/**
* Fetches a RootDSE object from an LDAP connection
*
* @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched
* @param array $attrs Array of attributes to search for
*
* @access static
* @return Net_LDAP2_RootDSE|Net_LDAP2_Error
*/
public static function fetch($ldap, $attrs = null)
{
if (!$ldap instanceof Net_LDAP2) {
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
}
if (is_array($attrs) && count($attrs) > 0 ) {
$attributes = $attrs;
} else {
$attributes = array('vendorName',
'vendorVersion',
'namingContexts',
'altServer',
'supportedExtension',
'supportedControl',
'supportedSASLMechanisms',
'supportedLDAPVersion',
'subschemaSubentry' );
}
$result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base'));
if (self::isError($result)) {
return $result;
}
$entry = $result->shiftEntry();
if (false === $entry) {
return PEAR::raiseError('Could not fetch RootDSE entry');
}
$ret = new Net_LDAP2_RootDSE($entry);
return $ret;
}
/**
*
* @internal
*
* @throws Capall_Ldaper_LdapException
*
* @param string $login
*
* @return Capall_Ldaper_LdapUser
*/
public function getLdapUser($login)
{
// Search in tree for user...
$users = $this->ldapConnection->search($this->baseDn, '(' . $this->loginAttribute . '=' . $login . ')');
if (PEAR::isError($users)) {
throw new Capall_Ldaper_LdapException($users);
}
if ($users->count()) {
return new Capall_Ldaper_LdapUser($users->shiftEntry(), $this->loginAttribute, $this->mailAttribute, $this->mailAttributeIndex);
}
}
/**
* Execute a LDAP query stement and fetch all results.
*
* @param mixed $query The SQL query as a string or an array.
* @param string $configPath The config path; used for exception messages.
*
* @return array An array of records.
* @throws XML_Query2XML_LDAP2Exception If Net_LDAP2::search() returns an error.
* @see XML_Query2XML_Driver::getAllRecords()
*/
public function getAllRecords($query, $configPath)
{
$base = null;
$filter = null;
$options = array();
if (isset($query['base'])) {
$base = $query['base'];
}
if (isset($query['filter'])) {
$filter = $query['filter'];
}
if (isset($query['options'])) {
$options = $query['options'];
}
if (isset($options['query2xml_placeholder'])) {
$placeholder = $options['query2xml_placeholder'];
} else {
$placeholder = '?';
}
unset($options['query2xml_placeholder']);
if (isset($query['data']) && is_array($query['data'])) {
$data = Net_LDAP2_Util::escape_filter_value($query['data']);
$base = self::_replacePlaceholders($base, $data, $placeholder);
if (is_string($filter)) {
$filter = self::_replacePlaceholders($filter, $data, $placeholder);
}
}
$search = $this->_ldap->search($base, $filter, $options);
if (PEAR::isError($search)) {
/*
* unit test: getXML/throwLDAPException_queryError.phpt
*/
throw new XML_Query2XML_LDAP2Exception($configPath . ': Could not run LDAP search query: ' . $search->toString());
}
$records = array();
$entries = $search->entries();
foreach ($entries as $key => $entry) {
$records[] = $entry->getValues();
}
$search->done();
$records = self::_processMultiValueAttributes($records);
// set missing attriubtes to null
if (isset($options['attributes']) && is_array($options['attributes'])) {
foreach ($options['attributes'] as $attribute) {
for ($i = 0; $i < count($records); $i++) {
if (!array_key_exists($attribute, $records[$i])) {
$records[$i][$attribute] = null;
}
}
}
}
return $records;
}
/**
* @param $username string
* @param $configFilter string
* @return void
*/
private function PopulateUser($username, $configFilter)
{
$uidAttribute = $this->options->GetUserIdAttribute();
Log::Debug('LDAP - uid attribute: %s', $uidAttribute);
$RequiredGroup = $this->options->GetRequiredGroup();
$filter = Net_LDAP2_Filter::create($uidAttribute, 'equals', $username);
if ($configFilter) {
$configFilter = Net_LDAP2_Filter::parse($configFilter);
if (Net_LDAP2::isError($configFilter)) {
$message = 'Could not parse search filter %s: ' . $configFilter->getMessage();
Log::Error($message, $username);
}
$filter = Net_LDAP2_Filter::combine('and', array($filter, $configFilter));
}
$attributes = $this->options->Attributes();
Log::Debug('LDAP - Loading user attributes: %s', implode(', ', $attributes));
$options = array('attributes' => $attributes);
