<?php
    # Mantis - a php based bugtracking system
    # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
    # Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
    # This program is distributed under the terms and conditions of the GPL
    # See the README and LICENSE files for details

    # --------------------------------------------------------
    # $Id: ads_api.php,v 1.01 2006/09/21 01:52:14 hkaufmann Exp $
    # --------------------------------------------------------

    ###########################################################################
    # Active Directory API
    ###########################################################################

    # --------------------
    # Connect to the ADS directory
    function ads_connect()
    {
        # Get ads configuration
        $t_ads_server = config_get( 'ads_server' );
        $t_ads_port = config_get( 'ads_port' );

        # Connection to ADS-Server
        $t_ds = @ldap_connect ( $t_ads_server, $t_ads_port);

        # Trigger error
        if ( !$t_ds )
        {
            trigger_error( ERROR_ADS_SERVER_CONNECT_FAILED, ERROR );
        }

        return $t_ds;
    }

    # --------------------
    # Bind to the ADS directory
    function ads_bind( $p_ds, $p_bindname = '', $p_password = '' )
    {
        # If no Bind DN and Password is set, attempt to login as the configured Bind DN.
        if ( is_blank( $p_bindname ) && is_blank( $p_password ) )
        {
            $p_bindname = config_get( 'ads_bind_name', '' );
            $p_password = config_get( 'ads_bind_passwd', '' );
        }
    
        # Try bind
        if ( !is_blank( $p_bindname ) && !is_blank( $p_password ) )
        {
            # Get domain
            $t_ads_domain = config_get( 'ads_domain' ) ;
            $t_bindname = "$t_ads_domain\\$p_bindname";
      
            $t_br = @ldap_bind( $p_ds, $t_bindname, $p_password );
        }
        # If either bindname or password is empty try anonymous bind
        else
        {
            $t_br = @ldap_bind( $p_ds );
        }

        return $t_br;
    }
 
    # --------------------
    # Attempt to authenticate the user against the MS Active Directory
    # return true on successful authentication, false otherwise
    function ads_authenticate( $p_user_id, $p_password )
    {
        # if password is empty and Active Directory allows anonymous login, then
        # the user will be able to login, so we need to check for this special case.
        if ( is_blank( $p_password ) )
        {
          return false;
        }
    
        # Connection to ADS-Server
        $t_ds = ads_connect();

        # Get username
        $t_username = user_get_field( $p_user_id, 'username' );
    
        # Try bind
        if ( ads_bind($t_ds, $t_username, $p_password) ) $t_authenticated = true;
        else $t_authenticated = false;

        # Unbind
        ldap_unbind( $t_ds );
    
        return $t_authenticated;
    }

    # --------------------
    # Create a new user account in the Active Directory.

    # --------------------
    # Update the user's account in the Active Directory
  
    # --------------------
    # Change the user's password in the Active Directory

?>