about summary refs log tree commit diff stats
path: root/wiki/lib/plugins/authad
diff options
context:
space:
mode:
Diffstat (limited to 'wiki/lib/plugins/authad')
-rw-r--r--wiki/lib/plugins/authad/action.php91
-rw-r--r--wiki/lib/plugins/authad/adLDAP/adLDAP.php949
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php153
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php294
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php390
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php179
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php631
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php682
-rw-r--r--wiki/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php268
-rw-r--r--wiki/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php137
-rw-r--r--wiki/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php46
-rw-r--r--wiki/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php46
-rw-r--r--wiki/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php46
-rw-r--r--wiki/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php46
-rw-r--r--wiki/lib/plugins/authad/auth.php730
-rw-r--r--wiki/lib/plugins/authad/conf/default.php17
-rw-r--r--wiki/lib/plugins/authad/conf/metadata.php17
-rw-r--r--wiki/lib/plugins/authad/lang/ar/lang.php10
-rw-r--r--wiki/lib/plugins/authad/lang/ar/settings.php12
-rw-r--r--wiki/lib/plugins/authad/lang/bg/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/bg/settings.php19
-rw-r--r--wiki/lib/plugins/authad/lang/ca/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/ca/settings.php19
-rw-r--r--wiki/lib/plugins/authad/lang/cs/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/cs/settings.php25
-rw-r--r--wiki/lib/plugins/authad/lang/cy/lang.php16
-rw-r--r--wiki/lib/plugins/authad/lang/cy/settings.php15
-rw-r--r--wiki/lib/plugins/authad/lang/da/lang.php12
-rw-r--r--wiki/lib/plugins/authad/lang/da/settings.php23
-rw-r--r--wiki/lib/plugins/authad/lang/de-informal/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/de-informal/settings.php26
-rw-r--r--wiki/lib/plugins/authad/lang/de/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/de/settings.php26
-rw-r--r--wiki/lib/plugins/authad/lang/el/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/el/settings.php8
-rw-r--r--wiki/lib/plugins/authad/lang/en/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/en/settings.php17
-rw-r--r--wiki/lib/plugins/authad/lang/eo/lang.php9
-rw-r--r--wiki/lib/plugins/authad/lang/eo/settings.php20
-rw-r--r--wiki/lib/plugins/authad/lang/es/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/es/settings.php26
-rw-r--r--wiki/lib/plugins/authad/lang/et/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/eu/lang.php10
-rw-r--r--wiki/lib/plugins/authad/lang/eu/settings.php13
-rw-r--r--wiki/lib/plugins/authad/lang/fa/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/fa/settings.php24
-rw-r--r--wiki/lib/plugins/authad/lang/fi/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/fi/settings.php9
-rw-r--r--wiki/lib/plugins/authad/lang/fr/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/fr/settings.php24
-rw-r--r--wiki/lib/plugins/authad/lang/gl/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/he/lang.php10
-rw-r--r--wiki/lib/plugins/authad/lang/he/settings.php8
-rw-r--r--wiki/lib/plugins/authad/lang/hr/lang.php12
-rw-r--r--wiki/lib/plugins/authad/lang/hr/settings.php22
-rw-r--r--wiki/lib/plugins/authad/lang/hu/lang.php11
-rw-r--r--wiki/lib/plugins/authad/lang/hu/settings.php21
-rw-r--r--wiki/lib/plugins/authad/lang/it/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/it/settings.php23
-rw-r--r--wiki/lib/plugins/authad/lang/ja/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/ja/settings.php24
-rw-r--r--wiki/lib/plugins/authad/lang/ka/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/ko/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/ko/settings.php23
-rw-r--r--wiki/lib/plugins/authad/lang/lv/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/lv/settings.php13
-rw-r--r--wiki/lib/plugins/authad/lang/nl/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/nl/settings.php24
-rw-r--r--wiki/lib/plugins/authad/lang/no/lang.php16
-rw-r--r--wiki/lib/plugins/authad/lang/no/settings.php26
-rw-r--r--wiki/lib/plugins/authad/lang/pl/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/pl/settings.php29
-rw-r--r--wiki/lib/plugins/authad/lang/pt-br/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/pt-br/settings.php25
-rw-r--r--wiki/lib/plugins/authad/lang/pt/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/pt/settings.php25
-rw-r--r--wiki/lib/plugins/authad/lang/ro/lang.php11
-rw-r--r--wiki/lib/plugins/authad/lang/ru/lang.php15
-rw-r--r--wiki/lib/plugins/authad/lang/ru/settings.php30
-rw-r--r--wiki/lib/plugins/authad/lang/sk/lang.php12
-rw-r--r--wiki/lib/plugins/authad/lang/sk/settings.php22
-rw-r--r--wiki/lib/plugins/authad/lang/sl/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/sl/settings.php11
-rw-r--r--wiki/lib/plugins/authad/lang/sr/lang.php12
-rw-r--r--wiki/lib/plugins/authad/lang/sr/settings.php19
-rw-r--r--wiki/lib/plugins/authad/lang/sv/lang.php13
-rw-r--r--wiki/lib/plugins/authad/lang/sv/settings.php20
-rw-r--r--wiki/lib/plugins/authad/lang/tr/lang.php8
-rw-r--r--wiki/lib/plugins/authad/lang/uk/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/uk/settings.php17
-rw-r--r--wiki/lib/plugins/authad/lang/zh-tw/lang.php10
-rw-r--r--wiki/lib/plugins/authad/lang/zh-tw/settings.php21
-rw-r--r--wiki/lib/plugins/authad/lang/zh/lang.php14
-rw-r--r--wiki/lib/plugins/authad/lang/zh/settings.php25
-rw-r--r--wiki/lib/plugins/authad/plugin.info.txt7
95 files changed, 5956 insertions, 0 deletions
diff --git a/wiki/lib/plugins/authad/action.php b/wiki/lib/plugins/authad/action.php
new file mode 100644
index 0000000..bc0f90c
--- /dev/null
+++ b/wiki/lib/plugins/authad/action.php
@@ -0,0 +1,91 @@
+<?php
+/**
+ * DokuWiki Plugin addomain (Action Component)
+ *
+ * @license GPL 2 http://www.gnu.org/licenses/gpl-2.0.html
+ * @author  Andreas Gohr <gohr@cosmocode.de>
+ */
+
+// must be run within Dokuwiki
+if(!defined('DOKU_INC')) die();
+
+/**
+ * Class action_plugin_addomain
+ */
+class action_plugin_authad extends DokuWiki_Action_Plugin {
+
+    /**
+     * Registers a callback function for a given event
+     */
+    public function register(Doku_Event_Handler $controller) {
+
+        $controller->register_hook('AUTH_LOGIN_CHECK', 'BEFORE', $this, 'handle_auth_login_check');
+        $controller->register_hook('HTML_LOGINFORM_OUTPUT', 'BEFORE', $this, 'handle_html_loginform_output');
+
+    }
+
+    /**
+     * Adds the selected domain as user postfix when attempting a login
+     *
+     * @param Doku_Event $event
+     * @param array      $param
+     */
+    public function handle_auth_login_check(Doku_Event &$event, $param) {
+        global $INPUT;
+
+        /** @var auth_plugin_authad $auth */
+        global $auth;
+        if(!is_a($auth, 'auth_plugin_authad')) return; // AD not even used
+
+        if($INPUT->str('dom')) {
+            $usr = $auth->cleanUser($event->data['user']);
+            $dom = $auth->_userDomain($usr);
+            if(!$dom) {
+                $usr = "$usr@".$INPUT->str('dom');
+            }
+            $INPUT->post->set('u', $usr);
+            $event->data['user'] = $usr;
+        }
+    }
+
+    /**
+     * Shows a domain selection in the login form when more than one domain is configured
+     *
+     * @param Doku_Event $event
+     * @param array      $param
+     */
+    public function handle_html_loginform_output(Doku_Event &$event, $param) {
+        global $INPUT;
+        /** @var auth_plugin_authad $auth */
+        global $auth;
+        if(!is_a($auth, 'auth_plugin_authad')) return; // AD not even used
+        $domains = $auth->_getConfiguredDomains();
+        if(count($domains) <= 1) return; // no choice at all
+
+        /** @var Doku_Form $form */
+        $form =& $event->data;
+
+        // any default?
+        $dom = '';
+        if($INPUT->has('u')) {
+            $usr = $auth->cleanUser($INPUT->str('u'));
+            $dom = $auth->_userDomain($usr);
+
+            // update user field value
+            if($dom) {
+                $usr          = $auth->_userName($usr);
+                $pos          = $form->findElementByAttribute('name', 'u');
+                $ele          =& $form->getElementAt($pos);
+                $ele['value'] = $usr;
+            }
+        }
+
+        // add select box
+        $element = form_makeListboxField('dom', $domains, $dom, $this->getLang('domain'), '', 'block');
+        $pos     = $form->findElementByAttribute('name', 'p');
+        $form->insertElement($pos + 1, $element);
+    }
+
+}
+
+// vim:ts=4:sw=4:et:
\ No newline at end of file
diff --git a/wiki/lib/plugins/authad/adLDAP/adLDAP.php b/wiki/lib/plugins/authad/adLDAP/adLDAP.php
new file mode 100644
index 0000000..c84a4f4
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/adLDAP.php
@@ -0,0 +1,949 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 169 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+
+/**
+* Main adLDAP class
+* 
+* Can be initialised using $adldap = new adLDAP();
+* 
+* Something to keep in mind is that Active Directory is a permissions
+* based directory. If you bind as a domain user, you can't fetch as
+* much information on other users as you could as a domain admin.
+* 
+* Before asking questions, please read the Documentation at
+* http://adldap.sourceforge.net/wiki/doku.php?id=api
+*/
+require_once(dirname(__FILE__) . '/collections/adLDAPCollection.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPGroups.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUsers.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPFolders.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPUtils.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPContacts.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPExchange.php');
+require_once(dirname(__FILE__) . '/classes/adLDAPComputers.php');
+
+class adLDAP {
+    
+    /**
+     * Define the different types of account in AD
+     */
+    const ADLDAP_NORMAL_ACCOUNT = 805306368;
+    const ADLDAP_WORKSTATION_TRUST = 805306369;
+    const ADLDAP_INTERDOMAIN_TRUST = 805306370;
+    const ADLDAP_SECURITY_GLOBAL_GROUP = 268435456;
+    const ADLDAP_DISTRIBUTION_GROUP = 268435457;
+    const ADLDAP_SECURITY_LOCAL_GROUP = 536870912;
+    const ADLDAP_DISTRIBUTION_LOCAL_GROUP = 536870913;
+    const ADLDAP_FOLDER = 'OU';
+    const ADLDAP_CONTAINER = 'CN';
+    
+    /**
+    * The default port for LDAP non-SSL connections
+    */
+    const ADLDAP_LDAP_PORT = '389';
+    /**
+    * The default port for LDAPS SSL connections
+    */
+    const ADLDAP_LDAPS_PORT = '636';
+    
+    /**
+    * The account suffix for your domain, can be set when the class is invoked
+    * 
+    * @var string
+    */   
+        protected $accountSuffix = "@mydomain.local";
+    
+    /**
+    * The base dn for your domain
+    * 
+    * If this is set to null then adLDAP will attempt to obtain this automatically from the rootDSE
+    * 
+    * @var string
+    */
+        protected $baseDn = "DC=mydomain,DC=local"; 
+    
+    /** 
+    * Port used to talk to the domain controllers. 
+    *  
+    * @var int 
+    */ 
+    protected $adPort = self::ADLDAP_LDAP_PORT; 
+        
+    /**
+    * Array of domain controllers. Specifiy multiple controllers if you
+    * would like the class to balance the LDAP queries amongst multiple servers
+    * 
+    * @var array
+    */
+    protected $domainControllers = array("dc01.mydomain.local");
+        
+    /**
+    * Optional account with higher privileges for searching
+    * This should be set to a domain admin account
+    * 
+    * @var string
+    * @var string
+    */
+        protected $adminUsername = NULL;
+    protected $adminPassword = NULL;
+    
+    /**
+    * AD does not return the primary group. http://support.microsoft.com/?kbid=321360
+    * This tweak will resolve the real primary group. 
+    * Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
+    * someone's primary group is NOT domain users, this is obviously going to mess up the results
+    * 
+    * @var bool
+    */
+        protected $realPrimaryGroup = true;
+        
+    /**
+    * Use SSL (LDAPS), your server needs to be setup, please see
+    * http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl
+    * 
+    * @var bool
+    */
+        protected $useSSL = false;
+    
+    /**
+    * Use TLS
+    * If you wish to use TLS you should ensure that $useSSL is set to false and vice-versa
+    * 
+    * @var bool
+    */
+    protected $useTLS = false;
+    
+    /**
+    * Use SSO  
+    * To indicate to adLDAP to reuse password set by the brower through NTLM or Kerberos 
+    * 
+    * @var bool
+    */
+    protected $useSSO = false;
+    
+    /**
+    * When querying group memberships, do it recursively 
+    * eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
+    * user_ingroup("Fred","C") will returns true with this option turned on, false if turned off     
+    * 
+    * @var bool
+    */
+        protected $recursiveGroups = true;
+        
+        // You should not need to edit anything below this line
+        //******************************************************************************************
+        
+        /**
+    * Connection and bind default variables
+    * 
+    * @var mixed
+    * @var mixed
+    */
+        protected $ldapConnection;
+        protected $ldapBind;
+    
+    /**
+    * Get the active LDAP Connection
+    * 
+    * @return resource
+    */
+    public function getLdapConnection() {
+        if ($this->ldapConnection) {
+            return $this->ldapConnection;   
+        }
+        return false;
+    }
+    
+    /**
+    * Get the bind status
+    * 
+    * @return bool
+    */
+    public function getLdapBind() {
+        return $this->ldapBind;
+    }
+    
+    /**
+    * Get the current base DN
+    * 
+    * @return string
+    */
+    public function getBaseDn() {
+        return $this->baseDn;   
+    }
+    
+    /**
+    * The group class
+    * 
+    * @var adLDAPGroups
+    */
+    protected $groupClass;
+    
+    /**
+    * Get the group class interface
+    * 
+    * @return adLDAPGroups
+    */
+    public function group() {
+        if (!$this->groupClass) {
+            $this->groupClass = new adLDAPGroups($this);
+        }   
+        return $this->groupClass;
+    }
+    
+    /**
+    * The user class
+    * 
+    * @var adLDAPUsers
+    */
+    protected $userClass;
+    
+    /**
+    * Get the userclass interface
+    * 
+    * @return adLDAPUsers
+    */
+    public function user() {
+        if (!$this->userClass) {
+            $this->userClass = new adLDAPUsers($this);
+        }   
+        return $this->userClass;
+    }
+    
+    /**
+    * The folders class
+    * 
+    * @var adLDAPFolders
+    */
+    protected $folderClass;
+    
+    /**
+    * Get the folder class interface
+    * 
+    * @return adLDAPFolders
+    */
+    public function folder() {
+        if (!$this->folderClass) {
+            $this->folderClass = new adLDAPFolders($this);
+        }   
+        return $this->folderClass;
+    }
+    
+    /**
+    * The utils class
+    * 
+    * @var adLDAPUtils
+    */
+    protected $utilClass;
+    
+    /**
+    * Get the utils class interface
+    * 
+    * @return adLDAPUtils
+    */
+    public function utilities() {
+        if (!$this->utilClass) {
+            $this->utilClass = new adLDAPUtils($this);
+        }   
+        return $this->utilClass;
+    }
+    
+    /**
+    * The contacts class
+    * 
+    * @var adLDAPContacts
+    */
+    protected $contactClass;
+    
+    /**
+    * Get the contacts class interface
+    * 
+    * @return adLDAPContacts
+    */
+    public function contact() {
+        if (!$this->contactClass) {
+            $this->contactClass = new adLDAPContacts($this);
+        }   
+        return $this->contactClass;
+    }
+    
+    /**
+    * The exchange class
+    * 
+    * @var adLDAPExchange
+    */
+    protected $exchangeClass;
+    
+    /**
+    * Get the exchange class interface
+    * 
+    * @return adLDAPExchange
+    */
+    public function exchange() {
+        if (!$this->exchangeClass) {
+            $this->exchangeClass = new adLDAPExchange($this);
+        }   
+        return $this->exchangeClass;
+    }
+    
+    /**
+    * The computers class
+    * 
+    * @var adLDAPComputers
+    */
+    protected $computersClass;
+    
+    /**
+    * Get the computers class interface
+    * 
+    * @return adLDAPComputers
+    */
+    public function computer() {
+        if (!$this->computerClass) {
+            $this->computerClass = new adLDAPComputers($this);
+        }   
+        return $this->computerClass;
+    }
+
+    /**
+    * Getters and Setters
+    */
+    
+    /**
+    * Set the account suffix
+    * 
+    * @param string $accountSuffix
+    * @return void
+    */
+    public function setAccountSuffix($accountSuffix)
+    {
+          $this->accountSuffix = $accountSuffix;
+    }
+
+    /**
+    * Get the account suffix
+    * 
+    * @return string
+    */
+    public function getAccountSuffix()
+    {
+          return $this->accountSuffix;
+    }
+    
+    /**
+    * Set the domain controllers array
+    * 
+    * @param array $domainControllers
+    * @return void
+    */
+    public function setDomainControllers(array $domainControllers)
+    {
+          $this->domainControllers = $domainControllers;
+    }
+
+    /**
+    * Get the list of domain controllers
+    * 
+    * @return void
+    */
+    public function getDomainControllers()
+    {
+          return $this->domainControllers;
+    }
+    
+    /**
+    * Sets the port number your domain controller communicates over
+    * 
+    * @param int $adPort
+    */
+    public function setPort($adPort) 
+    { 
+        $this->adPort = $adPort; 
+    } 
+    
+    /**
+    * Gets the port number your domain controller communicates over
+    * 
+    * @return int
+    */
+    public function getPort() 
+    { 
+        return $this->adPort; 
+    } 
+    
+    /**
+    * Set the username of an account with higher priviledges
+    * 
+    * @param string $adminUsername
+    * @return void
+    */
+    public function setAdminUsername($adminUsername)
+    {
+          $this->adminUsername = $adminUsername;
+    }
+
+    /**
+    * Get the username of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function getAdminUsername()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set the password of an account with higher priviledges
+    * 
+    * @param string $adminPassword
+    * @return void
+    */
+    public function setAdminPassword($adminPassword)
+    {
+          $this->adminPassword = $adminPassword;
+    }
+
+    /**
+    * Get the password of the account with higher priviledges
+    * 
+    * This will throw an exception for security reasons
+    */
+    public function getAdminPassword()
+    {
+          throw new adLDAPException('For security reasons you cannot access the domain administrator account details');
+    }
+    
+    /**
+    * Set whether to detect the true primary group
+    * 
+    * @param bool $realPrimaryGroup
+    * @return void
+    */
+    public function setRealPrimaryGroup($realPrimaryGroup)
+    {
+          $this->realPrimaryGroup = $realPrimaryGroup;
+    }
+
+    /**
+    * Get the real primary group setting
+    * 
+    * @return bool
+    */
+    public function getRealPrimaryGroup()
+    {
+          return $this->realPrimaryGroup;
+    }
+    
+    /**
+    * Set whether to use SSL
+    * 
+    * @param bool $useSSL
+    * @return void
+    */
+    public function setUseSSL($useSSL)
+    {
+          $this->useSSL = $useSSL;
+          // Set the default port correctly 
+          if($this->useSSL) { 
+            $this->setPort(self::ADLDAP_LDAPS_PORT); 
+          }
+          else { 
+            $this->setPort(self::ADLDAP_LDAP_PORT); 
+          } 
+    }
+
+    /**
+    * Get the SSL setting
+    * 
+    * @return bool
+    */
+    public function getUseSSL()
+    {
+          return $this->useSSL;
+    }
+    
+    /**
+    * Set whether to use TLS
+    * 
+    * @param bool $useTLS
+    * @return void
+    */
+    public function setUseTLS($useTLS)
+    {
+          $this->useTLS = $useTLS;
+    }
+
+    /**
+    * Get the TLS setting
+    * 
+    * @return bool
+    */
+    public function getUseTLS()
+    {
+          return $this->useTLS;
+    }
+    
+    /**
+    * Set whether to use SSO
+    * Requires ldap_sasl_bind support. Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined. 
+    * 
+    * @param bool $useSSO
+    * @return void
+    */
+    public function setUseSSO($useSSO)
+    {
+          if ($useSSO === true && !$this->ldapSaslSupported()) {
+              throw new adLDAPException('No LDAP SASL support for PHP.  See: http://php.net/ldap_sasl_bind');
+          }
+          $this->useSSO = $useSSO;
+    }
+
+    /**
+    * Get the SSO setting
+    * 
+    * @return bool
+    */
+    public function getUseSSO()
+    {
+          return $this->useSSO;
+    }
+    
+    /**
+    * Set whether to lookup recursive groups
+    * 
+    * @param bool $recursiveGroups
+    * @return void
+    */
+    public function setRecursiveGroups($recursiveGroups)
+    {
+          $this->recursiveGroups = $recursiveGroups;
+    }
+
+    /**
+    * Get the recursive groups setting
+    * 
+    * @return bool
+    */
+    public function getRecursiveGroups()
+    {
+          return $this->recursiveGroups;
+    }
+
+    /**
+    * Default Constructor
+    * 
+    * Tries to bind to the AD domain over LDAP or LDAPs
+    * 
+    * @param array $options Array of options to pass to the constructor
+    * @throws Exception - if unable to bind to Domain Controller
+    * @return bool
+    */
+    function __construct($options = array()) {
+        // You can specifically overide any of the default configuration options setup above
+        if (count($options) > 0) {
+            if (array_key_exists("account_suffix",$options)){ $this->accountSuffix = $options["account_suffix"]; }
+            if (array_key_exists("base_dn",$options)){ $this->baseDn = $options["base_dn"]; }
+            if (array_key_exists("domain_controllers",$options)){ 
+                if (!is_array($options["domain_controllers"])) { 
+                    throw new adLDAPException('[domain_controllers] option must be an array');
+                }
+                $this->domainControllers = $options["domain_controllers"]; 
+            }
+            if (array_key_exists("admin_username",$options)){ $this->adminUsername = $options["admin_username"]; }
+            if (array_key_exists("admin_password",$options)){ $this->adminPassword = $options["admin_password"]; }
+            if (array_key_exists("real_primarygroup",$options)){ $this->realPrimaryGroup = $options["real_primarygroup"]; }
+            if (array_key_exists("use_ssl",$options)){ $this->setUseSSL($options["use_ssl"]); }
+            if (array_key_exists("use_tls",$options)){ $this->useTLS = $options["use_tls"]; }
+            if (array_key_exists("recursive_groups",$options)){ $this->recursiveGroups = $options["recursive_groups"]; }
+            if (array_key_exists("ad_port",$options)){ $this->setPort($options["ad_port"]); } 
+            if (array_key_exists("sso",$options)) { 
+                $this->setUseSSO($options["sso"]);
+                if (!$this->ldapSaslSupported()) {
+                    $this->setUseSSO(false);
+                }
+            } 
+        }
+        
+        if ($this->ldapSupported() === false) {
+            throw new adLDAPException('No LDAP support for PHP.  See: http://php.net/ldap');
+        }
+
+        return $this->connect();
+    }
+
+    /**
+    * Default Destructor
+    * 
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    function __destruct() { 
+        $this->close(); 
+    }
+
+    /**
+    * Connects and Binds to the Domain Controller
+    * 
+    * @return bool
+    */
+    public function connect() 
+    {
+        // Connect to the AD/LDAP server as the username/password
+        $domainController = $this->randomController();
+        if ($this->useSSL) {
+            $this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
+        } else {
+            $this->ldapConnection = ldap_connect($domainController, $this->adPort);
+        }
+               
+        // Set some ldap options for talking to AD
+        ldap_set_option($this->ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
+        ldap_set_option($this->ldapConnection, LDAP_OPT_REFERRALS, 0);
+        
+        if ($this->useTLS) {
+            ldap_start_tls($this->ldapConnection);
+        }
+               
+        // Bind as a domain admin if they've set it up
+        if ($this->adminUsername !== NULL && $this->adminPassword !== NULL) {
+            $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix, $this->adminPassword);
+            if (!$this->ldapBind) {
+                if ($this->useSSL && !$this->useTLS) {
+                    // If you have problems troubleshooting, remove the @ character from the ldapldapBind command above to get the actual error message
+                    throw new adLDAPException('Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $this->getLastError());
+                }
+                else {
+                    throw new adLDAPException('Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $this->getLastError());
+                }
+            }
+        }
+        if ($this->useSSO && $_SERVER['REMOTE_USER'] && $this->adminUsername === null && $_SERVER['KRB5CCNAME']) {
+            putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);  
+            $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI"); 
+            if (!$this->ldapBind){ 
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError()); 
+            }
+            else {
+                return true;
+            }
+        }
+                
+        
+        if ($this->baseDn == NULL) {
+            $this->baseDn = $this->findBaseDn();   
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Closes the LDAP connection
+    * 
+    * @return void
+    */
+    public function close() {
+        if ($this->ldapConnection) {
+            @ldap_close($this->ldapConnection);
+        }
+    }
+    
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $preventRebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $preventRebind = false) {
+        // Prevent null binding
+        if ($username === NULL || $password === NULL) { return false; } 
+        if (empty($username) || empty($password)) { return false; }
+        
+        // Allow binding over SSO for Kerberos
+        if ($this->useSSO && $_SERVER['REMOTE_USER'] && $_SERVER['REMOTE_USER'] == $username && $this->adminUsername === NULL && $_SERVER['KRB5CCNAME']) { 
+            putenv("KRB5CCNAME=" . $_SERVER['KRB5CCNAME']);
+            $this->ldapBind = @ldap_sasl_bind($this->ldapConnection, NULL, NULL, "GSSAPI");
+            if (!$this->ldapBind) {
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+            }
+            else {
+                return true;
+            }
+        }
+        
+        // Bind as the user        
+        $ret = true;
+        $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
+        if (!$this->ldapBind){ 
+            $ret = false; 
+        }
+        
+        // Cnce we've checked their details, kick back into admin mode if we have it
+        if ($this->adminUsername !== NULL && !$preventRebind) {
+            $this->ldapBind = @ldap_bind($this->ldapConnection, $this->adminUsername . $this->accountSuffix , $this->adminPassword);
+            if (!$this->ldapBind){
+                // This should never happen in theory
+                throw new adLDAPException('Rebind to Active Directory failed. AD said: ' . $this->getLastError());
+            } 
+        } 
+        
+        return $ret;
+    }
+    
+    /**
+    * Find the Base DN of your domain controller
+    * 
+    * @return string
+    */
+    public function findBaseDn() 
+    {
+        $namingContext = $this->getRootDse(array('defaultnamingcontext'));   
+        return $namingContext[0]['defaultnamingcontext'][0];
+    }
+    
+    /**
+    * Get the RootDSE properties from a domain controller
+    * 
+    * @param array $attributes The attributes you wish to query e.g. defaultnamingcontext
+    * @return array
+    */
+    public function getRootDse($attributes = array("*", "+")) {
+        if (!$this->ldapBind){ return (false); }
+        
+        $sr = @ldap_read($this->ldapConnection, NULL, 'objectClass=*', $attributes);
+        $entries = @ldap_get_entries($this->ldapConnection, $sr);
+        return $entries;
+    }
+
+    /**
+    * Get last error from Active Directory
+    * 
+    * This function gets the last message from Active Directory
+    * This may indeed be a 'Success' message but if you get an unknown error
+    * it might be worth calling this function to see what errors were raised
+    * 
+    * return string
+    */
+    public function getLastError() {
+        return @ldap_error($this->ldapConnection);
+    }
+    
+    /**
+    * Detect LDAP support in php
+    * 
+    * @return bool
+    */    
+    protected function ldapSupported()
+    {
+        if (!function_exists('ldap_connect')) {
+            return false;   
+        }
+        return true;
+    }
+    
+    /**
+    * Detect ldap_sasl_bind support in PHP
+    * 
+    * @return bool
+    */
+    protected function ldapSaslSupported()
+    {
+        if (!function_exists('ldap_sasl_bind')) {
+            return false;
+        }
+        return true;
+    }
+    
+    /**
+    * Schema
+    * 
+    * @param array $attributes Attributes to be queried
+    * @return array
+    */    
+    public function adldap_schema($attributes){
+    
+        // LDAP doesn't like NULL attributes, only set them if they have values
+        // If you wish to remove an attribute you should set it to a space
+        // TO DO: Adapt user_modify to use ldap_mod_delete to remove a NULL attribute
+        $mod=array();
+        
+        // Check every attribute to see if it contains 8bit characters and then UTF8 encode them
+        array_walk($attributes, array($this, 'encode8bit'));
+
+        if ($attributes["address_city"]){ $mod["l"][0]=$attributes["address_city"]; }
+        if ($attributes["address_code"]){ $mod["postalCode"][0]=$attributes["address_code"]; }
+        //if ($attributes["address_country"]){ $mod["countryCode"][0]=$attributes["address_country"]; } // use country codes?
