protected function parseSpecificContributions(&$contribNode)
{
parent::parseSpecificContributions($contribNode);
if ($contribNode->nodeName != "actions") {
return;
}
$actionXpath = new DOMXPath($contribNode->ownerDocument);
if (!isset($this->options["FTP_LOGIN_SCREEN"]) || $this->options["FTP_LOGIN_SCREEN"] != "TRUE" || $this->options["FTP_LOGIN_SCREEN"] === false) {
// Remove "ftp_login" && "ftp_set_data" actions
$nodeList = $actionXpath->query('action[@name="dynamic_login"]', $contribNode);
if (!$nodeList->length) {
return;
}
unset($this->actions["dynamic_login"]);
$contribNode->removeChild($nodeList->item(0));
$nodeList = $actionXpath->query('action[@name="ftp_set_data"]', $contribNode);
if (!$nodeList->length) {
return;
}
unset($this->actions["ftp_set_data"]);
$contribNode->removeChild($node = $nodeList->item(0));
} else {
// Replace "login" by "dynamic_login"
$loginList = $actionXpath->query('action[@name="login"]', $contribNode);
if ($loginList->length && $loginList->item(0)->getAttribute("auth_ftp_impl") == null) {
$contribNode->removeChild($loginList->item(0));
}
$dynaLoginList = $actionXpath->query('action[@name="dynamic_login"]', $contribNode);
if ($dynaLoginList->length) {
$dynaLoginList->item(0)->setAttribute("name", "login");
$dynaLoginList->item(0)->setAttribute("auth_ftp_impl", "true");
}
}
}
function init($options)
{
parent::init($options);
AJXP_Logger::logAction('Auth.ldap :: init');
$this->ldapUrl = $options["LDAP_URL"];
if ($options["LDAP_PORT"]) {
$this->ldapPort = $options["LDAP_PORT"];
}
if ($options["LDAP_USER"]) {
$this->ldapAdminUsername = $options["LDAP_USER"];
}
if ($options["LDAP_PASSWORD"]) {
$this->ldapAdminPassword = $options["LDAP_PASSWORD"];
}
if ($options["LDAP_DN"]) {
$this->ldapDN = $options["LDAP_DN"];
}
if (isset($options["LDAP_FILTER"])) {
$this->ldapFilter = $options["LDAP_FILTER"];
if ($this->ldapFilter != "" && !preg_match("/^\\(.*\\)\$/", $this->ldapFilter)) {
$this->ldapFilter = "(" . $this->ldapFilter . ")";
}
} else {
$this->ldapFilter = "(objectClass=person)";
}
if ($options["LDAP_USERATTR"]) {
$this->ldapUserAttr = strtolower($options["LDAP_USERATTR"]);
} else {
$this->ldapUserAttr = 'uid';
}
$this->ldapconn = $this->LDAP_Connect();
if ($this->ldapconn == null) {
AJXP_Logger::logAction('LDAP Server connexion could NOT be established');
}
}
function init($options)
{
parent::init($options);
AJXP_Logger::logAction('Auth.ldap :: init');
$this->ldapUrl = $options["LDAP_URL"];
if ($options["LDAP_PORT"]) {
$this->ldapPort = $options["LDAP_PORT"];
}
if ($options["LDAP_USER"]) {
$this->ldapAdminUsername = $options["LDAP_USER"];
}
if ($options["LDAP_PASSWORD"]) {
$this->ldapAdminPassword = $options["LDAP_PASSWORD"];
}
if ($options["LDAP_DN"]) {
$this->ldapDN = $options["LDAP_DN"];
}
if ($options["LDAP_FILTER"]) {
$this->ldapFilter = $options["LDAP_FILTER"];
}
$this->ldapconn = $this->LDAP_Connect();
if ($this->ldapconn == null) {
AJXP_Logger::logAction('LDAP Server connexion could NOT be established');
}
}
public function getAuthImpl()
{
if (!isset(self::$authStorageImpl)) {
if (!isset($this->pluginConf["MASTER_INSTANCE_CONFIG"])) {
throw new Exception("Please set up at least one MASTER_INSTANCE_CONFIG in core.auth options");
}
$masterName = is_array($this->pluginConf["MASTER_INSTANCE_CONFIG"]) ? $this->pluginConf["MASTER_INSTANCE_CONFIG"]["instance_name"] : $this->pluginConf["MASTER_INSTANCE_CONFIG"];
