/**
* Factory method to create the RootDSE.
*
* @param Zend_Ldap $ldap
* @return Zend_Ldap_Node_RootDse
* @throws Zend_Ldap_Exception
*/
public static function create(Zend_Ldap $ldap)
{
$dn = Zend_Ldap_Dn::fromString('');
$data = $ldap->getEntry($dn, array('*', '+'), true);
if (isset($data['domainfunctionality'])) {
/**
* @see Zend_Ldap_Node_RootDse_ActiveDirectory
*/
require_once 'Zend/Ldap/Node/RootDse/ActiveDirectory.php';
return new Zend_Ldap_Node_RootDse_ActiveDirectory($dn, $data);
} else {
if (isset($data['dsaname'])) {
/**
* @see Zend_Ldap_Node_RootDse_ActiveDirectory
*/
require_once 'Zend/Ldap/Node/RootDse/eDirectory.php';
return new Zend_Ldap_Node_RootDse_eDirectory($dn, $data);
} else {
if (isset($data['structuralobjectclass']) && $data['structuralobjectclass'][0] === 'OpenLDAProotDSE') {
/**
* @see Zend_Ldap_Node_RootDse_OpenLdap
*/
require_once 'Zend/Ldap/Node/RootDse/OpenLdap.php';
return new Zend_Ldap_Node_RootDse_OpenLdap($dn, $data);
} else {
return new self($dn, $data);
}
}
}
}
public function checkDomain($params)
{
foreach ($params as $param) {
$data[$param['name']] = $param['value'];
}
if (empty($data['toCheck'])) {
throw new Exception('Podaj login zgłaszającego!');
}
$logic = new Logic_Validate_LdapLogin();
$config = Zend_Registry::get('config');
$servers = $config['ldap'];
foreach ($servers as $server) {
$ldap = new Zend_Ldap($server);
$ldap->bind($data['login'], $data['password']);
$ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $data['toCheck']));
if (!empty($ldapEntry)) {
break;
}
}
if (!empty($ldapEntry)) {
$ret['pm_name'] = $ldapEntry[0]['displayname'][0];
$ret['pm_email'] = $ldapEntry[0]['userprincipalname'][0];
return $ret;
} else {
throw new Exception('Nie znaleziono użytkownika w domenie!');
}
}
public function isValid($value)
{
$request = Zend_Controller_Front::getInstance()->getRequest();
$fields = $request->getParams();
$config = Zend_Registry::get('config');
$servers = $config['ldap'];
$valid = false;
foreach ($servers as $server) {
try {
$ldap = new Zend_Ldap($server);
$ldap->bind($fields['ldapUser'], $fields['ldapPassword']);
$ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $value));
if (!empty($ldapEntry)) {
$valid |= true;
}
} catch (Exception $e) {
$valid |= false;
}
}
if (!$valid) {
$this->_error(self::NOT_EXISTS);
return false;
}
return true;
}
/**
* @return void
*/
public function testInvalidOptionResultsInException()
{
$optionName = 'invalid';
try {
$this->_ldap->setOptions(array($optionName => 'irrelevant'));
$this->fail('Expected Zend_Ldap_Exception not thrown');
} catch (Zend_Ldap_Exception $e) {
$this->assertEquals("Unknown Zend_Ldap option: $optionName", $e->getMessage());
}
}
/**
* returns the class that actually does the LDAP querying
*
* @return Zend_Ldap
*/
public function getLdap()
{
// get the connection if not set
if (!$this->connection && $this->Host) {
