/**
* Return multidimensional array with details of user courses (at
* least dn and idnumber).
*
* @param string $memberuid user idnumber (without magic quotes).
* @param object role is a record from the mdl_role table.
* @return array
*/
protected function find_ext_enrolments($memberuid, $role)
{
global $CFG;
require_once $CFG->libdir . '/ldaplib.php';
if (empty($memberuid)) {
// No "idnumber" stored for this user, so no LDAP enrolments
return array();
}
$ldap_contexts = trim($this->get_config('contexts_role' . $role->id));
if (empty($ldap_contexts)) {
// No role contexts, so no LDAP enrolments
return array();
}
$extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding'));
if ($this->get_config('memberattribute_isdn')) {
if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) {
return array();
}
}
$ldap_search_pattern = '';
if ($this->get_config('nested_groups')) {
$usergroups = $this->ldap_find_user_groups($extmemberuid);
if (count($usergroups) > 0) {
foreach ($usergroups as $group) {
$ldap_search_pattern .= '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . $group . ')';
}
}
}
// Default return value
$courses = array();
// Get all the fields we will want for the potential course creation
// as they are light. don't get membership -- potentially a lot of data.
$ldap_fields_wanted = array('dn', $this->get_config('course_idnumber'));
$fullname = $this->get_config('course_fullname');
$shortname = $this->get_config('course_shortname');
$summary = $this->get_config('course_summary');
if (isset($fullname)) {
array_push($ldap_fields_wanted, $fullname);
}
if (isset($shortname)) {
array_push($ldap_fields_wanted, $shortname);
}
if (isset($summary)) {
array_push($ldap_fields_wanted, $summary);
}
// Define the search pattern
if (empty($ldap_search_pattern)) {
$ldap_search_pattern = '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')';
} else {
$ldap_search_pattern = '(|' . $ldap_search_pattern . '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')' . ')';
}
$ldap_search_pattern = '(&' . $this->get_config('objectclass') . $ldap_search_pattern . ')';
// Get all contexts and look for first matching user
$ldap_contexts = explode(';', $ldap_contexts);
$ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version'));
foreach ($ldap_contexts as $context) {
$context = trim($context);
if (empty($context)) {
continue;
}
$ldap_cookie = '';
$flat_records = array();
do {
if ($ldap_pagedresults) {
ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie);
}
if ($this->get_config('course_search_sub')) {
// Use ldap_search to find first user from subtree
$ldap_result = @ldap_search($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
} else {
// Search only in this context
$ldap_result = @ldap_list($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
}
if (!$ldap_result) {
continue;
}
if ($ldap_pagedresults) {
ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie);
}
// Check and push results. ldap_get_entries() already
// lowercases the attribute index, so there's no need to
// use array_change_key_case() later.
$records = ldap_get_entries($this->ldapconnection, $ldap_result);
// LDAP libraries return an odd array, really. Fix it.
for ($c = 0; $c < $records['count']; $c++) {
array_push($flat_records, $records[$c]);
}
// Free some mem
unset($records);
} while ($ldap_pagedresults && !empty($ldap_cookie));
// If LDAP paged results were used, the current connection must be completely
// closed and a new one created, to work without paged results from here on.
if ($ldap_pagedresults) {
$this->ldap_close();
$this->ldap_connect();
}
if (count($flat_records)) {
$courses = array_merge($courses, $flat_records);
}
}
return $courses;
}
/**
* Search specified contexts for username and return the user dn like:
* cn=username,ou=suborg,o=org
*
* @param mixed $ldapconnection a valid LDAP connection.
* @param mixed $username username (external LDAP encoding, no db slashes).
* @param array $contexts contexts to look for the user.
* @param string $objectclass objectlass of the user (in LDAP filter syntax).
* @param string $search_attrib the attribute use to look for the user.
* @param boolean $search_sub whether to search subcontexts or not.
* @return mixed the user dn (external LDAP encoding, no db slashes) or false
*
*/
function ldap_find_userdn($ldapconnection, $username, $contexts, $objectclass, $search_attrib, $search_sub)
{
if (empty($ldapconnection) || empty($username) || empty($contexts) || empty($objectclass) || empty($search_attrib)) {
return false;
}
// Default return value
$ldap_user_dn = false;
// Get all contexts and look for first matching user
foreach ($contexts as $context) {
$context = trim($context);
if (empty($context)) {
continue;
}
if ($search_sub) {
$ldap_result = ldap_search($ldapconnection, $context, '(&' . $objectclass . '(' . $search_attrib . '=' . ldap_filter_addslashes($username) . '))', array($search_attrib));
} else {
$ldap_result = ldap_list($ldapconnection, $context, '(&' . $objectclass . '(' . $search_attrib . '=' . ldap_filter_addslashes($username) . '))', array($search_attrib));
}
$entry = ldap_first_entry($ldapconnection, $ldap_result);
if ($entry) {
$ldap_user_dn = ldap_get_dn($ldapconnection, $entry);
break;
}
}
return $ldap_user_dn;
}
/**
* Checks if user exists on LDAP
*
* @param string $username
*/
function user_exists($username)
{
$extusername = core_text::convert($username, 'utf-8', $this->config->ldapencoding);
// Returns true if given username exists on ldap
$users = $this->ldap_get_userlist('(' . $this->config->user_attribute . '=' . ldap_filter_addslashes($extusername) . ')');
return count($users);
}
function ldap_find_userdn($ldapconnection, $username)
{
global $options;
// Default return value
$ldap_user_dn = false;
$contexts = explode(';', $options['ldap_context']);
// Get all contexts and look for first matching user
foreach ($contexts as $context) {
$context = trim($context);
if (empty($context)) {
continue;
}
$ldap_result = ldap_search($ldapconnection, $context, '(&(objectClass=posixaccount)(uid=' . ldap_filter_addslashes($username) . '))', array('uid'));
$entry = ldap_first_entry($ldapconnection, $ldap_result);
if ($entry) {
$ldap_user_dn = ldap_get_dn($ldapconnection, $entry);
break;
}
}
return $ldap_user_dn;
}
