Interface ConnectionInterface
/**
* Processes LDAP search results and constructs their model instances.
*
* @param resource $results
*
* @return array
*/
public function process($results)
{
// Normalize entries. Get entries returns false on failure.
// We'll always want an array in this situation.
$entries = $this->connection->getEntries($results) ?: [];
if ($this->builder->isRaw()) {
// If the builder is asking for a raw
// LDAP result, we can return here.
return $entries;
}
$models = [];
if (Arr::has($entries, 'count')) {
for ($i = 0; $i < $entries['count']; $i++) {
// We'll go through each entry and construct a new
// model instance with the raw LDAP attributes.
$models[] = $this->newLdapEntry($entries[$i]);
}
}
if (!$this->builder->isPaginated()) {
// If the current query isn't paginated,
// we'll sort the models array here.
$models = $this->processSort($models);
}
return $models;
}
/**
* Prepares the connection by setting configured parameters.
*
* @return void
*/
protected function prepareConnection()
{
if ($this->configuration->get('use_ssl')) {
$this->connection->ssl();
} elseif ($this->configuration->get('use_tls')) {
$this->connection->tls();
}
$this->connection->setOptions([LDAP_OPT_PROTOCOL_VERSION => $this->configuration->get('version'), LDAP_OPT_NETWORK_TIMEOUT => $this->configuration->get('timeout'), LDAP_OPT_REFERRALS => $this->configuration->get('follow_referrals')]);
}
/**
* {@inheritdoc}
*/
public function bindUsingKerberos($kerberosCredentials)
{
$key = 'KRB5CCNAME=';
putenv($key . $kerberosCredentials);
if ($this->connection->bind(null, null, true) === false) {
$error = $this->connection->getLastError();
$message = "Bind to Active Directory failed. AD said: {$error}";
throw new BindException($message);
}
}
/**
* Binds to the LDAP server as the configured administrator.
*
* @throws AdldapException
*/
protected function bindAsAdministrator()
{
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$this->bindUsingCredentials($adminUsername, $adminPassword);
if ($this->connection->isBound() === false) {
$error = $this->connection->getLastError();
throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}");
}
}
/**
* {@inheritdoc}
*/
public function bind($username, $password, $prefix = null, $suffix = null)
{
// We'll allow binding with a null username and password
// if their empty. This will allow us to anonymously
// bind to our servers if needed.
$username = $username ?: null;
$password = $password ?: null;
if ($username) {
// If the username isn't empty, we'll append the configured
// account prefix and suffix to bind to the LDAP server.
$prefix = $prefix ?: $this->configuration->get('account_prefix');
$suffix = $suffix ?: $this->configuration->get('account_suffix');
$username = $prefix . $username . $suffix;
}
// We'll mute any exceptions / warnings here. All we need to know
// is if binding failed and we'll throw our own exception.
if (!@$this->connection->bind($username, $password)) {
throw new BindException($this->connection->getLastError(), $this->connection->errNo());
}
}
/**
* Prepares the connection by setting configured parameters.
*
* @return void
*/
protected function prepareConnection()
{
// Set the beginning protocol options on the connection
// if they're set in the configuration.
if ($this->configuration->getUseSSL()) {
$this->connection->useSSL();
} elseif ($this->configuration->getUseTLS()) {
$this->connection->useTLS();
}
// If we've set SSO to true, we'll make sure we check if
// SSO is supported, and if so we'll bind it to
// the current LDAP connection.
if ($this->configuration->getUseSSO() && $this->connection->isSaslSupported()) {
$this->connection->useSSO();
}
}
/**
* Binds to the LDAP server as the configured administrator.
*
* @throws AdldapException
*
* @return bool
*/
protected function bindAsAdministrator()
{
$adminUsername = $this->configuration->getAdminUsername();
$adminPassword = $this->configuration->getAdminPassword();
$adminSuffix = $this->configuration->getAdminAccountSuffix();
if (empty($adminSuffix)) {
// If the admin suffix is empty, we'll use the default account suffix.
