Given a string, try to determine if it is a valid distinguished name for a LDAP object. This is a somewhat
unsophisticated approach. A regex might be a better solution, but would probably be rather difficult to get
right.
public static isValidLdapObjectDn ( string $dn ) : boolean | ||
$dn | string | |
Résultat | boolean |
/** * Given a value try to determine how to get its full distinguished name. * * @param string $value * @return string $dn * @throws AttributeConverterException */ protected function getDnFromValue($value) { $options = $this->getOptionsArray(); $toSelect = isset($options['select']) ? $options['select'] : 'dn'; if ($value instanceof LdapObject && !$value->has($toSelect)) { throw new AttributeConverterException(sprintf('The LdapObject must have a "%s" defined when used in "%s".', $toSelect, $this->getAttribute())); } elseif ($value instanceof LdapObject) { $value = $value->get($toSelect); } elseif (!LdapUtilities::isValidLdapObjectDn($value) && !is_null($this->getLdapConnection())) { $value = $this->getAttributeFromLdapQuery($value, $toSelect); } return $value; }
/** * Check all of the groups that are valid for a specific role against all of the LDAP groups that the user belongs * to. * * @param array $roleGroups * @param LdapObjectCollection $ldapGroups * @return bool */ protected function hasGroupForRoles(array $roleGroups, LdapObjectCollection $ldapGroups) { foreach ($roleGroups as $roleGroup) { if (LdapUtilities::isValidLdapObjectDn($roleGroup)) { $attribute = 'dn'; } elseif (preg_match(LdapUtilities::MATCH_GUID, $roleGroup)) { $attribute = $this->roleAttrMap['guid']; } elseif (preg_match(LdapUtilities::MATCH_SID, $roleGroup)) { $attribute = $this->roleAttrMap['sid']; } else { $attribute = $this->roleAttrMap['name']; } if ($this->hasGroupWithAttributeValue($ldapGroups, $attribute, $roleGroup)) { return true; } } return false; }