hi,
i have an issue with restriction script.
i want to add the deviceid as zarafaEnabledFeatures LDAP Attribute to every user who have a company iphone and/or ipad
it seems to work but if i reboot a device its doesn´t work anymore. very strange...
i used the restriction script
http://www.isartor.org/wiki/Restrict_Z-Push_usage_per_user from isartor.org but i want to switch from the ldap zpush attribute to deviceid.
i want to allow/filter only our company devices
<?php
$check_user = Request::GetGETUser();
$check_deviceid = Request::GetDeviceID();
// Default value when the user doesn't have the attribute
$default_allow = False;
$ldap_host="localhost";
$ldap_user="xxxxx";
$ldap_pass="xxxxxx";
$ldap_base="dc=xxxxxx,dc=xxx";
// This script will check for this Attribute
//$ldap_result_attr = "zarafaAllowZpush";
$ldap_result_attr = "zarafaEnabledFeatures";
// The Attribute needs the following value to allow ZPush
$ldap_result_attr_true_value = "$check_deviceid";
if ( $check_user != "unknown" ) {
$ldap_filter = "(uid=$check_user)";
//$ldap_filter = "(&(uid=$check_user)(zarafaEnabledFeatures=$check_deviceid))";
$ldap_attributes = array("$ldap_result_attr");
$ldap = ldap_connect("ldap://{$ldap_host}") or die('Could not connect to LDAP server.');
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
@ldap_bind($ldap, "{$ldap_user}", $ldap_pass) or die('Could not bind to LDAP.');
$result = ldap_search($ldap, $ldap_base, $ldap_filter, $ldap_attributes);
$entries = ldap_get_entries($ldap, $result);
//Seems like result attributes need to be addressed lowecase
$ldap_result_attr = strtolower($ldap_result_attr);
$allow_zpush = False;
//DEBUG Setting
//$file = fopen("log.dat", "w");
//fwrite($file, var_export($entries,1));
//fclose($file);
if ($entries["count"] == "0") {
// 0 Results
ZLog::Write(LOGLEVEL_INFO, "RESTRICT: Disallowing z-push for user: $chec
k_user and $check_deviceid");
exit();
} elseif ($entries["count"] > 1) {
// Ambigous result
exit();
} else {
// 1 result: OK
//echo print_r($entries,1);
//echo print_r($entries[0]["count"],1);
if ($entries[0]["count"] == 0) {
//Attribute not found
$allow_zpush = $default_allow;
} else {
for ($i = 0; $i < $entries[0]["$ldap_result_attr"]["count"]; $i++) {
if ($entries[0]["$ldap_result_attr"][$i] == $ldap_result_attr_true_value) {
$allow_zpush = True;
}
}
}
}
ldap_unbind($ldap);
if (! $allow_zpush) {
// Stop script execution if zpush is not allowed
ZLog::Write(LOGLEVEL_INFO, "RESTRICT: Disallowing z-push for user: $check_user $check_deviceid");
exit();
} else {
ZLog::Write(LOGLEVEL_INFO, "RESTRICT: Allowing z-push for user: $check_user $check_deviceid");
}
}
?>