+        if ($attributes["address_country"]){ $mod["c"][0]=$attributes["address_country"]; }
+        if ($attributes["address_pobox"]){ $mod["postOfficeBox"][0]=$attributes["address_pobox"]; }
+        if ($attributes["address_state"]){ $mod["st"][0]=$attributes["address_state"]; }
+        if ($attributes["address_street"]){ $mod["streetAddress"][0]=$attributes["address_street"]; }
+        if ($attributes["company"]){ $mod["company"][0]=$attributes["company"]; }
+        if ($attributes["change_password"]){ $mod["pwdLastSet"][0]=0; }
+        if ($attributes["department"]){ $mod["department"][0]=$attributes["department"]; }
+        if ($attributes["description"]){ $mod["description"][0]=$attributes["description"]; }
+        if ($attributes["display_name"]){ $mod["displayName"][0]=$attributes["display_name"]; }
+        if ($attributes["email"]){ $mod["mail"][0]=$attributes["email"]; }
+        if ($attributes["expires"]){ $mod["accountExpires"][0]=$attributes["expires"]; } //unix epoch format?
+        if ($attributes["firstname"]){ $mod["givenName"][0]=$attributes["firstname"]; }
+        if ($attributes["home_directory"]){ $mod["homeDirectory"][0]=$attributes["home_directory"]; }
+        if ($attributes["home_drive"]){ $mod["homeDrive"][0]=$attributes["home_drive"]; }
+        if ($attributes["initials"]){ $mod["initials"][0]=$attributes["initials"]; }
+        if ($attributes["logon_name"]){ $mod["userPrincipalName"][0]=$attributes["logon_name"]; }
+        if ($attributes["manager"]){ $mod["manager"][0]=$attributes["manager"]; }  //UNTESTED ***Use DistinguishedName***
+        if ($attributes["office"]){ $mod["physicalDeliveryOfficeName"][0]=$attributes["office"]; }
+        if ($attributes["password"]){ $mod["unicodePwd"][0]=$this->user()->encodePassword($attributes["password"]); }
+        if ($attributes["profile_path"]){ $mod["profilepath"][0]=$attributes["profile_path"]; }
+        if ($attributes["script_path"]){ $mod["scriptPath"][0]=$attributes["script_path"]; }
+        if ($attributes["surname"]){ $mod["sn"][0]=$attributes["surname"]; }
+        if ($attributes["title"]){ $mod["title"][0]=$attributes["title"]; }
+        if ($attributes["telephone"]){ $mod["telephoneNumber"][0]=$attributes["telephone"]; }
+        if ($attributes["mobile"]){ $mod["mobile"][0]=$attributes["mobile"]; }
+        if ($attributes["pager"]){ $mod["pager"][0]=$attributes["pager"]; }
+        if ($attributes["ipphone"]){ $mod["ipphone"][0]=$attributes["ipphone"]; }
+        if ($attributes["web_page"]){ $mod["wWWHomePage"][0]=$attributes["web_page"]; }
+        if ($attributes["fax"]){ $mod["facsimileTelephoneNumber"][0]=$attributes["fax"]; }
+        if ($attributes["enabled"]){ $mod["userAccountControl"][0]=$attributes["enabled"]; }
+        if ($attributes["homephone"]){ $mod["homephone"][0]=$attributes["homephone"]; }
+        
+        // Distribution List specific schema
+        if ($attributes["group_sendpermission"]){ $mod["dlMemSubmitPerms"][0]=$attributes["group_sendpermission"]; }
+        if ($attributes["group_rejectpermission"]){ $mod["dlMemRejectPerms"][0]=$attributes["group_rejectpermission"]; }
+        
+        // Exchange Schema
+        if ($attributes["exchange_homemdb"]){ $mod["homeMDB"][0]=$attributes["exchange_homemdb"]; }
+        if ($attributes["exchange_mailnickname"]){ $mod["mailNickname"][0]=$attributes["exchange_mailnickname"]; }
+        if ($attributes["exchange_proxyaddress"]){ $mod["proxyAddresses"][0]=$attributes["exchange_proxyaddress"]; }
+        if ($attributes["exchange_usedefaults"]){ $mod["mDBUseDefaults"][0]=$attributes["exchange_usedefaults"]; }
+        if ($attributes["exchange_policyexclude"]){ $mod["msExchPoliciesExcluded"][0]=$attributes["exchange_policyexclude"]; }
+        if ($attributes["exchange_policyinclude"]){ $mod["msExchPoliciesIncluded"][0]=$attributes["exchange_policyinclude"]; }       
+        if ($attributes["exchange_addressbook"]){ $mod["showInAddressBook"][0]=$attributes["exchange_addressbook"]; }    
+        if ($attributes["exchange_altrecipient"]){ $mod["altRecipient"][0]=$attributes["exchange_altrecipient"]; } 
+        if ($attributes["exchange_deliverandredirect"]){ $mod["deliverAndRedirect"][0]=$attributes["exchange_deliverandredirect"]; }    
+        
+        // This schema is designed for contacts
+        if ($attributes["exchange_hidefromlists"]){ $mod["msExchHideFromAddressLists"][0]=$attributes["exchange_hidefromlists"]; }
+        if ($attributes["contact_email"]){ $mod["targetAddress"][0]=$attributes["contact_email"]; }
+        
+        //echo ("<pre>"); print_r($mod);
+        /*
+        // modifying a name is a bit fiddly
+        if ($attributes["firstname"] && $attributes["surname"]){
+            $mod["cn"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["displayname"][0]=$attributes["firstname"]." ".$attributes["surname"];
+            $mod["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+        }
+        */
+
+        if (count($mod)==0){ return (false); }
+        return ($mod);
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    protected function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i<strlen($item); $i++) {
+                if (ord($item[$i]) >> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }
+    
+    /**
+    * Select a random domain controller from your domain controller array
+    * 
+    * @return string
+    */
+    protected function randomController() 
+    {
+        mt_srand(doubleval(microtime()) * 100000000); // For older PHP versions
+        /*if (sizeof($this->domainControllers) > 1) {
+            $adController = $this->domainControllers[array_rand($this->domainControllers)]; 
+            // Test if the controller is responding to pings
+            $ping = $this->pingController($adController); 
+            if ($ping === false) { 
+                // Find the current key in the domain controllers array
+                $key = array_search($adController, $this->domainControllers);
+                // Remove it so that we don't end up in a recursive loop
+                unset($this->domainControllers[$key]);
+                // Select a new controller
+                return $this->randomController(); 
+            }
+            else { 
+                return ($adController); 
+            }
+        } */
+        return $this->domainControllers[array_rand($this->domainControllers)];
+    }  
+    
+    /** 
+    * Test basic connectivity to controller 
+    * 
+    * @return bool
+    */ 
+    protected function pingController($host) {
+        $port = $this->adPort; 
+        fsockopen($host, $port, $errno, $errstr, 10); 
+        if ($errno > 0) {
+            return false;
+        }
+        return true;
+    }
+
+}
+
+/**
+* adLDAP Exception Handler
+* 
+* Exceptions of this type are thrown on bind failure or when SSL is required but not configured
+* Example:
+* try {
+*   $adldap = new adLDAP();
+* }
+* catch (adLDAPException $e) {
+*   echo $e;
+*   exit();
+* }
+*/
+class adLDAPException extends Exception {}
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
new file mode 100644
index 0000000..aabd88f
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPComputers.php
@@ -0,0 +1,153 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Computers
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPComputerCollection.php');  
+
+/**
+* COMPUTER MANAGEMENT FUNCTIONS
+*/
+class adLDAPComputers {
+    
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Get information about a specific computer. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Attributes to return
+    * @return array
+    */
+    public function info($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "(&(objectClass=computer)(cn=" . $computerName . "))";
+        if ($fields === NULL) { 
+            $fields = array("memberof","cn","displayname","dnshostname","distinguishedname","objectcategory","operatingsystem","operatingsystemservicepack","operatingsystemversion"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        return $entries;
+    }
+    
+    /**
+    * Find information about the computers. Returned in a raw array format from AD
+    * 
+    * @param string $computerName The name of the computer
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($computerName, $fields = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($computerName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPComputerCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Check if a computer is in a group
+    * 
+    * @param string $computerName The name of the computer
+    * @param string $group The group to check
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function inGroup($computerName, $group, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // use the default option if they haven't set it
+
+        //get a list of the groups
+        $groups = $this->groups($computerName, array("memberof"), $recursive);
+
+        //return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Get the groups a computer is in
+    * 
+    * @param string $computerName The name of the computer
+    * @param bool $recursive Whether to check recursively
+    * @return array
+    */
+    public function groups($computerName, $recursive = NULL)
+    {
+        if ($computerName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+
+        //search the directory for their information
+        $info = @$this->info($computerName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true) {
+            foreach ($groups as $id => $groupName){
+              $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+              $groups = array_merge($groups, $extraGroups);
+            }
+        }
+
+        return $groups;
+    }
+    
+}
+?>
\ No newline at end of file
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
new file mode 100644
index 0000000..42a0d75
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPContacts.php
@@ -0,0 +1,294 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Contacts
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPContactCollection.php');
+
+class adLDAPContacts {
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    //*****************************************************************************************************************
+    // CONTACT FUNCTIONS
+    // * Still work to do in this area, and new functions to write
+    
+    /**
+    * Create a contact
+    * 
+    * @param array $attributes The attributes to set to the contact
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("display_name", $attributes)) { return "Missing compulsory field [display_name]"; }
+        if (!array_key_exists("email", $attributes)) { return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)) { return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding contacts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "contact"; 
+        if (!isset($attributes['exchange_hidefromlists'])) {
+            $add["msExchHideFromAddressLists"][0] = "TRUE";
+        }
+
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container= "OU=" . implode(",OU=", $attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $this->adldap->utilities()->escapeCharacters($add["cn"][0]) . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }  
+    
+    /**
+    * Determine the list of groups a contact is a member of
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param bool $recursive Recursively check groups
+    * @return array
+    */
+    public function groups($distinguishedName, $recursive = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($distinguishedName, array("memberof", "primarygroupid"));
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); //presuming the entry returned is our contact
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Get contact information. Returned in a raw array format from AD
+    * 
+    * @param string $distinguisedname The full DN of a contact
+    * @param array $fields Attributes to be returned
+    * @return array
+    */
+    public function info($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = "distinguishedName=" . $distinguishedName;
+        if ($fields === NULL) { 
+            $fields = array("distinguishedname", "mail", "memberof", "department", "displayname", "telephonenumber", "primarygroupid", "objectsid"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if ($entries[0]['count'] >= 1) {
+            // AD does not return the primary group in the ldap query, we may need to fudge it
+            if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["primarygroupid"][0])){
+                //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+            } else {
+                $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+            }
+        }
+        
+        $entries[0]["memberof"]["count"]++;
+        return $entries;
+    }
+    
+    /**
+    * Find information about the contacts. Returned in a raw array format from AD
+    * 
+    * @param string $distinguishedName The full DN of a contact 
+    * @param array $fields Array of parameters to query
+    * @return mixed
+    */
+    public function infoCollection($distinguishedName, $fields = NULL)
+    {
+        if ($distinguishedName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($distinguishedName, $fields);
+        
+        if ($info !== false) {
+            $collection = new adLDAPContactCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a contact is a member of a group
+    * 
+    * @param string $distinguisedName The full DN of a contact
+    * @param string $group The group name to query
+    * @param bool $recursive Recursively check groups
+    * @return bool
+    */
+    public function inGroup($distinguisedName, $group, $recursive = NULL)
+    {
+        if ($distinguisedName === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($distinguisedName, array("memberof"), $recursive);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)){ 
+            return true; 
+        }
+
+        return false;
+    }          
+    
+    /**
+    * Modify a contact
+    * 
+    * @param string $distinguishedName The contact to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @return bool
+    */
+    public function modify($distinguishedName, $attributes) {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedname]"; }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { 
+            return false; 
+        }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Delete a contact
+    * 
+    * @param string $distinguishedName The contact dn to delete (please be careful here!)
+    * @return array
+    */
+    public function delete($distinguishedName) 
+    {
+        $result = $this->folder()->delete($distinguishedName);
+        if ($result != true) { 
+            return false; 
+        }       
+        return true;
+    }
+    
+    /**
+    * Return a list of all contacts
+    * 
+    * @param bool $includeDescription Include a description of a contact
+    * @param string $search The search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=contact)(cn=" . $search . "))";
+        $fields = array("displayname","distinguishedname");           
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["distinguishedname"][0]] = $entries[$i]["distinguishedname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["distinguishedname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedname The contact to mail enable
+    * @param string $emailaddress The email address to allow emails to be sent through
+    * @param string $mailnickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL){
+        return $this->adldap->exchange()->contactMailEnable($distinguishedName, $emailAddress, $mailNickname);
+    }
+    
+    
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
new file mode 100644
index 0000000..d70aac7
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPExchange.php
@@ -0,0 +1,390 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Exchange
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* MICROSOFT EXCHANGE FUNCTIONS
+*/
+class adLDAPExchange {
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Create an Exchange account
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param array $storageGroup The mailbox, Exchange Storage Group, for the user account, this must be a full CN
+    *                            If the storage group has a different base_dn to the adLDAP configuration, set it using $base_dn
+    * @param string $emailAddress The primary email address to add to this user
+    * @param string $mailNickname The mail nick name.  If mail nickname is blank, the username will be used
+    * @param bool $mdbUseDefaults Indicates whether the store should use the default quota, rather than the per-mailbox quota.
+    * @param string $baseDn Specify an alternative base_dn for the Exchange storage group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function createMailbox($username, $storageGroup, $emailAddress, $mailNickname=NULL, $useDefaults=TRUE, $baseDn=NULL, $isGUID=false)
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        if ($storageGroup === NULL) { return "Missing compulsory array [storagegroup]"; }
+        if (!is_array($storageGroup)) { return "[storagegroup] must be an array"; }
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }
+        
+        if ($baseDn === NULL) {
+            $baseDn = $this->adldap->getBaseDn();   
+        }
+        
+        $container = "CN=" . implode(",CN=", $storageGroup);
+        
+        if ($mailNickname === NULL) { 
+            $mailNickname = $username; 
+        }
+        $mdbUseDefaults = $this->adldap->utilities()->boolToString($useDefaults);
+        
+        $attributes = array(
+            'exchange_homemdb'=>$container.",".$baseDn,
+            'exchange_proxyaddress'=>'SMTP:' . $emailAddress,
+            'exchange_mailnickname'=>$mailNickname,
+            'exchange_usedefaults'=>$mdbUseDefaults
+        );
+        $result = $this->adldap->user()->modify($username, $attributes, $isGUID);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add an X400 address to Exchange
+    * See http://tools.ietf.org/html/rfc1685 for more information.
+    * An X400 Address looks similar to this X400:c=US;a= ;p=Domain;o=Organization;s=Doe;g=John;
+    * 
+    * @param string $username The username of the user to add the X400 to to
+    * @param string $country Country
+    * @param string $admd Administration Management Domain
+    * @param string $pdmd Private Management Domain (often your AD domain)
+    * @param string $org Organization
+    * @param string $surname Surname
+    * @param string $givenName Given name
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addX400($username, $country, $admd, $pdmd, $org, $surname, $givenName, $isGUID=false) 
+    {
+        if ($username === NULL){ return "Missing compulsory field [username]"; }     
+        
+        $proxyValue = 'X400:';
+            
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We do not have to demote an email address from the default so we can just add the new proxy address
+        $attributes['exchange_proxyaddress'] = $proxyValue . 'c=' . $country . ';a=' . $admd . ';p=' . $pdmd . ';o=' . $org . ';s=' . $surname . ';g=' . $givenName . ';';
+       
+        // Translate the update to the LDAP schema                
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        if (!$add) { return false; }
+        
+        // Do the update
+        // Take out the @ to see any errors, usually this error might occur because the address already
+        // exists in the list of proxyAddresses
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Add an address to Exchange
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $default Make this email address the default address, this is a bit more intensive as we have to demote any existing default addresses
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addAddress($username, $emailAddress, $default = FALSE, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        $proxyValue = 'smtp:';
+        if ($default === true) {
+            $proxyValue = 'SMTP:';
+        }
+              
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        // We need to scan existing proxy addresses and demote the default one
+        if (is_array($user[0]["proxyaddresses"]) && $default === true) {
+            $modAddresses = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] != '') {
+                    $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+                }
+            }
+            $modAddresses['proxyAddresses'][(sizeof($user[0]['proxyaddresses'])-1)] = 'SMTP:' . $emailAddress;
+            
+            $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            // We do not have to demote an email address from the default so we can just add the new proxy address
+            $attributes['exchange_proxyaddress'] = $proxyValue . $emailAddress;
+            
+            // Translate the update to the LDAP schema                
+            $add = $this->adldap->adldap_schema($attributes);
+            
+            if (!$add) { 
+                return false; 
+            }
+            
+            // Do the update
+            // Take out the @ to see any errors, usually this error might occur because the address already
+            // exists in the list of proxyAddresses
+            $result = @ldap_mod_add($this->adldap->getLdapConnection(), $userDn,$add);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+    }
+    
+    /**
+    * Remove an address to Exchange
+    * If you remove a default address the account will no longer have a default, 
+    * we recommend changing the default address first
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to add to this user
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function deleteAddress($username, $emailAddress, $isGUID=false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL) { return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $mod = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false && $user[0]['proxyaddresses'][$i] == 'SMTP:' . $emailAddress) {
+                    $mod['proxyAddresses'][0] = 'SMTP:' . $emailAddress;
+                }
+                elseif (strstr($user[0]['proxyaddresses'][$i], 'smtp:') !== false && $user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
+                    $mod['proxyAddresses'][0] = 'smtp:' . $emailAddress;
+                }
+            }
+            
+            $result = @ldap_mod_del($this->adldap->getLdapConnection(), $userDn,$mod);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        else {
+            return false;
+        }
+    }
+    /**
+    * Change the default address
+    * 
+    * @param string $username The username of the user to add the Exchange account to
+    * @param string $emailAddress The email address to make default
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function primaryAddress($username, $emailAddress, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }     
+        if ($emailAddress === NULL) { return "Missing compulsory fields [emailAddress]"; }
+        
+        // Find the dn of the user
+        $user = $this->adldap->user()->info($username, array("cn","proxyaddresses"), $isGUID);
+        if ($user[0]["dn"] === NULL){ return false; }
+        $userDn = $user[0]["dn"];
+        
+        if (is_array($user[0]["proxyaddresses"])) {
+            $modAddresses = array();
+            for ($i=0;$i<sizeof($user[0]['proxyaddresses']);$i++) {
+                if (strstr($user[0]['proxyaddresses'][$i], 'SMTP:') !== false) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('SMTP:', 'smtp:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] == 'smtp:' . $emailAddress) {
+                    $user[0]['proxyaddresses'][$i] = str_replace('smtp:', 'SMTP:', $user[0]['proxyaddresses'][$i]);
+                }
+                if ($user[0]['proxyaddresses'][$i] != '') {
+                    $modAddresses['proxyAddresses'][$i] = $user[0]['proxyaddresses'][$i];
+                }
+            }
+            
+            $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $modAddresses);
+            if ($result == false) { 
+                return false; 
+            }
+            
+            return true;
+        }
+        
+    }
+    
+    /**
+    * Mail enable a contact
+    * Allows email to be sent to them through Exchange
+    * 
+    * @param string $distinguishedName The contact to mail enable
+    * @param string $emailAddress The email address to allow emails to be sent through
+    * @param string $mailNickname The mailnickname for the contact in Exchange.  If NULL this will be set to the display name
+    * @return bool
+    */
+    public function contactMailEnable($distinguishedName, $emailAddress, $mailNickname = NULL)
+    {
+        if ($distinguishedName === NULL) { return "Missing compulsory field [distinguishedName]"; }   
+        if ($emailAddress === NULL) { return "Missing compulsory field [emailAddress]"; }  
+        
+        if ($mailNickname !== NULL) {
+            // Find the dn of the user
+            $user = $this->adldap->contact()->info($distinguishedName, array("cn","displayname"));
+            if ($user[0]["displayname"] === NULL) { return false; }
+            $mailNickname = $user[0]['displayname'][0];
+        }
+        
+        $attributes = array("email"=>$emailAddress,"contact_email"=>"SMTP:" . $emailAddress,"exchange_proxyaddress"=>"SMTP:" . $emailAddress,"exchange_mailnickname" => $mailNickname);
+         
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod) { return false; }
+        
+        // Do the update
+        $result = ldap_modify($this->adldap->getLdapConnection(), $distinguishedName, $mod);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Returns a list of Exchange Servers in the ConfigurationNamingContext of the domain
+    * 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function servers($attributes = array('cn','distinguishedname','serialnumber')) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        
+        $configurationNamingContext = $this->adldap->getRootDse(array('configurationnamingcontext'));
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $configurationNamingContext[0]['configurationnamingcontext'][0],'(&(objectCategory=msExchExchangeServer))', $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Storage Groups in Exchange for a given mail server
+    * 
+    * @param string $exchangeServer The full DN of an Exchange server.  You can use exchange_servers() to find the DN for your server
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @param bool $recursive If enabled this will automatically query the databases within a storage group
+    * @return array
+    */
+    public function storageGroups($exchangeServer, $attributes = array('cn','distinguishedname'), $recursive = NULL) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($exchangeServer === NULL) { return "Missing compulsory field [exchangeServer]"; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); }
+
+        $filter = '(&(objectCategory=msExchStorageGroup))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $exchangeServer, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if ($recursive === true) {
+            for ($i=0; $i<$entries['count']; $i++) {
+                $entries[$i]['msexchprivatemdb'] = $this->storageDatabases($entries[$i]['distinguishedname'][0]);       
+            }
+        }
+        
+        return $entries;
+    }
+    
+    /**
+    * Returns a list of Databases within any given storage group in Exchange for a given mail server
+    * 
+    * @param string $storageGroup The full DN of an Storage Group.  You can use exchange_storage_groups() to find the DN 
+    * @param array $attributes An array of the AD attributes you wish to return
+    * @return array
+    */
+    public function storageDatabases($storageGroup, $attributes = array('cn','distinguishedname','displayname')) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($storageGroup === NULL) { return "Missing compulsory field [storageGroup]"; }
+        
+        $filter = '(&(objectCategory=msExchPrivateMDB))';
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $storageGroup, $filter, $attributes);
+        $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        return $entries;
+    }
+}
+?>
\ No newline at end of file
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
new file mode 100644
index 0000000..67b1474
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPFolders.php
@@ -0,0 +1,179 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Folders
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* FOLDER / OU MANAGEMENT FUNCTIONS
+*/
+class adLDAPFolders {
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Delete a distinguished name from Active Directory
+    * You should never need to call this yourself, just use the wrapper functions user_delete and contact_delete
+    *
+    * @param string $dn The distinguished name to delete
+    * @return bool
+    */
+    public function delete($dn){ 
+        $result = ldap_delete($this->adldap->getLdapConnection(), $dn);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Returns a folder listing for a specific OU
+    * See http://adldap.sourceforge.net/wiki/doku.php?id=api_folder_functions
+    * 
+    * @param array $folderName An array to the OU you wish to list. 
+    *                           If set to NULL will list the root, strongly recommended to set 
+    *                           $recursive to false in that instance!
+    * @param string $dnType The type of record to list.  This can be ADLDAP_FOLDER or ADLDAP_CONTAINER.
+    * @param bool $recursive Recursively search sub folders
+    * @param bool $type Specify a type of object to search for
+    * @return array
+    */
+    public function listing($folderName = NULL, $dnType = adLDAP::ADLDAP_FOLDER, $recursive = NULL, $type = NULL) 
+    {
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } //use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        $filter = '(&';
+        if ($type !== NULL) {
+            switch ($type) {
+                case 'contact':
+                    $filter .= '(objectClass=contact)';
+                    break;
+                case 'computer':
+                    $filter .= '(objectClass=computer)';
+                    break;
+                case 'group':
+                    $filter .= '(objectClass=group)';
+                    break;
+                case 'folder':
+                    $filter .= '(objectClass=organizationalUnit)';
+                    break;
+                case 'container':
+                    $filter .= '(objectClass=container)';
+                    break;
+                case 'domain':
+                    $filter .= '(objectClass=builtinDomain)';
+                    break;
+                default:
+                    $filter .= '(objectClass=user)';
+                    break;   
+            }
+        }
+        else {
+            $filter .= '(objectClass=*)';   
+        }
+        // If the folder name is null then we will search the root level of AD
+        // This requires us to not have an OU= part, just the base_dn
+        $searchOu = $this->adldap->getBaseDn();
+        if (is_array($folderName)) {
+            $ou = $dnType . "=" . implode("," . $dnType . "=", $folderName);
+            $filter .= '(!(distinguishedname=' . $ou . ',' . $this->adldap->getBaseDn() . ')))';
+            $searchOu = $ou . ',' . $this->adldap->getBaseDn();
+        }
+        else {
+            $filter .= '(!(distinguishedname=' . $this->adldap->getBaseDn() . ')))';
+        }
+
+        if ($recursive === true) {
+            $sr = ldap_search($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        else {
+            $sr = ldap_list($this->adldap->getLdapConnection(), $searchOu, $filter, array('objectclass', 'distinguishedname', 'samaccountname'));
+            $entries = @ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+            if (is_array($entries)) {
+                return $entries;
+            }
+        }
+        
+        return false;
+    }
+
+    /**
+    * Create an organizational unit
+    * 
+    * @param array $attributes Default attributes of the ou
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!is_array($attributes["container"])) { return "Container attribute must be an array."; }
+        if (!array_key_exists("ou_name",$attributes)) { return "Missing compulsory field [ou_name]"; }
+        if (!array_key_exists("container",$attributes)) { return "Missing compulsory field [container]"; }
+        
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        $add=array();
+        $add["objectClass"] = "organizationalUnit";
+        $add["OU"] = $attributes['ou_name'];
+        $containers = "";
+        if (count($attributes['container']) > 0) {
+            $containers = "OU=" . implode(",OU=", $attributes["container"]) . ",";
+        }
+
+        $containers = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "OU=" . $add["OU"] . ", " . $containers . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+}
+
+?>
\ No newline at end of file
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
new file mode 100644
index 0000000..94bc048
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPGroups.php
@@ -0,0 +1,631 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Groups
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPGroupCollection.php');
+
+/**
+* GROUP FUNCTIONS
+*/
+class adLDAPGroups {
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Add a group to a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function addGroup($parent,$child){
+
+        // Find the parent group's dn
+        $parentGroup = $this->ginfo($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL){
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child group's dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+                
+        $add = array();
+        $add["member"] = $childDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $parentDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a user to a group
+    * 
+    * @param string $group The group to add the user to
+    * @param string $user The user to add to the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function addUser($group, $user, $isGUID = false)
+    {
+        // Adding a user is a bit fiddly, we need to get the full DN of the user
+        // and add it using the full DN of the group
+        
+        // Find the user's dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $userDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Add a contact to a group
+    * 
+    * @param string $group The group to add the contact to
+    * @param string $contactDn The DN of the contact to add
+    * @return bool
+    */
+    public function addContact($group, $contactDn)
+    {
+        // To add a contact we take the contact's DN
+        // and add it using the full DN of the group
+        
+        // Find the group's dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        $add = array();
+        $add["member"] = $contactDn;
+        
+        $result = @ldap_mod_add($this->adldap->getLdapConnection(), $groupDn, $add);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+
+    /**
+    * Create a group
+    * 
+    * @param array $attributes Default attributes of the group
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        if (!is_array($attributes)){ return "Attributes must be an array"; }
+        if (!array_key_exists("group_name", $attributes)){ return "Missing compulsory field [group_name]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!array_key_exists("description", $attributes)){ return "Missing compulsory field [description]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+        $attributes["container"] = array_reverse($attributes["container"]);
+
+        //$member_array = array();
+        //$member_array[0] = "cn=user1,cn=Users,dc=yourdomain,dc=com";
+        //$member_array[1] = "cn=administrator,cn=Users,dc=yourdomain,dc=com";
+        
+        $add = array();
+        $add["cn"] = $attributes["group_name"];
+        $add["samaccountname"] = $attributes["group_name"];
+        $add["objectClass"] = "Group";
+        $add["description"] = $attributes["description"];
+        //$add["member"] = $member_array; UNTESTED
+
+        $container = "OU=" . implode(",OU=", $attributes["container"]);
+        $result = ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Delete a group account 
+    * 
+    * @param string $group The group to delete (please be careful here!) 
