protected function loadPage() { if (!ldap_control_paged_result($this->connection, $this->pageSize, true, $this->pageToken)) { throw new SearchException("Unable to set paged control pageSize: " . $this->pageSize); } $search = ldap_search($this->connection, $this->baseDn, $this->filter, is_array($this->attributes) ? $this->attributes : []); if (!$search) { // Something went wrong in search throw Connection::createLdapSearchException(ldap_errno($this->connection), $this->baseDn, $this->filter, $this->pageSize); } $this->entries = ldap_get_entries($this->connection, $search); $this->entriesPosition = 0; if (!$this->entries) { throw Connection::createLdapSearchException(ldap_errno($this->connection), $this->baseDn, $this->filter, $this->pageSize); } // check if on first page if (empty($this->pageToken)) { $this->currentPage = 0; } else { $this->currentPage++; } // Ok go to next page ldap_control_paged_result_response($this->connection, $search, $this->pageToken); if (empty($this->pageToken)) { $this->isLastPage = true; } }
public function getAvailableValues() { if (!empty($this->fields['values'])) { $ldap_values = json_decode($this->fields['values']); $ldap_dropdown = new RuleRightParameter(); if (!$ldap_dropdown->getFromDB($ldap_values->ldap_attribute)) { return array(); } $attribute = array($ldap_dropdown->fields['value']); $config_ldap = new AuthLDAP(); if (!$config_ldap->getFromDB($ldap_values->ldap_auth)) { return array(); } if (!function_exists('warning_handler')) { function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext) { if (0 === error_reporting()) { return false; } throw new ErrorException($errstr, 0, $errno, $errfile, $errline); } } set_error_handler("warning_handler", E_WARNING); try { $tab_values = array(); $ds = $config_ldap->connect(); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); $cookie = ''; do { if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) { ldap_control_paged_result($ds, $config_ldap->fields['pagesize'], true, $cookie); } $result = ldap_search($ds, $config_ldap->fields['basedn'], $ldap_values->ldap_filter, $attribute); $entries = ldap_get_entries($ds, $result); array_shift($entries); foreach ($entries as $id => $attr) { if (isset($attr[$attribute[0]]) && !in_array($attr[$attribute[0]][0], $tab_values)) { $tab_values[$id] = $attr[$attribute[0]][0]; } } if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) { ldap_control_paged_result_response($ds, $result, $cookie); } } while ($cookie !== null && $cookie != ''); if ($this->fields['show_empty']) { $tab_values = array('' => '-----') + $tab_values; } asort($tab_values); return $tab_values; } catch (Exception $e) { return array(); } restore_error_handler(); } else { return array(); } }
/** * Search LDAP registry for entries matching filter and optional attributes * and return ALL values, including those beyond the usual 1000 entries, as an array. * * @param string $filter * @param array $attributes -OPTIONAL * @return array * @throws Exception\LdapException */ public function searchAll($filter, array $attributes = []) { $ldap = $this->getResource(); // $ds is a valid link identifier (see ldap_connect) ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); $cookie = ''; $result = []; do { ldap_control_paged_result($ldap, self::PAGE_SIZE, true, $cookie); Stdlib\ErrorHandler::start(E_WARNING); $search = ldap_search($ldap, $this->getBaseDn(), $filter, $attributes); Stdlib\ErrorHandler::stop(); if ($search === false) { throw new Lp\Exception\LdapException($this, 'searching: ' . $filter); } $entries = $this->createCollection(new Lp\Collection\DefaultIterator($this, $search), null); foreach ($entries as $es) { $result[] = $es; } ldap_control_paged_result_response($ldap, $search, $cookie); } while ($cookie !== null && $cookie != ''); return $result; }
/** * Send LDAP pagination control. * * @param int $pageSize * @param bool $isCritical * @param string $cookie * * @return bool * * @throws AdldapException */ public function controlPagedResult($pageSize = 1000, $isCritical = false, $cookie = '') { if ($this->isPagingSupported()) { if ($this->suppressErrors) { return @ldap_control_paged_result($this->getConnection(), $pageSize, $isCritical, $cookie); } return ldap_control_paged_result($this->getConnection(), $pageSize, $isCritical, $cookie); } $message = 'LDAP Pagination is not supported on your current PHP installation.'; throw new AdldapException($message); }
/** * @since version 0.84 new parameter $limitexceeded * * @param $ldap_connection * @param $config_ldap * @param $filter * @param $search_in_groups (true by default) * @param $groups array * @param $limitexceeded **/ static function getGroupsFromLDAP($ldap_connection, $config_ldap, $filter, $search_in_groups = true, $groups = array(), &$limitexceeded) { global $DB; //First look for groups in group objects $extra_attribute = $search_in_groups ? "cn" : $config_ldap->fields["group_field"]; $attrs = array("dn", $extra_attribute); if ($filter == '') { if ($search_in_groups) { $filter = !empty($config_ldap->fields['group_condition']) ? $config_ldap->fields['group_condition'] : "(objectclass=*)"; } else { $filter = !empty($config_ldap->fields['condition']) ? $config_ldap->fields['condition'] : "(objectclass=*)"; } } $cookie = ''; $count = 0; do { if (self::isLdapPageSizeAvailable($config_ldap)) { ldap_control_paged_result($ldap_connection, $config_ldap->fields['pagesize'], true, $cookie); } $filter = Toolbox::unclean_cross_side_scripting_deep($filter); $sr = @ldap_search($ldap_connection, $config_ldap->fields['basedn'], $filter, $attrs); if ($sr) { if (in_array(ldap_errno($ldap_connection), array(4, 11))) { // openldap return 4 for Size limit exceeded $limitexceeded = true; } $infos = self::get_entries_clean($ldap_connection, $sr); if (in_array(ldap_errno($ldap_connection), array(4, 11))) { // openldap return 4 for Size limit exceeded $limitexceeded = true; } $count += $infos['count']; //If page results are enabled and the number of results is greater than the maximum allowed //warn user that limit is exceeded and stop search if (self::isLdapPageSizeAvailable($config_ldap) && $config_ldap->fields['ldap_maxlimit'] && $count > $config_ldap->fields['ldap_maxlimit']) { $limitexceeded = true; break; } for ($ligne = 0; $ligne < $infos["count"]; $ligne++) { if ($search_in_groups) { // No cn : not a real object if (isset($infos[$ligne]["cn"][0])) { $cn = $infos[$ligne]["cn"][0]; $groups[$infos[$ligne]["dn"]] = array("cn" => $infos[$ligne]["cn"][0], "search_type" => "groups"); } } else { if (isset($infos[$ligne][$extra_attribute])) { if ($config_ldap->fields["group_field"] == 'dn' || in_array('ou', $groups)) { $dn = $infos[$ligne][$extra_attribute]; $ou = array(); for ($tmp = $dn; count($tmptab = explode(',', $tmp, 2)) == 2; $tmp = $tmptab[1]) { $ou[] = $tmptab[1]; } /// Search in DB for group with ldap_group_dn if ($config_ldap->fields["group_field"] == 'dn' && count($ou) > 0) { $query = "SELECT `ldap_value`\n FROM `glpi_groups`\n WHERE `ldap_group_dn`\n IN ('" . implode("', '", Toolbox::addslashes_deep($ou)) . "')"; foreach ($DB->request($query) as $group) { $groups[$group['ldap_value']] = array("cn" => $group['ldap_value'], "search_type" => "users"); } } } else { for ($ligne_extra = 0; $ligne_extra < $infos[$ligne][$extra_attribute]["count"]; $ligne_extra++) { $groups[$infos[$ligne][$extra_attribute][$ligne_extra]] = array("cn" => self::getGroupCNByDn($ldap_connection, $infos[$ligne][$extra_attribute][$ligne_extra]), "search_type" => "users"); } } } } } } if (self::isLdapPageSizeAvailable($config_ldap)) { ldap_control_paged_result_response($ldap_connection, $sr, $cookie); } } while ($cookie !== null && $cookie != ''); return $groups; }