$options = array('host' => $this->Host, 'username' => $this->BindUser, 'password' => $this->BindPass, 'bindRequiresDn' => true, 'baseDn' => $this->BaseDN);
$this->connection = new Zend_Ldap($options);
$this->connection->connect();
}
return $this->connection;
}
/**
* Extend constructor
*
* @param array $_options
* @return @see Zend_Ldap
*/
public function __construct(array $_options)
{
// strip non Zend_Ldap options
$options = array_intersect_key($_options, array('host' => null, 'port' => null, 'useSsl' => null, 'username' => null, 'password' => null, 'bindRequiresDn' => null, 'baseDn' => null, 'accountCanonicalForm' => null, 'accountDomainName' => null, 'accountDomainNameShort' => null, 'accountFilterFormat' => null, 'allowEmptyPassword' => null, 'useStartTls' => null, 'optReferrals' => null, 'tryUsernameSplit' => null));
$returnValue = parent::__construct($options);
return $returnValue;
}
protected function _cleanupLdapServer()
{
$ldap = $this->_ldap->getResource();
foreach (array_reverse($this->_nodes) as $dn => $entry) {
ldap_delete($ldap, $dn);
}
}
/**
* @return void
*/
public function testExplodeDnOperation()
{
$inputs = array('CN=Alice Baker,CN=Users,DC=example,DC=com' => true, 'CN=Baker\\, Alice,CN=Users,DC=example,DC=com' => true, 'OU=Sales,DC=local' => true, 'OU=Sales;DC=local' => true, 'OU=Sales ,DC=local' => true, 'OU=Sales, dC=local' => true, 'ou=Sales , DC=local' => true, 'OU=Sales ; dc=local' => true, 'DC=local' => true, ' DC=local' => true, 'DC= local ' => true, 'username' => false, '*****@*****.**' => false, 'EXAMPLE\\username' => false, 'CN=,Alice Baker,CN=Users,DC=example,DC=com' => false, 'CN=Users,DC==example,DC=com' => false, 'O=ACME' => true, '' => false, ' ' => false);
foreach ($inputs as $dn => $expected) {
$ret = Zend_Ldap::explodeDn($dn);
$this->assertTrue($ret === $expected);
}
}
protected function _cleanupLDAPServer()
{
if (!constant('TESTS_ZEND_LDAP_ONLINE_ENABLED')) {
return;
}
$ldap = $this->_ldap->getResource();
foreach (array_reverse($this->_nodes) as $dn => $entry) {
ldap_delete($ldap, $dn);
}
}
/**
* Rewind the Iterator to the first result item
* Implements Iterator
*
* @throws Zend_Ldap_Exception
*/
public function rewind()
{
if (is_resource($this->_resultId)) {
$this->_current = @ldap_first_entry($this->_ldap->getResource(), $this->_resultId);
/** @see Zend_Ldap_Exception */
if ($this->_current === false && $this->_ldap->getLastErrorCode() > Zend_Ldap_Exception::LDAP_SUCCESS) {
throw new Zend_Ldap_Exception($this->_ldap, 'getting first entry');
}
}
}
/**
* Stores the current DN
*
* @return void
* @throws Zend_Ldap_Exception
*/
protected function _storeCurrentDn()
{
if (is_resource($this->_current)) {
$this->_currentDn = @ldap_get_dn($this->_ldap->getResource(), $this->_current);
if ($this->_currentDn === false) {
throw new Zend_Ldap_Exception($this->_ldap, 'getting dn');
}
} else {
$this->_currentDn = null;
}
}
/**
* Factory method to create the Schema node.
