/**
* Get a user's dn by attempting to search for it in the directory.
*
* This method uses the query as a filter to find where the user is located in the directory
*
* @return array An array containing user DNs.
*
* @since 2.1
* @throws InvalidArgumentException Invalid argument in config related error
* @throws SHLdapException Ldap search error
*/
private function _getDnBySearch()
{
// Fixes special usernames and provides simple protection against ldap injections
$username = SHLdapHelper::escape($this->username);
$search = str_replace(SHLdap::USERNAME_REPLACE, $username, $this->_userParams['user_query']);
// We can either use a specific user base dn or use SHLdap's default
$baseDn = isset($this->_userParams['user_base_dn']) && !empty($this->_userParams['user_base_dn']) ? $this->_userParams['user_base_dn'] : null;
// Bind using the proxy user so the user can be found in the Ldap directory.
if (!$this->client->proxyBind()) {
// Failed to bind with proxy user
throw new InvalidArgumentException(JText::_('LIB_SHLDAP_ERR_10322'), 10322);
}
// Search the directory for the user
$result = $this->client->search($baseDn, $search, array($this->_userParams['user_uid']));
$return = array();
$count = $result->countEntries();
// Store the distinguished name for each user found
for ($i = 0; $i < $count; ++$i) {
$return[] = $result->getValue($i, 'dn', 0);
}
return $return;
}
public function testSlapdSearchInvalidNoResults()
{
$ldap = new SHLdap(TestsHelper::getLdapConfig(214));
$ldap->connect();
$ldap->proxyBind();
// No results
$result = $ldap->search(null, '(uid=do.not.exist)', array('mail'));
$this->assertInstanceOf('SHLdapResult', $result);
$this->assertEquals(0, $result->countEntries());
}
/**
* Get an array of all the nested groups through the use of group recursion.
* This is required usually only for Active Directory, however there could
* be other LDAP platforms that cannot pick up nested groups.
*
* @param shldap &$ldap Reference to the LDAP object.
* @param array $searchDNs Initial user groups (or ones that have already been discovered).
* @param string $depth How far to search down until it should give up (0 means unlimited).
* @param array &$result Holds the result of every alliteration (by reference).
* @param string $attribute The LDAP attribute to store after each ldap search.
* @param string $queryAttribute The LDAP filter attribute to query.
*
* @return array All user groups including the initial user groups.
*
* @since 1.0
* @throws SHLdapException
*/
public static function getRecursiveGroups(SHLdap &$ldap, $searchDNs, $depth, &$result, $attribute, $queryAttribute = null)
{
$search = null;
$next = array();
$filters = array();
// As this is recursive, we want to be able to specify a optional depth
--$depth;
if (!isset($searchDNs)) {
return $result;
}
foreach ($searchDNs as $dn) {
// Build one or more partial filters from the DN user groups
$filters[] = $queryAttribute . '=' . $dn;
}
if (!count($filters)) {
// If there is no filter to process then we are finished
return $result;
}
// Build the full filter using the OR operator
$search = SHLdapHelper::buildFilter($filters, '|');
// Search for any groups that also contain the groups we have in the filter
$results = $ldap->search(null, $search, array($attribute));
// Lets process each group that was found
$entryCount = $results->countEntries();
for ($i = 0; $i < $entryCount; ++$i) {
$dn = $results->getDN($i);
// We don't want to re-process a group that was processed previously
if (!in_array($dn, $result)) {
$result[] = $dn;
// Check if there are more groups we should process from the groups just discovered
$valueCount = $results->countValues($i, $attribute);
for ($j = 0; $j < $valueCount; ++$j) {
// We want to process this object
$value = $results->getValue($i, $attribute, $j);
$next[] = $value;
}
}
}
/*
* Only start the recursion when we have something to process next
* otherwise, we would loop forever.
*/
if (count($next) && $depth != 0) {
self::getRecursiveGroups($ldap, $next, $depth, $result, $attribute, $queryAttribute);
}
return $result;
}