$dn = "cn=groupname,cn=groups,dc=example,dc=com"; echo "\nModDel " . $dn; $entry['memberuid'] = "username"; ldap_mod_del($ds, $dn, $entry); /* #### MOD REPLACE ### */ $dn = "cn=groupname,cn=groups,dc=example,dc=com"; echo "\nModReplace " . $dn; $entry['memberuid'] = "username"; ldap_mod_replace($ds, $dn, $entry); /* ### SEARCH ### */ $dn = "o=My Company, c=USs"; echo "\nSearch " . $dn; $filter = "(|(sn=jeantet)(givenname=jeantet*))"; $justthese = array("ou", "sn", "givenname", "mail"); $cookie = 'cookie'; ldap_control_paged_result($ds, 23, true, $cookie); $sr = ldap_search($ds, $dn, $filter, $justthese); $info = ldap_get_entries($ds, $sr); echo "\n\t" . $info["count"] . " entries returned"; // ldap_control_paged_result_response($ds, $sr, $cookie); /* ### COMPARE ### */ $dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI"; echo "\nCompare " . $dn; // Préparation des données $value = "secretpassword"; $attr = "password"; // Comparaison des valeurs $r = ldap_compare($ds, $dn, $attr, $value); if ($r === -1) { echo "Error: " . ldap_error($ds); } elseif ($r === true) {
/** * Validate form fields before add or update a question * * @param Array $input Datas used to add the item * * @return Array The modified $input array * * @param [type] $input [description] * @return [type] [description] */ private function checkBeforeSave($input) { // Control fields values : // - name is required if (empty($input['name'])) { Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR); return array(); } // - field type is required if (empty($input['fieldtype'])) { Session::addMessageAfterRedirect(__('The field type is required', 'formcreator'), false, ERROR); return array(); } // - section is required if (empty($input['plugin_formcreator_sections_id'])) { Session::addMessageAfterRedirect(__('The section is required', 'formcreator'), false, ERROR); return array(); } // Values are required for GLPI dropdowns, dropdowns, multiple dropdowns, checkboxes, radios, LDAP $itemtypes = array('select', 'multiselect', 'checkboxes', 'radios', 'ldap'); if (empty($input['values']) && in_array($input['fieldtype'], $itemtypes)) { Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR); return array(); } // Fields are differents for dropdown lists, so we need to replace these values into the good ones if ($input['fieldtype'] == 'dropdown') { if (empty($input['dropdown_values'])) { Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR); return array(); } $input['values'] = $input['dropdown_values']; $input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : ''; } // Fields are differents for GLPI object lists, so we need to replace these values into the good ones if ($input['fieldtype'] == 'glpiselect') { if (empty($input['glpi_objects'])) { Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR); return array(); } $input['values'] = $input['glpi_objects']; $input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : ''; } // A description field should have a description if ($input['fieldtype'] == 'description' && empty($input['description'])) { Session::addMessageAfterRedirect(__('A description field should have a description:', 'formcreator') . ' ' . $input['name'], false, ERROR); return array(); } // format values for numbers if ($input['fieldtype'] == 'integer' || $input['fieldtype'] == 'float') { $input['default_values'] = !empty($input['default_values']) ? (double) str_replace(',', '.', $input['default_values']) : null; $input['range_min'] = !empty($input['range_min']) ? (double) str_replace(',', '.', $input['range_min']) : null; $input['range_max'] = !empty($input['range_max']) ? (double) str_replace(',', '.', $input['range_max']) : null; } // LDAP fields validation if ($input['fieldtype'] == 'ldapselect') { // Fields are differents for dropdown lists, so we need to replace these values into the good ones if (!empty($input['ldap_auth'])) { $config_ldap = new AuthLDAP(); $config_ldap->getFromDB($input['ldap_auth']); $ldap_dropdown = new RuleRightParameter(); $ldap_dropdown->getFromDB($input['ldap_attribute']); $attribute = array($ldap_dropdown->fields['value']); // Set specific error handler too catch LDAP errors if (!function_exists('warning_handler')) { function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext) { if (0 === error_reporting()) { return false; } throw new ErrorException($errstr, 0, $errno, $errfile, $errline); } } set_error_handler("warning_handler", E_WARNING); try { $ds = $config_ldap->connect(); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_control_paged_result($ds, 1); $sn = ldap_search($ds, $config_ldap->fields['basedn'], $input['ldap_filter'], $attribute); $entries = ldap_get_entries($ds, $sn); } catch (Exception $e) { Session::addMessageAfterRedirect(__('Cannot recover LDAP informations!', 'formcreator'), false, ERROR); } restore_error_handler(); $input['values'] = json_encode(array('ldap_auth' => $input['ldap_auth'], 'ldap_filter' => $input['ldap_filter'], 'ldap_attribute' => strtolower($input['ldap_attribute']))); } } // Add leading and trailing regex marker automaticaly if (!empty($input['regex'])) { if (substr($input['regex'], 0, 1) != '/') { if (substr($input['regex'], 0, 1) != '^') { $input['regex'] = '/^' . $input['regex']; } else { $input['regex'] = '/' . $input['regex']; } } if (substr($input['regex'], -1, 1) != '/') { if (substr($input['regex'], -1, 1) != '$') { $input['regex'] = $input['regex'] . '$/'; } else { $input['regex'] = $input['regex'] . '/'; } } } return $input; }
public function searchRaw($search = "*") { if (!$this->adldap->getLdapBind()) { return false; } // Perform the search and grab all their details $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT . ")(objectCategory=person)(cn=" . $search . "))"; $fields = array("samaccountname", "displayname"); $pageSize = 25; $cookie = ''; ldap_control_paged_result($this->adldap->getLdapConnection(), $pageSize, true, $cookie); $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields); $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr); ldap_control_paged_result_response($this->adldap->getLdapConnection(), $sr, $cookie); $return = []; foreach ($entries as $k => $r) { $comp = explode(",", $r['dn']); $cn = ''; $ou = ''; $dc = ''; foreach ($comp as $c) { $x = explode("=", "{$c}"); switch ($x[0]) { case 'CN': $cn = $x[1]; break; case 'OU': $ou = $x[1]; break; case 'DC': $dc .= $x[1] . "."; break; } } if (count($r['samaccountname']) == 0) { continue; } $return[] = ['fullname' => isset($r['displayname']) ? @$r['displayname'][0] : @$r['samaccountname'][0], 'username' => @$r['samaccountname'][0], 'cn' => $cn, 'dc' => $dc, 'ou' => $ou]; } return $return; }
