public function testUnescapeValues()
{
$dnval = '\\20\\20\\16\\20t\\,e\\+s \\"t\\,\\\\v\\<a\\>l\\;u\\#e\\=!\\20\\20\\20\\20';
$expected = ' ' . chr(22) . ' t,e+s "t,\\v<a>l;u#e=! ';
$this->assertEquals($expected, Zend_Ldap_Dn::unescapeValue($dnval));
$this->assertEquals($expected, Zend_Ldap_Dn::unescapeValue(array($dnval)));
$this->assertEquals(array($expected, $expected, $expected), Zend_Ldap_Dn::unescapeValue(array($dnval, $dnval, $dnval)));
}
/**
* Defined by Zend_Validate_Interface.
*
* Returns true if and only if $value is a valid DN.
*
* @param string $value The value to be validated.
*
* @return boolean
*/
public function isValid($value)
{
$valid = Zend_Ldap_Dn::checkDn($value);
if ($valid === false) {
$this->_error(self::MALFORMED);
return false;
}
return true;
}
/**
* fetch domain config with domain sid and name
*
* @throws Tinebase_Exception_Backend_Ldap
* @throws Zend_Ldap_Exception
* @return array
*
* TODO cache this longer?
*/
public function getDomainConfiguration()
{
if ($this->_domainConfig === null) {
$this->_domainConfig = $this->getLdap()->search('objectClass=domain', $this->getLdap()->getFirstNamingContext(), Zend_Ldap::SEARCH_SCOPE_BASE)->getFirst();
$this->_domainConfig['domainSidBinary'] = $this->_domainConfig['objectsid'][0];
$this->_domainConfig['domainSidPlain'] = Tinebase_Ldap::decodeSid($this->_domainConfig['objectsid'][0]);
$domainNameParts = array();
$keys = null;
// not really needed
Zend_Ldap_Dn::explodeDn($this->_domainConfig['distinguishedname'][0], $keys, $domanNameParts);
$this->_domainConfig['domainName'] = implode('.', $domainNameParts);
}
return $this->_domainConfig;
}
public function testIsChildOfParentDnLonger()
{
$dn1 = 'dc=example,dc=de';
$dn2 = 'cb=name1,cn=name2,dc=example,dc=org';
$this->assertFalse(Zend_Ldap_Dn::isChildOf($dn1, $dn2));
}
/**
* the constructor
*
* @param array $options Options used in connecting, binding, etc.
*/
public function __construct(array $_options)
{
if (empty($_options['userUUIDAttribute'])) {
$_options['userUUIDAttribute'] = 'objectGUID';
}
if (empty($_options['groupUUIDAttribute'])) {
$_options['groupUUIDAttribute'] = 'objectGUID';
}
if (empty($_options['baseDn'])) {
$_options['baseDn'] = $_options['userDn'];
}
if (empty($_options['userFilter'])) {
$_options['userFilter'] = 'objectclass=user';
}
if (empty($_options['userSearchScope'])) {
$_options['userSearchScope'] = Zend_Ldap::SEARCH_SCOPE_SUB;
}
if (empty($_options['groupFilter'])) {
$_options['groupFilter'] = 'objectclass=group';
}
parent::__construct($_options);
// get domain sid
$this->_domainConfig = $this->getLdap()->search('objectClass=domain', $this->getLdap()->getFirstNamingContext(), Zend_Ldap::SEARCH_SCOPE_BASE)->getFirst();
$this->_domainSidBinary = $this->_domainConfig['objectsid'][0];
$this->_domainSidPlain = Tinebase_Ldap::decodeSid($this->_domainConfig['objectsid'][0]);
$domanNameParts = array();
Zend_Ldap_Dn::explodeDn($this->_domainConfig['distinguishedname'][0], $fooBar, $domanNameParts);
$this->_domainName = implode('.', $domanNameParts);
}
/**
* Checks if given $childDn is beneath $parentDn subtree.
