diff --git a/amka/command-line-client/amka.php b/amka/command-line-client/amka.php index 637c5f2b1af8661f1a14531066d4c2d6b845ab64..07885f506643cb80e055bb99bf4c48e1f8a02d09 100644 --- a/amka/command-line-client/amka.php +++ b/amka/command-line-client/amka.php @@ -24,7 +24,7 @@ if ($amka == '' || $surname == '' || $bdate == '') { echo "Ξ§ΟΞ�ΟΞ·: {$argv[0]} [-v] --amka <amka> --surname <surname>", PHP_EOL, " v: ΟΞ±ΟΞ±Ξ³ΟΞ³Ξ� ΞΌΞ·Ξ½Ο ΞΌΞ¬ΟΟΞ½ ΟΞ±ΟακολοΟΞΈΞ·ΟΞ·Ο Ξ΅ΞΊΟΞλΡΟΞ·Ο", PHP_EOL, " amka <amka>: ΞΏ Ξ±ΟΞΉΞΈΞΌΟΟ ΞΞΞΞ", PHP_EOL, - "surname <surname>: Ξ΅ΟΞ―ΞΈΞ΅ΟΞΏ ΟΞ΅ ΞΞΞ¦ΞΞΞΞΞ", PHP_EOL, + "surname <surname>: Ξ΅ΟΞ―ΞΈΞ΅ΟΞΏ ΟΞ΅ ΞΞΞ¦ΞΞΞΞΞ", PHP_EOL; exit(0); } diff --git a/ldap/command-line/.gitignore b/ldap/command-line/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..edd8de636356b0f8914ce152516eae2cdaeb1c40 --- /dev/null +++ b/ldap/command-line/.gitignore @@ -0,0 +1 @@ +settings.php diff --git a/ldap/command-line/README.md b/ldap/command-line/README.md new file mode 100644 index 0000000000000000000000000000000000000000..687cac68575aa14f690c806119f8e04cd01a223e --- /dev/null +++ b/ldap/command-line/README.md @@ -0,0 +1,54 @@ +# Ξ ΟΟΞ³ΟΞ±ΞΌΞΌΞ± Ξ΅ΟΞ―Ξ΄Ξ΅ΞΉΞΎΞ·Ο Ξ³ΞΉΞ± ΞλΡγΟΞΏ LDAP ΟΟΞ�ΟΟΞ· + +΀ο ΟΟΟΞ³ΟΞ±ΞΌΞΌΞ± ΡλΞΞ³ΟΡι ΞΌΞ΅ Ξ±ΟΞ»Ο ΟΟΟΟΞΏ Ράν ΞΞ½Ξ± ΟΟΞ�ΟΟΞ·Ο Ο ΟΞ¬ΟΟΡι ΟΟΞΏΞ½ +ΞΊΞ±Οάλογο ΞΊΞ±ΞΉ Ξ΅ΟΞΉΟΟΟΞΟΡι attributes ΟΞΏΟ ΟΟΞ�ΟΟΞ· Ξ΅ΟΟΟΞΏΞ½ ΞΆΞ·ΟΞ·ΞΈΞΏΟΞ½. + +## ΞΞ΄Ξ·Ξ³Ξ―Ξ΅Ο + +ΞΞ½ΟΞΉΞ³ΟΞ¬ΟΟΞ΅ ΟΞΏ Ξ±ΟΟΡίο `settings.php.dist` ΟΞ΅ ΞΞ½Ξ± Ξ½ΞΞΏ Ξ±ΟΟΡίο `settings.php` ΞΊΞ±ΞΉ +ΟΟΞΏΟΞΏΟΞΏΞΉΞ�ΟΟΞ΅ Ξ±Ξ½Ξ±Ξ»ΟΞ³ΟΟ. + +```php +return [ + 'connectionString' => 'ldap://my.ldap.server', + 'domain' => null, // if AD, provide domain name for login + 'baseSearchDN' => 'cn=Users,dc=YOURCOMPANY,dc=COM', +]; +``` + +## Ξ ΟΟΞ³ΟΞ±ΞΌΞΌΞ± ΟΡλάΟΞ·Ο + +ΞΞΉΞ± ΟΞ·Ξ½ Ξ΅ΟίδΡιξη ΟΟΞ½ διαθΞΟΞΉΞΌΟΞ½ λΡιΟΞΏΟ ΟΞ³ΞΉΟΞ½ ΞΟΡι Ξ±Ξ½Ξ±ΟΟΟ ΟθΡί ΟΟΟΞ³ΟΞ±ΞΌΞΌΞ± +[ldapcmd.php](ldapcmd.php) ΟΞΏΟ ΞΌΟΞΏΟΡίΟΞ΅ Ξ½Ξ± ΡκΟΡλΞΟΞ΅ΟΞ΅ Ξ±ΟΟ ΟΞ· Ξ³ΟΞ±ΞΌΞΌΞ� ΡνΟΞΏΞ»ΟΞ½. +΀ο ΟΟΟΞ³ΟΞ±ΞΌΞΌΞ± Ξ΄ΞΟΞ΅ΟΞ±ΞΉ ΟΞΉΟ ΟΞ±ΟΞ±ΞΊΞ¬ΟΟ ΟΞ±ΟΞ±ΞΌΞΟΟΞΏΟ Ο: + +``` +Ξ§ΟΞ�ΟΞ·: ldapcmd.php {-u | --username} <username> {-p | --password} <password> + [ -d | --domain <domain>] [-c] [--check] [-g <list>] [--get <list>] + u, username : ΟΞ½ΞΏΞΌΞ± ΟΟΞ�ΟΟΞ· + p, password : ΞΊΟδικΟΟ ΟΟΟΟΞ²Ξ±ΟΞ·Ο + d, domain : domain Ξ³ΞΉΞ± ΟΟνδΡΟΞ· (AD domain Ξ΅ΟΟΟΞΏΞ½ ΟΟΡιά΢ΡΟΞ±ΞΉ) + c, check : ΞλΡγΟΞΏΟ ΟΟΞΏΞΉΟΡίΟΞ½ ΟΟΟΟΞ²Ξ±ΟΞ·Ο (ΟΟΞΏΞ΅ΟιλογΞ�) + g, get : άνΟληΟΞ· ΟΟΞΏΞΉΟΡίΟΞ½ ΟΟΞ�ΟΟΞ·, λίΟΟΞ± Ξ±ΟΟ attribute names ΟΟΟΞΉΟΞΌΞΞ½Ξ· ΞΌΞ΅ ΞΊΟΞΌΞΌΞ±ΟΞ± + Ο.