/** * Resets the paging control so that read operations work after a paging operation is used. * * @throws LdapConnectionException */ public function resetPagingControl() { // Per RFC 2696, to abandon a paged search you should send a size of 0 along with the cookie used in the search. // However, testing this it doesn't seem to completely work. Perhaps a PHP bug? if (!@ldap_control_paged_result($this->connection->getConnection(), 0, false, $this->cookie)) { throw new LdapConnectionException(sprintf('Unable to reset paged results control for read operation: %s', $this->connection->getLastError())); } }
/** * @link http://php.net/manual/en/function.ldap-control-paged-result.php * @param $link * @param $pagesize * @param bool $iscritical * @param string $cookie * @return bool */ public function controlPagedResult($link, $pagesize, $iscritical = false, $cookie = "") { return ldap_control_paged_result($link, $pagesize, $iscritical, $cookie); }
/** * Send LDAP pagination control. * @param int $pageSize * @param bool $isCritical * @param string $cookie * @return bool */ public function setControlPagedResult($cookie) { return ldap_control_paged_result($this->resource, $this->pageSize, false, $cookie); }
public function ldap() { set_time_limit(0); //$this->db->query("truncate px_tmp"); $host = "192.168.5.3"; $user = "******"; $pswd = "zldc@8888"; $cookie = ''; $result = []; $result['count'] = 0; do { $ad = ldap_connect($host) or die("Could not connect!"); //var_dump($ad); if ($ad) { //璁剧疆鍙傛暟 ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ad, LDAP_OPT_REFERRALS, 0); // bool ldap_bind ( resource $link_identifier [, string $bind_rdn = NULL [, string $bind_password = NULL ]] ) $bd = ldap_bind($ad, $user, $pswd) or die("Could not bind"); ldap_control_paged_result($ad, 500, true, $cookie); $attrs = array("displayname", "name", "sAMAccountName", "userPrincipalName", "objectclass"); //鎸囧畾闇�鏌ヨ鐨勭敤鎴疯寖鍥� $filter = "(objectclass=*)"; //ldap_search ( resource $link_identifier , string $base_dn , string $filter [, array $attributes [, int $attrsonly [, int $sizelimit [, int $timelimit [, int $deref ]]]]] ) $search = ldap_search($ad, 'ou=中梁集团,DC=zldcgroup,DC=com', $filter, $attrs, 0, 0, 0) or die("ldap search failed"); $entries = ldap_get_entries($ad, $search); ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); $result = array_merge($result, $entries); ldap_control_paged_result_response($ad, $search, $cookie); //echo json_encode($entries); // var_dump($entries); $data = array(); if ($entries["count"] > 0) { //echo '返回记录数:'.$entries["count"]; for ($i = 0; $i < $entries["count"]; $i++) { //所要获取的字段,都必须小写 //if(isset($entries[$i]["displayname"])){ // echo "<p>name: ".$entries[$i]["name"][0]."<br />";//用户名 // echo "<p>sAMAccountName: ".@$entries[$i]["samaccountname"][0]."<br />";//用户名 if (isset($entries[$i]["dn"][0])) { // echo "dn: ".$entries[$i]["dn"]."<br />";//用户名字 $is_user = in_array('user', $entries[$i]["objectclass"]) ? 1 : 0; if ($is_user == 0) { continue; } $dn = $entries[$i]["dn"]; $dn = explode(",", $dn); $area = array(); foreach ($dn as $v) { if (strpos($v, 'OU=') !== false) { array_push($area, str_replace("OU=", "", $v)); //有的抬头不是OU } else { if (strpos($v, 'CN=') !== false) { array_push($area, str_replace("CN=", "", $v)); //有的抬头不是CN } else { if (strpos($v, 'DC=') !== false) { array_push($area, str_replace("DC=", "", $v)); //有的抬头不是DC } } } } $area = array_reverse($area); $insertArr = array(); $flag = 1; if (is_array($area)) { $flag = count($area, COUNT_NORMAL); } // var_dump($area); // list($f6,$f5,$f4,$f3,$f2,$f1) = $area; foreach ($area as $val) { $keyStr = 'F' . $flag; $flag--; $insertArr[$keyStr] = $val; } $insertArr['FISUSER'] = 1; $insertArr['FNUMBER'] = $entries[$i]["samaccountname"][0]; $insertArr['FNAME'] = $entries[$i]["name"][0]; $insertArr['FORG'] = 'test'; if (is_array($area)) { if (count($area, COUNT_NORMAL) >= 7) { //echo "test 5 "; } } $where = 'FNUMBER = ' . $entries[$i]["samaccountname"][0]; $tableName = 'T_USER'; $this->db->select('*'); $this->db->where('FNUMBER', $entries[$i]["samaccountname"][0]); $row = $this->db->get('T_USER')->row_array(); if (isset($row)) { $result = $this->Tools->updateDataWithFID($insertArr, $tableName, $row['FID']); } else { $result = $this->Tools->addData($insertArr, $tableName); } } } //} } else { //echo "<p>No results found!</p>"; } } } while ($cookie !== null && $cookie != ''); return $result; }
/** * Group Information. Returns an array of information about a group. * The group name is case sensitive * * @param string $group_name The group name to retrieve info about * @param array $fields Fields to retrieve * @return array */ public function group_info($group_name, $fields = NULL) { if ($group_name === NULL) { return false; } if (!$this->_bind) { return false; } if (stristr($group_name, '+')) { $group_name = stripslashes($group_name); } $filter = "(&(objectCategory=group)(name=" . $this->ldap_slashes($group_name) . "))"; //echo ($filter."!!!<br>"); if ($fields === NULL) { $fields = array("member", "memberof", "cn", "description", "distinguishedname", "objectcategory", "samaccountname"); } // Let's use paging if available if (function_exists('ldap_control_paged_result')) { $pageSize = 500; $cookie = ''; $entries = array(); $entries_page = array(); do { ldap_control_paged_result($this->_conn, $pageSize, true, $cookie); $sr = ldap_search($this->_conn, $this->_base_dn, $filter, $fields); $entries_page = ldap_get_entries($this->_conn, $sr); if (!is_array($entries_page)) { return false; } $entries = array_merge($entries, $entries_page); ldap_control_paged_result_response($this->_conn, $sr, $cookie); } while ($cookie !== null && $cookie != ''); $entries['count'] = count($entries) - 1; // Set a new count value !important! ldap_control_paged_result($this->_conn, $pageSize, true, $cookie); // RESET is important } else { // Non-Paged version $sr = ldap_search($this->_conn, $this->_base_dn, $filter, $fields); $entries = ldap_get_entries($this->_conn, $sr); } //print_r($entries); return $entries; }
/** * @brief prepares a paged search, if possible * @param $filter the LDAP filter for the search * @param $base the LDAP subtree that shall be searched * @param $attr optional, when a certain attribute shall be filtered outside * @param $limit * @param $offset * */ private function initPagedSearch($filter, $base, $attr, $limit, $offset) { $pagedSearchOK = false; if ($this->connection->hasPagedResultSupport && !is_null($limit)) { $offset = intval($offset); //can be null \OCP\Util::writeLog('user_ldap', 'initializing paged search for Filter' . $filter . ' base ' . $base . ' attr ' . print_r($attr, true) . ' limit ' . $limit . ' offset ' . $offset, \OCP\Util::DEBUG); //get the cookie from the search for the previous search, required by LDAP $cookie = $this->getPagedResultCookie($filter, $limit, $offset); if (empty($cookie) && $offset > 0) { //no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?) $reOffset = $offset - $limit < 0 ? 0 : $offset - $limit; //a bit recursive, $offset of 0 is the exit \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O ' . $limit . '/' . $reOffset, \OCP\Util::INFO); $this->search($filter, $base, $attr, $limit, $reOffset, true); $cookie = $this->getPagedResultCookie($filter, $limit, $offset); //still no cookie? obviously, the server does not like us. Let's skip paging efforts. //TODO: remember this, probably does not change in the next request... if (empty($cookie)) { $cookie = null; } } if (!is_null($cookie)) { if ($offset > 0) { \OCP\Util::writeLog('user_ldap', 'Cookie ' . $cookie, \OCP\Util::INFO); } $pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie); \OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO); } else { \OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit ' . $limit . ' Offset ' . $offset, \OCP\Util::INFO); } } return $pagedSearchOK; }