*
* @param Zend_Ldap $ldap
* @return Zend_Ldap_Node_Schema
* @throws Zend_Ldap_Exception
*/
public static function create(Zend_Ldap $ldap)
{
$dn = $ldap->getRootDse()->getSchemaDn();
$data = $ldap->getEntry($dn, array('*', '+'), true);
switch ($ldap->getRootDse()->getServerType()) {
case Zend_Ldap_Node_RootDse::SERVER_TYPE_ACTIVEDIRECTORY:
/**
* @see Zend_Ldap_Node_Schema_ActiveDirectory
*/
return new Zend_Ldap_Node_Schema_ActiveDirectory($dn, $data, $ldap);
case Zend_Ldap_Node_RootDse::SERVER_TYPE_OPENLDAP:
/**
* @see Zend_Ldap_Node_RootDse_ActiveDirectory
*/
return new Zend_Ldap_Node_Schema_OpenLdap($dn, $data, $ldap);
case Zend_Ldap_Node_RootDse::SERVER_TYPE_EDIRECTORY:
default:
return new self($dn, $data, $ldap);
}
}
public function setup()
{
$path = '';
if ($this->_authType->getAuthType() == 'Ldap') {
$path = $this->_authType->getAuthInfo('homedirectory');
}
if (!$path) {
$ldapOpts = $this->_config->ldap->params;
if ($ldapOpts == null) {
throw new Exception('LDAP options not configured.', 102);
}
$ldapOpts = $ldapOpts->toArray();
$ldapOpts['bindRequiresDn'] = true;
$ldap = new Zend_Ldap($ldapOpts);
$entry = $ldap->search('uid=' . $this->_authType->getUsername())->getFirst();
if (!$entry) {
throw new Exception('User ' . $this->_authType->getUsername() . ' LDAP entry not found to create ' . 'their home directory.');
}
$path = $entry['homedirectory'];
if (!$path) {
throw new Exception('User ' . $this->_authType->getUsername() . ' home directory location ' . 'not found.');
}
}
if (is_array($path)) {
$path = $path[0];
}
/* Only create the home directory if the path doesn't exist. */
if (is_dir($path)) {
return;
}
/* Run the home directory creation script. */
$script = $this->_config->session->homedirectory->script;
if (!$script) {
throw new Exception('Home directory creation script not configured.', 108);
}
if (!is_executable($script)) {
throw new Exception('Home directory creation script does not exist or is not executable.', 108);
}
$args = escapeshellarg($this->_authType->getUsername()) . ' ' . escapeshellarg($path);
exec("sudo {$script} {$args}");
}
public function isValid($value)
{
$config = Zend_Registry::get('config');
$servers = $config['ldap'];
$identity = Zend_Auth::getInstance()->getIdentity();
foreach ($servers as $server) {
try {
$ldap = new Zend_Ldap($server);
$bind = $ldap->bind($identity->login, $value);
if (!empty($bind)) {
return true;
}
} catch (Exception $e) {
$valid = false;
}
}
if (!$valid) {
$this->_error(self::NOT_VALID);
return false;
}
}
public function __construct()
{
parent::__construct();
$config = Zend_Registry::get('config');
$ldapConfigs = $config['ldap'];
unset($ldapConfigs['login']);
foreach ($ldapConfigs as $key => $ldapConfig) {
$this->multioptions[$key]['host'] = $ldapConfig['hostname'];
$this->multioptions[$key]['useSsl'] = $ldapConfig['useSsl'];
$this->multioptions[$key]['bindRequiresDn'] = true;
$this->multioptions[$key]['accountDomainName'] = $ldapConfig['accountDomainName'];
$this->multioptions[$key]['baseDn'] = $ldapConfig['baseDn'];
//"ou=Users,dc=nb";
}
}
/**
* Extend constructor
*
* @param array $_options
* @return @see Zend_Ldap
*/
public function __construct(array $_options)
{
if (Tinebase_Config::getInstance()->get(Tinebase_Config::LDAP_DISABLE_TLSREQCERT)) {
if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) {
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Disable TLS certificate check');
}
putenv('LDAPTLS_REQCERT=never');
}
// strip non Zend_Ldap options
$options = array_intersect_key($_options, array('host' => null, 'port' => null, 'useSsl' => null, 'username' => null, 'password' => null, 'bindRequiresDn' => null, 'baseDn' => null, 'accountCanonicalForm' => null, 'accountDomainName' => null, 'accountDomainNameShort' => null, 'accountFilterFormat' => null, 'allowEmptyPassword' => null, 'useStartTls' => null, 'optReferrals' => null, 'tryUsernameSplit' => null));
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' LDAP options: ' . print_r($options, true));
}
$returnValue = parent::__construct($options);
return $returnValue;
}
/**
* read ldap / get users and groups from tine an create mapping
*
* @return array
*/
protected function _getGroupMapping()
{
$this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Fetching user mapping ...');
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter));
$mapping = array();
$groupNameMapping = $this->_config->groupNameMapping ? $this->_config->groupNameMapping->toArray() : array();
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group name mapping: ' . print_r($groupNameMapping, TRUE));
$ldapGroups = $this->_ldap->search($filter, $this->_config->ldap->baseDn, $this->_groupSearchScope, array('*', '+'));
foreach ($ldapGroups as $group) {
$groupname = isset($groupNameMapping[$group['cn'][0]]) ? $groupNameMapping[$group['cn'][0]] : $group['cn'][0];
$ldapUuid = $group['entryuuid'][0];
try {
$tineGroup = $this->_tineGroupBackend->getGroupByName($groupname);
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tineGroup->getId() . ' -> ' . $ldapUuid);
$mapping[$tineGroup->getId()] = $ldapUuid;
} catch (Tinebase_Exception_Record_NotDefined $tenf) {
// @todo should be: Tinebase_Exception_NotFound
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tenf->getMessage());
}
}
$this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Found ' . count($mapping) . ' groups for the mapping.');
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($mapping, TRUE));
return $mapping;
}
/**
* Reload node attributes from LDAP.
