diff --git a/controllers/add_user.php b/controllers/add_user.php
index 2c4314e..c4d2ae5 100644
--- a/controllers/add_user.php
+++ b/controllers/add_user.php
@@ -1,13 +1,18 @@
getAllOUs();
+$admin_ous = $_SESSION['admin_ous'] ?? [];
+
+// Filtrer les OUs disponibles selon les droits de l'admin
+$allowed_ous = array_intersect($available_ous, $admin_ous);
+
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Récupérer les données du formulaire
$nom = $_POST['nom'];
diff --git a/models/LDAPAuth.php b/models/LDAPAuth.php
index 8ee9ee1..509ac6f 100644
--- a/models/LDAPAuth.php
+++ b/models/LDAPAuth.php
@@ -112,28 +112,49 @@ class LDAPAuth
// Liste des groupes administratifs et leurs OUs associées
$admin_groups_with_ous = [
- "Domain Admins" => "OU=Domain Admins,DC=epul3a,DC=local",
- "Enterprise Admins" => "OU=Enterprise Admins,DC=epul3a,DC=local",
- "Schema Admins" => "OU=Schema Admins,DC=epul3a,DC=local",
- "Group Policy Creator Owners" => "OU=Group Policy Creator Owners,DC=epul3a,DC=local",
+ "CN=Domain Admins,CN=Users,DC=epul3a,DC=local" => "OU=Domain Admins,DC=epul3a,DC=local",
+ "CN=Enterprise Admins,CN=Users,DC=epul3a,DC=local" => "OU=Enterprise Admins,DC=epul3a,DC=local",
+ "CN=Schema Admins,CN=Users,DC=epul3a,DC=local" => "OU=Schema Admins,DC=epul3a,DC=local",
+ "CN=Group Policy Creator Owners,CN=Users,DC=epul3a,DC=local" => "OU=Group Policy Creator Owners,DC=epul3a,DC=local",
];
- // Récupérer les groupes auxquels l'utilisateur appartient
$admin_ous = [];
- foreach ($admin_groups_with_ous as $group_name => $ou) {
- $filter = "(memberOf:1.2.840.113556.1.4.1941:=$group_name)";
+ foreach ($admin_groups_with_ous as $group_dn => $ou) {
+ $filter = "(memberOf:1.2.840.113556.1.4.1941:=$group_dn)";
$attributes = ["memberOf"];
$result = ldap_read($this->ad, $user_dn, $filter, $attributes);
if ($result && ldap_count_entries($this->ad, $result) > 0) {
- $admin_ous[] = $ou; // Retourne l'OU associée
+ $admin_ous[] = $ou;
}
}
- return $admin_ous;
+ return array_unique($admin_ous);
}
+ public function getAllOUs()
+ {
+ $this->connect();
+ $this->bindServiceAccount();
+ $searchBase = "DC=epul3a,DC=local";
+ $filter = "(objectClass=organizationalUnit)";
+ $attributes = ["ou", "distinguishedName"];
+
+ $result = ldap_search($this->ad, $searchBase, $filter, $attributes);
+ $entries = ldap_get_entries($this->ad, $result);
+
+ $ous = [];
+ if ($entries['count'] > 0) {
+ foreach ($entries as $entry) {
+ if (isset($entry['distinguishedname'][0])) {
+ $ous[] = $entry['distinguishedname'][0];
+ }
+ }
+ }
+
+ return $ous;
+ }
public function close()
{
diff --git a/views/menu.php b/views/menu.php
index c82a67c..b9615d5 100644
--- a/views/menu.php
+++ b/views/menu.php
@@ -16,7 +16,18 @@ echo "Menu
";
echo "";
if ($_SESSION["is_admin"]) {
echo "Vous êtes un administrateur.";
- echo "Vous avez des droits sur les OUs suivantes : " . implode(", ", $_SESSION['admin_ous']);
+ echo "Vous êtes un administrateur. Vous avez des droits sur les OUs suivantes :";
+ echo "";
+ foreach ($_SESSION['admin_ous'] as $ou) {
+ echo "- $ou
";
+ }
+ echo "
";
+
+ // Afficher les actions par OU
+ foreach ($_SESSION['admin_ous'] as $ou) {
+ echo "Gestion de $ou
";
+ echo "Gérer les utilisateurs";
+ }
echo "- Liste des utilisateurs
";
echo "- Ajouter un utilisateur
";