Builds a filter (commonly for objectClass attributes) from different
configuration options.
public static build ( array $params, string $operator = 'and' ) : Horde_Ldap_Filter | ||
$params | array | Hash with configuration options that build the search filter. Possible hash keys: - 'filter': An LDAP filter string. - 'objectclass' (string): An objectClass name. - 'objectclass' (array): A list of objectClass names. |
$operator | string | How to combine mutliple 'objectclass' entries. 'and' or 'or'. |
리턴 | Horde_Ldap_Filter | A filter matching the specified criteria. |
/** * Constructor. * * @throws Horde_Group_Exception */ public function __construct($params) { $params = array_merge(array('binddn' => '', 'bindpw' => '', 'gid' => 'cn', 'memberuid' => 'memberUid', 'objectclass' => array('posixGroup'), 'newgroup_objectclass' => array('posixGroup')), $params); /* Check mandatory parameters. */ foreach (array('ldap', 'basedn') as $param) { if (!isset($params[$param])) { throw new Horde_Group_Exception('The \'' . $param . '\' parameter is missing.'); } } /* Set Horde_Ldap object. */ $this->_ldap = $params['ldap']; unset($params['ldap']); /* Lowercase attribute names. */ $params['gid'] = Horde_String::lower($params['gid']); $params['memberuid'] = Horde_String::lower($params['memberuid']); if (!is_array($params['newgroup_objectclass'])) { $params['newgroup_objectclass'] = array($params['newgroup_objectclass']); } foreach ($params['newgroup_objectclass'] as &$objectClass) { $objectClass = Horde_String::lower($objectClass); } /* Generate LDAP search filter. */ try { $this->_filter = Horde_Ldap_Filter::build($params['search']); } catch (Horde_Ldap_Exception $e) { throw new Horde_Group_Exception($e); } $this->_params = $params; }
/** * Checks if $userId exists in the LDAP backend system. * * @author Marco Ferrante, University of Genova (I) * * @param string $userId User ID for which to check * * @return boolean Whether or not $userId already exists. */ public function exists($userId) { $params = array('scope' => $this->_params['scope']); try { $uidfilter = Horde_Ldap_Filter::create($this->_params['uid'], 'equals', $userId); $classfilter = Horde_Ldap_Filter::build(array('filter' => $this->_params['filter'])); $search = $this->_ldap->search($this->_params['basedn'], Horde_Ldap_Filter::combine('and', array($uidfilter, $classfilter)), $params); if ($search->count() < 1) { return false; } if ($search->count() > 1 && $this->_logger) { $this->_logger->log('Multiple LDAP entries with user identifier ' . $userId, 'WARN'); } return true; } catch (Horde_Ldap_Exception $e) { if ($this->_logger) { $this->_logger->log('Error searching LDAP user: '******'ERR'); } return false; } }
/** * Modifies the specified entry in the LDAP directory. * * @param Turba_Object $object The object we wish to save. * * @return string The object id, possibly updated. * @throw Turba_Exception */ protected function _save(Turba_Object $object) { $this->_connect(); list($object_key, $object_id) = each($this->toDriverKeys(array('__key' => $object->getValue('__key')))); $attributes = $this->toDriverKeys($object->getAttributes()); /* Get the old entry so that we can access the old * values. These are needed so that we can delete any * attributes that have been removed by using ldap_mod_del. */ if (empty($this->_params['objectclass'])) { $filter = null; } else { $filter = (string) Horde_Ldap_Filter::build(array('objectclass' => $this->_params['objectclass']), 'or'); } $oldres = @ldap_read($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $filter, array_merge(array_keys($attributes), array('objectclass'))); $info = ldap_get_attributes($this->_ds, ldap_first_entry($this->_ds, $oldres)); if ($this->_params['version'] == 3 && Horde_String::lower(str_replace(array(',', '"'), array('\\2C', ''), $this->_makeKey($attributes))) != Horde_String::lower(str_replace(',', '\\2C', $object_id))) { /* Need to rename the object. */ $newrdn = $this->_makeRDN($attributes); if ($newrdn == '') { throw new Turba_Exception(_("Missing DN in LDAP source configuration.")); } if (ldap_rename($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), Horde_String::convertCharset($newrdn, 'UTF-8', $this->_params['charset']), $this->_params['root'], true)) { $object_id = $newrdn . ',' . $this->_params['root']; } else { throw new Turba_Exception(sprintf(_("Failed to change name: (%s) %s; Old DN = %s, New DN = %s, Root = %s"), ldap_errno($this->_ds), ldap_error($this->_ds), $object_id, $newrdn, $this->_params['root'])); } } /* Work only with lowercase keys. */ $info = array_change_key_case($info, CASE_LOWER); $attributes = array_change_key_case($attributes, CASE_LOWER); foreach ($info as $key => $var) { $oldval = null; /* Check to see if the old value and the new value are * different and that the new value is empty. If so then * we use ldap_mod_del to delete the attribute. */ if (isset($attributes[$key]) && $var[0] != $attributes[$key] && $attributes[$key] == '') { $oldval[$key] = $var[0]; if (!@ldap_mod_del($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $oldval)) { throw new Turba_Exception(sprintf(_("Modify failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds))); } unset($attributes[$key]); } elseif (isset($attributes[$key]) && $var[0] == $attributes[$key]) { /* Drop unchanged elements from list of attributes to write. */ unset($attributes[$key]); } } unset($attributes[Horde_String::lower($object_key)]); $this->_encodeAttributes($attributes); $attributes = array_filter($attributes, array($this, '_emptyAttributeFilter')); /* Modify objectclasses only if they really changed. */ $oldClasses = array_map(array('Horde_String', 'lower'), $info['objectclass']); array_shift($oldClasses); $attributes['objectclass'] = array_unique(array_map('strtolower', array_merge($info['objectclass'], $this->_params['objectclass']))); unset($attributes['objectclass']['count']); $attributes['objectclass'] = array_values($attributes['objectclass']); /* Do not handle object classes unless they have changed. */ if (!array_diff($oldClasses, $attributes['objectclass'])) { unset($attributes['objectclass']); } if (!@ldap_modify($this->_ds, Horde_String::convertCharset($object_id, 'UTF-8', $this->_params['charset']), $attributes)) { throw new Turba_Exception(sprintf(_("Modify failed: (%s) %s"), ldap_errno($this->_ds), ldap_error($this->_ds))); } return $object_id; }
/** * Returns the DN of a user. * * The purpose is to quickly find the full DN of a user so it can be used * to re-bind as this user. This method requires the 'user' configuration * parameter to be set. * * @param string $user The user to find. * * @return string The user's full DN. * @throws Horde_Ldap_Exception * @throws Horde_Exception_NotFound */ public function findUserDN($user) { $filter = Horde_Ldap_Filter::combine('and', array(Horde_Ldap_Filter::build($this->_config['user']), Horde_Ldap_Filter::create($this->_config['user']['uid'], 'equals', $user))); $search = $this->search(isset($this->_config['user']['basedn']) ? $this->_config['user']['basedn'] : null, $filter, array('attributes' => array($this->_config['user']['uid']))); if (!$search->count()) { throw new Horde_Exception_NotFound('DN for user ' . $user . ' not found'); } $entry = $search->shiftEntry(); return $entry->currentDN(); }