<?php 

class LDAP {

	protected $_domain=NULL;
   
    /**
    * Optional account with higher privileges for searching
    * This should be set to a domain admin account
    * 
    * @var string
    * @var string
    */
	protected $_login=NULL;
    protected $_password=NULL;
    
    /**
    *  
    * @var bool
    */
	protected $_ssl=false;
    
  	/*
	* Connection and bind default variables
    * 
    * @var mixed
    * @var mixed
    */
	protected $_conn;
	protected $_bind;

	
	function __construct($domain,$login,$password,$ssl='false'){
		
		$this->_domain = $domain;
		$this->_login = $login;
		$this->_password = $password;
		$this->_ssl = ($ssl == 'true');
		
		// Connect to the sunLDAP server as the username/password
		if ($this->_use_ssl)
		{
			$this->_conn = ldap_connect("ldaps://".$this->_domain);
		} 
		else 
		{
			$this->_conn = ldap_connect($this->_domain);
		}
		
		
		
		// Set some ldap options for talking to sunLDAP
		ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
		ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0);
		
		// Bind as a domain admin if they've set it up
		if ($this->_login!=NULL && $this->_password!=NULL){
			$this->_bind = @ldap_bind($this->_conn,$this->_login,$this->_password);
			if (!$this->_bind){
				if ($this->_ssl)
				{
					throw new Exception ('FATAL: SunLDAP bind failed. Either the LDAPS connection failed or the login credentials are incorrect.');
				} 
				else 
				{
					throw new Exception ("FATAL: SunLDAP bind failed. Check the login credentials.");
				}
			}
		}
	}

	/**
    * Default Destructor
    * 
    * Closes the LDAP connection
    * 
    * @return void
    */
	function __destruct(){ ldap_close($this->_conn); }

    /**
    * Validate a user's login credentials
    * 
    * @param string $username A user's AD username
    * @param string $password A user's AD password
    * @param bool optional $prevent_rebind
    * @return bool
    */
	public function authenticate($login,$password,$prevent_rebind=false){
        
		// Prevent null binding
		if ($login==NULL || $password==NULL){ return (false); }
		
		//On recherche le DN de l'utilisateur
		$sr=ldap_search($this->_conn,"DC=".str_replace(".",",DC=",$this->_domain),"(uid=".$login.")",array("dn"));
		$entries = ldap_get_entries($this->_conn, $sr);
		
		if($entries['count'] != 1)
			return false;
			
		// Bind as the user		
		
		try{ $this->_bind = @ldap_bind($this->_conn,$entries[0]['dn'],$password); }
		catch(Exception $e){}
		
		if (!$this->_bind){ return (false); }
		
		// Cnce we've checked their details, kick back into admin mode if we have it
		if ($this->_login!=NULL && !$prevent_rebind){
			$this->_bind = @ldap_bind($this->_conn,$this->_login,$this->_password);
			if (!$this->_bind){ exit("FATAL: AD rebind failed."); } // This should never happen in theory
		}
		return (true);
	}

	//*****************************************************************************************************************
	// GROUP FUNCTIONS


  	/**
    * Group Information.  Returns an array of information about a group.
    * The group name is the distinguishedname
    * 
    * @param string $group_dn The group distinguishedname to retrieve info about
    * @param array $fields Fields to retrieve
    * @return array
    */
	public function group_info($group_dn,$fields=array(),$dn='',$filter=''){
		if ($group_dn==NULL){ return (false); }
		if (!$this->_bind){ return (false); }
		
		if(count($fields) < 1)
			$fields[] = "dn";
			
		if(empty($dn))
			$dn="DC=".str_replace(".",",DC=",$this->_domain);
			
		$entries = array();
		
		$sr=ldap_search($this->_conn,$group_dn,$filter,$fields);
		$entries = ldap_get_entries($this->_conn, $sr);
				
		if($entries['count'] != 1)
		return array();
		
		$ad_info_group = array();
		
		foreach($fields as $fd)
		{
			if( $fd == 'rattachement')
			{
				unset($entries[0][$fd]['count']);
				$ad_info_group[$fd] = $entries[0][$fd];
			}
			else if( $fd == 'id' && empty($entries[0][$fd][0]) )
			{
				//Le groupe n'a pas d'id (pb sur l'annuaire)
				return array();
			}
			else 
			{
				$ad_info_group[$fd] = $entries[0][$fd][0];
			}
		}
		
		return $ad_info_group;
	}
	
	
	//Affectation : Spécifique CG50
	public function affectation_info($group_dn,$fields=array(),$dn='',$filter='(&(objectClass=CG50Affectation))'){
		if ($group_dn==NULL){ return (false); }
		if (!$this->_bind){ return (false); }
		
		if(count($fields) < 1)
			$fields[] = "dn";
			
		if(empty($dn))
			$dn="DC=".str_replace(".",",DC=",$this->_domain);
			