$masterName = str_replace("auth.", "", $masterName);
if (!empty($this->pluginConf["SLAVE_INSTANCE_CONFIG"]) && !empty($this->pluginConf["MULTI_MODE"])) {
$slaveName = is_array($this->pluginConf["SLAVE_INSTANCE_CONFIG"]) ? $this->pluginConf["SLAVE_INSTANCE_CONFIG"]["instance_name"] : $this->pluginConf["SLAVE_INSTANCE_CONFIG"];
$slaveName = str_replace("auth.", "", $slaveName);
// Manually set up a multi config
$userBase = $this->pluginConf["MULTI_USER_BASE_DRIVER"];
if ($userBase == "master") {
$baseName = $masterName;
} else {
if ($userBase == "slave") {
$baseName = $slaveName;
} else {
$baseName = "";
}
}
$mLabel = "";
$sLabel = "";
$separator = "";
$cacheMasters = true;
if (isset($this->pluginConf["MULTI_MODE"]) && !isset($this->pluginConf["MULTI_MODE"]["instance_name"])) {
$this->pluginConf["MULTI_MODE"]["instance_name"] = $this->pluginConf["MULTI_MODE"]["group_switch_value"];
}
if ($this->pluginConf["MULTI_MODE"]["instance_name"] == "USER_CHOICE") {
$mLabel = $this->pluginConf["MULTI_MODE"]["MULTI_MASTER_LABEL"];
$sLabel = $this->pluginConf["MULTI_MODE"]["MULTI_SLAVE_LABEL"];
$separator = $this->pluginConf["MULTI_MODE"]["MULTI_USER_ID_SEPARATOR"];
} else {
$cacheMasters = $this->pluginConf["MULTI_MODE"]["CACHE_MASTER_USERS_TO_SLAVE"];
}
$newOptions = array("instance_name" => "auth.multi", "MODE" => $this->pluginConf["MULTI_MODE"]["instance_name"], "MASTER_DRIVER" => $masterName, "USER_BASE_DRIVER" => $baseName, "USER_ID_SEPARATOR" => $separator, "CACHE_MASTER_USERS_TO_SLAVE" => $cacheMasters, "TRANSMIT_CLEAR_PASS" => $this->pluginConf["TRANSMIT_CLEAR_PASS"], "DRIVERS" => array($masterName => array("NAME" => $masterName, "LABEL" => $mLabel, "OPTIONS" => $this->pluginConf["MASTER_INSTANCE_CONFIG"]), $slaveName => array("NAME" => $slaveName, "LABEL" => $sLabel, "OPTIONS" => $this->pluginConf["SLAVE_INSTANCE_CONFIG"])));
// MERGE BASIC AUTH OPTIONS FROM MASTER
$masterMainAuthOptions = array();
$keys = array("TRANSMIT_CLEAR_PASS", "AUTOCREATE_AJXPUSER", "LOGIN_REDIRECT", "AJXP_ADMIN_LOGIN");
if (is_array($this->pluginConf["MASTER_INSTANCE_CONFIG"])) {
foreach ($keys as $key) {
if (isset($this->pluginConf["MASTER_INSTANCE_CONFIG"][$key])) {
$masterMainAuthOptions[$key] = $this->pluginConf["MASTER_INSTANCE_CONFIG"][$key];
}
}
}
$newOptions = array_merge($newOptions, $masterMainAuthOptions);
self::$authStorageImpl = ConfService::instanciatePluginFromGlobalParams($newOptions, "AbstractAuthDriver");
AJXP_PluginsService::getInstance()->setPluginUniqueActiveForType("auth", self::$authStorageImpl->getName(), self::$authStorageImpl);
} else {
self::$authStorageImpl = ConfService::instanciatePluginFromGlobalParams($this->pluginConf["MASTER_INSTANCE_CONFIG"], "AbstractAuthDriver");
AJXP_PluginsService::getInstance()->setPluginUniqueActiveForType("auth", self::$authStorageImpl->getName());
}
}
return self::$authStorageImpl;
}
public function init($options)
{
parent::init($options);
if (AJXP_Utils::searchIncludePath('Auth/Yubico.php')) {
require_once 'Auth/Yubico.php';
}
$this->usersSerFile = AJXP_VarsFilter::filter($this->getOption("USERS_FILEPATH"));
$this->yubico_secret_key = AJXP_VarsFilter::filter($this->getOption("YUBICO_SECRET_KEY"));
$this->yubico_client_id = AJXP_VarsFilter::filter($this->getOption("YUBICO_CLIENT_ID"));
