예제 #1
1
 protected function loadPage()
 {
     if (!ldap_control_paged_result($this->connection, $this->pageSize, true, $this->pageToken)) {
         throw new SearchException("Unable to set paged control pageSize: " . $this->pageSize);
     }
     $search = ldap_search($this->connection, $this->baseDn, $this->filter, is_array($this->attributes) ? $this->attributes : []);
     if (!$search) {
         // Something went wrong in search
         throw Connection::createLdapSearchException(ldap_errno($this->connection), $this->baseDn, $this->filter, $this->pageSize);
     }
     $this->entries = ldap_get_entries($this->connection, $search);
     $this->entriesPosition = 0;
     if (!$this->entries) {
         throw Connection::createLdapSearchException(ldap_errno($this->connection), $this->baseDn, $this->filter, $this->pageSize);
     }
     // check if on first page
     if (empty($this->pageToken)) {
         $this->currentPage = 0;
     } else {
         $this->currentPage++;
     }
     // Ok go to next page
     ldap_control_paged_result_response($this->connection, $search, $this->pageToken);
     if (empty($this->pageToken)) {
         $this->isLastPage = true;
     }
 }
예제 #2
0
 public function getAvailableValues()
 {
     if (!empty($this->fields['values'])) {
         $ldap_values = json_decode($this->fields['values']);
         $ldap_dropdown = new RuleRightParameter();
         if (!$ldap_dropdown->getFromDB($ldap_values->ldap_attribute)) {
             return array();
         }
         $attribute = array($ldap_dropdown->fields['value']);
         $config_ldap = new AuthLDAP();
         if (!$config_ldap->getFromDB($ldap_values->ldap_auth)) {
             return array();
         }
         if (!function_exists('warning_handler')) {
             function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext)
             {
                 if (0 === error_reporting()) {
                     return false;
                 }
                 throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
             }
         }
         set_error_handler("warning_handler", E_WARNING);
         try {
             $tab_values = array();
             $ds = $config_ldap->connect();
             ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
             $cookie = '';
             do {
                 if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) {
                     ldap_control_paged_result($ds, $config_ldap->fields['pagesize'], true, $cookie);
                 }
                 $result = ldap_search($ds, $config_ldap->fields['basedn'], $ldap_values->ldap_filter, $attribute);
                 $entries = ldap_get_entries($ds, $result);
                 array_shift($entries);
                 foreach ($entries as $id => $attr) {
                     if (isset($attr[$attribute[0]]) && !in_array($attr[$attribute[0]][0], $tab_values)) {
                         $tab_values[$id] = $attr[$attribute[0]][0];
                     }
                 }
                 if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) {
                     ldap_control_paged_result_response($ds, $result, $cookie);
                 }
             } while ($cookie !== null && $cookie != '');
             if ($this->fields['show_empty']) {
                 $tab_values = array('' => '-----') + $tab_values;
             }
             asort($tab_values);
             return $tab_values;
         } catch (Exception $e) {
             return array();
         }
         restore_error_handler();
     } else {
         return array();
     }
 }
예제 #3
0
 /**
  * Search LDAP registry for entries matching filter and optional attributes
  * and return ALL values, including those beyond the usual 1000 entries, as an array.
  *
  * @param  string	$filter
  * @param  array	$attributes -OPTIONAL
  * @return array
  * @throws Exception\LdapException
  */
 public function searchAll($filter, array $attributes = [])
 {
     $ldap = $this->getResource();
     // $ds is a valid link identifier (see ldap_connect)
     ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
     $cookie = '';
     $result = [];
     do {
         ldap_control_paged_result($ldap, self::PAGE_SIZE, true, $cookie);
         Stdlib\ErrorHandler::start(E_WARNING);
         $search = ldap_search($ldap, $this->getBaseDn(), $filter, $attributes);
         Stdlib\ErrorHandler::stop();
         if ($search === false) {
             throw new Lp\Exception\LdapException($this, 'searching: ' . $filter);
         }
         $entries = $this->createCollection(new Lp\Collection\DefaultIterator($this, $search), null);
         foreach ($entries as $es) {
             $result[] = $es;
         }
         ldap_control_paged_result_response($ldap, $search, $cookie);
     } while ($cookie !== null && $cookie != '');
     return $result;
 }
예제 #4
0
 /**
  * Send LDAP pagination control.
  *
  * @param int    $pageSize
  * @param bool   $isCritical
  * @param string $cookie
  *
  * @return bool
  *
  * @throws AdldapException
  */
 public function controlPagedResult($pageSize = 1000, $isCritical = false, $cookie = '')
 {
     if ($this->isPagingSupported()) {
         if ($this->suppressErrors) {
             return @ldap_control_paged_result($this->getConnection(), $pageSize, $isCritical, $cookie);
         }
         return ldap_control_paged_result($this->getConnection(), $pageSize, $isCritical, $cookie);
     }
     $message = 'LDAP Pagination is not supported on your current PHP installation.';
     throw new AdldapException($message);
 }
예제 #5
0
 /**
  * @since version 0.84 new parameter $limitexceeded
  *
  * @param $ldap_connection
  * @param $config_ldap
  * @param $filter
  * @param $search_in_groups         (true by default)
  * @param $groups             array
  * @param $limitexceeded
  **/
 static function getGroupsFromLDAP($ldap_connection, $config_ldap, $filter, $search_in_groups = true, $groups = array(), &$limitexceeded)
 {
     global $DB;
     //First look for groups in group objects
     $extra_attribute = $search_in_groups ? "cn" : $config_ldap->fields["group_field"];
     $attrs = array("dn", $extra_attribute);
     if ($filter == '') {
         if ($search_in_groups) {
             $filter = !empty($config_ldap->fields['group_condition']) ? $config_ldap->fields['group_condition'] : "(objectclass=*)";
         } else {
             $filter = !empty($config_ldap->fields['condition']) ? $config_ldap->fields['condition'] : "(objectclass=*)";
         }
     }
     $cookie = '';
     $count = 0;
     do {
         if (self::isLdapPageSizeAvailable($config_ldap)) {
             ldap_control_paged_result($ldap_connection, $config_ldap->fields['pagesize'], true, $cookie);
         }
         $filter = Toolbox::unclean_cross_side_scripting_deep($filter);
         $sr = @ldap_search($ldap_connection, $config_ldap->fields['basedn'], $filter, $attrs);
         if ($sr) {
             if (in_array(ldap_errno($ldap_connection), array(4, 11))) {
                 // openldap return 4 for Size limit exceeded
                 $limitexceeded = true;
             }
             $infos = self::get_entries_clean($ldap_connection, $sr);
             if (in_array(ldap_errno($ldap_connection), array(4, 11))) {
                 // openldap return 4 for Size limit exceeded
                 $limitexceeded = true;
             }
             $count += $infos['count'];
             //If page results are enabled and the number of results is greater than the maximum allowed
             //warn user that limit is exceeded and stop search
             if (self::isLdapPageSizeAvailable($config_ldap) && $config_ldap->fields['ldap_maxlimit'] && $count > $config_ldap->fields['ldap_maxlimit']) {
                 $limitexceeded = true;
                 break;
             }
             for ($ligne = 0; $ligne < $infos["count"]; $ligne++) {
                 if ($search_in_groups) {
                     // No cn : not a real object
                     if (isset($infos[$ligne]["cn"][0])) {
                         $cn = $infos[$ligne]["cn"][0];
                         $groups[$infos[$ligne]["dn"]] = array("cn" => $infos[$ligne]["cn"][0], "search_type" => "groups");
                     }
                 } else {
                     if (isset($infos[$ligne][$extra_attribute])) {
                         if ($config_ldap->fields["group_field"] == 'dn' || in_array('ou', $groups)) {
                             $dn = $infos[$ligne][$extra_attribute];
                             $ou = array();
                             for ($tmp = $dn; count($tmptab = explode(',', $tmp, 2)) == 2; $tmp = $tmptab[1]) {
                                 $ou[] = $tmptab[1];
                             }
                             /// Search in DB for group with ldap_group_dn
                             if ($config_ldap->fields["group_field"] == 'dn' && count($ou) > 0) {
                                 $query = "SELECT `ldap_value`\n                                     FROM `glpi_groups`\n                                     WHERE `ldap_group_dn`\n                                             IN ('" . implode("', '", Toolbox::addslashes_deep($ou)) . "')";
                                 foreach ($DB->request($query) as $group) {
