public function testFilterCreation() { $f1 = Zend_Ldap_Filter::equals('name', 'value'); $this->assertEquals('(name=value)', $f1->toString()); $f2 = Zend_Ldap_Filter::begins('name', 'value'); $this->assertEquals('(name=value*)', $f2->toString()); $f3 = Zend_Ldap_Filter::ends('name', 'value'); $this->assertEquals('(name=*value)', $f3->toString()); $f4 = Zend_Ldap_Filter::contains('name', 'value'); $this->assertEquals('(name=*value*)', $f4->toString()); $f5 = Zend_Ldap_Filter::greater('name', 'value'); $this->assertEquals('(name>value)', $f5->toString()); $f6 = Zend_Ldap_Filter::greaterOrEqual('name', 'value'); $this->assertEquals('(name>=value)', $f6->toString()); $f7 = Zend_Ldap_Filter::less('name', 'value'); $this->assertEquals('(name<value)', $f7->toString()); $f8 = Zend_Ldap_Filter::lessOrEqual('name', 'value'); $this->assertEquals('(name<=value)', $f8->toString()); $f9 = Zend_Ldap_Filter::approx('name', 'value'); $this->assertEquals('(name~=value)', $f9->toString()); $f10 = Zend_Ldap_Filter::any('name'); $this->assertEquals('(name=*)', $f10->toString()); $f11 = Zend_Ldap_Filter::string('name=*value*value*'); $this->assertEquals('(name=*value*value*)', $f11->toString()); $f12 = Zend_Ldap_Filter::mask('(&(objectClass=account)(uid=%s))', 'a*b(b)d\\e/f'); $this->assertEquals('(&(objectClass=account)(uid=a\\2ab\\28b\\29d\\5ce/f))', $f12->toString()); }
/** * return gidnumber of group * * @param string $_uuid * @return string */ public function resolveGidNumber($_uuid) { $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))); $groupData = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('gidnumber'))->getFirst(); return $groupData['gidnumber'][0]; }
/** * return ldap entry of user * * @param string $_uid * @return array */ protected function _getLdapEntry($_property, $_userId) { switch ($_property) { case 'accountId': $value = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId)); break; default: $value = Zend_Ldap::filterEscape($_userId); break; } $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_userBaseFilter), Zend_Ldap_Filter::equals($this->_rowNameMapping[$_property], $value)); $attributes = array_values($this->_rowNameMapping); foreach ($this->_ldapPlugins as $plugin) { $attributes = array_merge($attributes, $plugin->getSupportedAttributes()); } $attributes[] = 'objectclass'; $attributes[] = 'uidnumber'; $attributes[] = 'useraccountcontrol'; // needed for account status handling (shadowmax: days after which password must be changed) $attributes[] = 'shadowmax'; if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' filter ' . $filter); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' requested attributes ' . print_r($attributes, true)); } $accounts = $this->_ldap->search($filter, $this->_baseDn, $this->_userSearchScope, $attributes); if (count($accounts) !== 1) { throw new Tinebase_Exception_NotFound('User with ' . $_property . ' = ' . $value . ' not found.'); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' current ldap values ' . print_r($accounts->getFirst(), true)); } return $accounts->getFirst(); }
/** * read ldap / get users and groups from tine an create mapping * * @return array */ protected function _getGroupMapping() { $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Fetching user mapping ...'); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter)); $mapping = array(); $groupNameMapping = $this->_config->groupNameMapping ? $this->_config->groupNameMapping->toArray() : array(); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group name mapping: ' . print_r($groupNameMapping, TRUE)); $ldapGroups = $this->_ldap->search($filter, $this->_config->ldap->baseDn, $this->_groupSearchScope, array('*', '+')); foreach ($ldapGroups as $group) { $groupname = isset($groupNameMapping[$group['cn'][0]]) ? $groupNameMapping[$group['cn'][0]] : $group['cn'][0]; $ldapUuid = $group['entryuuid'][0]; try { $tineGroup = $this->_tineGroupBackend->getGroupByName($groupname); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tineGroup->getId() . ' -> ' . $ldapUuid); $mapping[$tineGroup->getId()] = $ldapUuid; } catch (Tinebase_Exception_Record_NotDefined $tenf) { // @todo should be: Tinebase_Exception_NotFound $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tenf->getMessage()); } } $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Found ' . count($mapping) . ' groups for the mapping.'); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($mapping, TRUE)); return $mapping; }
/** * (non-PHPdoc) */ protected function _getSpecialResultDataFromLdap() { $filter = "&"; foreach ($this->_simpleMailConfig['skeleton'] as $attr => $val) { if (is_array($val)) { foreach ($val as $val_array) { $filter .= '(' . $attr . '=' . $val_array . ')'; } } else { $filter .= '(' . $attr . '=' . $val . ')'; } } $ldap = $this->_ldap->searchEntries(Zend_Ldap_Filter::string($filter), $this->_simpleMailConfig['base'], $this->_simpleMailConfig['scope'], array()); /* Make sure, the managed rdn is last in array and properties are * ultimately read from this rdn (if entries are doubled) * * Order of array matters: * - all entries anywhere * - entries within the storage path * - the exact managed dn */ $this->_ldapRawData = array(); $managedPath = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); $managedDn = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_rdn'] . ',' . $this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); $managedDnExisting = false; foreach ($ldap as $dn) { $dnArr = Zend_Ldap_Dn::fromString($dn['dn'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); if ($dnArr->toString() == $managedDn->toString()) { array_push($this->_ldapRawData, $dn); $managedDnExisting = true; } elseif (Zend_Ldap_Dn::isChildOf($dnArr, $managedPath)) { $managedDnExisting === true ? array_splice($this->_ldapRawData, -1, 0, array($dn)) : array_push($this->_ldapRawData, $dn); } else { $dn['simplemail_readonly'] = true; array_unshift($this->_ldapRawData, $dn); } } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' simpleMail - Tinebase_EmailUser combined with ldap: ' . print_r($this->_ldapRawData, true)); } }
/** * get groupmemberships of user from sync backend * * @param Tinebase_Model_User|string $_userId * @return array list of group ids */ public function getGroupMembershipsFromSyncBackend($_userId) { $metaData = $this->_getUserMetaData($_userId); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])), Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($metaData['dn'])))); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter); } $groups = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('cn', 'description', $this->_groupUUIDAttribute)); $memberships = array(); foreach ($groups as $group) { $memberships[] = $group[$this->_groupUUIDAttribute][0]; } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE)); } return $memberships; }