/**
* Make sure that the group exists and that the user is already a member of it. If not, at least give an informative
* message.
*
* @param string $name The group name.
* @return string The text SID of the group.
* @throws AttributeConverterException
*/
protected function validateAndGetGroupSID($name)
{
$query = new LdapQueryBuilder($this->getLdapConnection());
$query->select('objectSid')->where(['objectClass' => 'group', 'cn' => $name]);
// Only validate group group membership on modification.
if ($this->getOperationType() == AttributeConverterInterface::TYPE_MODIFY) {
$query->andWhere(['member' => $this->getDn()]);
}
try {
return $query->andWhere($query->filter()->bitwiseAnd('groupType', GroupTypeFlags::SECURITY_ENABLED))->getLdapQuery()->getSingleScalarResult();
} catch (EmptyResultException $e) {
throw new AttributeConverterException(sprintf('Either the group "%s" doesn\'t exist, the user with DN "%s" is not a member of the group, the group' . ' is not a security group, or this group is already their primary group.', $name, $this->getDn()));
}
}
function it_should_set_the_attribute_map_for_the_role_query()
{
$this->setRoleAttributeMap(['members' => 'members', 'name' => 'cn', 'guid' => 'foo', 'sid' => 'bar']);
$this->qb->select(['cn', 'foo', 'bar'])->shouldBeCalled()->willReturn($this->qb);
$this->loadUserByUsername('foo');
}
/**
* Get the LdapQueryBuilder with the defaults for this repository type.
*
* @return LdapQueryBuilder
*/
public function buildLdapQuery()
{
$lqb = new LdapQueryBuilder($this->ldap);
if (!empty($this->attributes)) {
$lqb->select($this->attributes);
}
return $lqb->from($this->schema);
}
/**
* @param LdapQueryBuilder $query
* @param string $value
* @return bOr
*/
protected function getQueryOrStatement(LdapQueryBuilder $query, $value)
{
$bOr = $query->filter()->bOr();
$opType = AttributeConverterInterface::TYPE_SEARCH_TO;
if (LdapUtilities::isValidGuid($value)) {
$bOr->add($query->filter()->eq('objectGuid', (new ConvertWindowsGuid())->setOperationType($opType)->toLdap($value)));
} elseif (LdapUtilities::isValidSid($value)) {
$bOr->add($query->filter()->eq('objectSid', (new ConvertWindowsSid())->setOperationType($opType)->toLdap($value)));
}
return $bOr;
}
/**
* This can be called to retrieve the current value of an attribute from LDAP.
*
* @param string $attribute The attribute name to query for a value from the converter context
* @return array|string|null
* @throws AttributeConverterException
*/
protected function getCurrentLdapAttributeValue($attribute)
{
if (!$this->getDn() || !$this->getLdapConnection()) {
throw new AttributeConverterException(sprintf('Unable to query for the current "%s" attribute.', $attribute));
}
$query = new LdapQueryBuilder($this->getLdapConnection());
try {
return $query->select($attribute)->where($query->filter()->present('objectClass'))->setBaseDn($this->getDn())->setScopeBase()->getLdapQuery()->getSingleScalarOrNullResult();
} catch (EmptyResultException $e) {
throw new AttributeConverterException(sprintf('Unable to find LDAP object: %s', $this->getDn()));
}
}
/**
* Given an array of values and the attribute to query, get the values as represent by the attribute to select.
*
* @param array $values
* @param string $toQuery
* @param string $toSelect
* @return array
*/
protected function getValuesForAttribute(array $values, $toQuery, $toSelect)
{
$query = new LdapQueryBuilder($this->getLdapConnection());
$or = $query->filter()->bOr();
foreach ($values as $value) {
$or->add($query->filter()->eq($toQuery, $value));
}
$query->select($toSelect)->where($or);
return $query->getLdapQuery()->getResult();
}