}
public function init($options)
{
parent::init($options);
$this->sqlDriver = AJXP_Utils::cleanDibiDriverParameters($options["SQL_CUSTOM_DRIVER"]);
$this->coreSqlDriver = AJXP_Utils::cleanDibiDriverParameters(array("group_switch_value" => "core"));
$this->customTableName = $options["SQL_CUSTOM_TABLE"];
$this->customTableUid = $options["SQL_CUSTOM_TABLE_USER_FIELD"];
$this->customTablePwd = $options["SQL_CUSTOM_TABLE_PWD_FIELD"];
$this->customTableHashing = $options["SQL_CUSTOM_TABLE_PWD_HASH"];
}
public function init($options)
{
parent::init($options);
if (!isset($this->options["FTP_LOGIN_SCREEN"]) || $this->options["FTP_LOGIN_SCREEN"] != "TRUE" || $this->options["FTP_LOGIN_SCREEN"] === false) {
return;
}
// ENABLE WEBFTP LOGIN SCREEN
$this->logDebug(__FUNCTION__, "Enabling authfront.webftp");
AJXP_PluginsService::findPluginById("authfront.webftp")->enabled = true;
}
function init($options)
{
parent::init($options);
$this->sqlDriver = $options["SQL_DRIVER"];
try {
dibi::connect($this->sqlDriver);
} catch (DibiException $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
exit(1);
}
}
public function init($options)
{
parent::init($options);
$this->sqlDriver = AJXP_Utils::cleanDibiDriverParameters($options["SQL_DRIVER"]);
try {
dibi::connect($this->sqlDriver);
} catch (DibiException $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
exit(1);
}
}
function init($options)
{
parent::init($options);
require_once AJXP_BIN_FOLDER . "/dibi.compact.php";
$this->sqlDriver = $options["SQL_DRIVER"];
try {
dibi::connect($this->sqlDriver);
} catch (DibiException $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
exit(1);
}
}
public function init($options)
{
parent::init($options);
$this->radiusServer = $options["RADIUS Server"];
if ($options["RADIUS Port"]) {
$this->radiusPort = $options["RADIUS Port"];
}
if ($options["RADIUS Shared Secret"]) {
$this->radiusSecret = $options["RADIUS Shared Secret"];
}
if ($options["RADIUS Auth Type"]) {
$this->radiusAuthType = $options["RADIUS Auth Type"];
}
}
function init($options)
{
parent::init($options);
$this->sqlDriver = $options["SQL_DRIVER"];
try {
dibi::connect($this->sqlDriver);
} catch (DibiException $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
exit(1);
}
$this->prefix = $options["PREFIX_TABLE"];
$this->groupid = $options["FEU_GROUPID"];
$this->usersSerFile = $options["USERS_FILEPATH"];
}
function init($options)
{
parent::init($options);
// run Phalcon Eye to get session from database
require_once ROOT_PATH . "/app/engine/Config.php";
require_once ROOT_PATH . "/app/engine/Exception.php";
require_once ROOT_PATH . "/app/engine/ApplicationInitialization.php";
require_once ROOT_PATH . "/app/engine/Application.php";
$application = new \Engine\Application();
$application->run('session');
$identity = Phalcon\DI::getDefault()->get('session')->get('identity');
$viewer = \User\Model\User::findFirstById($identity);
if (!$viewer || !$viewer->isAdmin()) {
die('Access not allowed');
}
}
function init($options)
{
$this->slaveMode = $options["SLAVE_MODE"] == "true";
if ($this->slaveMode && ALLOW_GUEST_BROWSING) {
// Make sure "login" is disabled, or it will re-appear if GUEST browsing is enabled!
// OLD WAY : unset($this->actions["login"]);
// NEW WAY : Modify manifest dynamically (more coplicated...)
