Add searchall functionality

htdocs/index.php

@@ -121,6 +121,7 @@
 $smarty->assign('use_searchexpired',$use_searchexpired);
 $smarty->assign('use_searchwillexpire',$use_searchwillexpire);
 $smarty->assign('use_searchidle',$use_searchidle);
+$smarty->assign('use_searchall',$use_searchall);
 $smarty->assign('fake_password_inputs',$fake_password_inputs);
 
 # Assign messages
@@ -178,6 +179,7 @@
 if ( $page === "searchexpired" and !$use_searchexpired ) { $page = "welcome"; }
 if ( $page === "searchwillexpire" and !$use_searchwillexpire ) { $page = "welcome"; }
 if ( $page === "searchidle" and !$use_searchidle ) { $page = "welcome"; }
+if ( $page === "searchall" and !$use_searchall ) { $page = "welcome"; }
 if ( file_exists($page.".php") ) { require_once($page.".php"); }
 $smarty->assign('page',$page);
 

htdocs/searchall.php

@@ -0,0 +1,95 @@
+<?php
+/*
+ * Search all entries in LDAP directory
+ */
+
+require_once("../conf/config.inc.php");
+require __DIR__ . '/../vendor/autoload.php';
+require_once("../lib/date.inc.php");
+
+
+
+# Search filter
+$ldap_filter = "$ldap_user_filter";
+
+# Search attributes
+$attributes = array('pwdAccountLockedTime', 'pwdPolicySubentry');
+
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=\Ltb\LtbUtil::search($ldap_filter,$attributes);
+
+if ( ! empty($entries) )
+{
+                # Register policies
+                $pwdPolicies = array();
+
+                # Check if entry is still locked
+                foreach($entries as $entry_key => &$entry) {
+                    # Search active password policy
+                    $pwdPolicy = "";
+                    if (isset($entry['pwdpolicysubentry'][0])) {
+                        $pwdPolicy = $entry['pwdpolicysubentry'][0];
+                    } elseif (isset($ldap_default_ppolicy)) {
+                        $pwdPolicy = $ldap_default_ppolicy;
+                    }
+
+                    $isLocked = false;
+                    $ppolicy_entry = "";
+
+                    if ($pwdPolicy) {
+                        if (!isset($pwdPolicies[$pwdPolicy])){
+                            $search_ppolicy = ldap_read($ldap, $pwdPolicy, "(objectClass=pwdPolicy)", array('pwdLockoutDuration'));
+                            if ( $errno ) {
+                                error_log("LDAP - PPolicy search error $errno  (".ldap_error($ldap).")");
+                            } else {
+                                $ppolicy_entry = ldap_get_entries($ldap, $search_ppolicy);
+                                $pwdPolicies[$pwdPolicy]['pwdLockoutDuration'] = $ppolicy_entry[0]['pwdlockoutduration'][0];
+                            }
+                        }
+
+                        # Lock
+                        $pwdLockoutDuration = $pwdPolicies[$pwdPolicy]['pwdLockoutDuration'];
+                        $pwdAccountLockedTime = $entry['pwdaccountlockedtime'][0];
+
+                        if ( $pwdAccountLockedTime === "000001010000Z" ) {
+                            $isLocked = true;
+                        } else if (isset($pwdAccountLockedTime)) {
+                            if (isset($pwdLockoutDuration) and ($pwdLockoutDuration > 0)) {
+                                $lockDate = ldapDate2phpDate($pwdAccountLockedTime);
+                                $unlockDate = date_add( $lockDate, new DateInterval('PT'.$pwdLockoutDuration.'S'));
+                                if ( time() <= $unlockDate->getTimestamp() ) {
+                                    $isLocked = true;
+                                }
+                            } else {
+                                $isLocked = true;
+                            }
+                        }
+                    }
+                    // Add isLocked to the entry array
+                    $entry['isLocked'] = $isLocked;
+                }
+
+                $smarty->assign("page_title", "allaccounts");
+                if ($nb_entries === 0) {
+                    $result = "noentriesfound";
+                } else {
+                    $smarty->assign("nb_entries", $nb_entries);
+                    $smarty->assign("entries", $entries);
+                    $smarty->assign("size_limit_reached", $size_limit_reached);
+
+                    $columns = $search_result_items;
+                    if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title);
+                    $smarty->assign("listing_columns", $columns);
+                    $smarty->assign("listing_linkto",  isset($search_result_linkto) ? $search_result_linkto : array($search_result_title));
+                    $smarty->assign("listing_sortby",  array_search($search_result_sortby, $columns));
+                    $smarty->assign("show_undef", $search_result_show_undefined);
+                    $smarty->assign("truncate_value_after", $search_result_truncate_value_after);
+                    if ($isLocked === true) {
+                        $smarty->assign("entry_is_locked", true);
+                    }
+                    if ($use_unlockaccount) {
+                        $smarty->assign("display_unlock_button", true);
+                    }
+                }
+}
+
+?>

