Skip to content

Commit

Permalink
Use Directory interface for search locked account
Browse files Browse the repository at this point in the history
  • Loading branch information
coudot committed Aug 23, 2024
1 parent 8120479 commit 5f887b0
Showing 1 changed file with 38 additions and 82 deletions.
120 changes: 38 additions & 82 deletions htdocs/searchlocked.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,92 +5,48 @@

require_once("../conf/config.inc.php");
require __DIR__ . '/../vendor/autoload.php';
require_once("../lib/date.inc.php");

[$ldap,$result,$nb_entries,$entries,$size_limit_reached] = $ldapInstance->search($ldap_user_filter, array('pwdpolicysubentry'), $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);


# Search filter
$ldap_filter = "(&".$ldap_user_filter."(pwdAccountLockedTime=*))";

# Search attributes
$attributes = array('pwdAccountLockedTime', 'pwdPolicySubentry');

[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);

if ( ! empty($entries) )
if ( !empty($entries) )
{
# Register policies
$pwdPolicies = array();

# Check if entry is still locked
foreach($entries as $entry_key => $entry) {

# Search active password policy
$pwdPolicy = "";
if (isset($entry['pwdpolicysubentry'][0])) {
$pwdPolicy = $entry['pwdpolicysubentry'][0];
} elseif (isset($ldap_default_ppolicy)) {
$pwdPolicy = $ldap_default_ppolicy;
}

$isLocked = false;
$ppolicy_entry = "";

if ($pwdPolicy) {
if (!isset($pwdPolicies[$pwdPolicy])){
$search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdLockoutDuration'));

if ( $errno ) {
error_log("LDAP - PPolicy search error $errno (".ldap_error($ldap).")");
} else {
$ppolicy_entry = ldap_get_entries($ldap, $search_ppolicy);
$pwdPolicies[$pwdPolicy]['pwdLockoutDuration'] = $ppolicy_entry[0]['pwdlockoutduration'][0];
}
}

# Lock
$pwdLockoutDuration = $pwdPolicies[$pwdPolicy]['pwdLockoutDuration'];
$pwdAccountLockedTime = $entry['pwdaccountlockedtime'][0];

if ( $pwdAccountLockedTime === "000001010000Z" ) {
$isLocked = true;
} else if (isset($pwdAccountLockedTime)) {
if (isset($pwdLockoutDuration) and ($pwdLockoutDuration > 0)) {
$lockDate = ldapDate2phpDate($pwdAccountLockedTime);
$unlockDate = date_add( $lockDate, new DateInterval('PT'.$pwdLockoutDuration.'S'));
if ( time() <= $unlockDate->getTimestamp() ) {
$isLocked = true;
}
} else {
$isLocked = true;
}
}
}

if ( $isLocked === false ) {
unset($entries[$entry_key]);
$nb_entries--;
}

}

$smarty->assign("page_title", "lockedaccounts");
if ($nb_entries === 0) {
$result = "noentriesfound";
} else {
$smarty->assign("nb_entries", $nb_entries);
$smarty->assign("entries", $entries);
$smarty->assign("size_limit_reached", $size_limit_reached);

$columns = $search_result_items;
if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title);
$smarty->assign("listing_columns", $columns);
$smarty->assign("listing_linkto", isset($search_result_linkto) ? $search_result_linkto : array($search_result_title));
$smarty->assign("listing_sortby", array_search($search_result_sortby, $columns));
$smarty->assign("show_undef", $search_result_show_undefined);
$smarty->assign("truncate_value_after", $search_result_truncate_value_after);
if ($use_unlockaccount) { $smarty->assign("display_unlock_button", true); }
}
# Check if entry is still locked
foreach($entries as $entry_key => $entry) {
# Search active password policy
$pwdPolicy = "";
if (isset($entry['pwdpolicysubentry'][0])) {
$pwdPolicy = $entry['pwdpolicysubentry'][0];
} elseif (isset($ldap_default_ppolicy)) {
$pwdPolicy = $ldap_default_ppolicy;
}
$lockoutDuration = $directory->getLockoutDuration($ldap, $entry['dn'], array('pwdPolicy' => $pwdPolicy, 'lockoutDuration' => $ldap_lockout_duration));
$isLocked = $directory->isLocked($ldap, $entry['dn'], array('lockoutDuration' => $lockoutDuration));

if ( $isLocked === false ) {
unset($entries[$entry_key]);
$nb_entries--;
}

}

$smarty->assign("page_title", "lockedaccounts");
if ($nb_entries === 0) {
$result = "noentriesfound";
} else {
$smarty->assign("nb_entries", $nb_entries);
$smarty->assign("entries", $entries);
$smarty->assign("size_limit_reached", $size_limit_reached);

$columns = $search_result_items;
if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title);
$smarty->assign("listing_columns", $columns);
$smarty->assign("listing_linkto", isset($search_result_linkto) ? $search_result_linkto : array($search_result_title));
$smarty->assign("listing_sortby", array_search($search_result_sortby, $columns));
$smarty->assign("show_undef", $search_result_show_undefined);
$smarty->assign("truncate_value_after", $search_result_truncate_value_after);
if ($use_unlockaccount) { $smarty->assign("display_unlock_button", true); }
}
}

?>

0 comments on commit 5f887b0

Please sign in to comment.