/**
* Constructor.
*
* @param string $name
* The Drupal role name to search for, and load from LDAP.
*
* @throw SimpleLdapException
*/
public function __construct($name)
{
// Load the LDAP server object.
$this->server = SimpleLdapServer::singleton();
// Get the LDAP configuration.
$basedn = simple_ldap_role_variable_get('simple_ldap_role_basedn');
$scope = simple_ldap_role_variable_get('simple_ldap_role_scope');
$attribute_name = simple_ldap_role_variable_get('simple_ldap_role_attribute_name');
$attribute_member = simple_ldap_role_variable_get('simple_ldap_role_attribute_member');
$safe_name = preg_replace(array('/\\(/', '/\\)/'), array('\\\\(', '\\\\)'), $name);
$filter = '(&(' . $attribute_name . '=' . $safe_name . ')' . self::filter() . ')';
// Attempt to load the role from the LDAP server.
$attributes = array($attribute_name, $attribute_member);
$result = $this->server->search($basedn, $filter, $scope, $attributes, 0, 1);
if ($result['count'] == 1) {
// Found an existing LDAP entry.
$this->dn = $result[0]['dn'];
$this->attributes[$attribute_name] = $result[0][$attribute_name];
if (isset($result[0][$attribute_member])) {
$this->attributes[$attribute_member] = $result[0][$attribute_member];
} else {
$this->attributes[$attribute_member] = array('count' => 0);
}
$this->exists = TRUE;
} else {
// Set up a new LDAP entry.
$this->dn = $attribute_name . '=' . $name . ',' . $basedn;
$this->attributes[$attribute_name] = array('count' => 1, 0 => $name);
$this->attributes[$attribute_member] = array('count' => 0);
$this->dirty = TRUE;
}
}
/**
* Delete the sid from LDAP.
*/
public function deleteSid()
{
$attributes[$this->getSidAttribute()] = array();
if (!$this->server->modify($this->dn, $attributes, 'delete')) {
throw new Exception('Unable to delete session id from LDAP.');
}
$this->hashedSid = NULL;
}
/**
* Singleton constructor.
*
* This method should be used whenever a SimpleLdapServer object is needed. By
* default, a new SimpleLdapServer object is returned, but this can be
* overridden by setting conf['simple_ldap_server_class'] to an extended class
* in settings.php.
*
* @param boolean $reset
* Forces a new object to be instantiated.
*
* @return object
* SimpleLdapServer object
*
* @throw SimpleLdapException
*/
public static function singleton($reset = FALSE)
{
if ($reset || !isset(self::$instance)) {
$server_class = variable_get('simple_ldap_server_class', 'SimpleLdapServer');
self::$instance = new $server_class();
}
// Since custom classes are allowed, at least make sure it's a
// SimpleLdapServer child.
if (!is_a(self::$instance, 'SimpleLdapServer')) {
throw new SimpleLdapException('Invalid controller class. Must be of type SimpleLdapServer.');
}
return self::$instance;
}
/**
* Constructor.
*
* @param string $name
* The drupal user name or email address to search for, and load from LDAP.
*
* @throw SimpleLdapException
*/
public function __construct($name)
{
// Load the LDAP server object.
$this->server = SimpleLdapServer::singleton();
// Get the LDAP configuration.
$base_dn = simple_ldap_user_variable_get('simple_ldap_user_basedn');
$scope = simple_ldap_user_variable_get('simple_ldap_user_scope');
$attribute_name = simple_ldap_user_variable_get('simple_ldap_user_attribute_name');
$attribute_mail = simple_ldap_user_variable_get('simple_ldap_user_attribute_mail');
$puid_attr = simple_ldap_user_variable_get('simple_ldap_user_unique_attribute');
$safe_name = preg_replace(array('/\\(/', '/\\)/'), array('\\\\(', '\\\\)'), $name);
// Search first for the user by name, then by email and finally by PUID.
// Ensures that if someone has a username that is an email address, we find only
// one record.
$filter_list = array();
$filter_list[] = '(&(' . $attribute_name . '=' . $safe_name . ')' . self::filter() . ')';
$filter_list[] = '(&(' . $attribute_mail . '=' . $safe_name . ')' . self::filter() . ')';
if ($puid_attr) {
$filter_list[] = '(&(' . $puid_attr . '=' . $safe_name . ')' . self::filter() . ')';
}
// List of attributes to fetch from the LDAP server.
// Using key => value autmatically dedups the list.
$attributes = array($attribute_name => $attribute_name, $attribute_mail => $attribute_mail);
$attribute_map = simple_ldap_user_variable_get('simple_ldap_user_attribute_map');
// Collect all the attributes to load
$attributes = array_keys($attribute_map);
$config_extra_attributes = array_values(simple_ldap_user_variable_get('simple_ldap_user_extra_attrs'));
$hook_extra_attributes = array_values(module_invoke_all('simple_ldap_user_extra_attributes', $this->server));
// Merge them into a single array.
$attributes = array_merge($attributes, $config_extra_attributes, $hook_extra_attributes);
// Add the unique attribute, if it is set.
if ($puid_attr) {
$attributes[] = $puid_attr;
}
// filter to keep ldap_search happy
$attributes = array_unique(array_map('strtolower', array_values($attributes)));
// Include the userAccountControl attribute for Active Directory.
try {
if ($this->server->type == 'Active Directory') {
$attributes['useraccountcontrol'] = 'useraccountcontrol';
}
} catch (SimpleLdapException $e) {
}
foreach ($filter_list as $filter) {
// Attempt to load the user from the LDAP server.
try {
$result = $this->server->search($base_dn, $filter, $scope, array_values($attributes), 0, 1);
} catch (SimpleLdapException $e) {
if ($e->getCode() == -1) {
$result = array('count' => 0);
} else {
throw $e;
}
}
if ($result['count'] == 1) {
break;
}
}
// Populate the attribute array.
if ($result['count'] == 1) {
$this->dn = $result[0]['dn'];
foreach ($attributes as $attribute) {
$attribute = strtolower($attribute);
// Search for the attribute in the LDAP schema.
$schema_attribute = $this->server->schema->get('attributeTypes', $attribute);
$schema_attribute_name = strtolower($schema_attribute['name']);
// Check whether the attribute or any of its aliases are present in the
// LDAP user.
$found = FALSE;
if (isset($result[0][$schema_attribute_name])) {
$found = $schema_attribute_name;
}
if (!$found) {
foreach ($schema_attribute['aliases'] as $alias) {
$alias = strtolower($alias);
if (isset($result[0][$alias])) {
$found = $alias;
break;
}
}
}
// Assign the attribute value to the SimpleLdapUser object.
if ($found) {
$this->attributes[$attribute] = $result[0][$found];
}
}
$this->exists = TRUE;
} else {
$this->attributes[$attribute_name] = array('count' => 1, 0 => $name);
}
}