+    * 
+    * @return array 
+    */
+    public function delete($group) {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($group === null){ return "Missing compulsory field [group]"; }
+        
+        $groupInfo = $this->info($group, array("*"));
+        $dn = $groupInfo[0]['distinguishedname'][0]; 
+        $result = $this->adldap->folder()->delete($dn); 
+        if ($result !== true) { 
+            return false; 
+        } return true;   
+    }
+
+    /**
+    * Remove a group from a group
+    * 
+    * @param string $parent The parent group name
+    * @param string $child The child group name
+    * @return bool
+    */
+    public function removeGroup($parent , $child)
+    {
+    
+        // Find the parent dn
+        $parentGroup = $this->info($parent, array("cn"));
+        if ($parentGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $parentDn = $parentGroup[0]["dn"];
+        
+        // Find the child dn
+        $childGroup = $this->info($child, array("cn"));
+        if ($childGroup[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $childDn = $childGroup[0]["dn"];
+        
+        $del = array();
+        $del["member"] = $childDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $parentDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a user from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $user The AD user to remove from the group
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function removeUser($group, $user, $isGUID = false)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL){ 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+        
+        // Find the users dn
+        $userDn = $this->adldap->user()->dn($user, $isGUID);
+        if ($userDn === false) {
+            return false; 
+        }
+
+        $del = array();
+        $del["member"] = $userDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) {
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Remove a contact from a group
+    * 
+    * @param string $group The group to remove a user from
+    * @param string $contactDn The DN of a contact to remove from the group
+    * @return bool
+    */
+    public function removeContact($group, $contactDn)
+    {
+    
+        // Find the parent dn
+        $groupInfo = $this->info($group, array("cn"));
+        if ($groupInfo[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $groupDn = $groupInfo[0]["dn"];
+    
+        $del = array();
+        $del["member"] = $contactDn;
+        
+        $result = @ldap_mod_del($this->adldap->getLdapConnection(), $groupDn, $del);
+        if ($result == false) { 
+            return false; 
+        }
+        return true;
+    }
+    
+    /**
+    * Return a list of groups in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get groups
+    * @return array
+    */
+    public function inGroup($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $groups = $info[0]["member"];
+        if (!is_array($groups)) {
+            return false;   
+        }
+ 
+        $groupArray = array();
+
+        for ($i=0; $i<$groups["count"]; $i++){ 
+             $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($groups[$i]) . "))";  
+                $fields = array("distinguishedname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['distinguishedname'][0])) {
+                    continue;  
+                }
+                $subGroups = $this->inGroup($entries[0]['distinguishedname'][0], $recursive);  
+                if (is_array($subGroups)) {
+                    $groupArray = array_merge($groupArray, $subGroups); 
+                    $groupArray = array_unique($groupArray);  
+                }
+                continue;  
+             } 
+
+             $groupArray[] = $entries[0]['distinguishedname'][0];
+        }
+        return $groupArray;
+    }
+    
+    /**
+    * Return a list of members in a group
+    * 
+    * @param string $group The group to query
+    * @param bool $recursive Recursively get group members
+    * @return array
+    */
+    public function members($group, $recursive = NULL)
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($recursive === NULL){ $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it 
+        // Search the directory for the members of a group
+        $info = $this->info($group, array("member","cn"));
+        $users = $info[0]["member"];
+        if (!is_array($users)) {
+            return false;   
+        }
+ 
+        $userArray = array();
+
+        for ($i=0; $i<$users["count"]; $i++){ 
+             $filter = "(&(objectCategory=person)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";
+             $fields = array("samaccountname", "distinguishedname", "objectClass");
+             $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+             $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+             // not a person, look for a group  
+             if ($entries['count'] == 0 && $recursive == true) {  
+                $filter = "(&(objectCategory=group)(distinguishedName=" . $this->adldap->utilities()->ldapSlashes($users[$i]) . "))";  
+                $fields = array("samaccountname");  
+                $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);  
+                $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);  
+                if (!isset($entries[0]['samaccountname'][0])) {
+                    continue;  
+                }
+                $subUsers = $this->members($entries[0]['samaccountname'][0], $recursive);  
+                if (is_array($subUsers)) {
+                    $userArray = array_merge($userArray, $subUsers); 
+                    $userArray = array_unique($userArray);  
+                }
+                continue;  
+             } 
+             else if ($entries['count'] == 0) {   
+                continue; 
+             } 
+
+             if ((!isset($entries[0]['samaccountname'][0]) || $entries[0]['samaccountname'][0] === NULL) && $entries[0]['distinguishedname'][0] !== NULL) {
+                 $userArray[] = $entries[0]['distinguishedname'][0];
+             }
+             else if ($entries[0]['samaccountname'][0] !== NULL) {
+                $userArray[] = $entries[0]['samaccountname'][0];
+             }
+        }
+        return $userArray;
+    }
+    
+    /**
+    * Group Information.  Returns an array of raw information about a group.
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return array
+    */
+    public function info($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        if (stristr($groupName, '+')) {
+            $groupName = stripslashes($groupName);   
+        }
+        
+        $filter = "(&(objectCategory=group)(name=" . $this->adldap->utilities()->ldapSlashes($groupName) . "))";
+        if ($fields === NULL) { 
+            $fields = array("member","memberof","cn","description","distinguishedname","objectcategory","samaccountname"); 
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        return $entries;
+    }
+    
+    /**
+    * Group Information.  Returns an collection
+    * The group name is case sensitive
+    * 
+    * @param string $groupName The group name to retrieve info about
+    * @param array $fields Fields to retrieve
+    * @return adLDAPGroupCollection
+    */
+    public function infoCollection($groupName, $fields = NULL)
+    {
+        if ($groupName === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($groupName, $fields);
+        if ($info !== false) {
+            $collection = new adLDAPGroupCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Return a complete list of "groups in groups"
+    * 
+    * @param string $group The group to get the list from
+    * @return array
+    */
+    public function recursiveGroups($group)
+    {
+        if ($group === NULL) { return false; }
+
+        $stack = array(); 
+        $processed = array(); 
+        $retGroups = array(); 
+     
+        array_push($stack, $group); // Initial Group to Start with 
+        while (count($stack) > 0) {
+            $parent = array_pop($stack);
+            array_push($processed, $parent);
+            
+            $info = $this->info($parent, array("memberof"));
+            
+            if (isset($info[0]["memberof"]) && is_array($info[0]["memberof"])) {
+                $groups = $info[0]["memberof"]; 
+                if ($groups) {
+                    $groupNames = $this->adldap->utilities()->niceNames($groups);  
+                    $retGroups = array_merge($retGroups, $groupNames); //final groups to return
+                    foreach ($groupNames as $id => $groupName) { 
+                        if (!in_array($groupName, $processed)) {
+                            array_push($stack, $groupName);
+                        }
+                    }
+                }
+            }
+        }
+        
+        return $retGroups;
+    }
+    
+    /**
+    * Returns a complete list of the groups in AD based on a SAM Account Type  
+    * 
+    * @param string $sAMAaccountType The account type to return
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function search($sAMAaccountType = adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription = false, $search = "*", $sorted = true) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $filter = '(&(objectCategory=group)';
+        if ($sAMAaccountType !== null) {
+            $filter .= '(samaccounttype='. $sAMAaccountType .')';
+        }
+        $filter .= '(cn=' . $search . '))';
+        // Perform the search and grab all their details
+        $fields = array("samaccountname", "description");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $groupsArray = array();        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["description"][0]) > 0 ) {
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["description"][0];
+            }
+            else if ($includeDescription){
+                $groupsArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($groupsArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($groupsArray); 
+        }
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of all groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(null, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of security groups in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allSecurity($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Returns a complete list of distribution lists in AD
+    * 
+    * @param bool $includeDescription Whether to return a description
+    * @param string $search Search parameters
+    * @param bool $sorted Whether to sort the results
+    * @return array
+    */
+    public function allDistribution($includeDescription = false, $search = "*", $sorted = true){
+        $groupsArray = $this->search(adLDAP::ADLDAP_DISTRIBUTION_GROUP, $includeDescription, $search, $sorted);
+        return $groupsArray;
+    }
+    
+    /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * This is a re-write based on code submitted by Bruce which prevents the 
+    * need to search each security group to find the true primary group
+    * 
+    * @param string $gid Group ID
+    * @param string $usersid User's Object SID
+    * @return mixed
+    */
+    public function getPrimaryGroup($gid, $usersid)
+    {
+        if ($gid === NULL || $usersid === NULL) { return false; }
+        $sr = false;
+
+        $gsid = substr_replace($usersid, pack('V',$gid), strlen($usersid)-4,4);
+        $filter = '(objectsid=' . $this->adldap->utilities()->getTextSID($gsid).')';
+        $fields = array("samaccountname","distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        if (isset($entries[0]['distinguishedname'][0])) {
+            return $entries[0]['distinguishedname'][0];
+        }
+        return false;
+     }
+     
+     /**
+    * Coping with AD not returning the primary group
+    * http://support.microsoft.com/?kbid=321360 
+    * 
+    * For some reason it's not possible to search on primarygrouptoken=XXX
+    * If someone can show otherwise, I'd like to know about it :)
+    * this way is resource intensive and generally a pain in the @#%^
+    * 
+    * @deprecated deprecated since version 3.1, see get get_primary_group
+    * @param string $gid Group ID
+    * @return string
+    */
+    public function cn($gid){    
+        if ($gid === NULL) { return false; }
+        $sr = false;
+        $r = '';
+        
+        $filter = "(&(objectCategory=group)(samaccounttype=" . adLDAP::ADLDAP_SECURITY_GLOBAL_GROUP . "))";
+        $fields = array("primarygrouptoken", "samaccountname", "distinguishedname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($entries[$i]["primarygrouptoken"][0] == $gid) {
+                $r = $entries[$i]["distinguishedname"][0];
+                $i = $entries["count"];
+            }
+        }
+
+        return $r;
+    }
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
new file mode 100644
index 0000000..dc3ebd7
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUsers.php
@@ -0,0 +1,682 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage User
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+require_once(dirname(__FILE__) . '/../collections/adLDAPUserCollection.php');
+
+/**
+* USER FUNCTIONS
+*/
+class adLDAPUsers {
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Validate a user's login credentials
+    * 
+    * @param string $username A user's AD username
+    * @param string $password A user's AD password
+    * @param bool optional $prevent_rebind
+    * @return bool
+    */
+    public function authenticate($username, $password, $preventRebind = false) {
+        return $this->adldap->authenticate($username, $password, $preventRebind);
+    }
+    
+    /**
+    * Create a user
+    * 
+    * If you specify a password here, this can only be performed over SSL
+    * 
+    * @param array $attributes The attributes to set to the user account
+    * @return bool
+    */
+    public function create($attributes)
+    {
+        // Check for compulsory fields
+        if (!array_key_exists("username", $attributes)){ return "Missing compulsory field [username]"; }
+        if (!array_key_exists("firstname", $attributes)){ return "Missing compulsory field [firstname]"; }
+        if (!array_key_exists("surname", $attributes)){ return "Missing compulsory field [surname]"; }
+        if (!array_key_exists("email", $attributes)){ return "Missing compulsory field [email]"; }
+        if (!array_key_exists("container", $attributes)){ return "Missing compulsory field [container]"; }
+        if (!is_array($attributes["container"])){ return "Container attribute must be an array."; }
+
+        if (array_key_exists("password",$attributes) && (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS())){ 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        if (!array_key_exists("display_name", $attributes)) { 
+            $attributes["display_name"] = $attributes["firstname"] . " " . $attributes["surname"]; 
+        }
+
+        // Translate the schema
+        $add = $this->adldap->adldap_schema($attributes);
+        
+        // Additional stuff only used for adding accounts
+        $add["cn"][0] = $attributes["display_name"];
+        $add["samaccountname"][0] = $attributes["username"];
+        $add["objectclass"][0] = "top";
+        $add["objectclass"][1] = "person";
+        $add["objectclass"][2] = "organizationalPerson";
+        $add["objectclass"][3] = "user"; //person?
+        //$add["name"][0]=$attributes["firstname"]." ".$attributes["surname"];
+
+        // Set the account control attribute
+        $control_options = array("NORMAL_ACCOUNT");
+        if (!$attributes["enabled"]) { 
+            $control_options[] = "ACCOUNTDISABLE"; 
+        }
+        $add["userAccountControl"][0] = $this->accountControl($control_options);
+        
+        // Determine the container
+        $attributes["container"] = array_reverse($attributes["container"]);
+        $container = "OU=" . implode(", OU=",$attributes["container"]);
+
+        // Add the entry
+        $result = @ldap_add($this->adldap->getLdapConnection(), "CN=" . $add["cn"][0] . ", " . $container . "," . $this->adldap->getBaseDn(), $add);
+        if ($result != true) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Account control options
+    *
+    * @param array $options The options to convert to int 
+    * @return int
+    */
+    protected function accountControl($options)
+    {
+        $val=0;
+
+        if (is_array($options)) {
+            if (in_array("SCRIPT",$options)){ $val=$val+1; }
+            if (in_array("ACCOUNTDISABLE",$options)){ $val=$val+2; }
+            if (in_array("HOMEDIR_REQUIRED",$options)){ $val=$val+8; }
+            if (in_array("LOCKOUT",$options)){ $val=$val+16; }
+            if (in_array("PASSWD_NOTREQD",$options)){ $val=$val+32; }
+            //PASSWD_CANT_CHANGE Note You cannot assign this permission by directly modifying the UserAccountControl attribute.
+            //For information about how to set the permission programmatically, see the "Property flag descriptions" section.
+            if (in_array("ENCRYPTED_TEXT_PWD_ALLOWED",$options)){ $val=$val+128; }
+            if (in_array("TEMP_DUPLICATE_ACCOUNT",$options)){ $val=$val+256; }
+            if (in_array("NORMAL_ACCOUNT",$options)){ $val=$val+512; }
+            if (in_array("INTERDOMAIN_TRUST_ACCOUNT",$options)){ $val=$val+2048; }
+            if (in_array("WORKSTATION_TRUST_ACCOUNT",$options)){ $val=$val+4096; }
+            if (in_array("SERVER_TRUST_ACCOUNT",$options)){ $val=$val+8192; }
+            if (in_array("DONT_EXPIRE_PASSWORD",$options)){ $val=$val+65536; }
+            if (in_array("MNS_LOGON_ACCOUNT",$options)){ $val=$val+131072; }
+            if (in_array("SMARTCARD_REQUIRED",$options)){ $val=$val+262144; }
+            if (in_array("TRUSTED_FOR_DELEGATION",$options)){ $val=$val+524288; }
+            if (in_array("NOT_DELEGATED",$options)){ $val=$val+1048576; }
+            if (in_array("USE_DES_KEY_ONLY",$options)){ $val=$val+2097152; }
+            if (in_array("DONT_REQ_PREAUTH",$options)){ $val=$val+4194304; } 
+            if (in_array("PASSWORD_EXPIRED",$options)){ $val=$val+8388608; }
+            if (in_array("TRUSTED_TO_AUTH_FOR_DELEGATION",$options)){ $val=$val+16777216; }
+        }
+        return $val;
+    }
+    
+    /**
+    * Delete a user account
+    * 
+    * @param string $username The username to delete (please be careful here!)
+    * @param bool $isGUID Is the username a GUID or a samAccountName
+    * @return array
+    */
+    public function delete($username, $isGUID = false) 
+    {      
+        $userinfo = $this->info($username, array("*"), $isGUID);
+        $dn = $userinfo[0]['distinguishedname'][0];
+        $result = $this->adldap->folder()->delete($dn);
+        if ($result != true) { 
+            return false;
+        }        
+        return true;
+    }
+    
+    /**
+    * Groups the user is a member of
+    * 
+    * @param string $username The username to query
+    * @param bool $recursive Recursive list of groups
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function groups($username, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Search the directory for their information
+        $info = @$this->info($username, array("memberof", "primarygroupid"), $isGUID);
+        $groups = $this->adldap->utilities()->niceNames($info[0]["memberof"]); // Presuming the entry returned is our guy (unique usernames)
+
+        if ($recursive === true){
+            foreach ($groups as $id => $groupName){
+                $extraGroups = $this->adldap->group()->recursiveGroups($groupName);
+                $groups = array_merge($groups, $extraGroups);
+            }
+        }
+        
+        return $groups;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return array
+    */
+    public function info($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+
+        if ($isGUID === true) {
+            $username = $this->adldap->utilities()->strGuidToHex($username);
+            $filter = "objectguid=" . $username;
+        }
+        else if (strstr($username, "@")) {
+             $filter = "userPrincipalName=" . $username;
+        }
+        else {
+             $filter = "samaccountname=" . $username;
+        }
+        $filter = "(&(objectCategory=person)({$filter}))";
+        if ($fields === NULL) { 
+            $fields = array("samaccountname","mail","memberof","department","displayname","telephonenumber","primarygroupid","objectsid"); 
+        }
+        if (!in_array("objectsid", $fields)) {
+            $fields[] = "objectsid";
+        }
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+        
+        if (isset($entries[0])) {
+            if ($entries[0]['count'] >= 1) {
+                if (in_array("memberof", $fields)) {
+                    // AD does not return the primary group in the ldap query, we may need to fudge it
+                    if ($this->adldap->getRealPrimaryGroup() && isset($entries[0]["primarygroupid"][0]) && isset($entries[0]["objectsid"][0])){
+                        //$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
+                        $entries[0]["memberof"][] = $this->adldap->group()->getPrimaryGroup($entries[0]["primarygroupid"][0], $entries[0]["objectsid"][0]);
+                    } else {
+                        $entries[0]["memberof"][] = "CN=Domain Users,CN=Users," . $this->adldap->getBaseDn();
+                    }
+                    if (!isset($entries[0]["memberof"]["count"])) {
+                        $entries[0]["memberof"]["count"] = 0;
+                    }
+                    $entries[0]["memberof"]["count"]++;
+                }
+            }
+            
+            return $entries;
+        }
+        return false;
+    }
+    
+    /**
+    * Find information about the users. Returned in a raw array format from AD
+    * 
+    * @param string $username The username to query
+    * @param array $fields Array of parameters to query
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return mixed
+    */
+    public function infoCollection($username, $fields = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        $info = $this->info($username, $fields, $isGUID);
+        
+        if ($info !== false) {
+            $collection = new adLDAPUserCollection($info, $this->adldap);
+            return $collection;
+        }
+        return false;
+    }
+    
+    /**
+    * Determine if a user is in a specific group
+    * 
+    * @param string $username The username to query
+    * @param string $group The name of the group to check against
+    * @param bool $recursive Check groups recursively
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function inGroup($username, $group, $recursive = NULL, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($group === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($recursive === NULL) { $recursive = $this->adldap->getRecursiveGroups(); } // Use the default option if they haven't set it
+        
+        // Get a list of the groups
+        $groups = $this->groups($username, $recursive, $isGUID);
+        
+        // Return true if the specified group is in the group list
+        if (in_array($group, $groups)) { 
+            return true; 
+        }
+
+        return false;
+    }
+    
+    /**
+    * Determine a user's password expiry date
+    * 
+    * @param string $username The username to query
+    * @param book $isGUID Is the username passed a GUID or a samAccountName
+    * @requires bcmath http://php.net/manual/en/book.bc.php
+    * @return array
+    */
+    public function passwordExpiry($username, $isGUID = false) 
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!function_exists('bcmod')) { throw new adLDAPException("Missing function support [bcmod] http://php.net/manual/en/book.bc.php"); };
+        
+        $userInfo = $this->info($username, array("pwdlastset", "useraccountcontrol"), $isGUID);
+        $pwdLastSet = $userInfo[0]['pwdlastset'][0];
+        $status = array();
+        
+        if ($userInfo[0]['useraccountcontrol'][0] == '66048') {
+            // Password does not expire
+            return "Does not expire";
+        }
+        if ($pwdLastSet === '0') {
+            // Password has already expired
+            return "Password has expired";
+        }
+        
+         // Password expiry in AD can be calculated from TWO values:
+         //   - User's own pwdLastSet attribute: stores the last time the password was changed
+         //   - Domain's maxPwdAge attribute: how long passwords last in the domain
+         //
+         // Although Microsoft chose to use a different base and unit for time measurements.
+         // This function will convert them to Unix timestamps
+         $sr = ldap_read($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), 'objectclass=*', array('maxPwdAge'));
+         if (!$sr) {
+             return false;
+         }
+         $info = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+         $maxPwdAge = $info[0]['maxpwdage'][0];
+         
+
+         // See MSDN: http://msdn.microsoft.com/en-us/library/ms974598.aspx
+         //
+         // pwdLastSet contains the number of 100 nanosecond intervals since January 1, 1601 (UTC), 
+         // stored in a 64 bit integer. 
+         //
+         // The number of seconds between this date and Unix epoch is 11644473600.
+         //
+         // maxPwdAge is stored as a large integer that represents the number of 100 nanosecond
+         // intervals from the time the password was set before the password expires.
+         //
+         // We also need to scale this to seconds but also this value is a _negative_ quantity!
+         //
+         // If the low 32 bits of maxPwdAge are equal to 0 passwords do not expire
+         //
+         // Unfortunately the maths involved are too big for PHP integers, so I've had to require
+         // BCMath functions to work with arbitrary precision numbers.
+         if (bcmod($maxPwdAge, 4294967296) === '0') {
+            return "Domain does not expire passwords";
+        }
+        
+        // Add maxpwdage and pwdlastset and we get password expiration time in Microsoft's
+        // time units.  Because maxpwd age is negative we need to subtract it.
+        $pwdExpire = bcsub($pwdLastSet, $maxPwdAge);
+    
+        // Convert MS's time to Unix time
+        $status['expiryts'] = bcsub(bcdiv($pwdExpire, '10000000'), '11644473600');
+        $status['expiryformat'] = date('Y-m-d H:i:s', bcsub(bcdiv($pwdExpire, '10000000'), '11644473600'));
+        
+        return $status;
+    }
+    
+    /**
+    * Modify a user
+    * 
+    * @param string $username The username to query
+    * @param array $attributes The attributes to modify.  Note if you set the enabled attribute you must not specify any other attributes
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function modify($username, $attributes, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        if (array_key_exists("password", $attributes) && !$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL/TLS must be configured on your webserver and enabled in the class to set passwords.');
+        }
+
+        // Find the dn of the user
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+        
+        // Translate the update to the LDAP schema                
+        $mod = $this->adldap->adldap_schema($attributes);
+        
+        // Check to see if this is an enabled status update
+        if (!$mod && !array_key_exists("enabled", $attributes)){ 
+            return false; 
+        }
+        
+        // Set the account control attribute (only if specified)
+        if (array_key_exists("enabled", $attributes)){
+            if ($attributes["enabled"]){ 
+                $controlOptions = array("NORMAL_ACCOUNT"); 
+            }
+            else { 
+                $controlOptions = array("NORMAL_ACCOUNT", "ACCOUNTDISABLE"); 
+            }
+            $mod["userAccountControl"][0] = $this->accountControl($controlOptions);
+        }
+
+        // Do the update
+        $result = @ldap_modify($this->adldap->getLdapConnection(), $userDn, $mod);
+        if ($result == false) { 
+            return false; 
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Disable a user account
+    * 
+    * @param string $username The username to disable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function disable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 0);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Enable a user account
+    * 
+    * @param string $username The username to enable
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function enable($username, $isGUID = false)
+    {
+        if ($username === NULL) { return "Missing compulsory field [username]"; }
+        $attributes = array("enabled" => 1);
+        $result = $this->modify($username, $attributes, $isGUID);
+        if ($result == false) { return false; }
+        
+        return true;
+    }
+    
+    /**
+    * Set the password of a user - This must be performed over SSL
+    * 
+    * @param string $username The username to modify
+    * @param string $password The new password
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return bool
+    */
+    public function password($username, $password, $isGUID = false)
+    {
+        if ($username === NULL) { return false; }
+        if ($password === NULL) { return false; }
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if (!$this->adldap->getUseSSL() && !$this->adldap->getUseTLS()) { 
+            throw new adLDAPException('SSL must be configured on your webserver and enabled in the class to set passwords.');
+        }
+        
+        $userDn = $this->dn($username, $isGUID);
+        if ($userDn === false) { 
+            return false; 
+        }
+                
+        $add=array();
+        $add["unicodePwd"][0] = $this->encodePassword($password);
+        
+        $result = @ldap_mod_replace($this->adldap->getLdapConnection(), $userDn, $add);
+        if ($result === false){
+            $err = ldap_errno($this->adldap->getLdapConnection());
+            if ($err) {
+                $msg = 'Error ' . $err . ': ' . ldap_err2str($err) . '.';
+                if($err == 53) {
+                    $msg .= ' Your password might not match the password policy.';
+                }
+                throw new adLDAPException($msg);
+            }
+            else {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    /**
+    * Encode a password for transmission over LDAP
+    *
+    * @param string $password The password to encode
+    * @return string
+    */
+    public function encodePassword($password)
+    {
+        $password="\"".$password."\"";
+        $encoded="";
+        for ($i=0; $i <strlen($password); $i++){ $encoded.="{$password{$i}}\000"; }
+        return $encoded;
+    }
+     
+    /**
+    * Obtain the user's distinguished name based on their userid 
+    * 
+    * 
+    * @param string $username The username
+    * @param bool $isGUID Is the username passed a GUID or a samAccountName
+    * @return string
+    */
+    public function dn($username, $isGUID=false)
+    {
+        $user = $this->info($username, array("cn"), $isGUID);
+        if ($user[0]["dn"] === NULL) { 
+            return false; 
+        }
+        $userDn = $user[0]["dn"];
+        return $userDn;
+    }
+    
+    /**
+    * Return a list of all users in AD
+    * 
+    * @param bool $includeDescription Return a description of the user
+    * @param string $search Search parameter
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function all($includeDescription = false, $search = "*", $sorted = true)
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        
+        // Perform the search and grab all their details
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)(cn=" . $search . "))";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i<$entries["count"]; $i++){
+            if ($includeDescription && strlen($entries[$i]["displayname"][0])>0){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            } elseif ($includeDescription){
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            } else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted) { 
+            asort($usersArray); 
+        }
+        return $usersArray;
+    }
+    
+    /**
+    * Converts a username (samAccountName) to a GUID
+    * 
+    * @param string $username The username to query
+    * @return string
+    */
+    public function usernameToGuid($username) 
+    {
+        if (!$this->adldap->getLdapBind()){ return false; }
+        if ($username === null){ return "Missing compulsory field [username]"; }
+        
+        $filter = "samaccountname=" . $username; 
+        $fields = array("objectGUID"); 
+        $sr = @ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); 
+        if (ldap_count_entries($this->adldap->getLdapConnection(), $sr) > 0) { 
+            $entry = @ldap_first_entry($this->adldap->getLdapConnection(), $sr); 
+            $guid = @ldap_get_values_len($this->adldap->getLdapConnection(), $entry, 'objectGUID'); 
+            $strGUID = $this->adldap->utilities()->binaryToText($guid[0]);          
+            return $strGUID; 
+        }
+        return false; 
+    }
+    
+    /**
+    * Return a list of all users in AD that have a specific value in a field
+    *
+    * @param bool $includeDescription Return a description of the user
+    * @param string $searchField Field to search search for
+    * @param string $searchFilter Value to search for in the specified field
+    * @param bool $sorted Sort the user accounts
+    * @return array
+    */
+    public function find($includeDescription = false, $searchField = false, $searchFilter = false, $sorted = true){
+        if (!$this->adldap->getLdapBind()){ return false; }
+          
+        // Perform the search and grab all their details
+        $searchParams = "";
+        if ($searchField) {
+            $searchParams = "(" . $searchField . "=" . $searchFilter . ")";
+        }                           
+        $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT .")(objectCategory=person)" . $searchParams . ")";
+        $fields = array("samaccountname","displayname");
+        $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
+        $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
+
+        $usersArray = array();
+        for ($i=0; $i < $entries["count"]; $i++) {
+            if ($includeDescription && strlen($entries[$i]["displayname"][0]) > 0) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["displayname"][0];
+            }
+            else if ($includeDescription) {
+                $usersArray[$entries[$i]["samaccountname"][0]] = $entries[$i]["samaccountname"][0];
+            }
+            else {
+                array_push($usersArray, $entries[$i]["samaccountname"][0]);
+            }
+        }
+        if ($sorted){ 
+          asort($usersArray); 
+        }
+        return ($usersArray);
+    }
+    
+    /**
+    * Move a user account to a different OU
+    *
+    * @param string $username The username to move (please be careful here!)
