From f06ba1bed1d4599e21e7ebf94cb1fe5cb87d3fa5 Mon Sep 17 00:00:00 2001
From: root <root@d1stkfactory>
Date: Thu, 5 Dec 2013 14:50:24 +0000
Subject: [PATCH] add ldap

---
 .../Simple-LDAP-Login-Admin.php               |  150 +
 .../simple-ldap-login/Simple-LDAP-Login.php   |  389 +++
 .../simple-ldap-login/includes/adLDAP.php     | 2413 +++++++++++++++++
 .../plugins/simple-ldap-login/readme.md       |  220 ++
 .../plugins/simple-ldap-login/readme.txt      |  220 ++
 5 files changed, 3392 insertions(+)
 create mode 100644 sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php
 create mode 100644 sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
 create mode 100644 sources/wp-content/plugins/simple-ldap-login/includes/adLDAP.php
 create mode 100644 sources/wp-content/plugins/simple-ldap-login/readme.md
 create mode 100644 sources/wp-content/plugins/simple-ldap-login/readme.txt

diff --git a/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php b/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php
new file mode 100644
index 0000000..dd3a20e
--- /dev/null
+++ b/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login-Admin.php
@@ -0,0 +1,150 @@
+<?php
+global $SimpleLDAPLogin;
+
+if( isset( $_GET[ 'tab' ] ) ) {
+    $active_tab = $_GET[ 'tab' ];
+} else {
+	$active_tab = 'simple';
+}
+?>
+<div class="wrap">
+
+    <div id="icon-themes" class="icon32"></div>
+    <h2>Simple LDAP Login Settings</h2>
+
+    <h2 class="nav-tab-wrapper">
+        <a href="<?php echo add_query_arg( array('tab' => 'simple'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'simple' ? 'nav-tab-active' : ''; ?>">Simple</a>
+        <a href="<?php echo add_query_arg( array('tab' => 'advanced'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'advanced' ? 'nav-tab-active' : ''; ?>">Advanced</a>
+        <a href="<?php echo add_query_arg( array('tab' => 'help'), $_SERVER['REQUEST_URI'] ); ?>" class="nav-tab <?php echo $active_tab == 'help' ? 'nav-tab-active' : ''; ?>">Help</a>
+    </h2>
+
+    <form method="post" action="<?php echo str_replace( '%7E', '~', $_SERVER['REQUEST_URI']); ?>">
+    	<?php wp_nonce_field( 'save_sll_settings','save_the_sll' ); ?>
+
+    	<?php if( $active_tab == "simple" ): ?>
+    	<h3>Required</h3>
+    	<p>These are the most basic settings you must configure. Without these, you won't be able to use Simple LDAP Login.</p>
+    	<table class="form-table">
+			<tbody>
+				<tr>
+					<th scope="row" valign="top">Enable LDAP Authentication</th>
+					<td>
+						<input type="hidden" name="<?php echo $this->get_field_name('enabled'); ?>" value="false" />
+						<label><input type="checkbox" name="<?php echo $this->get_field_name('enabled'); ?>" value="true" <?php if( str_true($this->get_setting('enabled')) ) echo "checked"; ?> /> Enable LDAP login authentication for WordPress. (this one is kind of important)</label><br/>
+					</td>
+	    		<tr>
+	    		<tr>
+					<th scope="row" valign="top">Account Suffix</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('account_suffix'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('account_suffix'); ?>" /><br/>
+						Often the suffix of your e-mail address. Example: @gmail.com
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">Base DN</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('base_dn'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('base_dn'); ?>" />
+						<br/>
+						Example: For subdomain.domain.suffix, use DC=subdomain,DC=domain,DC=suffix. Do not specify an OU here.
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">Domain Controller(s)</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('domain_controllers', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('domain_controllers')); ?>" />
+						<br/>Separate with semi-colons.
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">LDAP Directory</th>
+					<td>
+						<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ad" <?php if( $this->get_setting('directory') == "ad" ) echo "checked"; ?> /> Active Directory</label><br/>
+						<label><input type="radio" name="<?php echo $this->get_field_name('directory'); ?>" value="ol" <?php if( $this->get_setting('directory') == "ol" ) echo "checked"; ?> /> Open LDAP (and etc)</label>
+					</td>
+				</tr>
+			</tbody>
+    	</table>
+    	<p><input class="button-primary" type="submit" value="Save Settings" /></p>
+    	<?php elseif ( $active_tab == "advanced" ): ?>
+    	<h3>Typical</h3>
+		<p>These settings give you finer control over how logins work.</p>
+    	<table class="form-table" style="margin-bottom: 20px;">
+			<tbody>
+				<tr>
+					<th scope="row" valign="top">Required Groups</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('groups', 'array'); ?>" value="<?php echo join(';', (array)$SimpleLDAPLogin->get_setting('groups')); ?>" /><br/>
+						The groups, if any, that authenticating LDAP users must belong to. <br/>
+						Empty means no group required. Separate with semi-colons.
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">LDAP Exclusive</th>
+					<td>
+						<input type="hidden" name="<?php echo $this->get_field_name('high_security'); ?>" value="false" />
+						<label><input type="checkbox" name="<?php echo $this->get_field_name('high_security'); ?>" value="true" <?php if( str_true($this->get_setting('high_security')) ) echo "checked"; ?> /> Force all logins to authenticate against LDAP. Do NOT fallback to default authentication for existing users.<br/>Formerly known as high security mode.</label><br/>
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">User Creations</th>
+					<td>
+						<input type="hidden" name="<?php echo $this->get_field_name('create_users'); ?>" value="false" />
+						<label><input type="checkbox" name="<?php echo $this->get_field_name('create_users'); ?>" value="true" <?php if( str_true($this->get_setting('create_users')) ) echo "checked"; ?> /> Create WordPress user for authenticated LDAP login with appropriate roles.</label><br/>
+					</td>
+	    		<tr>
+					<th scope="row" valign="top">New User Role</th>
+					<td>
+						<select name="<?php echo $this->get_field_name('role'); ?>">
+							<?php wp_dropdown_roles( strtolower($this->get_setting('role')) ); ?>
+						</select>
+					</td>
+				</tr>
+			</tbody>
+    	</table>
+    	<hr />
+    	<h3>Extraordinary</h3>
+    	<p>Most users should leave these alone.</p>
+    	<table class="form-table">
+			<tbody>
+	    		<tr>
+					<th scope="row" valign="top">LDAP Login Attribute</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('ol_login'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ol_login'); ?>" />
+						<br />
+						In case your installation uses something other than <b>uid</b>; 
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">Use TLS</th>
+					<td>
+						<input type="hidden" name="<?php echo $this->get_field_name('use_tls'); ?>" value="false" />
+						<label><input type="checkbox" name="<?php echo $this->get_field_name('use_tls'); ?>" value="true" <?php if( str_true($this->get_setting('use_tls')) ) echo "checked"; ?> /> Transport Layer Security. This feature is beta, very beta.</label><br/>
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">LDAP Port</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('ldap_port'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_port'); ?>" /><br/>
+						This is usually 389.
+					</td>
+				</tr>
+				<tr>
+					<th scope="row" valign="top">LDAP Version</th>
+					<td>
+						<input type="text" name="<?php echo $this->get_field_name('ldap_version'); ?>" value="<?php echo $SimpleLDAPLogin->get_setting('ldap_version'); ?>" /><br/>
+						Only applies to Open LDAP. Typically 3.
+					</td>
+				</tr>
+			</tbody>
+    	</table>
+    	<p><input class="button-primary" type="submit" value="Save Settings" /></p>
+    	<?php else: ?>
+		<h3>Help</h3>
+		<p>Here's a brief primer on how to effectively use and test Simple LDAP Login.</p>
+		<h4>Testing</h4>
+		<p>The most effective way to test logins is to use two browsers. In other words, keep WordPress Admin open in Chrome, and use Firefox to try logging in. This will give you real time feedback on your settings and prevent you from inadvertently locking yourself out.</p>
+		<h4>Which raises the question, what happens if I get locked out?</h4>
+		<p>If you accidentally lock yourself out, the easiest way to get back in is to rename <strong><?php echo plugin_dir_path(__FILE__); ?></strong> to something else and then refresh. WordPress will detect the change and disable Simple LDAP Login. You can then rename the folder back to its previous name.</p>
+    	<?php endif; ?>
+    </form>
+</div>
\ No newline at end of file
diff --git a/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php b/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
new file mode 100644
index 0000000..d24e12e
--- /dev/null
+++ b/sources/wp-content/plugins/simple-ldap-login/Simple-LDAP-Login.php
@@ -0,0 +1,389 @@
+<?php
+/*
+Plugin Name: Simple LDAP Login
+Plugin URI: http://clifgriffin.com/simple-ldap-login/
+Description:  Authenticate WordPress against LDAP.
+Version: 1.5.5
+Author: Clif Griffin Development Inc.
+Author URI: http://cgd.io
+*/
+
+class SimpleLDAPLogin {
+	static $instance = false;
+	var $prefix = 'sll_';
+	var $settings = array();
+	var $adldap;
+	var $ldap;
+
+	public function __construct () {
+		$this->settings = $this->get_settings_obj( $this->prefix );
+
+		if( $this->get_setting('directory') == "ad" ) {
+			require_once( plugin_dir_path(__FILE__) . "/includes/adLDAP.php" );
+			$this->adldap = new adLDAP(
+				array (
+					"account_suffix"		=>	$this->get_setting('account_suffix'),
+					"use_tls"				=>	str_true( $this->get_setting('use_tls') ),
+					"base_dn"				=>	$this->get_setting('base_dn'),
+					"domain_controllers"	=>	(array)$this->get_setting('domain_controllers'),
+					"ad_port"				=>	$this->get_setting('ldap_port')
+				)
+			);
+		}
+
+		add_action('admin_init', array($this, 'save_settings') );
+		add_action('admin_menu', array($this, 'menu') );
+
+		if ( str_true($this->get_setting('enabled')) ) {
+			add_filter('authenticate', array($this, 'authenticate'), 1, 3);
+		}
+
+		register_activation_hook( __FILE__, array($this, 'activate') );
+
+		// If version is false, and old version detected, run activation
+		if( $this->get_setting('version') === false || get_option('simpleldap_domain_controllers', false) !== false ) $this->activate();
+	}
+
+	public static function getInstance () {
+		if ( !self::$instance ) {
+		  self::$instance = new self;
+		}
+		return self::$instance;
+	}
+
+	function activate () {
+		// Default settings
+		$this->add_setting('account_suffix', "@mydomain.org");
+		$this->add_setting('base_dn', "DC=mydomain,DC=org");
+		$this->add_setting('domain_controllers', array("dc01.mydomain.local") );
+		$this->add_setting('directory', "ad");
+		$this->add_setting('role', "Contributor");
+		$this->add_setting('high_security', "true");
+		$this->add_setting('ol_login', "uid");
+		$this->add_setting('use_tls', "false");
+		$this->add_setting('ldap_port', 389);
+		$this->add_setting('ldap_version', 3);
+		$this->add_setting('create_users', "false");
+		$this->add_setting('enabled', "false");
+
+		if( $this->get_setting('version') === false ) {
+			$this->set_setting('version', '1.5');
+			$this->set_setting('enabled', 'true');
+
+			if ( $this->set_setting('account_suffix', get_option('simpleldap_account_suffix')) ) {
+				//delete_option('simpleldap_account_suffix');
+			}
+
+			if ( $this->set_setting('base_dn', get_option('simpleldap_base_dn')) ) {
+				//delete_option('simpleldap_base_dn');
+			}
+
+			if ( $this->set_setting('domain_controllers', get_option('simpleldap_domain_controllers')) ) {
+				//delete_option('simpleldap_domain_controllers');
+			}
+
+			$directory_result = false;
+			if ( get_option('simpleldap_directory_type') == "directory_ad" ) {
+				$directory_result = $this->set_setting('directory', 'ad');
+			} else {
+				$directory_result = $this->set_setting('directory', 'ol');
+			}
+
+			//if( $directory_result ) delete_option('simpleldap_directory_type');
+			unset($directory_result);
+
+			if ( $this->set_setting('groups', (array)get_option('simpleldap_group') ) ) {
+				//delete_option('simpleldap_group');
+			}
+
+			if ( $this->set_setting('role', get_option('simpleldap_account_type')) ) {
+				//delete_option('simpleldap_account_type');
+			}
+
+			if ( $this->set_setting('ol_login', get_option('simpleldap_ol_login')) ) {
+				//delete_option('simpleldap_ol_login');
+			}
+
+			if ( $this->set_setting('use_tls', str_true( get_option('simpleldap_use_tls') ) ) ) {
+				//delete_option('simpleldap_use_tls');
+			}
+
+			$create_users = false;
+			if ( get_option('simpleldap_login_mode') == "mode_create_all" || get_option('simpleldap_login_mode') == "mode_create_group" ) {
+				$create_users = true;
+			}
+			if ( $this->set_setting('create_users', $create_users) ) {
+				//delete_option('simpleldap_login_mode');
+			}
+
+			$high_security = false;
+			if ( get_option('simpleldap_security_mode') == "security_high" ) {
+				$high_security = true;
+			}
+			if ( $this->set_setting('high_security', $high_security) ) {
+				//delete_option('simpleldap_security_mode');
+			}
+ 		}
+	}
+
+	function menu () {
+		add_options_page("Simple LDAP Login", "Simple LDAP Login", 'manage_options', "simple-ldap-login", array($this, 'admin_page') );
+	}
+
+	function admin_page () {
+		include 'Simple-LDAP-Login-Admin.php';
+	}
+
+	function get_settings_obj () {
+		return get_option("{$this->prefix}settings", false);
+	}
+
+	function set_settings_obj ( $newobj ) {
+		return update_option("{$this->prefix}settings", $newobj);
+	}
+
+	function set_setting ( $option = false, $newvalue ) {
+		if( $option === false ) return false;
+
+		$this->settings = $this->get_settings_obj($this->prefix);
+		$this->settings[$option] = $newvalue;
+		return $this->set_settings_obj($this->settings);
+	}
+
+	function get_setting ( $option = false ) {
+		if($option === false || ! isset($this->settings[$option]) ) return false;
+
+		return apply_filters($this->prefix . 'get_setting', $this->settings[$option], $option);
+	}
+
+	function add_setting ( $option = false, $newvalue ) {
+		if($option === false ) return false;
+
+		if ( ! isset($this->settings[$option]) ) {
+			return $this->set_setting($option, $newvalue);
+		} else return false;
+	}
+
+	function get_field_name($setting, $type = 'string') {
+		return "{$this->prefix}setting[$setting][$type]";
+	}
+
+	function save_settings()
+	{
+		if( isset($_REQUEST["{$this->prefix}setting"]) && check_admin_referer('save_sll_settings','save_the_sll') ) {
+			$new_settings = $_REQUEST["{$this->prefix}setting"];
+
+			foreach( $new_settings as $setting_name => $setting_value  ) {
+				foreach( $setting_value as $type => $value ) {
+					if( $type == "array" ) {
+						$this->set_setting($setting_name, explode(";", $value));
+					} else {
+						$this->set_setting($setting_name, $value);
+					}
+				}
+			}
+
+			add_action('admin_notices', array($this, 'saved_admin_notice') );
+		}
+	}
+
+	function saved_admin_notice(){
+	    echo '<div class="updated">
+	       <p>Simple LDAP Login settings have been saved.</p>
+	    </div>';
+
+	    if( ! str_true($this->get_setting('enabled')) ) {
+			echo '<div class="error">
+				<p>Simple LDAP Login is disabled.</p>
+			</div>';
+	    }
+	}
+
+	function authenticate ($user, $username, $password) {
+		// If previous authentication succeeded, respect that
+		if ( is_a($user, 'WP_User') ) { return $user; }
+		
+		// Determine if user a local admin
+		$local_admin = false;
+		$user_obj = get_user_by('login', $username); 
+		if( user_can($user_obj, 'update_core') ) $local_admin = true;
+		
+		if ( empty($username) || empty($password) ) {
+			$error = new WP_Error();
+
+			if ( empty($username) )
+				$error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
+
+			if ( empty($password) )
+				$error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
+
+			return $error;
+		}
+		
+		// If high security mode is enabled, remove default WP authentication hook
+		if ( str_true( $this->get_setting('high_security') ) && ! $local_admin ) {
+			remove_filter('authenticate', 'wp_authenticate_username_password', 20, 3);
+		}
+
+		// Sweet, let's try to authenticate our user and pass against LDAP
+		$auth_result = $this->ldap_auth($username, $password, $this->get_setting('directory') );
+
+		if( $auth_result ) {
+			// Authenticated, does user have required groups, if any?