                                     $groups[$group['ldap_value']] = array("cn" => $group['ldap_value'], "search_type" => "users");
                                 }
                             }
                         } else {
                             for ($ligne_extra = 0; $ligne_extra < $infos[$ligne][$extra_attribute]["count"]; $ligne_extra++) {
                                 $groups[$infos[$ligne][$extra_attribute][$ligne_extra]] = array("cn" => self::getGroupCNByDn($ldap_connection, $infos[$ligne][$extra_attribute][$ligne_extra]), "search_type" => "users");
                             }
                         }
                     }
                 }
             }
         }
         if (self::isLdapPageSizeAvailable($config_ldap)) {
             ldap_control_paged_result_response($ldap_connection, $sr, $cookie);
         }
     } while ($cookie !== null && $cookie != '');
     return $groups;
 }
예제 #6
0
파일: full.php 프로젝트: postfix/ldapserver
$dn = "cn=groupname,cn=groups,dc=example,dc=com";
echo "\nModDel " . $dn;
$entry['memberuid'] = "username";
ldap_mod_del($ds, $dn, $entry);
/* #### MOD REPLACE ### */
$dn = "cn=groupname,cn=groups,dc=example,dc=com";
echo "\nModReplace " . $dn;
$entry['memberuid'] = "username";
ldap_mod_replace($ds, $dn, $entry);
/* ### SEARCH ### */
$dn = "o=My Company, c=USs";
echo "\nSearch " . $dn;
$filter = "(|(sn=jeantet)(givenname=jeantet*))";
$justthese = array("ou", "sn", "givenname", "mail");
$cookie = 'cookie';
ldap_control_paged_result($ds, 23, true, $cookie);
$sr = ldap_search($ds, $dn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo "\n\t" . $info["count"] . " entries returned";
// ldap_control_paged_result_response($ds, $sr, $cookie);
/* ### COMPARE ### */
$dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
echo "\nCompare " . $dn;
// Préparation des données
$value = "secretpassword";
$attr = "password";
// Comparaison des valeurs
$r = ldap_compare($ds, $dn, $attr, $value);
if ($r === -1) {
    echo "Error: " . ldap_error($ds);
} elseif ($r === true) {
예제 #7
0
 /**
  * Validate form fields before add or update a question
  *
  * @param  Array $input Datas used to add the item
  *
  * @return Array        The modified $input array
  *
  * @param  [type] $input [description]
  * @return [type]        [description]
  */
 private function checkBeforeSave($input)
 {
     // Control fields values :
     // - name is required
     if (empty($input['name'])) {
         Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR);
         return array();
     }
     // - field type is required
     if (empty($input['fieldtype'])) {
         Session::addMessageAfterRedirect(__('The field type is required', 'formcreator'), false, ERROR);
         return array();
     }
     // - section is required
     if (empty($input['plugin_formcreator_sections_id'])) {
         Session::addMessageAfterRedirect(__('The section is required', 'formcreator'), false, ERROR);
         return array();
     }
     // Values are required for GLPI dropdowns, dropdowns, multiple dropdowns, checkboxes, radios, LDAP
     $itemtypes = array('select', 'multiselect', 'checkboxes', 'radios', 'ldap');
     if (empty($input['values']) && in_array($input['fieldtype'], $itemtypes)) {
         Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
         return array();
     }
     // Fields are differents for dropdown lists, so we need to replace these values into the good ones
     if ($input['fieldtype'] == 'dropdown') {
         if (empty($input['dropdown_values'])) {
             Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
             return array();
         }
         $input['values'] = $input['dropdown_values'];
         $input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : '';
     }
     // Fields are differents for GLPI object lists, so we need to replace these values into the good ones
     if ($input['fieldtype'] == 'glpiselect') {
         if (empty($input['glpi_objects'])) {
             Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
             return array();
         }
         $input['values'] = $input['glpi_objects'];
         $input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : '';
     }
     // A description field should have a description
     if ($input['fieldtype'] == 'description' && empty($input['description'])) {
         Session::addMessageAfterRedirect(__('A description field should have a description:', 'formcreator') . ' ' . $input['name'], false, ERROR);
         return array();
     }
     // format values for numbers
     if ($input['fieldtype'] == 'integer' || $input['fieldtype'] == 'float') {
         $input['default_values'] = !empty($input['default_values']) ? (double) str_replace(',', '.', $input['default_values']) : null;
         $input['range_min'] = !empty($input['range_min']) ? (double) str_replace(',', '.', $input['range_min']) : null;
         $input['range_max'] = !empty($input['range_max']) ? (double) str_replace(',', '.', $input['range_max']) : null;
     }
     // LDAP fields validation
     if ($input['fieldtype'] == 'ldapselect') {
         // Fields are differents for dropdown lists, so we need to replace these values into the good ones
         if (!empty($input['ldap_auth'])) {
             $config_ldap = new AuthLDAP();
             $config_ldap->getFromDB($input['ldap_auth']);
             $ldap_dropdown = new RuleRightParameter();
             $ldap_dropdown->getFromDB($input['ldap_attribute']);
             $attribute = array($ldap_dropdown->fields['value']);
             // Set specific error handler too catch LDAP errors
             if (!function_exists('warning_handler')) {
                 function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext)
                 {
                     if (0 === error_reporting()) {
                         return false;
                     }
                     throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
                 }
             }
             set_error_handler("warning_handler", E_WARNING);
             try {
                 $ds = $config_ldap->connect();
                 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
                 ldap_control_paged_result($ds, 1);
                 $sn = ldap_search($ds, $config_ldap->fields['basedn'], $input['ldap_filter'], $attribute);
                 $entries = ldap_get_entries($ds, $sn);
             } catch (Exception $e) {
                 Session::addMessageAfterRedirect(__('Cannot recover LDAP informations!', 'formcreator'), false, ERROR);
             }
             restore_error_handler();
             $input['values'] = json_encode(array('ldap_auth' => $input['ldap_auth'], 'ldap_filter' => $input['ldap_filter'], 'ldap_attribute' => strtolower($input['ldap_attribute'])));
         }
     }
     // Add leading and trailing regex marker automaticaly
     if (!empty($input['regex'])) {
         if (substr($input['regex'], 0, 1) != '/') {
             if (substr($input['regex'], 0, 1) != '^') {
                 $input['regex'] = '/^' . $input['regex'];
             } else {
                 $input['regex'] = '/' . $input['regex'];
             }
         }
         if (substr($input['regex'], -1, 1) != '/') {
             if (substr($input['regex'], -1, 1) != '$') {
                 $input['regex'] = $input['regex'] . '$/';
             } else {
                 $input['regex'] = $input['regex'] . '/';
             }
         }
     }
     return $input;
 }
예제 #8
0
 public function searchRaw($search = "*")
 {
     if (!$this->adldap->getLdapBind()) {
         return false;
     }
     // Perform the search and grab all their details
     $filter = "(&(objectClass=user)(samaccounttype=" . adLDAP::ADLDAP_NORMAL_ACCOUNT . ")(objectCategory=person)(cn=" . $search . "))";
     $fields = array("samaccountname", "displayname");
     $pageSize = 25;
     $cookie = '';
     ldap_control_paged_result($this->adldap->getLdapConnection(), $pageSize, true, $cookie);
     $sr = ldap_search($this->adldap->getLdapConnection(), $this->adldap->getBaseDn(), $filter, $fields);
     $entries = ldap_get_entries($this->adldap->getLdapConnection(), $sr);
     ldap_control_paged_result_response($this->adldap->getLdapConnection(), $sr, $cookie);
     $return = [];
     foreach ($entries as $k => $r) {
         $comp = explode(",", $r['dn']);
         $cn = '';
         $ou = '';
         $dc = '';
         foreach ($comp as $c) {
             $x = explode("=", "{$c}");
             switch ($x[0]) {
                 case 'CN':
                     $cn = $x[1];
                     break;
                 case 'OU':
                     $ou = $x[1];
                     break;
                 case 'DC':
                     $dc .= $x[1] . ".";
                     break;
             }
         }
         if (count($r['samaccountname']) == 0) {
             continue;
         }
         $return[] = ['fullname' => isset($r['displayname']) ? @$r['displayname'][0] : @$r['samaccountname'][0], 'username' => @$r['samaccountname'][0], 'cn' => $cn, 'dc' => $dc, 'ou' => $ou];
     }
     return $return;
 }
예제 #9
0
 /**
  * Resets the paging control so that read operations work after a paging operation is used.