*
* This is an online method.
*
* @param Zend_Ldap $ldap
* @return Zend_Ldap_Node_Abstract Provides a fluid interface
* @throws Zend_Ldap_Exception
*/
public function reload(Zend_Ldap $ldap = null)
{
if ($ldap !== null) {
$data = $ldap->getEntry($this->_getDn(), array('*', '+'), true);
$this->_loadData($data, true);
}
return $this;
}
/**
* @group ZF-8274
*/
public function testConnectWithUri()
{
$host = TESTS_ZEND_LDAP_HOST;
$port = 0;
if (defined('TESTS_ZEND_LDAP_PORT') && TESTS_ZEND_LDAP_PORT != 389) {
$port = TESTS_ZEND_LDAP_PORT;
}
$useSsl = false;
if (defined('TESTS_ZEND_LDAP_USE_SSL')) {
$useSsl = TESTS_ZEND_LDAP_USE_SSL;
}
if ($useSsl) {
$host = 'ldaps://' . $host;
} else {
$host = 'ldap://' . $host;
}
if ($port) {
$host = $host . ':' . $port;
}
$ldap = new Zend_Ldap();
try {
$ldap->connect($host)->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for invalid username');
} catch (Zend_Ldap_Exception $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
}
}
/**
* Checks the group membership of the bound user
*
* @param Zend_Ldap $ldap
* @param string $canonicalName
* @param string $dn
* @param array $adapterOptions
* @return string|true
*/
protected function _checkGroupMembership(Zend_Ldap $ldap, $canonicalName, $dn, array $adapterOptions)
{
if ($adapterOptions['group'] === null) {
return true;
}
if ($adapterOptions['memberIsDn'] === false) {
$user = $canonicalName;
} else {
$user = $dn;
}
/**
* @see Zend_Ldap_Filter
*/
require_once 'Zend/Ldap/Filter.php';
$groupName = Zend_Ldap_Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']);
$membership = Zend_Ldap_Filter::equals($adapterOptions['memberAttr'], $user);
$group = Zend_Ldap_Filter::andFilter($groupName, $membership);
$groupFilter = $adapterOptions['groupFilter'];
if (!empty($groupFilter)) {
$group = $group->addAnd($groupFilter);
}
$result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']);
if ($result === 1) {
return true;
} else {
return 'Failed to verify group membership with ' . $group->toString();
}
}
/**
* @deprecated not necessary any more - will be removed
* @param Zend_Ldap $ldap A Zend_Ldap object
* @return int The current error code for the resource
*/
public static function getLdapCode(Zend_Ldap $ldap = null)
{
if ($ldap !== null) {
return $ldap->getLastErrorCode();
}
return 0;
}
public function testMismatchDomainBind()
{
$ldap = new Zend_Ldap($this->_options);
try {
$ldap->bind('BOGUS\\doesntmatter', 'doesntmatter');
} catch (Zend_Ldap_Exception $zle) {
$this->assertTrue($zle->getCode() == Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH);
}
}
/**
* @return string The LDAP search filter for matching directory accounts
*/
protected function _getAccountFilter($acctname)
{
$this->_splitName($acctname, $dname, $aname);
$accountFilterFormat = $this->_getAccountFilterFormat();
$aname = Zend_Ldap::filterEscape($aname);
if ($accountFilterFormat)
return sprintf($accountFilterFormat, $aname);
if (!$this->_bindRequiresDn) {
// is there a better way to detect this?