*
* @param string|Zend_Ldap_Dn $childDn
* @param string|Zend_Ldap_Dn $parentDn
* @return boolean
*/
public static function isChildOf($childDn, $parentDn)
{
try {
$keys = array();
$vals = array();
if ($childDn instanceof Zend_Ldap_Dn) {
$cdn = $childDn->toArray(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
} else {
$cdn = self::explodeDn($childDn, $keys, $vals, Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
}
if ($parentDn instanceof Zend_Ldap_Dn) {
$pdn = $parentDn->toArray(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
} else {
$pdn = self::explodeDn($parentDn, $keys, $vals, Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
}
} catch (Zend_Ldap_Exception $e) {
return false;
}
$startIndex = count($cdn) - count($pdn);
if ($startIndex < 0) {
return false;
}
for ($i = 0; $i < count($pdn); $i++) {
if ($cdn[$i + $startIndex] != $pdn[$i]) {
return false;
}
}
return true;
}
public function testLoadFromLdapWithDnObject()
{
$dn = Zend_Ldap_Dn::fromString($this->_createDn('ou=Test1,'));
$node = Zend_Ldap_Node::fromLdap($dn, $this->_getLdap());
$this->assertType('Zend_Ldap_Node', $node);
$this->assertTrue($node->isAttached());
}
/**
* Returns the schema DN
*
* @return Zend_Ldap_Dn
*/
public function getSchemaDn()
{
$schemaDn = $this->getSchemaNamingContext();
/**
* @see Zend_Ldap_Dn
*/
require_once 'Zend/Ldap/Dn.php';
return Zend_Ldap_Dn::fromString($schemaDn);
}
/**
* @expectedException Zend_Ldap_Exception
*/
public function testImplodeRdnInvalidThree()
{
$a = array('cn' => 'value', 'ou');
Zend_Ldap_Dn::implodeRdn($a);
}
public function testSaveWithDnObject()
{
$dn = Zend_Ldap_Dn::fromString($this->_createDn('ou=TestCreated,'));
$data = array('ou' => 'TestCreated', 'objectclass' => 'organizationalUnit');
try {
$this->_getLdap()->save($dn, $data);
$this->assertTrue($this->_getLdap()->exists($dn));
$data['l'] = 'mylocation1';
$this->_getLdap()->save($dn, $data);
$this->assertTrue($this->_getLdap()->exists($dn));
$entry = $this->_getLdap()->getEntry($dn);
$this->_getLdap()->delete($dn);
$this->assertEquals('mylocation1', $entry['l'][0]);
} catch (Zend_Ldap_Exception $e) {
if ($this->_getLdap()->exists($dn)) {
$this->_getLdap()->delete($dn);
}
$this->fail($e->getMessage());
}
}
/**
* updates an existing user
*
* @todo check required objectclasses?
*
* @param Tinebase_Model_FullUser $_account
* @return Tinebase_Model_FullUser
*/
public function updateUserInSyncBackend(Tinebase_Model_FullUser $_account)
{
if ($this->_isReadOnlyBackend) {
return;
}
Tinebase_Group::getInstance()->addGroupMemberInSyncBackend($_account->accountPrimaryGroup, $_account->getId());
$ldapEntry = $this->_getLdapEntry('accountId', $_account);
$ldapData = $this->_user2ldap($_account, $ldapEntry);
foreach ($this->_ldapPlugins as $plugin) {
$plugin->inspectUpdateUser($_account, $ldapData, $ldapEntry);
}
// do we need to rename the entry?
// TODO move to rename()
$dn = Zend_Ldap_Dn::factory($ldapEntry['dn'], null);
$rdn = $dn->getRdn();
if ($rdn['CN'] != $ldapData['cn']) {
$newDN = $this->generateDn($_account);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' rename ldap entry to: ' . $newDN);
}
$this->_ldap->rename($dn, $newDN);
}
// no need to update this attribute, it's not allowed to change and even might not be updateable
unset($ldapData[$this->_userUUIDAttribute]);
// remove cn as samba forbids updating the CN (even if it does not change...