/** * The core of ORM behavior for this bundle: retrieve data * from LDAP and convert results into objects. * * Options maybe: * * attributes (array): array of attribute types (strings) * * filter (LdapFilter): a filter array or a correctly formatted filter string * * max (integer): the maximum limit of entries to return * * searchDn (string): the search DN * * subentryNodes (array): parameters for the left hand side of a searchDN, useful for mining subentries. * * pageSize (integer): employ pagination and return pages of the given size * * pageCookie (opaque): The opaque stucture sent by the LDAP server to maintain pagination state. Default is empty string. * * pageCritical (boolean): if pagination employed, force paging and return no results on service which do not provide it. Default is true. * * checkOnly (boolean): Only check result existence; don't convert search results to Symfony entities. Default is false. * * @param string $entityName * @param array $options * @return array * @throws MissingSearchDnException */ public function retrieve($entityName, $options = array()) { $paging = !empty($options['pageSize']); $instanceMetadataCollection = $this->getClassMetadata($entityName); // Discern max result size $max = empty($options['max']) ? self::DEFAULT_MAX_RESULT_COUNT : $options['max']; // Employ results paging if requested with pageSize option if ($paging) { if (!isset($options['pageCritical'])) { $options['pageCritical'] = FALSE; } if (isset($options['pageCookie'])) { $this->pageCookie = $options['pageCookie']; } ldap_control_paged_result($this->client->getLdapResource(), $options['pageSize'], $options['pageCritical'], $this->pageCookie); } // Discern subentryNodes for substituing into searchDN $subentryNodes = empty($options['subentryNodes']) ? array() : $options['subentryNodes']; // Discern search DN if (isset($options['searchDn'])) { $searchDn = $options['searchDn']; } else { $searchDn = $instanceMetadataCollection->getSearchDn(); } if (empty($searchDn)) { throw new MissingSearchDnException('Could not discern search DN while searching for ' . $entityName); } // Discern LDAP filter $objectClass = $instanceMetadataCollection->getObjectClass(); if (empty($options['filter'])) { $filter = '(objectClass=' . $objectClass . ')'; } else { if (is_array($options['filter'])) { $options['filter'] = array('&' => array('objectClass' => $objectClass, $options['filter'])); $ldapFilter = new LdapFilter($options['filter']); $filter = $ldapFilter->format(); } else { if (is_a($options['filter'], LdapFilter::class)) { $options['filter']->setFilterArray(array('&' => array('objectClass' => $objectClass, $options['filter']->getFilterArray()))); $filter = $options['filter']->format(); } else { // assume pre-formatted scale/string filter value $filter = '(&(objectClass=' . $objectClass . ')' . $options['filter'] . ')'; } } } // Discern attributes to retrieve if (empty($options['attributes'])) { $attributes = array_values($instanceMetadataCollection->getMetadatas()); } else { $attributes = $options['attributes']; } // Search LDAP $searchResult = $this->doRawLdapSearch($filter, $attributes, $max, $searchDn); $entries = @ldap_get_entries($this->client->getLdapResource(), $searchResult); if (!empty($options['checkOnly']) && $options['checkOnly'] == true) { return $entries['count'] > 0; } $entities = array(); foreach ($entries as $entry) { if (is_array($entry)) { $entities[] = $this->entryToEntity($entityName, $entry); } } if ($paging) { ldap_control_paged_result_response($this->client->getLdapResource(), $searchResult, $this->pageCookie); $this->pageMore = !empty($this->pageCookie); } if ($entries['count'] == 1) { return $entities[0]; } return $entities; }
/** * Searches LDAP * * @author [A. Gianotto] [<*****@*****.**>] * @since [v3.0] * @param $ldapatttibutes * @return array|bool */ static function findLdapUsers() { $ldapconn = Ldap::connectToLdap(); $ldap_bind = Ldap::bindAdminToLdap($ldapconn); $base_dn = Setting::getSettings()->ldap_basedn; $filter = Setting::getSettings()->ldap_filter; // Set up LDAP pagination for very large databases // @author Richard Hofman $page_size = 500; $cookie = ''; $result_set = array(); $global_count = 0; // Perform the search do { // Paginate (non-critical, if not supported by server) ldap_control_paged_result($ldapconn, $page_size, false, $cookie); $search_results = ldap_search($ldapconn, $base_dn, '(' . $filter . ')'); if (!$search_results) { return redirect()->route('users')->with('error', trans('admin/users/message.error.ldap_could_not_search') . ldap_error($ldapconn)); } // Get results from page $results = ldap_get_entries($ldapconn, $search_results); if (!$results) { return redirect()->route('users')->with('error', trans('admin/users/message.error.ldap_could_not_get_entries') . ldap_error($ldapconn)); } // Add results to result set $global_count += $results['count']; $result_set = array_merge($result_set, $results); ldap_control_paged_result_response($ldapconn, $search_results, $cookie); } while ($cookie !== null && $cookie != ''); // Clean up after search $result_set['count'] = $global_count; $results = $result_set; ldap_control_paged_result($ldapconn, 0); return $results; }
function QueryArray($str = '(ObjectClass=*)', $fields = false) { global $APPLICATION; if (strlen($this->arFields['BASE_DN']) <= 0) { return false; } $arBaseDNs = explode(";", $this->arFields['BASE_DN']); $info = false; $i = 0; if ($this->arFields["CONVERT_UTF8"] == "Y") { $str = $APPLICATION->ConvertCharset($str, SITE_CHARSET, "utf-8"); } foreach ($arBaseDNs as $BaseDN) { global $APPLICATION; $BaseDN = trim($BaseDN); if ($BaseDN == "") { continue; } if ($this->arFields["CONVERT_UTF8"] == "Y") { $BaseDN = $APPLICATION->ConvertCharset($BaseDN, SITE_CHARSET, "utf-8"); } $defaultMaxPageSizeAD = 1000; $pageSize = isset($this->arFields['MAX_PAGE_SIZE']) && intval($this->arFields['MAX_PAGE_SIZE'] > 0) ? intval($this->arFields['MAX_PAGE_SIZE']) : $defaultMaxPageSizeAD; $cookie = ''; do { if (CLdapUtil::isLdapPaginationAviable()) { ldap_control_paged_result($this->conn, $pageSize, false, $cookie); } if ($fields === false) { $sr = @ldap_search($this->conn, $BaseDN, $str); } else { $sr = @ldap_search($this->conn, $BaseDN, $str, $fields); } if ($sr) { $entry = ldap_first_entry($this->conn, $sr); if ($entry) { if (!is_array($info)) { $info = array(); $i = 0; } do { $attributes = ldap_get_attributes($this->conn, $entry); for ($j = 0; $j < $attributes['count']; $j++) { $values = @ldap_get_values_len($this->conn, $entry, $attributes[$j]); if ($values === false) { continue; } $bPhotoAttr = in_array($attributes[$j], self::$PHOTO_ATTRIBS); $info[$i][strtolower($attributes[$j])] = $bPhotoAttr ? $values : $this->WorkAttr($values); } if (!is_set($info[$i], 'dn')) { if ($this->arFields["CONVERT_UTF8"] == "Y") { $info[$i]['dn'] = $APPLICATION->ConvertCharset(ldap_get_dn($this->conn, $entry), "utf-8", SITE_CHARSET); } else { $info[$i]['dn'] = ldap_get_dn($this->conn, $entry); } } $i++; } while ($entry = ldap_next_entry($this->conn, $entry)); } } elseif ($sr === false) { $APPLICATION->ThrowException("LDAP_SEARCH_ERROR"); } if (CLdapUtil::isLdapPaginationAviable()) { ldap_control_paged_result_response($this->conn, $sr, $cookie); } } while ($cookie !== null && $cookie != ''); } return $info; }