lang/en.inc.php

@@ -9,6 +9,7 @@
 $messages['accountnotunlocked'] = "Fail to unlock account";
 $messages['accountunlocked'] = "Account is not locked";
 $messages['accountstatus'] = "Account status";
+$messages['allaccounts'] = "All accounts";
 $messages['changesubject'] = "Your password has been changed";
 $messages['changesubjectforadmin'] = "User password has been changed";
 $messages['changemessage'] = "Hello {name},\n\nYour password has been changed.\n\nIf you didn't request a password reset, please contact your administrator for details.";

lang/fr.inc.php

@@ -9,6 +9,7 @@
 $messages['accountnotunlocked'] = "Échec de déblocage du compte";
 $messages['accountstatus'] = "Statut du compte";
 $messages['accountunlocked'] = "Le compte n'est pas bloqué";
+$messages['allaccounts'] = "Tous les comptes";
 $messages['changesubject'] = "Votre mot de passe a été changé";
 $messages['changesubjectforadmin'] = "Le mot de passe d'un utilisateur a été changé";
 $messages['changemessage'] = "Bonjour {name},\n\nVotre mot de passe a été changé.\nSi vous n'êtes pas à l'origine de cette demande, contactez votre administrateur pour obtenir des précisions.";

templates/listing_table.tpl

@@ -13,9 +13,15 @@
                 <i class="fa fa-fw fa-id-card"></i>
             </a>
         {if $display_unlock_button}
-            <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_unlockaccount}">
-                <i class="fa fa-fw fa-unlock"></i>
-            </a>
+            {if $entry.isLocked || !isset($entry.isLocked)}
+                <a href="index.php?page=unlockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-danger btn-sm" role="button" title="{$msg_unlockaccount}">
+                    <i class="fa fa-fw fa-lock"></i>
+                </a>
+            {elif isset($entry.isLocked) && !$entry.isLocked}
+                <a href="index.php?page=lockaccount&dn={$entry.dn|escape:'url'}&returnto=searchlocked" class="btn btn-success btn-sm" role="button" title="{$msg_lockaccount}">
+                    <i class="fa fa-fw fa-unlock"></i>
+                </a>
+            {/if}
         {/if}
         </th>
     {foreach $listing_columns as $column}

templates/menu.tpl

@@ -30,6 +30,9 @@
                       {if $use_searchidle}
                       <li><a href="index.php?page=searchidle" class="dropdown-item"><i class="fa fa-fw fa-hourglass-o"></i> {$msg_idleaccounts}</a></li>
                       {/if}
+                      {if $use_searchall}
+                      <li><a href="index.php?page=searchall"><i class="fa fa-fw fa-users"></i> {$msg_allaccounts}</a></li>
+                      {/if}
                   </ul>
                 </li>
                 {/if}

templates/searchall.tpl

@@ -0,0 +1,11 @@
+<div class="alert alert-warning">
+    {$nb_entries} {if $nb_entries==1}{$msg_entryfound}{else}{$msg_entriesfound}{/if}
+</div>
+
+{if {$size_limit_reached}}
+<div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_sizelimit}</div>
+{/if}
+
+<table id="search-listing" class="table table-striped table-hover table-condensed dataTable">
+    {include 'listing_table.tpl'}
+</table>