// 0x43 (Operation not allowed on RDN; 00002016: Modify of RDN 'CN' on CN=...,CN=Users,DC=example,DC=org
// not permitted, must use 'rename' operation instead
unset($ldapData['cn']);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' $dn: ' . $ldapEntry['dn']);
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' $ldapData: ' . print_r($ldapData, true));
}
$this->_ldap->update($ldapEntry['dn'], $ldapData);
// refetch user from ldap backend
$user = $this->getUserByPropertyFromSyncBackend('accountId', $_account, 'Tinebase_Model_FullUser');
return $user;
}
/**
* (non-PHPdoc)
*/
protected function _deletePropertyFromLdapRawData($property, $value)
{
$ldapProperty = $this->_propertyMapping[$property];
if (substr($ldapProperty, -8) == ':boolean') {
$ldapProperty = substr($ldapProperty, 0, -8);
}
$managedPath = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
foreach ($this->_ldapRawData as $index => $dn) {
// change only entries in storage_base path (if existing)
if (isset($dn['simplemail_readonly']) || !isset($dn[$ldapProperty])) {
continue;
}
if ($value === false) {
//unset doesn't remove attribute in ldap
$this->_ldapRawData[$index][$ldapProperty] = null;
} elseif (in_array($value, $this->_ldapRawData[$index][$ldapProperty])) {
$del_index = array_search($value, $this->_ldapRawData[$index][$ldapProperty]);
unset($this->_ldapRawData[$index][$ldapProperty][$del_index]);
// don't keep empty arrays
if (count($this->_ldapRawData[$index][$ldapProperty]) < 1) {
unset($this->_ldapRawData[$index][$ldapProperty]);
}
}
}
}
/**
* Returns the schema DN
*
* @return Zend_Ldap_Dn
*/
public function getSchemaDn()
{
$schemaDn = $this->getSubschemaSubentry();
/**
* @see Zend_Ldap_Dn
*/
return Zend_Ldap_Dn::fromString($schemaDn);
}
/**
* Returns the schema DN
*
* @return Zend_Ldap_Dn
*/
public function getSchemaDn()
{
$schemaDn = $this->getSchemaNamingContext();
/**
* @see Zend_Ldap_Dn
*/
return Zend_Ldap_Dn::fromString($schemaDn);
}
public function testSimpleRecursiveIteration()
{
$node = $this->_getLdap()->getBaseNode();
$ri = new RecursiveIteratorIterator($node, RecursiveIteratorIterator::SELF_FIRST);
$i = 0;
foreach ($ri as $rdn => $n) {
$dn = $n->getDn()->toString(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
$rdn = Zend_Ldap_Dn::implodeRdn($n->getRdnArray(), Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
if ($i == 0) {
$this->assertEquals(Zend_Ldap_Dn::fromString(TESTS_ZEND_LDAP_WRITEABLE_SUBTREE)->toString(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER), $dn);
} else {
if ($i == 1) {
$this->assertEquals('ou=Node', $rdn);
$this->assertEquals($this->_createDn('ou=Node,'), $dn);
} else {
if ($i < 4) {
$j = $i - 1;
$base = $this->_createDn('ou=Node,');
} else {
$j = $i - 3;
$base = Zend_Ldap_Dn::fromString(TESTS_ZEND_LDAP_WRITEABLE_SUBTREE)->toString(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
}
$this->assertEquals('ou=Test' . $j, $rdn);
$this->assertEquals('ou=Test' . $j . ',' . $base, $dn);
}
}
$i++;
}
$this->assertEquals(9, $i);
}
/**
* Returns the schema DN
*
* @return Zend_Ldap_Dn
*/
public function getSchemaDn()
{
$schemaDn = $this->getSubschemaSubentry();
/**
* @see Zend_Ldap_Dn
*/
// require_once 'Zend/Ldap/Dn.php';
return Zend_Ldap_Dn::fromString($schemaDn);
}
/**
* updates an existing user
*
* @todo check required objectclasses?