$contribs = $this->xPath->query("registry_contributions/external_file");
foreach ($contribs as $contribNode) {
if ($contribNode->getAttribute('filename') == 'server/xml/standard_auth_actions.xml') {
$contribNode->parentNode->removeChild($contribNode);
}
}
}
parent::init($options);
$this->usersSerFile = $options["USERS_FILEPATH"];
$this->secret = $options["SECRET"];
$this->urls = array($options["LOGIN_URL"], $options["LOGOUT_URL"]);
}
function init($options)
{
parent::init($options);
$this->sqlDriver = $options["SQL_DRIVER"];
try {
dibi::connect($this->sqlDriver);
} catch (DibiException $e) {
echo get_class($e), ': ', $e->getMessage(), "\n";
exit(1);
}
$this->secret = $options["SECRET"];
$this->prefix = $options["PREFIX_TABLE"];
$this->urls = array($options["LOGIN_URL"], $options["LOGOUT_URL"]);
$this->slaveMode = true;
$res = dibi::query("SELECT sitepref_value FROM [" . $this->prefix . "siteprefs] WHERE sitepref_name = 'FEUajaxplorer_mapi_pref_ajxp_auth_group'");
$grp = $res->fetchSingle();
$this->groupid = $grp;
$res2 = dibi::query("SELECT sitepref_value FROM [" . $this->prefix . "siteprefs] WHERE sitepref_name = 'FEUajaxplorer_mapi_pref_ajxp_secret'");
$sec = $res2->fetchSingle();
$this->secret_cmsms = trim($sec);
}
public function getRegistryContributions($extendedVersion = true)
{
// $this->logDebug("get contributions NOW");
$this->loadRegistryContributions();
return parent::getRegistryContributions($extendedVersion);
}
function replaceAjxpXmlKeywords($xml)
{
$xml = str_replace("AJXP_REMOTE_AUTH", "true", $xml);
$xml = str_replace("AJXP_NOT_REMOTE_AUTH", "false", $xml);
$xml = parent::replaceAjxpXmlKeywords($xml);
return $xml;
}
public function init($options)
{
parent::init($options);
$this->usersSerFile = AJXP_VarsFilter::filter($this->getOption("USERS_FILEPATH"));
}
public function updateUserObject(&$userObject)
{
parent::updateUserObject($userObject);
if (!empty($this->separateGroup)) {
$userObject->setGroupPath("/" . $this->separateGroup);
}
// SHOULD BE DEPRECATED
if (!empty($this->customParamsMapping)) {
$checkValues = array_values($this->customParamsMapping);
$prefs = $userObject->getPref("CUSTOM_PARAMS");
if (!is_array($prefs)) {
$prefs = array();
}
// If one value exist, we consider the mapping has already been done.
foreach ($checkValues as $val) {
if (array_key_exists($val, $prefs)) {
return;
}
}
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->customParamsMapping as $key => $value) {
if (isset($entry[$key])) {
$prefs[$value] = $entry[$key][0];
$changes = true;
}
}
}
if ($changes) {
$userObject->setPref("CUSTOM_PARAMS", $prefs);
$userObject->save();
}
}
if (!empty($this->paramsMapping)) {
$changes = false;
$entries = $this->getUserEntries($userObject->getId());
if ($entries["count"]) {
$entry = $entries[0];
foreach ($this->paramsMapping as $params) {
$key = strtolower($params['MAPPING_LDAP_PARAM']);
if (isset($entry[$key])) {
$value = $entry[$key][0];
$memberValues = array();
if ($key == "memberof") {
// get CN from value
foreach ($entry[$key] as $possibleValue) {
$hnParts = array();
$parts = explode(",", ltrim($possibleValue, '/'));
foreach ($parts as $part) {
list($att, $attVal) = explode("=", $part);
//if (strtolower($att) == "cn") $hnParts[] = $attVal;
/*
* In the example above, 1st CN indicates the name of group, from 2nd, CN indicate a container,
* therefore, we just take the first "cn" element by breaking the for if we found.