+			if( $this->user_has_groups( $username, $this->get_setting('directory') ) ) {
+
+				$user = get_user_by('login', $username);
+
+				if ( ! $user || ( strtolower($user->user_login) !== strtolower($username) ) )  {
+					if( ! str_true($this->get_setting('create_users')) ) {
+						do_action( 'wp_login_failed', $username );
+						return new WP_Error('invalid_username', __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct, but there is no matching WordPress user and user creation is not enabled.'));
+					}
+
+					$new_user = wp_insert_user( $this->get_user_data( $username, $this->get_setting('directory') ) );
+
+					if( ! is_wp_error($new_user) )
+					{
+						// Successful Login
+						$new_user = new WP_User($new_user);
+						do_action_ref_array($this->prefix . 'auth_success', array($new_user) );
+
+						return $new_user;
+					}
+					else
+					{
+						do_action( 'wp_login_failed', $username );
+						return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: LDAP credentials are correct and user creation is allowed but an error occurred creating the user in WordPress. Actual error: '.$new_user->get_error_message() ));
+					}
+
+				} else {
+					return new WP_User($user->ID);
+				}
+			} else {
+				return new WP_Error("{$this->prefix}login_error", __('<strong>Simple LDAP Login Error</strong>: Your LDAP credentials are correct, but you are not in an authorized LDAP group.'));
+			}
+
+		} elseif ( str_true($this->get_setting('high_security')) ) {
+			return new WP_Error('invalid_username', __('<strong>Simple LDAP Login</strong>: Simple LDAP Login could not authenticate your credentials. The security settings do not permit trying the WordPress user database as a fallback.'));
+		}
+
+		do_action($this->prefix . 'auth_failure');
+		return false;
+	}
+
+	function ldap_auth( $username, $password, $directory ) {
+		$result = false;
+
+		if ( $directory == "ad" ) {
+			$result = $this->adldap->authenticate( $username, $password );
+		} elseif ( $directory == "ol" ) {
+			$this->ldap = ldap_connect( join(' ', (array)$this->get_setting('domain_controllers')), (int)$this->get_setting('ldap_port') );
+			ldap_set_option($this->ldap, LDAP_OPT_PROTOCOL_VERSION, (int)$this->get_setting('ldap_version'));
+			if ( str_true($this->get_setting('use_tls')) ) {
+				ldap_start_tls($this->ldap);
+			}
+			$ldapbind = @ldap_bind($this->ldap, $this->get_setting('ol_login') .'=' . $username . ',' . $this->get_setting('base_dn'), $password);
+			$result = $ldapbind;
+		}
+
+		return apply_filters($this->prefix . 'ldap_auth', $result);
+	}
+
+	function user_has_groups( $username = false, $directory ) {
+		$result = false;
+		$groups = (array)$this->get_setting('groups');
+		$groups = array_filter($groups);
+
+		if ( ! $username ) return $result;
+		if ( count( $groups ) == 0 ) return true;
+
+		if ( $directory == "ad" ) {
+			foreach ($groups as $gp) {
+				if ( $this->adldap->user_ingroup ($username, $gp ) ) {
+					$result = true;
+					break;
+				}
+			}
+		} elseif ( $directory == "ol" ) {
+			if( $this->ldap === false ) return false;
+
+			$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', array('cn'));
+			$ldapgroups = ldap_get_entries($this->ldap, $result);
+
+			// Ok, we should have the user, all the info, including which groups he is a member of.
+			// Let's make sure he's in the right group before proceeding.
+			$user_groups = array();
+			for ( $i = 0; $i < $ldapgroups['count']; $i++) {
+				$user_groups[] .= $ldapgroups[$i]['cn'][0];
+			}
+
+			$result =  (bool)(count( array_intersect($user_groups, $groups) ) > 0);
+		}
+
+		return apply_filters($this->prefix . 'user_has_groups', $result);
+	}
+
+	function get_user_data( $username, $directory ) {
+		$user_data = array(
+			'user_pass' => md5( microtime() ),
+			'user_login' => $username,
+			'user_nicename' => '',
+			'user_email' => '',
+			'display_name' => '',
+			'first_name' => '',
+			'last_name' => '',
+			'role' => $this->get_setting('role')
+		);
+
+		if ( $directory == "ad" ) {
+			$userinfo = $this->adldap->user_info($username, array("samaccountname","givenname","sn","mail"));
+			$userinfo = $userinfo[0];
+		} elseif ( $directory == "ol" ) {
+			if ( $this->ldap == null ) {return false;}
+
+			$result = ldap_search($this->ldap, $this->get_setting('base_dn'), '(' . $this->get_setting('ol_login') . '=' . $username . ')', array($this->get_setting('ol_login'), 'sn', 'givenname', 'mail'));
+			$userinfo = ldap_get_entries($this->ldap, $result);
+
+			if ($userinfo['count'] == 1) {
+				$userinfo = $userinfo[0];
+			}
+		} else return false;
+
+		if( is_array($userinfo) ) {
+			$user_data['user_nicename'] = $userinfo['givenname'][0] . ' ' . $userinfo['sn'][0];
+			$user_data['user_email'] 	= $userinfo['mail'][0];
+			$user_data['display_name']	= $user_data['user_nicename'];
+			$user_data['first_name']	= $userinfo['givenname'][0];
+			$user_data['last_name'] 	= $userinfo['sn'][0];
+		}
+
+		return apply_filters($this->prefix . 'user_data', $user_data);
+	}
+}
+
+if ( ! function_exists('str_true') ) {
+	/**
+	 * Evaluates natural language strings to boolean equivalent
+	 *
+	 * Used primarily for handling boolean text provided in shopp() tag options.
+	 * All values defined as true will return true, anything else is false.
+	 *
+	 * Boolean values will be passed through.
+	 *
+	 * Replaces the 1.0-1.1 value_is_true()
+	 *
+	 * @author Jonathan Davis
+	 * @since 1.2
+	 *
+	 * @param string $string The natural language value
+	 * @param array $istrue A list strings that are true
+	 * @return boolean The boolean value of the provided text
+	 **/
+	function str_true ( $string, $istrue = array('yes', 'y', 'true','1','on','open') ) {
+		if (is_array($string)) return false;
+		if (is_bool($string)) return $string;
+		return in_array(strtolower($string),$istrue);
+	}
+}
+
+$SimpleLDAPLogin = SimpleLDAPLogin::getInstance();
\ No newline at end of file
diff --git a/sources/wp-content/plugins/simple-ldap-login/includes/adLDAP.php b/sources/wp-content/plugins/simple-ldap-login/includes/adLDAP.php
new file mode 100644
index 0000000..1485a0f
--- /dev/null
+++ b/sources/wp-content/plugins/simple-ldap-login/includes/adLDAP.php
@@ -0,0 +1,2413 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 3.3.2
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2010 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2010 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 91 $
+ * @version 3.3.2
+ * @link http://adldap.sourceforge.net/
+ */
+
+/**
+ * Define the different types of account in AD
+ */
+define ('ADLDAP_NORMAL_ACCOUNT', 805306368);
+define ('ADLDAP_WORKSTATION_TRUST', 805306369);
+define ('ADLDAP_INTERDOMAIN_TRUST', 805306370);
+define ('ADLDAP_SECURITY_GLOBAL_GROUP', 268435456);
+define ('ADLDAP_DISTRIBUTION_GROUP', 268435457);
+define ('ADLDAP_SECURITY_LOCAL_GROUP', 536870912);
+define ('ADLDAP_DISTRIBUTION_LOCAL_GROUP', 536870913);
+define ('ADLDAP_FOLDER', 'OU');
+define ('ADLDAP_CONTAINER', 'CN');
+
+/**
+* Main adLDAP class
+* 
+* Can be initialised using $adldap = new adLDAP();
+* 
+* Something to keep in mind is that Active Directory is a permissions
+* based directory. If you bind as a domain user, you can't fetch as
+* much information on other users as you could as a domain admin.
+* 
+* Before asking questions, please read the Documentation at
+* http://adldap.sourceforge.net/wiki/doku.php?id=api
+*/
+class adLDAP {
+    /**
+    * The account suffix for your domain, can be set when the class is invoked
+    * 
+    * @var string
+    */   
+	protected $_account_suffix = "@mydomain.local";
+    
+    /**
+    * The base dn for your domain
+    * 
+    * @var string
+    */
+	protected $_base_dn = "DC=mydomain,DC=local"; 
+	
+    /**
+    * Array of domain controllers. Specifiy multiple controllers if you
+    * would like the class to balance the LDAP queries amongst multiple servers
+    * 
+    * @var array
+    */
+    protected $_domain_controllers = array ("dc01.mydomain.local");
+	
+    /**
+    * Optional account with higher privileges for searching
+    * This should be set to a domain admin account
+    * 
+    * @var string
+    * @var string
+    */
+	protected $_ad_username=NULL;
+    protected $_ad_password=NULL;
+    
+    /**
+    * AD does not return the primary group. http://support.microsoft.com/?kbid=321360
+    * This tweak will resolve the real primary group. 
