Builds a filter (commonly for objectClass attributes) from different
configuration options.
| public static build ( array $params, string $operator = 'and' ) : Horde_Ldap_Filter | ||
| $params | array | Hash with configuration options that build the search filter. Possible hash keys: - 'filter': An LDAP filter string. - 'objectclass' (string): An objectClass name. - 'objectclass' (array): A list of objectClass names. |
| $operator | string | How to combine mutliple 'objectclass' entries. 'and' or 'or'. |
| return | Horde_Ldap_Filter | A filter matching the specified criteria. |
/**
* Constructor.
*
* @throws Horde_Group_Exception
*/
public function __construct($params)
{
$params = array_merge(array('binddn' => '', 'bindpw' => '', 'gid' => 'cn', 'memberuid' => 'memberUid', 'objectclass' => array('posixGroup'), 'newgroup_objectclass' => array('posixGroup')), $params);
/* Check mandatory parameters. */
foreach (array('ldap', 'basedn') as $param) {
if (!isset($params[$param])) {
throw new Horde_Group_Exception('The \'' . $param . '\' parameter is missing.');
}
}
/* Set Horde_Ldap object. */
$this->_ldap = $params['ldap'];
unset($params['ldap']);
/* Lowercase attribute names. */
$params['gid'] = Horde_String::lower($params['gid']);
$params['memberuid'] = Horde_String::lower($params['memberuid']);
if (!is_array($params['newgroup_objectclass'])) {
$params['newgroup_objectclass'] = array($params['newgroup_objectclass']);
}
foreach ($params['newgroup_objectclass'] as &$objectClass) {
$objectClass = Horde_String::lower($objectClass);
}
/* Generate LDAP search filter. */
try {
$this->_filter = Horde_Ldap_Filter::build($params['search']);
} catch (Horde_Ldap_Exception $e) {
throw new Horde_Group_Exception($e);
}
$this->_params = $params;
}
/**
* Checks if $userId exists in the LDAP backend system.
*
* @author Marco Ferrante, University of Genova (I)
*
* @param string $userId User ID for which to check
*
* @return boolean Whether or not $userId already exists.
*/
public function exists($userId)
{
$params = array('scope' => $this->_params['scope']);
try {
$uidfilter = Horde_Ldap_Filter::create($this->_params['uid'], 'equals', $userId);
$classfilter = Horde_Ldap_Filter::build(array('filter' => $this->_params['filter']));
$search = $this->_ldap->search($this->_params['basedn'], Horde_Ldap_Filter::combine('and', array($uidfilter, $classfilter)), $params);
if ($search->count() < 1) {
return false;
}
if ($search->count() > 1 && $this->_logger) {
$this->_logger->log('Multiple LDAP entries with user identifier ' . $userId, 'WARN');
}
return true;
} catch (Horde_Ldap_Exception $e) {
if ($this->_logger) {
$this->_logger->log('Error searching LDAP user: '******'ERR');
}
return false;
}
}
/**
* Modifies the specified entry in the LDAP directory.
*
* @param Turba_Object $object The object we wish to save.
*
* @return string The object id, possibly updated.
* @throw Turba_Exception
*/
protected function _save(Turba_Object $object)
{
$this->_connect();
list($object_key, $object_id) = each($this->toDriverKeys(array('__key' => $object->getValue('__key'))));
$attributes = $this->toDriverKeys($object->getAttributes());
/* Get the old entry so that we can access the old
* values. These are needed so that we can delete any
* attributes that have been removed by using ldap_mod_del. */
if (empty($this->_params['objectclass'])) {
$filter = null;
} else {
$filter = (string) Horde_Ldap_Filter::build(array('objectclass' => $this->_params['objectclass']), 'or');
}
$oldres = @ldap_read($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $filter, array_merge(array_keys($attributes), array('objectclass')));
$info = ldap_get_attributes($this->_ds, ldap_first_entry($this->_ds, $oldres));
if ($this->_params['version'] == 3 && Horde_String::lower(str_replace(array(',', '"'), array('\\2C', ''), $this->_makeKey($attributes))) != Horde_String::lower(str_replace(',', '\\2C', $object_id))) {
/* Need to rename the object. */
$newrdn = $this->_makeRDN($attributes);
if ($newrdn == '') {
throw new Turba_Exception(_("Missing DN in LDAP source configuration."));
}
if (ldap_rename($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), Horde_String::convertCharset($newrdn, 'UTF-8', $this->_params['charset']), $this->_params['root'], true)) {
$object_id = $newrdn . ',' . $this->_params['root'];
} else {
throw new Turba_Exception(sprintf(_("Failed to change name: (%s) %s; Old DN = %s, New DN = %s, Root = %s"), ldap_errno($this->_ds), ldap_error($this->_ds), $object_id, $newrdn, $this->_params['root']));
}
}
/* Work only with lowercase keys. */
$info = array_change_key_case($info, CASE_LOWER);
$attributes = array_change_key_case($attributes, CASE_LOWER);
foreach ($info as $key => $var) {
$oldval = null;
/* Check to see if the old value and the new value are
* different and that the new value is empty. If so then
* we use ldap_mod_del to delete the attribute. */
if (isset($attributes[$key]) && $var[0] != $attributes[$key] && $attributes[$key] == '') {
$oldval[$key] = $var[0];
if (!@ldap_mod_del($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $oldval)) {
throw new Turba_Exception(sprintf(_("Modify failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds)));
}
unset($attributes[$key]);
} elseif (isset($attributes[$key]) && $var[0] == $attributes[$key]) {
/* Drop unchanged elements from list of attributes to write. */
unset($attributes[$key]);
}
}
unset($attributes[Horde_String::lower($object_key)]);
$this->_encodeAttributes($attributes);
$attributes = array_filter($attributes, array($this, '_emptyAttributeFilter'));
/* Modify objectclasses only if they really changed. */
$oldClasses = array_map(array('Horde_String', 'lower'), $info['objectclass']);
array_shift($oldClasses);
$attributes['objectclass'] = array_unique(array_map('strtolower', array_merge($info['objectclass'], $this->_params['objectclass'])));
unset($attributes['objectclass']['count']);
$attributes['objectclass'] = array_values($attributes['objectclass']);
/* Do not handle object classes unless they have changed. */
if (!array_diff($oldClasses, $attributes['objectclass'])) {
unset($attributes['objectclass']);
}
if (!@ldap_modify($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $attributes)) {
throw new Turba_Exception(sprintf(_("Modify failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds)));
}
return $object_id;
}
/**
* Returns the DN of a user.
*
* The purpose is to quickly find the full DN of a user so it can be used
* to re-bind as this user. This method requires the 'user' configuration
* parameter to be set.
*
* @param string $user The user to find.
*
* @return string The user's full DN.
* @throws Horde_Ldap_Exception
* @throws Horde_Exception_NotFound
*/
public function findUserDN($user)
{
$filter = Horde_Ldap_Filter::combine('and', array(Horde_Ldap_Filter::build($this->_config['user']), Horde_Ldap_Filter::create($this->_config['user']['uid'], 'equals', $user)));
$search = $this->search(isset($this->_config['user']['basedn']) ? $this->_config['user']['basedn'] : null, $filter, array('attributes' => array($this->_config['user']['uid'])));
if (!$search->count()) {
throw new Horde_Exception_NotFound('DN for user ' . $user . ' not found');
}
$entry = $search->shiftEntry();
return $entry->currentDN();
}