Ο. --get sn,displayname,givenname,memberof +``` + +### Ξ Ξ±ΟάδΡιγμα ΞΊΞ»Ξ�ΟΞ·Ο + +*ΞΟΞΉΟΟ ΟΞ�Ο ΞλΡγΟΞΏΟ ΟΟΞΏΞΉΟΡίΟΞ½* + +``` +$ php ldapcmd.php -u kotsos --password kotsos -d PDECRETE +true +``` + +*ΞΞ½ΟληΟΞ· ΟΟΞΏΞΉΟΡίΟΞ½* + +``` +$ php ldapcmd.php -u kotsos --password kotsos -d PDECRETE -g sn,displayname,memberOf +sn:kotsou +displayname:kotsos kotsou +memberof:CN=Debugger Users,CN=Users,DC=pdecrete,DC=local +memberof:CN=Domain Guests,CN=Users,DC=pdecrete,DC=local +memberof:CN=IIS_WPG,CN=Users,DC=pdecrete,DC=local +``` diff --git a/ldap/command-line/ldapcmd.php b/ldap/command-line/ldapcmd.php new file mode 100644 index 0000000000000000000000000000000000000000..acec7565aee0d1efb13e64473169ec14c72abef2 --- /dev/null +++ b/ldap/command-line/ldapcmd.php @@ -0,0 +1,95 @@ +<?php + +$settings = require(__DIR__ . '/settings.php'); + +/** + * ΞΞ�ΟΞ· ΟΞ±ΟΞ±ΞΌΞΟΟΟΞ½ ΞΊΞ±ΞΈΞΏΟΞΉΟΞΌΞΏΟ Ξ»Ξ΅ΞΉΟΞΏΟ ΟΞ³Ξ―Ξ±Ο Ξ±ΟΟ ΟΞ· Ξ³ΟΞ±ΞΌΞΌΞ� ΡνΟΞΏΞ»ΟΞ½ + */ +$options = getopt('u:p:d:cg:', ['username:', 'password:', 'domain:', 'check', 'get:']); + +$username = isset($options['u']) ? $options['u'] : (isset($options['username']) ? $options['username'] : null); +$password = isset($options['p']) ? $options['p'] : (isset($options['password']) ? $options['password'] : null); +$domain = isset($options['d']) ? $options['d'] : (isset($options['domain']) ? $options['domain'] : null); +if ($domain === null) { + // ΟΟΞΏΞ΅ΟιλΡγμΞΞ½Ξ· ΟΞΉΞΌΞ�, Ράν Ο ΟΞ¬ΟΟΡι + $domain = (isset($settings['domain']) && is_string($settings['domain'])) ? $settings['domain'] : null; +} +$check = isset($options['c']) || isset($options['check']); +$get_attributes_requested = ''; +if (isset($options['g'])) { + $get_attributes_requested = $options['g']; +} +if (isset($options['getg'])) { + $get_attributes_requested = $options['get']; +} +$get = !($get_attributes_requested == ''); +if ($get) { + $get_attributes = explode(',', $get_attributes_requested); + array_walk($get_attributes, function (&$v, $k) { + $v = mb_strtolower($v); + }); +} else { + $get_attributes = []; + $check = true; // ΟΟΞΏΞ΅ΟιλογΞ� +} + +/** + * ΞλΡγΟΞΏΟ ΟΞ±ΟΞ±ΞΌΞΟΟΟΞ½ + */ +if ($username === null || $password === null) { + echo "Ξ§ΟΞ�ΟΞ·: {$argv[0]} {-u | --username} <username> {-p | --password} <password> ", PHP_EOL, + " [ -d | --domain <domain>] [-c] [--check] [-g <list>] [--get <list>]", PHP_EOL, + " u, username : ΟΞ½ΞΏΞΌΞ± ΟΟΞ�ΟΟΞ·", PHP_EOL, + " p, password : ΞΊΟδικΟΟ ΟΟΟΟΞ²Ξ±ΟΞ·Ο", PHP_EOL, + " d, domain : domain Ξ³ΞΉΞ± ΟΟνδΡΟΞ· (AD domain Ξ΅ΟΟΟΞΏΞ½ ΟΟΡιά΢ΡΟΞ±ΞΉ)", PHP_EOL, + " c, check : ΞλΡγΟΞΏΟ ΟΟΞΏΞΉΟΡίΟΞ½ ΟΟΟΟΞ²Ξ±ΟΞ·Ο (ΟΟΞΏΞ΅ΟιλογΞ�)", PHP_EOL, + " g, get : άνΟληΟΞ· ΟΟΞΏΞΉΟΡίΟΞ½ ΟΟΞ�ΟΟΞ·, λίΟΟΞ± Ξ±ΟΟ attribute names ΟΟΟΞΉΟΞΌΞΞ½Ξ· ΞΌΞ΅ ΞΊΟΞΌΞΌΞ±ΟΞ±", PHP_EOL, + " Ο.Ο. --get sn,displayname,givenname,memberof", PHP_EOL; + exit(0); +} + +// + +$ldap = ldap_connect($settings['connectionString']); +$ldaprdn = ($domain ? "{$domain}\\" : '') . $username; + +ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); +ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); + +// δοκιμΞ� ΟΟνδΡΟΞ·Ο... +$bind = @ldap_bind($ldap, $ldaprdn, $password); + +// ΡνΞΟΞ³Ξ΅ΞΉΞ΅Ο Ξ±Ξ½Ξ¬Ξ»ΞΏΞ³Ξ± ΞΌΞ΅ ΟΞΏ Ξ±Ξ―ΟΞ·ΞΌΞ± ΟΞΏΟ ΟΟΞ�ΟΟΞ· +if ($bind) { + if ($check) { + echo "true", PHP_EOL; + } + if ($get) { + $filter = "(sAMAccountName=$username)"; + $result = @ldap_search($ldap, $settings['baseSearchDN'], $filter, $get_attributes); + if ($result === false) { + echo "Ξ£Οάλμα ", ldap_error($ldap), PHP_EOL; + } else { + $data = ldap_get_entries($ldap, $result); + // echo "COUNT: ", $data["count"], PHP_EOL; + for ($i = 0; $i < $data['count']; $i++) { + foreach ($get_attributes as $attribute_name) { + $attribute = isset($data[$i][$attribute_name]) ? $data[$i][$attribute_name] : null; + if ($attribute === null) + continue; + for ($c = 0; $c < $attribute['count']; $c++) { + echo "{$attribute_name}:{$attribute[$c]}", PHP_EOL; + } + } + } + } + } +} else { + if ($check) { + echo "false", PHP_EOL; + } else { + echo "ΞΞ±Ξ½ΞΈΞ±ΟΞΌΞΞ½Ξ± ΟΟΞΏΞΉΟΡία ΟΟΟΟΞ²Ξ±ΟΞ·Ο ", ldap_error($ldap), PHP_EOL; + } +} + +exit(0); diff --git a/ldap/command-line/settings.php.dist b/ldap/command-line/settings.php.dist new file mode 100644 index 0000000000000000000000000000000000000000..c55cacc3671cd81b5b49de14c685afe9bfb08833 --- /dev/null +++ b/ldap/command-line/settings.php.dist @@ -0,0 +1,7 @@ +<?php + +return [ + 'connectionString' => 'ldap://my.ldap.server', + 'domain' => null, // if AD, provide domain name for login + 'baseSearchDN' => 'cn=Users,dc=YOURCOMPANY,dc=COM', +];