*
*/
if (strtolower($att) == "cn") {
$hnParts[] = $attVal;
break;
}
}
if (count($hnParts)) {
$memberValues[implode(",", $hnParts)] = $possibleValue;
}
}
}
switch ($params['MAPPING_LOCAL_TYPE']) {
case "role_id":
$valueFilters = null;
$matchFilter = null;
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
if ($key == "memberof") {
if (empty($valueFilters)) {
$valueFilters = $this->getLdapGroupListFromDN();
}
if ($this->mappedRolePrefix) {
$rolePrefix = $this->mappedRolePrefix;
} else {
$rolePrefix = "";
}
$userroles = $userObject->getRoles();
//remove all mapped roles before
if (is_array($userroles)) {
foreach ($userroles as $key => $role) {
if (AuthService::getRole($key) && !(strpos($key, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($key);
}
}
}
$userObject->recomputeMergedRole();
foreach ($memberValues as $uniqValue => $fullDN) {
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) {
continue;
}
$roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
$roleToAdd->setLabel($uniqValue);
AuthService::updateRole($roleToAdd);
$userObject->addRole($roleToAdd);
$changes = true;
}
} else {
foreach ($entry[$key] as $uniqValue) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if (!in_array($uniqValue, array_keys($userObject->getRoles())) && !empty($uniqValue)) {
$userObject->addRole(AuthService::getRole($uniqValue, true));
$changes = true;
}
}
}
break;
case "group_path":
if ($key == "memberof") {
$filter = $params["MAPPING_LOCAL_PARAM"];
if (strpos($filter, "preg:") !== false) {
$matchFilter = "/" . str_replace("preg:", "", $filter) . "/i";
} else {
if (!empty($filter)) {
$valueFilters = array_map("trim", explode(",", $filter));
}
}
foreach ($memberValues as $uniqValue => $fullDN) {
if (isset($matchFilter) && !preg_match($matchFilter, $uniqValue)) {
continue;
}
if (isset($valueFilters) && !in_array($uniqValue, $valueFilters)) {
continue;
}
if ($userObject->personalRole->filterParameterValue("auth.ldap", "MEMBER_OF", AJXP_REPO_SCOPE_ALL, "") == $fullDN) {
//break;
}
$humanName = $uniqValue;
$branch = array();
$this->buildGroupBranch($uniqValue, $branch);
$parent = "/";
if (count($branch)) {
$parent = "/" . implode("/", array_reverse($branch));
}
if (!ConfService::getConfStorageImpl()->groupExists(rtrim(AuthService::filterBaseGroup($parent), "/") . "/" . $fullDN)) {
AuthService::createGroup($parent, $fullDN, $humanName);
}
$userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true);
// Update Roles from groupPath
$b = array_reverse($branch);
$b[] = $fullDN;
for ($i = 1; $i <= count($b); $i++) {
$userObject->addRole(AuthService::getRole("AJXP_GRP_/" . implode("/", array_slice($b, 0, $i)), true));
}
$userObject->personalRole->setParameterValue("auth.ldap", "MEMBER_OF", $fullDN);
$userObject->recomputeMergedRole();
$changes = true;
}
}
break;
case "profile":
if ($userObject->getProfile() != $value) {
$changes = true;
$userObject->setProfile($value);
AuthService::updateAutoApplyRole($userObject);
}
break;
case "plugin_param":
default:
if (strpos($params["MAPPING_LOCAL_PARAM"], "/") !== false) {
list($pId, $param) = explode("/", $params["MAPPING_LOCAL_PARAM"]);
} else {
$pId = $this->getId();
$param = $params["MAPPING_LOCAL_PARAM"];
}
if ($userObject->personalRole->filterParameterValue($pId, $param, AJXP_REPO_SCOPE_ALL, "") != $value) {
$userObject->personalRole->setParameterValue($pId, $param, $value);
$userObject->recomputeMergedRole();
$changes = true;
}
break;
}
}
}
}
if ($changes) {
$userObject->save("superuser");
}
}
}
public function getLoginRedirect()
{
return parent::getLoginRedirect();
}
public function init($options)
{
parent::init($options);
$this->url = AJXP_VarsFilter::filter($this->getOption("GITLAB_URL"));
$this->usersSerFile = $options["USERS_FILEPATH"];