/** * * @param type $baseDn * @param type $filter * @param array $attributes * @param int $pageSize * @return \Generator * @throws LdapException */ public function pagedSearch($baseDn, $filter, array $attributes = [], $pageSize = 100) { $this->checkConnection(); $resource = $this->conn->getResource(); $cookie = ''; do { ldap_control_paged_result($resource, $pageSize, true, $cookie); $search = @ldap_search($resource, $baseDn, $filter, $attributes); if ($search === false) { ErrorHandler::throwException($this->conn); } $result = @ldap_get_entries($resource, $search); if ($result === false) { ErrorHandler::throwException($this->conn); } for ($i = 0; $i < $result['count']; $i++) { $row = $result[$i]; $entry = $this->parseArray($row); (yield $entry); } ldap_control_paged_result_response($resource, $search, $cookie); } while ($cookie !== null && $cookie != ''); }
/** * @brief search a list in ldap server * @param $ldapbasedn the base dn * @param $bindsearch the search filter * @param $entries the ldap entries to reach * @param $start the starting point * @param $num the number of entries to return * @return array|false */ public function ldapFindMultiple($ldapbasedn, $bindsearch, $entriesName, $start = null, $num = null) { if ($entriesName != null && self::ldapCreateAndBindConnection() && $ldapbasedn != null && $bindsearch != null) { if ($start == null) { $start = 0; } if ($num == null) { $num = PHP_INT_MAX; } $pageSize = isset($this->ldapParams['ldappagesize']) ? $this->ldapParams['ldappagesize'] : "20"; $cookie = ''; $entries = array(); $cpt = 0; \OC_Log::write('contacts_ldap', __METHOD__ . " - search what {$ldapbasedn}, {$bindsearch} {$pageSize}", \OC_Log::DEBUG); do { ldap_control_paged_result($this->ldapConnection, $pageSize, true, $cookie); $ldap_results = ldap_search($this->ldapConnection, $ldapbasedn, $bindsearch, $entriesName); $LdapEntries = ldap_get_entries($this->ldapConnection, $ldap_results); for ($i = 0; $i < $LdapEntries['count']; $i++) { $entries[] = $LdapEntries[$i]; } ldap_control_paged_result_response($this->ldapConnection, $ldap_results, $cookie); $cpt++; } while ($cookie !== null && $cookie != '' && $cpt < 10); $entries['count'] = count($entries); return $entries; self::ldapCloseConnection(); } return false; }
/** * Send LDAP pagination control * * @param integer $pageSize The number of entries by page * @param boolean $isCritical Indicates whether the pagination is critical of not * @param string $cookie An opaque structure sent by the server * @return self */ public function pagedResult($pageSize, $isCritical = false, $cookie = '') { ldap_control_paged_result($this->resource, $pageSize, $isCritical, $cookie); return $this; }
/** * Run the given LDAP query and return the resulting entries * * This utilizes paged search requests as defined in RFC 2696. * * @param LdapQuery $query The query to fetch results with * @param array $fields Request these attributes instead of the ones registered in the given query * @param int $pageSize The maximum page size, defaults to self::PAGE_SIZE * * @return array * * @throws LdapException In case an error occured while fetching the results */ protected function runPagedQuery(LdapQuery $query, array $fields = null, $pageSize = null) { if ($pageSize === null) { $pageSize = static::PAGE_SIZE; } $limit = $query->getLimit(); $offset = $query->hasOffset() ? $query->getOffset() : 0; if ($fields === null) { $fields = $query->getColumns(); } $ds = $this->getConnection(); $serverSorting = false; //$this->getCapabilities()->hasOid(LdapCapabilities::LDAP_SERVER_SORT_OID); if (!$serverSorting && $query->hasOrder() && !empty($fields)) { foreach ($query->getOrder() as $rule) { if (!in_array($rule[0], $fields, true)) { $fields[] = $rule[0]; } } } $unfoldAttribute = $query->getUnfoldAttribute(); if ($unfoldAttribute) { foreach ($query->getFilter()->listFilteredColumns() as $filterColumn) { $fieldKey = array_search($filterColumn, $fields, true); if ($fieldKey === false || is_string($fieldKey)) { $fields[] = $filterColumn; } } } $count = 0; $cookie = ''; $entries = array(); do { // Do not request the pagination control as a critical extension, as we want the // server to return results even if the paged search request cannot be satisfied ldap_control_paged_result($ds, $pageSize, false, $cookie); if ($serverSorting && $query->hasOrder()) { ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array(array('oid' => LdapCapabilities::LDAP_SERVER_SORT_OID, 'value' => $this->encodeSortRules($query->getOrder())))); } $results = $this->ldapSearch($query, array_values($fields), 0, $serverSorting && $limit ? $offset + $limit : 0); if ($results === false) { if (ldap_errno($ds) === self::LDAP_NO_SUCH_OBJECT) { break; } throw new LdapException('LDAP query "%s" (base %s) failed. Error: %s', (string) $query, $query->getBase() ?: $this->getDn(), ldap_error($ds)); } elseif (ldap_count_entries($ds, $results) === 0) { if (in_array(ldap_errno($ds), array(static::LDAP_SIZELIMIT_EXCEEDED, static::LDAP_ADMINLIMIT_EXCEEDED), true)) { Logger::warning('Unable to request more than %u results. Does the server allow paged search requests? (%s)', $count, ldap_error($ds)); } break; } $entry = ldap_first_entry($ds, $results); do { if ($unfoldAttribute) { $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute); if (is_array($rows)) { // TODO: Register the DN the same way as a section name in the ArrayDatasource! foreach ($rows as $row) { if ($query->getFilter()->matches($row)) { $count += 1; if (!$serverSorting || $offset === 0 || $offset < $count) { $entries[] = $row; } if ($serverSorting && $limit > 0 && $limit === count($entries)) { break; } } } } else { $count += 1; if (!$serverSorting || $offset === 0 || $offset < $count) { $entries[ldap_get_dn($ds, $entry)] = $rows; } } } else { $count += 1; if (!$serverSorting || $offset === 0 || $offset < $count) { $entries[ldap_get_dn($ds, $entry)] = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields); } } } while ((!$serverSorting || $limit === 0 || $limit !