页面index.html
<html lang="en">
<head>
<title>ldap添加用户</title>
</head>
<form action="admin_f.php" method="post" name="commentform">
<table border="0" cellpadding="0" cellspacing="0">
<tr><td align="left" width="500" height="30">请输入信息 (ldap组名,帐号,邮箱,姓名,姓名,电话):<br/>
<textarea style="width:450px;height:300px;text-align:left;" type="text" name="txt_info" size="12" placeholder="请在这里输入信息,例如 group,user,mail@yoyi.com.cn,何大龙,何大龙,,13411111111"></textarea><br/>
<input type="submit" name="submit" value="提交">
</td><td align="left">
<textarea style="width:480px;height:300px;text-align:left;" enabled>
注:ldap中各组名
全局 :people
引擎 :engine
平台 :platform
数据算法:data
运营 :operating
产品 :product
运维 :operations
前端 :UI
策划 : tactics
测试 :test
l2tp : vpn
例:
test,test111,test111@yoyi.com.cn,测试一,测试一,13411111111
vpn,test222,test222@yoyi.com.cn,测试二,测试二,18511111111
operations,hedalong,dalong.he@yoyi.com.cn,何大龙,何大龙,13711111111
</textarea></td></tr>
</table>
</form>
</body>
</html>
处理页面
admin_f.php (包含自动生成密码,添加账号,给cn添加一个mail的别名,这样既能用cn又能用mail登录)
<?php
$Patch="upload";
$user_pd="Pwd".randomPassword();
$dc='ou=people,dc=ldap,dc=com';
$object="inetOrgPerson";
$hostname="192.168.5.121:389";
$admin='cn=admin,dc=ldap,dc=com';
$admin_pw="12345678908";
$ds=ldap_connect($hostname) or die("Could not connect to LDAP server.");
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
$echo_info.= '\\n'."使用 LDAPv3 protocol version";
}else{
echo '\\n'."Failed to set protocol version to 3".'\\n';
}
$r=ldap_bind($ds,$admin,$admin_pw);
if($r){
$echo_info.='\\n'."连接Ldap服务器成功";
}else{
echo "<br/>连接Ldap服务器失败,请稍候再尝试,如失败,请联系张学磊";
}
if ($_REQUEST["txt_info"]){
$str=explode("\n",$_REQUEST["txt_info"]);
foreach ($str as $value){
$string= trimall($value);
if( $string == null ){
continue;
}
$str_info=explode(",",$string);
if($str_info[0] != "people"){
$user_dc='ou='.$str_info[0].",".$dc;
}else{
$user_dc=$dc;
}
$username=$str_info[1];
$Email=$str_info[2];
$dc_address='cn='.$username.",".$user_dc;
$info["cn"]=$username;
$info["sn"]=$str_info[4];
$info["homePhone"]=$str_info[5];
$info["givenName"]=$str_info[3];
$info["userpassword"]=$user_pd;
$info["mail"]=$Email;
$info["objectclass"]=$object;
$result=ldap_add($ds,$dc_address, $info); ##add new dc
$info_1["cn"][] = $Email;
$result=ldap_mod_add($ds,$dc_address,$info_1); ##add an additional value to attribute cn
if($result){
$echo_info.='\\n'."添加".$username."用户成功";
$locale='en_US.UTF-8';
setlocale(LC_ALL,$locale);
putenv('LC_ALL='.$locale);
system( "sh fmail.sh {$Email} {$username} {$user_pd} ");
$echo_info.='\\n'."邮件".$Email."发送成功".'\\n';
}else{
echo "<br/>error:faile,添加信息为".var_dump($ds);
}
}
ldap_unbind($ds);
ldap_close($ds);
echo "<script>alert('{$echo_info}点击返回上一页!');location.href='".$_SERVER["HTTP_REFERER"]."';</script>";
}else{
echo "<script>alert('输入内容不能为空!');location.href='".$_SERVER["HTTP_REFERER"]."';</script>";
}
function trimall($str){
$qian=array(" "," ","\t","\\n","\r");
return str_replace($qian, '', $str);
}
function randomPassword( $length = 8 )
{
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@^*()_-=+:,.";
$length = rand(10, 16);
$password = substr( str_shuffle(sha1(rand() . time()) . $chars ), 0, $length );
return $password;
}
?>
邮件发送页面 fmail.sh (注:自助修改密码程序已在前文介绍过https://blog.csdn.net/zhangxueleishamo/article/details/82179902)
#!/bin/bash
mail_zt="ldap帐号已开通"
mail -s $mail_zt $1 << EOF
ldap帐号已开通,用户名: $2,密码默认2018
自助修改密码连接 http://passwd.com.cn/
目前可登陆wiki,svn,git其他功能待续...
wiki地址: http://wiki.com.cn/
svn地址 : http://svn.com.cn/
git地址 :http://git.com.cn/
EOF
查询用户是否使用默认密码登录,如果是默认密码,则发邮件通知他修改
<?php
$user_pd="yoyi2018";
$dc='ou=people,dc=ldap,dc=com';
$object="inetOrgPerson";
$hostname="192.168.5.121:389";
$admin='cn=admin,dc=ldap,dc=com';
$admin_pw="1234567890";
$md5_yoyi='{MD5}qjbtjZhPcdmnq2T7yERcBA==';
$quchu=array("algo","dev","algo","ads","dalong","admin","root");
$ds=ldap_connect($hostname) or die( "Could not connect to LDAP server");
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "使用 LDAPv3 protocol version";
}else{
echo "Failed to set protocol version to 3";
}
$r=ldap_bind($ds,$admin,$admin_pw);
if($r){
echo "连接Ldap服务器成功";
}else{
echo "<br/>连接Ldap服务器失败,请稍候再尝试,如失败,请联系张学磊";
}
$justthese = array("cn","mail","userpassword");
$filter='(&(objectClass=inetOrgPerson)(cn=*)(sn=*))';
$sr=ldap_search($ds,$dc, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++) {
$User_name=$info[$i]["cn"][0];
$User_mail=$info[$i]["mail"][0];
$User_password=$info[$i]["userpassword"][0];
if($User_password == $md5_yoyi or $User_password == $user_pd){
if( ! in_array($User_name,$quchu)){
system( "sh fmailx.sh {$User_mail} {$User_name} ");
}
}
}
?>
mail配置
yum -y install mailx
vim /etc/mail.rc
set from=monit@yoyi.tv
set smtp=mail.com.cn
set smtp-auth-user=monit@com.cn
set smtp-auth-password=1234567890
set smtp-auth=login