*
* @param Tinebase_Model_FullUser $_account
* @return Tinebase_Model_FullUser
*/
public function updateUserInSyncBackend(Tinebase_Model_FullUser $_account)
{
if ($this->_isReadOnlyBackend) {
return $_account;
}
$ldapEntry = $this->_getLdapEntry('accountId', $_account);
$ldapData = $this->_user2ldap($_account, $ldapEntry);
foreach ($this->_ldapPlugins as $plugin) {
$plugin->inspectUpdateUser($_account, $ldapData, $ldapEntry);
}
// no need to update this attribute, it's not allowed to change and even might not be update-able
unset($ldapData[$this->_userUUIDAttribute]);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' DN: ' . $ldapEntry['dn']);
}
if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' LDAP data: ' . print_r($ldapData, true));
}
$this->_ldap->update($ldapEntry['dn'], $ldapData);
$dn = Zend_Ldap_Dn::factory($ldapEntry['dn'], null);
$rdn = $dn->getRdn();
// do we need to rename the entry?
if (isset($ldapData[key($rdn)]) && $rdn[key($rdn)] != $ldapData[key($rdn)]) {
$groupsBackend = Tinebase_Group::factory(Tinebase_Group::LDAP);
// get the current group memberships
$memberships = $groupsBackend->getGroupMembershipsFromSyncBackend($_account);
// remove the user from current groups, because the dn/uid has changed
foreach ($memberships as $groupId) {
$groupsBackend->removeGroupMemberInSyncBackend($groupId, $_account);
}
$newDN = $this->_generateDn($_account);
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' rename ldap entry to: ' . $newDN);
}
$this->_ldap->rename($dn, $newDN);
// add the user to current groups again
foreach ($memberships as $groupId) {
$groupsBackend->addGroupMemberInSyncBackend($groupId, $_account);
}
}
// refetch user from ldap backend
$user = $this->getUserByPropertyFromSyncBackend('accountId', $_account, 'Tinebase_Model_FullUser');
return $user;
}
public function testArrayAccessImplementation()
{
$dnString = 'cn=Baker\\, Alice,cn=Users,dc=example,dc=com';
$dn = Zend_Ldap_Dn::fromString($dnString);
$this->assertEquals(array('cn' => 'Baker, Alice'), $dn[0]);
$this->assertEquals(array('cn' => 'Users'), $dn[1]);
$this->assertEquals(array('dc' => 'example'), $dn[2]);
$this->assertEquals(array('dc' => 'com'), $dn[3]);
$this->assertTrue(isset($dn[0]));
$this->assertTrue(isset($dn[1]));
$this->assertTrue(isset($dn[2]));
$this->assertTrue(isset($dn[3]));
$this->assertFalse(isset($dn[-1]));
$this->assertFalse(isset($dn[4]));
$dn = Zend_Ldap_Dn::fromString($dnString);
unset($dn[0]);
$this->assertEquals('cn=Users,dc=example,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
unset($dn[1]);
$this->assertEquals('cn=Baker\\, Alice,dc=example,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
unset($dn[2]);
$this->assertEquals('cn=Baker\\, Alice,cn=Users,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
unset($dn[3]);
$this->assertEquals('cn=Baker\\, Alice,cn=Users,dc=example', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
$dn[0] = array('uid' => 'abaker');
$this->assertEquals('uid=abaker,cn=Users,dc=example,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
$dn[1] = array('ou' => 'Lab');
$this->assertEquals('cn=Baker\\, Alice,ou=Lab,dc=example,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
$dn[2] = array('dc' => 'example', 'ou' => 'Test');