+    * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
+    * someone's primary group is NOT domain users, this is obviously going to mess up the results
+    * 
+    * @var bool
+    */
+	protected $_real_primarygroup=true;
+	
+    /**
+    * Use SSL (LDAPS), your server needs to be setup, please see
+    * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
+    * 
+    * @var bool
+    */
+	protected $_use_ssl=false;
+    
+    /**
+    * Use TLS
+    * If you wish to use TLS you should ensure that $_use_ssl is set to false and vice-versa
+    * 
+    * @var bool
+    */
+    protected $_use_tls=false;
+    
+    /**
+    * When querying group memberships, do it recursively 
+    * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
+    * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off     
+    * 
+    * @var bool
+    */
+	protected $_recursive_groups=true;
+	
+	// You should not need to edit anything below this line
+	//******************************************************************************************
+	
+	/**
+    * Connection and bind default variables
+    * 
+    * @var mixed
+    * @var mixed
+    */
+	protected $_conn;
+	protected $_bind;
+    
+    /**
+    * Getters and Setters
+    */
+    
+    /**
+    * Set the account suffix
+    * 
+    * @param string $_account_suffix
+    * @return void
+    */
+    public function set_account_suffix($_account_suffix)
+    {
+          $this->_account_suffix = $_account_suffix;
+    }
+
+    /**
+    * Get the account suffix
+    * 
+    * @return string
+    */
+    public function get_account_suffix()
+    {
+          return $this->_account_suffix;
+    }
+    
+    /**
+    * Set the domain controllers array
+    * 
+    * @param array $_domain_controllers
+    * @return void
+    */
+    public function set_domain_controllers(array $_domain_controllers)
+    {
+          $this->_domain_controllers = $_domain_controllers;
+    }
+
+    /**
+    * Get the list of domain controllers
+    * 
+    * @return void
+    */
+    public function get_domain_controllers()
+    {
+          return $this->_domain_controllers;
+    }
+    
+    /**
+    * Set the username of an account with higher priviledges
+    * 
+    * @param string $_ad_username
+    * @return void
+    */
+    public function set_ad_username($_ad_username)
+    {
+          $this->_ad_username = $_ad_username;
+    }
+
+    /**
+    * Get the username of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function get_ad_username()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set the password of an account with higher priviledges
+    * 
+    * @param string $_ad_password
+    * @return void
+    */
+    public function set_ad_password($_ad_password)
+    {
+          $this->_ad_password = $_ad_password;
+    }
+
+    /**
+    * Get the password of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function get_ad_password()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set whether to detect the true primary group
+    * 
+    * @param bool $_real_primary_group
+    * @return void
+    */
+    public function set_real_primarygroup($_real_primarygroup)
+    {
+          $this->_real_primarygroup = $_real_primarygroup;
+    }
+
+    /**
+    * Get the real primary group setting
+    * 
+    * @return bool
+    */
+    public function get_real_primarygroup()
+    {
+          return $this->_real_primarygroup;
+    }
+    
+    /**
+    * Set whether to use SSL
+    * 
+    * @param bool $_use_ssl
+    * @return void
+    */
+    public function set_use_ssl($_use_ssl)
+    {
+          $this->_use_ssl = $_use_ssl;
+    }
+
+    /**
+    * Get the SSL setting
+    * 
+    * @return bool
+    */
+    public function get_use_ssl()
+    {
+          return $this->_use_ssl;
+    }
+    
+    /**
+    * Set whether to use TLS
+    * 
+    * @param bool $_use_tls
+    * @return void
+    */
+    public function set_use_tls($_use_tls)
+    {
+          $this->_use_tls = $_use_tls;
+    }
+
+    /**
+    * Get the TLS setting
+    * 
+    * @return bool
+    */
+    public function get_use_tls()
+    {
+          return $this->_use_tls;
+    }
+    
+    /**
+    * Set whether to lookup recursive groups
+    * 
+    * @param bool $_recursive_groups
+    * @return void
+    */
+    public function set_recursive_groups($_recursive_groups)
+    {
+          $this->_recursive_groups = $_recursive_groups;
+    }
+
+    /**
+    * Get the recursive groups setting
+    * 
+    * @return bool
+    */
+    public function get_recursive_groups()
+    {
+          return $this->_recursive_groups;
+    }
+
+    /**
+    * Default Constructor
+    * 
+    * Tries to bind to the AD domain over LDAP or LDAPs
+    * 
+    * @param array $options Array of options to pass to the constructor
+    * @throws Exception - if unable to bind to Domain Controller
+    * @return bool
+    */
+    function __construct($options=array()){
+        // You can specifically overide any of the default configuration options setup above
+        if (count($options)>0){
+            if (array_key_exists("account_suffix",$options)){ $this->_account_suffix=$options["account_suffix"]; }
+            if (array_key_exists("base_dn",$options)){ $this->_base_dn=$options["base_dn"]; }
+            if (array_key_exists("domain_controllers",$options)){ $this->_domain_controllers=$options["domain_controllers"]; }
+            if (array_key_exists("ad_username",$options)){ $this->_ad_username=$options["ad_username"]; }
+            if (array_key_exists("ad_password",$options)){ $this->_ad_password=$options["ad_password"]; }
+            if (array_key_exists("real_primarygroup",$options)){ $this->_real_primarygroup=$options["real_primarygroup"]; }
+            if (array_key_exists("use_ssl",$options)){ $this->_use_ssl=$options["use_ssl"]; }
+            if (array_key_exists("use_tls",$options)){ $this->_use_tls=$options["use_tls"]; }
+            if (array_key_exists("recursive_groups",$options)){ $this->_recursive_groups=$options["recursive_groups"]; }
+        }
+        
+        if ($this->ldap_supported() === false) {
+            throw new adLDAPException('No LDAP support for PHP.  See: http://www.php.net/ldap');
+        }
+
+        return $this->connect();
+    }
+
+    /**
+    * Default Destructor
+    * 
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    function __destruct(){ $this->close(); }
+
+    /**
+    * Connects and Binds to the Domain Controller
+    * 
+    * @return bool
+    */
+    public function connect() {
+        // Connect to the AD/LDAP server as the username/password
+        $dc=$this->random_controller();
+        if ($this->_use_ssl){
+            $this->_conn = ldap_connect("ldaps://".$dc, 636);
+        } else {
+            $this->_conn = ldap_connect($dc);
+        }
+               
+        // Set some ldap options for talking to AD
+        ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0);
+        
+        if ($this->_use_tls) {
+            ldap_start_tls($this->_conn);
+        }
+               
+        // Bind as a domain admin if they've set it up
+        if ($this->_ad_username!=NULL && $this->_ad_password!=NULL){
+            $this->_bind = @ldap_bind($this->_conn,$this->_ad_username.$this->_account_suffix,$this->_ad_password);
+            if (!$this->_bind){
+                if ($this->_use_ssl && !$this->_use_tls){
+                    // If you have problems troubleshooting, remove the @ character from the ldap_bind command above to get the actual error message
+                    throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->get_last_error());
+                } else {
+                    throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->get_last_error());
+                }
+            }
+        }
+        
+        if ($this->_base_dn == NULL) {
+            $this->_base_dn = $this->find_base_dn();   
+        }
+        
+        return (true);
+    }
+    
+    /**
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    public function close() {
+        ldap_close ($this->_conn);
+    }
+
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $prevent_rebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $prevent_rebind = false) {
+        // Prevent null binding
+        if ($username === NULL || $password === NULL) { return false; } 
+        if (empty($username) || empty($password)) { return false; }
+        
+        // Bind as the user        
+        $ret = true;
+        $this->_bind = @ldap_bind($this->_conn, $username . $this->_account_suffix, $password);
+        if (!$this->_bind){ $ret = false; }
+        
+        // Cnce we've checked their details, kick back into admin mode if we have it
+        if ($this->_ad_username !== NULL && !$prevent_rebind) {
+            $this->_bind = @ldap_bind($this->_conn, $this->_ad_username . $this->_account_suffix , $this->_ad_password);
+            if (!$this->_bind){
+                // This should never happen in theory
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->get_last_error());
+            } 
+        }
+        
+        return $ret;
+    }
+
+    //*****************************************************************************************************************
+    // GROUP FUNCTIONS
+
+    /**
+    * Add a group to a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function group_add_group($parent,$child){
+
+        // Find the parent group's dn
+        $parent_group=$this->group_info($parent,array("cn"));
+        if ($parent_group[0]["dn"]===NULL){ return (false); }
+        $parent_dn=$parent_group[0]["dn"];
+        
+        // Find the child group's dn
+        $child_group=$this->group_info($child,array("cn"));
+        if ($child_group[0]["dn"]===NULL){ return (false); }
+        $child_dn=$child_group[0]["dn"];
+                
+        $add=array();
+        $add["member"] = $child_dn;
+        
+        $result=@ldap_mod_add($this->_conn,$parent_dn,$add);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Add a user to a group
+    * 
+    * @param string $group The group to add the user to
+    * @param string $user The user to add to the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function group_add_user($group,$user,$isGUID=false){
+        // Adding a user is a bit fiddly, we need to get the full DN of the user
+        // and add it using the full DN of the group
+        
+        // Find the user's dn
+        $user_dn=$this->user_dn($user,$isGUID);
+        if ($user_dn===false){ return (false); }
+        
+        // Find the group's dn
+        $group_info=$this->group_info($group,array("cn"));
+        if ($group_info[0]["dn"]===NULL){ return (false); }
+        $group_dn=$group_info[0]["dn"];
+        
+        $add=array();
+        $add["member"] = $user_dn;
+        
+        $result=@ldap_mod_add($this->_conn,$group_dn,$add);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Add a contact to a group
+    * 
+    * @param string $group The group to add the contact to
+    * @param string $contact_dn The DN of the contact to add
+    * @return bool
+    */
+    public function group_add_contact($group,$contact_dn){
+        // To add a contact we take the contact's DN
+        // and add it using the full DN of the group
+        
+        // Find the group's dn
+        $group_info=$this->group_info($group,array("cn"));
+        if ($group_info[0]["dn"]===NULL){ return (false); }
+        $group_dn=$group_info[0]["dn"];
+        
+        $add=array();
+        $add["member"] = $contact_dn;
+        
+        $result=@ldap_mod_add($this->_conn,$group_dn,$add);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+
+    /**
+    * Create a group
+    * 
+    * @param array $attributes Default attributes of the group
+    * @return bool
+    */
+    public function group_create($attributes){
+        if (!is_array($attributes)){ return ("Attributes must be an array"); }
+        if (!array_key_exists("group_name",$attributes)){ return ("Missing compulsory field [group_name]"); }
+        if (!array_key_exists("container",$attributes)){ return ("Missing compulsory field [container]"); }
+        if (!array_key_exists("description",$attributes)){ return ("Missing compulsory field [description]"); }
+        if (!is_array($attributes["container"])){ return ("Container attribute must be an array."); }
+        $attributes["container"]=array_reverse($attributes["container"]);
+
+        //$member_array = array();
+        //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+        //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+        
+        $add=array();
+        $add["cn"] = $attributes["group_name"];
+        $add["samaccountname"] = $attributes["group_name"];
+        $add["objectClass"] = "Group";
+        $add["description"] = $attributes["description"];
+        //$add["member"] = $member_array; UNTESTED
+
+        $container="OU=".implode(",OU=",$attributes["container"]);
+        $result=ldap_add($this->_conn,"CN=".$add["cn"].", ".$container.",".$this->_base_dn,$add);
+        if ($result!=true){ return (false); }
+        
+        return (true);
+    }
+
+    /**
+    * Remove a group from a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function group_del_group($parent,$child){
+    
+        // Find the parent dn
+        $parent_group=$this->group_info($parent,array("cn"));
+        if ($parent_group[0]["dn"]===NULL){ return (false); }
+        $parent_dn=$parent_group[0]["dn"];
+        
+        // Find the child dn
+        $child_group=$this->group_info($child,array("cn"));
+        if ($child_group[0]["dn"]===NULL){ return (false); }
+        $child_dn=$child_group[0]["dn"];
+        
+        $del=array();
+        $del["member"] = $child_dn;
+        
+        $result=@ldap_mod_del($this->_conn,$parent_dn,$del);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Remove a user from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $user The AD user to remove from the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function group_del_user($group,$user,$isGUID=false){
+    
+        // Find the parent dn
+        $group_info=$this->group_info($group,array("cn"));
+        if ($group_info[0]["dn"]===NULL){ return (false); }
+        $group_dn=$group_info[0]["dn"];
+        
+        // Find the users dn
+        $user_dn=$this->user_dn($user,$isGUID);
+        if ($user_dn===false){ return (false); }
+
+        $del=array();
+        $del["member"] = $user_dn;
+        
+        $result=@ldap_mod_del($this->_conn,$group_dn,$del);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Remove a contact from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $contact_dn The DN of a contact to remove from the group
+    * @return bool
+    */
+    public function group_del_contact($group,$contact_dn){
+    
+        // Find the parent dn
+        $group_info=$this->group_info($group,array("cn"));
+        if ($group_info[0]["dn"]===NULL){ return (false); }
+        $group_dn=$group_info[0]["dn"];
+    
+        $del=array();
+        $del["member"] = $contact_dn;
+        
+        $result=@ldap_mod_del($this->_conn,$group_dn,$del);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Return a list of groups in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get groups
+    * @return array
+    */
+    public function groups_in_group($group, $recursive = NULL){
+        if (!$this->_bind){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } // Use the default option if they haven't set it 
+        
+        // Search the directory for the members of a group
+        $info=$this->group_info($group,array("member","cn"));
+        $groups=$info[0]["member"];
+        if (!is_array($groups)) {
+            return (false);   
+        }
+ 
+        $group_array=array();
+
+        for ($i=0; $i<$groups["count"]; $i++){ 
+             $filter="(&(objectCategory=group)(distinguishedName=".$this->ldap_slashes($groups[$i])."))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+             $entries = ldap_get_entries($this->_conn, $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter="(&(objectCategory=group)(distinguishedName=".$this->ldap_slashes($groups[$i])."))";  
+                $fields = array("distinguishedname");  
+                $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);  
+                $entries = ldap_get_entries($this->_conn, $sr);  
+                if (!isset($entries[0]['distinguishedname'][0])) {
+                    continue;  
+                }
+                $sub_groups = $this->groups_in_group($entries[0]['distinguishedname'][0], $recursive);  
+                if (is_array($sub_groups)) {
+                    $group_array = array_merge($group_array, $sub_groups); 
+                    $group_array = array_unique($group_array);  
+                }
+                continue;  
+             } 
+
+             $group_array[] = $entries[0]['distinguishedname'][0];
+        }
+        return ($group_array);
+    }
+    
+    /**
+    * Return a list of members in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get group members
+    * @return array
+    */
+    public function group_members($group, $recursive = NULL){
+        if (!$this->_bind){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } // Use the default option if they haven't set it 
+        // Search the directory for the members of a group
+        $info=$this->group_info($group,array("member","cn"));
+        $users=$info[0]["member"];
+        if (!is_array($users)) {
+            return (false);   
+        }
+ 
+        $user_array=array();
+
+        for ($i=0; $i<$users["count"]; $i++){ 
+             $filter="(&(objectCategory=person)(distinguishedName=".$this->ldap_slashes($users[$i])."))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+             $entries = ldap_get_entries($this->_conn, $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter="(&(objectCategory=group)(distinguishedName=".$this->ldap_slashes($users[$i])."))";  
+                $fields = array("samaccountname");  
+                $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);  
+                $entries = ldap_get_entries($this->_conn, $sr);  
+                if (!isset($entries[0]['samaccountname'][0])) {
+                    continue;  
+                }
+                $sub_users = $this->group_members($entries[0]['samaccountname'][0], $recursive);  
+                if (is_array($sub_users)) {
+                    $user_array = array_merge($user_array, $sub_users); 
+                    $user_array = array_unique($user_array);  
+                }
+                continue;  
+             } 
+
+             if ($entries[0]['samaccountname'][0] === NULL && $entries[0]['distinguishedname'][0] !== NULL) {
+                 $user_array[] = $entries[0]['distinguishedname'][0];
+             }
+             elseif ($entries[0]['samaccountname'][0] !== NULL) {
+                $user_array[] = $entries[0]['samaccountname'][0];
+             }
+        }
+        return ($user_array);
+    }
+    
+    /**
+    * Group Information.  Returns an array of information about a group.
