Work on isLocked function

ltb-project · Jul 18, 2024 · 5b679d1 · 5b679d1
1 parent 7822a8f
commit 5b679d1
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 4 deletions.
diff --git a/src/Ltb/Directory.php b/src/Ltb/Directory.php
@@ -4,5 +4,5 @@
 
 interface Directory
 {
-    public function isLocked($entry, $ppolicy);
+    public function isLocked($ldap, $dn, $config);
 }
diff --git a/src/Ltb/Directory/ActiveDirectory.php b/src/Ltb/Directory/ActiveDirectory.php
@@ -4,10 +4,22 @@
 
 class ActiveDirectory implements \Ltb\Directory
 {
-    public function isLocked($entry, $ppolicy) {
+    public function isLocked($ldap, $dn, $config) {
 
         $isLocked = false;
 
+        # Get entry
+        $search = ldap_read($ldap, $dn, "(objectClass=*)", array('useraccountcontrol'));
+        $errno = ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return $isLocked;
+        } else {
+            $entry = ldap_get_entries($ldap, $search);
+        }
+
+        # Check userAccountControl
         $userAccountControl = $entry[0]['useraccountcontrol'][0];
 
         if ($userAccountControl & 2) { $isLocked = true; }

diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php
@@ -4,11 +4,33 @@
 
 class OpenLDAP implements \Ltb\Directory
 {
-    public function isLocked($entry, $ppolicy) {
+    public function isLocked($ldap, $dn, $config) {
 
-        $ppolicy_entry = $policy;
         $isLocked = false;
 
+        # Get entry
+        $search = ldap_read($ldap, $dn, "(objectClass=*)", array('pwdaccountlockedtime'));
+        $errno = ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return $isLocked;
+        } else {
+            $entry = ldap_get_entries($ldap, $search);
+        }
+
+        # Get ppolicy entry
+        # Get entry
+        $ppolicy_search = ldap_read($ldap, $config['pwdPolicy'], "(objectClass=*)", array('pwdlockout', 'pwdlockoutduration'));
+        $errno = ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return $isLocked;
+        } else {
+            $ppolicy_entry = ldap_get_entries($ldap, $ppolicy_search);
+        }
+
         $pwdLockout = strtolower($ppolicy_entry[0]['pwdlockout'][0]) == "true" ? true : false;
         $pwdLockoutDuration = $ppolicy_entry[0]['pwdlockoutduration'][0];
         $pwdAccountLockedTime = $entry[0]['pwdaccountlockedtime'][0];