/** * Get the primary of a member (supports consulting of LDAP). * * @param MEMBER The member. * @return GROUP The primary. */ function ocf_get_member_primary_group($member_id) { global $PRIMARY_GROUP_MEMBERS; if (array_key_exists($member_id, $PRIMARY_GROUP_MEMBERS)) { return $PRIMARY_GROUP_MEMBERS[$member_id]; } if (ocf_is_ldap_member($member_id)) { ocf_ldap_get_member_primary_group($member_id); } else { $PRIMARY_GROUP_MEMBERS[$member_id] = $GLOBALS['OCF_DRIVER']->get_member_row_field($member_id, 'm_primary_group'); } return $PRIMARY_GROUP_MEMBERS[$member_id]; }
/** * (LDAP helper for ocf_get_group_members_raw) Get a list of members in a group (or more full details if $non_validated is true). * * @param array The list is written into this. * @param GROUP The ID of the usergroup. * @param boolean Whether to include those in the usergroup as a primary member. * @param boolean Whether to include those applied to join the usergroup, but not validated in. * @param boolean Whether to include those in the usergroup as a secondary member. */ function ocf_get_group_members_raw_ldap(&$members, $group_id, $include_primaries, $non_validated, $include_secondaries) { global $LDAP_CONNECTION; $gid = NULL; $cn = ocf_group_ocfid_to_ldapcn($group_id); if (get_option('ldap_is_windows') == '0') { // Members under group (secondary) if ($include_secondaries && !is_null($cn)) { $results = ldap_search($LDAP_CONNECTION, group_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_group_class() . ')(' . group_property() . '=' . ocp_ldap_escape($cn) . '))', array('memberuid', 'gidnumber')); $entries = ldap_get_entries($LDAP_CONNECTION, $results); if (array_key_exists(0, $entries) && array_key_exists('memberuid', $entries[0])) { foreach ($entries[0]['memberuid'] as $key => $member) { if (!is_numeric($key)) { continue; } $member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape($member)); if (!is_null($member_id)) { if ($non_validated) { $members[] = array('gm_member_id' => $member_id, 'gm_validated' => 1, 'm_username' => ldap_unescape($member)); } else { $members[] = $member_id; } } } $gid = $entries[0]['gidnumber']; // Picked up for performance reasons ldap_free_result($results); } } if (is_null($gid)) { $gid = ocf_group_ldapcn_to_ldapgid($cn); } // Groups under member (primary) if ($include_primaries && !is_null($gid)) { $results = ldap_search($LDAP_CONNECTION, member_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_member_class() . ')(gidnumber=' . ocp_ldap_escape(strval($gid)) . '))', array(member_property())); $entries = ldap_get_entries($LDAP_CONNECTION, $results); foreach ($entries as $key => $member) { if (!is_numeric($key)) { continue; } if (!array_key_exists(member_property(), $member)) { continue; } if (!array_key_exists(0, $member[member_property()])) { continue; } $member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape($member[member_property()][0])); if (!is_null($member_id)) { if ($non_validated) { $members[] = array('m_username' => ldap_unescape($member[member_property()][0]), 'gm_member_id' => $member_id, 'gm_validated' => 1); } else { $members[] = $member_id; } } } ldap_free_result($results); } } else { if (!is_null($cn)) { // Groups under member (Active Directory makes no distinction) $results = ldap_search($LDAP_CONNECTION, member_search_qualifier() . get_option('ldap_base_dn'), '(&(objectclass=' . get_member_class() . ')(' . group_property() . '=' . ocp_ldap_escape($cn) . '))', array('memberof')); // We do ldap_search as Active Directory can be fussy when looking at large sets, like all members $entries = ldap_get_entries($LDAP_CONNECTION, $results); if (array_key_exists(0, $entries) && array_key_exists('memberof', $entries[0])) { foreach ($entries[0]['memberof'] as $key => $member) { if (!is_numeric($key)) { continue; } $member_id = ocf_member_ldapcn_to_ocfid(ldap_unescape(ocf_long_cn_to_short_cn($member, member_property()))); if (!is_null($member_id)) { if ($include_primaries && $include_secondaries || $include_primaries && !$include_secondaries && ocf_ldap_get_member_primary_group($member_id) == $gid || !$include_primaries && $include_secondaries && ocf_ldap_get_member_primary_group($member_id) != $gid) { if ($non_validated) { $members[] = array('gm_member_id' => $member_id, 'gm_validated' => 1, 'm_username' => ldap_unescape(ocf_long_cn_to_short_cn($member, member_property()))); } else { $members[] = $member_id; } } } } ldap_free_result($results); } } } }