62 lines
1.8 KiB
PHP
62 lines
1.8 KiB
PHP
<?php
|
|
// auth/ldap_groups.php
|
|
|
|
/**
|
|
* Haalt alle voornamen van gebruikers in een opgegeven LDAP-groep op.
|
|
*
|
|
* @param string $groupName Naam van de AD-groep (bijv. APP_LootjesTrekken)
|
|
* @return array Array van voornamen, of lege array als fout
|
|
*/
|
|
function get_group_members($groupName): array
|
|
{
|
|
$config = require __DIR__ . '/../config/config.php';
|
|
$ldap_conf = $config['ldap'];
|
|
|
|
$result = [];
|
|
|
|
// Verbinden met LDAP
|
|
$ldapconn = ldap_connect($ldap_conf['server'], $ldap_conf['port']);
|
|
if (!$ldapconn) return $result;
|
|
|
|
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
|
|
|
|
// Bind met admin account
|
|
if (!@ldap_bind($ldapconn, $ldap_conf['admin_user'], $ldap_conf['admin_pass'])) {
|
|
ldap_unbind($ldapconn);
|
|
return $result;
|
|
}
|
|
|
|
// Zoek de groep
|
|
$group_filter = "(&(objectClass=group)(cn={$groupName}))";
|
|
$group_attrs = ['member']; // bevat DN's van groepsleden
|
|
$group_search = ldap_search($ldapconn, $ldap_conf['base_dn'], $group_filter, $group_attrs);
|
|
|
|
if (!$group_search) {
|
|
ldap_unbind($ldapconn);
|
|
return $result;
|
|
}
|
|
|
|
$groups = ldap_get_entries($ldapconn, $group_search);
|
|
if ($groups['count'] === 0) {
|
|
ldap_unbind($ldapconn);
|
|
return $result;
|
|
}
|
|
|
|
$members = $groups[0]['member'] ?? [];
|
|
// member[0..count-1] bevatten DN's
|
|
for ($i = 0; $i < $members['count']; $i++) {
|
|
$user_dn = $members[$i];
|
|
$user_search = ldap_read($ldapconn, $user_dn, '(objectClass=person)', ['givenName']);
|
|
if (!$user_search) continue;
|
|
|
|
$user_entries = ldap_get_entries($ldapconn, $user_search);
|
|
if ($user_entries['count'] > 0) {
|
|
$result[] = $user_entries[0]['givenname'][0] ?? '';
|
|
}
|
|
}
|
|
|
|
ldap_unbind($ldapconn);
|
|
return $result;
|
|
}
|