}
function init($options)
{
parent::init($options);
$this->usersSerFile = $options["USERS_FILEPATH"];
}
protected function parseSpecificContributions(&$contribNode)
{
parent::parseSpecificContributions($contribNode);
if ($this->masterSlaveMode) {
return;
}
if ($contribNode->nodeName != "actions") {
return;
}
// Replace callback code
$actionXpath = new DOMXPath($contribNode->ownerDocument);
$loginCallbackNodeList = $actionXpath->query('action[@name="login"]/processing/clientCallback', $contribNode);
if (!$loginCallbackNodeList->length) {
return;
}
$xmlContent = file_get_contents(AJXP_INSTALL_PATH . "/plugins/auth.multi/login_patch.xml");
$sources = array();
if (!isset($this->options) || !isset($this->options["DRIVERS"]) || !is_array($this->options["DRIVERS"])) {
return;
}
foreach ($this->getOption("DRIVERS") as $driverDef) {
$dName = $driverDef["NAME"];
if (isset($driverDef["LABEL"])) {
$dLabel = $driverDef["LABEL"];
} else {
$dLabel = $driverDef["NAME"];
}
$sources[$dName] = $dLabel;
}
$xmlContent = str_replace("AJXP_MULTIAUTH_SOURCES", json_encode($sources), $xmlContent);
$xmlContent = str_replace("AJXP_MULTIAUTH_MASTER", $this->getOption("MASTER_DRIVER"), $xmlContent);
$xmlContent = str_replace("AJXP_USER_ID_SEPARATOR", $this->getOption("USER_ID_SEPARATOR"), $xmlContent);
$patchDoc = new DOMDocument();
$patchDoc->loadXML($xmlContent);
$patchNode = $patchDoc->documentElement;
$imported = $contribNode->ownerDocument->importNode($patchNode, true);
$loginCallback = $loginCallbackNodeList->item(0);
$loginCallback->parentNode->replaceChild($imported, $loginCallback);
//var_dump($contribNode->ownerDocument->saveXML($contribNode));
}
public function init($options)
{
parent::init($options);
$options = $this->options;
$this->ldapUrl = $options["LDAP_URL"];
if (isset($options["LDAP_PROTOCOL"]) && $options["LDAP_PROTOCOL"] == "ldaps") {
$this->ldapUrl = "ldaps://" . $this->ldapUrl;
}
if ($options["LDAP_PORT"]) {
$this->ldapPort = $options["LDAP_PORT"];
}
if ($options["LDAP_USER"]) {
$this->ldapAdminUsername = $options["LDAP_USER"];
}
if ($options["LDAP_PASSWORD"]) {
$this->ldapAdminPassword = $options["LDAP_PASSWORD"];
}
if ($options["LDAP_DN"]) {
$this->ldapDN = $this->parseReplicatedParams($options, array("LDAP_DN"));
}
if ($options["LDAP_GDN"]) {
$this->ldapGDN = $this->parseReplicatedParams($options, array("LDAP_GDN"));
}
if (is_array($options["CUSTOM_DATA_MAPPING"])) {
$this->customParamsMapping = $options["CUSTOM_DATA_MAPPING"];
}
$this->paramsMapping = $this->parseReplicatedParams($options, array("MAPPING_LDAP_PARAM", "MAPPING_LOCAL_TYPE", "MAPPING_LOCAL_PARAM"));
if (count($this->paramsMapping)) {
foreach ($this->paramsMapping as $param) {
if (strtolower($param["MAPPING_LOCAL_TYPE"]) == "group_path") {
$this->hasGroupsMapping = $param["MAPPING_LDAP_PARAM"];
break;
}
}
}
if (!empty($options["LDAP_FILTER"])) {
$this->ldapFilter = $options["LDAP_FILTER"];
if ($this->ldapFilter != "" && !preg_match("/^\\(.*\\)\$/", $this->ldapFilter)) {
$this->ldapFilter = "(" . $this->ldapFilter . ")";
}
} else {
if ($this->hasGroupsMapping && !empty($this->ldapGFilter)) {
$this->ldapFilter = "!(" . $this->ldapGFilter . ")";
}
}
if (!empty($options["LDAP_GROUP_FILTER"])) {
$this->ldapGFilter = $options["LDAP_GROUP_FILTER"];
if ($this->ldapGFilter != "" && !preg_match("/^\\(.*\\)\$/", $this->ldapGFilter)) {
$this->ldapGFilter = "(" . $this->ldapGFilter . ")";
}
} else {
$this->ldapGFilter = "(objectClass=group)";
}
if (!empty($options["LDAP_USERATTR"])) {
$this->ldapUserAttr = strtolower($options["LDAP_USERATTR"]);
} else {
$this->ldapUserAttr = 'uid';
}
if (!empty($options["LDAP_GROUPATTR"])) {
$this->ldapGroupAttr = strtolower($options["LDAP_GROUPATTR"]);
} else {
$this->ldapGroupAttr = 'cn';
}
}
