/** * Get all the group a user belongs to * * @param $ds ldap connection * @param $ldap_base_dn Basedn used * @param $user_dn Basedn of the user * @param $group_condition group search condition * @param $group_member_field group field member in a user object * @param $use_dn boolean search dn of user ($login_field=$user_dn) in group_member_field * @param $login_field string user login field * * @return String : basedn of the user / false if not founded **/ function ldap_get_user_groups($ds, $ldap_base_dn, $user_dn, $group_condition, $group_member_field, $use_dn, $login_field) { $groups = array(); $listgroups = array(); //User dn may contain ( or ), need to espace it! $user_dn = str_replace(array("(", ")"), array("\\(", "\\)"), $user_dn); //Only retrive cn and member attributes from groups $attrs = array('dn'); if (!$use_dn) { $filter = "(& {$group_condition} (|({$group_member_field}={$user_dn})\n ({$group_member_field}={$login_field}={$user_dn})))"; } else { $filter = "(& {$group_condition} ({$group_member_field}={$user_dn}))"; } //Perform the search $sr = ldap_search($ds, $ldap_base_dn, $filter, $attrs); //Get the result of the search as an array $info = ldap_get_entries_clean($ds, $sr); //Browse all the groups for ($i = 0; $i < count($info); $i++) { //Get the cn of the group and add it to the list of groups if (isset($info[$i]["dn"]) && $info[$i]["dn"] != '') { $listgroups[$i] = $info[$i]["dn"]; } } //Create an array with the list of groups of the user $groups[0][$group_member_field] = $listgroups; //Return the groups of the user return $groups; }
/** * Get an object from LDAP by giving his DN * * @param ds the active connection to the directory * @param condition the LDAP filter to use for the search * @param $dn string DN of the object * @param attrs the attributes to retreive **/ static function getObjectByDn($ds, $condition, $dn, $attrs = array()) { if ($result = @ldap_read($ds, $dn, $condition, $attrs)) { $info = ldap_get_entries_clean($ds, $result); if (is_array($info) && $info['count'] == 1) { return $info[0]; } } return false; }
/** * Get the attributes needed for processing the rules * * @param $input input datas * @param $params extra parameters given * * @return an array of attributes **/ function prepareInputDataForProcess($input, $params) { $rule_parameters = array(); //LDAP type method if ($params["type"] == "LDAP") { //Get all the field to retrieve to be able to process rule matching $rule_fields = $this->getFieldsToLookFor(); //Get all the datas we need from ldap to process the rules $sz = @ldap_read($params["connection"], $params["userdn"], "objectClass=*", $rule_fields); $rule_input = ldap_get_entries_clean($params["connection"], $sz); if (count($rule_input)) { if (isset($input)) { $groups = $input; } else { $groups = array(); } $rule_input = $rule_input[0]; //Get all the ldap fields $fields = $this->getFieldsForQuery(); foreach ($fields as $field) { switch (utf8_strtoupper($field)) { case "LDAP_SERVER": $rule_parameters["LDAP_SERVER"] = $params["ldap_server"]; break; case "GROUPS": foreach ($groups as $group) { $rule_parameters["GROUPS"][] = $group; } break; default: if (isset($rule_input[$field])) { if (!is_array($rule_input[$field])) { $rule_parameters[$field] = $rule_input[$field]; } else { for ($i = 0; $i < count($rule_input[$field]) - 1; $i++) { $rule_parameters[$field][] = $rule_input[$field][$i]; } } } } } return $rule_parameters; } return $rule_input; } //IMAP/POP login method $rule_parameters["MAIL_SERVER"] = $params["mail_server"]; $rule_parameters["MAIL_EMAIL"] = $params["email"]; return $rule_parameters; }