function it_should_hydrate_an_add_operation_to_ldap($connection)
{
$this->setLdapObjectSchema($this->schema);
$this->setOperationType(AttributeConverterInterface::TYPE_CREATE);
$this->setLdapConnection($connection);
$operation = new AddOperation();
$operation->setAttributes(['username' => 'John', 'password' => '12345', 'groups' => 'cn=foo,dc=example,dc=local']);
$operation->setLocation('ou=employees,dc=example,dc=local');
$expected = ['cn' => "John", 'displayname' => "John", 'givenName' => "John", 'userPrincipalName' => "*****@*****.**", 'objectclass' => [0 => "top", 1 => "person", 2 => "organizationalPerson", 3 => "user"], 'sAMAccountName' => "John", 'unicodePwd' => (new EncodeWindowsPassword())->toLdap('12345'), 'userAccountControl' => "512"];
$original1 = clone $operation;
$original2 = clone $operation;
$this->hydrateToLdap($operation)->getAttributes()->shouldBeEqualTo($expected);
$this->hydrateToLdap($original2)->getPostOperations()->shouldHaveCount(1);
$this->hydrateToLdap($original1)->getDn()->shouldBeEqualTo('cn=John,ou=employees,dc=example,dc=local');
}
function it_should_call_creation_events_when_creating_a_ldap_object(EventDispatcherInterface $dispatcher, $connection)
{
$this->addOperation->setLocation('dc=foo,dc=bar');
$connection->execute($this->addOperation)->willReturn(true);
$beforeEvent = new LdapObjectCreationEvent(Event::LDAP_OBJECT_BEFORE_CREATE);
$beforeEvent->setContainer('dc=foo,dc=bar');
$beforeEvent->setData(['username' => '%foo%', 'password' => '%bar%']);
$beforeEvent->setDn('');
$afterEvent = new LdapObjectCreationEvent(Event::LDAP_OBJECT_AFTER_CREATE);
$afterEvent->setContainer('dc=foo,dc=bar');
$afterEvent->setData(['username' => 'somedude', 'password' => '12345']);
$afterEvent->setDn('cn=somedude,dc=foo,dc=bar');
$dispatcher->dispatch($beforeEvent)->shouldBeCalled();
$dispatcher->dispatch($afterEvent)->shouldBeCalled();
$this->config->setSchemaName('ad');
$this->beConstructedWith($connection, $this->schemaFactory, $dispatcher);
$this->createUser()->with(['username' => '%foo%', 'password' => '%bar%'])->in('dc=foo,dc=bar')->setParameter('foo', 'somedude')->setParameter('bar', '12345');
$this->execute();
}
/**
* Builds the DN based off of the "name" attribute. The name attribute should be mapped to the "cn" attribute in
* pretty much all cases except for creating an OU object. Then the "name" attribute should be mapped to "ou".
*
* @param AddOperation $operation
*/
protected function setDnToUse(AddOperation $operation)
{
// If the DN was explicitly set, don't do anything.
if ($operation->getDn()) {
return;
}
if (!$this->schema) {
throw new LogicException("You must explicitly set the DN or specify a schema type.");
}
if (!$this->schema->hasAttribute('name')) {
throw new LogicException('To create an object you must specify the name attribute in the schema. That attribute should typically' . ' map to the "cn" attribute, as it will use that as the base of the distinguished name.');
}
$location = $operation->getLocation() ?: $this->schema->getDefaultContainer();
if (empty($location)) {
throw new LogicException('You must specify a container or OU to place this LDAP object in.');
}
$attribute = $this->schema->getAttributeToLdap('name');
$rdnValue = LdapUtilities::escapeValue($operation->getAttributes()[$attribute], null, LDAP_ESCAPE_DN);
$location = $this->resolveParameters(['container' => $location])['container'];
$operation->setDn($attribute . '=' . $rdnValue . ',' . $location);
}
/**
* Workaround AD special cases with the unicodePwd attribute...