== count($entries)) && ($entry = ldap_next_entry($ds, $entry))); if (false === @ldap_control_paged_result_response($ds, $results, $cookie)) { // If the page size is greater than or equal to the sizeLimit value, the server should ignore the // control as the request can be satisfied in a single page: https://www.ietf.org/rfc/rfc2696.txt // This applies no matter whether paged search requests are permitted or not. You're done once you // got everything you were out for. if ($serverSorting && count($entries) !== $limit) { // The server does not support pagination, but still returned a response by ignoring the // pagedResultsControl. We output a warning to indicate that the pagination control was ignored. Logger::warning('Unable to request paged LDAP results. Does the server allow paged search requests?'); } } ldap_free_result($results); } while ($cookie && (!$serverSorting || $limit === 0 || count($entries) < $limit)); if ($cookie) { // A sequence of paged search requests is abandoned by the client sending a search request containing a // pagedResultsControl with the size set to zero (0) and the cookie set to the last cookie returned by // the server: https://www.ietf.org/rfc/rfc2696.txt ldap_control_paged_result($ds, 0, false, $cookie); // Returns no entries, due to the page size ldap_search($ds, $query->getBase() ?: $this->getDn(), (string) $query); } if (!$serverSorting && $query->hasOrder()) { uasort($entries, array($query, 'compare')); if ($limit && $count > $limit) { $entries = array_splice($entries, $query->hasOffset() ? $query->getOffset() : 0, $limit); } } return $entries; }
protected function objectSearchResultCount($conn, $base_dn, $search_filter) { $base_dn = $this->prepareQueryString($base_dn); $search_filter = $this->prepareQueryString($search_filter); $resultCount = 0; $pageCookie = ""; do { if (function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response")) { ldap_control_paged_result($conn, $this->ldapSearchPageSize, true, $pageCookie); } // Start search in LDAP directory. $sr = ldap_search($conn, $base_dn, $search_filter, array(), 0, 0); if (!$sr) { break; } // Get number of found results. $resultCount += ldap_count_entries($conn, $sr); if (function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response")) { ldap_control_paged_result_response($conn, $sr, $pageCookie); } } while ($pageCookie !== null && $pageCookie != ""); return $resultCount; }
/** * Returns all usernames from LDAP * * @param $filter An LDAP search filter to select desired users * @return array of LDAP user names converted to UTF-8 */ function ldap_get_userlist($filter = '*') { $fresult = array(); $ldapconnection = $this->ldap_connect(); if ($filter == '*') { $filter = '(&(' . $this->config->user_attribute . '=*)' . $this->config->objectclass . ')'; } $contexts = explode(';', $this->config->contexts); if (!empty($this->config->create_context)) { array_push($contexts, $this->config->create_context); } $ldap_cookie = ''; $ldap_pagedresults = ldap_paged_results_supported($this->config->ldap_version); foreach ($contexts as $context) { $context = trim($context); if (empty($context)) { continue; } do { if ($ldap_pagedresults) { ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldap_cookie); } if ($this->config->search_sub) { // Use ldap_search to find first user from subtree. $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute)); } else { // Search only in this context. $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute)); } if (!$ldap_result) { continue; } if ($ldap_pagedresults) { ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie); } $users = ldap_get_entries_moodle($ldapconnection, $ldap_result); // Add found users to list. for ($i = 0; $i < count($users); $i++) { $extuser = core_text::convert($users[$i][$this->config->user_attribute][0], $this->config->ldapencoding, 'utf-8'); array_push($fresult, $extuser); } unset($ldap_result); // Free mem. } while ($ldap_pagedresults && !empty($ldap_cookie)); } // If paged results were used, make sure the current connection is completely closed $this->ldap_close($ldap_pagedresults); return $fresult; }
<?php include "connect.inc"; $link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version); insert_dummy_data($link, $base); $dn = "$base"; $filter = "(cn=user*)"; var_dump( ldap_control_paged_result($link, 2), $result = ldap_search($link, $dn, $filter, array('cn')), ldap_get_entries($link, $result) ); ?> ===DONE=== <?php include "connect.inc"; $link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version); remove_dummy_data($link, $base); ?>
/** * Return multidimensional array with details of user courses (at * least dn and idnumber). * * @param string $memberuid user idnumber (without magic quotes). * @param object role is a record from the mdl_role table. * @return array */ protected function find_ext_enrolments($memberuid, $role) { global $CFG; require_once $CFG->libdir . '/ldaplib.php'; if (empty($memberuid)) { // No "idnumber" stored for this user, so no LDAP enrolments return array(); } $ldap_contexts = trim($this->get_config('contexts_role' . $role->id)); if (empty($ldap_contexts)) { // No role contexts, so no LDAP enrolments return array(); } $extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding')); if ($this->get_config('memberattribute_isdn')) { if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) { return array(); } } $ldap_search_pattern = ''; if ($this->get_config('nested_groups')) { $usergroups = $this->ldap_find_user_groups($extmemberuid); if (count($usergroups) > 0) { foreach ($usergroups as $group) { $ldap_search_pattern .= '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . $group . ')'; } } } // Default return value $courses = array(); // Get all the fields we will want for the potential course creation // as they are light. don't get membership -- potentially a lot of data. $ldap_fields_wanted = array('dn', $this->get_config('course_idnumber')); $fullname = $this->get_config('course_fullname'); $shortname = $this->get_config('course_shortname'); $summary = $this->get_config('course_summary'); if (isset($fullname)) { array_push($ldap_fields_wanted, $fullname); } if (isset($shortname)) { array_push($ldap_fields_wanted, $shortname); } if (isset($summary)) { array_push($ldap_fields_wanted, $summary); } // Define the search pattern if (empty($ldap_search_pattern)) { $ldap_search_pattern = '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')'; } else { $ldap_search_pattern = '(|' . $ldap_search_pattern . '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')' . ')'; } $ldap_search_pattern = '(&' . $this->get_config('objectclass') . $ldap_search_pattern . ')'; // Get all contexts and look for first matching user $ldap_contexts = explode(';', $ldap_contexts); $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version')); foreach ($ldap_contexts as $context) { $context = trim($context); if (empty($context)) { continue; } $ldap_cookie = ''; $flat_records = array(); do { if ($ldap_pagedresults) { ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie); } if ($this->get_config('course_search_sub')) { // Use ldap_search to find first user from subtree $ldap_result = @ldap_search($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted); } else { // Search only in this context $ldap_result = @ldap_list($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted); } if (!$ldap_result) { continue; } if ($ldap_pagedresults) { ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie); } // Check and push results. ldap_get_entries() already // lowercases the attribute index, so there's no need to // use array_change_key_case() later. $records = ldap_get_entries($this->ldapconnection, $ldap_result); // LDAP libraries return an odd array, really. Fix it. for ($c = 0; $c < $records['count']; $c++) { array_push($flat_records, $records[$c]); } // Free some mem unset($records); } while ($ldap_pagedresults && !empty($ldap_cookie)); // If LDAP paged results were used, the current connection must be completely // closed and a new one created, to work without paged results from here on. if ($ldap_pagedresults) { $this->ldap_close(); $this->ldap_connect(); } if (count($flat_records)) { $courses = array_merge($courses, $flat_records); } } return $courses; }
