Author: Chad Sikorra (Chad.Sikorra@gmail.com)
 /**
  * Make sure that the group exists and that the user is already a member of it. If not, at least give an informative
  * message.
  *
  * @param string $name The group name.
  * @return string The text SID of the group.
  * @throws AttributeConverterException
  */
 protected function validateAndGetGroupSID($name)
 {
     $query = new LdapQueryBuilder($this->getLdapConnection());
     $query->select('objectSid')->where(['objectClass' => 'group', 'cn' => $name]);
     // Only validate group group membership on modification.
     if ($this->getOperationType() == AttributeConverterInterface::TYPE_MODIFY) {
         $query->andWhere(['member' => $this->getDn()]);
     }
     try {
         return $query->andWhere($query->filter()->bitwiseAnd('groupType', GroupTypeFlags::SECURITY_ENABLED))->getLdapQuery()->getSingleScalarResult();
     } catch (EmptyResultException $e) {
         throw new AttributeConverterException(sprintf('Either the group "%s" doesn\'t exist, the user with DN "%s" is not a member of the group, the group' . ' is not a security group, or this group is already their primary group.', $name, $this->getDn()));
     }
 }
 function it_should_set_the_attribute_map_for_the_role_query()
 {
     $this->setRoleAttributeMap(['members' => 'members', 'name' => 'cn', 'guid' => 'foo', 'sid' => 'bar']);
     $this->qb->select(['cn', 'foo', 'bar'])->shouldBeCalled()->willReturn($this->qb);
     $this->loadUserByUsername('foo');
 }
 /**
  * Get the LdapQueryBuilder with the defaults for this repository type.
  *
  * @return LdapQueryBuilder
  */
 public function buildLdapQuery()
 {
     $lqb = new LdapQueryBuilder($this->ldap);
     if (!empty($this->attributes)) {
         $lqb->select($this->attributes);
     }
     return $lqb->from($this->schema);
 }
Esempio n. 4
0
 /**
  * @param LdapQueryBuilder $query
  * @param string $value
  * @return bOr
  */
 protected function getQueryOrStatement(LdapQueryBuilder $query, $value)
 {
     $bOr = $query->filter()->bOr();
     $opType = AttributeConverterInterface::TYPE_SEARCH_TO;
     if (LdapUtilities::isValidGuid($value)) {
         $bOr->add($query->filter()->eq('objectGuid', (new ConvertWindowsGuid())->setOperationType($opType)->toLdap($value)));
     } elseif (LdapUtilities::isValidSid($value)) {
         $bOr->add($query->filter()->eq('objectSid', (new ConvertWindowsSid())->setOperationType($opType)->toLdap($value)));
     }
     return $bOr;
 }
 /**
  * This can be called to retrieve the current value of an attribute from LDAP.
  *
  * @param string $attribute The attribute name to query for a value from the converter context
  * @return array|string|null
  * @throws AttributeConverterException
  */
 protected function getCurrentLdapAttributeValue($attribute)
 {
     if (!$this->getDn() || !$this->getLdapConnection()) {
         throw new AttributeConverterException(sprintf('Unable to query for the current "%s" attribute.', $attribute));
     }
     $query = new LdapQueryBuilder($this->getLdapConnection());
     try {
         return $query->select($attribute)->where($query->filter()->present('objectClass'))->setBaseDn($this->getDn())->setScopeBase()->getLdapQuery()->getSingleScalarOrNullResult();
     } catch (EmptyResultException $e) {
         throw new AttributeConverterException(sprintf('Unable to find LDAP object: %s', $this->getDn()));
     }
 }
Esempio n. 6
0
 /**
  * Given an array of values and the attribute to query, get the values as represent by the attribute to select.
  *
  * @param array $values
  * @param string $toQuery
  * @param string $toSelect
  * @return array
  */
 protected function getValuesForAttribute(array $values, $toQuery, $toSelect)
 {
     $query = new LdapQueryBuilder($this->getLdapConnection());
     $or = $query->filter()->bOr();
     foreach ($values as $value) {
         $or->add($query->filter()->eq($toQuery, $value));
     }
     $query->select($toSelect)->where($or);
     return $query->getLdapQuery()->getResult();
 }