Log::Debug('Searching ldap for user %s', $username);
$searchResult = $this->ldap->search(null, $filter, $options);
if (Net_LDAP2::isError($searchResult)) {
$message = 'Could not search ldap for user %s: ' . $searchResult->getMessage();
Log::Error($message, $username);
}
$currentResult = $searchResult->current();
if ($searchResult->count() == 1 && $currentResult !== false) {
Log::Debug('Found user %s', $username);
if (!empty($RequiredGroup)) {
Log::Debug('LDAP - Required Group: %s', $RequiredGroup);
$group_filter = Net_LDAP2_Filter::create('uniquemember', 'equals', $currentResult->dn());
$group_searchResult = $this->ldap->search($RequiredGroup, $group_filter, null);
if (Net_LDAP2::isError($group_searchResult) && !empty($RequiredGroup)) {
$message = 'Could not match Required Group %s: ' . $group_searchResult->getMessage();
Log::Error($message, $username);
}
if ($group_searchResult->count() == 1 && $group_searchResult !== false) {
Log::Debug('Matched Required Group %s', $RequiredGroup);
/** @var Net_LDAP2_Entry $entry */
$this->user = new LdapUser($currentResult, $this->options->AttributeMapping());
}
} else {
/** @var Net_LDAP2_Entry $entry */
$this->user = new LdapUser($currentResult, $this->options->AttributeMapping());
}
} else {
Log::Debug('Could not find user %s', $username);
}
}
/**
* Retrieve information from LDAP
*
* @param string $uid login or email
* @return array
*/
private function getRemoteUserInfo($uid)
{
if (strpos($uid, '@') === false) {
$filter = Net_LDAP2_Filter::create('uid', 'equals', $uid);
} else {
$filter = Net_LDAP2_Filter::create('mail', 'equals', $uid);
}
if (!empty($this->user_filter_string)) {
$user_filter = Net_LDAP2_Filter::parse($this->user_filter_string);
$filter = Net_LDAP2_Filter::combine('and', array($filter, $user_filter));
}
$search = $this->conn->search($this->basedn, $filter, array('sizelimit' => 1));
$entry = $search->shiftEntry();
if (!$entry || Misc::isError($entry)) {
return null;
}
$details = array('uid' => $entry->get_value('uid'), 'full_name' => $entry->get_value('cn'), 'emails' => $entry->get_value('mail', 'all'), 'customer_id' => $entry->get_value($this->customer_id_attribute), 'contact_id' => $entry->get_value($this->contact_id_attribute));
return $details;
}
/**
* Fetch the Schema from an LDAP connection
*
* @param Net_LDAP2 $ldap LDAP connection
* @param string $dn (optional) Subschema entry dn
*
* @access public
* @return Net_LDAP2_Schema|NET_LDAP2_Error
*/
public function fetch($ldap, $dn = null)
{
if (!$ldap instanceof Net_LDAP2) {
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
}
$schema_o = new Net_LDAP2_Schema();
if (is_null($dn)) {
// get the subschema entry via root dse
$dse = $ldap->rootDSE(array('subschemaSubentry'));
if (false == Net_LDAP2::isError($dse)) {
$base = $dse->getValue('subschemaSubentry', 'single');
if (!Net_LDAP2::isError($base)) {
$dn = $base;
}
}
}
// Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly
// call this entry subSchemaSubentry instead of subschemaSubentry.
// Note the correct case/spelling as per RFC 2251.
if (is_null($dn)) {
// get the subschema entry via root dse
$dse = $ldap->rootDSE(array('subSchemaSubentry'));
if (false == Net_LDAP2::isError($dse)) {
$base = $dse->getValue('subSchemaSubentry', 'single');
if (!Net_LDAP2::isError($base)) {
$dn = $base;
}
}
}
// Final fallback case where there is no subschemaSubentry attribute
// in the root DSE (this is a bug for an LDAP v3 server so report this
// to your LDAP vendor if you get this far).
if (is_null($dn)) {
$dn = 'cn=Subschema';
}
// fetch the subschema entry
$result = $ldap->search($dn, '(objectClass=*)', array('attributes' => array_values($schema_o->types), 'scope' => 'base'));
if (Net_LDAP2::isError($result)) {
return PEAR::raiseError('Could not fetch Subschema entry: ' . $result->getMessage());
}
$entry = $result->shiftEntry();
if (!$entry instanceof Net_LDAP2_Entry) {
if ($entry instanceof Net_LDAP2_Error) {
return PEAR::raiseError('Could not fetch Subschema entry: ' . $entry->getMessage());
} else {
return PEAR::raiseError('Could not fetch Subschema entry (search returned ' . $result->count() . ' entries. Check parameter \'basedn\')');
}
}
$schema_o->parse($entry);
return $schema_o;
}