public function getUserBaseDn($uid) { // Search the user in the directory $result = $this->search(array('filter' => '(&(|(objectClass=person)(objectClass=mailRecipient))(mail=' . Filter::escapeValue($uid) . '))', 'attributes' => array('employeeNumber'), 'sizelimit' => 2)); if ($result->count() < 1) { throw new Exception('not found'); } else { if ($result->count() > 1) { throw new Exception('somethind bad happened'); } } $entry = $result->getFirst(); $userDn = $entry['dn']; $branchDn = Dn::factory($userDn)->getParentDn(1); // Search the subtree the user is an administrator $subtree = null; for ($i = 1; $i <= 3; $i++) { $result = $this->search(array('filter' => '(&(objectClass=groupOfNames)(member=' . Filter::escapeValue($userDn) . '))', 'basedn' => $subtree = $branchDn->getParentDn($i), 'attributes' => array('employeeNumber'), 'sizelimit' => 2)); if ($result->count() === 1) { break; } else { $subtree = null; } } if (is_null($subtree)) { throw new UserFriendlyException(403, 'Access denied', 'You are not allowed to access this resource.'); } return $subtree->toString(); }
public function testDnCreation() { Ldap\Dn::setDefaultCaseFold(Ldap\Dn::ATTR_CASEFOLD_NONE); $dnString1 = 'CN=Baker\\, Alice,CN=Users+OU=Lab,DC=example,DC=com'; $dnArray1 = array(array('CN' => 'Baker, Alice'), array('CN' => 'Users', 'OU' => 'Lab'), array('DC' => 'example'), array('DC' => 'com')); $dnString2 = 'cn=Baker\\, Alice,cn=Users+ou=Lab,dc=example,dc=com'; $dnArray2 = array(array('cn' => 'Baker, Alice'), array('cn' => 'Users', 'ou' => 'Lab'), array('dc' => 'example'), array('dc' => 'com')); $dnString3 = 'Cn=Baker\\, Alice,Cn=Users+Ou=Lab,Dc=example,Dc=com'; $dnArray3 = array(array('Cn' => 'Baker, Alice'), array('Cn' => 'Users', 'Ou' => 'Lab'), array('Dc' => 'example'), array('Dc' => 'com')); $dn11 = Ldap\Dn::fromString($dnString1); $dn12 = Ldap\Dn::fromArray($dnArray1); $dn13 = Ldap\Dn::factory($dnString1); $dn14 = Ldap\Dn::factory($dnArray1); $this->assertEquals($dn11, $dn12); $this->assertEquals($dn11, $dn13); $this->assertEquals($dn11, $dn14); $this->assertEquals($dnString1, $dn11->toString()); $this->assertEquals($dnString1, $dn11->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnString2, $dn11->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER)); $this->assertEquals($dnArray1, $dn11->toArray()); $this->assertEquals($dnArray1, $dn11->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnArray2, $dn11->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER)); $dn21 = Ldap\Dn::fromString($dnString2); $dn22 = Ldap\Dn::fromArray($dnArray2); $dn23 = Ldap\Dn::factory($dnString2); $dn24 = Ldap\Dn::factory($dnArray2); $this->assertEquals($dn21, $dn22); $this->assertEquals($dn21, $dn23); $this->assertEquals($dn21, $dn24); $this->assertEquals($dnString2, $dn21->toString()); $this->assertEquals($dnString1, $dn21->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnString2, $dn21->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER)); $this->assertEquals($dnArray2, $dn21->toArray()); $this->assertEquals($dnArray1, $dn21->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnArray2, $dn21->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER)); $this->assertEquals($dnArray2, $dn22->toArray()); $dn31 = Ldap\Dn::fromString($dnString3); $dn32 = Ldap\Dn::fromArray($dnArray3); $dn33 = Ldap\Dn::factory($dnString3); $dn34 = Ldap\Dn::factory($dnArray3); $this->assertEquals($dn31, $dn32); $this->assertEquals($dn31, $dn33); $this->assertEquals($dn31, $dn34); $this->assertEquals($dnString3, $dn31->toString()); $this->assertEquals($dnString1, $dn31->toString(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnString2, $dn31->toString(Ldap\Dn::ATTR_CASEFOLD_LOWER)); $this->assertEquals($dnArray3, $dn31->toArray()); $this->assertEquals($dnArray1, $dn31->toArray(Ldap\Dn::ATTR_CASEFOLD_UPPER)); $this->assertEquals($dnArray2, $dn31->toArray(Ldap\Dn::ATTR_CASEFOLD_LOWER)); try { Ldap\Dn::factory(1); $this->fail('Expected Zend\\Ldap\\Exception not thrown'); } catch (Exception\LdapException $e) { $this->assertEquals('Invalid argument type for $dn', $e->getMessage()); } }
/** * Update LDAP registry * * @param string|Dn $dn * @param array $entry * @return Ldap Provides a fluid interface * @throws Exception\LdapException */ public function update($dn, array $entry) { if (!$dn instanceof Dn) { $dn = Dn::factory($dn, null); } self::prepareLdapEntryArray($entry); $rdnParts = $dn->getRdn(Dn::ATTR_CASEFOLD_LOWER); foreach ($rdnParts as $key => $value) { $value = Dn::unescapeValue($value); if (array_key_exists($key, $entry) && !in_array($value, $entry[$key])) { $entry[$key] = array_merge(array($value), $entry[$key]); } } $adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory', 'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated'); foreach ($adAttributes as $attr) { if (array_key_exists($attr, $entry)) { unset($entry[$attr]); } } if (count($entry) > 0) { ErrorHandler::start(E_WARNING); $isModified = ldap_modify($this->getResource(), $dn->toString(), $entry); ErrorHandler::stop(); if ($isModified === false) { throw new Exception\LdapException($this, 'updating: ' . $dn->toString()); } } return $this; }
/** * Sets the new DN for this node * * This is an offline method. * * @param Dn|string|array $newDn * @throws Exception\LdapException * @return Node Provides a fluid interface */ public function setDn($newDn) { if ($newDn instanceof Dn) { $this->newDn = clone $newDn; } else { $this->newDn = Dn::factory($newDn); } $this->ensureRdnAttributeValues(true); return $this; }
private function findUnit(Identity $identity) { if (null === $this->unit) { $filter = Filter::equals('mail', $identity->mail); $baseDn = Dn::factory($this->ldap->getBaseDn())->prepend(['ou' => 'people']); $result = $this->ldap->search($filter, $baseDn, Ldap::SEARCH_SCOPE_ONE, ['l']); if (1 !== $result->count()) { return; } $result = $result->current(); $unitDn = $result['l'][0]; $this->unit = $this->ldap->getNode($unitDn); } return $this->unit; }