return "(&(objectClass=user)(sAMAccountName=$aname))";
}
return "(&(objectClass=posixAccount)(uid=$aname))";
}
public function testRequiresDnWithoutDnBind()
{
$options = $this->_options;
/* Fixup filter since bindRequiresDn is used to determine default accountFilterFormat
*/
if (!isset($options['accountFilterFormat']) && !$this->_bindRequiresDn) {
$options['accountFilterFormat'] = '(&(objectClass=user)(sAMAccountName=%s))';
}
$options['bindRequiresDn'] = true;
unset($options['username']);
$ldap = new Zend_Ldap($options);
try {
$ldap->bind($this->_principalName);
} catch (Zend_Ldap_Exception $zle) {
/* Note that if your server actually allows anonymous binds this test will fail.
*/
$this->assertContains('Failed to retrieve DN', $zle->getMessage());
}
}
public function testDisconnect()
{
$ldap = new Zend_Ldap($this->_options);
for ($i = 0; $i < 3; $i++) {
$ldap->disconnect();
try {
$ldap->connect()->bind('CN=ignored,DC=example,DC=com', 'ignored');
$this->fail('Expected exception for unknown username');
} catch (Zend_Ldap_Exception $zle) {
$this->assertContains('Invalid credentials', $zle->getMessage());
}
}
}
private function registerUserDirectory()
{
$this[self::USER_DIRECTORY] = function () {
$application = EngineBlock_ApplicationSingleton::getInstance();
/** @var Zend_Config $ldapConfig */
$ldapConfig = $application->getConfigurationValue('ldap', null);
if (empty($ldapConfig)) {
throw new EngineBlock_Exception('No LDAP config');
}
$ldapOptions = array('host' => $ldapConfig->host, 'useSsl' => $ldapConfig->useSsl, 'username' => $ldapConfig->userName, 'password' => $ldapConfig->password, 'bindRequiresDn' => $ldapConfig->bindRequiresDn, 'accountDomainName' => $ldapConfig->accountDomainName, 'baseDn' => $ldapConfig->baseDn);
$ldapClient = new Zend_Ldap($ldapOptions);
$ldapClient->bind();
return new EngineBlock_UserDirectory($ldapClient);
};
}
/**
* @param string $username The username for authenticating the bind
* @param string $password The password for authenticating the bind
* @return Zend_Ldap Provides a fluent interface
* @throws Zend_Ldap_Exception
*/
public function bind($username = null, $password = null)
{
$moreCreds = true;
if ($username === null) {
$username = $this->_getUsername();
$password = $this->_getPassword();
$moreCreds = false;
}
if ($username === NULL) {
/* Perform anonymous bind
*/
$password = NULL;
} else {
/* Check to make sure the username is in DN form.
*/
if (!Zend_Ldap::explodeDn($username)) {
if ($this->_options['bindRequiresDn']) {
/* moreCreds stops an infinite loop if _getUsername does not
* return a DN and the bind requires it
*/
if ($moreCreds) {
try {
$username = $this->_getAccountDn($username);
} catch (Zend_Ldap_Exception $zle) {
/**
* @todo Temporary measure to deal with exception thrown for ldap extension not loaded
*/
if (strpos($zle->getMessage(), 'LDAP extension not loaded') !== false) {
throw $zle;
}
// end temporary measure
switch ($zle->getCode()) {
case Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT:
case Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH:
throw $zle;
}
throw new Zend_Ldap_Exception(null, 'Failed to retrieve DN for account: ' . $zle->getMessage(), Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR);
}
} else {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Binding requires username in DN form');
}
} else {
$username = $this->getCanonicalAccountName($username, Zend_Ldap::ACCTNAME_FORM_PRINCIPAL);
}
}
}
if (!is_resource($this->_resource)) {
$this->connect();
}
if ($username !== null && $password === '' && $this->_options['allowEmptyPassword'] !== true) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
$zle = new Zend_Ldap_Exception(null, 'Empty password not allowed - see allowEmptyPassword option.');
} else {
if (@ldap_bind($this->_resource, $username, $password)) {
return $this;
}
$message = $username === null ? $this->_connectString : $username;
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
switch (Zend_Ldap_Exception::getLdapCode($this)) {
case Zend_Ldap_Exception::LDAP_SERVER_DOWN:
/* If the error is related to establishing a connection rather than binding,
* the connect string is more informative than the username.
