public function testFilterCreation()
{
$f1 = Zend_Ldap_Filter::equals('name', 'value');
$this->assertEquals('(name=value)', $f1->toString());
$f2 = Zend_Ldap_Filter::begins('name', 'value');
$this->assertEquals('(name=value*)', $f2->toString());
$f3 = Zend_Ldap_Filter::ends('name', 'value');
$this->assertEquals('(name=*value)', $f3->toString());
$f4 = Zend_Ldap_Filter::contains('name', 'value');
$this->assertEquals('(name=*value*)', $f4->toString());
$f5 = Zend_Ldap_Filter::greater('name', 'value');
$this->assertEquals('(name>value)', $f5->toString());
$f6 = Zend_Ldap_Filter::greaterOrEqual('name', 'value');
$this->assertEquals('(name>=value)', $f6->toString());
$f7 = Zend_Ldap_Filter::less('name', 'value');
$this->assertEquals('(name<value)', $f7->toString());
$f8 = Zend_Ldap_Filter::lessOrEqual('name', 'value');
$this->assertEquals('(name<=value)', $f8->toString());
$f9 = Zend_Ldap_Filter::approx('name', 'value');
$this->assertEquals('(name~=value)', $f9->toString());
$f10 = Zend_Ldap_Filter::any('name');
$this->assertEquals('(name=*)', $f10->toString());
$f11 = Zend_Ldap_Filter::string('name=*value*value*');
$this->assertEquals('(name=*value*value*)', $f11->toString());
$f12 = Zend_Ldap_Filter::mask('(&(objectClass=account)(uid=%s))', 'a*b(b)d\\e/f');
$this->assertEquals('(&(objectClass=account)(uid=a\\2ab\\28b\\29d\\5ce/f))', $f12->toString());
}
/**
* return gidnumber of group
*
* @param string $_uuid
* @return string
*/
public function resolveGidNumber($_uuid)
{
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid)));
$groupData = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('gidnumber'))->getFirst();
return $groupData['gidnumber'][0];
}
/**
* return ldap entry of user
*
* @param string $_uid
* @return array
*/
protected function _getLdapEntry($_property, $_userId)
{
switch ($_property) {
case 'accountId':
$value = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId));
break;
default:
$value = Zend_Ldap::filterEscape($_userId);
break;
}
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_userBaseFilter), Zend_Ldap_Filter::equals($this->_rowNameMapping[$_property], $value));
$attributes = array_values($this->_rowNameMapping);
foreach ($this->_ldapPlugins as $plugin) {
$attributes = array_merge($attributes, $plugin->getSupportedAttributes());
}
$attributes[] = 'objectclass';
$attributes[] = 'uidnumber';
$attributes[] = 'useraccountcontrol';
// needed for account status handling (shadowmax: days after which password must be changed)
$attributes[] = 'shadowmax';
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' filter ' . $filter);
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' requested attributes ' . print_r($attributes, true));
}
$accounts = $this->_ldap->search($filter, $this->_baseDn, $this->_userSearchScope, $attributes);
if (count($accounts) !== 1) {
throw new Tinebase_Exception_NotFound('User with ' . $_property . ' = ' . $value . ' not found.');
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' current ldap values ' . print_r($accounts->getFirst(), true));
}
return $accounts->getFirst();
}
/**
* read ldap / get users and groups from tine an create mapping
*
* @return array
*/
protected function _getGroupMapping()
{
$this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Fetching user mapping ...');
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter));
$mapping = array();
$groupNameMapping = $this->_config->groupNameMapping ? $this->_config->groupNameMapping->toArray() : array();
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group name mapping: ' . print_r($groupNameMapping, TRUE));
$ldapGroups = $this->_ldap->search($filter, $this->_config->ldap->baseDn, $this->_groupSearchScope, array('*', '+'));
foreach ($ldapGroups as $group) {
$groupname = isset($groupNameMapping[$group['cn'][0]]) ? $groupNameMapping[$group['cn'][0]] : $group['cn'][0];
$ldapUuid = $group['entryuuid'][0];
try {
$tineGroup = $this->_tineGroupBackend->getGroupByName($groupname);
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tineGroup->getId() . ' -> ' . $ldapUuid);
$mapping[$tineGroup->getId()] = $ldapUuid;
} catch (Tinebase_Exception_Record_NotDefined $tenf) {
// @todo should be: Tinebase_Exception_NotFound
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tenf->getMessage());
}
}
$this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Found ' . count($mapping) . ' groups for the mapping.');
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($mapping, TRUE));
return $mapping;
}
/**
* (non-PHPdoc)
*/
protected function _getSpecialResultDataFromLdap()
{
$filter = "&";
foreach ($this->_simpleMailConfig['skeleton'] as $attr => $val) {
if (is_array($val)) {
foreach ($val as $val_array) {
$filter .= '(' . $attr . '=' . $val_array . ')';
}
} else {
$filter .= '(' . $attr . '=' . $val . ')';
}
}
$ldap = $this->_ldap->searchEntries(Zend_Ldap_Filter::string($filter), $this->_simpleMailConfig['base'], $this->_simpleMailConfig['scope'], array());
/* Make sure, the managed rdn is last in array and properties are
* ultimately read from this rdn (if entries are doubled)
*
* Order of array matters:
* - all entries anywhere
* - entries within the storage path
* - the exact managed dn
*/
$this->_ldapRawData = array();
$managedPath = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
$managedDn = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_rdn'] . ',' . $this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
$managedDnExisting = false;
foreach ($ldap as $dn) {
$dnArr = Zend_Ldap_Dn::fromString($dn['dn'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
if ($dnArr->toString() == $managedDn->toString()) {
array_push($this->_ldapRawData, $dn);
$managedDnExisting = true;
} elseif (Zend_Ldap_Dn::isChildOf($dnArr, $managedPath)) {
$managedDnExisting === true ? array_splice($this->_ldapRawData, -1, 0, array($dn)) : array_push($this->_ldapRawData, $dn);
} else {
$dn['simplemail_readonly'] = true;
array_unshift($this->_ldapRawData, $dn);
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' simpleMail - Tinebase_EmailUser combined with ldap: ' . print_r($this->_ldapRawData, true));
}
}
/**
* get groupmemberships of user from sync backend
*
* @param Tinebase_Model_User|string $_userId
* @return array list of group ids
*/
public function getGroupMembershipsFromSyncBackend($_userId)
{
$metaData = $this->_getUserMetaData($_userId);
$filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])), Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($metaData['dn']))));
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter);
}
$groups = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('cn', 'description', $this->_groupUUIDAttribute));
$memberships = array();
foreach ($groups as $group) {
$memberships[] = $group[$this->_groupUUIDAttribute][0];
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE));
}
return $memberships;
}