+    * @param array $container The container or containers to move the user to (please be careful here!).
+    * accepts containers in 1. parent 2. child order
+    * @return array
+    */
+    public function move($username, $container) 
+    {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        if ($container === null) { return "Missing compulsory field [container]"; }
+        if (!is_array($container)) { return "Container must be an array"; }
+        
+        $userInfo = $this->info($username, array("*"));
+        $dn = $userInfo[0]['distinguishedname'][0];
+        $newRDn = "cn=" . $username;
+        $container = array_reverse($container);
+        $newContainer = "ou=" . implode(",ou=",$container);
+        $newBaseDn = strtolower($newContainer) . "," . $this->adldap->getBaseDn();
+        $result = @ldap_rename($this->adldap->getLdapConnection(), $dn, $newRDn, $newBaseDn, true);
+        if ($result !== true) {
+            return false;
+        }
+        return true;
+    }
+    
+    /**
+    * Get the last logon time of any user as a Unix timestamp
+    * 
+    * @param string $username
+    * @return long $unixTimestamp
+    */
+    public function getLastLogon($username) {
+        if (!$this->adldap->getLdapBind()) { return false; }
+        if ($username === null) { return "Missing compulsory field [username]"; }
+        $userInfo = $this->info($username, array("lastLogonTimestamp"));
+        $lastLogon = adLDAPUtils::convertWindowsTimeToUnixTime($userInfo[0]['lastLogonTimestamp'][0]);
+        return $lastLogon;
+    }
+    
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
new file mode 100644
index 0000000..6f94fe2
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/classes/adLDAPUtils.php
@@ -0,0 +1,268 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Utils
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+ */
+require_once(dirname(__FILE__) . '/../adLDAP.php');
+
+/**
+* UTILITY FUNCTIONS
+*/
+class adLDAPUtils {
+    const ADLDAP_VERSION = '4.0.4';
+    
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    public function __construct(adLDAP $adldap) {
+        $this->adldap = $adldap;
+    }
+    
+    
+    /**
+    * Take an LDAP query and return the nice names, without all the LDAP prefixes (eg. CN, DN)
+    *
+    * @param array $groups
+    * @return array
+    */
+    public function niceNames($groups)
+    {
+
+        $groupArray = array();
+        for ($i=0; $i<$groups["count"]; $i++){ // For each group
+            $line = $groups[$i];
+            
+            if (strlen($line)>0) { 
+                // More presumptions, they're all prefixed with CN=
+                // so we ditch the first three characters and the group
+                // name goes up to the first comma
+                $bits=explode(",", $line);
+                $groupArray[] = substr($bits[0], 3, (strlen($bits[0])-3));
+            }
+        }
+        return $groupArray;    
+    }
+    
+    /**
+    * Escape characters for use in an ldap_create function
+    * 
+    * @param string $str
+    * @return string
+    */
+    public function escapeCharacters($str) {
+        $str = str_replace(",", "\,", $str);
+        return $str;
+    }
+    
+    /**
+    * Escape strings for the use in LDAP filters
+    * 
+    * DEVELOPERS SHOULD BE DOING PROPER FILTERING IF THEY'RE ACCEPTING USER INPUT
+    * Ported from Perl's Net::LDAP::Util escape_filter_value
+    *
+    * @param string $str The string the parse
+    * @author Port by Andreas Gohr <andi@splitbrain.org>
+    * @return string
+    */
+    public function ldapSlashes($str) {
+        // see https://github.com/adldap/adLDAP/issues/22
+        return preg_replace_callback(
+            '/([\x00-\x1F\*\(\)\\\\])/',
+            function ($matches) {
+                return "\\".join("", unpack("H2", $matches[1]));
+            },
+            $str
+        );
+    }
+    /**
+    * Converts a string GUID to a hexdecimal value so it can be queried
+    *
+    * @param string $strGUID A string representation of a GUID
+    * @return string
+    */
+    public function strGuidToHex($strGUID)
+    {
+        $strGUID = str_replace('-', '', $strGUID);
+
+        $octet_str = '\\' . substr($strGUID, 6, 2);
+        $octet_str .= '\\' . substr($strGUID, 4, 2);
+        $octet_str .= '\\' . substr($strGUID, 2, 2);
+        $octet_str .= '\\' . substr($strGUID, 0, 2);
+        $octet_str .= '\\' . substr($strGUID, 10, 2);
+        $octet_str .= '\\' . substr($strGUID, 8, 2);
+        $octet_str .= '\\' . substr($strGUID, 14, 2);
+        $octet_str .= '\\' . substr($strGUID, 12, 2);
+        //$octet_str .= '\\' . substr($strGUID, 16, strlen($strGUID));
+        for ($i=16; $i<=(strlen($strGUID)-2); $i++) {
+            if (($i % 2) == 0) {
+                $octet_str .= '\\' . substr($strGUID, $i, 2);
+            }
+        }
+        
+        return $octet_str;
+    }
+    
+    /**
+    * Convert a binary SID to a text SID
+    * 
+    * @param string $binsid A Binary SID
+    * @return string
+    */
+     public function getTextSID($binsid) {
+        $hex_sid = bin2hex($binsid);
+        $rev = hexdec(substr($hex_sid, 0, 2));
+        $subcount = hexdec(substr($hex_sid, 2, 2));
+        $auth = hexdec(substr($hex_sid, 4, 12));
+        $result = "$rev-$auth";
+
+        for ($x=0;$x < $subcount; $x++) {
+            $subauth[$x] =
+                hexdec($this->littleEndian(substr($hex_sid, 16 + ($x * 8), 8)));
+                $result .= "-" . $subauth[$x];
+        }
+
+        // Cheat by tacking on the S-
+        return 'S-' . $result;
+     }
+     
+    /**
+    * Converts a little-endian hex number to one that hexdec() can convert
+    * 
+    * @param string $hex A hex code
+    * @return string
+    */
+     public function littleEndian($hex) 
+     {
+        $result = '';
+        for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
+            $result .= substr($hex, $x, 2);
+        }
+        return $result;
+     }
+     
+     /**
+    * Converts a binary attribute to a string
+    * 
+    * @param string $bin A binary LDAP attribute
+    * @return string
+    */
+    public function binaryToText($bin) 
+    {
+        $hex_guid = bin2hex($bin); 
+        $hex_guid_to_guid_str = ''; 
+        for($k = 1; $k <= 4; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-'; 
+        for($k = 1; $k <= 2; ++$k) { 
+            $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2); 
+        } 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4); 
+        $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20); 
+        return strtoupper($hex_guid_to_guid_str);   
+    }
+    
+    /**
+    * Converts a binary GUID to a string GUID
+    * 
+    * @param string $binaryGuid The binary GUID attribute to convert
+    * @return string
+    */
+    public function decodeGuid($binaryGuid) 
+    {
+        if ($binaryGuid === null){ return "Missing compulsory field [binaryGuid]"; }
+        
+        $strGUID = $this->binaryToText($binaryGuid);          
+        return $strGUID; 
+    }
+    
+    /**
+    * Convert a boolean value to a string
+    * You should never need to call this yourself
+    *
+    * @param bool $bool Boolean value
+    * @return string
+    */
+    public function boolToStr($bool) 
+    {
+        return ($bool) ? 'TRUE' : 'FALSE';
+    }
+    
+    /**
+    * Convert 8bit characters e.g. accented characters to UTF8 encoded characters
+    */
+    public function encode8Bit(&$item, $key) {
+        $encode = false;
+        if (is_string($item)) {
+            for ($i=0; $i<strlen($item); $i++) {
+                if (ord($item[$i]) >> 7) {
+                    $encode = true;
+                }
+            }
+        }
+        if ($encode === true && $key != 'password') {
+            $item = utf8_encode($item);   
+        }
+    }  
+    
+    /**
+    * Get the current class version number
+    * 
+    * @return string
+    */
+    public function getVersion() {
+        return self::ADLDAP_VERSION;
+    }
+    
+    /**
+    * Round a Windows timestamp down to seconds and remove the seconds between 1601-01-01 and 1970-01-01
+    * 
+    * @param long $windowsTime
+    * @return long $unixTime
+    */
+    public static function convertWindowsTimeToUnixTime($windowsTime) {
+      $unixTime = round($windowsTime / 10000000) - 11644477200; 
+      return $unixTime; 
+    }
+}
+
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
new file mode 100644
index 0000000..433d39f
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPCollection.php
@@ -0,0 +1,137 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage Collection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+abstract class adLDAPCollection
+{
+    /**
+    * The current adLDAP connection via dependency injection
+    * 
+    * @var adLDAP
+    */
+    protected $adldap;
+    
+    /**
+    * The current object being modifed / called
+    * 
+    * @var mixed
+    */
+    protected $currentObject;
+    
+    /**
+    * The raw info array from Active Directory
+    * 
+    * @var array
+    */
+    protected $info;
+    
+    public function __construct($info, adLDAP $adldap) 
+    {
+        $this->setInfo($info);   
+        $this->adldap = $adldap;
+    }
+    
+    /**
+    * Set the raw info array from Active Directory
+    * 
+    * @param array $info
+    */
+    public function setInfo(array $info) 
+    {
+        if ($this->info && sizeof($info) >= 1) {
+            unset($this->info);
+        }
+        $this->info = $info;   
+    }
+    
+    /**
+    * Magic get method to retrieve data from the raw array in a formatted way
+    * 
+    * @param string $attribute
+    * @return mixed
+    */
+    public function __get($attribute)
+    {
+        if (isset($this->info[0]) && is_array($this->info[0])) {
+            foreach ($this->info[0] as $keyAttr => $valueAttr) {
+                if (strtolower($keyAttr) == strtolower($attribute)) {
+                    if ($this->info[0][strtolower($attribute)]['count'] == 1) {
+                        return $this->info[0][strtolower($attribute)][0];   
+                    }
+                    else {
+                        $array = array();
+                        foreach ($this->info[0][strtolower($attribute)] as $key => $value) {
+                            if ((string)$key != 'count') {
+                                $array[$key] = $value;
+                            } 
+                        }  
+                        return $array;   
+                    }
+                }   
+            }
+        }
+        else {
+            return NULL;   
+        }
+    }    
+    
+    /**
+    * Magic set method to update an attribute
+    * 
+    * @param string $attribute
+    * @param string $value
+    * @return bool
+    */
+    abstract public function __set($attribute, $value);
+    
+    /** 
+    * Magic isset method to check for the existence of an attribute 
+    * 
+    * @param string $attribute 
+    * @return bool 
+    */ 
+    public function __isset($attribute) {
+        if (isset($this->info[0]) && is_array($this->info[0])) { 
+            foreach ($this->info[0] as $keyAttr => $valueAttr) { 
+                if (strtolower($keyAttr) == strtolower($attribute)) { 
+                    return true; 
+                } 
+            } 
+        } 
+        return false; 
+     } 
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
new file mode 100644
index 0000000..09f82ca
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPComputerCollection.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage ComputerCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPComputerCollection extends adLDAPCollection 
+{
+    
+    public function __set($attribute, $value)
+    {
+
+    }
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
new file mode 100644
index 0000000..a9efad5
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPContactCollection.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage ContactCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPContactCollection extends adLDAPCollection 
+{
+    
+    public function __set($attribute, $value)
+    {
+
+    }
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
new file mode 100644
index 0000000..ef4af8d
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPGroupCollection.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage GroupCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPGroupCollection extends adLDAPCollection 
+{
+    
+    public function __set($attribute, $value)
+    {
+
+    }
+}
+?>
diff --git a/wiki/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
new file mode 100644
index 0000000..63fce5f
--- /dev/null
+++ b/wiki/lib/plugins/authad/adLDAP/collections/adLDAPUserCollection.php
@@ -0,0 +1,46 @@
+<?php
+/**
+ * PHP LDAP CLASS FOR MANIPULATING ACTIVE DIRECTORY 
+ * Version 4.0.4
+ * 
+ * PHP Version 5 with SSL and LDAP support
+ * 
+ * Written by Scott Barnett, Richard Hyland
+ *   email: scott@wiggumworld.com, adldap@richardhyland.com
+ *   http://adldap.sourceforge.net/
+ * 
+ * Copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * 
+ * We'd appreciate any improvements or additions to be submitted back
+ * to benefit the entire community :)
+ * 
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * @category ToolsAndUtilities
+ * @package adLDAP
+ * @subpackage UserCollection
+ * @author Scott Barnett, Richard Hyland
+ * @copyright (c) 2006-2012 Scott Barnett, Richard Hyland
+ * @license http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPLv2.1
+ * @revision $Revision: 97 $
+ * @version 4.0.4
+ * @link http://adldap.sourceforge.net/
+*/
+
+class adLDAPUserCollection extends adLDAPCollection 
+{
+    
+    public function __set($attribute, $value)
+    {
+
+    }
+}
+?>
diff --git a/wiki/lib/plugins/authad/auth.php b/wiki/lib/plugins/authad/auth.php
new file mode 100644
index 0000000..50f7084
--- /dev/null
+++ b/wiki/lib/plugins/authad/auth.php
@@ -0,0 +1,730 @@
+<?php
+// must be run within Dokuwiki
+if(!defined('DOKU_INC')) die();
+
+require_once(DOKU_PLUGIN.'authad/adLDAP/adLDAP.php');
+require_once(DOKU_PLUGIN.'authad/adLDAP/classes/adLDAPUtils.php');
+
+/**
+ * Active Directory authentication backend for DokuWiki
+ *
+ * This makes authentication with a Active Directory server much easier
+ * than when using the normal LDAP backend by utilizing the adLDAP library
+ *
+ * Usage:
+ *   Set DokuWiki's local.protected.php auth setting to read
+ *
+ *   $conf['authtype']       = 'authad';
+ *
+ *   $conf['plugin']['authad']['account_suffix']     = '@my.domain.org';
+ *   $conf['plugin']['authad']['base_dn']            = 'DC=my,DC=domain,DC=org';
+ *   $conf['plugin']['authad']['domain_controllers'] = 'srv1.domain.org,srv2.domain.org';
+ *
+ *   //optional:
+ *   $conf['plugin']['authad']['sso']                = 1;
+ *   $conf['plugin']['authad']['admin_username']     = 'root';
+ *   $conf['plugin']['authad']['admin_password']     = 'pass';
+ *   $conf['plugin']['authad']['real_primarygroup']  = 1;
+ *   $conf['plugin']['authad']['use_ssl']            = 1;
+ *   $conf['plugin']['authad']['use_tls']            = 1;
+ *   $conf['plugin']['authad']['debug']              = 1;
+ *   // warn user about expiring password this many days in advance:
+ *   $conf['plugin']['authad']['expirywarn']         = 5;
+ *
+ *   // get additional information to the userinfo array
+ *   // add a list of comma separated ldap contact fields.
+ *   $conf['plugin']['authad']['additional'] = 'field1,field2';
+ *
+ * @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * @author  James Van Lommel <jamesvl@gmail.com>
+ * @link    http://www.nosq.com/blog/2005/08/ldap-activedirectory-and-dokuwiki/
+ * @author  Andreas Gohr <andi@splitbrain.org>
+ * @author  Jan Schumann <js@schumann-it.com>
+ */
+class auth_plugin_authad extends DokuWiki_Auth_Plugin {
+
+    /**
+     * @var array hold connection data for a specific AD domain
+     */
+    protected $opts = array();
+
+    /**
+     * @var array open connections for each AD domain, as adLDAP objects
+     */
+    protected $adldap = array();
+
+    /**
+     * @var bool message state
+     */
+    protected $msgshown = false;
+
+    /**
+     * @var array user listing cache
+     */
+    protected $users = array();
+
+    /**
+     * @var array filter patterns for listing users
+     */
+    protected $_pattern = array();
+
+    protected $_actualstart = 0;
+
+    protected $_grpsusers = array();
+
+    /**
+     * Constructor
+     */
+    public function __construct() {
+        global $INPUT;
+        parent::__construct();
+
+        // we load the config early to modify it a bit here
+        $this->loadConfig();
+
+        // additional information fields
+        if(isset($this->conf['additional'])) {
+            $this->conf['additional'] = str_replace(' ', '', $this->conf['additional']);
+            $this->conf['additional'] = explode(',', $this->conf['additional']);
+        } else $this->conf['additional'] = array();
+
+        // ldap extension is needed
+        if(!function_exists('ldap_connect')) {
+            if($this->conf['debug'])
+                msg("AD Auth: PHP LDAP extension not found.", -1);
+            $this->success = false;
+            return;
+        }
+
+        // Prepare SSO
+        if(!empty($_SERVER['REMOTE_USER'])) {
+
+            // make sure the right encoding is used
+            if($this->getConf('sso_charset')) {
+                $_SERVER['REMOTE_USER'] = iconv($this->getConf('sso_charset'), 'UTF-8', $_SERVER['REMOTE_USER']);
+            } elseif(!utf8_check($_SERVER['REMOTE_USER'])) {
+                $_SERVER['REMOTE_USER'] = utf8_encode($_SERVER['REMOTE_USER']);
+            }
+
+            // trust the incoming user
+            if($this->conf['sso']) {
+                $_SERVER['REMOTE_USER'] = $this->cleanUser($_SERVER['REMOTE_USER']);
+
+                // we need to simulate a login
+                if(empty($_COOKIE[DOKU_COOKIE])) {
+                    $INPUT->set('u', $_SERVER['REMOTE_USER']);
+                    $INPUT->set('p', 'sso_only');
+                }
+            }
+        }
+
+        // other can do's are changed in $this->_loadServerConfig() base on domain setup
+        $this->cando['modName'] = (bool)$this->conf['update_name'];
+        $this->cando['modMail'] = (bool)$this->conf['update_mail'];
+        $this->cando['getUserCount'] = true;
+    }
+
+    /**
+     * Load domain config on capability check
+     *
+     * @param string $cap
+     * @return bool
+     */
+    public function canDo($cap) {
+        //capabilities depend on config, which may change depending on domain
+        $domain = $this->_userDomain($_SERVER['REMOTE_USER']);
+        $this->_loadServerConfig($domain);
+        return parent::canDo($cap);
+    }
+
+    /**
+     * Check user+password [required auth function]
+     *
+     * Checks if the given user exists and the given
+     * plaintext password is correct by trying to bind
+     * to the LDAP server
+     *
+     * @author  James Van Lommel <james@nosq.com>
+     * @param string $user
+     * @param string $pass
+     * @return  bool
+     */
+    public function checkPass($user, $pass) {
+        if($_SERVER['REMOTE_USER'] &&
+            $_SERVER['REMOTE_USER'] == $user &&
+            $this->conf['sso']
+        ) return true;
+
+        $adldap = $this->_adldap($this->_userDomain($user));
+        if(!$adldap) return false;
+
+        return $adldap->authenticate($this->_userName($user), $pass);
+    }
+
+    /**
+     * Return user info [required auth function]
+     *
+     * Returns info about the given user needs to contain
+     * at least these fields:
+     *
+     * name    string  full name of the user
+     * mail    string  email address of the user
+     * grps    array   list of groups the user is in
+     *
+     * This AD specific function returns the following
+     * addional fields:
+     *
+     * dn         string    distinguished name (DN)
+     * uid        string    samaccountname
+     * lastpwd    int       timestamp of the date when the password was set
+     * expires    true      if the password expires
+     * expiresin  int       seconds until the password expires
+     * any fields specified in the 'additional' config option
+     *
+     * @author  James Van Lommel <james@nosq.com>
+     * @param string $user
+     * @param bool $requireGroups (optional) - ignored, groups are always supplied by this plugin
+     * @return array
+     */
+    public function getUserData($user, $requireGroups=true) {
+        global $conf;
+        global $lang;
+        global $ID;
+        $adldap = $this->_adldap($this->_userDomain($user));
+        if(!$adldap) return false;
+
+        if($user == '') return array();
+
+        $fields = array('mail', 'displayname', 'samaccountname', 'lastpwd', 'pwdlastset', 'useraccountcontrol');
+
+        // add additional fields to read
+        $fields = array_merge($fields, $this->conf['additional']);
+        $fields = array_unique($fields);
+        $fields = array_filter($fields);
+
+        //get info for given user
+        $result = $adldap->user()->info($this->_userName($user), $fields);
+        if($result == false){
+            return array();
+        }
+
+        //general user info
+        $info = array();
+        $info['name'] = $result[0]['displayname'][0];
+        $info['mail'] = $result[0]['mail'][0];
+        $info['uid']  = $result[0]['samaccountname'][0];
+        $info['dn']   = $result[0]['dn'];
+        //last password set (Windows counts from January 1st 1601)
+        $info['lastpwd'] = $result[0]['pwdlastset'][0] / 10000000 - 11644473600;
+        //will it expire?
+        $info['expires'] = !($result[0]['useraccountcontrol'][0] & 0x10000); //ADS_UF_DONT_EXPIRE_PASSWD
+
+        // additional information
+        foreach($this->conf['additional'] as $field) {
+            if(isset($result[0][strtolower($field)])) {
+                $info[$field] = $result[0][strtolower($field)][0];
+            }
+        }
+
+        // handle ActiveDirectory memberOf
+        $info['grps'] = $adldap->user()->groups($this->_userName($user),(bool) $this->opts['recursive_groups']);
+
+        if(is_array($info['grps'])) {
+            foreach($info['grps'] as $ndx => $group) {
+                $info['grps'][$ndx] = $this->cleanGroup($group);
+            }
+        }
+
+        // always add the default group to the list of groups
+        if(!is_array($info['grps']) || !in_array($conf['defaultgroup'], $info['grps'])) {
+            $info['grps'][] = $conf['defaultgroup'];
+        }
+
+        // add the user's domain to the groups
+        $domain = $this->_userDomain($user);
+        if($domain && !in_array("domain-$domain", (array) $info['grps'])) {
+            $info['grps'][] = $this->cleanGroup("domain-$domain");
+        }
+
+        // check expiry time
+        if($info['expires'] && $this->conf['expirywarn']){
+            $expiry = $adldap->user()->passwordExpiry($user);
+            if(is_array($expiry)){
+                $info['expiresat'] = $expiry['expiryts'];
+                $info['expiresin'] = round(($info['expiresat'] - time())/(24*60*60));
+
+                // if this is the current user, warn him (once per request only)
+                if(($_SERVER['REMOTE_USER'] == $user) &&
+                    ($info['expiresin'] <= $this->conf['expirywarn']) &&
+                    !$this->msgshown
+                ) {
+                    $msg = sprintf($this->getLang('authpwdexpire'), $info['expiresin']);
+                    if($this->canDo('modPass')) {
+                        $url = wl($ID, array('do'=> 'profile'));
+                        $msg .= ' <a href="'.$url.'">'.$lang['btn_profile'].'</a>';
+                    }
+                    msg($msg);
+                    $this->msgshown = true;
+                }
+            }
+        }
+
+        return $info;
+    }
+
+    /**
+     * Make AD group names usable by DokuWiki.
+     *
+     * Removes backslashes ('\'), pound signs ('#'), and converts spaces to underscores.