$adminSuffix = $this->configuration->getAccountSuffix();
}
$this->bindUsingCredentials($adminUsername, $adminPassword, $adminSuffix);
if ($this->connection->isBound() === false) {
$error = $this->connection->getLastError();
throw new AdldapException("Rebind to Active Directory failed. AD said: {$error}");
}
return true;
}
/**
* Deletes the current entry.
*
* @return bool
*
* @throws EntryDoesNotExistException
* @throws AdldapException
*/
public function delete()
{
$dn = $this->getDn();
if (!$this->exists) {
// Make sure the record exists before we can delete it
$message = 'Entry does not exist in active directory.';
throw new EntryDoesNotExistException($message);
} else {
if (is_null($dn) || empty($dn)) {
// If the record exists but the DN attribute does
// not exist, we can't process a delete.
$message = 'Unable to delete. The current entry does not have a distinguished name present.';
throw new AdldapException($message);
}
}
return $this->connection->delete($dn);
}
/**
* Binds to the current connection using the
* inserted credentials.
*
* @param string $username
* @param string $password
*
* @returns bool
*
* @throws AdldapException
*/
private function bindUsingCredentials($username, $password)
{
// Allow binding with null credentials
if (empty($username)) {
$username = null;
} else {
$username .= $this->configuration->getAccountSuffix();
}
if (empty($password)) {
$password = null;
}
if (!$this->connection->bind($username, $password)) {
$error = $this->connection->getLastError();
if ($this->connection->isUsingSSL() && !$this->connection->isUsingTLS()) {
$message = 'Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: ' . $error;
} else {
$message = 'Bind to Active Directory failed. Check the login credentials and/or server details. AD said: ' . $error;
}
throw new AdldapException($message);
}
return true;
}
/**
* Paginates the current LDAP query.
*
* @param int $perPage
* @param int $currentPage
* @param bool $isCritical
*
* @return Paginator|bool
*/
public function paginate($perPage = 50, $currentPage = 0, $isCritical = true)
{
$this->paginated = true;
$pages = [];
$cookie = '';
do {
$this->connection->controlPagedResult($perPage, $isCritical, $cookie);
// Run the search.
$resource = $this->connection->search($this->getDn(), $this->getQuery(), $this->getSelects());
if ($resource) {
$this->connection->controlPagedResultResponse($resource, $cookie);
// We'll collect each resource result into the pages array.
$pages[] = $resource;
}
} while (!empty($cookie));
$paginator = $this->newProcessor()->processPaginated($pages, $perPage, $currentPage);
// Reset paged result on the current connection. We won't pass in the current $perPage
// parameter since we want to reset the page size to the default '1000'. Sending '0'
// eliminates any further opportunity for running queries in the same request,
// even though that is supposed to be the correct usage.
$this->connection->controlPagedResult();
return $paginator;
}
/**
* Processes LDAP search results into a nice array.
*
* If raw is not set to true, an ArrayCollection is returned.
*
* @param resource $results
*
* @return array|ArrayCollection
*/
private function processResults($results)
{
$entries = $this->connection->getEntries($results);
if ($this->raw === true) {
return $entries;
} else {
$models = [];
if (is_array($entries) && array_key_exists('count', $entries)) {
for ($i = 0; $i < $entries['count']; $i++) {
$models[] = $this->newLdapEntry($entries[$i]);
}
}
return $models;
}
}
/**
* Sorts LDAP search results.
*
* @param $results
*
* @return void
*/
private function processSort($results)
{
if (!empty($this->sortByField)) {
$this->connection->sort($results, $this->sortByField);
}
}
/**
* Processes LDAP search results into a nice array.
*
* If raw is not set to true, an ArrayCollection is returned.
*
* @param resource $results
*
* @return array|ArrayCollection
*/
private function processResults($results)
{
$entries = $this->connection->getEntries($results);
if ($this->raw === true) {
return $entries;
} else {
$models = [];
if (is_array($entries) && array_key_exists('count', $entries)) {
for ($i = 0; $i < $entries['count']; $i++) {
$models[] = $this->newLdapEntry($entries[$i]);
}
}
// If the current query isn't paginated, we'll
// sort the models array here
if (!$this->paginated) {
$models = $this->processSort($models);
}
return $models;
}
}
