/**
* Get the primary of a member (supports consulting of LDAP).
*
* @param MEMBER The member.
* @return GROUP The primary.
*/
function ocf_get_member_primary_group($member_id)
{
global $PRIMARY_GROUP_MEMBERS;
if (array_key_exists($member_id, $PRIMARY_GROUP_MEMBERS)) {
return $PRIMARY_GROUP_MEMBERS[$member_id];
}
if (ocf_is_ldap_member($member_id)) {
ocf_ldap_get_member_primary_group($member_id);
} else {
$PRIMARY_GROUP_MEMBERS[$member_id] = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_primary_group');
}
return $PRIMARY_GROUP_MEMBERS[$member_id];
}
/**
* (LDAP helper for ocf_get_group_members_raw) Get a list of members in a group (or more full details if $non_validated is true).
*
* @param array The list is written into this.
* @param GROUP The ID of the usergroup.
* @param boolean Whether to include those in the usergroup as a primary member.
* @param boolean Whether to include those applied to join the usergroup, but not validated in.
* @param boolean Whether to include those in the usergroup as a secondary member.
*/
function ocf_get_group_members_raw_ldap(&$members, $group_id, $include_primaries, $non_validated, $include_secondaries)
{
global $LDAP_CONNECTION;
$gid = NULL;
$cn = ocf_group_ocfid_to_ldapcn($group_id);
if (get_option('ldap_is_windows') == '0') {
// Members under group (secondary)
if ($include_secondaries && !is_null($cn)) {
$results = ldap_search($LDAP_CONNECTION, group_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_group_class() . ')(' . group_property() . '=' . ocp_ldap_escape($cn) . '))', array('memberuid', 'gidnumber'));
$entries = ldap_get_entries($LDAP_CONNECTION, $results);
if (array_key_exists(0, $entries) && array_key_exists('memberuid', $entries[0])) {
foreach ($entries[0]['memberuid'] as $key => $member) {
if (!is_numeric($key)) {
continue;
}
$member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape($member));
if (!is_null($member_id)) {
if ($non_validated) {
$members[] = array('gm_member_id' => $member_id, 'gm_validated' => 1, 'm_username' => ldap_unescape($member));
} else {
$members[] = $member_id;
}
}
}
$gid = $entries[0]['gidnumber'];
// Picked up for performance reasons
ldap_free_result($results);
}
}
if (is_null($gid)) {
$gid = ocf_group_ldapcn_to_ldapgid($cn);
}
// Groups under member (primary)
if ($include_primaries && !is_null($gid)) {
$results = ldap_search($LDAP_CONNECTION, member_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_member_class() . ')(gidnumber=' . ocp_ldap_escape(strval($gid)) . '))', array(member_property()));
$entries = ldap_get_entries($LDAP_CONNECTION, $results);
foreach ($entries as $key => $member) {
if (!is_numeric($key)) {
continue;
}
if (!array_key_exists(member_property(), $member)) {
continue;
}
if (!array_key_exists(0, $member[member_property()])) {
continue;
}
$member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape($member[member_property()][0]));
if (!is_null($member_id)) {
if ($non_validated) {
$members[] = array('m_username' => ldap_unescape($member[member_property()][0]), 'gm_member_id' => $member_id, 'gm_validated' => 1);
} else {
$members[] = $member_id;
}
}
}
ldap_free_result($results);
}
} else {
if (!is_null($cn)) {
// Groups under member (Active Directory makes no distinction)
$results = ldap_search($LDAP_CONNECTION, member_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_member_class() . ')(' . group_property() . '=' . ocp_ldap_escape($cn) . '))', array('memberof'));
// We do ldap_search as Active Directory can be fussy when looking at large sets, like all members
$entries = ldap_get_entries($LDAP_CONNECTION, $results);
if (array_key_exists(0, $entries) && array_key_exists('memberof', $entries[0])) {
foreach ($entries[0]['memberof'] as $key => $member) {
if (!is_numeric($key)) {
continue;
}
$member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape(ocf_long_cn_to_short_cn($member, member_property())));
if (!is_null($member_id)) {
if ($include_primaries && $include_secondaries || $include_primaries && !$include_secondaries && ocf_ldap_get_member_primary_group($member_id) == $gid || !$include_primaries && $include_secondaries && ocf_ldap_get_member_primary_group($member_id) != $gid) {
if ($non_validated) {
$members[] = array('gm_member_id' => $member_id, 'gm_validated' => 1, 'm_username' => ldap_unescape(ocf_long_cn_to_short_cn($member, member_property())));
} else {
$members[] = $member_id;
}
}
}
}
ldap_free_result($results);
}
}
}
}
