false;
}