Morph01/PHP-LDAP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

–feat: implement OU filtering for admin users and enhance menu display

Browse Source
This commit is contained in:
Morph01
2025-02-04 13:30:25 -08:00
parent 3b1e132010
commit cccdbe797c
3 changed files with 49 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
models/LDAPAuth.php
View File

@@ -112,28 +112,49 @@ class LDAPAuth
// Liste des groupes administratifs et leurs OUs associées
$admin_groups_with_ous = [
"Domain Admins" => "OU=Domain Admins,DC=epul3a,DC=local",
"Enterprise Admins" => "OU=Enterprise Admins,DC=epul3a,DC=local",
"Schema Admins" => "OU=Schema Admins,DC=epul3a,DC=local",
"Group Policy Creator Owners" => "OU=Group Policy Creator Owners,DC=epul3a,DC=local",
"CN=Domain Admins,CN=Users,DC=epul3a,DC=local" => "OU=Domain Admins,DC=epul3a,DC=local",
"CN=Enterprise Admins,CN=Users,DC=epul3a,DC=local" => "OU=Enterprise Admins,DC=epul3a,DC=local",
"CN=Schema Admins,CN=Users,DC=epul3a,DC=local" => "OU=Schema Admins,DC=epul3a,DC=local",
"CN=Group Policy Creator Owners,CN=Users,DC=epul3a,DC=local" => "OU=Group Policy Creator Owners,DC=epul3a,DC=local",
];
// Récupérer les groupes auxquels l'utilisateur appartient
$admin_ous = [];
foreach ($admin_groups_with_ous as $group_name => $ou) {
$filter = "(memberOf:1.2.840.113556.1.4.1941:=$group_name)";
foreach ($admin_groups_with_ous as $group_dn => $ou) {
$filter = "(memberOf:1.2.840.113556.1.4.1941:=$group_dn)";
$attributes = ["memberOf"];
$result = ldap_read($this->ad, $user_dn, $filter, $attributes);
if ($result && ldap_count_entries($this->ad, $result) > 0) {
$admin_ous[] = $ou; // Retourne l'OU associée
$admin_ous[] = $ou;
}
}
return $admin_ous;
return array_unique($admin_ous);
}
public function getAllOUs()
{
$this->connect();
$this->bindServiceAccount();
$searchBase = "DC=epul3a,DC=local";
$filter = "(objectClass=organizationalUnit)";
$attributes = ["ou", "distinguishedName"];
$result = ldap_search($this->ad, $searchBase, $filter, $attributes);
$entries = ldap_get_entries($this->ad, $result);
$ous = [];
if ($entries['count'] > 0) {
foreach ($entries as $entry) {
if (isset($entry['distinguishedname'][0])) {
$ous[] = $entry['distinguishedname'][0];
}
}
}
return $ous;
}
public function close()
{