+    * The group name is case sensitive
+    * 
+    * @param string $group_name The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return array
+    */
+    public function group_info($group_name,$fields=NULL){
+        if ($group_name===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+        
+        if (stristr($group_name, '+')) {
+            $group_name=stripslashes($group_name);   
+        }
+        
+        $filter="(&(objectCategory=group)(name=".$this->ldap_slashes($group_name)."))";
+        //echo ($filter."!!!<br>");
+        if ($fields===NULL){ $fields=array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); }
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+        //print_r($entries);
+        return ($entries);
+    }
+    
+    /**
+    * Return a complete list of "groups in groups"
+    * 
+    * @param string $group The group to get the list from
+    * @return array
+    */
+    public function recursive_groups($group){
+        if ($group===NULL){ return (false); }
+
+        $ret_groups=array();          
+        
+        $groups=$this->group_info($group,array("memberof"));
+        if (isset($groups[0]["memberof"]) && is_array($groups[0]["memberof"])) {
+            $groups=$groups[0]["memberof"];
+
+            if ($groups){
+                $group_names=$this->nice_names($groups);
+                $ret_groups=array_merge($ret_groups,$group_names); //final groups to return
+                
+                foreach ($group_names as $id => $group_name){
+                    $child_groups=$this->recursive_groups($group_name);
+                    $ret_groups=array_merge($ret_groups,$child_groups);
+                }
+            }
+        }
+
+        return ($ret_groups);
+    }
+    
+    /**
+    * Returns a complete list of the groups in AD based on a SAM Account Type  
+    * 
+    * @param string $samaccounttype The account type to return
+    * @param bool $include_desc Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function search_groups($samaccounttype = ADLDAP_SECURITY_GLOBAL_GROUP, $include_desc = false, $search = "*", $sorted = true) {
+        if (!$this->_bind){ return (false); }
+        
+        $filter = '(&(objectCategory=group)';
+        if ($samaccounttype !== null) {
+            $filter .= '(samaccounttype='. $samaccounttype .')';
+        }
+        $filter .= '(cn='.$search.'))';
+        // Perform the search and grab all their details
+        $fields=array("samaccountname","description");
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+
+        $groups_array = array();        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($include_desc && strlen($entries[$i]["description"][0]) > 0 ){
+                $groups_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["description"][0];
+            } elseif ($include_desc){
+                $groups_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["samaccountname"][0];
+            } else {
+                array_push($groups_array, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if( $sorted ){ asort($groups_array); }
+        return ($groups_array);
+    }
+    
+    /**
+    * Returns a complete list of all groups in AD
+    * 
+    * @param bool $include_desc Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all_groups($include_desc = false, $search = "*", $sorted = true){
+        $groups_array = $this->search_groups(null, $include_desc, $search, $sorted);
+        return ($groups_array);
+    }
+    
+    /**
+    * Returns a complete list of security groups in AD
+    * 
+    * @param bool $include_desc Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all_security_groups($include_desc = false, $search = "*", $sorted = true){
+        $groups_array = $this->search_groups(ADLDAP_SECURITY_GLOBAL_GROUP, $include_desc, $search, $sorted);
+        return ($groups_array);
+    }
+    
+    /**
+    * Returns a complete list of distribution lists in AD
+    * 
+    * @param bool $include_desc Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all_distribution_groups($include_desc = false, $search = "*", $sorted = true){
+        $groups_array = $this->search_groups(ADLDAP_DISTRIBUTION_GROUP, $include_desc, $search, $sorted);
+        return ($groups_array);
+    }
+    
+    //*****************************************************************************************************************
+    // USER FUNCTIONS
+
+    /**
+    * Create a user
+    * 
+    * If you specify a password here, this can only be performed over SSL
+    * 
+    * @param array $attributes The attributes to set to the user account
+    * @return bool
+    */
+        public function user_create($attributes){
+        // Check for compulsory fields
+        if (!array_key_exists("username",$attributes)){ return ("Missing compulsory field [username]"); }
+        if (!array_key_exists("firstname",$attributes)){ return ("Missing compulsory field [firstname]"); }
+        if (!array_key_exists("surname",$attributes)){ return ("Missing compulsory field [surname]"); }
+        if (!array_key_exists("email",$attributes)){ return ("Missing compulsory field [email]"); }
+        if (!array_key_exists("container",$attributes)){ return ("Missing compulsory field [container]"); }
+        if (!is_array($attributes["container"])){ return ("Container attribute must be an array."); }
+
+        if (array_key_exists("password",$attributes) && (!$this->_use_ssl && !$this->_use_tls)){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        if (!array_key_exists("display_name",$attributes)){ $attributes["display_name"]=$attributes["firstname"]." ".$attributes["surname"]; }
+
+        // Translate the schema
+        $add=$this->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding accounts
+        $add["cn"][0]=$attributes["display_name"];
+        $add["samaccountname"][0]=$attributes["username"];
+        $add["objectclass"][0]="top";
+        $add["objectclass"][1]="person";
+        $add["objectclass"][2]="organizationalPerson";
+        $add["objectclass"][3]="user"; //person?
+        //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+        // Set the account control attribute
+        $control_options=array("NORMAL_ACCOUNT");
+        if (!$attributes["enabled"]){ $control_options[]="ACCOUNTDISABLE"; }
+        $add["userAccountControl"][0]=$this->account_control($control_options);
+        //echo ("<pre>"); print_r($add);
+
+        // Determine the container
+        $attributes["container"]=array_reverse($attributes["container"]);
+        $container="OU=".implode(",OU=",$attributes["container"]);
+
+        // Add the entry
+        $result=@ldap_add($this->_conn, "CN=".$add["cn"][0].", ".$container.",".$this->_base_dn, $add);
+        if ($result!=true){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Delete a user account
+    * 
+    * @param string $username The username to delete (please be careful here!)
+    * @param bool $isGUID Is the username a GUID or a samAccountName
+    * @return array
+    */
+    public function user_delete($username,$isGUID=false) {      
+        $userinfo = $this->user_info($username, array("*"),$isGUID);
+        $dn = $userinfo[0]['distinguishedname'][0];
+        $result=$this->dn_delete($dn);
+        if ($result!=true){ return (false); }        
+        return (true);
+    }
+    
+    /**
+    * Groups the user is a member of
+    * 
+    * @param string $username The username to query
+    * @param bool $recursive Recursive list of groups
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function user_groups($username,$recursive=NULL,$isGUID=false){
+        if ($username===NULL){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } // Use the default option if they haven't set it
+        if (!$this->_bind){ return (false); }
+        
+        // Search the directory for their information
+        $info=@$this->user_info($username,array("memberof","primarygroupid"),$isGUID);
+        $groups=$this->nice_names($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true){
+            foreach ($groups as $id => $group_name){
+                $extra_groups=$this->recursive_groups($group_name);
+                $groups=array_merge($groups,$extra_groups);
+            }
+        }
+        
+        return ($groups);
+    }
+    
+    /**
+    * Find information about the users
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function user_info($username,$fields=NULL,$isGUID=false){
+        if ($username===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+
+        if ($isGUID === true) {
+            $username = $this->strguid2hex($username);
+            $filter="objectguid=".$username;
+        }
+        else if (strstr($username, "@")) {
+             $filter="userPrincipalName=".$username;
+        }
+        else {
+             $filter="samaccountname=".$username;
+        }
+        $filter = "(&(objectCategory=person)({$filter}))";
+        if ($fields===NULL){ $fields=array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); }
+        if (!in_array("objectsid",$fields)){
+            $fields[] = "objectsid";
+        }
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+        
+        if (isset($entries[0])) {
+            if ($entries[0]['count'] >= 1) {
+                if (in_array("memberof", $fields)) {
+                    // AD does not return the primary group in the ldap query, we may need to fudge it
+                    if ($this->_real_primarygroup && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+                        //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                        $entries[0]["memberof"][]=$this->get_primary_group($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+                    } else {
+                        $entries[0]["memberof"][]="CN=Domain Users,CN=Users,".$this->_base_dn;
+                    }
+                    $entries[0]["memberof"]["count"]++;
+                }
+            }
+            return $entries;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a user is in a specific group
+    * 
+    * @param string $username The username to query
+    * @param string $group The name of the group to check against
+    * @param bool $recursive Check groups recursively
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function user_ingroup($username,$group,$recursive=NULL,$isGUID=false){
+        if ($username===NULL){ return (false); }
+        if ($group===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } // Use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups=$this->user_groups($username,$recursive,$isGUID);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group,$groups)){ return (true); }
+
+        return (false);
+    }
+    
+    /**
+    * Determine a user's password expiry date
+    * 
+    * @param string $username The username to query
+    * @param book $isGUID Is the username passed a GUID or a samAccountName
+    * @requires bcmath http://www.php.net/manual/en/book.bc.php
+    * @return array
+    */
+    public function user_password_expiry($username,$isGUID=false) {
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }
+        if (!$this->_bind){ return (false); }
+        if (!function_exists('bcmod')) { return ("Missing function support [bcmod] http://www.php.net/manual/en/book.bc.php"); };
+        
+        $userinfo = $this->user_info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+        $pwdlastset = $userinfo[0]['pwdlastset'][0];
+        $status = array();
+        
+        if ($userinfo[0]['useraccountcontrol'][0] == '66048') {
+            // Password does not expire
+            return "Does not expire";
+        }
+        if ($pwdlastset === '0') {
+            // Password has already expired
+            return "Password has expired";
+        }
+        
+         // Password expiry in AD can be calculated from TWO values:
+         //   - User's own pwdLastSet attribute: stores the last time the password was changed
+         //   - Domain's maxPwdAge attribute: how long passwords last in the domain
+         //
+         // Although Microsoft chose to use a different base and unit for time measurements.
+         // This function will convert them to Unix timestamps
+         $sr = ldap_read($this->_conn, $this->_base_dn, 'objectclass=*', array('maxPwdAge'));
+         if (!$sr) {
+             return false;
+         }
+         $info = ldap_get_entries($this->_conn, $sr);
+         $maxpwdage = $info[0]['maxpwdage'][0];
+         
+
+         // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+         //
+         // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC), 
+         // stored in a 64 bit integer. 
+         //
+         // The number of seconds between this date and Unix epoch is 11644473600.
+         //
+         // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+         // intervals from the time the password was set before the password expires.
+         //
+         // We also need to scale this to seconds but also this value is a _negative_ quantity!
+         //
+         // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+         //
+         // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+         // BCMath functions to work with arbitrary precision numbers.
+         if (bcmod($maxpwdage, 4294967296) === '0') {
+            return "Domain does not expire passwords";
+        }
+        
+        // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+        // time units.  Because maxpwd age is negative we need to subtract it.
