Add ldap_get_user_ous() which will return an array of containers that hold

user objects.  This will be used by the ldap settings manager to allow the
operator to specify which containers they would like to authenticate from.

Work sponsored-by: Centipede Networks <http://centipedenetworks.com/>

1 files changed, 43 insertions, 0 deletions

diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc
index 95df120..73c9a71 100644
--- a/etc/inc/auth.inc
+++ b/etc/inc/auth.inc
@@ -608,6 +608,49 @@ function passwd_backed($username, $passwd) {
     return false;
 }
 
+function ldap_get_user_ous() {
+	global $config, $g;
+	
+    $ldapserver = $config['system']['webgui']['ldapserver'];
+    $ldapbindun = $config['system']['webgui']['ldapbindun'];
+    $ldapbindpw = $config['system']['webgui']['ldapbindpw'];
+	$ldapsearchbase = "{$config['system']['webgui']['ldapsearchbase']}";
+
+    $ldapfilter = "(ou=*)";
+
+    if (!($ldap = ldap_connect($ldapserver))) {
+        log_error("ERROR!  ldap_get_groups() could not connect to server {$ldapserver}.  Defaulting to built-in htpasswd_backed()");
+            $status = htpasswd_backed($username, $passwd);
+            return $status;
+    }
+
+    ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
+    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
+
+    if (!($res = @ldap_bind($ldap, $ldapbindun, $ldapbindpw))) {
+        log_error("ERROR! ldap_get_groups() could not bind to {$ldapserver} - {$ldapfilter}.  Defaulting to built-in htpasswd_backed()");
+            $status = htpasswd_backed($username, $passwd);
+            return $status;
+    }
+
+    $search = ldap_search($ldap, $ldapsearchbase, $ldapfilter);
+
+    $info = ldap_get_entries($ldap, $search);
+
+	$ous = array();
+
+    foreach($info as $inf) {
+            $inf_split = split(",", $inf['dn']);
+            $ou = $inf_split[0];
+            $ou = str_replace("OU=","", $ou);
+			if($ou)
+				$ous[] = $ou;
+    }
+	
+	return $ous;
+	
+}
+
 function ldap_get_groups($username) {
 	global $config;