  *
  * @throws LdapConnectionException
  */
 public function resetPagingControl()
 {
     // Per RFC 2696, to abandon a paged search you should send a size of 0 along with the cookie used in the search.
     // However, testing this it doesn't seem to completely work. Perhaps a PHP bug?
     if (!@ldap_control_paged_result($this->connection->getConnection(), 0, false, $this->cookie)) {
         throw new LdapConnectionException(sprintf('Unable to reset paged results control for read operation: %s', $this->connection->getLastError()));
     }
 }
예제 #10
0
 /**
  * @link http://php.net/manual/en/function.ldap-control-paged-result.php
  * @param $link
  * @param $pagesize
  * @param bool $iscritical
  * @param string $cookie
  * @return bool
  */
 public function controlPagedResult($link, $pagesize, $iscritical = false, $cookie = "")
 {
     return ldap_control_paged_result($link, $pagesize, $iscritical, $cookie);
 }
예제 #11
0
 /**
  * Send LDAP pagination control.
  * @param int    $pageSize
  * @param bool   $isCritical
  * @param string $cookie
  * @return bool
  */
 public function setControlPagedResult($cookie)
 {
     return ldap_control_paged_result($this->resource, $this->pageSize, false, $cookie);
 }
예제 #12
0
파일: Ldap.php 프로젝트: hardcao/CiProject
 public function ldap()
 {
     set_time_limit(0);
     //$this->db->query("truncate px_tmp");
     $host = "192.168.5.3";
     $user = "******";
     $pswd = "zldc@8888";
     $cookie = '';
     $result = [];
     $result['count'] = 0;
     do {
         $ad = ldap_connect($host) or die("Could not connect!");
         //var_dump($ad);
         if ($ad) {
             //璁剧疆鍙傛暟
             ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
             ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
             // bool ldap_bind ( resource $link_identifier [, string $bind_rdn = NULL [, string $bind_password = NULL ]] )
             $bd = ldap_bind($ad, $user, $pswd) or die("Could not bind");
             ldap_control_paged_result($ad, 500, true, $cookie);
             $attrs = array("displayname", "name", "sAMAccountName", "userPrincipalName", "objectclass");
             //鎸囧畾闇�鏌ヨ鐨勭敤鎴疯寖鍥�
             $filter = "(objectclass=*)";
             //ldap_search ( resource $link_identifier , string $base_dn , string $filter [, array $attributes [, int $attrsonly [, int $sizelimit [, int $timelimit [, int $deref ]]]]] )
             $search = ldap_search($ad, 'ou=中梁集团,DC=zldcgroup,DC=com', $filter, $attrs, 0, 0, 0) or die("ldap search failed");
             $entries = ldap_get_entries($ad, $search);
             ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
             $result = array_merge($result, $entries);
             ldap_control_paged_result_response($ad, $search, $cookie);
             //echo json_encode($entries);
             //		var_dump($entries);
             $data = array();
             if ($entries["count"] > 0) {
                 //echo '返回记录数:'.$entries["count"];
                 for ($i = 0; $i < $entries["count"]; $i++) {
                     //所要获取的字段,都必须小写
                     //if(isset($entries[$i]["displayname"])){
                     //						echo "<p>name: ".$entries[$i]["name"][0]."<br />";//用户名
                     //						echo "<p>sAMAccountName: ".@$entries[$i]["samaccountname"][0]."<br />";//用户名
                     if (isset($entries[$i]["dn"][0])) {
                         //							echo "dn: ".$entries[$i]["dn"]."<br />";//用户名字
                         $is_user = in_array('user', $entries[$i]["objectclass"]) ? 1 : 0;
                         if ($is_user == 0) {
                             continue;
                         }
                         $dn = $entries[$i]["dn"];
                         $dn = explode(",", $dn);
                         $area = array();
                         foreach ($dn as $v) {
                             if (strpos($v, 'OU=') !== false) {
                                 array_push($area, str_replace("OU=", "", $v));
                                 //有的抬头不是OU
                             } else {
                                 if (strpos($v, 'CN=') !== false) {
                                     array_push($area, str_replace("CN=", "", $v));
                                     //有的抬头不是CN
                                 } else {
                                     if (strpos($v, 'DC=') !== false) {
                                         array_push($area, str_replace("DC=", "", $v));
                                         //有的抬头不是DC
                                     }
                                 }
                             }
                         }
                         $area = array_reverse($area);
                         $insertArr = array();
                         $flag = 1;
                         if (is_array($area)) {
                             $flag = count($area, COUNT_NORMAL);
                         }
                         //							var_dump($area);
                         //	list($f6,$f5,$f4,$f3,$f2,$f1) = $area;
                         foreach ($area as $val) {
                             $keyStr = 'F' . $flag;
                             $flag--;
                             $insertArr[$keyStr] = $val;
                         }
                         $insertArr['FISUSER'] = 1;
                         $insertArr['FNUMBER'] = $entries[$i]["samaccountname"][0];
                         $insertArr['FNAME'] = $entries[$i]["name"][0];
                         $insertArr['FORG'] = 'test';
                         if (is_array($area)) {
                             if (count($area, COUNT_NORMAL) >= 7) {
                                 //echo "test 5  ";
                             }
                         }
                         $where = 'FNUMBER = ' . $entries[$i]["samaccountname"][0];
                         $tableName = 'T_USER';
                         $this->db->select('*');
                         $this->db->where('FNUMBER', $entries[$i]["samaccountname"][0]);
                         $row = $this->db->get('T_USER')->row_array();
                         if (isset($row)) {
                             $result = $this->Tools->updateDataWithFID($insertArr, $tableName, $row['FID']);
                         } else {
                             $result = $this->Tools->addData($insertArr, $tableName);
                         }
                     }
                 }
                 //}
             } else {
                 //echo "<p>No results found!</p>";
             }
         }
     } while ($cookie !== null && $cookie != '');
     return $result;
 }
예제 #13
0
 /**
  * Group Information.  Returns an array of information about a group.
  * The group name is case sensitive
  * 
  * @param string $group_name The group name to retrieve info about
  * @param array $fields Fields to retrieve
  * @return array
  */
 public function group_info($group_name, $fields = NULL)
 {
     if ($group_name === NULL) {
         return false;
     }
     if (!$this->_bind) {
         return false;
     }
     if (stristr($group_name, '+')) {
         $group_name = stripslashes($group_name);
     }
     $filter = "(&(objectCategory=group)(name=" . $this->ldap_slashes($group_name) . "))";
     //echo ($filter."!!!<br>");
     if ($fields === NULL) {
         $fields = array("member", "memberof", "cn", "description", "distinguishedname", "objectcategory", "samaccountname");
     }
     // Let's use paging if available
     if (function_exists('ldap_control_paged_result')) {
         $pageSize = 500;
         $cookie = '';
         $entries = array();
         $entries_page = array();
         do {
             ldap_control_paged_result($this->_conn, $pageSize, true, $cookie);
             $sr = ldap_search($this->_conn, $this->_base_dn, $filter, $fields);
             $entries_page = ldap_get_entries($this->_conn, $sr);
             if (!is_array($entries_page)) {
                 return false;
             }
             $entries = array_merge($entries, $entries_page);
             ldap_control_paged_result_response($this->_conn, $sr, $cookie);
         } while ($cookie !== null && $cookie != '');
         $entries['count'] = count($entries) - 1;
         // Set a new count value !important!
         ldap_control_paged_result($this->_conn, $pageSize, true, $cookie);
         // RESET is important
     } else {
         // Non-Paged version
         $sr = ldap_search($this->_conn, $this->_base_dn, $filter, $fields);
         $entries = ldap_get_entries($this->_conn, $sr);
     }
     //print_r($entries);
     return $entries;
 }
예제 #14
0
파일: access.php 프로젝트: ryanshoover/core
 /**
  * @brief prepares a paged search, if possible
  * @param $filter the LDAP filter for the search
  * @param $base the LDAP subtree that shall be searched
  * @param $attr optional, when a certain attribute shall be filtered outside
  * @param $limit
  * @param $offset
  *
  */
 private function initPagedSearch($filter, $base, $attr, $limit, $offset)
 {
     $pagedSearchOK = false;
     if ($this->connection->hasPagedResultSupport && !is_null($limit)) {
         $offset = intval($offset);
         //can be null
         \OCP\Util::writeLog('user_ldap', 'initializing paged search for  Filter' . $filter . ' base ' . $base . ' attr ' . print_r($attr, true) . ' limit ' . $limit . ' offset ' . $offset, \OCP\Util::DEBUG);
         //get the cookie from the search for the previous search, required by LDAP
         $cookie = $this->getPagedResultCookie($filter, $limit, $offset);
         if (empty($cookie) && $offset > 0) {
             //no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?)