+        $pwdexpire = bcsub($pwdlastset, $maxpwdage);
+    
+        // Convert MS's time to Unix time
+        $status['expiryts'] = bcsub(bcdiv($pwdexpire, '10000000'), '11644473600');
+        $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdexpire, '10000000'), '11644473600'));
+        
+        return $status;
+    }
+    
+    /**
+    * Modify a user
+    * 
+    * @param string $username The username to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function user_modify($username,$attributes,$isGUID=false){
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }
+        if (array_key_exists("password",$attributes) && !$this->_use_ssl){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        // Find the dn of the user
+        $user_dn=$this->user_dn($username,$isGUID);
+        if ($user_dn===false){ return (false); }
+        
+        // Translate the update to the LDAP schema                
+        $mod=$this->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod && !array_key_exists("enabled", $attributes)){ return (false); }
+        
+        // Set the account control attribute (only if specified)
+        if (array_key_exists("enabled",$attributes)){
+            if ($attributes["enabled"]){ $control_options=array("NORMAL_ACCOUNT"); }
+            else { $control_options=array("NORMAL_ACCOUNT","ACCOUNTDISABLE"); }
+            $mod["userAccountControl"][0]=$this->account_control($control_options);
+        }
+
+        // Do the update
+        $result=@ldap_modify($this->_conn,$user_dn,$mod);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Disable a user account
+    * 
+    * @param string $username The username to disable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function user_disable($username,$isGUID=false){
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }
+        $attributes=array("enabled"=>0);
+        $result = $this->user_modify($username, $attributes, $isGUID);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Enable a user account
+    * 
+    * @param string $username The username to enable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function user_enable($username,$isGUID=false){
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }
+        $attributes=array("enabled"=>1);
+        $result = $this->user_modify($username, $attributes, $isGUID);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Set the password of a user - This must be performed over SSL
+    * 
+    * @param string $username The username to modify
+    * @param string $password The new password
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function user_password($username,$password,$isGUID=false){
+        if ($username===NULL){ return (false); }
+        if ($password===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+        if (!$this->_use_ssl && !$this->_use_tls){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+        
+        $user_dn=$this->user_dn($username,$isGUID);
+        if ($user_dn===false){ return (false); }
+                
+        $add=array();
+        $add["unicodePwd"][0]=$this->encode_password($password);
+        
+        $result=ldap_mod_replace($this->_conn,$user_dn,$add);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Return a list of all users in AD
+    * 
+    * @param bool $include_desc Return a description of the user
+    * @param string $search Search parameter
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function all_users($include_desc = false, $search = "*", $sorted = true){
+        if (!$this->_bind){ return (false); }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=user)(samaccounttype=". ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=".$search."))";
+        $fields=array("samaccountname","displayname");
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+
+        $users_array = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($include_desc && strlen($entries[$i]["displayname"][0])>0){
+                $users_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["displayname"][0];
+            } elseif ($include_desc){
+                $users_array[ $entries[$i]["samaccountname"][0] ] = $entries[$i]["samaccountname"][0];
+            } else {
+                array_push($users_array, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted){ asort($users_array); }
+        return ($users_array);
+    }
+    
+    /**
+    * Converts a username (samAccountName) to a GUID
+    * 
+    * @param string $username The username to query
+    * @return string
+    */
+    public function username2guid($username) {
+        if (!$this->_bind){ return (false); }
+        if ($username === null){ return ("Missing compulsory field [username]"); }
+        
+        $filter = "samaccountname=" . $username; 
+        $fields = array("objectGUID"); 
+        $sr = @ldap_search($this->_conn, $this->_base_dn, $filter, $fields); 
+        if (ldap_count_entries($this->_conn, $sr) > 0) { 
+            $entry = @ldap_first_entry($this->_conn, $sr); 
+            $guid = @ldap_get_values_len($this->_conn, $entry, 'objectGUID'); 
+            $strGUID = $this->binary2text($guid[0]);          
+            return ($strGUID); 
+        }
+        else { 
+            return (false); 
+        } 
+    }
+    
+    /**
+    * Move a user account to a different OU
+    *
+    * @param string $username The username to move (please be careful here!)
+    * @param array $container The container or containers to move the user to (please be careful here!).
+    * accepts containers in 1. parent 2. child order
+    * @return array
+    */
+    public function user_move($username, $container) {
+        if (!$this->_bind){ return (false); }
+        if ($username === null){ return ("Missing compulsory field [username]"); }
+        if ($container === null){ return ("Missing compulsory field [container]"); }
+        if (!is_array($container)){ return ("Container must be an array"); }
+        
+        $userinfo = $this->user_info($username, array("*"));
+        $dn = $userinfo[0]['distinguishedname'][0];
+        $newrdn = "cn=" . $username;
+        $container = array_reverse($container);
+        $newcontainer = "ou=" . implode(",ou=",$container);
+        $newbasedn = strtolower($newcontainer) . "," . $this->_base_dn;
+        $result=@ldap_rename($this->_conn,$dn,$newrdn,$newbasedn,true);
+        if ($result !== true) {
+            return (false);
+        }
+        return (true);
+    }
+    
+    //*****************************************************************************************************************
+    // CONTACT FUNCTIONS
+    // * Still work to do in this area, and new functions to write
+    
+    /**
+    * Create a contact
+    * 
+    * @param array $attributes The attributes to set to the contact
+    * @return bool
+    */
+    public function contact_create($attributes){
+        // Check for compulsory fields
+        if (!array_key_exists("display_name",$attributes)){ return ("Missing compulsory field [display_name]"); }
+        if (!array_key_exists("email",$attributes)){ return ("Missing compulsory field [email]"); }
+        if (!array_key_exists("container",$attributes)){ return ("Missing compulsory field [container]"); }
+        if (!is_array($attributes["container"])){ return ("Container attribute must be an array."); }
+
+        // Translate the schema
+        $add=$this->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding contacts
+        $add["cn"][0]=$attributes["display_name"];
+        $add["objectclass"][0]="top";
+        $add["objectclass"][1]="person";
+        $add["objectclass"][2]="organizationalPerson";
+        $add["objectclass"][3]="contact"; 
+        if (!isset($attributes['exchange_hidefromlists'])) {
+            $add["msExchHideFromAddressLists"][0]="TRUE";
+        }
+
+        // Determine the container
+        $attributes["container"]=array_reverse($attributes["container"]);
+        $container="OU=".implode(",OU=",$attributes["container"]);
+
+        // Add the entry
+        $result=@ldap_add($this->_conn, "CN=".$add["cn"][0].", ".$container.",".$this->_base_dn, $add);
+        if ($result!=true){ return (false); }
+        
+        return (true);
+    }  
+    
+    /**
+    * Determine the list of groups a contact is a member of
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param bool $recursive Recursively check groups
+    * @return array
+    */
+    public function contact_groups($distinguishedname,$recursive=NULL){
+        if ($distinguishedname===NULL){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } //use the default option if they haven't set it
+        if (!$this->_bind){ return (false); }
+        
+        // Search the directory for their information
+        $info=@$this->contact_info($distinguishedname,array("memberof","primarygroupid"));
+        $groups=$this->nice_names($info[0]["memberof"]); //presuming the entry returned is our contact
+
+        if ($recursive === true){
+            foreach ($groups as $id => $group_name){
+                $extra_groups=$this->recursive_groups($group_name);
+                $groups=array_merge($groups,$extra_groups);
+            }
+        }
+        
+        return ($groups);
+    }
+    
+    /**
+    * Get contact information
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param array $fields Attributes to be returned
+    * @return array
+    */
+    public function contact_info($distinguishedname,$fields=NULL){
+        if ($distinguishedname===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+
+        $filter="distinguishedName=".$distinguishedname;
+        if ($fields===NULL){ $fields=array("distinguishedname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); }
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+        
+        if ($entries[0]['count'] >= 1) {
+            // AD does not return the primary group in the ldap query, we may need to fudge it
+            if ($this->_real_primarygroup && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
+                //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                $entries[0]["memberof"][]=$this->get_primary_group($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+            } else {
+                $entries[0]["memberof"][]="CN=Domain Users,CN=Users,".$this->_base_dn;
+            }
+        }
+        
+        $entries[0]["memberof"]["count"]++;
+        return ($entries);
+    }
+    
+    /**
+    * Determine if a contact is a member of a group
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param string $group The group name to query
+    * @param bool $recursive Recursively check groups
+    * @return bool
+    */
+    public function contact_ingroup($distinguisedname,$group,$recursive=NULL){
+        if ($distinguisedname===NULL){ return (false); }
+        if ($group===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } //use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups=$this->contact_groups($distinguisedname,array("memberof"),$recursive);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group,$groups)){ return (true); }
+
+        return (false);
+    }          
+    
+    /**
+    * Modify a contact
+    * 
+    * @param string $distinguishedname The contact to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @return bool
+    */
+    public function contact_modify($distinguishedname,$attributes){
+        if ($distinguishedname===NULL){ return ("Missing compulsory field [distinguishedname]"); }
+        
+        // Translate the update to the LDAP schema                
+        $mod=$this->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod){ return (false); }
+        
+        // Do the update
+        $result=ldap_modify($this->_conn,$distinguishedname,$mod);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Delete a contact
+    * 
+    * @param string $distinguishedname The contact dn to delete (please be careful here!)
+    * @return array
+    */
+    public function contact_delete($distinguishedname) {
+        $result = $this->dn_delete($distinguishedname);
+        if ($result!=true){ return (false); }       
+        return (true);
+    }
+    
+    /**
+    * Return a list of all contacts
+    * 
+    * @param bool $include_desc Include a description of a contact
+    * @param string $search The search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all_contacts($include_desc = false, $search = "*", $sorted = true){
+        if (!$this->_bind){ return (false); }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=contact)(cn=".$search."))";
+        $fields=array("displayname","distinguishedname");           
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+
+        $users_array = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($include_desc && strlen($entries[$i]["displayname"][0])>0){
+                $users_array[ $entries[$i]["distinguishedname"][0] ] = $entries[$i]["displayname"][0];
+            } elseif ($include_desc){
+                $users_array[ $entries[$i]["distinguishedname"][0] ] = $entries[$i]["distinguishedname"][0];
+            } else {
+                array_push($users_array, $entries[$i]["distinguishedname"][0]);
+            }
+        }
+        if ($sorted){ asort($users_array); }
+        return ($users_array);
+    }
+    
+    //*****************************************************************************************************************
+    // FOLDER FUNCTIONS
+    
+    /**
+    * Returns a folder listing for a specific OU
+    * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+    * 
+    * @param array $folder_name An array to the OU you wish to list. 
+    *                           If set to NULL will list the root, strongly recommended to set 
+    *                           $recursive to false in that instance!
+    * @param string $dn_type The type of record to list.  This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+    * @param bool $recursive Recursively search sub folders
+    * @param bool $type Specify a type of object to search for
+    * @return array
+    */
+    public function folder_list($folder_name = NULL, $dn_type = ADLDAP_FOLDER, $recursive = NULL, $type = NULL) {
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } //use the default option if they haven't set it
+        if (!$this->_bind){ return (false); }
+
+        $filter = '(&';
+        if ($type !== NULL) {
+            switch ($type) {
+                case 'contact':
+                    $filter .= '(objectClass=contact)';
+                    break;
+                case 'computer':
+                    $filter .= '(objectClass=computer)';
+                    break;
+                case 'group':
+                    $filter .= '(objectClass=group)';
+                    break;
+                case 'folder':
+                    $filter .= '(objectClass=organizationalUnit)';
+                    break;
+                case 'container':
+                    $filter .= '(objectClass=container)';
+                    break;
+                case 'domain':
+                    $filter .= '(objectClass=builtinDomain)';
+                    break;
+                default:
+                    $filter .= '(objectClass=user)';
+                    break;   
+            }
+        }
+        else {
+            $filter .= '(objectClass=*)';   
+        }
+        // If the folder name is null then we will search the root level of AD
+        // This requires us to not have an OU= part, just the base_dn
+        $searchou = $this->_base_dn;
+        if (is_array($folder_name)) {
+            $ou = $dn_type . "=".implode("," . $dn_type . "=",$folder_name);
+            $filter .= '(!(distinguishedname=' . $ou . ',' . $this->_base_dn . ')))';
+            $searchou = $ou . ',' . $this->_base_dn;
+        }
+        else {
+            $filter .= '(!(distinguishedname=' . $this->_base_dn . ')))';
+        }
+
+        if ($recursive === true) {
+            $sr=ldap_search($this->_conn, $searchou, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->_conn, $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        else {
+            $sr=ldap_list($this->_conn, $searchou, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->_conn, $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        
+        return false;
+    }
+    
+    //*****************************************************************************************************************
+    // COMPUTER FUNCTIONS
+    
+    /**
+    * Get information about a specific computer
+    * 
+    * @param string $computer_name The name of the computer
+    * @param array $fields Attributes to return
+    * @return array
+    */
+    public function computer_info($computer_name,$fields=NULL){
+        if ($computer_name===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+
+        $filter="(&(objectClass=computer)(cn=".$computer_name."))";
+        if ($fields===NULL){ $fields=array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion"); }
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+        
+        return ($entries);
+    }
+    
+    /**
+    * Check if a computer is in a group
+    * 
+    * @param string $computer_name The name of the computer
+    * @param string $group The group to check
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function computer_ingroup($computer_name,$group,$recursive=NULL){
+        if ($computer_name===NULL){ return (false); }
+        if ($group===NULL){ return (false); }
+        if (!$this->_bind){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } // use the default option if they haven't set it
+
+        //get a list of the groups
+        $groups=$this->computer_groups($computer_name,array("memberof"),$recursive);
+
+        //return true if the specified group is in the group list
+        if (in_array($group,$groups)){ return (true); }
+
+        return (false);
+    }
+    
+    /**
+    * Get the groups a computer is in
+    * 
+    * @param string $computer_name The name of the computer
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function computer_groups($computer_name,$recursive=NULL){
+        if ($computer_name===NULL){ return (false); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; } //use the default option if they haven't set it
+        if (!$this->_bind){ return (false); }
+
+        //search the directory for their information
+        $info=@$this->computer_info($computer_name,array("memberof","primarygroupid"));
+        $groups=$this->nice_names($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true){
+            foreach ($groups as $id => $group_name){
+              $extra_groups=$this->recursive_groups($group_name);
+              $groups=array_merge($groups,$extra_groups);
+            }
+        }
+
+        return ($groups);
+    }
+    
+    //************************************************************************************************************
+    //  ORGANIZATIONAL UNIT FUNCTIONS
+    
+     /**
+    * Create an organizational unit
+    * 
+    * @param array $attributes Default attributes of the ou
+    * @return bool
+    */
+    public function ou_create($attributes){
+        if (!is_array($attributes)){ return ("Attributes must be an array"); }
+        if (!array_key_exists("ou_name",$attributes)){ return ("Missing compulsory field [ou_name]"); }
+        if (!array_key_exists("container",$attributes)){ return ("Missing compulsory field [container]"); }
+        if (!is_array($attributes["container"])){ return ("Container attribute must be an array."); }
+        $attributes["container"]=array_reverse($attributes["container"]);
+
+        $add=array();
+        $add["objectClass"] = "organizationalUnit";
+
+        $container="OU=".implode(",OU=",$attributes["container"]);
+        $result=ldap_add($this->_conn,"CN=".$add["cn"].", ".$container.",".$this->_base_dn,$add);
+        if ($result!=true){ return (false); }
+        
+        return (true);
+    }
+    
+    //************************************************************************************************************
+    // EXCHANGE FUNCTIONS
+    
+    /**
+    * Create an Exchange account
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param array $storagegroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+    *                            If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+    * @param string $emailaddress The primary email address to add to this user
+    * @param string $mailnickname The mail nick name.  If mail nickname is blank, the username will be used
+    * @param bool $usedefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+    * @param string $base_dn Specify an alternative base_dn for the Exchange storage group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function exchange_create_mailbox($username, $storagegroup, $emailaddress, $mailnickname=NULL, $usedefaults=TRUE, $base_dn=NULL, $isGUID=false){
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }     
+        if ($storagegroup===NULL){ return ("Missing compulsory array [storagegroup]"); }
+        if (!is_array($storagegroup)){ return ("[storagegroup] must be an array"); }
+        if ($emailaddress===NULL){ return ("Missing compulsory field [emailaddress]"); }
+        
+        if ($base_dn===NULL) {
+            $base_dn = $this->_base_dn;   
+        }
+        
+        $container="CN=".implode(",CN=",$storagegroup);
+        
+        if ($mailnickname===NULL) { $mailnickname=$username; }
+        $mdbUseDefaults = $this->bool2str($usedefaults);
+        
+        $attributes = array(
+            'exchange_homemdb'=>$container.",".$base_dn,
+            'exchange_proxyaddress'=>'SMTP:' . $emailaddress,
+            'exchange_mailnickname'=>$mailnickname,
+            'exchange_usedefaults'=>$mdbUseDefaults
+        );
+        $result = $this->user_modify($username,$attributes,$isGUID);
+        if ($result==false){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Add an X400 address to Exchange
+    * See http://tools.ietf.org/html/rfc1685 for more information.