/** * Perform the lookup operation on server and return the resultset * * This method sends the lookup request to the server with the * configuration you provided. If the {@link Link} has pagination enabled, * it will return a single page. To get the subsequent pages, call this method * again on the object, without modifying the lookup criteria. * * @uses Link::$rootDSE to get the domain base dn ( from <i>defaultnamingcontext</i> ) if no override has been specified * * @return Result|false The Result object with returned Objects or FALSE if maximum number of referrals was chased */ public function run() { // Prepare the information needed for the operation $link_id = $this->adxLink->get_link(); $baseDN = $this->dn || $this->dn === '' ? $this->dn : $this->adxLink->rootDSE->defaultnamingcontext(0); if ($this->use_pages && $this->complete) { $this->cookie = ''; } // Reset the cookie if the operation is started again $this->complete = false; // Reset the completion status // Send the pagination control cookie if present // I must check explicitly for NULL bcause '' also evaluates to FALSE if ($this->cookie !== null) { ldap_control_paged_result($link_id, $this->sizelimit, true, $this->cookie); } // Perform the lookup operation // All exceptions thrown here will bubble up! $result_id = $this->_directory_lookup($this->operationType, $link_id, $baseDN, $this->filter, $this->attributes); // Get the new cookie from the response if pagination is enabled // I must check explicitly for NULL bcause '' also evaluates to FALSE if ($this->cookie !== null) { ldap_control_paged_result_response($link_id, $result_id, $this->cookie); } // Lookup operation successful - continue processing... $referral_link = $this->_parse_referrals($result_id); // Check for referrals if ($referral_link) { if ($this->referral_counter <= $this->max_referrals) { // Do we have this connection in the pool already? if (isset(static::$connection_pool[$referral_link])) { $link = static::$connection_pool[$referral_link]; // Use the existing link to perform the lookup } else { $link = $this->adxLink->_redirect($referral_link); // Reconnect to the new server static::$connection_pool[$referral_link] = $link; // Save the connection in the link pool } $this->referral_counter++; $this->adxLink = $link; // Replace the current link with the new link return $this->run(); // Only those calls that actually succeed in getting data should continue with code below } else { return false; } // Reached maximum number of referrals -> do not continue } // Successfully retrieved data from server $this->referral_counter = 0; $result = ldap_get_entries($this->adxLink->get_link(), $result_id); unset($result['count']); // Clean up some unneeded mess ( more cleanup happens at object instantiation ) $data = array(); // Create new objects from result, converting the values to php-compatible data formats on the way foreach ($result as $objectData) { // Is there a special class defined for this particular object class ( under ADX\Classes namespace )? // Use 'Object' if the objectClass attribute is either not present or there is no class override if (isset($objectData['objectclass'])) { $class = 'ADX\\Classes\\' . end($objectData['objectclass']); $class = class_exists($class) ? $class : 'ADX\\Core\\Object'; } else { $class = 'ADX\\Core\\Object'; } $data[] = new $class($this->adxLink, $objectData, true); } $this->complete = !$this->cookie; // As long as cookie is present, the result cannot be complete return new Result($data); }
public function getUserEntries($login = null, $countOnly = false, $offset = -1, $limit = -1, $regexpOnSearchAttr = false) { if ($login == null) { $filter = $this->ldapFilter; } else { if ($regexpOnSearchAttr && !empty($this->options["LDAP_SEARCHUSER_ATTR"])) { $searchAttr = $this->options["LDAP_SEARCHUSER_ATTR"]; $searchAttrArray = explode(",", $searchAttr); } if (isset($searchAttrArray)) { if (count($searchAttrArray) > 1) { $searchAttrFilter = "(|"; foreach ($searchAttrArray as $attr) { $searchAttrFilter .= "(" . $attr . "=" . $login . ")"; } $searchAttrFilter .= ")"; } else { $searchAttrFilter = "(" . $searchAttrArray[0] . "=" . $login . ")"; } } else { $searchAttrFilter = "(" . $this->ldapUserAttr . "=" . $login . ")"; } if ($this->ldapFilter == "") { $filter = $searchAttrFilter; } else { $filter = "(&" . $this->ldapFilter . $searchAttrFilter . ")"; } } if (empty($filter)) { if (!empty($this->dynamicFilter)) { $filter = $this->dynamicFilter; } else { $filter = $this->ldapUserAttr . "=*"; } } else { if (!empty($this->dynamicFilter)) { $filter = "(&(" . $this->dynamicFilter . ")" . $filter . ")"; } } if ($this->ldapconn == null) { $this->startConnexion(); } $conn = array(); if (is_array($this->ldapDN)) { foreach ($this->ldapDN as $dn) { $conn[] = $this->ldapconn; } } else { $conn = array($this->ldapconn); } $expected = array($this->ldapUserAttr); if ($login != null && (!empty($this->customParamsMapping) || !empty($this->paramsMapping))) { if (!empty($this->customParamsMapping)) { $expected = array_merge($expected, array_keys($this->customParamsMapping)); } if (!empty($this->paramsMapping)) { $keys = array(); foreach ($this->paramsMapping as $param) { $keys[] = $param["MAPPING_LDAP_PARAM"]; } $expected = array_merge($expected, $keys); } } if (is_array($this->dynamicExpected)) { $expected = array_merge($expected, $this->dynamicExpected); } foreach ($conn as $dn => $ldapc) { if (!