             $reOffset = $offset - $limit < 0 ? 0 : $offset - $limit;
             //a bit recursive, $offset of 0 is the exit
             \OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O ' . $limit . '/' . $reOffset, \OCP\Util::INFO);
             $this->search($filter, $base, $attr, $limit, $reOffset, true);
             $cookie = $this->getPagedResultCookie($filter, $limit, $offset);
             //still no cookie? obviously, the server does not like us. Let's skip paging efforts.
             //TODO: remember this, probably does not change in the next request...
             if (empty($cookie)) {
                 $cookie = null;
             }
         }
         if (!is_null($cookie)) {
             if ($offset > 0) {
                 \OCP\Util::writeLog('user_ldap', 'Cookie ' . $cookie, \OCP\Util::INFO);
             }
             $pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie);
             \OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO);
         } else {
             \OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit ' . $limit . ' Offset ' . $offset, \OCP\Util::INFO);
         }
     }
     return $pagedSearchOK;
 }
예제 #15
0
 /**
  * The core of ORM behavior for this bundle: retrieve data
  * from LDAP and convert results into objects.
  *
  * Options maybe:
  *
  *      attributes (array): array of attribute types (strings)
  *
  *      filter (LdapFilter): a filter array or a correctly formatted filter string
  *
  *      max (integer): the maximum limit of entries to return
  *
  *      searchDn (string): the search DN
  *
  *      subentryNodes (array): parameters for the left hand side of a searchDN, useful for mining subentries.
  *
  *      pageSize (integer): employ pagination and return pages of the given size
  *
  *      pageCookie (opaque): The opaque stucture sent by the LDAP server to maintain pagination state. Default is empty string.
  *
  *      pageCritical (boolean): if pagination employed, force paging and return no results on service which do not provide it. Default is true.
  *
  *      checkOnly (boolean): Only check result existence; don't convert search results to Symfony entities. Default is false.
  *
  * @param string $entityName
  * @param array $options
  * @return array
  * @throws MissingSearchDnException
  */
 public function retrieve($entityName, $options = array())
 {
     $paging = !empty($options['pageSize']);
     $instanceMetadataCollection = $this->getClassMetadata($entityName);
     // Discern max result size
     $max = empty($options['max']) ? self::DEFAULT_MAX_RESULT_COUNT : $options['max'];
     // Employ results paging if requested with pageSize option
     if ($paging) {
         if (!isset($options['pageCritical'])) {
             $options['pageCritical'] = FALSE;
         }
         if (isset($options['pageCookie'])) {
             $this->pageCookie = $options['pageCookie'];
         }
         ldap_control_paged_result($this->client->getLdapResource(), $options['pageSize'], $options['pageCritical'], $this->pageCookie);
     }
     // Discern subentryNodes for substituing into searchDN
     $subentryNodes = empty($options['subentryNodes']) ? array() : $options['subentryNodes'];
     // Discern search DN
     if (isset($options['searchDn'])) {
         $searchDn = $options['searchDn'];
     } else {
         $searchDn = $instanceMetadataCollection->getSearchDn();
     }
     if (empty($searchDn)) {
         throw new MissingSearchDnException('Could not discern search DN while searching for ' . $entityName);
     }
     // Discern LDAP filter
     $objectClass = $instanceMetadataCollection->getObjectClass();
     if (empty($options['filter'])) {
         $filter = '(objectClass=' . $objectClass . ')';
     } else {
         if (is_array($options['filter'])) {
             $options['filter'] = array('&' => array('objectClass' => $objectClass, $options['filter']));
             $ldapFilter = new LdapFilter($options['filter']);
             $filter = $ldapFilter->format();
         } else {
             if (is_a($options['filter'], LdapFilter::class)) {
                 $options['filter']->setFilterArray(array('&' => array('objectClass' => $objectClass, $options['filter']->getFilterArray())));
                 $filter = $options['filter']->format();
             } else {
                 // assume pre-formatted scale/string filter value
                 $filter = '(&(objectClass=' . $objectClass . ')' . $options['filter'] . ')';
             }
         }
     }
     // Discern attributes to retrieve
     if (empty($options['attributes'])) {
         $attributes = array_values($instanceMetadataCollection->getMetadatas());
     } else {
         $attributes = $options['attributes'];
     }
     // Search LDAP
     $searchResult = $this->doRawLdapSearch($filter, $attributes, $max, $searchDn);
     $entries = @ldap_get_entries($this->client->getLdapResource(), $searchResult);
     if (!empty($options['checkOnly']) && $options['checkOnly'] == true) {
         return $entries['count'] > 0;
     }
     $entities = array();
     foreach ($entries as $entry) {
         if (is_array($entry)) {
             $entities[] = $this->entryToEntity($entityName, $entry);
         }
     }
     if ($paging) {
         ldap_control_paged_result_response($this->client->getLdapResource(), $searchResult, $this->pageCookie);
         $this->pageMore = !empty($this->pageCookie);
     }
     if ($entries['count'] == 1) {
         return $entities[0];
     }
     return $entities;
 }
예제 #16
0
파일: Ldap.php 프로젝트: jbirdkerr/snipe-it
 /**
  * Searches LDAP
  *
  * @author [A. Gianotto] [<*****@*****.**>]
  * @since [v3.0]
  * @param $ldapatttibutes
  * @return array|bool
  */
 static function findLdapUsers()
 {
     $ldapconn = Ldap::connectToLdap();
     $ldap_bind = Ldap::bindAdminToLdap($ldapconn);
     $base_dn = Setting::getSettings()->ldap_basedn;
     $filter = Setting::getSettings()->ldap_filter;
     // Set up LDAP pagination for very large databases
     // @author Richard Hofman
     $page_size = 500;
     $cookie = '';
     $result_set = array();
     $global_count = 0;
     // Perform the search
     do {
         // Paginate (non-critical, if not supported by server)
         ldap_control_paged_result($ldapconn, $page_size, false, $cookie);
         $search_results = ldap_search($ldapconn, $base_dn, '(' . $filter . ')');
         if (!$search_results) {
             return redirect()->route('users')->with('error', trans('admin/users/message.error.ldap_could_not_search') . ldap_error($ldapconn));
         }
         // Get results from page
         $results = ldap_get_entries($ldapconn, $search_results);
         if (!$results) {
             return redirect()->route('users')->with('error', trans('admin/users/message.error.ldap_could_not_get_entries') . ldap_error($ldapconn));
         }
         // Add results to result set
         $global_count += $results['count'];
         $result_set = array_merge($result_set, $results);
         ldap_control_paged_result_response($ldapconn, $search_results, $cookie);
     } while ($cookie !== null && $cookie != '');
     // Clean up after search
     $result_set['count'] = $global_count;
     $results = $result_set;
     ldap_control_paged_result($ldapconn, 0);
     return $results;
 }
예제 #17
0
 function QueryArray($str = '(ObjectClass=*)', $fields = false)
 {
     global $APPLICATION;
     if (strlen($this->arFields['BASE_DN']) <= 0) {
         return false;
     }
     $arBaseDNs = explode(";", $this->arFields['BASE_DN']);
     $info = false;
     $i = 0;
     if ($this->arFields["CONVERT_UTF8"] == "Y") {
         $str = $APPLICATION->ConvertCharset($str, SITE_CHARSET, "utf-8");
     }
     foreach ($arBaseDNs as $BaseDN) {
         global $APPLICATION;
         $BaseDN = trim($BaseDN);
         if ($BaseDN == "") {
             continue;
         }
         if ($this->arFields["CONVERT_UTF8"] == "Y") {
             $BaseDN = $APPLICATION->ConvertCharset($BaseDN, SITE_CHARSET, "utf-8");
         }
         $defaultMaxPageSizeAD = 1000;
         $pageSize = isset($this->arFields['MAX_PAGE_SIZE']) && intval($this->arFields['MAX_PAGE_SIZE'] > 0) ? intval($this->arFields['MAX_PAGE_SIZE']) : $defaultMaxPageSizeAD;
         $cookie = '';
         do {
             if (CLdapUtil::isLdapPaginationAviable()) {
                 ldap_control_paged_result($this->conn, $pageSize, false, $cookie);
             }
             if ($fields === false) {
                 $sr = @ldap_search($this->conn, $BaseDN, $str);