+    * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+    * 
+    * @param string $username The username of the user to add the X400 to to
+    * @param string $country Country
+    * @param string $admd Administration Management Domain
+    * @param string $pdmd Private Management Domain (often your AD domain)
+    * @param string $org Organization
+    * @param string $surname Surname
+    * @param string $givenName Given name
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function exchange_add_X400($username, $country, $admd, $pdmd, $org, $surname, $givenname, $isGUID=false) {
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }     
+        
+        $proxyvalue = 'X400:';
+            
+        // Find the dn of the user
+        $user=$this->user_info($username,array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"]===NULL){ return (false); }
+        $user_dn=$user[0]["dn"];
+        
+        // We do not have to demote an email address from the default so we can just add the new proxy address
+        $attributes['exchange_proxyaddress'] = $proxyvalue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenname . ';';
+       
+        // Translate the update to the LDAP schema                
+        $add=$this->adldap_schema($attributes);
+        
+        if (!$add){ return (false); }
+        
+        // Do the update
+        // Take out the @ to see any errors, usually this error might occur because the address already
+        // exists in the list of proxyAddresses
+        $result=@ldap_mod_add($this->_conn,$user_dn,$add);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Add an address to Exchange
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailaddress The email address to add to this user
+    * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function exchange_add_address($username, $emailaddress, $default=FALSE, $isGUID=false) {
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }     
+        if ($emailaddress===NULL) { return ("Missing compulsory fields [emailaddress]"); }
+        
+        $proxyvalue = 'smtp:';
+        if ($default === true) {
+            $proxyvalue = 'SMTP:';
+        }
+              
+        // Find the dn of the user
+        $user=$this->user_info($username,array("cn","proxyaddresses"),$isGUID);
+        if ($user[0]["dn"]===NULL){ return (false); }
+        $user_dn=$user[0]["dn"];
+        
+        // We need to scan existing proxy addresses and demote the default one
+        if (is_array($user[0]["proxyaddresses"]) && $default===true) {
+            $modaddresses = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] != '') {
+                    $modaddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+                }
+            }
+            $modaddresses['proxyAddresses'][(sizeof($user[0]['proxyaddresses'])-1)] = 'SMTP:' . $emailaddress;
+            
+            $result=@ldap_mod_replace($this->_conn,$user_dn,$modaddresses);
+            if ($result==false){ return (false); }
+            
+            return (true);
+        }
+        else {
+            // We do not have to demote an email address from the default so we can just add the new proxy address
+            $attributes['exchange_proxyaddress'] = $proxyvalue . $emailaddress;
+            
+            // Translate the update to the LDAP schema                
+            $add=$this->adldap_schema($attributes);
+            
+            if (!$add){ return (false); }
+            
+            // Do the update
+            // Take out the @ to see any errors, usually this error might occur because the address already
+            // exists in the list of proxyAddresses
+            $result=@ldap_mod_add($this->_conn,$user_dn,$add);
+            if ($result==false){ return (false); }
+            
+            return (true);
+        }
+    }
+    
+    /**
+    * Remove an address to Exchange
+    * If you remove a default address the account will no longer have a default, 
+    * we recommend changing the default address first
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailaddress The email address to add to this user
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function exchange_del_address($username, $emailaddress, $isGUID=false) {
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }     
+        if ($emailaddress===NULL) { return ("Missing compulsory fields [emailaddress]"); }
+        
+        // Find the dn of the user
+        $user=$this->user_info($username,array("cn","proxyaddresses"),$isGUID);
+        if ($user[0]["dn"]===NULL){ return (false); }
+        $user_dn=$user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $mod = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false && $user[0]['proxyaddresses'][$i] == 'SMTP:' . $emailaddress) {
+                    $mod['proxyAddresses'][0] = 'SMTP:' . $emailaddress;
+                }
+                elseif (strstr($user[0]['proxyaddresses'][$i], 'smtp:') !== false && $user[0]['proxyaddresses'][$i] == 'smtp:' . $emailaddress) {
+                    $mod['proxyAddresses'][0] = 'smtp:' . $emailaddress;
+                }
+            }
+            
+            $result=@ldap_mod_del($this->_conn,$user_dn,$mod);
+            if ($result==false){ return (false); }
+            
+            return (true);
+        }
+        else {
+            return (false);
+        }
+    }
+    /**
+    * Change the default address
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailaddress The email address to make default
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function exchange_primary_address($username, $emailaddress, $isGUID=false) {
+        if ($username===NULL){ return ("Missing compulsory field [username]"); }     
+        if ($emailaddress===NULL) { return ("Missing compulsory fields [emailaddress]"); }
+        
+        // Find the dn of the user
+        $user=$this->user_info($username,array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"]===NULL){ return (false); }
+        $user_dn=$user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $modaddresses = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailaddress) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] != '') {
+                    $modaddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+                }
+            }
+            
+            $result=@ldap_mod_replace($this->_conn,$user_dn,$modaddresses);
+            if ($result==false){ return (false); }
+            
+            return (true);
+        }
+        
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedname The contact to mail enable
+    * @param string $emailaddress The email address to allow emails to be sent through
+    * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function exchange_contact_mailenable($distinguishedname, $emailaddress, $mailnickname=NULL){
+        if ($distinguishedname===NULL){ return ("Missing compulsory field [distinguishedname]"); }   
+        if ($emailaddress===NULL){ return ("Missing compulsory field [emailaddress]"); }  
+        
+        if ($mailnickname !== NULL) {
+            // Find the dn of the user
+            $user=$this->contact_info($distinguishedname,array("cn","displayname"));
+            if ($user[0]["displayname"]===NULL){ return (false); }
+            $mailnickname = $user[0]['displayname'][0];
+        }
+        
+        $attributes = array("email"=>$emailaddress,"contact_email"=>"SMTP:" . $emailaddress,"exchange_proxyaddress"=>"SMTP:" . $emailaddress,"exchange_mailnickname"=>$mailnickname);
+         
+        // Translate the update to the LDAP schema                
+        $mod=$this->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod){ return (false); }
+        
+        // Do the update
+        $result=ldap_modify($this->_conn,$distinguishedname,$mod);
+        if ($result==false){ return (false); }
+        
+        return (true);
+    }
+    
+    /**
+    * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+    * 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function exchange_servers($attributes = array('cn','distinguishedname','serialnumber')) {
+        if (!$this->_bind){ return (false); }
+        
+        $configurationNamingContext = $this->get_root_dse(array('configurationnamingcontext'));
+        $sr = @ldap_search($this->_conn,$configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))',$attributes);
+        $entries = @ldap_get_entries($this->_conn, $sr);
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Storage Groups in Exchange for a given mail server
+    * 
+    * @param string $exchangeServer The full DN of an Exchange server.  You can use exchange_servers() to find the DN for your server
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @param bool $recursive If enabled this will automatically query the databases within a storage group
+    * @return array
+    */
+    public function exchange_storage_groups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) {
+        if (!$this->_bind){ return (false); }
+        if ($exchangeServer===NULL){ return ("Missing compulsory field [exchangeServer]"); }
+        if ($recursive===NULL){ $recursive=$this->_recursive_groups; }
+
+        $filter = '(&(objectCategory=msExchStorageGroup))';
+        $sr=@ldap_search($this->_conn, $exchangeServer, $filter, $attributes);
+        $entries = @ldap_get_entries($this->_conn, $sr);
+
+        if ($recursive === true) {
+            for ($i=0; $i<$entries['count']; $i++) {
+                $entries[$i]['msexchprivatemdb'] = $this->exchange_storage_databases($entries[$i]['distinguishedname'][0]);       
+            }
+        }
+        
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Databases within any given storage group in Exchange for a given mail server
+    * 
+    * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function exchange_storage_databases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+        if (!$this->_bind){ return (false); }
+        if ($storageGroup===NULL){ return ("Missing compulsory field [storageGroup]"); }
+        
+        $filter = '(&(objectCategory=msExchPrivateMDB))';
+        $sr=@ldap_search($this->_conn, $storageGroup, $filter, $attributes);
+        $entries = @ldap_get_entries($this->_conn, $sr);
+        return $entries;
+    }
+    
+    //************************************************************************************************************
+    // SERVER FUNCTIONS
+    
+    /**
+    * Find the Base DN of your domain controller
+    * 
+    * @return string
+    */
+    public function find_base_dn() {
+        $namingContext = $this->get_root_dse(array('defaultnamingcontext'));   
+        return $namingContext[0]['defaultnamingcontext'][0];
+    }
+    
+    /**
+    * Get the RootDSE properties from a domain controller
+    * 
+    * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+    * @return array
+    */
+    public function get_root_dse($attributes = array("*", "+")) {
+        if (!$this->_bind){ return (false); }
+        
+        $sr = @ldap_read($this->_conn, NULL, 'objectClass=*', $attributes);
+        $entries = @ldap_get_entries($this->_conn, $sr);
+        return $entries;
+    }
+
+    //************************************************************************************************************
+    // UTILITY FUNCTIONS (Many of these functions are protected and can only be called from within the class)
+
+    /**
+    * Get last error from Active Directory
+    * 
+    * This function gets the last message from Active Directory
+    * This may indeed be a 'Success' message but if you get an unknown error
+    * it might be worth calling this function to see what errors were raised
+    * 
+    * return string
+    */
+    public function get_last_error() {
+        return @ldap_error($this->_conn);
+    }
+    
+    /**
+    * Detect LDAP support in php
+    * 
+    * @return bool
+    */    
+    protected function ldap_supported() {
+        if (!function_exists('ldap_connect')) {
+            return (false);   
+        }
+        return (true);
+    }
+    
+    /**
+    * Schema
+    * 
+    * @param array $attributes Attributes to be queried
+    * @return array
+    */    
+    protected function adldap_schema($attributes){
+    
+        // LDAP doesn't like NULL attributes, only set them if they have values
+        // If you wish to remove an attribute you should set it to a space
+        // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+        $mod=array();
+        
+        // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+        array_walk($attributes, array($this, 'encode8bit'));
+
+        if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
+        if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
+        //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+        if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
+        if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+        if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
+        if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+        if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
+        if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
+        if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
+        if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
+        if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
+        if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
+        if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+        if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
+        if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+        if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+        if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
+        if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+        if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; }  //UNTESTED ***Use DistinguishedName***
+        if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+        if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->encode_password($attributes["password"]); }
+        if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+        if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+        if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
+        if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
+        if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+        if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
+        if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
+        if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+        if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+        if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+        if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+        
+        // Distribution List specific schema
+        if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+        if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+        
+        // Exchange Schema
+        if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+        if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+        if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+        if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+        if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+        if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }       
+        if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }       
+        
+        // This schema is designed for contacts
+        if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+        if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+        
+        //echo ("<pre>"); print_r($mod);
+        /*
+        // modifying a name is a bit fiddly
+        if ($attributes["firstname"] && $attributes["surname"]){
+            $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+        }
+        */
+
+        if (count($mod)==0){ return (false); }
+        return ($mod);
+    }
+
+    /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * For some reason it's not possible to search on primarygrouptoken=XXX