		$entries = array();
		
		//On rajoute le champ service qui fait la liaison entre Personne:affectation et Organisation:dn
		$fields[] = "service";
		
		$sr=ldap_search($this->_conn,$group_dn,$filter,$fields);
		$entries = ldap_get_entries($this->_conn, $sr);
		
		if($entries['count'] != 1)
			return array();
				
		$ad_info_group = array();
		
		foreach($fields as $fd)
		{
			if( $fd == 'service')
			{
				unset($entries[0][$fd]['count']);
				$ad_info_group['affectation'] = $entries[0][$fd][0];
			}
			else 
			{
				$ad_info_group[$fd] = $entries[0][$fd][0];
			}
		}
		
		return $ad_info_group;
	}
	//FIN Affectation Spécifique CG50
 
	/**
    * Return a list of all users in AD
    * 
    * @param bool $include_desc Return a description of the user
    * @param string $search Search parameter
    * @param bool $sorted Sort the user accounts
    * @return array
    */
    public function all_users($fields=array(),$dn='',$filter=''){
		
		if(empty($dn))
			$dn="DC=".str_replace(".",",DC=",$this->_domain);
			 
		if (!$this->_bind){ return (false); }
		
		if(count($fields) < 1)
			$fields[] = "dn";
		
		$entries = array();
		
		$filter = "(&(objectClass=person)".$filter.")";
		$sr=ldap_search($this->_conn,$dn,$filter,$fields);
		$entries = array_merge(ldap_get_entries($this->_conn, $sr),$entries);
		
		$ad_users = array();
		//for ($i=0; $i < 10; $i++)
		for ($i=0; $i < (count($entries)-1); $i++)
		{
			foreach($fields as $fd)
			{
				if( $fd == 'uid' && empty($entries[$i][$fd][0]) )
				{
					//L'utilisateur n'a pas de objectguid (pb sur l'annuaire)
					unset($ad_users[$i]);
					break;
				}
				else if( $fd == 'affectation' && !empty($entries[$i][$fd]) )
				{
					//Recherche l'affectation : Le lien se fait dans une OU affectation qui comporte le numero de telephone
					//et le lien vers le service de l'OU Organisation
					unset($entries[$i][$fd]['count']);
					
					$aff_array = array();
					
					foreach($entries[$i][$fd] as $aff)
					{
						foreach( $this->affectation_info($aff,$fields,$dn) as $k_aff => $v_aff)
						{ 
							if( $k_aff == 'affectation' )
							{
								$ad_users[$i][$k_aff][] = $v_aff;
							}
							else
							{
								if( empty($ad_users[$i][$k_aff]) ) 
									$ad_users[$i][$k_aff] = $v_aff;
							}
						}
					}
					
					/*
					if( isset($res["telephonenumber"]) && !empty($res["telephonenumber"]) )
					{
						$ad_users[$i]["telephonenumber"] = $res["telephonenumber"];
					}
					
					if( isset($res["service"]) && !empty($res["service"]) )
					{
						$ad_users[$i][$fd] = $res["service"];
					}*/
				}
				else if( $fd == 'positionstatut')
				{
					if( $entries[$i][$fd][0] == 'EP')
						$ad_users[$i][$fd] = 'Y';
					else
						$ad_users[$i][$fd] = 'N';
				}
				else if( $fd == 'telephonenumber')
				{
					//Traité dans affectation
				}
				else 
				{
					$ad_users[$i][$fd] = $entries[$i][$fd][0];
				}
			}
		}
		return $ad_users;
    }
	
	public function all_groups($fields=array(),$dn='',$filter=''){
		
		if(empty($dn))
			$dn="DC=".str_replace(".",",DC=",$this->_domain);
		
        if (!$this->_bind){ return (false); }
        
		if(count($fields) < 1)
			$fields[]="dn";
		
		$entries = array();
		
		//Search for each filter
		$filter = "(&".$filter.")";
			
		$sr=ldap_search($this->_conn,$dn,$filter,$fields);
		$entries = ldap_get_entries($this->_conn, $sr);
		
		for ($i=0; $i< ( count($entries) -1); $i++)
		{
			foreach($fields as $fd)
			{
				if( $fd == 'id' && empty($entries[$i][$fd][0]) )
				{
					//Le groupe n'a pas de objectguid (pb sur l'annuaire)
					unset($ad_groups[$i]);
					break;
				}	
				else if( $fd == 'rattachement')
				{
					unset($entries[$i][$fd]['count']);
					$ad_groups[$i][$fd] = $entries[$i][$fd];
				}
				else
				{
					$ad_groups[$i][$fd] = $entries[$i][$fd][0];
				}
			}
		}
		
		return ($ad_groups);
    }
    
}

?>