/**
* Get all the group a user belongs to
*
* @param $ds ldap connection
* @param $ldap_base_dn Basedn used
* @param $user_dn Basedn of the user
* @param $group_condition group search condition
* @param $group_member_field group field member in a user object
* @param $use_dn boolean search dn of user ($login_field=$user_dn) in group_member_field
* @param $login_field string user login field
*
* @return String : basedn of the user / false if not founded
**/
function ldap_get_user_groups($ds, $ldap_base_dn, $user_dn, $group_condition, $group_member_field, $use_dn, $login_field)
{
$groups = array();
$listgroups = array();
//User dn may contain ( or ), need to espace it!
$user_dn = str_replace(array("(", ")"), array("\\(", "\\)"), $user_dn);
//Only retrive cn and member attributes from groups
$attrs = array('dn');
if (!$use_dn) {
$filter = "(& {$group_condition} (|({$group_member_field}={$user_dn})\n ({$group_member_field}={$login_field}={$user_dn})))";
} else {
$filter = "(& {$group_condition} ({$group_member_field}={$user_dn}))";
}
//Perform the search
$sr = ldap_search($ds, $ldap_base_dn, $filter, $attrs);
//Get the result of the search as an array
$info = ldap_get_entries_clean($ds, $sr);
//Browse all the groups
for ($i = 0; $i < count($info); $i++) {
//Get the cn of the group and add it to the list of groups
if (isset($info[$i]["dn"]) && $info[$i]["dn"] != '') {
$listgroups[$i] = $info[$i]["dn"];
}
}
//Create an array with the list of groups of the user
$groups[0][$group_member_field] = $listgroups;
//Return the groups of the user
return $groups;
}
/**
* Get an object from LDAP by giving his DN
*
* @param ds the active connection to the directory
* @param condition the LDAP filter to use for the search
* @param $dn string DN of the object
* @param attrs the attributes to retreive
**/
static function getObjectByDn($ds, $condition, $dn, $attrs = array())
{
if ($result = @ldap_read($ds, $dn, $condition, $attrs)) {
$info = ldap_get_entries_clean($ds, $result);
if (is_array($info) && $info['count'] == 1) {
return $info[0];
}
}
return false;
}
/**
* Get the attributes needed for processing the rules
*
* @param $input input datas
* @param $params extra parameters given
*
* @return an array of attributes
**/
function prepareInputDataForProcess($input, $params)
{
$rule_parameters = array();
//LDAP type method
if ($params["type"] == "LDAP") {
//Get all the field to retrieve to be able to process rule matching
$rule_fields = $this->getFieldsToLookFor();
//Get all the datas we need from ldap to process the rules
$sz = @ldap_read($params["connection"], $params["userdn"], "objectClass=*", $rule_fields);
$rule_input = ldap_get_entries_clean($params["connection"], $sz);
if (count($rule_input)) {
if (isset($input)) {
$groups = $input;
} else {
$groups = array();
}
$rule_input = $rule_input[0];
//Get all the ldap fields
$fields = $this->getFieldsForQuery();
foreach ($fields as $field) {
switch (utf8_strtoupper($field)) {
case "LDAP_SERVER":
$rule_parameters["LDAP_SERVER"] = $params["ldap_server"];
break;
case "GROUPS":
foreach ($groups as $group) {
$rule_parameters["GROUPS"][] = $group;
}
break;
default:
if (isset($rule_input[$field])) {
if (!is_array($rule_input[$field])) {
$rule_parameters[$field] = $rule_input[$field];
} else {
for ($i = 0; $i < count($rule_input[$field]) - 1; $i++) {
$rule_parameters[$field][] = $rule_input[$field][$i];
}
}
}
}
}
return $rule_parameters;
}
return $rule_input;
}
//IMAP/POP login method
$rule_parameters["MAIL_SERVER"] = $params["mail_server"];
$rule_parameters["MAIL_EMAIL"] = $params["email"];
return $rule_parameters;
}