+     *
+     * @author  James Van Lommel (jamesvl@gmail.com)
+     * @param string $group
+     * @return string
+     */
+    public function cleanGroup($group) {
+        $group = str_replace('\\', '', $group);
+        $group = str_replace('#', '', $group);
+        $group = preg_replace('[\s]', '_', $group);
+        $group = utf8_strtolower(trim($group));
+        return $group;
+    }
+
+    /**
+     * Sanitize user names
+     *
+     * Normalizes domain parts, does not modify the user name itself (unlike cleanGroup)
+     *
+     * @author Andreas Gohr <gohr@cosmocode.de>
+     * @param string $user
+     * @return string
+     */
+    public function cleanUser($user) {
+        $domain = '';
+
+        // get NTLM or Kerberos domain part
+        list($dom, $user) = explode('\\', $user, 2);
+        if(!$user) $user = $dom;
+        if($dom) $domain = $dom;
+        list($user, $dom) = explode('@', $user, 2);
+        if($dom) $domain = $dom;
+
+        // clean up both
+        $domain = utf8_strtolower(trim($domain));
+        $user   = utf8_strtolower(trim($user));
+
+        // is this a known, valid domain? if not discard
+        if(!is_array($this->conf[$domain])) {
+            $domain = '';
+        }
+
+        // reattach domain
+        if($domain) $user = "$user@$domain";
+        return $user;
+    }
+
+    /**
+     * Most values in LDAP are case-insensitive
+     *
+     * @return bool
+     */
+    public function isCaseSensitive() {
+        return false;
+    }
+
+    /**
+     * Create a Search-String useable by adLDAPUsers::all($includeDescription = false, $search = "*", $sorted = true)
+     *
+     * @param array $filter
+     * @return string
+     */
+    protected function _constructSearchString($filter){
+        if (!$filter){
+            return '*';
+        }
+        $adldapUtils = new adLDAPUtils($this->_adldap(null));
+        $result = '*';
+        if (isset($filter['name'])) {
+            $result .= ')(displayname=*' . $adldapUtils->ldapSlashes($filter['name']) . '*';
+            unset($filter['name']);
+        }
+
+        if (isset($filter['user'])) {
+            $result .= ')(samAccountName=*' . $adldapUtils->ldapSlashes($filter['user']) . '*';
+            unset($filter['user']);
+        }
+
+        if (isset($filter['mail'])) {
+            $result .= ')(mail=*' . $adldapUtils->ldapSlashes($filter['mail']) . '*';
+            unset($filter['mail']);
+        }
+        return $result;
+    }
+
+    /**
+     * Return a count of the number of user which meet $filter criteria
+     *
+     * @param array $filter  $filter array of field/pattern pairs, empty array for no filter
+     * @return int number of users
+     */
+    public function getUserCount($filter = array()) {
+        $adldap = $this->_adldap(null);
+        if(!$adldap) {
+            dbglog("authad/auth.php getUserCount(): _adldap not set.");
+            return -1;
+        }
+        if ($filter == array()) {
+            $result = $adldap->user()->all();
+        } else {
+            $searchString = $this->_constructSearchString($filter);
+            $result = $adldap->user()->all(false, $searchString);
+            if (isset($filter['grps'])) {
+                $this->users = array_fill_keys($result, false);
+                $usermanager = plugin_load("admin", "usermanager", false);
+                $usermanager->setLastdisabled(true);
+                if (!isset($this->_grpsusers[$this->_filterToString($filter)])){
+                    $this->_fillGroupUserArray($filter,$usermanager->getStart() + 3*$usermanager->getPagesize());
+                } elseif (count($this->_grpsusers[$this->_filterToString($filter)]) < $usermanager->getStart() + 3*$usermanager->getPagesize()) {
+                    $this->_fillGroupUserArray($filter,$usermanager->getStart() + 3*$usermanager->getPagesize() - count($this->_grpsusers[$this->_filterToString($filter)]));
+                }
+                $result = $this->_grpsusers[$this->_filterToString($filter)];
+            } else {
+                $usermanager = plugin_load("admin", "usermanager", false);
+                $usermanager->setLastdisabled(false);
+            }
+
+        }
+
+        if (!$result) {
+            return 0;
+        }
+        return count($result);
+    }
+
+    /**
+     *
+     * create a unique string for each filter used with a group
+     *
+     * @param array $filter
+     * @return string
+     */
+    protected function _filterToString ($filter) {
+        $result = '';
+        if (isset($filter['user'])) {
+            $result .= 'user-' . $filter['user'];
+        }
+        if (isset($filter['name'])) {
+            $result .= 'name-' . $filter['name'];
+        }
+        if (isset($filter['mail'])) {
+            $result .= 'mail-' . $filter['mail'];
+        }
+        if (isset($filter['grps'])) {
+            $result .= 'grps-' . $filter['grps'];
+        }
+        return $result;
+    }
+
+    /**
+     * Create an array of $numberOfAdds users passing a certain $filter, including belonging
+     * to a certain group and save them to a object-wide array. If the array
+     * already exists try to add $numberOfAdds further users to it.
+     *
+     * @param array $filter
+     * @param int $numberOfAdds additional number of users requested
+     * @return int number of Users actually add to Array
+     */
+    protected function _fillGroupUserArray($filter, $numberOfAdds){
+        $this->_grpsusers[$this->_filterToString($filter)];
+        $i = 0;
+        $count = 0;
+        $this->_constructPattern($filter);
+        foreach ($this->users as $user => &$info) {
+            if($i++ < $this->_actualstart) {
+                continue;
+            }
+            if($info === false) {
+                $info = $this->getUserData($user);
+            }
+            if($this->_filter($user, $info)) {
+                $this->_grpsusers[$this->_filterToString($filter)][$user] = $info;
+                if(($numberOfAdds > 0) && (++$count >= $numberOfAdds)) break;
+            }
+        }
+        $this->_actualstart = $i;
+        return $count;
+    }
+
+    /**
+     * Bulk retrieval of user data
+     *
+     * @author  Dominik Eckelmann <dokuwiki@cosmocode.de>
+     *
+     * @param   int $start index of first user to be returned
+     * @param   int $limit max number of users to be returned
+     * @param   array $filter array of field/pattern pairs, null for no filter
+     * @return array userinfo (refer getUserData for internal userinfo details)
+     */
+    public function retrieveUsers($start = 0, $limit = 0, $filter = array()) {
+        $adldap = $this->_adldap(null);
+        if(!$adldap) return false;
+
+        if(!$this->users) {
+            //get info for given user
+            $result = $adldap->user()->all(false, $this->_constructSearchString($filter));
+            if (!$result) return array();
+            $this->users = array_fill_keys($result, false);
+        }
+
+        $i     = 0;
+        $count = 0;
+        $result = array();
+
+        if (!isset($filter['grps'])) {
+            $usermanager = plugin_load("admin", "usermanager", false);
+            $usermanager->setLastdisabled(false);
+            $this->_constructPattern($filter);
+            foreach($this->users as $user => &$info) {
+                if($i++ < $start) {
+                    continue;
+                }
+                if($info === false) {
+                    $info = $this->getUserData($user);
+                }
+                $result[$user] = $info;
+                if(($limit > 0) && (++$count >= $limit)) break;
+            }
+        } else {
+            $usermanager = plugin_load("admin", "usermanager", false);
+            $usermanager->setLastdisabled(true);
+            if (!isset($this->_grpsusers[$this->_filterToString($filter)]) || count($this->_grpsusers[$this->_filterToString($filter)]) < ($start+$limit)) {
+                $this->_fillGroupUserArray($filter,$start+$limit - count($this->_grpsusers[$this->_filterToString($filter)]) +1);
+            }
+            if (!$this->_grpsusers[$this->_filterToString($filter)]) return false;
+            foreach($this->_grpsusers[$this->_filterToString($filter)] as $user => &$info) {
+                if($i++ < $start) {
+                    continue;
+                }
+                $result[$user] = $info;
+                if(($limit > 0) && (++$count >= $limit)) break;
+            }
+
+        }
+        return $result;
+    }
+
+    /**
+     * Modify user data
+     *
+     * @param   string $user      nick of the user to be changed
+     * @param   array  $changes   array of field/value pairs to be changed
+     * @return  bool
+     */
+    public function modifyUser($user, $changes) {
+        $return = true;
+        $adldap = $this->_adldap($this->_userDomain($user));
+        if(!$adldap) {
+            msg($this->getLang('connectfail'), -1);
+            return false;
+        }
+
+        // password changing
+        if(isset($changes['pass'])) {
+            try {
+                $return = $adldap->user()->password($this->_userName($user),$changes['pass']);
+            } catch (adLDAPException $e) {
+                if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                $return = false;
+            }
+            if(!$return) msg($this->getLang('passchangefail'), -1);
+        }
+
+        // changing user data
+        $adchanges = array();
+        if(isset($changes['name'])) {
+            // get first and last name
+            $parts                     = explode(' ', $changes['name']);
+            $adchanges['surname']      = array_pop($parts);
+            $adchanges['firstname']    = join(' ', $parts);
+            $adchanges['display_name'] = $changes['name'];
+        }
+        if(isset($changes['mail'])) {
+            $adchanges['email'] = $changes['mail'];
+        }
+        if(count($adchanges)) {
+            try {
+                $return = $return & $adldap->user()->modify($this->_userName($user),$adchanges);
+            } catch (adLDAPException $e) {
+                if ($this->conf['debug']) msg('AD Auth: '.$e->getMessage(), -1);
+                $return = false;
+            }
+            if(!$return) msg($this->getLang('userchangefail'), -1);
+        }
+
+        return $return;
+    }
+
+    /**
+     * Initialize the AdLDAP library and connect to the server
+     *
+     * When you pass null as domain, it will reuse any existing domain.
+     * Eg. the one of the logged in user. It falls back to the default
+     * domain if no current one is available.
+     *
+     * @param string|null $domain The AD domain to use
+     * @return adLDAP|bool true if a connection was established
+     */
+    protected function _adldap($domain) {
+        if(is_null($domain) && is_array($this->opts)) {
+            $domain = $this->opts['domain'];
+        }
+
+        $this->opts = $this->_loadServerConfig((string) $domain);
+        if(isset($this->adldap[$domain])) return $this->adldap[$domain];
+
+        // connect
+        try {
+            $this->adldap[$domain] = new adLDAP($this->opts);
+            return $this->adldap[$domain];
+        } catch(adLDAPException $e) {
+            if($this->conf['debug']) {
+                msg('AD Auth: '.$e->getMessage(), -1);
+            }
+            $this->success         = false;
+            $this->adldap[$domain] = null;
+        }
+        return false;
+    }
+
+    /**
+     * Get the domain part from a user
+     *
+     * @param string $user
+     * @return string
+     */
+    public function _userDomain($user) {
+        list(, $domain) = explode('@', $user, 2);
+        return $domain;
+    }
+
+    /**
+     * Get the user part from a user
+     *
+     * @param string $user
+     * @return string
+     */
+    public function _userName($user) {
+        list($name) = explode('@', $user, 2);
+        return $name;
+    }
+
+    /**
+     * Fetch the configuration for the given AD domain
+     *
+     * @param string $domain current AD domain
+     * @return array
+     */
+    protected function _loadServerConfig($domain) {
+        // prepare adLDAP standard configuration
+        $opts = $this->conf;
+
+        $opts['domain'] = $domain;
+
+        // add possible domain specific configuration
+        if($domain && is_array($this->conf[$domain])) foreach($this->conf[$domain] as $key => $val) {
+            $opts[$key] = $val;
+        }
+
+        // handle multiple AD servers
+        $opts['domain_controllers'] = explode(',', $opts['domain_controllers']);
+        $opts['domain_controllers'] = array_map('trim', $opts['domain_controllers']);
+        $opts['domain_controllers'] = array_filter($opts['domain_controllers']);
+
+        // compatibility with old option name
+        if(empty($opts['admin_username']) && !empty($opts['ad_username'])) $opts['admin_username'] = $opts['ad_username'];
+        if(empty($opts['admin_password']) && !empty($opts['ad_password'])) $opts['admin_password'] = $opts['ad_password'];
+        $opts['admin_password'] = conf_decodeString($opts['admin_password']); // deobfuscate
+
+        // we can change the password if SSL is set
+        if($opts['use_ssl'] || $opts['use_tls']) {
+            $this->cando['modPass'] = true;
+        } else {
+            $this->cando['modPass'] = false;
+        }
+
+        // adLDAP expects empty user/pass as NULL, we're less strict FS#2781
+        if(empty($opts['admin_username'])) $opts['admin_username'] = null;
+        if(empty($opts['admin_password'])) $opts['admin_password'] = null;
+
+        // user listing needs admin priviledges
+        if(!empty($opts['admin_username']) && !empty($opts['admin_password'])) {
+            $this->cando['getUsers'] = true;
+        } else {
+            $this->cando['getUsers'] = false;
+        }
+
+        return $opts;
+    }
+
+    /**
+     * Returns a list of configured domains
+     *
+     * The default domain has an empty string as key
+     *
+     * @return array associative array(key => domain)
+     */
+    public function _getConfiguredDomains() {
+        $domains = array();
+        if(empty($this->conf['account_suffix'])) return $domains; // not configured yet
+
+        // add default domain, using the name from account suffix
+        $domains[''] = ltrim($this->conf['account_suffix'], '@');
+
+        // find additional domains
+        foreach($this->conf as $key => $val) {
+            if(is_array($val) && isset($val['account_suffix'])) {
+                $domains[$key] = ltrim($val['account_suffix'], '@');
+            }
+        }
+        ksort($domains);
+
+        return $domains;
+    }
+
+    /**
+     * Check provided user and userinfo for matching patterns
+     *
+     * The patterns are set up with $this->_constructPattern()
+     *
+     * @author Chris Smith <chris@jalakai.co.uk>
+     *
+     * @param string $user
+     * @param array  $info
+     * @return bool
+     */
+    protected function _filter($user, $info) {
+        foreach($this->_pattern as $item => $pattern) {
+            if($item == 'user') {
+                if(!preg_match($pattern, $user)) return false;
+            } else if($item == 'grps') {
+                if(!count(preg_grep($pattern, $info['grps']))) return false;
+            } else {
+                if(!preg_match($pattern, $info[$item])) return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * Create a pattern for $this->_filter()
+     *
+     * @author Chris Smith <chris@jalakai.co.uk>
+     *
+     * @param array $filter
+     */
+    protected function _constructPattern($filter) {
+        $this->_pattern = array();
+        foreach($filter as $item => $pattern) {
+            $this->_pattern[$item] = '/'.str_replace('/', '\/', $pattern).'/i'; // allow regex characters
+        }
+    }
+}
diff --git a/wiki/lib/plugins/authad/conf/default.php b/wiki/lib/plugins/authad/conf/default.php
new file mode 100644
index 0000000..f2834c8
--- /dev/null
+++ b/wiki/lib/plugins/authad/conf/default.php
@@ -0,0 +1,17 @@
+<?php
+
+$conf['account_suffix']     = '';
+$conf['base_dn']            = '';
+$conf['domain_controllers'] = '';
+$conf['sso']                = 0;
+$conf['sso_charset']        = '';
+$conf['admin_username']     = '';
+$conf['admin_password']     = '';
+$conf['real_primarygroup']  = 0;
+$conf['use_ssl']            = 0;
+$conf['use_tls']            = 0;
+$conf['debug']              = 0;
+$conf['expirywarn']         = 0;
+$conf['additional']         = '';
+$conf['update_name']        = 0;
+$conf['update_mail']        = 0;
diff --git a/wiki/lib/plugins/authad/conf/metadata.php b/wiki/lib/plugins/authad/conf/metadata.php
new file mode 100644
index 0000000..6b0fc16
--- /dev/null
+++ b/wiki/lib/plugins/authad/conf/metadata.php
@@ -0,0 +1,17 @@
+<?php
+
+$meta['account_suffix']     = array('string','_caution' => 'danger');
+$meta['base_dn']            = array('string','_caution' => 'danger');
+$meta['domain_controllers'] = array('string','_caution' => 'danger');
+$meta['sso']                = array('onoff','_caution' => 'danger');
+$meta['sso_charset']        = array('string','_caution' => 'danger');
+$meta['admin_username']     = array('string','_caution' => 'danger');
+$meta['admin_password']     = array('password','_caution' => 'danger','_code' => 'base64');
+$meta['real_primarygroup']  = array('onoff','_caution' => 'danger');
+$meta['use_ssl']            = array('onoff','_caution' => 'danger');
+$meta['use_tls']            = array('onoff','_caution' => 'danger');
+$meta['debug']              = array('onoff','_caution' => 'security');
+$meta['expirywarn']         = array('numeric', '_min'=>0,'_caution' => 'danger');
+$meta['additional']         = array('string','_caution' => 'danger');
+$meta['update_name']        = array('onoff','_caution' => 'danger');
+$meta['update_mail']        = array('onoff','_caution' => 'danger');
diff --git a/wiki/lib/plugins/authad/lang/ar/lang.php b/wiki/lib/plugins/authad/lang/ar/lang.php
new file mode 100644
index 0000000..173c80f
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ar/lang.php
@@ -0,0 +1,10 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Mohamed Belhsine <b.mohamed897@gmail.com>
+ * @author Usama Akkad <uahello@gmail.com>
+ */
+$lang['domain']                = 'مجال تسجيل الدخول';
+$lang['authpwdexpire']         = 'ستنتهي صلاحية كلمة السر في %d . عليك بتغييرها سريعا.';
diff --git a/wiki/lib/plugins/authad/lang/ar/settings.php b/wiki/lib/plugins/authad/lang/ar/settings.php
new file mode 100644
index 0000000..d2a2e2a
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ar/settings.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author alhajr <alhajr300@gmail.com>
+ */
+$lang['account_suffix']        = 'لاحقة الحساب الخاص بك. على سبيل المثال. <code>@my.domain.org</code>';
+$lang['domain_controllers']    = 'قائمة مفصولة بفواصل من وحدات التحكم بالمجال. على سبيل المثال. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_password']        = 'كلمة المرور للمستخدم أعلاه.';
+$lang['real_primarygroup']     = 'ينبغي أن تحل المجموعة الأساسية الحقيقية بدلاً من افتراض "Domain Users" (أبطأ).';
+$lang['expirywarn']            = 'عدد الأيام المقدمة لتحذير المستخدم حول كلمة مرور منتهية الصلاحية. (0) للتعطيل.';
diff --git a/wiki/lib/plugins/authad/lang/bg/lang.php b/wiki/lib/plugins/authad/lang/bg/lang.php
new file mode 100644
index 0000000..3de5df6
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/bg/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Kiril <neohidra@gmail.com>
+ */
+$lang['authpwdexpire']         = 'Срока на паролата ви ще изтече след %d дни. Препоръчително е да я смените по-скоро.';
diff --git a/wiki/lib/plugins/authad/lang/bg/settings.php b/wiki/lib/plugins/authad/lang/bg/settings.php
new file mode 100644
index 0000000..bf7a2d8
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/bg/settings.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Kiril <neohidra@gmail.com>
+ */
+$lang['account_suffix']        = 'Наставка на акаунта Ви. Например <code>@някакъв.домейн.org</code>';
+$lang['base_dn']               = 'Вашият основен DN. Например <code>DC=моят,DC=домейн,DC=org</code>';
+$lang['domain_controllers']    = 'Domain controller списък, разделете сървърите със запетая. Например <code>сървър1.домейн.org,сървър2.домейн.org</code>';
+$lang['admin_username']        = 'Привилегирован Active Directory потребител с достъп до данните на останалите потребители. Не е задължително, но е необходимо за някои функционалности като изпращането на имейл за абонаменти.';
+$lang['admin_password']        = 'Паролата на горния потребител.';
+$lang['sso']                   = 'Да се ползва ли еднократно вписване чрез Kerberos или NTLM?';
+$lang['real_primarygroup']     = 'Да се извлича ли истинската група вместо да се предполага "Domain Users" (по-бавно)';
+$lang['use_ssl']               = 'Ползване на SSL свързаност? Не отбелязвайте TLS (по-долу) ако включите опцията.';
+$lang['use_tls']               = 'Ползване на TLS свързаност? Не отбелязвайте SSL (по-горе) ако включите опцията.';
+$lang['debug']                 = 'Показване на допълнителна debug информация при грешка?';
+$lang['expirywarn']            = 'Предупреждаване на потребителите Х дни преди изтичане валидността на паролата им. Въведете 0 за изключване.';
+$lang['additional']            = 'Списък с допълнителни AD атрибути за извличане от потребителските данни (разделяйте ги със запетая). Ползва се от няколко приставки.';
diff --git a/wiki/lib/plugins/authad/lang/ca/lang.php b/wiki/lib/plugins/authad/lang/ca/lang.php
new file mode 100644
index 0000000..5669205
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ca/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Daniel López Prat <daniel@6temes.cat>
+ * @author Pauet <pauet@gmx.com>
+ * @author controlonline.net <controlonline.net@gmail.com>
+ */
+$lang['domain']                = 'Logo Domini';
+$lang['authpwdexpire']         = 'La vostra contrasenya caducarà en %d dies, l\'hauríeu de canviar aviat.';
+$lang['passchangefail']        = 'Ha fallat el canviar el password. Es possible que no s\'hagi complert la política de passwords';
+$lang['userchangefail']        = 'Ha fallat el canvi d\'atributs. Pot ser no tinguis compte amb permisos per fer canvis.';
+$lang['connectfail']           = 'Ha fallat la connexió amb servidor l\'Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/ca/settings.php b/wiki/lib/plugins/authad/lang/ca/settings.php
new file mode 100644
index 0000000..161f552
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ca/settings.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author controlonline.net <controlonline.net@gmail.com>
+ * @author Àngel Pérez Beroy <aperezberoy@gmail.com>
+ * @author David Surroca <david.tb303@gmail.com>
+ */
+$lang['account_suffix']        = 'El teu nom de compte. Ej.<code>@my.domain.org</code>';
+$lang['base_dn']               = 'Nom base DN. Ej. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Llista separada per coma dels controladors de domini. Ej.<code>DC=my,DC=domain,DC=org</code>';
+$lang['admin_username']        = 'Un usuari de Directori Actiu autoritzat a accedir a les dades de tots els usuaris. Opcional, però necessari per a certes accions, com enviar correus per subscripció.';
+$lang['admin_password']        = 'La contrasenya de l\'usuari referit abans.
