/** * Return multidimensional array with details of user courses (at * least dn and idnumber). * * @param string $memberuid user idnumber (without magic quotes). * @param object role is a record from the mdl_role table. * @return array */ protected function find_ext_enrolments($memberuid, $role) { global $CFG; require_once $CFG->libdir . '/ldaplib.php'; if (empty($memberuid)) { // No "idnumber" stored for this user, so no LDAP enrolments return array(); } $ldap_contexts = trim($this->get_config('contexts_role' . $role->id)); if (empty($ldap_contexts)) { // No role contexts, so no LDAP enrolments return array(); } $extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding')); if ($this->get_config('memberattribute_isdn')) { if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) { return array(); } } $ldap_search_pattern = ''; if ($this->get_config('nested_groups')) { $usergroups = $this->ldap_find_user_groups($extmemberuid); if (count($usergroups) > 0) { foreach ($usergroups as $group) { $ldap_search_pattern .= '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . $group . ')'; } } } // Default return value $courses = array(); // Get all the fields we will want for the potential course creation // as they are light. don't get membership -- potentially a lot of data. $ldap_fields_wanted = array('dn', $this->get_config('course_idnumber')); $fullname = $this->get_config('course_fullname'); $shortname = $this->get_config('course_shortname'); $summary = $this->get_config('course_summary'); if (isset($fullname)) { array_push($ldap_fields_wanted, $fullname); } if (isset($shortname)) { array_push($ldap_fields_wanted, $shortname); } if (isset($summary)) { array_push($ldap_fields_wanted, $summary); } // Define the search pattern if (empty($ldap_search_pattern)) { $ldap_search_pattern = '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')'; } else { $ldap_search_pattern = '(|' . $ldap_search_pattern . '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')' . ')'; } $ldap_search_pattern = '(&' . $this->get_config('objectclass') . $ldap_search_pattern . ')'; // Get all contexts and look for first matching user $ldap_contexts = explode(';', $ldap_contexts); $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version')); foreach ($ldap_contexts as $context) { $context = trim($context); if (empty($context)) { continue; } $ldap_cookie = ''; $flat_records = array(); do { if ($ldap_pagedresults) { ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); } if ($this->get_config('course_search_sub')) { // Use ldap_search to find first user from subtree $ldap_result = @ldap_search($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted); } else { // Search only in this context $ldap_result = @ldap_list($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted); } if (!$ldap_result) { continue; } if ($ldap_pagedresults) { ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); } // Check and push results. ldap_get_entries() already // lowercases the attribute index, so there's no need to // use array_change_key_case() later. $records = ldap_get_entries($this->ldapconnection, $ldap_result); // LDAP libraries return an odd array, really. Fix it. for ($c = 0; $c < $records['count']; $c++) { array_push($flat_records, $records[$c]); } // Free some mem unset($records); } while ($ldap_pagedresults && !empty($ldap_cookie)); // If LDAP paged results were used, the current connection must be completely // closed and a new one created, to work without paged results from here on. if ($ldap_pagedresults) { $this->ldap_close(); $this->ldap_connect(); } if (count($flat_records)) { $courses = array_merge($courses, $flat_records); } } return $courses; }
/** * Search specified contexts for username and return the user dn like: * cn=username,ou=suborg,o=org * * @param mixed $ldapconnection a valid LDAP connection. * @param mixed $username username (external LDAP encoding, no db slashes). * @param array $contexts contexts to look for the user. * @param string $objectclass objectlass of the user (in LDAP filter syntax). * @param string $search_attrib the attribute use to look for the user. * @param boolean $search_sub whether to search subcontexts or not. * @return mixed the user dn (external LDAP encoding, no db slashes) or false * */ function ldap_find_userdn($ldapconnection, $username, $contexts, $objectclass, $search_attrib, $search_sub) { if (empty($ldapconnection) || empty($username) || empty($contexts) || empty($objectclass) || empty($search_attrib)) { return false; } // Default return value $ldap_user_dn = false; // Get all contexts and look for first matching user foreach ($contexts as $context) { $context = trim($context); if (empty($context)) { continue; } if ($search_sub) { $ldap_result = ldap_search($ldapconnection, $context, '(&' . $objectclass . '(' . $search_attrib . '=' . ldap_filter_addslashes($username) . '))', array($search_attrib)); } else { $ldap_result = ldap_list($ldapconnection, $context, '(&' . $objectclass . '(' . $search_attrib . '=' . ldap_filter_addslashes($username) . '))', array($search_attrib)); } $entry = ldap_first_entry($ldapconnection, $ldap_result); if ($entry) { $ldap_user_dn = ldap_get_dn($ldapconnection, $entry); break; } } return $ldap_user_dn; }
/** * Checks if user exists on LDAP * * @param string $username */ function user_exists($username) { $extusername = core_text::convert($username, 'utf-8', $this->config->ldapencoding); // Returns true if given username exists on ldap $users = $this->ldap_get_userlist('(' . $this->config->user_attribute . '=' . ldap_filter_addslashes($extusername) . ')'); return count($users); }
function ldap_find_userdn($ldapconnection, $username) { global $options; // Default return value $ldap_user_dn = false; $contexts = explode(';', $options['ldap_context']); // Get all contexts and look for first matching user foreach ($contexts as $context) { $context = trim($context); if (empty($context)) { continue; } $ldap_result = ldap_search($ldapconnection, $context, '(&(objectClass=posixaccount)(uid=' . ldap_filter_addslashes($username) . '))', array('uid')); $entry = ldap_first_entry($ldapconnection, $ldap_result); if ($entry) { $ldap_user_dn = ldap_get_dn($ldapconnection, $entry); break; } } return $ldap_user_dn; }