diff --git a/src/Ltb/Directory/OpenLDAP.php b/src/Ltb/Directory/OpenLDAP.php index 1a4bbb2..ae5f64d 100644 --- a/src/Ltb/Directory/OpenLDAP.php +++ b/src/Ltb/Directory/OpenLDAP.php @@ -221,18 +221,60 @@ public function resetAtNextConnection($ldap, $dn) : bool { } public function enableAccount($ldap, $dn) : bool { - // Not implemented + + $attrsToDelete = array( 'pwdAccountDisabled' => array() ); + + $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrsToDelete); + $errno = \Ltb\PhpLDAP::ldap_errno($ldap); + + if ($errno) { + error_log("LDAP - Enabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")"); + return false; + } else { + return true; + } return false; } public function disableAccount($ldap, $dn) : bool { - // Not implemented + + # Date of disabling + $currentDate = gmdate("YmdHis")."Z"; + + $attrs = array( 'pwdAccountDisabled' => array($currentDate) ); + + $update = \Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $attrs); + $errno = \Ltb\PhpLDAP::ldap_errno($ldap); + + if ($errno) { + error_log("LDAP - Disabling account error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")"); + return false; + } else { + return true; + } return false; + } public function isAccountEnabled($ldap, $dn) : bool { - // Not implemented - return true; + + # Get entry + $search = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array('pwdAccountDisabled')); + $errno = \Ltb\PhpLDAP::ldap_errno($ldap); + + if ( $errno ) { + error_log("LDAP - Search error $errno (".ldap_error($ldap).")"); + return false; + } else { + $entry = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search); + } + + if (empty($entry[0]['pwdaccountdisabled'][0])) { + return true; + } else { + return false; + } + } public function getLdapDate($date) : string {