+';
+$lang['sso']                   = 'S\'hauria de fer servir Kerberos o NTLM per inici de sessió únic?';
+$lang['debug']                 = 'Mostrar informació addicional de depuració en cas d\'error?';
+$lang['expirywarn']            = 'Dies per endavant en avisar l\'usuari sobre la caducitat de la contrasenya. 0 per desactivar.';
+$lang['update_mail']           = 'Permetre els usuaris actualitzar la seva adreça de correu electrònic?';
diff --git a/wiki/lib/plugins/authad/lang/cs/lang.php b/wiki/lib/plugins/authad/lang/cs/lang.php
new file mode 100644
index 0000000..91e91d0
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/cs/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Jaroslav Lichtblau <jlichtblau@seznam.cz>
+ * @author Miroslav Svoboda <msv@email.cz>
+ */
+$lang['domain']                = 'Přihlašovací doména';
+$lang['authpwdexpire']         = 'Platnost vašeho hesla vyprší za %d dní, měli byste ho změnit co nejdříve.';
+$lang['passchangefail']        = 'Změna hesla selhala. Možná nebyla dodržena pravidla pro jejich tvorbu?';
+$lang['userchangefail']        = 'Změna atributů uživatele selhala. Možná nemá váš účet dostatečná oprávnění pro provádění změn. ';
+$lang['connectfail']           = 'Připojení k serveru Active Directory selhalo.';
diff --git a/wiki/lib/plugins/authad/lang/cs/settings.php b/wiki/lib/plugins/authad/lang/cs/settings.php
new file mode 100644
index 0000000..c0e7895
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/cs/settings.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author mkucera66 <mkucera66@seznam.cz>
+ * @author Jaroslav Lichtblau <jlichtblau@seznam.cz>
+ * @author Daniel Slováček <danslo@danslo.cz>
+ * @author Martin Růžička <martinr@post.cz>
+ */
+$lang['account_suffix']        = 'Přípona vašeho účtu, tj. <code>@moje.domena.org</code>';
+$lang['base_dn']               = 'Vaše doménové jméno DN. tj. <code>DC=moje,DC=domena,DC=org</code>';
+$lang['domain_controllers']    = 'Seznam čárkou oddělených kontrolérů, tj. <code>srv1.domena.org,srv2.domena.org</code>';
+$lang['admin_username']        = 'Privilegovaný uživatel Active Directory s přístupem ke všem datům. Volitelně, ale nutné pro určité akce typu zasílání mailů.';
+$lang['admin_password']        = 'Heslo uživatele výše';
+$lang['sso']                   = 'Chcete přihlašování Single-Sign-On pomocí jádra Kerberos nebo NTLM ( autentizační protokol obvyklý ve Windows)?';
+$lang['sso_charset']           = 'Znaková sada kterou bude webserverem přenášeno uživatelské jméno pro Kerberos nebo NTLM. Prázdné pro UTF-8 nebo latin-1. Vyžaduje rozšíření iconv.';
+$lang['real_primarygroup']     = 'Má být zjištěna primární skupina namísto vyhodnocení hodnoty "doménoví uživatelé" (pomalejší)';
+$lang['use_ssl']               = 'Použít spojení SSL? Pokud ano, nevyužívejte TLS níže.';
+$lang['use_tls']               = 'Použít spojení TLS? Pokud ano, nevyužívejte SSL výše.';
+$lang['debug']                 = 'Zobrazit dodatečné debugovací výstupy při chybách?';
+$lang['expirywarn']            = 'Dny mezi varováním o vypršení hesla uživatele a jeho vypršením. 0 značí vypnuto.';
+$lang['additional']            = 'Čárkou oddělený seznam dodatečných atributů získávaných z uživatelských dat. Využito některými pluginy.';
+$lang['update_name']           = 'Povolit uživatelům upravit jejich AD zobrazované jméno?';
+$lang['update_mail']           = 'Povolit uživatelům upravit svou emailovou adresu?';
diff --git a/wiki/lib/plugins/authad/lang/cy/lang.php b/wiki/lib/plugins/authad/lang/cy/lang.php
new file mode 100644
index 0000000..8cc3746
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/cy/lang.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Welsh language file for addomain plugin
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Andreas Gohr <gohr@cosmocode.de>
+ * @author Alan Davies <ben.brynsadler@gmail.com>
+ */
+
+$lang['domain']          = 'Parth Mewngofnodi';
+$lang['authpwdexpire']   = 'Bydd eich cyfrinair yn dod i ben mewn %d diwrnod, dylech chi ei newid e\'n fuan.';
+$lang['passchangefail']  = 'Methodd newid y cyfrinair. Posib roedd y cyfrinair yn annilys?';
+$lang['userchangefail']  = 'Methodd newid priodoleddau defnyddiwr. Posib \'sdim hawliau \'da chi i wneud newidiadau?';
+$lang['connectfail']     = 'Methodd y cysylltiad i weinydd yr Active Directory.';
+
+//Setup VIM: ex: et ts=4 :
diff --git a/wiki/lib/plugins/authad/lang/cy/settings.php b/wiki/lib/plugins/authad/lang/cy/settings.php
new file mode 100644
index 0000000..e343485
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/cy/settings.php
@@ -0,0 +1,15 @@
+<?php
+
+$lang['account_suffix']     = 'Olddodiad eich cyfrif. Ee. <code>@my.domain.org</code>';
+$lang['base_dn']            = 'Sail eich DN. Eg. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers'] = 'Rhestr gwahanwyd gan goma o reolwyr Parth. Ee. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']     = 'Defnyddiwr Active Directory breintiedig gyda mynediad i ddata pob defnyddiwr arall. Yn opsiynol, ond yn hanfodol ar gyfer gweithredoedd penodol fel anfon ebyst tanysgrifio.';
+$lang['admin_password']     = 'Cyfrinair y defnyddiwr uchod.';
+$lang['sso']                = 'A ddylai Mewngofnodi-Unigol gan Kerberos neu NTLM gael ei ddefnyddio?';
+$lang['sso_charset']        = 'Y set nod mae\'ch gweinydd gwe yn pasio defnyddair Kerberos neu NTLM ynddi. Gwag ar gyfer UTF-8 neu latin-1. Bydd angen estyniad iconv.';
+$lang['real_primarygroup']  = 'Os ydy\'r prif grŵp real yn cael ei hadfer yn hytrach na thybio "Defnyddwyr Parth" (arafach).';
+$lang['use_ssl']            = 'Defnyddio cysylltiad SSL? Os ydych chi\'n defnyddio hwn, peidiwch â galluogi TLS isod.';
+$lang['use_tls']            = 'Defnyddio cysylltiad TLS? Os ydych chi\'n defnyddio hwn, peidiwch â galluogi SSL uchod.';
+$lang['debug']              = 'Dangos allbwn dadfygio ychwanegol ar wallau?';
+$lang['expirywarn']         = 'Diwrnodau o flaen llaw i rybuddio defnyddwyr o ran cyfrinair yn dod i ben. 0 i analluogi.';
+$lang['additional']         = 'Rhestr a wahanwyd gan goma o briodoleddau AD ychwanegol i nôl o ddata defnyddiwr. Defnyddiwyd gan rai ategion.';
diff --git a/wiki/lib/plugins/authad/lang/da/lang.php b/wiki/lib/plugins/authad/lang/da/lang.php
new file mode 100644
index 0000000..6badbaf
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/da/lang.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Jacob Palm <mail@jacobpalm.dk>
+ * @author Mikael Lyngvig <mikael@lyngvig.org>
+ */
+$lang['domain']                = 'Logondomæne';
+$lang['authpwdexpire']         = 'Din adgangskode vil udløbe om %d dage, du bør ændre det snart.';
+$lang['passchangefail']        = 'Kunne ikke skifte adgangskoden. Måske blev adgangskodepolitikken ikke opfyldt?';
+$lang['connectfail']           = 'Kunne ikke forbinde til Active Directory serveren.';
diff --git a/wiki/lib/plugins/authad/lang/da/settings.php b/wiki/lib/plugins/authad/lang/da/settings.php
new file mode 100644
index 0000000..8b2d624
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/da/settings.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Soren Birk <soer9648@hotmail.com>
+ * @author Jens Hyllegaard <jens.hyllegaard@gmail.com>
+ * @author Jacob Palm <mail@jacobpalm.dk>
+ */
+$lang['account_suffix']        = 'Dit konto suffiks. F.eks. <code>@mit.domæne.dk</code>';
+$lang['base_dn']               = 'Dit grund DN. F.eks. <code>DC=mit,DC=domæne,DC=dk</code>';
+$lang['domain_controllers']    = 'En kommasepareret liste over domænecontrollere. F.eks. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'En privilegeret Active Directory bruger med adgang til alle andre brugeres data. Valgfri, men skal bruges til forskellige handlinger såsom at sende abonnement e-mails.';
+$lang['admin_password']        = 'Kodeordet til den ovenstående bruger.';
+$lang['sso']                   = 'Bør Single-Sign-On via Kerberos eller NTLM bruges?';
+$lang['real_primarygroup']     = 'Bør den korrekte primære gruppe findes i stedet for at antage "Domain Users" (langsommere)';
+$lang['use_ssl']               = 'Benyt SSL forbindelse? hvis ja, vælg ikke TLS herunder.';
+$lang['use_tls']               = 'Benyt TLS forbindelse? hvis ja, vælg ikke SSL herover.';
+$lang['debug']                 = 'Vis yderligere debug output ved fejl?';
+$lang['expirywarn']            = 'Dage før brugere skal advares om udløben adgangskode. 0 for at deaktivere.';
+$lang['additional']            = 'En kommasepareret liste over yderligere AD attributter der skal hentes fra brugerdata. Brug af nogen udvidelser.';
+$lang['update_name']           = 'Tillad at brugere opdaterer deres visningnavn i AD?';
+$lang['update_mail']           = 'Tillad at brugere opdaterer deres e-mail adresse?';
diff --git a/wiki/lib/plugins/authad/lang/de-informal/lang.php b/wiki/lib/plugins/authad/lang/de-informal/lang.php
new file mode 100644
index 0000000..3166798
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/de-informal/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Andreas Gohr <gohr@cosmocode.de>
+ * @author rnck <dokuwiki@rnck.de>
+ */
+$lang['domain']                = 'Login Domäne';
+$lang['authpwdexpire']         = 'Dein Passwort läuft in %d Tag(en) ab. Du solltest es es frühzeitig ändern.';
+$lang['passchangefail']        = 'Das Passwort konnte nicht geändert werden. Eventuell wurde die Passwort-Richtlinie nicht eingehalten.';
+$lang['userchangefail']        = 'Nutzerattribute konnten nicht geändert werden. Möglicherweise hat Dein Account nicht die erforderlichen Berechtigungen.';
+$lang['connectfail']           = 'Verbindung zum Active Directory Server fehlgeschlagen.';
diff --git a/wiki/lib/plugins/authad/lang/de-informal/settings.php b/wiki/lib/plugins/authad/lang/de-informal/settings.php
new file mode 100644
index 0000000..4daa81d
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/de-informal/settings.php
@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Frank Loizzi <contact@software.bacal.de>
+ * @author Matthias Schulte <dokuwiki@lupo49.de>
+ * @author Volker Bödker <volker@boedker.de>
+ * @author rnck <dokuwiki@rnck.de>
+ * @author Felix <j.felix@mueller-donath.de>
+ */
+$lang['account_suffix']        = 'Dein Account-Suffix. Z.B. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Dein Base-DN. Z.B. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z.B. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Ein privilegierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
+$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
+$lang['sso_charset']           = 'Der Zeichensatz in dem Kerberos oder NTLM den Usernamen übergibt. Leer lassen für UTF-8 oder latin-1. Erfordert die Erweiterung iconv.';
+$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
+$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
+$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
+$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
+$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
+$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
+$lang['update_name']           = 'Nutzern erlauben ihren AD Anzeigenamen zu aktualisieren?';
+$lang['update_mail']           = 'Nutzern erlauben ihre E-Mail-Adresse zu aktualisieren?';
diff --git a/wiki/lib/plugins/authad/lang/de/lang.php b/wiki/lib/plugins/authad/lang/de/lang.php
new file mode 100644
index 0000000..335cd61
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/de/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Andreas Gohr <gohr@cosmocode.de>
+ * @author Philip Knack <p.knack@stollfuss.de>
+ * @author Uwe Benzelrath <uwebenzelrath@gmail.com>
+ */
+$lang['domain']                = 'Anmelde-Domäne';
+$lang['authpwdexpire']         = 'Ihr Passwort läuft in %d Tag(en) ab. Sie sollten es frühzeitig ändern.';
+$lang['passchangefail']        = 'Kennwortänderung fehlgeschlagen. Entspricht das Kennwort der Richtlinie?';
+$lang['userchangefail']        = 'Änderung der Nutzerattribute fehlgeschlagen. Möglicherweise hat ihr Benutzerkonto nicht die nötigen Rechte um diese Änderungen durchzuführen';
+$lang['connectfail']           = 'Verbindung zum Active Directory Server fehlgeschlagen.';
diff --git a/wiki/lib/plugins/authad/lang/de/settings.php b/wiki/lib/plugins/authad/lang/de/settings.php
new file mode 100644
index 0000000..5708411
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/de/settings.php
@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Frank Loizzi <contact@software.bacal.de>
+ * @author Matthias Schulte <dokuwiki@lupo49.de>
+ * @author Ben Fey <benedikt.fey@beck-heun.de>
+ * @author Jonas Gröger <jonas.groeger@gmail.com>
+ * @author Carsten Perthel <carsten@cpesoft.com>
+ */
+$lang['account_suffix']        = 'Ihr Account-Suffix. Z. B. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Ihr Base-DN. Z. B. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Eine Komma-separierte Liste von Domänen-Controllern. Z. B. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Ein priviligierter Active Directory-Benutzer mit Zugriff zu allen anderen Benutzerdaten. Optional, aber wird benötigt für Aktionen wie z. B. dass Senden von Benachrichtigungs-Mails.';
+$lang['admin_password']        = 'Das Passwort des obigen Benutzers.';
+$lang['sso']                   = 'Soll Single-Sign-On via Kerberos oder NTLM benutzt werden?';
+$lang['sso_charset']           = 'Der Zeichensatz, mit dem der Server den Kerberos- oder NTLM-Benutzernamen versendet. Leer lassen für UTF-8 oder latin-1. Benötigt die iconv-Erweiterung.';
+$lang['real_primarygroup']     = 'Soll die echte primäre Gruppe aufgelöst werden anstelle der Annahme "Domain Users" (langsamer)';
+$lang['use_ssl']               = 'SSL-Verbindung benutzen? Falls ja, TLS unterhalb nicht aktivieren.';
+$lang['use_tls']               = 'TLS-Verbindung benutzen? Falls ja, SSL oberhalb nicht aktivieren.';
+$lang['debug']                 = 'Zusätzliche Debug-Informationen bei Fehlern anzeigen?';
+$lang['expirywarn']            = 'Tage im Voraus um Benutzer über ablaufende Passwörter zu informieren. 0 zum Ausschalten.';
+$lang['additional']            = 'Eine Komma-separierte Liste von zusätzlichen AD-Attributen, die von den Benutzerobjekten abgefragt werden. Wird von einigen Plugins benutzt.';
+$lang['update_name']           = 'Benutzern erlauben, ihren AD Anzeige-Namen zu ändern?';
+$lang['update_mail']           = 'Benutzern erlauben, ihre E-Mail-Adresse zu ändern?';
diff --git a/wiki/lib/plugins/authad/lang/el/lang.php b/wiki/lib/plugins/authad/lang/el/lang.php
new file mode 100644
index 0000000..c6064f0
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/el/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Vasileios Karavasilis vasileioskaravasilis@gmail.com
+ */
+$lang['authpwdexpire']         = 'Ο κωδικός πρόσβασης θα λήξει σε %d ημέρες. Προτείνουμε να τον αλλάξετε σύντομα.';
diff --git a/wiki/lib/plugins/authad/lang/el/settings.php b/wiki/lib/plugins/authad/lang/el/settings.php
new file mode 100644
index 0000000..b7608df
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/el/settings.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author chris taklis <ctaklis@gmail.com>
+ */
+$lang['admin_password']        = 'Ο κωδικός του παραπάνω χρήστη.';
diff --git a/wiki/lib/plugins/authad/lang/en/lang.php b/wiki/lib/plugins/authad/lang/en/lang.php
new file mode 100644
index 0000000..3e8a9e2
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/en/lang.php
@@ -0,0 +1,15 @@
+<?php
+/**
+ * English language file for addomain plugin
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Andreas Gohr <gohr@cosmocode.de>
+ */
+
+$lang['domain']          = 'Logon Domain';
+$lang['authpwdexpire']   = 'Your password will expire in %d days, you should change it soon.';
+$lang['passchangefail']  = 'Failed to change the password. Maybe the password policy was not met?';
+$lang['userchangefail']  = 'Failed to change user attributes. Maybe your account does not have permissions to make changes?';
+$lang['connectfail']     = 'Failed to connect to Active Directory server.';
+
+//Setup VIM: ex: et ts=4 :
diff --git a/wiki/lib/plugins/authad/lang/en/settings.php b/wiki/lib/plugins/authad/lang/en/settings.php
new file mode 100644
index 0000000..9e7a7c3
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/en/settings.php
@@ -0,0 +1,17 @@
+<?php
+
+$lang['account_suffix']     = 'Your account suffix. Eg. <code>@my.domain.org</code>';
+$lang['base_dn']            = 'Your base DN. Eg. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers'] = 'A comma separated list of Domain controllers. Eg. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']     = 'A privileged Active Directory user with access to all other user\'s data. Optional, but needed for certain actions like sending subscription mails.';
+$lang['admin_password']     = 'The password of the above user.';
+$lang['sso']                = 'Should Single-Sign-On via Kerberos or NTLM be used?';
+$lang['sso_charset']        = 'The charset your webserver will pass the Kerberos or NTLM username in. Empty for UTF-8 or latin-1. Requires the iconv extension.';
+$lang['real_primarygroup']  = 'Should the real primary group be resolved instead of assuming "Domain Users" (slower).';
+$lang['use_ssl']            = 'Use SSL connection? If used, do not enable TLS below.';
+$lang['use_tls']            = 'Use TLS connection? If used, do not enable SSL above.';
+$lang['debug']              = 'Display additional debugging output on errors?';
+$lang['expirywarn']         = 'Days in advance to warn user about expiring password. 0 to disable.';
+$lang['additional']         = 'A comma separated list of additional AD attributes to fetch from user data. Used by some plugins.';
+$lang['update_name']        = 'Allow users to update their AD display name?';
+$lang['update_mail']        = 'Allow users to update their email address?';
diff --git a/wiki/lib/plugins/authad/lang/eo/lang.php b/wiki/lib/plugins/authad/lang/eo/lang.php
new file mode 100644
index 0000000..94580c6
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/eo/lang.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Robert Bogenschneider <bogi@uea.org>
+ */
+$lang['domain']                = 'Ensaluta domajno';
+$lang['authpwdexpire']         = 'Via pasvorto malvalidos post %d tagoj, prefere ŝanĝu ĝin baldaũ.';
diff --git a/wiki/lib/plugins/authad/lang/eo/settings.php b/wiki/lib/plugins/authad/lang/eo/settings.php
new file mode 100644
index 0000000..cf9cad0
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/eo/settings.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Robert Bogenschneider <bogi@uea.org>
+ */
+$lang['account_suffix']        = 'Via konto-aldonaĵo, ekz. <code>@mia.domajno.lando</code>';
+$lang['base_dn']               = 'Via baza DN, ekz. <code>DC=mia,DC=domajno,DC=lando</code>';
+$lang['domain_controllers']    = 'Komodisigita listo de domajno-serviloj, ekz. <code>srv1.domajno.lando,srv2.domajno.lando</code>';
+$lang['admin_username']        = 'Privilegiita Aktiv-Dosieruja uzanto kun aliro al ĉiuj uzantaj datumoj. Libervole, sed necesa por iuj agadoj kiel sendi abonan retpoŝton.';
+$lang['admin_password']        = 'La pasvorto de tiu uzanto.';
+$lang['sso']                   = 'Ĉu uzi Sola Aliro tra Kerberos aŭ NTLM?';
+$lang['sso_charset']           = 'Per kiu karaktraro via retservilo pludonas uzantonomojn al Kerberos aŭ NTLM? Malplena por UTF-8 aŭ latin-1. Bezonas iconv-aldonaĵon.';
+$lang['real_primarygroup']     = 'Ĉu trovi la veran ĉefan grupon anstataŭ supozi "Domajnuzantoj" (pli malrapida)?';
+$lang['use_ssl']               = 'Ĉu uzi SSL-konekton? Se jes, ne aktivigu TLS sube.';
+$lang['use_tls']               = 'Ĉu uzi TLS-konekton? Se jes, ne aktivigu SSL supre.';
+$lang['debug']                 = 'Ĉu montri aldonajn informojn dum eraroj?';
+$lang['expirywarn']            = 'Tagoj da antaŭaverto pri malvalidiĝonta pasvorto. 0 por malebligi.';
+$lang['additional']            = 'Komodisigita listo de aldonaj AD-atributoj por preni el uzantaj datumoj. Uzita de iuj kromaĵoj.';
diff --git a/wiki/lib/plugins/authad/lang/es/lang.php b/wiki/lib/plugins/authad/lang/es/lang.php
new file mode 100644
index 0000000..381db9f
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/es/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Juan De La Cruz <juann.dlc@gmail.com>
+ * @author Gerardo Zamudio <gerardo@gerardozamudio.net>
+ * @author Mauricio Segura <maose38@yahoo.es>
+ * @author Romano <romanocl@outlook.com>
+ */
+$lang['domain']                = 'Dominio de inicio';
+$lang['authpwdexpire']         = 'Su contraseña caducara en %d días, debería cambiarla lo antes posible';
+$lang['passchangefail']        = 'Error al cambiar la contraseña. ¿Tal vez no se cumplió la directiva de contraseñas?';
+$lang['userchangefail']        = 'Falló al intentar modificar los atributos del usuario.  Puede ser que su cuenta no tiene permisos para realizar cambios?';
+$lang['connectfail']           = 'Error al conectar con el servidor de Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/es/settings.php b/wiki/lib/plugins/authad/lang/es/settings.php
new file mode 100644
index 0000000..7892222
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/es/settings.php
@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author monica <may.dorado@gmail.com>
+ * @author Antonio Bueno <atnbueno@gmail.com>
+ * @author Juan De La Cruz <juann.dlc@gmail.com>
+ * @author Eloy <ej.perezgomez@gmail.com>
+ * @author David Roy <davidroyapp@gmail.com>
+ */
+$lang['account_suffix']        = 'Su cuenta, sufijo. Ejem. <code> @ my.domain.org </code>';
+$lang['base_dn']               = 'Su base DN. Ejem. <code>DC=my,DC=dominio,DC=org</code>';
+$lang['domain_controllers']    = 'Una lista separada por coma de los controladores de dominios. Ejem. <code>srv1.dominio.org,srv2.dominio.org</code>';
+$lang['admin_username']        = 'Un usuario con privilegios de Active Directory con acceso a los datos de cualquier otro usuario. Opcional, pero es necesario para determinadas acciones como el envío de suscripciones de correos electrónicos.';
+$lang['admin_password']        = 'La contraseña del usuario anterior.';
+$lang['sso']                   = 'En caso de inicio de sesión usará ¿Kerberos o NTLM?';
+$lang['sso_charset']           = 'La codificación con que tu servidor web pasará el nombre de usuario Kerberos o NTLM. Si es UTF-8 o latin-1 dejar en blanco. Requiere la extensión iconv.';
+$lang['real_primarygroup']     = 'Resolver el grupo primario real en vez de asumir "Domain Users" (más lento)';
+$lang['use_ssl']               = '¿Usar conexión SSL? Si se usa, no habilitar TLS abajo.';
+$lang['use_tls']               = '¿Usar conexión TLS? Si se usa, no habilitar SSL arriba.';
+$lang['debug']                 = 'Mostrar información adicional de depuración sobre los errores?';
+$lang['expirywarn']            = 'Días por adelantado para avisar al usuario de que contraseña expirará. 0 para deshabilitar.';
+$lang['additional']            = 'Una lista separada por comas de atributos AD adicionales a obtener de los datos de usuario. Usado por algunos plugins.';
+$lang['update_name']           = '¿Permitir a los usuarios actualizar su nombre de AD?';
+$lang['update_mail']           = '¿Permitir a los usuarios actualizar su email?';
diff --git a/wiki/lib/plugins/authad/lang/et/lang.php b/wiki/lib/plugins/authad/lang/et/lang.php
new file mode 100644
index 0000000..94fe9ed
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/et/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Janar Leas <janar.leas@eesti.ee>
+ */
+$lang['authpwdexpire']         = 'Sinu salasõna aegub %d päeva pärast, võiksid seda peatselt muuta.';
diff --git a/wiki/lib/plugins/authad/lang/eu/lang.php b/wiki/lib/plugins/authad/lang/eu/lang.php
new file mode 100644
index 0000000..6c694bb
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/eu/lang.php
@@ -0,0 +1,10 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Zigor Astarbe <astarbe@gmail.com>
+ * @author Osoitz <oelkoro@gmail.com>
+ */
+$lang['authpwdexpire']         = 'Zure pasahitza %d egun barru iraungiko da, laster aldatu beharko zenuke.';
+$lang['connectfail']           = 'Huts egin du Active Directory zerbitzarira konektatzean';
diff --git a/wiki/lib/plugins/authad/lang/eu/settings.php b/wiki/lib/plugins/authad/lang/eu/settings.php
new file mode 100644
index 0000000..e6852b2
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/eu/settings.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Osoitz <oelkoro@gmail.com>
+ */
+$lang['account_suffix']        = 'Zure kontuaren atzizkia. Esaterako <code>@niredomeinua.eus</code>';
+$lang['admin_password']        = 'Goiko erabiltzailearen pasahitza';
+$lang['use_ssl']               = 'SSL konexioa darabilzu? Hala bada, ez gaitu TLS behean.';
+$lang['use_tls']               = 'Erabili TLS konexioa? Erabiltzekotan, ez gaitu SSL goian.';
+$lang['expirywarn']            = 'Pasahitza iraungitzear dagoela abisatzeko aurretia egunetan. 0 desgaitzeko.';
+$lang['update_mail']           = 'Baimendu erabiltzaileei bere email helbidea eguneratzea?';
diff --git a/wiki/lib/plugins/authad/lang/fa/lang.php b/wiki/lib/plugins/authad/lang/fa/lang.php
new file mode 100644
index 0000000..e5ff05d
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fa/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Hamid <zarrabi@sharif.edu>
+ * @author Milad DZand <M.DastanZand@gmail.com>
+ * @author Mohmmad Razavi <sepent@gmail.com>
+ */
+$lang['domain']                = 'دامنه‌ی ورود';
+$lang['authpwdexpire']         = 'کلمه عبور شما در %d روز منقضی خواهد شد ، شما باید آن را زود تغییر دهید';
+$lang['passchangefail']        = 'تغیر رمزعبور با خطا مواجه شد. شاید سیاستهای مربوط به گذاشتن نام کاربری درست رعایت نشده است.';
+$lang['userchangefail']        = 'تغییر ویژگی‌های کابر با خطا مواجه شد. شاید حساب کاربری شما مجاز به انجام این تغییرات نیست.';
+$lang['connectfail']           = 'ارتباط با سرور Active Directory با خطا مواجه شد.';
diff --git a/wiki/lib/plugins/authad/lang/fa/settings.php b/wiki/lib/plugins/authad/lang/fa/settings.php
new file mode 100644
index 0000000..79d62e7
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fa/settings.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Omid Hezaveh <hezpublic@gmail.com>
+ * @author Mohmmad Razavi <sepent@gmail.com>
+ * @author Masoud Sadrnezhaad <masoud@sadrnezhaad.ir>
+ */
+$lang['account_suffix']        = 'پسوند حساب کاربری شما. به عنوان مثال <code>@my.domain.org</code>';
+$lang['base_dn']               = 'DN پایه شما. به عنوان مثال <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'لیست کنترل کننده‌های دامنه که با کاما ازهم جدا شده اند. به عنوان مثال <code>srv1.domain.org,srv2.domain.org</code';
+$lang['admin_username']        = 'کاربر دارای دسترسی Active Directory که دارای دسترسی به تمام اطلاعات کاربران است. اختیاریست ولی برای برخی فعالیت‌ها مثل ایمیل‌های عضویت لازم است.';
+$lang['admin_password']        = 'رمز کاربر بالایی ';
+$lang['sso']                   = 'آیا Single-Sign-On از طریق Kerberos یا NTLM استفاده شود؟';
+$lang['sso_charset']           = 'کدبندی نویسه‌ای که وب‌سرورتان نام کاربری NTLM یا Kerberos را به آن منتقل می‌کند. برای انتخاب UTF-8 یا latin-1 خالی بگذارید. لازم است که افزونهٔ iconv نصب باشد.';
+$lang['real_primarygroup']     = 'باید گروه اصلی به جای "دامنهٔ کاربران" برگردد. (کندتر)';
+$lang['use_ssl']               = 'از اس‌اس‌ال استفاده می‌کنید؟ در این صورت تی‌ال‌اس را در پایین فعال نکنید. ';
+$lang['use_tls']               = 'از تی‌ال‌اس استفاده می‌کنید؟ در این صورت اس‌اس‌ال را در بالا فعال نکنید. ';
+$lang['debug']                 = 'داده‌های اضافی خروجی دیباگ در هنگام بروز خطا نمایش داده شود؟';
+$lang['expirywarn']            = 'تعداد روزهایی که پس گذشتن آن برای تغییر رمزعبور به شما هشدار داده شود. باری غیرفعال سازی از مقدار 0 استفاده کنید.';
+$lang['additional']            = 'لیست صفات اضافی AD برای گرفتن از اطلاعات کاربر که توسط برخی از افزونه‌ها استفاده می‌شود. با کاما جدا شود.';
+$lang['update_name']           = 'به کاربران اجازهٔ به روزرسانی نام AD داده شود؟';
+$lang['update_mail']           = 'به کاربران اجازهٔ به روزرسانی ایمیلشان داده شود؟';
diff --git a/wiki/lib/plugins/authad/lang/fi/lang.php b/wiki/lib/plugins/authad/lang/fi/lang.php
new file mode 100644
index 0000000..88a87b8
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fi/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Jussi Takala <jussi.takala@live.fi>
+ */