*
* @link https://support.microsoft.com/en-us/kb/263991
* @param AddOperation $operation
*/
protected function unicodePwdHack(AddOperation $operation)
{
if (!$this->isUnicodePwdHackNeeded()) {
return;
}
$attributes = $operation->getAttributes();
foreach ($attributes as $attribute => $value) {
if (strtolower($attribute) !== 'unicodepwd') {
continue;
}
$value = is_array($value) ? reset($value) : $value;
$attributes[$attribute] = base64_encode($value);
}
$operation->setAttributes($attributes);
}
/**
* Trigger a LDAP object after creation event.
*
* @param AddOperation $operation
*/
protected function triggerAfterCreationEvent(AddOperation $operation)
{
$event = new LdapObjectCreationEvent(Event::LDAP_OBJECT_AFTER_CREATE);
$event->setData((new ParameterResolver($this->attributes, $this->hydrator->getParameters()))->resolve());
$event->setContainer($operation->getLocation());
$event->setDn($operation->getDn());
$this->dispatcher->dispatch($event);
}
function it_should_generate_add_operations_based_off_a_name_guid_sid_and_LdapObject_on_a_create_operation($connection, \LdapTools\Operation\AddOperation $operation)
{
$sid = 'S-1-5-21-1004336348-1177238915-682003330-512';
$sidHex = '\\01\\05\\00\\00\\00\\00\\00\\05\\15\\00\\00\\00\\dc\\f4\\dc\\3b\\83\\3d\\2b\\46\\82\\8b\\a6\\28\\00\\02\\00\\00';
$guid = 'a1131cd3-902b-44c6-b49a-1f6a567cda25';
$guidHex = '\\d3\\1c\\13\\a1\\2b\\90\\c6\\44\\b4\\9a\\1f\\6a\\56\\7c\\da\\25';
$dn = 'cn=foo,dc=example,dc=local';
$objectDn = 'CN=SomeGroup,OU=Employees,DC=example,DC=com';
$ldapObject = new LdapObject(['dn' => $objectDn], ['group'], 'group', 'group');
$connection->execute(Argument::that(function ($operation) {
return $operation->getFilter() == '(&(&(objectClass=bar))(cn=Foo))';
}))->willReturn($this->entry);
$connection->execute(Argument::that(function ($operation) use($guid, $guidHex) {
return $operation->getFilter() == '(&(&(objectClass=bar))(|(objectGuid=' . $guidHex . ')(cn=' . $guid . ')))';
}))->willReturn($this->entryGuid);
$connection->execute(Argument::that(function ($operation) use($sid, $sidHex) {
return $operation->getFilter() == '(&(&(objectClass=bar))(|(objectSid=' . $sidHex . ')(cn=' . $sid . ')))';
}))->willReturn($this->entrySid);
$this->setOptions(['foo' => ['to_attribute' => 'member', 'attribute' => 'cn', 'filter' => ['objectClass' => 'bar']]]);
$this->setOperation($operation);
$this->setLdapConnection($connection);
$this->setAttribute('foo');
$this->setOperationType(AttributeConverterInterface::TYPE_CREATE);
$this->setDn($dn);
$operation->getDn()->willReturn($dn);
$nameDn = $this->entry[0]['distinguishedname'][0];
$guidDn = $this->entryGuid[0]['distinguishedname'][0];
$sidDn = $this->entrySid[0]['distinguishedname'][0];
foreach ([$nameDn, $sidDn, $guidDn, $objectDn] as $groupDn) {
$operation->addPostOperation(Argument::that(function ($op) use($dn, $groupDn) {
return $op instanceof BatchModifyOperation && call_user_func($op->getBatchCollection()->toArray()[0]->getValues()[0]) == $dn && $op->getBatchCollection()->getDn() == $groupDn;
}))->shouldBeCalled();
}
$this->toLdap(['Foo', $guid, $sid, $ldapObject])->shouldBeArray();
}
