Work on isLocked function

ltb-project · Jul 18, 2024 · dd55136 · dd55136
1 parent c3186ab
commit dd55136
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 42 deletions.
diff --git a/htdocs/display.php b/htdocs/display.php
@@ -68,7 +68,6 @@
             $attributes[] = $attributes_map[$item]['attribute'];
         }
         $attributes[] = $attributes_map[$display_title]['attribute'];
-        $attributes[] = "pwdPolicySubentry";
 
         # Search entry
         $search = ldap_read($ldap, $dn, $ldap_user_filter, $attributes);
@@ -97,54 +96,28 @@
         if ( !$entry[0]['pwdpolicysubentry'] and $ldap_default_ppolicy) {
             $entry[0]['pwdpolicysubentry'][] = $ldap_default_ppolicy;
         }
+        $pwdPolicy = $entry[0]['pwdpolicysubentry'][0];
 
         if ($display_edit_link) {
             # Replace {dn} in URL
             $edit_link = str_replace("{dn}", urlencode($dn), $display_edit_link);
         }
 
-        # Search user active password policy
-        $pwdPolicy = "";
-        if (isset($entry[0]['pwdpolicysubentry'][0])) {
-            $pwdPolicy = $entry[0]['pwdpolicysubentry'][0];
-        } elseif (isset($ldap_default_ppolicy)) {
-            $pwdPolicy = $ldap_default_ppolicy;
-        }
-
-        $isLocked = false;
         $unlockDate = "";
         $isExpired = false;
-        $ppolicy_entry = "";
+
+        $isLocked = $directory->isLocked($ldap, $dn, array( 'pwdpolicy' => $pwdPolicy ));
 
         if ($pwdPolicy) {
-            $search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdMaxAge', 'pwdLockoutDuration', 'pwdLockout'));
+            $search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdMaxAge'));
 
+            $ppolicy_entry = "";
             if ( $errno ) {
                 error_log("LDAP - PPolicy search error $errno  (".ldap_error($ldap).")");
             } else {
                 $ppolicy_entry = ldap_get_entries($ldap, $search_ppolicy);
             }
 
-            # Lock
-            $pwdLockout = strtolower($ppolicy_entry[0]['pwdlockout'][0]) == "true" ? true : false;
-            $pwdLockoutDuration = $ppolicy_entry[0]['pwdlockoutduration'][0];
-            $pwdAccountLockedTime = $entry[0]['pwdaccountlockedtime'][0];
-
-            if ( $pwdAccountLockedTime === "000001010000Z" ) {
-                $isLocked = true;
-                unset($entry[0]['pwdaccountlockedtime']);
-            } else if (isset($pwdAccountLockedTime)) {
-                if (isset($pwdLockoutDuration) and ($pwdLockoutDuration > 0)) {
-                    $lockDate = ldapDate2phpDate($pwdAccountLockedTime);
-                    $unlockDate = date_add( $lockDate, new DateInterval('PT'.$pwdLockoutDuration.'S'));
-                    if ( time() <= $unlockDate->getTimestamp() ) {
-                        $isLocked = true;
-                    }
-                } else {
-                    $isLocked = true;
-                }
-            }
-
             # Expiration
             $pwdMaxAge = $ppolicy_entry[0]['pwdmaxage'][0];
             $pwdChangedTime = $entry[0]['pwdchangedtime'][0];

diff --git a/htdocs/index.php b/htdocs/index.php
@@ -10,16 +10,6 @@
 #==============================================================================
 require_once("../conf/config.inc.php");
 
-# Load specific directory settings
-switch($ldap_type) {
-  case "openldap":
-    $attributes_map = array_merge($attributes_map, $openldap_attributes_map);
-  break;
-  case "activedirectory":
-    $attributes_map = array_merge($attributes_map, $activedirectory_attributes_map);
-  break;
-}
-
 #==============================================================================
 # Includes
 #==============================================================================
@@ -77,6 +67,23 @@
                                  isset($ldap_krb5ccname) ? $ldap_krb5ccname : null
                              );
 
+#==============================================================================
+# Directory instance
+#==============================================================================
+$directory;
+
+# Load specific directory settings
+switch($ldap_type) {
+  case "openldap":
+    $attributes_map = array_merge($attributes_map, $openldap_attributes_map);
+    $directory = new \Ltb\Directory\OpenLDAP();
+  break;
+  case "activedirectory":
+    $attributes_map = array_merge($attributes_map, $activedirectory_attributes_map);
+    $directory = new \Ltb\Directory\ActiveDirectory();
+  break;
+}
+
 #==============================================================================
 # Smarty
 #==============================================================================