             } else {
                 $sr = @ldap_search($this->conn, $BaseDN, $str, $fields);
             }
             if ($sr) {
                 $entry = ldap_first_entry($this->conn, $sr);
                 if ($entry) {
                     if (!is_array($info)) {
                         $info = array();
                         $i = 0;
                     }
                     do {
                         $attributes = ldap_get_attributes($this->conn, $entry);
                         for ($j = 0; $j < $attributes['count']; $j++) {
                             $values = @ldap_get_values_len($this->conn, $entry, $attributes[$j]);
                             if ($values === false) {
                                 continue;
                             }
                             $bPhotoAttr = in_array($attributes[$j], self::$PHOTO_ATTRIBS);
                             $info[$i][strtolower($attributes[$j])] = $bPhotoAttr ? $values : $this->WorkAttr($values);
                         }
                         if (!is_set($info[$i], 'dn')) {
                             if ($this->arFields["CONVERT_UTF8"] == "Y") {
                                 $info[$i]['dn'] = $APPLICATION->ConvertCharset(ldap_get_dn($this->conn, $entry), "utf-8", SITE_CHARSET);
                             } else {
                                 $info[$i]['dn'] = ldap_get_dn($this->conn, $entry);
                             }
                         }
                         $i++;
                     } while ($entry = ldap_next_entry($this->conn, $entry));
                 }
             } elseif ($sr === false) {
                 $APPLICATION->ThrowException("LDAP_SEARCH_ERROR");
             }
             if (CLdapUtil::isLdapPaginationAviable()) {
                 ldap_control_paged_result_response($this->conn, $sr, $cookie);
             }
         } while ($cookie !== null && $cookie != '');
     }
     return $info;
 }
예제 #18
0
 /**
  *
  * @param type $baseDn
  * @param type $filter
  * @param array $attributes
  * @param int $pageSize
  * @return \Generator
  * @throws LdapException
  */
 public function pagedSearch($baseDn, $filter, array $attributes = [], $pageSize = 100)
 {
     $this->checkConnection();
     $resource = $this->conn->getResource();
     $cookie = '';
     do {
         ldap_control_paged_result($resource, $pageSize, true, $cookie);
         $search = @ldap_search($resource, $baseDn, $filter, $attributes);
         if ($search === false) {
             ErrorHandler::throwException($this->conn);
         }
         $result = @ldap_get_entries($resource, $search);
         if ($result === false) {
             ErrorHandler::throwException($this->conn);
         }
         for ($i = 0; $i < $result['count']; $i++) {
             $row = $result[$i];
             $entry = $this->parseArray($row);
             (yield $entry);
         }
         ldap_control_paged_result_response($resource, $search, $cookie);
     } while ($cookie !== null && $cookie != '');
 }
예제 #19
0
 /**
  * @brief search a list in ldap server
  * @param $ldapbasedn the base dn
  * @param $bindsearch the search filter
  * @param $entries the ldap entries to reach
  * @param $start the starting point
  * @param $num the number of entries to return
  * @return array|false
  */
 public function ldapFindMultiple($ldapbasedn, $bindsearch, $entriesName, $start = null, $num = null)
 {
     if ($entriesName != null && self::ldapCreateAndBindConnection() && $ldapbasedn != null && $bindsearch != null) {
         if ($start == null) {
             $start = 0;
         }
         if ($num == null) {
             $num = PHP_INT_MAX;
         }
         $pageSize = isset($this->ldapParams['ldappagesize']) ? $this->ldapParams['ldappagesize'] : "20";
         $cookie = '';
         $entries = array();
         $cpt = 0;
         \OC_Log::write('contacts_ldap', __METHOD__ . " - search what {$ldapbasedn}, {$bindsearch} {$pageSize}", \OC_Log::DEBUG);
         do {
             ldap_control_paged_result($this->ldapConnection, $pageSize, true, $cookie);
             $ldap_results = ldap_search($this->ldapConnection, $ldapbasedn, $bindsearch, $entriesName);
             $LdapEntries = ldap_get_entries($this->ldapConnection, $ldap_results);
             for ($i = 0; $i < $LdapEntries['count']; $i++) {
                 $entries[] = $LdapEntries[$i];
             }
             ldap_control_paged_result_response($this->ldapConnection, $ldap_results, $cookie);
             $cpt++;
         } while ($cookie !== null && $cookie != '' && $cpt < 10);
         $entries['count'] = count($entries);
         return $entries;
         self::ldapCloseConnection();
     }
     return false;
 }
예제 #20
0
 /**
  * Send LDAP pagination control
  *
  * @param  integer      $pageSize       The number of entries by page
  * @param  boolean      $isCritical     Indicates whether the pagination is critical of not
  * @param  string       $cookie         An opaque structure sent by the server
  * @return self
  */
 public function pagedResult($pageSize, $isCritical = false, $cookie = '')
 {
     ldap_control_paged_result($this->resource, $pageSize, $isCritical, $cookie);
     return $this;
 }
예제 #21
0
 /**
  * Run the given LDAP query and return the resulting entries
  *
  * This utilizes paged search requests as defined in RFC 2696.
  *
  * @param   LdapQuery   $query      The query to fetch results with
  * @param   array       $fields     Request these attributes instead of the ones registered in the given query
  * @param   int         $pageSize   The maximum page size, defaults to self::PAGE_SIZE
  *
  * @return  array
  *
  * @throws  LdapException           In case an error occured while fetching the results
  */
 protected function runPagedQuery(LdapQuery $query, array $fields = null, $pageSize = null)
 {
     if ($pageSize === null) {
         $pageSize = static::PAGE_SIZE;
     }
     $limit = $query->getLimit();
     $offset = $query->hasOffset() ? $query->getOffset() : 0;
     if ($fields === null) {
         $fields = $query->getColumns();
     }
     $ds = $this->getConnection();
     $serverSorting = false;
     //$this->getCapabilities()->hasOid(LdapCapabilities::LDAP_SERVER_SORT_OID);
     if (!$serverSorting && $query->hasOrder() && !empty($fields)) {
         foreach ($query->getOrder() as $rule) {
             if (!in_array($rule[0], $fields, true)) {
                 $fields[] = $rule[0];
             }
         }
     }
     $unfoldAttribute = $query->getUnfoldAttribute();
     if ($unfoldAttribute) {
         foreach ($query->getFilter()->listFilteredColumns() as $filterColumn) {
             $fieldKey = array_search($filterColumn, $fields, true);
             if ($fieldKey === false || is_string($fieldKey)) {
                 $fields[] = $filterColumn;
             }
         }
     }
     $count = 0;
     $cookie = '';
     $entries = array();
     do {
         // Do not request the pagination control as a critical extension, as we want the
         // server to return results even if the paged search request cannot be satisfied
         ldap_control_paged_result($ds, $pageSize, false, $cookie);
         if ($serverSorting && $query->hasOrder()) {
             ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array(array('oid' => LdapCapabilities::LDAP_SERVER_SORT_OID, 'value' => $this->encodeSortRules($query->getOrder()))));
         }
         $results = $this->ldapSearch($query, array_values($fields), 0, $serverSorting && $limit ? $offset + $limit : 0);
         if ($results === false) {
             if (ldap_errno($ds) === self::LDAP_NO_SUCH_OBJECT) {
                 break;
             }
             throw new LdapException('LDAP query "%s" (base %s) failed. Error: %s', (string) $query, $query->getBase() ?: $this->getDn(), ldap_error($ds));
         } elseif (ldap_count_entries($ds, $results) === 0) {
             if (in_array(ldap_errno($ds), array(static::LDAP_SIZELIMIT_EXCEEDED, static::LDAP_ADMINLIMIT_EXCEEDED), true)) {
                 Logger::warning('Unable to request more than %u results. Does the server allow paged search requests? (%s)', $count, ldap_error($ds));
             }
             break;
         }
         $entry = ldap_first_entry($ds, $results);
         do {
             if ($unfoldAttribute) {
                 $rows = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields, $unfoldAttribute);
                 if (is_array($rows)) {
                     // TODO: Register the DN the same way as a section name in the ArrayDatasource!