*/
$message = $this->_connectString;
}
$zle = new Zend_Ldap_Exception($this->_resource, $message);
}
$this->disconnect();
throw $zle;
}
/**
* returns ldap metadata of given group
*
* @param int $_groupId
* @return array
*
* @todo remove obsolete code
*/
protected function _getGroupMetaData($_groupId)
{
$groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
$filter = Zend_Ldap_Filter::equals($this->_options['groupUUIDAttribute'], Zend_Ldap::filterEscape($groupId));
$result = $this->_ldap->search($filter, $this->_options['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('objectclass', 'sambasid'))->getFirst();
return $result;
/*
} catch (Tinebase_Exception_NotFound $e) {
throw new Exception("group with id $groupId not found");
}
*/
}
/**
* Factory method to create an attached Zend_Ldap_Node for a given DN.
*
* @param string|array|Zend_Ldap_Dn $dn
* @param Zend_Ldap $ldap
* @return Zend_Ldap_Node|null
* @throws Zend_Ldap_Exception
*/
public static function fromLdap($dn, Zend_Ldap $ldap)
{
if (is_string($dn) || is_array($dn)) {
$dn = Zend_Ldap_Dn::factory($dn);
} else {
if ($dn instanceof Zend_Ldap_Dn) {
$dn = clone $dn;
} else {
/**
* @see Zend_Ldap_Exception
*/
require_once PHP_LIBRARY_PATH . 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, '$dn is of a wrong data type.');
}
}
$data = $ldap->getEntry($dn, array('*', '+'), true);
if ($data === null) {
return null;
}
$entry = new self($dn, $data, true, $ldap);
return $entry;
}
/**
* get groupmemberships of user from sync backend
*
* @param Tinebase_Model_User|string $_userId
* @return array list of group ids
*/
public function getGroupMembershipsFromSyncBackend($_userId)
{
$userId = $_userId instanceof Tinebase_Model_User ? $_userId->getId() : $_userId;
// find user in AD and retrieve memberOf attribute
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_userBaseFilter), Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($userId)));
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter);
}
$memberOfs = $this->getLdap()->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('memberof', 'primarygroupid'))->getFirst();
if ($memberOfs === null) {
return array();
}
// resolve primary group id to dn
$domainConfig = $this->getDomainConfiguration();
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::equals('objectsid', Zend_Ldap::filterEscape($domainConfig['domainSidPlain'] . '-' . $memberOfs['primarygroupid'][0])));
$group = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array($this->_groupUUIDAttribute))->getFirst();
$memberships = array($this->_decodeGroupId($group[$this->_groupUUIDAttribute][0]));
if (isset($memberOfs['memberof'])) {
// resolve $this->_groupUUIDAttribute attribute
$filter = new Zend_Ldap_Filter_Or(array());
foreach ($memberOfs['memberof'] as $memberOf) {
$filter = $filter->addFilter(Zend_Ldap_Filter::equals('distinguishedName', Zend_Ldap::filterEscape($memberOf)));
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter);
}
$groups = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array($this->_groupUUIDAttribute));
foreach ($groups as $group) {
$memberships[] = $this->_decodeGroupId($group[$this->_groupUUIDAttribute][0]);
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE));
}
return array_unique($memberships);
}