+    * If someone can show otherwise, I'd like to know about it :)
+    * this way is resource intensive and generally a pain in the @#%^
+    * 
+    * @deprecated deprecated since version 3.1, see get get_primary_group
+    * @param string $gid Group ID
+    * @return string
+    */
+    protected function group_cn($gid){    
+        if ($gid===NULL){ return (false); }
+        $r=false;
+        
+        $filter="(&(objectCategory=group)(samaccounttype=". ADLDAP_SECURITY_GLOBAL_GROUP ."))";
+        $fields=array("primarygrouptoken","samaccountname","distinguishedname");
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($entries[$i]["primarygrouptoken"][0]==$gid){
+                $r=$entries[$i]["distinguishedname"][0];
+                $i=$entries["count"];
+            }
+        }
+
+        return ($r);
+    }
+    
+    /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * This is a re-write based on code submitted by Bruce which prevents the 
+    * need to search each security group to find the true primary group
+    * 
+    * @param string $gid Group ID
+    * @param string $usersid User's Object SID
+    * @return string
+    */
+    protected function get_primary_group($gid, $usersid){
+        if ($gid===NULL || $usersid===NULL){ return (false); }
+        $r=false;
+
+        $gsid = substr_replace($usersid,pack('V',$gid),strlen($usersid)-4,4);
+        $filter='(objectsid='.$this->getTextSID($gsid).')';
+        $fields=array("samaccountname","distinguishedname");
+        $sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
+        $entries = ldap_get_entries($this->_conn, $sr);
+
+        return $entries[0]['distinguishedname'][0];
+     }
+     
+    /**
+    * Convert a binary SID to a text SID
+    * 
+    * @param string $binsid A Binary SID
+    * @return string
+    */
+     protected function getTextSID($binsid) {
+        $hex_sid = bin2hex($binsid);
+        $rev = hexdec(substr($hex_sid, 0, 2));
+        $subcount = hexdec(substr($hex_sid, 2, 2));
+        $auth = hexdec(substr($hex_sid, 4, 12));
+        $result = "$rev-$auth";
+
+        for ($x=0;$x < $subcount; $x++) {
+            $subauth[$x] =
+                hexdec($this->little_endian(substr($hex_sid, 16 + ($x * 8), 8)));
+                $result .= "-" . $subauth[$x];
+        }
+
+        // Cheat by tacking on the S-
+        return 'S-' . $result;
+     }
+     
+    /**
+    * Converts a little-endian hex number to one that hexdec() can convert
+    * 
+    * @param string $hex A hex code
+    * @return string
+    */
+     protected function little_endian($hex) {
+        $result = '';
+        for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+            $result .= substr($hex, $x, 2);
+        }
+        return $result;
+     }
+     
+    /**
+    * Converts a binary attribute to a string
+    * 
+    * @param string $bin A binary LDAP attribute
+    * @return string
+    */
+    protected function binary2text($bin) {
+        $hex_guid = bin2hex($bin); 
+        $hex_guid_to_guid_str = ''; 
+        for($k = 1; $k <= 4; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); 
+        return strtoupper($hex_guid_to_guid_str);   
+    }
+    
+    /**
+    * Converts a binary GUID to a string GUID
+    * 
+    * @param string $binaryGuid The binary GUID attribute to convert
+    * @return string
+    */
+    public function decodeGuid($binaryGuid) {
+        if ($binaryGuid === null){ return ("Missing compulsory field [binaryGuid]"); }
+        
+        $strGUID = $this->binary2text($binaryGuid);          
+        return ($strGUID); 
+    }
+     
+    /**
+    * Converts a string GUID to a hexdecimal value so it can be queried
+    * 
+    * @param string $strGUID A string representation of a GUID
+    * @return string
+    */
+    protected function strguid2hex($strGUID) {
+        $strGUID = str_replace('-', '', $strGUID);
+
+        $octet_str = '\\' . substr($strGUID, 6, 2);
+        $octet_str .= '\\' . substr($strGUID, 4, 2);
+        $octet_str .= '\\' . substr($strGUID, 2, 2);
+        $octet_str .= '\\' . substr($strGUID, 0, 2);
+        $octet_str .= '\\' . substr($strGUID, 10, 2);
+        $octet_str .= '\\' . substr($strGUID, 8, 2);
+        $octet_str .= '\\' . substr($strGUID, 14, 2);
+        $octet_str .= '\\' . substr($strGUID, 12, 2);
+        //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+        for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+            if (($i % 2) == 0) {
+                $octet_str .= '\\' . substr($strGUID, $i, 2);
+            }
+        }
+        
+        return $octet_str;
+    }
+    
+    /**
+    * Obtain the user's distinguished name based on their userid 
+    * 
+    * 
+    * @param string $username The username
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return string
+    */
+    protected function user_dn($username,$isGUID=false){
+        $user=$this->user_info($username,array("cn"),$isGUID);
+        if ($user[0]["dn"]===NULL){ return (false); }
+        $user_dn=$user[0]["dn"];
+        return ($user_dn);
+    }
+
+    /**
+    * Encode a password for transmission over LDAP
+    *
+    * @param string $password The password to encode
+    * @return string
+    */
+    protected function encode_password($password){
+        $password="\"".$password."\"";
+        $encoded="";
+        for ($i=0; $i <strlen($password); $i++){ $encoded.="{$password{$i}}\000"; }
+        return ($encoded);
+    }
+    
+    /**
+    * Escape strings for the use in LDAP filters
+    * 
+    * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+    * Ported from Perl's Net::LDAP::Util escape_filter_value
+    *
+    * @param string $str The string the parse
+    * @author Port by Andreas Gohr <andi@splitbrain.org>
+    * @return string
+    */
+    protected function ldap_slashes($str){
+        return preg_replace('/([\x00-\x1F\*\(\)\\\\])/e',
+                            '"\\\\\".join("",unpack("H2","$1"))',
+                            $str);
+    }
+    
+    /**
+    * Select a random domain controller from your domain controller array
+    * 
+    * @return string
+    */
+    protected function random_controller(){
+        mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+        return ($this->_domain_controllers[array_rand($this->_domain_controllers)]);
+    }
+    
+    /**
+    * Account control options
+    *
+    * @param array $options The options to convert to int 
+    * @return int
+    */
+    protected function account_control($options){
+        $val=0;
+
+        if (is_array($options)){
+            if (in_array("SCRIPT",$options)){ $val=$val+1; }
+            if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+            if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+            if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+            if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+            //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+            //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+            if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+            if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+            if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+            if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+            if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+            if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+            if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+            if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+            if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+            if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+            if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+            if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+            if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; } 
+            if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+            if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+        }
+        return ($val);
+    }
+    
+    /**
+    * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+    *
+    * @param array $groups
+    * @return array
+    */
+    protected function nice_names($groups){
+
+        $group_array=array();
+        for ($i=0; $i<$groups["count"]; $i++){ // For each group
+            $line=$groups[$i];
+            
+            if (strlen($line)>0){ 
+                // More presumptions, they're all prefixed with CN=
+                // so we ditch the first three characters and the group
+                // name goes up to the first comma
+                $bits=explode(",",$line);
+                $group_array[]=substr($bits[0],3,(strlen($bits[0])-3));
+            }
+        }
+        return ($group_array);    
+    }
+    
+    /**
+    * Delete a distinguished name from Active Directory
+    * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+    *
+    * @param string $dn The distinguished name to delete
+    * @return bool
+    */
+    protected function dn_delete($dn){ 
+        $result=ldap_delete($this->_conn, $dn);
+        if ($result!=true){ return (false); }
+        return (true);
+    }
+    
+    /**
+    * Convert a boolean value to a string
+    * You should never need to call this yourself
+    *
+    * @param bool $bool Boolean value
+    * @return string
+    */
+    protected function bool2str($bool) {
+        return ($bool) ? 'TRUE' : 'FALSE';
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    protected function encode8bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i<strlen($item); $i++) {
+                if (ord($item[$i]) >> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }    
+}
+
+/**
+* adLDAP Exception Handler
+* 
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+*   $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+*   echo $e;
+*   exit();
+* }
+*/
+class adLDAPException extends Exception {}
+
+?>
\ No newline at end of file
diff --git a/sources/wp-content/plugins/simple-ldap-login/readme.md b/sources/wp-content/plugins/simple-ldap-login/readme.md
new file mode 100644
index 0000000..0bb0b70
--- /dev/null
+++ b/sources/wp-content/plugins/simple-ldap-login/readme.md
@@ -0,0 +1,220 @@
+# Plugin Name #
+**Contributors:** clifgriffin  
+**Donate link:** http://cgd.io  
+**Tags:** LDAP, authentication, login, active directory, adLDAP  
+**Requires at least:** 3.4  
+**Tested up to:** 3.6  
+**Stable tag:** 1.5.5  
+**License:** GPLv2 or later  
+
+Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.
+
+## Description ##
+Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.
+
+**Contributing**
+The easiest way to contribute to this plugin is to submit a GitHub pull request. Here's the repo:
+https://github.com/clifgriffin/simple-ldap-login
+
+**NEW VERSION -- 1.5**
+
+Just when you thought this project was dead, it sprang to life. I have spent some time completely rewriting Simple LDAP Login from the ground up. Proceed with caution as it's possible I have broken something in the process, but I'm reasonably certain it's fundamentally stable.
+
+**If you have any problems with 1.5, please let me know:** clifgriffin@gmail.com    
+
+**Support**
+
+If you need support, I recommend you leave a comment on the appropriate post on my blog:
+http://clifgriffin.com/2009/05/13/simple-ldap-login-13-for-wordpress/
+
+**Special Requests**
+
+**If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail:** clifgriffin[at]gmail.com  
+
+### Features ###
+
+* Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
+* Supports TLS
+* Uses up-to-date methods for WordPress authentication routines.
+* Authenticates existing WordPress usernames against LDAP.
+* Can be configured to automatically create WordPress users for valid LDAP logins.
+* You can restrict logins based on one or more LDAP groups.
+* Intuitive control panel.
+
+### Architecture ###
+Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.
+
+* Can the provided credentials be authenticated against LDAP?
+* * If so, is the LDAP user a member of the required LDAP groups (if any)?
+* * * Does a matching WordPress user exist?
+* * * * If so, log the user in.
+* * * * If not, is user creation enabled?
+* * * * * Create the user and log them in.
+
+This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won't.)
+
+## Upgrade Notice ##
+I have spent some time completely rewriting Simple LDAP Login from the ground up. Proceed with caution as it's possible I have broken something in the process, but I'm reasonably certain it's fundamentally stable.
+
+**If you have any problems with 1.5, please let me know:** clifgriffin@gmail.com    
+
+## Changelog ##
+**Version 1.5.5**
+
+* Fix syntax error.
+* Don’t sanitize user info.
+
+**Version 1.5.4**
+
+* Local admins will always fall back to local WP password. 
+* Fixes bug where new users do not have name or other information from LDAP directory 
+
+**Version 1.5.3**
+
+* Fixing apparent security problem with blank passwords. (!)
+* Fixing typo in filter name (did not affect any functionality)
+* Local admin exception coming soon, as well as more bug fixes. 
+* Possible fix for login error upon arriving at login page when LDAP exclusive enabled.
+
+**Version 1.5.2**
+
+* Fixed bug with groups setting.
+* Removed delete_option references in upgrade code to allow for easier rollbacks (sorry about that!)
+* Fixed a few bugs in the user creation code. 
+* Fixed bug with storing default user role. 
+
+**Version 1.5.1**
+
+* Fixed a bug where the domain controllers are passed as a string. 
+
+**Version 1.5**
+
+* Complete rewritten from the ground up.
+* It's Object Oriented, DRY and Singleton. 
+* The options have been overhauled to make configuration much easier. Focuses on individual features rather than "modes" that encapsulate several behaviors. 
+* Admin pages now use WordPress admin styles and behaviors. 
+* Tested with Active Directory. I recommend OpenLDAP users test carefully before implementing in their production environments. 
+* Added global on off switch so you can easily disable LDAP authentication without deactivating.  
+
+**Version 1.4.0.5.1** 
+
+* I broke it. Sorry guys! :(
+* Downgraded adLDAP as some referenced functions no longer exist. 
+
+**Version 1.4.0.5**
+
+* Updated adLDAP to version 4.x
+* Fixed error in OpenLDAP group membership check
+* As always TEST this first. Don't assume it works...I don't have a testing environment to ensure it will work correctly. 
+
+**Version 1.4.0.4**
+
+* Fixes nickname bug accidentally put back in in last version. (My bad!)
+
+**Version 1.4.0.3**
+* Reverts bug introduced in 1.4.0.2
+* If you installed 1.4.0.2 and use OpenLDAP, please update as soon as possible and verify users cannot login with incorrect passwords (and vice versa).
+
+**Version 1.4.0.2 - Patches submitted by Jonas Genannt and Ilya Kozlov**
+* Updates adLDAP to 3.3.2
+* Fixes issue with users in recursive OUs not being found. 
+* Fixes issues with different Base DN formats.
+*** NOTE:** Please be catious in updating. As I don't have an OpenLDAP install, I am unable to independently confirm these fix the problems. If you have issues, revert to 1.4.0.1 and e-mail me: clifgriffin[at]gmail.com.  Likewise, If you can confirm these changes are effective, also let me know. :)  
+
+**Version 1.4.0.1**
+
+* Fix for e-mail exists issue with WP 3.0+ for LDAP installations that don't populate the e-mail address attribute.
+* Shows actual error message from WordPress upon failure.
+
+**Version 1.4**
+
+* First update in about a year. Thanks for your patience. 
+* Completely rewritten to support changes in WordPress 2.8+.  Now fully supports WordPress 3.0.
+* Much more manageable and efficient code structure. Less code repetition.
+* Includes TLS support. 
+* Allows OpenLDAP users to specify an alternate LDAP attribute to use for logins for those not using UID.
+
+**Version 1.3.0.3**
+
+* Test form now implements wp_authenticate and uses the same routines as the actual login. This also means account creation and group membership are tested. 
+* Implemented stripslashes() to correct issue with some special characters such as a single quote and backslash. 