$ldapc) { unset($conn[$dn]); } } if (count($conn) < 1) { return array("count" => 0); } //$ret = ldap_search($conn,$this->ldapDN,$filter, $expected); $cookie = ''; if (empty($this->pageSize) || !is_numeric($this->pageSize)) { $this->pageSize = 500; } $allEntries = array("count" => 0); $isSupportPagedResult = function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response"); $gotAllEntries = false; $index = 0; //Update progress bar in CLI mode $isListAll = $offset == -1 && $limit == -1 && is_null($login) && $regexpOnSearchAttr && php_sapi_name() == "cli"; if ($isListAll) { $total = $this->getCountFromCache(); $progressBar = new AJXP_ProgressBarCLI(); $progressBar->init($index, $total["count"], "Get ldap users"); } do { if ($isSupportPagedResult) { ldap_control_paged_result($this->ldapconn, $this->pageSize, false, $cookie); } $ret = ldap_search($conn, $this->ldapDN, $filter, $expected, 0, 0); if ($ret === false) { break; } foreach ($ret as $i => $resourceResult) { if ($resourceResult === false) { continue; } if ($countOnly) { $allEntries["count"] += ldap_count_entries($conn[$i], $resourceResult); continue; } if ($limit != -1) { //usort($entries, array($this, "userSortFunction")); ldap_sort($conn[$i], $resourceResult, $this->ldapUserAttr); } $entries = ldap_get_entries($conn[$i], $resourceResult); // for better performance if (is_array($entries) && $offset != -1 && $limit != -1 && $index + $this->pageSize < $offset) { $index += $this->pageSize; continue; } if (!empty($entries["count"])) { $allEntries["count"] += $entries["count"]; unset($entries["count"]); foreach ($entries as $entry) { if ($offset != -1 && $index < $offset) { $index++; continue; } // fake memberOf if ($this->fakeAttrMemberOf && method_exists($this, "fakeMemberOf") && in_array(strtolower("memberof"), array_map("strtolower", $expected))) { if ($this->attrMemberInGroup) { $uid = $entry["dn"]; } else { $uidWithEqual = explode(",", $entry["dn"]); $uidShort = explode("=", $uidWithEqual[0]); $uid = $uidShort[1]; } $strldap = "(&" . $this->ldapGFilter . "(" . $this->fakeAttrMemberOf . "=" . $uid . "))"; $this->fakeMemberOf($conn, $this->ldapGDN, $strldap, array("cn"), $entry); } $allEntries[] = $entry; $index++; //Update progress bar in CLI mode if (isset($progressBar)) { $progressBar->update($index); } if ($offset != -1 && $limit != -1 && $index > $offset + $limit) { break; } } if ($index > $offset + $limit && $limit != -1 && $offset != -1) { $gotAllEntries = true; } } } if ($isSupportPagedResult) { foreach ($ret as $element) { if (is_resource($element)) { @ldap_control_paged_result_response($this->ldapconn, $element, $cookie); } } } } while ($cookie !== null && $cookie != '' && $isSupportPagedResult && !$gotAllEntries); // reset paged_result for other activities (otherwise we will experience ldap error) if ($isSupportPagedResult) { ldap_control_paged_result($this->ldapconn, 0); } return $allEntries; }
<?php include "connect.inc"; $link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version); insert_dummy_data($link, $base); $dn = "{$base}"; $filter = "(cn=user*)"; var_dump(ldap_control_paged_result($link, 2), $result = ldap_search($link, $dn, $filter, array('cn')), ldap_get_entries($link, $result)); ?> ===DONE===
/** * execute a paged ldap query and return entries as one aggregated array * * $this->searchPageStart and $this->searchPageEnd should be set before calling if * a particular set of pages is desired * * @param array $ldap_query_params of form: 'base_dn' => base_dn, 'filter' => filter, 'attributes' => attributes, 'attrsonly' => attrsonly, 'sizelimit' => sizelimit, 'timelimit' => timelimit, 'deref' => deref, 'scope' => scope, (this array of parameters is primarily passed on to ldapQuery() method) * * @return array of ldap entries or FALSE on error. * */ public function pagedLdapQuery($ldap_query_params) { if (!($this->searchPagination && $this->paginationEnabled)) { watchdog('ldap', "LDAP server pagedLdapQuery() called when functionality not available in php install or\n not enabled in ldap server configuration. error. basedn: %basedn| filter: %filter| attributes:\n %attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); return FALSE; } $paged_entries = array(); $page_token = ''; $page = 0; $estimated_entries = 0; $aggregated_entries = array(); $aggregated_entries_count = 0; $has_page_results = FALSE; do { ldap_control_paged_result($this->connection, $this->searchPageSize, TRUE, $page_token); $result = $this->ldapQuery($ldap_query_params['scope'], $ldap_query_params); if ($page >= $this->searchPageStart) { $skipped_page = FALSE; if ($result && $this->countEntries($result) !== FALSE) { $page_entries = ldap_get_entries($this->connection, $result); unset($page_entries['count']); $has_page_results = is_array($page_entries) && count($page_entries) > 0; $aggregated_entries = array_merge($aggregated_entries, $page_entries); $aggregated_entries_count = count($aggregated_entries); } elseif ($this->ldapErrorNumber()) { $watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], '%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), '%errno' => $this->ldapErrorNumber()); watchdog('ldap', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes:\n %attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); return FALSE; } else { return FALSE; } } else { $skipped_page = TRUE; } @ldap_control_paged_result_response($this->connection, $result, $page_token, $estimated_entries); if ($ldap_query_params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) { // false positive error thrown. do not set result limit error when $sizelimit specified } elseif ($this->hasError()) { watchdog('ldap_server', 'ldap_control_paged_result_response() function error. LDAP Error: %message, ldap_list() parameters: %query', array('%message' => $this->errorMsg('ldap'), '%query' => $ldap_query_params['query_display']), WATCHDOG_ERROR); } if (isset($ldap_query_params['sizelimit']) && $ldap_query_params['sizelimit'] && $aggregated_entries_count >= $ldap_query_params['sizelimit']) { $discarded_entries = array_splice($aggregated_entries, $ldap_query_params['sizelimit']); break; } elseif ($this->searchPageEnd !== NULL && $page >= $this->searchPageEnd) { // user defined pagination has run out break; } elseif ($page_token === NULL || $page_token == '') { // ldap reference pagination has run out break; } $page++; } while ($skipped_page || $has_page_results); $aggregated_entries['count'] = count($aggregated_entries); return $aggregated_entries; }
/** * Wrapper function for ldap_control_paged_result(). * * @param resource $link * An LDAP link identifier. * @param int $pagesize * The number of entries by page. * @param boolean $iscritical * Indicates whether the pagination is critical of not. If true and if the * server doesn't support pagination, the search will return no result. * @param string $cookie * An opaque structure sent by the server. * * @return boolean * TRUE on success. * * @throw SimpleLdapException * * @todo Default values for $pagesize, $iscritical, $cookie. */ public static function ldap_control_paged_result($link, $pagesize, $iscritical, $cookie) { // Devel debugging. if (variable_get('simple_ldap_devel', FALSE)) { dpm(__FUNCTION__); dpm(array('$pagesize' => $pagesize, '$iscritical' => $iscritical, '$cookie' => $cookie)); } // Wrapped function call. $return = @ldap_control_paged_result($link, $pagesize, $iscritical, $cookie); // Debugging. if (variable_get('simple_ldap_debug', FALSE)) { $message = __FUNCTION__ . '($link = @link, $pagesize = @pagesize, $iscritical = @iscritical, $cookie = @cookie) returns @return'; $variables = array('@link' => print_r($link, TRUE), '@pagesize' => print_r($pagesize, TRUE), '@iscritical' => print_r($iscritical, TRUE), '@cookie' => print_r($cookie, TRUE), '@return' => print_r($return, TRUE)); watchdog('simple_ldap', $message, $variables, WATCHDOG_DEBUG); } // Error handling. if ($return === FALSE) { throw new SimpleLdapException($link); } return $return; }