+$lang['authpwdexpire']         = 'Salasanasi vanhenee %d pv:n päästä, vaihda salasanasi pikaisesti.';
diff --git a/wiki/lib/plugins/authad/lang/fi/settings.php b/wiki/lib/plugins/authad/lang/fi/settings.php
new file mode 100644
index 0000000..e2f432f
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fi/settings.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Otto Vainio <otto@valjakko.net>
+ */
+$lang['debug']                 = 'Näytä lisää debug-koodia virheistä?';
+$lang['expirywarn']            = 'Montako päivää etukäteen varoitetaan salasanan vanhenemissta. 0 poistaa.';
diff --git a/wiki/lib/plugins/authad/lang/fr/lang.php b/wiki/lib/plugins/authad/lang/fr/lang.php
new file mode 100644
index 0000000..ba51235
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fr/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author ggallon <gwenael.gallon@mac.com>
+ * @author Yannick Aure <yannick.aure@gmail.com>
+ * @author Pietroni <pietroni@informatique.univ-paris-diderot.fr>
+ * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
+ */
+$lang['domain']                = 'Domaine de connexion';
+$lang['authpwdexpire']         = 'Votre mot de passe expirera dans %d jours, vous devriez le changer bientôt.';
+$lang['passchangefail']        = 'Impossible de changer le mot de passe. Il est possible que les règles de sécurité des mots de passe n\'aient pas été respectées.';
+$lang['userchangefail']        = 'Impossible de modifier les attributs de l\'utilisateur. Votre compte n\'a peut-être pas les permissions d\'effectuer des changements.';
+$lang['connectfail']           = 'Impossible de se connecter au serveur Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/fr/settings.php b/wiki/lib/plugins/authad/lang/fr/settings.php
new file mode 100644
index 0000000..f747c08
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/fr/settings.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Bruno Veilleux <bruno.vey@gmail.com>
+ * @author Momo50 <c.brothelande@gmail.com>
+ * @author Schplurtz le Déboulonné <Schplurtz@laposte.net>
+ */
+$lang['account_suffix']        = 'Le suffixe de votre compte. Ex.: <code>@mon.domaine.org</code>';
+$lang['base_dn']               = 'Votre nom de domaine de base. <code>DC=mon,DC=domaine,DC=org</code>';
+$lang['domain_controllers']    = 'Une liste de contrôleurs de domaine séparés par des virgules. Ex.: <code>srv1.domaine.org,srv2.domaine.org</code>';
+$lang['admin_username']        = 'Un utilisateur Active Directory avec accès aux données de tous les autres utilisateurs. Facultatif, mais nécessaire pour certaines actions telles que l\'envoi de courriels d\'abonnement.';
+$lang['admin_password']        = 'Le mot de passe de l\'utilisateur ci-dessus.';
+$lang['sso']                   = 'Est-ce que la connexion unique (Single-Sign-On) par Kerberos ou NTLM doit être utilisée?';
+$lang['sso_charset']           = 'Le jeu de caractères de votre serveur web va passer le nom d\'utilisateur Kerberos ou NTLM. Vide pour UTF-8 ou latin-1. Nécessite l\'extension iconv.';
+$lang['real_primarygroup']     = 'Est-ce que le véritable groupe principal doit être résolu au lieu de présumer "Domain Users" (plus lent)?';
+$lang['use_ssl']               = 'Utiliser une connexion SSL? Si utilisée, n\'activez pas TLS ci-dessous.';
+$lang['use_tls']               = 'Utiliser une connexion TLS? Si utilisée, n\'activez pas SSL ci-dessus.';
+$lang['debug']                 = 'Afficher des informations de débogage supplémentaires pour les erreurs?';
+$lang['expirywarn']            = 'Jours d\'avance pour l\'avertissement envoyé aux utilisateurs lorsque leur mot de passe va expirer. 0 pour désactiver.';
+$lang['additional']            = 'Une liste séparée par des virgules d\'attributs AD supplémentaires à récupérer dans les données utilisateur. Utilisée par certains modules.';
+$lang['update_name']           = 'Autoriser les utilisateurs à modifier leur nom affiché de l\'AD ?';
+$lang['update_mail']           = 'Autoriser les utilisateurs à modifier leur adresse de courriel ?';
diff --git a/wiki/lib/plugins/authad/lang/gl/lang.php b/wiki/lib/plugins/authad/lang/gl/lang.php
new file mode 100644
index 0000000..b10126a
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/gl/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Rodrigo Rega <rodrigorega@gmail.com>
+ */
+$lang['authpwdexpire']         = 'A túa contrasinal expirará en %d días, deberías cambiala pronto.';
diff --git a/wiki/lib/plugins/authad/lang/he/lang.php b/wiki/lib/plugins/authad/lang/he/lang.php
new file mode 100644
index 0000000..ac8fbcb
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/he/lang.php
@@ -0,0 +1,10 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author tomer <tomercarolldergicz@gmail.com>
+ * @author Menashe Tomer <menashesite@gmail.com>
+ */
+$lang['authpwdexpire']         = 'הסיסמה שלך תפוג ב %d ימים, אתה צריך לשנות את זה בקרוב.';
+$lang['passchangefail']        = 'שגיאה בשינוי סיסמה. האם הסיסמה תואמת למדיניות המערכת?';
diff --git a/wiki/lib/plugins/authad/lang/he/settings.php b/wiki/lib/plugins/authad/lang/he/settings.php
new file mode 100644
index 0000000..d0d459c
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/he/settings.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Menashe Tomer <menashesite@gmail.com>
+ */
+$lang['admin_password']        = 'סיסמת המשתמש המוזכן';
diff --git a/wiki/lib/plugins/authad/lang/hr/lang.php b/wiki/lib/plugins/authad/lang/hr/lang.php
new file mode 100644
index 0000000..04268c2
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/hr/lang.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Davor Turkalj <turki.bsc@gmail.com>
+ */
+$lang['domain']                = 'Domena za prijavu';
+$lang['authpwdexpire']         = 'Vaša lozinka će isteći za %d dana, trebate ju promijeniti.';
+$lang['passchangefail']        = 'Ne mogu izmijeniti lozinku. Možda nije zadovoljen set pravila za lozinke?';
+$lang['userchangefail']        = 'Greška pri promjeni atributa korisnika. Možda Vaš korisnik nema autorizacije da bi radio promjene?';
+$lang['connectfail']           = 'Ne mogu se povezati s Active Directory poslužiteljem.';
diff --git a/wiki/lib/plugins/authad/lang/hr/settings.php b/wiki/lib/plugins/authad/lang/hr/settings.php
new file mode 100644
index 0000000..a34d89b
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/hr/settings.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Davor Turkalj <turki.bsc@gmail.com>
+ */
+$lang['account_suffix']        = 'Vaš sufiks korisničkog imena. Npr. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Vaš bazni DN. Npr. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Zarezom odvojena lista domenskih kontrolera. Npr. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Privilegirani korisnik Active Directory-a s pristupom svim korisničkim podacima. Opcionalno, ali potrebno za određene akcije kao što je slanje pretplatničkih poruka.';
+$lang['admin_password']        = 'Lozinka gore navedenoga korisnika.';
+$lang['sso']                   = 'Da li će Single-Sign-On prijava biti korištena preko Kerberosa ili NTLM-a?';
+$lang['sso_charset']           = 'Znakovni set koji će se koristiti Kerberos ili NTLM pri slanju imena korisnika. Prazno za UTF-8 ili latin-1. Zahtjeva iconv ekstenziju.';
+$lang['real_primarygroup']     = 'Da li da se razluči stvarna primarna grupa umjesto pretpostavke da je to "Domain Users" (sporije !).';
+$lang['use_ssl']               = 'Koristi SSL vezu? Ako da, dolje ne koristi TLS!';
+$lang['use_tls']               = 'Koristi TLS vezu? Ako da, gore ne koristi SSL!';
+$lang['debug']                 = 'Prikaži dodatni debug ispis u slučaju greške? ';
+$lang['expirywarn']            = 'Upozori korisnike o isteku lozinke ovoliko dana. 0 za onemogućavanje. ';
+$lang['additional']            = 'Zarezom odvojena lista dodatnih AD atributa koji se dohvaćaju iz korisničkih podataka. Koristi se u nekim dodatcima (plugin).';
+$lang['update_name']           = 'Omogućiti korisnicima da izmjene svoje ime u AD-u?';
+$lang['update_mail']           = 'Omogućiti korisnicima da izmjene svoju email adresu?';
diff --git a/wiki/lib/plugins/authad/lang/hu/lang.php b/wiki/lib/plugins/authad/lang/hu/lang.php
new file mode 100644
index 0000000..023e6b9
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/hu/lang.php
@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Marton Sebok <sebokmarton@gmail.com>
+ */
+$lang['domain']                = 'Bejelentkezési tartomány';
+$lang['authpwdexpire']         = 'A jelszavad %d nap múlva lejár, hamarosan meg kell változtatnod.';
+$lang['passchangefail']        = 'A jelszó megváltoztatása sikertelen. Lehet, hogy nem felel meg a jelszóházirendnek?';
+$lang['connectfail']           = 'A csatlakozás az Active Directory szerverhez sikertelen.';
diff --git a/wiki/lib/plugins/authad/lang/hu/settings.php b/wiki/lib/plugins/authad/lang/hu/settings.php
new file mode 100644
index 0000000..be0592d
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/hu/settings.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author Marton Sebok <sebokmarton@gmail.com>
+ * @author Marina Vladi <deldadam@gmail.com>
+ */
+$lang['account_suffix']        = 'Felhasználói azonosító végződése, pl. <code>@my.domain.org</code>.';
+$lang['base_dn']               = 'Bázis DN, pl. <code>DC=my,DC=domain,DC=org</code>.';
+$lang['domain_controllers']    = 'Tartománykezelők listája vesszővel elválasztva, pl. <code>srv1.domain.org,srv2.domain.org</code>.';
+$lang['admin_username']        = 'Privilegizált AD felhasználó, aki az összes feéhasználó adatait elérheti. Elhagyható, de bizonyos funkciókhoz, például a feliratkozási e-mailek kiküldéséhez szükséges.';
+$lang['admin_password']        = 'Ehhez tartozó jelszó.';
+$lang['sso']                   = 'Kerberos egyszeri bejelentkezés vagy NTLM használata?';
+$lang['sso_charset']           = 'A webkiszolgáló karakterkészlete megfelel a Kerberos- és NTLM-felhasználóneveknek. Üres UTF-8 és Latin-1-hez. Szükséges az iconv bővítmény.';
+$lang['real_primarygroup']     = 'A valódi elsődleges csoport feloldása a "Tartományfelhasználók" csoport használata helyett? (lassabb)';
+$lang['use_ssl']               = 'SSL használata? Ha használjuk, tiltsuk le a TLS-t!';
+$lang['use_tls']               = 'TLS használata? Ha használjuk, tiltsuk le az SSL-t!';
+$lang['debug']                 = 'További hibakeresési üzenetek megjelenítése hiba esetén';
+$lang['expirywarn']            = 'Felhasználók értesítése ennyi nappal a jelszavuk lejárata előtt. 0 a funkció kikapcsolásához.';
+$lang['additional']            = 'Vesszővel elválasztott lista a további AD attribútumok lekéréséhez. Néhány bővítmény használhatja.';
diff --git a/wiki/lib/plugins/authad/lang/it/lang.php b/wiki/lib/plugins/authad/lang/it/lang.php
new file mode 100644
index 0000000..ee97442
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/it/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Matteo Pasotti <matteo@xquiet.eu>
+ * @author Torpedo <dgtorpedo@gmail.com>
+ */
+$lang['domain']                = 'Dominio di accesso';
+$lang['authpwdexpire']         = 'La tua password scadrà in %d giorni, dovresti cambiarla quanto prima.';
+$lang['passchangefail']        = 'Cambio password fallito. Forse non sono state rispettate le regole adottate per le password';
+$lang['userchangefail']        = 'Cambio attributi utente fallito. Forse il tuo account non ha i permessi per eseguire delle modifiche?';
+$lang['connectfail']           = 'Connessione fallita al server Active Directory';
diff --git a/wiki/lib/plugins/authad/lang/it/settings.php b/wiki/lib/plugins/authad/lang/it/settings.php
new file mode 100644
index 0000000..9fd8235
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/it/settings.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Edmondo Di Tucci <snarchio@gmail.com>
+ * @author Torpedo <dgtorpedo@gmail.com>
+ */
+$lang['account_suffix']        = 'Il suffisso del tuo account. Eg. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Il tuo DN. base Eg. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Elenco separato da virgole di Domain Controllers. Eg. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Utente privilegiato di Active Directory con accesso ai dati di tutti gli utenti. Opzionale ma necessario per alcune attività come mandare email di iscrizione.';
+$lang['admin_password']        = 'La password dell\'utente soprascritto.';
+$lang['sso']                   = 'Deve essere usato Single-Sign-On via Kerberos oppure NTLM?';
+$lang['sso_charset']           = 'Il set di caratteri che il tuo web server passera nel nome utente Kerberos o NTLM. Lasciare vuoto per UTF-8 p latin-1. Richiesta estensione iconv. ';
+$lang['real_primarygroup']     = 'Se il vero gruppo primario dovesse essere risolo invece di assumere "Domain Users" (lento).';
+$lang['use_ssl']               = 'Usare la connessione SSL? Se usata, non abilitare TSL qui sotto.';
+$lang['use_tls']               = 'Usare la connessione TSL? Se usata, non abilitare SSL qui sopra.';
+$lang['debug']                 = 'Visualizzare output addizionale di debug per gli errori?';
+$lang['expirywarn']            = 'Giorni di preavviso per la scadenza della password dell\'utente. 0 per disabilitare.';
+$lang['additional']            = 'Valori separati da virgola di attributi AD addizionali da caricare dai dati utente. Usato da alcuni plugin.';
+$lang['update_name']           = 'Permettere agli utenti di aggiornare il loro nome AD visualizzato? ';
+$lang['update_mail']           = 'Permettere agli utenti di aggiornare il loro indirizzo e-mail?';
diff --git a/wiki/lib/plugins/authad/lang/ja/lang.php b/wiki/lib/plugins/authad/lang/ja/lang.php
new file mode 100644
index 0000000..602b079
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ja/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author PzF_X <jp_minecraft@yahoo.co.jp>
+ * @author Osaka <mr.osaka@gmail.com>
+ * @author Ikuo Obataya <i.obataya@gmail.com>
+ * @author Hideaki SAWADA <chuno@live.jp>
+ */
+$lang['domain']                = 'ログオン時のドメイン';
+$lang['authpwdexpire']         = 'あなたのパスワードは、あと%d日で有効期限が切れます。パスワードを変更してください。';
+$lang['passchangefail']        = 'パスワードを変更できませんでした。パスワードのルールに合わなかったのかもしれません。';
+$lang['userchangefail']        = 'ユーザー属性を変更できませんでした。おそらく、変更権限のないアカウントです。';
+$lang['connectfail']           = 'Active Directoryサーバーに接続できませんでした。';
diff --git a/wiki/lib/plugins/authad/lang/ja/settings.php b/wiki/lib/plugins/authad/lang/ja/settings.php
new file mode 100644
index 0000000..0dc5649
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ja/settings.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Satoshi Sahara <sahara.satoshi@gmail.com>
+ * @author Hideaki SAWADA <chuno@live.jp>
+ * @author PzF_X <jp_minecraft@yahoo.co.jp>
+ */
+$lang['account_suffix']        = 'アカウントの接尾語。例:<code>@my.domain.org</code>';
+$lang['base_dn']               = 'ベースDN。例:<code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'ドメインコントローラのカンマ区切り一覧。例:<code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = '全ユーザーデータへのアクセス権のある特権Active Directoryユーザー。任意ですが、メール通知の登録等の特定の動作に必要。';
+$lang['admin_password']        = '上記ユーザーのパスワード';
+$lang['sso']                   = 'Kerberos か NTLM を使ったシングルサインオン(SSO)をしますか?';
+$lang['sso_charset']           = 'サーバーは空のUTF-8かLatin-1でKerberosかNTLMユーザネームを送信します。iconv拡張モジュールが必要です。';
+$lang['real_primarygroup']     = '"Domain Users" を仮定する代わりに本当のプライマリグループを解決する(低速)';
+$lang['use_ssl']               = 'SSL接続を使用しますか?使用した場合、下のSSLを有効にしないでください。';
+$lang['use_tls']               = 'TLS接続を使用しますか?使用した場合、上のSSLを有効にしないでください。';
+$lang['debug']                 = 'エラー時に追加のデバッグ出力を表示する?';
+$lang['expirywarn']            = '何日前からパスワードの有効期限をユーザーに警告する。0 の場合は無効';
+$lang['additional']            = 'ユーザデータから取得する追加AD属性のカンマ区切り一覧。いくつかのプラグインが使用する。';
+$lang['update_name']           = 'ユーザー自身にAD表示名の変更を許可しますか?';
+$lang['update_mail']           = 'ユーザー自身にメールアドレスの変更を許可しますか?';
diff --git a/wiki/lib/plugins/authad/lang/ka/lang.php b/wiki/lib/plugins/authad/lang/ka/lang.php
new file mode 100644
index 0000000..474906c
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ka/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Luka Lejava <luka.lejava@gmail.com>
+ */
+$lang['authpwdexpire']         = 'თქვენს პაროლს ვადა გაუვა %d დღეში, მალე შეცვლა მოგიწევთ.';
diff --git a/wiki/lib/plugins/authad/lang/ko/lang.php b/wiki/lib/plugins/authad/lang/ko/lang.php
new file mode 100644
index 0000000..0a652ad
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ko/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Myeongjin <aranet100@gmail.com>
+ * @author Erial <erial2@gmail.com>
+ */
+$lang['domain']                = '로그온 도메인';
+$lang['authpwdexpire']         = '비밀번호를 바꾼지 %d일이 지났으며, 비밀번호를 곧 바꿔야 합니다.';
+$lang['passchangefail']        = '비밀번호를 바꾸는 데 실패했습니다. 비밀번호 정책을 따르지 않은 건 아닐까요?';
+$lang['userchangefail']        = '사용자 특성을 바꾸는 데 실패했습니다. 당신의 계정에 바꿀 권한이 없는 건 아닐까요?';
+$lang['connectfail']           = 'Active Directory 서버에 연결하는 데 실패했습니다.';
diff --git a/wiki/lib/plugins/authad/lang/ko/settings.php b/wiki/lib/plugins/authad/lang/ko/settings.php
new file mode 100644
index 0000000..605819f
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ko/settings.php
@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Myeongjin <aranet100@gmail.com>
+ * @author Garam <rowain8@gmail.com>
+ */
+$lang['account_suffix']        = '계정 접미어. 예를 들어 <code>@my.domain.org</code>';
+$lang['base_dn']               = '기본 DN. 예를 들어 <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = '도메인 컨트롤러의 쉼표로 구분한 목록. 예를 들어 <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = '다른 모든 사용자의 데이터에 접근할 수 있는 권한이 있는 Active Directory 사용자. 선택적이지만 구독 메일을 보내는 등의 특정 작업에 필요합니다.';
+$lang['admin_password']        = '위 사용자의 비밀번호.';
+$lang['sso']                   = 'Kerberos나 NTLM을 통해 Single-Sign-On을 사용해야 합니까?';
+$lang['sso_charset']           = '당신의 웹서버의 문자집합은 Kerberos나 NTLM 사용자 이름으로 전달됩니다. UTF-8이나 라린-1이 비어 있습니다. icov 확장 기능이 필요합니다.';
+$lang['real_primarygroup']     = '실제 기본 그룹은 "도메인 사용자"를 가정하는 대신 해결될 것입니다. (느림)';
+$lang['use_ssl']               = 'SSL 연결을 사용합니까? 사용한다면 아래 TLS을 활성화하지 마세요.';
+$lang['use_tls']               = 'TLS 연결을 사용합니까? 사용한다면 위 SSL을 활성화하지 마세요.';
+$lang['debug']                 = '오류에 대한 추가적인 디버그 정보를 보이겠습니까?';
+$lang['expirywarn']            = '미리 비밀번호 만료를 사용자에게 경고할 날짜. 0일 경우 비활성화합니다.';
+$lang['additional']            = '사용자 데이터에서 가져올 추가적인 AD 속성의 쉼표로 구분한 목록. 일부 플러그인이 사용합니다.';
+$lang['update_name']           = '사용자가 자신의 AD 표시 이름을 업데이트할 수 있도록 하겠습니까?';
+$lang['update_mail']           = '사용자가 자신의 이메일 주소를 업데이트할 수 있도록 하겠습니까?';
diff --git a/wiki/lib/plugins/authad/lang/lv/lang.php b/wiki/lib/plugins/authad/lang/lv/lang.php
new file mode 100644
index 0000000..fd20d34
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/lv/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Oskars Pakers <oskars.pakers@gmail.com>
+ * @author Aivars Miška <allefm@gmail.com>
+ */
+$lang['domain']                = 'Iežurnālēšanās domēns';
+$lang['authpwdexpire']         = 'Tavai parolei pēc %d dienām biegsies termiņš, tā drīzumā jānomaina.';
+$lang['passchangefail']        = 'Neizdevās nomainīt paroli. Varbūt parole neatbilst noteikumiem?';
+$lang['userchangefail']        = 'Neizdevās labot lietotāju. Varbūt jūsu kontam nav nepieciešamās atļaujas?';
+$lang['connectfail']           = 'Neizdevās savienotes ar aktīvās direktorijas serveri.';
diff --git a/wiki/lib/plugins/authad/lang/lv/settings.php b/wiki/lib/plugins/authad/lang/lv/settings.php
new file mode 100644
index 0000000..72b9cf2
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/lv/settings.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Oskars Pakers <oskars.pakers@gmail.com>
+ * @author Aivars Miška <allefm@gmail.com>
+ */
+$lang['account_suffix']        = 'Jūsu konta sufikss. Piemēram, <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Jūsu bāzes DN. Piemēram, <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Ar komatiem atdalīts domēna kontroleru saraksts. Piemēram, <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_password']        = 'Minētā lietotāja parole.';
+$lang['expirywarn']            = 'Cik dienas iepriekš brīdināt lietotāju par paroles termiņa beigām. Ierakstīt 0, lai atspējotu.';
diff --git a/wiki/lib/plugins/authad/lang/nl/lang.php b/wiki/lib/plugins/authad/lang/nl/lang.php
new file mode 100644
index 0000000..1449b19
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/nl/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Rene <wllywlnt@yahoo.com>
+ * @author Dion Nicolaas <dion@nicolaas.net>
+ * @author Hugo Smet <hugo.smet@scarlet.be>
+ * @author Wesley de Weerd <wesleytiel@gmail.com>
+ */
+$lang['domain']                = 'Inlog Domein';
+$lang['authpwdexpire']         = 'Je wachtwoord verloopt in %d dagen, je moet het binnenkort veranderen';
+$lang['passchangefail']        = 'Wijziging van het paswoord is mislukt. Wellicht beantwoord het paswoord niet aan de voorwaarden. ';
+$lang['userchangefail']        = 'Kan gebruiker attributen veranderen . Misschien heeft uw account geen rechten om wijzigingen aan te brengen?';
+$lang['connectfail']           = 'Connectie met Active Directory server mislukt.';
diff --git a/wiki/lib/plugins/authad/lang/nl/settings.php b/wiki/lib/plugins/authad/lang/nl/settings.php
new file mode 100644
index 0000000..c0be12e
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/nl/settings.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Remon <no@email.local>
+ * @author Gerrit Uitslag <klapinklapin@gmail.com>
+ * @author Sjoerd <sjoerd@sjomar.eu>
+ */
+$lang['account_suffix']        = 'Je account domeinnaam. Bijv <code>@mijn.domein.org</code>';
+$lang['base_dn']               = 'Je basis DN. Bijv. <code>DC=mijn,DC=domein,DC=org</code>';
+$lang['domain_controllers']    = 'Eeen kommagescheiden lijst van domeinservers. Bijv. <code>srv1.domein.org,srv2.domein.org</code>';
+$lang['admin_username']        = 'Een geprivilegeerde Active Directory gebruiker die bij alle gebruikersgegevens kan komen. Dit is optioneel maar kan nodig zijn voor bepaalde acties, zoals het versturen van abonnementsmailtjes.';
+$lang['admin_password']        = 'Het wachtwoord van bovenstaande gebruiker.';
+$lang['sso']                   = 'Wordt voor Single-Sign-on Kerberos of NTLM gebruikt?';
+$lang['sso_charset']           = 'Het tekenset waarin je webserver de Kerberos of NTLM gebruikersnaam doorsturen. Leeglaten voor UTF-8 of latin-1. Vereist de iconv extensie.';
+$lang['real_primarygroup']     = 'Moet de echte primaire groep worden opgezocht in plaats van het aannemen van "Domeingebruikers" (langzamer)';
+$lang['use_ssl']               = 'SSL verbinding gebruiken? Zo ja, activeer dan niet de TLS optie hieronder.';
+$lang['use_tls']               = 'TLS verbinding gebruiken? Zo ja, activeer dan niet de SSL verbinding hierboven.';
+$lang['debug']                 = 'Aanvullende debug informatie tonen bij fouten?';
+$lang['expirywarn']            = 'Waarschuwingstermijn voor vervallen wachtwoord. 0 om te deactiveren.';
+$lang['additional']            = 'Een kommagescheiden lijst van extra AD attributen van de gebruiker. Wordt gebruikt door sommige plugins.';
+$lang['update_name']           = 'Sta gebruikers toe om hun getoonde AD naam bij te werken';
+$lang['update_mail']           = 'Sta gebruikers toe hun email adres bij te werken';
diff --git a/wiki/lib/plugins/authad/lang/no/lang.php b/wiki/lib/plugins/authad/lang/no/lang.php
new file mode 100644
index 0000000..c702e9e
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/no/lang.php
@@ -0,0 +1,16 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Patrick <spill.p@hotmail.com>
+ * @author Thomas Juberg <Thomas.Juberg@Gmail.com>
+ * @author Danny Buckhof <daniel.raknes@hotmail.no>
+ * @author Patrick Sletvold <patricksletvold@hotmail.com>
+ * @author Arne Hanssen <arnehans@getmail.no>
+ */
+$lang['domain']                = 'Loggpå-domene';
+$lang['authpwdexpire']         = 'Ditt passord går ut om %d dager, du bør endre det snarest.';
+$lang['passchangefail']        = 'Feil ved endring av passord. Det kan være at passordet ikke er i tråd med passordpolicyen ';
+$lang['userchangefail']        = 'Klarte ikke å endre brukerattributter. Kanskje gar ikke kontoen din rettigheter til å gjøre endringer?';
+$lang['connectfail']           = 'Feil ved kontakt med Active Directory serveren.';
diff --git a/wiki/lib/plugins/authad/lang/no/settings.php b/wiki/lib/plugins/authad/lang/no/settings.php
new file mode 100644
index 0000000..a374f38
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/no/settings.php
@@ -0,0 +1,26 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Christopher Schive <chschive@frisurf.no>
+ * @author Patrick <spill.p@hotmail.com>
+ * @author Danny Buckhof <daniel.raknes@hotmail.no>
+ * @author Patrick Sletvold <patricksletvold@hotmail.com>
+ * @author Arne Hanssen <arnehans@getmail.no>
+ */
+$lang['account_suffix']        = 'Ditt konto-suffiks F. Eks. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Din rot-DN. F.eks. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'En kommaseparert liste over domenekontrollere. Eks. <code>srv1.domene.org,srv2.domene.org</code>';
+$lang['admin_username']        = 'En «Active Directory»-bruker med tilgang til alle andre brukeres data. Valgfritt, men nødvendig for visse handlinger f.eks. for utsendelse av e-poster til abonnenter.';
+$lang['admin_password']        = 'Passordet til brukeren over.';
+$lang['sso']                   = 'Skal engangspålogging via Kerberos eller NTLM bli brukt?';
+$lang['sso_charset']           = 'Tegnsettet din web-server vil bruke for ditt Kerberos- eller NTLM-brukernavn. La stå tomt for UTF-8 eller ISO Latin-1. Avhengig av utvidelsen iconv.';
+$lang['real_primarygroup']     = 'Skal en finne den virkelige gruppen i stedet for å anta at dette er "domene-brukere" (tregere).';
+$lang['use_ssl']               = 'Bruk SSL tilknytning? Hvis denne brukes, ikke aktiver TLS nedenfor.';
+$lang['use_tls']               = 'Bruk TLS tilknytning? Hvis denne brukes, ikke aktiver SSL over.';
+$lang['debug']                 = 'Ved feil, vise tilleggsinformasjon for feilsøking?';
+$lang['expirywarn']            = 'Antall dager på forhånd brukeren varsles om at passordet utgår. 0 for å deaktivere.';
+$lang['additional']            = 'En kommaseparert liste med AD-attributter som skal hentes fra brukerdata. Blir brukt av enkelte programtillegg.';
+$lang['update_name']           = 'Tillate at brukere endrer AD-visningsnavnet sitt?';
+$lang['update_mail']           = 'Tillate at brukere endrer e-postadressen sin?';
diff --git a/wiki/lib/plugins/authad/lang/pl/lang.php b/wiki/lib/plugins/authad/lang/pl/lang.php
new file mode 100644
index 0000000..8ea095a
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pl/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Wojciech Lichota <wojciech@lichota.pl>
+ * @author Aoi Karasu <aoikarasu@gmail.com>
+ */
+$lang['domain']                = 'Domena logowania';
+$lang['authpwdexpire']         = 'Twoje hasło wygaśnie za %d dni. Należy je zmienić w krótkim czasie.';
+$lang['passchangefail']        = 'Nie udało się zmienić hasła. Możliwe, że zasady dotyczące haseł nie zostały spełnione.';
+$lang['userchangefail']        = 'Nie udało się zmienić atrybutów użytkownika. Możliwe, że twoje konto nie ma uprawnień do wprowadzania zmian.';
+$lang['connectfail']           = 'Nie można połączyć się z serwerem Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/pl/settings.php b/wiki/lib/plugins/authad/lang/pl/settings.php
new file mode 100644
index 0000000..d5af79c
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pl/settings.php
@@ -0,0 +1,29 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Wojciech Lichota <wojciech@lichota.pl>
+ * @author Max <maxrb146@gmail.com>
+ * @author Tomasz Bosak <bosak.tomasz@gmail.com>
+ * @author Paweł Jan Czochański <czochanski@gmail.com>
+ * @author Mati <mackosa@wp.pl>
+ * @author Maciej Helt <geraldziu@gmail.com>
+ * @author Kris Charatonik <krishary@gmail.com>
+ */
+$lang['account_suffix']        = 'Przyrostek twojej nazwy konta np. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Twoje bazowe DN. Na przykład: <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Podzielona przecinkami lista kontrolerów domen np. <code>srv1.domena.pl,srv2.domena.pl</code>';
+$lang['admin_username']        = 'Uprawniony użytkownik katalogu Active Directory z dostępem do danych wszystkich użytkowników.
