From 8f8ad29dc6bf15298f598f842483fa1a3d944af7 Mon Sep 17 00:00:00 2001
From: David Coutadeur <david.coutadeur@worteks.com>
Date: Wed, 16 Oct 2024 16:48:37 +0200
Subject: [PATCH] first attempt of OpenLDAP check for disabled account (#44)

---
 src/Ltb/Directory/OpenLDAP.php | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php
index 1a4bbb2..561916d 100644
--- a/src/Ltb/Directory/OpenLDAP.php
+++ b/src/Ltb/Directory/OpenLDAP.php
@@ -231,8 +231,23 @@ public function disableAccount($ldap, $dn) : bool {
     }
 
     public function isAccountEnabled($ldap, $dn) : bool {
-        // Not implemented
-        return true;
+
+        # Get entry
+        $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled'));
+        $errno = \Ltb\PhpLDAP::ldap_errno($ldap);
+
+        if ( $errno ) {
+            error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
+            return false;
+        } else {
+            $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
+        }
+
+        if (empty($entry[0]['pwdAccountDisabled'])) {
+            return true;
+        } else {
+            return false;
+        }
     }
 
     public function getLdapDate($date) : string {