                     foreach ($rows as $row) {
                         if ($query->getFilter()->matches($row)) {
                             $count += 1;
                             if (!$serverSorting || $offset === 0 || $offset < $count) {
                                 $entries[] = $row;
                             }
                             if ($serverSorting && $limit > 0 && $limit === count($entries)) {
                                 break;
                             }
                         }
                     }
                 } else {
                     $count += 1;
                     if (!$serverSorting || $offset === 0 || $offset < $count) {
                         $entries[ldap_get_dn($ds, $entry)] = $rows;
                     }
                 }
             } else {
                 $count += 1;
                 if (!$serverSorting || $offset === 0 || $offset < $count) {
                     $entries[ldap_get_dn($ds, $entry)] = $this->cleanupAttributes(ldap_get_attributes($ds, $entry), $fields);
                 }
             }
         } while ((!$serverSorting || $limit === 0 || $limit !== count($entries)) && ($entry = ldap_next_entry($ds, $entry)));
         if (false === @ldap_control_paged_result_response($ds, $results, $cookie)) {
             // If the page size is greater than or equal to the sizeLimit value, the server should ignore the
             // control as the request can be satisfied in a single page: https://www.ietf.org/rfc/rfc2696.txt
             // This applies no matter whether paged search requests are permitted or not. You're done once you
             // got everything you were out for.
             if ($serverSorting && count($entries) !== $limit) {
                 // The server does not support pagination, but still returned a response by ignoring the
                 // pagedResultsControl. We output a warning to indicate that the pagination control was ignored.
                 Logger::warning('Unable to request paged LDAP results. Does the server allow paged search requests?');
             }
         }
         ldap_free_result($results);
     } while ($cookie && (!$serverSorting || $limit === 0 || count($entries) < $limit));
     if ($cookie) {
         // A sequence of paged search requests is abandoned by the client sending a search request containing a
         // pagedResultsControl with the size set to zero (0) and the cookie set to the last cookie returned by
         // the server: https://www.ietf.org/rfc/rfc2696.txt
         ldap_control_paged_result($ds, 0, false, $cookie);
         // Returns no entries, due to the page size
         ldap_search($ds, $query->getBase() ?: $this->getDn(), (string) $query);
     }
     if (!$serverSorting && $query->hasOrder()) {
         uasort($entries, array($query, 'compare'));
         if ($limit && $count > $limit) {
             $entries = array_splice($entries, $query->hasOffset() ? $query->getOffset() : 0, $limit);
         }
     }
     return $entries;
 }
 protected function objectSearchResultCount($conn, $base_dn, $search_filter)
 {
     $base_dn = $this->prepareQueryString($base_dn);
     $search_filter = $this->prepareQueryString($search_filter);
     $resultCount = 0;
     $pageCookie = "";
     do {
         if (function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response")) {
             ldap_control_paged_result($conn, $this->ldapSearchPageSize, true, $pageCookie);
         }
         // Start search in LDAP directory.
         $sr = ldap_search($conn, $base_dn, $search_filter, array(), 0, 0);
         if (!$sr) {
             break;
         }
         // Get number of found results.
         $resultCount += ldap_count_entries($conn, $sr);
         if (function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response")) {
             ldap_control_paged_result_response($conn, $sr, $pageCookie);
         }
     } while ($pageCookie !== null && $pageCookie != "");
     return $resultCount;
 }
예제 #23
0
 /**
  * Returns all usernames from LDAP
  *
  * @param $filter An LDAP search filter to select desired users
  * @return array of LDAP user names converted to UTF-8
  */
 function ldap_get_userlist($filter = '*')
 {
     $fresult = array();
     $ldapconnection = $this->ldap_connect();
     if ($filter == '*') {
         $filter = '(&(' . $this->config->user_attribute . '=*)' . $this->config->objectclass . ')';
     }
     $contexts = explode(';', $this->config->contexts);
     if (!empty($this->config->create_context)) {
         array_push($contexts, $this->config->create_context);
     }
     $ldap_cookie = '';
     $ldap_pagedresults = ldap_paged_results_supported($this->config->ldap_version);
     foreach ($contexts as $context) {
         $context = trim($context);
         if (empty($context)) {
             continue;
         }
         do {
             if ($ldap_pagedresults) {
                 ldap_control_paged_result($ldapconnection, $this->config->pagesize, true, $ldap_cookie);
             }
             if ($this->config->search_sub) {
                 // Use ldap_search to find first user from subtree.
                 $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->config->user_attribute));
             } else {
                 // Search only in this context.
                 $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->config->user_attribute));
             }
             if (!$ldap_result) {
                 continue;
             }
             if ($ldap_pagedresults) {
                 ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie);
             }
             $users = ldap_get_entries_moodle($ldapconnection, $ldap_result);
             // Add found users to list.
             for ($i = 0; $i < count($users); $i++) {
                 $extuser = core_text::convert($users[$i][$this->config->user_attribute][0], $this->config->ldapencoding, 'utf-8');
                 array_push($fresult, $extuser);
             }
             unset($ldap_result);
             // Free mem.
         } while ($ldap_pagedresults && !empty($ldap_cookie));
     }
     // If paged results were used, make sure the current connection is completely closed
     $this->ldap_close($ldap_pagedresults);
     return $fresult;
 }
<?php
include "connect.inc";

$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);

$dn = "$base";
$filter = "(cn=user*)";
var_dump(
	ldap_control_paged_result($link, 2),
	$result = ldap_search($link, $dn, $filter, array('cn')),
	ldap_get_entries($link, $result)
);
?>
===DONE===
<?php
include "connect.inc";

$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
예제 #25
0
파일: lib.php 프로젝트: abhilash1994/moodle
 /**
  * Return multidimensional array with details of user courses (at
  * least dn and idnumber).
  *
  * @param string $memberuid user idnumber (without magic quotes).
  * @param object role is a record from the mdl_role table.
  * @return array
  */
 protected function find_ext_enrolments($memberuid, $role)
 {
     global $CFG;
     require_once $CFG->libdir . '/ldaplib.php';
     if (empty($memberuid)) {
         // No "idnumber" stored for this user, so no LDAP enrolments
         return array();
     }
     $ldap_contexts = trim($this->get_config('contexts_role' . $role->id));
     if (empty($ldap_contexts)) {
         // No role contexts, so no LDAP enrolments
         return array();
     }
     $extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding'));
     if ($this->get_config('memberattribute_isdn')) {
         if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) {
             return array();
         }
     }
     $ldap_search_pattern = '';
     if ($this->get_config('nested_groups')) {
         $usergroups = $this->ldap_find_user_groups($extmemberuid);
         if (count($usergroups) > 0) {
             foreach ($usergroups as $group) {
                 $ldap_search_pattern .= '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . $group . ')';
             }
         }
     }
     // Default return value
     $courses = array();
     // Get all the fields we will want for the potential course creation
     // as they are light. don't get membership -- potentially a lot of data.
     $ldap_fields_wanted = array('dn', $this->get_config('course_idnumber'));
     $fullname = $this->get_config('course_fullname');
     $shortname = $this->get_config('course_shortname');
     $summary = $this->get_config('course_summary');
     if (isset($fullname)) {
         array_push($ldap_fields_wanted, $fullname);
     }
     if (isset($shortname)) {
         array_push($ldap_fields_wanted, $shortname);
     }
     if (isset($summary)) {
         array_push($ldap_fields_wanted, $summary);
     }
     // Define the search pattern
     if (empty($ldap_search_pattern)) {
         $ldap_search_pattern = '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')';
     } else {
         $ldap_search_pattern = '(|' . $ldap_search_pattern . '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')' . ')';
     }
     $ldap_search_pattern = '(&' . $this->get_config('objectclass') . $ldap_search_pattern . ')';
     // Get all contexts and look for first matching user
     $ldap_contexts = explode(';', $ldap_contexts);
     $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version'));
     foreach ($ldap_contexts as $context) {
         $context = trim($context);
         if (empty($context)) {
             continue;
         }
         $ldap_cookie = '';
         $flat_records = array();
         do {
             if ($ldap_pagedresults) {
                 ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie);
             }
             if ($this->get_config('course_search_sub')) {
                 // Use ldap_search to find first user from subtree
                 $ldap_result = @ldap_search($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
             } else {
                 // Search only in this context
                 $ldap_result = @ldap_list($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
             }
             if (!$ldap_result) {
                 continue;
             }
             if ($ldap_pagedresults) {
                 ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie);
             }
             // Check and push results. ldap_get_entries() already
             // lowercases the attribute index, so there's no need to
             // use array_change_key_case() later.