+Opcjonalne, ale wymagane dla niektórych akcji np. wysyłania emailowych subskrypcji.';
+$lang['admin_password']        = 'Hasło dla powyższego użytkownika.';
+$lang['sso']                   = 'Czy pojedyncze logowanie powinno korzystać z Kerberos czy NTML?';
+$lang['sso_charset']           = 'Kodowanie znaków wykorzystywane do przesyłania nazwy użytkownika dla Kerberos lub NTLM. Pozostaw puste dla UTF-8 lub latin-1. Wymaga rozszerzenia iconv.';
+$lang['real_primarygroup']     = 'Czy prawdziwa grupa podstawowa powinna zostać pobrana, zamiast  przyjmowania domyślnej wartości "Domain Users" (wolniej).';
+$lang['use_ssl']               = 'Użyć połączenie SSL? Jeśli tak to nie aktywuj TLS poniżej.';
+$lang['use_tls']               = 'Użyć połączenie TLS? Jeśli tak to nie aktywuj SSL powyżej.';
+$lang['debug']                 = 'Wyświetlać dodatkowe informacje do debugowania w przypadku błędów?';
+$lang['expirywarn']            = 'Dni poprzedzających powiadomienie użytkownika o wygasającym haśle. 0 aby wyłączyć.';
+$lang['additional']            = 'Oddzielona przecinkami lista dodatkowych atrybutów AD do pobrania z danych użytkownika. Używane przez niektóre wtyczki.';
+$lang['update_name']           = 'Zezwól użytkownikom na uaktualnianie nazwy wyświetlanej w AD?';
+$lang['update_mail']           = 'Zezwól użytkownikom na uaktualnianie ich adresu email?';
diff --git a/wiki/lib/plugins/authad/lang/pt-br/lang.php b/wiki/lib/plugins/authad/lang/pt-br/lang.php
new file mode 100644
index 0000000..8a30102
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pt-br/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Felipe Castro <fefcas@gmail.com>
+ * @author Frederico Gonçalves Guimarães <frederico@teia.bio.br>
+ * @author Guilherme Cardoso <guicardoso@gmail.com>
+ */
+$lang['domain']                = 'Domínio de "Logon"';
+$lang['authpwdexpire']         = 'Sua senha vai expirar em %d dias. Você deve mudá-la assim que for possível.';
+$lang['passchangefail']        = 'Não foi possível alterar a senha. Pode ser algum conflito com a política de senhas.';
+$lang['userchangefail']        = 'Falha ao mudar os atributos do usuário. Talvez a sua conta não tenha permissões para fazer mudanças.';
+$lang['connectfail']           = 'Não foi possível conectar ao servidor Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/pt-br/settings.php b/wiki/lib/plugins/authad/lang/pt-br/settings.php
new file mode 100644
index 0000000..1231077
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pt-br/settings.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Victor Westmann <victor.westmann@gmail.com>
+ * @author Frederico Guimarães <frederico@teia.bio.br>
+ * @author Juliano Marconi Lanigra <juliano.marconi@gmail.com>
+ * @author Viliam Dias <viliamjr@gmail.com>
+ */
+$lang['account_suffix']        = 'Sufixo de sua conta. Eg. <code>@meu.domínio.org</code>';
+$lang['base_dn']               = 'Sua base DN. Eg. <code>DC=meu,DC=domínio,DC=org</code>';
+$lang['domain_controllers']    = 'Uma lista de controles de domínios separada por vírgulas. Eg. <code>srv1.domínio.org,srv2.domínio.org</code>';
+$lang['admin_username']        = 'Um usuário do Active Directory com privilégios para acessar os dados de todos os outros usuários. Opcional, mas necessário para realizar certas ações, tais como enviar mensagens de assinatura.';
+$lang['admin_password']        = 'A senha do usuário acima.';
+$lang['sso']                   = 'Usar Single-Sign-On através do Kerberos ou NTLM?';
+$lang['sso_charset']           = 'A codificação de caracteres que seu servidor web passará o nome de usuário Kerberos ou NTLM. Vazio para UTF-8 ou latin-1. Requere a extensão iconv.';
+$lang['real_primarygroup']     = 'O grupo primário real deve ser resolvido ao invés de assumirmos como "Usuários do Domínio" (mais lento)';
+$lang['use_ssl']               = 'Usar conexão SSL? Se usar, não habilitar TLS abaixo.';
+$lang['use_tls']               = 'Usar conexão TLS? se usar, não habilitar SSL acima.';
+$lang['debug']                 = 'Mostrar saída adicional de depuração em mensagens de erros?';
+$lang['expirywarn']            = 'Dias com antecedência para avisar o usuário de uma senha que vai expirar. 0 para desabilitar.';
+$lang['additional']            = 'Uma lista separada de vírgulas de atributos adicionais AD para pegar dados de usuários. Usados por alguns plugins.';
+$lang['update_name']           = 'Permitir aos usuários que atualizem seus nomes de exibição AD?';
+$lang['update_mail']           = 'Permitir aos usuários que atualizem seu endereço de e-mail?';
diff --git a/wiki/lib/plugins/authad/lang/pt/lang.php b/wiki/lib/plugins/authad/lang/pt/lang.php
new file mode 100644
index 0000000..4f8266b
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pt/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Paulo Silva <paulotsilva@yahoo.com>
+ * @author André Neves <drakferion@gmail.com>
+ * @author Paulo Carmino <contato@paulocarmino.com>
+ */
+$lang['domain']                = 'Domínio de Início de Sessão';
+$lang['authpwdexpire']         = 'A sua senha expirará dentro de %d dias, deve mudá-la em breve.';
+$lang['passchangefail']        = 'Falha ao alterar a senha. Tente prosseguir com uma senha mais segura.';
+$lang['connectfail']           = 'Falha ao conectar com o servidor Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/pt/settings.php b/wiki/lib/plugins/authad/lang/pt/settings.php
new file mode 100644
index 0000000..b734c48
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/pt/settings.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author André Neves <drakferion@gmail.com>
+ * @author Murilo <muriloricci@hotmail.com>
+ * @author Paulo Silva <paulotsilva@yahoo.com>
+ * @author Guido Salatino <guidorafael23@gmail.com>
+ * @author Guilherme Sá <guilherme.sa@hotmail.com>
+ */
+$lang['account_suffix']        = 'O sufixo da sua conta. Por exemplo, <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Sua base DN. Eg. <code> DC=meu, DC=dominio, DC=org </code>';
+$lang['domain_controllers']    = 'Uma lista separada por vírgulas de Controladores de Domínio (AD DC). Ex.: <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Um utilizador com privilégios na Active Directory que tenha acesso aos dados de todos os outros utilizadores. Opcional, mas necessário para certas ações como enviar emails de subscrição.';
+$lang['admin_password']        = 'A senha para o utilizador acima.';
+$lang['sso']                   = 'Deve ser usado o Single-Sign-On via Kerberos ou NTLM?';
+$lang['sso_charset']           = 'O charset do seu servidor web vai passar o nome de usuário Kerberos ou NTLM  vazio para UTF-8 ou latin-1. Requer a extensão iconv.';
+$lang['real_primarygroup']     = 'Deveria ser resolvido, de fato, o grupo primário ao invés de assumir "Usuários de Domínio" (mais lento).';
+$lang['use_ssl']               = 'Usar ligação SSL? Se usada, não ative TLS abaixo.';
+$lang['use_tls']               = 'Usar ligação TLS? Se usada, não ative SSL abaixo.';
+$lang['debug']                 = 'Deve-se mostrar saída adicional de depuração de erros?';
+$lang['expirywarn']            = 'Número de dias de avanço para avisar o utilizador da expiração da senha. 0 para desativar.';
+$lang['additional']            = 'Uma lista separada por vírgula de atributos adicionais de AD para buscar a partir de dados do usuário. Usado por alguns plugins.';
+$lang['update_mail']           = 'Permitir que usuários atualizem seus endereços de e-mail?';
diff --git a/wiki/lib/plugins/authad/lang/ro/lang.php b/wiki/lib/plugins/authad/lang/ro/lang.php
new file mode 100644
index 0000000..f08a22c
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ro/lang.php
@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Razvan Deaconescu <razvan.deaconescu@cs.pub.ro>
+ * @author Adrian Vesa <adrianvesa@dotwikis.com>
+ */
+$lang['authpwdexpire']         = 'Parola va expira în %d zile, ar trebui să o schimbi în curând.';
+$lang['passchangefail']        = 'Parola nu a putu fi schimbata. Poate politica pentru parole nu a fost indeplinita ?';
+$lang['userchangefail']        = 'Nu am putu schimba atributiile pentru acest utilizator. Poate nu ai permisiunea sa faci aceste schimbari ?';
diff --git a/wiki/lib/plugins/authad/lang/ru/lang.php b/wiki/lib/plugins/authad/lang/ru/lang.php
new file mode 100644
index 0000000..0d398f7
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ru/lang.php
@@ -0,0 +1,15 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Yuriy Skalko <yuriy.skalko@gmail.com>
+ * @author Aleksandr Selivanov <alexgearbox@yandex.ru>
+ * @author Takumo <9206984@mail.ru>
+ * @author dimsharav <dimsharav@gmail.com>
+ */
+$lang['domain']                = 'Домен';
+$lang['authpwdexpire']         = 'Действие вашего пароля истекает через %d дней. Вы должны изменить его как можно скорее.';
+$lang['passchangefail']        = 'Не удалось изменить пароль. Возможно, он не соответствует требованиям к паролю.';
+$lang['userchangefail']        = 'Ошибка при изменении атрибутов пользователя. Возможно, у Вашей учетной записи недостаточно прав?';
+$lang['connectfail']           = 'Невозможно соединиться с сервером Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/ru/settings.php b/wiki/lib/plugins/authad/lang/ru/settings.php
new file mode 100644
index 0000000..d6bc8fc
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/ru/settings.php
@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Yuriy Skalko <yuriy.skalko@gmail.com>
+ * @author Ivan I. Udovichenko (sendtome@mymailbox.pp.ua)
+ * @author Aleksandr Selivanov <alexgearbox@gmail.com>
+ * @author Artur <ncuxxx@gmail.com>
+ * @author Erli Moen <evseev.jr@gmail.com>
+ * @author Владимир <id37736@yandex.ru>
+ * @author Type-kun <workwork-1@yandex.ru>
+ * @author Vitaly Filatenko <kot@hacktest.net>
+ * @author Radimir <radimir.shevchenko@gmail.com>
+ */
+$lang['account_suffix']        = 'Суффикс вашего аккаунта. Например, <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Ваш базовый DN. Например: <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Список контроллеров домена, разделённых запятой. Например:<code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Привилегированный пользователь Active Directory с доступом ко всем остальным пользовательским данным. Необязательно, однако необходимо для определённых действий вроде отправки почтовой подписки.';
+$lang['admin_password']        = 'Пароль для указанного пользователя.';
+$lang['sso']                   = 'Использовать SSO (Single-Sign-On) через Kerberos или NTLM?';
+$lang['sso_charset']           = 'Кодировка, в которой веб-сервер передаёт имя пользователя Kerberos или NTLM. Для UTF-8 или latin-1 остаётся пустым. Требует расширение iconv.';
+$lang['real_primarygroup']     = 'Должна ли использоваться настоящая первичная группа вместо “Domain Users” (медленнее).';
+$lang['use_ssl']               = 'Использовать SSL? Если да, то не включайте TLS.';
+$lang['use_tls']               = 'Использовать TLS? Если да, то не включайте SSL.';
+$lang['debug']                 = 'Выводить дополнительную информацию при ошибках?';
+$lang['expirywarn']            = 'За сколько дней нужно предупреждать пользователя о необходимости изменить пароль? Для отключения укажите 0 (ноль).';
+$lang['additional']            = 'Дополнительные AD-атрибуты, разделённые запятой, для выборки из данных пользователя. Используется некоторыми плагинами.';
+$lang['update_name']           = 'Разрешить пользователям редактировать свое AD-имя?';
+$lang['update_mail']           = 'Разрешить пользователям редактировать свой электронный адрес?';
diff --git a/wiki/lib/plugins/authad/lang/sk/lang.php b/wiki/lib/plugins/authad/lang/sk/lang.php
new file mode 100644
index 0000000..1ff338d
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sk/lang.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Martin Michalek <michalek.dev@gmail.com>
+ */
+$lang['domain']                = 'Prihlasovacia doména';
+$lang['authpwdexpire']         = 'Platnosť hesla vyprší za %d dní, mali by ste ho zmeniť čo najskôr.';
+$lang['passchangefail']        = 'Nepodarilo sa zmeniť heslo. Možno neboli splnené podmienky';
+$lang['userchangefail']        = 'Nepodarilo sa zmeniť atribúty používateľa. Možno tvoj účet nemá oprávnenia na vykonanie týchto zmien?';
+$lang['connectfail']           = 'Nepodarilo sa pripojiť na Active Directory server.';
diff --git a/wiki/lib/plugins/authad/lang/sk/settings.php b/wiki/lib/plugins/authad/lang/sk/settings.php
new file mode 100644
index 0000000..a8aabc7
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sk/settings.php
@@ -0,0 +1,22 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Martin Michalek <michalek.dev@gmail.com>
+ */
+$lang['account_suffix']        = 'Prípona používateľského účtu. Napr. <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Vaše base DN. Napr. <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = 'Zoznam doménových radičov oddelených čiarkou. Napr. <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Privilegovaný používateľ Active Directory s prístupom ku všetkým dátam ostatných používateľov. Nepovinné nastavenie, ale potrebné pre určité akcie ako napríklad zasielanie mailov o zmenách.';
+$lang['admin_password']        = 'Heslo vyššie uvedeného používateľa.';
+$lang['sso']                   = 'Použiť Single-Sign-On cez Kerberos alebo NTLM?';
+$lang['sso_charset']           = 'Znaková sada, v ktorej bude webserver prenášať meno Kerberos or NTLM používateľa. Prázne pole znamená UTF-8 alebo latin-1. Vyžaduje iconv rozšírenie.';
+$lang['real_primarygroup']     = 'Použiť skutočnú primárnu skupinu používateľa namiesto "Doménoví používatelia" (pomalšie).';
+$lang['use_ssl']               = 'Použiť SSL pripojenie? Ak áno, nepovoľte TLS nižšie.';
+$lang['use_tls']               = 'Použiť TLS pripojenie? Ak áno, nepovoľte SSL vyššie.';
+$lang['debug']                 = 'Zobraziť dodatočné ladiace informácie pri chybe?';
+$lang['expirywarn']            = 'Počet dní pred uplynutím platnosti hesla, počas ktorých používateľ dostáva upozornenie. 0 deaktivuje túto voľbu.';
+$lang['additional']            = 'Zoznam dodatočných AD atribútov oddelených čiarkou získaných z údajov používateľa. Používané niektorými pluginmi.';
+$lang['update_name']           = 'Povoliť používateľom zmenu ich zobrazovaného mena v AD?';
+$lang['update_mail']           = 'Povoliť používateľom zmenu ich emailovej adresy?';
diff --git a/wiki/lib/plugins/authad/lang/sl/lang.php b/wiki/lib/plugins/authad/lang/sl/lang.php
new file mode 100644
index 0000000..b4c8643
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sl/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author matej <mateju@svn.gnome.org>
+ */
+$lang['authpwdexpire']         = 'Geslo bo poteklo v %d dneh. Priporočljivo ga je zamenjati.';
diff --git a/wiki/lib/plugins/authad/lang/sl/settings.php b/wiki/lib/plugins/authad/lang/sl/settings.php
new file mode 100644
index 0000000..f166309
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sl/settings.php
@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author matej <mateju@svn.gnome.org>
+ * @author Jernej Vidmar <jernej.vidmar@vidmarboehm.com>
+ */
+$lang['admin_password']        = 'Geslo zgoraj omenjenega uporabnika';
+$lang['use_tls']               = 'Uporabi TLS povezavo? Če da, ne vključi SSL povezave zgoraj.';
+$lang['debug']                 = 'Ali naj bodo prikazane dodatne podrobnosti napak?';
diff --git a/wiki/lib/plugins/authad/lang/sr/lang.php b/wiki/lib/plugins/authad/lang/sr/lang.php
new file mode 100644
index 0000000..d5ac17b
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sr/lang.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Марко М. Костић <marko.m.kostic@gmail.com>
+ */
+$lang['domain']                = 'Домен пријаве';
+$lang['authpwdexpire']         = 'Ваша лозинка ће истећи за %d дан(а), требало би да је промените ускоро.';
+$lang['passchangefail']        = 'Нисам успео да променим лозинку. Можда нису испоштована правила за промену лозинке.';
+$lang['userchangefail']        = 'Нисам успео да променим корисничке особине. Можда ваш налог нема довољно овлашћења за прављење измена?';
+$lang['connectfail']           = 'Нисам успео да се повежем на Active Directory сервер.';
diff --git a/wiki/lib/plugins/authad/lang/sr/settings.php b/wiki/lib/plugins/authad/lang/sr/settings.php
new file mode 100644
index 0000000..5e4409c
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sr/settings.php
@@ -0,0 +1,19 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Марко М. Костић <marko.m.kostic@gmail.com>
+ */
+$lang['account_suffix']        = 'Суфикс на вашем налогу. Нпр.: <code>@moj.domen.rs</code>';
+$lang['base_dn']               = 'Ваше основно име домена. Нпр.: <code>DC=moj,DC=domen,DC=org</code>';
+$lang['domain_controllers']    = 'Списак доменских контролера, одвојених зарезима. Нпр.: <code>srv1.domen.org,srv2.domen.org</code>';
+$lang['admin_username']        = 'Повлашћени Active Directory корисник са приступом подацима свих корисника. Изборно али је потребно за одређене радње као што је слање мејлова о претплаћивању.';
+$lang['admin_password']        = 'Лозинка за корисника изнад.';
+$lang['sso']                   = 'Да ли треба да се користи Single-Sign-On преко Кербероса или NTLM-а?';
+$lang['use_ssl']               = 'Користити SSL везу? Ако се користи, не омогућујте TLS испод.';
+$lang['use_tls']               = 'Користити TLS везу? Ако се користи, не омогућујте SSL испод.';
+$lang['debug']                 = 'Приказати додатан излаз за поправљање грешака код настанка грешака?';
+$lang['expirywarn']            = 'Дана унапред за које треба упозорити корисника на истицање лозинке. 0 за искључивање.';
+$lang['update_name']           = 'Дозволити корисницима да ажурирају њихово AD приказно име?';
+$lang['update_mail']           = 'Дозволити корисницима да ажурирају њихове мејл адрсе?';
diff --git a/wiki/lib/plugins/authad/lang/sv/lang.php b/wiki/lib/plugins/authad/lang/sv/lang.php
new file mode 100644
index 0000000..8c63975
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sv/lang.php
@@ -0,0 +1,13 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Tor Härnqvist <tor@harnqvist.se>
+ * @author Smorkster Andersson smorkster@gmail.com
+ */
+$lang['domain']                = 'Inloggningsdomän';
+$lang['authpwdexpire']         = 'Ditt lösenord kommer att bli ogiltigt om %d dagar, du bör ändra det snart.';
+$lang['passchangefail']        = 'Kunde inte ändra lösenord. Kanske var inte lösenordspolicyn uppfylld?';
+$lang['userchangefail']        = 'Kunde inte ändra användaregenskaper. Kanske har ditt konto inte behörighet att göra ändringar?';
+$lang['connectfail']           = 'Kunde inte ansluta till Active Directory-server.';
diff --git a/wiki/lib/plugins/authad/lang/sv/settings.php b/wiki/lib/plugins/authad/lang/sv/settings.php
new file mode 100644
index 0000000..249eb33
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/sv/settings.php
@@ -0,0 +1,20 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Tor Härnqvist <tor@harnqvist.se>
+ * @author Smorkster Andersson smorkster@gmail.com
+ */
+$lang['account_suffix']        = 'Ditt konto suffix. T.ex. <code>min.domän.org</code>';
+$lang['base_dn']               = 'Din bas-DN. T ex <code>DC=min,DC=domän,DC=org</code>';
+$lang['domain_controllers']    = 'En kommaseparerad lista av Domain controllers. T ex <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_password']        = 'Lösenord för användare ovan.';
+$lang['sso']                   = 'Ska Single-Sign-On via Kerberos eller NTLM användas?';
+$lang['use_ssl']               = 'Använda SSL anslutning? Om använd, möjliggör inte TLS nedan.';
+$lang['use_tls']               = 'Använda TLS anslutning? Om använd, möjliggör inte SSL ovan.';
+$lang['debug']                 = 'Visa utökad avlusningsinformation för fel?';
+$lang['expirywarn']            = 'Antakl dagar i förväg att varna användare om utgående lösenord. 0 för att inaktivera.';
+$lang['additional']            = 'En komma-separerad lista på extra AT-attibut att hämta från användardata. Används av vissa plugin.';
+$lang['update_name']           = 'Tillåt användare att uppdatera deras AD-visningsnamn?';
+$lang['update_mail']           = 'Tillåt användare att uppdatera deras e-postadresser?';
diff --git a/wiki/lib/plugins/authad/lang/tr/lang.php b/wiki/lib/plugins/authad/lang/tr/lang.php
new file mode 100644
index 0000000..2336e0f
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/tr/lang.php
@@ -0,0 +1,8 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author farukerdemoncel@gmail.com
+ */
+$lang['authpwdexpire']         = 'Şifreniz %d gün sonra geçersiz hale gelecek, yakın bir zamanda değiştirmelisiniz.';
diff --git a/wiki/lib/plugins/authad/lang/uk/lang.php b/wiki/lib/plugins/authad/lang/uk/lang.php
new file mode 100644
index 0000000..7e685a9
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/uk/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Олексій <alexey.furashev@gmail.com>
+ * @author Vitaly <vitaly.balashov@smuzzy.com.ua>
+ * @author Nina Zolotova <nina-z@i.ua>
+ */
+$lang['domain']                = 'Домен';
+$lang['authpwdexpire']         = 'Дія вашого паролю завершится через %d днів, вам необхідно змінити його щонайвшидше.';
+$lang['passchangefail']        = 'Не вдалося змінити пароль. Можливо, політика пароля не була застосована?';
+$lang['userchangefail']        = 'Не вийшло змінити атрибути користувача. Можливо, у вашого акаунту немає дозволу на внесення змін?';
+$lang['connectfail']           = 'Не вийшло з\'єднатися с сервером Active Directory.';
diff --git a/wiki/lib/plugins/authad/lang/uk/settings.php b/wiki/lib/plugins/authad/lang/uk/settings.php
new file mode 100644
index 0000000..0c76e7d
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/uk/settings.php
@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author Oleksii <alexey.furashev@gmail.com>
+ * @author Nina Zolotova <nina-z@i.ua>
+ */
+$lang['account_suffix']        = 'Суфікс вашого облікового запису. Щось на шквалт: <code>@my.domain.org</code>';
+$lang['base_dn']               = 'Ваш DN. Щось на шквалт: <code>DC=my,DC=domain,DC=org</code>';
+$lang['admin_password']        = 'Пароль вказаного користувача.';
+$lang['use_ssl']               = 'Використовуєте SSL-з\'єднання? Якщо так, не вмикайте TLS нижче.';
+$lang['use_tls']               = 'Використовуєте TLS-з\'єднання? Якщо так, не вмикайте SSL нижче.';
+$lang['debug']                 = 'Показати додаткові відомості щодо помилок?';
+$lang['expirywarn']            = 'Кількість днів за яких попереджати про закінчення дії пароля користувача. 0 - не попереджати.';
+$lang['update_name']           = 'Дозволити користувачам оновлювати ім\'я AD, яке відображається?';
+$lang['update_mail']           = 'Дозволити користувачам оновлювати їх адреси електронної пошлти?';
diff --git a/wiki/lib/plugins/authad/lang/zh-tw/lang.php b/wiki/lib/plugins/authad/lang/zh-tw/lang.php
new file mode 100644
index 0000000..b2ce485
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/zh-tw/lang.php
@@ -0,0 +1,10 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author June-Hao Hou <junehao@gmail.com>
+ * @author syaoranhinata@gmail.com
+ */
+$lang['domain']                = '登入網域';
+$lang['authpwdexpire']         = '您的密碼將在 %d 天內到期,請馬上更換新密碼。';
diff --git a/wiki/lib/plugins/authad/lang/zh-tw/settings.php b/wiki/lib/plugins/authad/lang/zh-tw/settings.php
new file mode 100644
index 0000000..42cd8c9
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/zh-tw/settings.php
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ * 
+ * @author syaoranhinata@gmail.com
+ * @author June-Hao Hou <junehao@gmail.com>
+ */
+$lang['account_suffix']        = '您的帳號後綴。如: <code>@my.domain.org</code>';
+$lang['base_dn']               = '您的基本識別名。如: <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = '以逗號分隔的域名控制器列表。如: <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = 'Active Directory 的特權使用者,可以查看所有使用者的數據。(非必要,但對發送訂閱郵件等活動來說,這是必須的。)';
+$lang['admin_password']        = '上述使用者的密碼。';
+$lang['sso']                   = '是否使用 Kerberos 或 NTLM 的單一登入系統 (Single-Sign-On)?';
+$lang['sso_charset']           = '你的網站伺服器傳遞 Kerberos 或 NTML 帳號名稱所用的語系編碼。空白表示 UTF-8 或 latin-1。此設定需要用到 iconv 套件。';
+$lang['real_primarygroup']     = '是否視作真正的主要群組,而不是假設為網域使用者 (比較慢)';
+$lang['use_ssl']               = '使用 SSL 連接嗎?如果要使用,請不要啟用下方的 TLS。';
+$lang['use_tls']               = '使用 TLS 連接嗎?如果要使用,請不要啟用上方的 SSL。';
+$lang['debug']                 = '有錯誤時,顯示額外除錯資訊嗎?';
+$lang['expirywarn']            = '提前多少天警告使用者密碼即將到期。輸入0表示停用。';
+$lang['additional']            = '從使用者數據中取得額外 AD 屬性列表,以供某些附加元件使用。列表以逗號分隔。';
diff --git a/wiki/lib/plugins/authad/lang/zh/lang.php b/wiki/lib/plugins/authad/lang/zh/lang.php
new file mode 100644
index 0000000..4b2c885
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/zh/lang.php
@@ -0,0 +1,14 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author lainme <lainme993@gmail.com>
+ * @author Errol <errol@hotmail.com>
+ * @author phy25 <git@phy25.com>
+ */
+$lang['domain']                = '登录域';
+$lang['authpwdexpire']         = '您的密码将在 %d 天内过期,请尽快更改。';
+$lang['passchangefail']        = '密码更改失败。是不是密码规则不符合?';
+$lang['userchangefail']        = '更改用户属性失败。或许您的帐号没有做此更改的权限?';
+$lang['connectfail']           = '无法连接到Active Directory服务器。';
diff --git a/wiki/lib/plugins/authad/lang/zh/settings.php b/wiki/lib/plugins/authad/lang/zh/settings.php
new file mode 100644
index 0000000..1ccadd3
--- /dev/null
+++ b/wiki/lib/plugins/authad/lang/zh/settings.php
@@ -0,0 +1,25 @@
+<?php
+
+/**
+ * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
+ *
+ * @author lainme <lainme993@gmail.com>
+ * @author oott123 <ip.192.168.1.1@qq.com>
+ * @author JellyChen <451453325@qq.com>
+ * @author 高博 <bobnemo1983@gmail.com>
+ */
+$lang['account_suffix']        = '您的账户后缀。例如 <code>@my.domain.org</code>';
+$lang['base_dn']               = '您的基本分辨名。例如 <code>DC=my,DC=domain,DC=org</code>';
+$lang['domain_controllers']    = '逗号分隔的域名控制器列表。例如 <code>srv1.domain.org,srv2.domain.org</code>';
+$lang['admin_username']        = '一个活动目录的特权用户,可以查看其他所有用户的数据。可选,但对某些活动例如发送订阅邮件是必须的。';
+$lang['admin_password']        = '上述用户的密码。';
+$lang['sso']                   = '是否使用经由 Kerberos 和 NTLM 的 Single-Sign-On?';
+$lang['sso_charset']           = '服务器传入 Kerberos 或者 NTLM 用户名的编码。留空为 UTF-8 或 latin-1 。此功能需要服务器支持iconv扩展。';
+$lang['real_primarygroup']     = ' 是否解析真实的主要组,而不是假设为“域用户” (较慢)';
+$lang['use_ssl']               = '使用 SSL 连接?如果是,不要激活下面的 TLS。';
+$lang['use_tls']               = '使用 TLS 连接?如果是 ,不要激活上面的 SSL。';
+$lang['debug']                 = '有错误时显示额外的调试信息?';
+$lang['expirywarn']            = '提前多少天警告用户密码即将到期。0 则禁用。';
+$lang['additional']            = '需要从用户数据中获取的额外 AD 属性的列表,以逗号分隔。用于某些插件。';
+$lang['update_name']           = '允许用户更新其AD显示名称?';
+$lang['update_mail']           = '是否允许用户更新他们的电子邮件地址?';
diff --git a/wiki/lib/plugins/authad/plugin.info.txt b/wiki/lib/plugins/authad/plugin.info.txt
new file mode 100644
index 0000000..57e1387
--- /dev/null
+++ b/wiki/lib/plugins/authad/plugin.info.txt
@@ -0,0 +1,7 @@
+base   authad
+author Andreas Gohr
+email  andi@splitbrain.org
+date   2015-07-13
+name   Active Directory Auth Plugin
+desc   Provides user authentication against a Microsoft Active Directory
+url    http://www.dokuwiki.org/plugin:authad