+* WordPress account "admin" is now allowed to login using local password even when security mode is set to high. For safety.
+* Made some minor wording changes to the admin panel. 
+
+**Version 1.3.0.2.1**
+
+* Fixed case sensitivity issue that could result in multiple accounts. There may be lingering case insensitivity issues due to the get_userdatabylogin function being case-sensitive. We'll figure this out in due time. 
+* Sorry for posting two updates on the same day!
+
+**Version 1.3.0.2**
+
+* Fixes several tickets including role assignment, case sensitivity, and potential compatibility issues with other themes/plugins.
+* Added security mode setting to allow security to be tightened. 
+* Changed auto created accounts to use a random password rather than the LDAP password given. 
+* Fixed error with the way announcements are displayed in the admin panel. 
+* More code clean up.
+
+**Version 1.3.0.1**
+
+* Never officially released. 
+* Contained code cleanup and some attempted fixes. 
+
+**Version 1.3 Beta**
+
+* Support for both Active Directory and OpenLDAP.
+* The ability to create WordPress users automatically upon login based on LDAP group membership OR by LDAP authentication alone.
+* The ability to test domain settings straight from admin panel.
+* Announcements pane that allows me to update you with fixes, cautions, new beta versions, or other important information.
+
+**Version 1.2.0.1**
+
+* Changed required user level for admin page to 10, Administrators only.
+
+**Version 1.2**
+
+* Implemented multiple domain controllers.
+* Changed field sizes on admin page to be more user friendly.
+
+**Version 1.1**
+
+* Moved settings to administration pages under settings.
+* Upgraded to latest version of adLDAP 2.1.
+* Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
+* Plugin is now upgrade proof. Settings are stored using WordPress's setting functions.
+
+**Version 1.0** 
+
+* Original release.
+
+## Installation ##
+
+1. Use the WordPress plugin directory to install the plugin or upload the directory `simple-ldap-login` to the `/wp-content/plugins/` directory.
+1. Activate the plugin through the 'Plugins' menu in WordPress
+1. Update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
+1. If you don't get the settings right the first time, don't fret! Just use your WordPress credentials. They should always work 
+1. Once you have the settings correct, you can toggle LDAP Exclusive mode (if you like).
+1. To make your life easier, consider using two different browsers (e.g., Chrome and Firefox) to do testing.  Change settings in one. Test in the other. This will prevent any chance of being locked out.
+
+## Frequently Asked Questions ##
+
+### Other than WordPress, what does my system require? ###
+
+Your install of PHP must be configured/compiled with LDAP support.
+
+### How do I know what the correct settings are? ###
+
+I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fool proof way to help you discover these settings. A good place to start, if you're feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
+
+### It's still not working, what other things can I try? ###
+
+If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
+
+Unfortunately I can't be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
+
+### It's still not working! How can I get help? ###
+**The easiest way to get help is to post a comment on my blog:** http://clifgriffin.com/simple-ldap-login/. I'll do my best to get you up and running!  
+
+## Screenshots ##
+
+1. Easy to use admin panel. 
+2. Advanced options for power users.
\ No newline at end of file
diff --git a/sources/wp-content/plugins/simple-ldap-login/readme.txt b/sources/wp-content/plugins/simple-ldap-login/readme.txt
new file mode 100644
index 0000000..9d57b84
--- /dev/null
+++ b/sources/wp-content/plugins/simple-ldap-login/readme.txt
@@ -0,0 +1,220 @@
+=== Plugin Name ===
+Contributors: clifgriffin
+Donate link: http://cgd.io
+Tags: LDAP, authentication, login, active directory, adLDAP
+Requires at least: 3.4
+Tested up to: 3.6
+Stable tag: 1.5.5
+License: GPLv2 or later
+
+Integrating WordPress with LDAP shouldn't be difficult. Now it isn't. Simple LDAP Login provides all of the features, none of the hassles.
+
+== Description ==
+Having a single login for every service is a must in large organizations. This plugin allows you to integrate WordPress with LDAP quickly and easily. Like, really really easy.
+
+**Contributing**
+The easiest way to contribute to this plugin is to submit a GitHub pull request. Here's the repo:
+https://github.com/clifgriffin/simple-ldap-login
+
+**NEW VERSION -- 1.5**
+
+Just when you thought this project was dead, it sprang to life. I have spent some time completely rewriting Simple LDAP Login from the ground up. Proceed with caution as it's possible I have broken something in the process, but I'm reasonably certain it's fundamentally stable.
+
+If you have any problems with 1.5, please let me know: clifgriffin@gmail.com  
+
+**Support**
+
+If you need support, I recommend you leave a comment on the appropriate post on my blog:
+http://clifgriffin.com/2009/05/13/simple-ldap-login-13-for-wordpress/
+
+**Special Requests**
+
+If you need a customization or change specific to your install, I am available for hire. Shoot me an e-mail: clifgriffin[at]gmail.com
+
+= Features =
+
+* Supports Active Directory and OpenLDAP (and other directory systems which comply to the LDAP standard, such as OpenDS)
+* Supports TLS
+* Uses up-to-date methods for WordPress authentication routines.
+* Authenticates existing WordPress usernames against LDAP.
+* Can be configured to automatically create WordPress users for valid LDAP logins.
+* You can restrict logins based on one or more LDAP groups.
+* Intuitive control panel.
+
+= Architecture =
+Simple LDAP Login adds an authentication filter to WordPress that authentication requests must pass. In doing so, it makes several decisions.
+
+* Can the provided credentials be authenticated against LDAP?
+* * If so, is the LDAP user a member of the required LDAP groups (if any)?
+* * * Does a matching WordPress user exist?
+* * * * If so, log the user in.
+* * * * If not, is user creation enabled?
+* * * * * Create the user and log them in.
+
+This is high level overview. This should answer the philosophical questions about how the plugin works. If the plugin is unable to authenticate the user, it should pass it down the chain to WordPress. (Unless LDAP Exclusive is turned on, in which case it won't.)
+
+== Upgrade Notice ==
+I have spent some time completely rewriting Simple LDAP Login from the ground up. Proceed with caution as it's possible I have broken something in the process, but I'm reasonably certain it's fundamentally stable.
+
+If you have any problems with 1.5, please let me know: clifgriffin@gmail.com  
+
+== Changelog ==
+**Version 1.5.5**
+
+* Fix syntax error.
+* Don’t sanitize user info.
+
+**Version 1.5.4**
+
+* Local admins will always fall back to local WP password. 
+* Fixes bug where new users do not have name or other information from LDAP directory 
+
+**Version 1.5.3**
+
+* Fixing apparent security problem with blank passwords. (!)
+* Fixing typo in filter name (did not affect any functionality)
+* Local admin exception coming soon, as well as more bug fixes. 
+* Possible fix for login error upon arriving at login page when LDAP exclusive enabled.
+
+**Version 1.5.2**
+
+* Fixed bug with groups setting.
+* Removed delete_option references in upgrade code to allow for easier rollbacks (sorry about that!)
+* Fixed a few bugs in the user creation code. 
+* Fixed bug with storing default user role. 
+
+**Version 1.5.1**
+
+* Fixed a bug where the domain controllers are passed as a string. 
+
+**Version 1.5**
+
+* Complete rewritten from the ground up.
+* It's Object Oriented, DRY and Singleton. 
+* The options have been overhauled to make configuration much easier. Focuses on individual features rather than "modes" that encapsulate several behaviors. 
+* Admin pages now use WordPress admin styles and behaviors. 
+* Tested with Active Directory. I recommend OpenLDAP users test carefully before implementing in their production environments. 
+* Added global on off switch so you can easily disable LDAP authentication without deactivating.  
+
+**Version 1.4.0.5.1** 
+
+* I broke it. Sorry guys! :(
+* Downgraded adLDAP as some referenced functions no longer exist. 
+
+**Version 1.4.0.5**
+
+* Updated adLDAP to version 4.x
+* Fixed error in OpenLDAP group membership check
+* As always TEST this first. Don't assume it works...I don't have a testing environment to ensure it will work correctly. 
+
+**Version 1.4.0.4**
+
+* Fixes nickname bug accidentally put back in in last version. (My bad!)
+
+**Version 1.4.0.3**
+* Reverts bug introduced in 1.4.0.2
+* If you installed 1.4.0.2 and use OpenLDAP, please update as soon as possible and verify users cannot login with incorrect passwords (and vice versa).
+
+**Version 1.4.0.2 - Patches submitted by Jonas Genannt and Ilya Kozlov**
+* Updates adLDAP to 3.3.2
+* Fixes issue with users in recursive OUs not being found. 
+* Fixes issues with different Base DN formats.
+* NOTE: Please be catious in updating. As I don't have an OpenLDAP install, I am unable to independently confirm these fix the problems. If you have issues, revert to 1.4.0.1 and e-mail me: clifgriffin[at]gmail.com.  Likewise, If you can confirm these changes are effective, also let me know. :)
+
+**Version 1.4.0.1**
+
+* Fix for e-mail exists issue with WP 3.0+ for LDAP installations that don't populate the e-mail address attribute.
+* Shows actual error message from WordPress upon failure.
+
+**Version 1.4**
+
+* First update in about a year. Thanks for your patience. 
+* Completely rewritten to support changes in WordPress 2.8+.  Now fully supports WordPress 3.0.
+* Much more manageable and efficient code structure. Less code repetition.
+* Includes TLS support. 
+* Allows OpenLDAP users to specify an alternate LDAP attribute to use for logins for those not using UID.
+
+**Version 1.3.0.3**
+
+* Test form now implements wp_authenticate and uses the same routines as the actual login. This also means account creation and group membership are tested. 
+* Implemented stripslashes() to correct issue with some special characters such as a single quote and backslash. 
+* WordPress account "admin" is now allowed to login using local password even when security mode is set to high. For safety.
+* Made some minor wording changes to the admin panel. 
+
+**Version 1.3.0.2.1**
+
+* Fixed case sensitivity issue that could result in multiple accounts. There may be lingering case insensitivity issues due to the get_userdatabylogin function being case-sensitive. We'll figure this out in due time. 
+* Sorry for posting two updates on the same day!
+
+**Version 1.3.0.2**
+
+* Fixes several tickets including role assignment, case sensitivity, and potential compatibility issues with other themes/plugins.
+* Added security mode setting to allow security to be tightened. 
+* Changed auto created accounts to use a random password rather than the LDAP password given. 
+* Fixed error with the way announcements are displayed in the admin panel. 
+* More code clean up.
+
+**Version 1.3.0.1**
+
+* Never officially released. 
+* Contained code cleanup and some attempted fixes. 
+
+**Version 1.3 Beta**
+
+* Support for both Active Directory and OpenLDAP.
+* The ability to create WordPress users automatically upon login based on LDAP group membership OR by LDAP authentication alone.
+* The ability to test domain settings straight from admin panel.
+* Announcements pane that allows me to update you with fixes, cautions, new beta versions, or other important information.
+
+**Version 1.2.0.1**
+
+* Changed required user level for admin page to 10, Administrators only.
+
+**Version 1.2**
+
+* Implemented multiple domain controllers.
+* Changed field sizes on admin page to be more user friendly.
+
+**Version 1.1**
+
+* Moved settings to administration pages under settings.
+* Upgraded to latest version of adLDAP 2.1.
+* Got rid of credentials. (They are not neccessary for the authenticate function in adLDAP!)
+* Plugin is now upgrade proof. Settings are stored using WordPress's setting functions.
+
+**Version 1.0** 
+
+* Original release.
+
+== Installation ==
+
+1. Use the WordPress plugin directory to install the plugin or upload the directory `simple-ldap-login` to the `/wp-content/plugins/` directory.
+1. Activate the plugin through the 'Plugins' menu in WordPress
+1. Update the settings to those that best match your environment by going to Settings -> Simple LDAP Login
+1. If you don't get the settings right the first time, don't fret! Just use your WordPress credentials. They should always work 
+1. Once you have the settings correct, you can toggle LDAP Exclusive mode (if you like).
+1. To make your life easier, consider using two different browsers (e.g., Chrome and Firefox) to do testing.  Change settings in one. Test in the other. This will prevent any chance of being locked out.
+
+== Frequently Asked Questions ==
+
+= Other than WordPress, what does my system require? =
+
+Your install of PHP must be configured/compiled with LDAP support.
+
+= How do I know what the correct settings are? =
+
+I have tried to make the settings as self-explanatory as possible. If you are struggling figuring them out, you may need to speak with your LDAP administrator. I realize this is an obnoxious response, but there is no good, fool proof way to help you discover these settings. A good place to start, if you're feeling daring, might be to use ADSIEdit for Windows and Active Directory, or GQ for Linux and OpenLDAP.
+
+= It's still not working, what other things can I try? =
+
+If you are confident your settings are correct and it still does not work, it may be time to check for port or firewall issues. If your LDAP server is running on a non-standard port or an obsolete version of the LDAP protocol you are going to have issues. Port 389 is the port this plugin, and nearly every other LDAP enabled software expects. They are also expecting protocol version 3. If you are using an old version of LDAP or running a non-standard port you may need to modify the code that the plugin runs or update your LDAP installation.
+
+Unfortunately I can't be relied upon to assist with these types of requests. I chose not to support these scenarios because they are infrequent and because they confuse everyone else.
+
+= It's still not working! How can I get help? = 
+The easiest way to get help is to post a comment on my blog: http://clifgriffin.com/simple-ldap-login/. I'll do my best to get you up and running!
+
+== Screenshots ==
+
+1. Easy to use admin panel. 
+2. Advanced options for power users.
\ No newline at end of file