             $records = ldap_get_entries($this->ldapconnection, $ldap_result);
             // LDAP libraries return an odd array, really. Fix it.
             for ($c = 0; $c < $records['count']; $c++) {
                 array_push($flat_records, $records[$c]);
             }
             // Free some mem
             unset($records);
         } while ($ldap_pagedresults && !empty($ldap_cookie));
         // If LDAP paged results were used, the current connection must be completely
         // closed and a new one created, to work without paged results from here on.
         if ($ldap_pagedresults) {
             $this->ldap_close();
             $this->ldap_connect();
         }
         if (count($flat_records)) {
             $courses = array_merge($courses, $flat_records);
         }
     }
     return $courses;
 }
예제 #26
0
파일: Task.php 프로젝트: alaneor/ad-x
 /**
  * Perform the lookup operation on server and return the resultset
  *
  * This method sends the lookup request to the server with the
  * configuration you provided. If the {@link Link} has pagination enabled,
  * it will return a single page. To get the subsequent pages, call this method
  * again on the object, without modifying the lookup criteria.
  *
  * @uses		Link::$rootDSE		to get the domain base dn ( from <i>defaultnamingcontext</i> ) if no override has been specified
  *
  * @return		Result|false		The Result object with returned Objects or FALSE if maximum number of referrals was chased
  */
 public function run()
 {
     // Prepare the information needed for the operation
     $link_id = $this->adxLink->get_link();
     $baseDN = $this->dn || $this->dn === '' ? $this->dn : $this->adxLink->rootDSE->defaultnamingcontext(0);
     if ($this->use_pages && $this->complete) {
         $this->cookie = '';
     }
     // Reset the cookie if the operation is started again
     $this->complete = false;
     // Reset the completion status
     // Send the pagination control cookie if present
     // I must check explicitly for NULL bcause '' also evaluates to FALSE
     if ($this->cookie !== null) {
         ldap_control_paged_result($link_id, $this->sizelimit, true, $this->cookie);
     }
     // Perform the lookup operation
     // All exceptions thrown here will bubble up!
     $result_id = $this->_directory_lookup($this->operationType, $link_id, $baseDN, $this->filter, $this->attributes);
     // Get the new cookie from the response if pagination is enabled
     // I must check explicitly for NULL bcause '' also evaluates to FALSE
     if ($this->cookie !== null) {
         ldap_control_paged_result_response($link_id, $result_id, $this->cookie);
     }
     // Lookup operation successful - continue processing...
     $referral_link = $this->_parse_referrals($result_id);
     // Check for referrals
     if ($referral_link) {
         if ($this->referral_counter <= $this->max_referrals) {
             // Do we have this connection in the pool already?
             if (isset(static::$connection_pool[$referral_link])) {
                 $link = static::$connection_pool[$referral_link];
                 // Use the existing link to perform the lookup
             } else {
                 $link = $this->adxLink->_redirect($referral_link);
                 // Reconnect to the new server
                 static::$connection_pool[$referral_link] = $link;
                 // Save the connection in the link pool
             }
             $this->referral_counter++;
             $this->adxLink = $link;
             // Replace the current link with the new link
             return $this->run();
             // Only those calls that actually succeed in getting data should continue with code below
         } else {
             return false;
         }
         // Reached maximum number of referrals -> do not continue
     }
     // Successfully retrieved data from server
     $this->referral_counter = 0;
     $result = ldap_get_entries($this->adxLink->get_link(), $result_id);
     unset($result['count']);
     // Clean up some unneeded mess ( more cleanup happens at object instantiation )
     $data = array();
     // Create new objects from result, converting the values to php-compatible data formats on the way
     foreach ($result as $objectData) {
         // Is there a special class defined for this particular object class ( under ADX\Classes namespace )?
         // Use 'Object' if the objectClass attribute is either not present or there is no class override
         if (isset($objectData['objectclass'])) {
             $class = 'ADX\\Classes\\' . end($objectData['objectclass']);
             $class = class_exists($class) ? $class : 'ADX\\Core\\Object';
         } else {
             $class = 'ADX\\Core\\Object';
         }
         $data[] = new $class($this->adxLink, $objectData, true);
     }
     $this->complete = !$this->cookie;
     // As long as cookie is present, the result cannot be complete
     return new Result($data);
 }
예제 #27
0
 public function getUserEntries($login = null, $countOnly = false, $offset = -1, $limit = -1, $regexpOnSearchAttr = false)
 {
     if ($login == null) {
         $filter = $this->ldapFilter;
     } else {
         if ($regexpOnSearchAttr && !empty($this->options["LDAP_SEARCHUSER_ATTR"])) {
             $searchAttr = $this->options["LDAP_SEARCHUSER_ATTR"];
             $searchAttrArray = explode(",", $searchAttr);
         }
         if (isset($searchAttrArray)) {
             if (count($searchAttrArray) > 1) {
                 $searchAttrFilter = "(|";
                 foreach ($searchAttrArray as $attr) {
                     $searchAttrFilter .= "(" . $attr . "=" . $login . ")";
                 }
                 $searchAttrFilter .= ")";
             } else {
                 $searchAttrFilter = "(" . $searchAttrArray[0] . "=" . $login . ")";
             }
         } else {
             $searchAttrFilter = "(" . $this->ldapUserAttr . "=" . $login . ")";
         }
         if ($this->ldapFilter == "") {
             $filter = $searchAttrFilter;
         } else {
             $filter = "(&" . $this->ldapFilter . $searchAttrFilter . ")";
         }
     }
     if (empty($filter)) {
         if (!empty($this->dynamicFilter)) {
             $filter = $this->dynamicFilter;
         } else {
             $filter = $this->ldapUserAttr . "=*";
         }
     } else {
         if (!empty($this->dynamicFilter)) {
             $filter = "(&(" . $this->dynamicFilter . ")" . $filter . ")";
         }
     }
     if ($this->ldapconn == null) {
         $this->startConnexion();
     }
     $conn = array();
     if (is_array($this->ldapDN)) {
         foreach ($this->ldapDN as $dn) {
             $conn[] = $this->ldapconn;
         }
     } else {
         $conn = array($this->ldapconn);
     }
     $expected = array($this->ldapUserAttr);
     if ($login != null && (!empty($this->customParamsMapping) || !empty($this->paramsMapping))) {
         if (!empty($this->customParamsMapping)) {
             $expected = array_merge($expected, array_keys($this->customParamsMapping));
         }
         if (!empty($this->paramsMapping)) {
             $keys = array();
             foreach ($this->paramsMapping as $param) {
                 $keys[] = $param["MAPPING_LDAP_PARAM"];
             }
             $expected = array_merge($expected, $keys);
         }
     }
     if (is_array($this->dynamicExpected)) {
         $expected = array_merge($expected, $this->dynamicExpected);
     }
     foreach ($conn as $dn => $ldapc) {
         if (!$ldapc) {
             unset($conn[$dn]);
         }
     }
     if (count($conn) < 1) {
         return array("count" => 0);
     }
     //$ret = ldap_search($conn,$this->ldapDN,$filter, $expected);
     $cookie = '';
     if (empty($this->pageSize) || !is_numeric($this->pageSize)) {
         $this->pageSize = 500;
     }
     $allEntries = array("count" => 0);
     $isSupportPagedResult = function_exists("ldap_control_paged_result") && function_exists("ldap_control_paged_result_response");
     $gotAllEntries = false;
     $index = 0;
     //Update progress bar in CLI mode
     $isListAll = $offset == -1 && $limit == -1 && is_null($login) && $regexpOnSearchAttr && php_sapi_name() == "cli";
     if ($isListAll) {
         $total = $this->getCountFromCache();
         $progressBar = new AJXP_ProgressBarCLI();
         $progressBar->init($index, $total["count"], "Get ldap users");
     }
     do {
         if ($isSupportPagedResult) {
             ldap_control_paged_result($this->ldapconn, $this->pageSize, false, $cookie);
         }
         $ret = ldap_search($conn, $this->ldapDN, $filter, $expected, 0, 0);
         if ($ret === false) {
             break;
         }
         foreach ($ret as $i => $resourceResult) {
             if ($resourceResult === false) {
