public function getUserBaseDn($uid)
{
// Search the user in the directory
$result = $this->search(array('filter' => '(&(|(objectClass=person)(objectClass=mailRecipient))(mail=' . Filter::escapeValue($uid) . '))', 'attributes' => array('employeeNumber'), 'sizelimit' => 2));
if ($result->count() < 1) {
throw new Exception('not found');
} else {
if ($result->count() > 1) {
throw new Exception('somethind bad happened');
}
}
$entry = $result->getFirst();
$userDn = $entry['dn'];
$branchDn = Dn::factory($userDn)->getParentDn(1);
// Search the subtree the user is an administrator
$subtree = null;
for ($i = 1; $i <= 3; $i++) {
$result = $this->search(array('filter' => '(&(objectClass=groupOfNames)(member=' . Filter::escapeValue($userDn) . '))', 'basedn' => $subtree = $branchDn->getParentDn($i), 'attributes' => array('employeeNumber'), 'sizelimit' => 2));
if ($result->count() === 1) {
break;
} else {
$subtree = null;
}
}
if (is_null($subtree)) {
throw new UserFriendlyException(403, 'Access denied', 'You are not allowed to access this resource.');
}
return $subtree->toString();
}
public function testDnCreation()
{
Ldap\Dn::setDefaultCaseFold(Ldap\Dn::ATTR_CASEFOLD_NONE);
$dnString1 = 'CN=Baker\\, Alice,CN=Users+OU=Lab,DC=example,DC=com';
$dnArray1 = array(array('CN' => 'Baker, Alice'), array('CN' => 'Users', 'OU' => 'Lab'), array('DC' => 'example'), array('DC' => 'com'));
$dnString2 = 'cn=Baker\\, Alice,cn=Users+ou=Lab,dc=example,dc=com';
$dnArray2 = array(array('cn' => 'Baker, Alice'), array('cn' => 'Users', 'ou' => 'Lab'), array('dc' => 'example'), array('dc' => 'com'));
$dnString3 = 'Cn=Baker\\, Alice,Cn=Users+Ou=Lab,Dc=example,Dc=com';
$dnArray3 = array(array('Cn' => 'Baker, Alice'), array('Cn' => 'Users', 'Ou' => 'Lab'), array('Dc' => 'example'), array('Dc' => 'com'));
$dn11 = Ldap\Dn::fromString($dnString1);
$dn12 = Ldap\Dn::fromArray($dnArray1);
$dn13 = Ldap\Dn::factory($dnString1);
$dn14 = Ldap\Dn::factory($dnArray1);
$this->assertEquals($dn11, $dn12);
$this->assertEquals($dn11, $dn13);
$this->assertEquals($dn11, $dn14);
$this->assertEquals($dnString1, $dn11->toString());
$this->assertEquals($dnString1, $dn11->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnString2, $dn11->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER));
$this->assertEquals($dnArray1, $dn11->toArray());
$this->assertEquals($dnArray1, $dn11->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnArray2, $dn11->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER));
$dn21 = Ldap\Dn::fromString($dnString2);
$dn22 = Ldap\Dn::fromArray($dnArray2);
$dn23 = Ldap\Dn::factory($dnString2);
$dn24 = Ldap\Dn::factory($dnArray2);
$this->assertEquals($dn21, $dn22);
$this->assertEquals($dn21, $dn23);
$this->assertEquals($dn21, $dn24);
$this->assertEquals($dnString2, $dn21->toString());
$this->assertEquals($dnString1, $dn21->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnString2, $dn21->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER));
$this->assertEquals($dnArray2, $dn21->toArray());
$this->assertEquals($dnArray1, $dn21->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnArray2, $dn21->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER));
$this->assertEquals($dnArray2, $dn22->toArray());
$dn31 = Ldap\Dn::fromString($dnString3);
$dn32 = Ldap\Dn::fromArray($dnArray3);
$dn33 = Ldap\Dn::factory($dnString3);
$dn34 = Ldap\Dn::factory($dnArray3);
$this->assertEquals($dn31, $dn32);
$this->assertEquals($dn31, $dn33);
$this->assertEquals($dn31, $dn34);
$this->assertEquals($dnString3, $dn31->toString());
$this->assertEquals($dnString1, $dn31->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnString2, $dn31->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER));
$this->assertEquals($dnArray3, $dn31->toArray());
$this->assertEquals($dnArray1, $dn31->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER));
$this->assertEquals($dnArray2, $dn31->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER));
try {
Ldap\Dn::factory(1);
$this->fail('Expected Zend\\Ldap\\Exception not thrown');
} catch (Exception\LdapException $e) {
$this->assertEquals('Invalid argument type for $dn', $e->getMessage());
}
}
/**
* Update LDAP registry
*
* @param string|Dn $dn
* @param array $entry
* @return Ldap Provides a fluid interface
* @throws Exception\LdapException
*/
public function update($dn, array $entry)
{
if (!$dn instanceof Dn) {
$dn = Dn::factory($dn, null);
}
self::prepareLdapEntryArray($entry);
$rdnParts = $dn->getRdn(Dn::ATTR_CASEFOLD_LOWER);
foreach ($rdnParts as $key => $value) {
$value = Dn::unescapeValue($value);
if (array_key_exists($key, $entry) && !in_array($value, $entry[$key])) {
$entry[$key] = array_merge(array($value), $entry[$key]);
}
}
$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory', 'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
foreach ($adAttributes as $attr) {
if (array_key_exists($attr, $entry)) {
unset($entry[$attr]);
}
}
if (count($entry) > 0) {
ErrorHandler::start(E_WARNING);
$isModified = ldap_modify($this->getResource(), $dn->toString(), $entry);
ErrorHandler::stop();
if ($isModified === false) {
throw new Exception\LdapException($this, 'updating: ' . $dn->toString());
}
}
return $this;
}
/**
* Sets the new DN for this node
*
* This is an offline method.
*
* @param Dn|string|array $newDn
* @throws Exception\LdapException
* @return Node Provides a fluid interface
*/
public function setDn($newDn)
{
if ($newDn instanceof Dn) {
$this->newDn = clone $newDn;
} else {
$this->newDn = Dn::factory($newDn);
}
$this->ensureRdnAttributeValues(true);
return $this;
}
private function findUnit(Identity $identity)
{
if (null === $this->unit) {
$filter = Filter::equals('mail', $identity->mail);
$baseDn = Dn::factory($this->ldap->getBaseDn())->prepend(['ou' => 'people']);
$result = $this->ldap->search($filter, $baseDn, Ldap::SEARCH_SCOPE_ONE, ['l']);
if (1 !== $result->count()) {
return;
}
$result = $result->current();
$unitDn = $result['l'][0];
$this->unit = $this->ldap->getNode($unitDn);
}
return $this->unit;
}