                 continue;
             }
             if ($countOnly) {
                 $allEntries["count"] += ldap_count_entries($conn[$i], $resourceResult);
                 continue;
             }
             if ($limit != -1) {
                 //usort($entries, array($this, "userSortFunction"));
                 ldap_sort($conn[$i], $resourceResult, $this->ldapUserAttr);
             }
             $entries = ldap_get_entries($conn[$i], $resourceResult);
             // for better performance
             if (is_array($entries) && $offset != -1 && $limit != -1 && $index + $this->pageSize < $offset) {
                 $index += $this->pageSize;
                 continue;
             }
             if (!empty($entries["count"])) {
                 $allEntries["count"] += $entries["count"];
                 unset($entries["count"]);
                 foreach ($entries as $entry) {
                     if ($offset != -1 && $index < $offset) {
                         $index++;
                         continue;
                     }
                     // fake memberOf
                     if ($this->fakeAttrMemberOf && method_exists($this, "fakeMemberOf") && in_array(strtolower("memberof"), array_map("strtolower", $expected))) {
                         if ($this->attrMemberInGroup) {
                             $uid = $entry["dn"];
                         } else {
                             $uidWithEqual = explode(",", $entry["dn"]);
                             $uidShort = explode("=", $uidWithEqual[0]);
                             $uid = $uidShort[1];
                         }
                         $strldap = "(&" . $this->ldapGFilter . "(" . $this->fakeAttrMemberOf . "=" . $uid . "))";
                         $this->fakeMemberOf($conn, $this->ldapGDN, $strldap, array("cn"), $entry);
                     }
                     $allEntries[] = $entry;
                     $index++;
                     //Update progress bar in CLI mode
                     if (isset($progressBar)) {
                         $progressBar->update($index);
                     }
                     if ($offset != -1 && $limit != -1 && $index > $offset + $limit) {
                         break;
                     }
                 }
                 if ($index > $offset + $limit && $limit != -1 && $offset != -1) {
                     $gotAllEntries = true;
                 }
             }
         }
         if ($isSupportPagedResult) {
             foreach ($ret as $element) {
                 if (is_resource($element)) {
                     @ldap_control_paged_result_response($this->ldapconn, $element, $cookie);
                 }
             }
         }
     } while ($cookie !== null && $cookie != '' && $isSupportPagedResult && !$gotAllEntries);
     // reset paged_result for other activities (otherwise we will experience ldap error)
     if ($isSupportPagedResult) {
         ldap_control_paged_result($this->ldapconn, 0);
     }
     return $allEntries;
 }
<?php

include "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
$dn = "{$base}";
$filter = "(cn=user*)";
var_dump(ldap_control_paged_result($link, 2), $result = ldap_search($link, $dn, $filter, array('cn')), ldap_get_entries($link, $result));
?>
===DONE===
예제 #29
0
 /**
 * execute a paged ldap query and return entries as one aggregated array
 *
 * $this->searchPageStart and $this->searchPageEnd should be set before calling if
 *   a particular set of pages is desired
 *
 * @param array $ldap_query_params of form:
    'base_dn' => base_dn,
    'filter' =>  filter,
    'attributes' => attributes,
    'attrsonly' => attrsonly,
    'sizelimit' => sizelimit,
    'timelimit' => timelimit,
    'deref' => deref,
    'scope' => scope,
 
    (this array of parameters is primarily passed on to ldapQuery() method)
 *
 * @return array of ldap entries or FALSE on error.
 *
 */
 public function pagedLdapQuery($ldap_query_params)
 {
     if (!($this->searchPagination && $this->paginationEnabled)) {
         watchdog('ldap', "LDAP server pagedLdapQuery() called when functionality not available in php install or\n        not enabled in ldap server configuration.  error. basedn: %basedn| filter: %filter| attributes:\n         %attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens);
         return FALSE;
     }
     $paged_entries = array();
     $page_token = '';
     $page = 0;
     $estimated_entries = 0;
     $aggregated_entries = array();
     $aggregated_entries_count = 0;
     $has_page_results = FALSE;
     do {
         ldap_control_paged_result($this->connection, $this->searchPageSize, TRUE, $page_token);
         $result = $this->ldapQuery($ldap_query_params['scope'], $ldap_query_params);
         if ($page >= $this->searchPageStart) {
             $skipped_page = FALSE;
             if ($result && $this->countEntries($result) !== FALSE) {
                 $page_entries = ldap_get_entries($this->connection, $result);
                 unset($page_entries['count']);
                 $has_page_results = is_array($page_entries) && count($page_entries) > 0;
                 $aggregated_entries = array_merge($aggregated_entries, $page_entries);
                 $aggregated_entries_count = count($aggregated_entries);
             } elseif ($this->ldapErrorNumber()) {
                 $watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], '%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), '%errno' => $this->ldapErrorNumber());
                 watchdog('ldap', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes:\n            %attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens);
                 return FALSE;
             } else {
                 return FALSE;
             }
         } else {
             $skipped_page = TRUE;
         }
         @ldap_control_paged_result_response($this->connection, $result, $page_token, $estimated_entries);
         if ($ldap_query_params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) {
             // false positive error thrown.  do not set result limit error when $sizelimit specified
         } elseif ($this->hasError()) {
             watchdog('ldap_server', 'ldap_control_paged_result_response() function error. LDAP Error: %message, ldap_list() parameters: %query', array('%message' => $this->errorMsg('ldap'), '%query' => $ldap_query_params['query_display']), WATCHDOG_ERROR);
         }
         if (isset($ldap_query_params['sizelimit']) && $ldap_query_params['sizelimit'] && $aggregated_entries_count >= $ldap_query_params['sizelimit']) {
             $discarded_entries = array_splice($aggregated_entries, $ldap_query_params['sizelimit']);
             break;
         } elseif ($this->searchPageEnd !== NULL && $page >= $this->searchPageEnd) {
             // user defined pagination has run out
             break;
         } elseif ($page_token === NULL || $page_token == '') {
             // ldap reference pagination has run out
             break;
         }
         $page++;
     } while ($skipped_page || $has_page_results);
     $aggregated_entries['count'] = count($aggregated_entries);
     return $aggregated_entries;
 }
 /**
  * Wrapper function for ldap_control_paged_result().
  *
  * @param resource $link
  *   An LDAP link identifier.
  * @param int $pagesize
  *   The number of entries by page.
  * @param boolean $iscritical
  *   Indicates whether the pagination is critical of not. If true and if the
  *   server doesn't support pagination, the search will return no result.
  * @param string $cookie
  *   An opaque structure sent by the server.
  *
  * @return boolean
  *   TRUE on success.
  *
  * @throw SimpleLdapException
  *
  * @todo Default values for $pagesize, $iscritical, $cookie.
  */
 public static function ldap_control_paged_result($link, $pagesize, $iscritical, $cookie)
 {
     // Devel debugging.
     if (variable_get('simple_ldap_devel', FALSE)) {
         dpm(__FUNCTION__);
         dpm(array('$pagesize' => $pagesize, '$iscritical' => $iscritical, '$cookie' => $cookie));
     }
     // Wrapped function call.
     $return = @ldap_control_paged_result($link, $pagesize, $iscritical, $cookie);
     // Debugging.
     if (variable_get('simple_ldap_debug', FALSE)) {
         $message = __FUNCTION__ . '($link = @link, $pagesize = @pagesize, $iscritical = @iscritical, $cookie = @cookie) returns @return';
         $variables = array('@link' => print_r($link, TRUE), '@pagesize' => print_r($pagesize, TRUE), '@iscritical' => print_r($iscritical, TRUE), '@cookie' => print_r($cookie, TRUE), '@return' => print_r($return, TRUE));
         watchdog('simple_ldap', $message, $variables, WATCHDOG_DEBUG);
     }
     // Error handling.
     if ($return === FALSE) {
         throw new SimpleLdapException($link);
     }
     return $return;
 }