$this->assertEquals('cn=Baker\\, Alice,cn=Users,dc=example+ou=Test,dc=com', $dn->toString());
$dn = Zend_Ldap_Dn::fromString($dnString);
$dn[3] = array('dc' => 'de+fr');
$this->assertEquals('cn=Baker\\, Alice,cn=Users,dc=example,dc=de\\+fr', $dn->toString());
}
public function testGetSingleEntryWithDnObject()
{
$dn = Zend_Ldap_Dn::fromString($this->_createDn('ou=Test1,'));
$entry = $this->_getLdap()->getEntry($dn);
$this->assertEquals($dn->toString(), $entry["dn"]);
}
/**
* @dataProvider rfc2253DnProvider
*/
public function testExplodeDnsProvidedByRFC2253($input, $expected)
{
$dnArray = Zend_Ldap_Dn::explodeDn($input);
$this->assertEquals($expected, $dnArray);
}
protected function _createDn($dn)
{
if (substr($dn, -1) !== ',') {
$dn .= ',';
}
$dn = $dn . TESTS_ZEND_LDAP_WRITEABLE_SUBTREE;
return Zend_Ldap_Dn::fromString($dn)->toString(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
}
public function testRecursiveCopyWithDnObjects()
{
$orgSubTreeDn = Zend_Ldap_Dn::fromString($this->_orgSubTreeDn);
$newSubTreeDn = Zend_Ldap_Dn::fromString($this->_newSubTreeDn);
$this->_getLdap()->copy($orgSubTreeDn, $newSubTreeDn, true);
$this->assertTrue($this->_getLdap()->exists($orgSubTreeDn));
$this->assertTrue($this->_getLdap()->exists($newSubTreeDn));
$this->assertEquals(3, $this->_getLdap()->countChildren($orgSubTreeDn));
$this->assertEquals(3, $this->_getLdap()->countChildren('ou=Subtree1,' . $orgSubTreeDn->toString()));
$this->assertEquals(3, $this->_getLdap()->countChildren($newSubTreeDn));
$this->assertEquals(3, $this->_getLdap()->countChildren('ou=Subtree1,' . $newSubTreeDn->toString()));
}
public function testEmptyStringDn()
{
$dnString = '';
$dn = Zend_Ldap_Dn::fromString($dnString);
$this->assertEquals($dnString, $dn->toString());
}
/**
* Sets the new DN for this node
*
* This is an offline method.
*
* @param Zend_Ldap_Dn|string|array $newDn
* @throws Zend_Ldap_Exception
* @return Zend_Ldap_Node Provides a fluid interface
*/
public function setDn($newDn)
{
if ($newDn instanceof Zend_Ldap_Dn) {
$this->_newDn = clone $newDn;
} else {
$this->_newDn = Zend_Ldap_Dn::factory($newDn);
}
$this->_ensureRdnAttributeValues(true);
return $this;
}
/**
* Update LDAP registry
*
* @param string|Zend_Ldap_Dn $dn
* @param array $entry
* @return Zend_Ldap *Provides a fluid interface*
* @throws Zend_Ldap_Exception
*/
public function updateProperty($dn, array $entry)
{
if (!$dn instanceof Zend_Ldap_Dn) {
$dn = Zend_Ldap_Dn::factory($dn, null);
}
self::prepareLdapEntryArray($entry);
$rdnParts = $dn->getRdn(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory', 'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
$stripAttributes = array_merge(array_keys($rdnParts), $adAttributes);
foreach ($stripAttributes as $attr) {
if (array_key_exists($attr, $entry)) {
unset($entry[$attr]);
}
}
if (count($entry) > 0) {
$isModified = @ldap_mod_replace($this->getResource(), $dn->toString(), $entry);
if ($isModified === false) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception($this, 'updating: ' . $dn->toString());
}
}
return $this;
}
/**
* Copies a LDAP entry from one DN to another DN.
*
* @param string|Zend_Ldap_Dn $from
* @param string|Zend_Ldap_Dn $to
* @param boolean $recursively
* @return Zend_Ldap Provides a fluid interface
* @throws Zend_Ldap_Exception
*/
public function copy($from, $to, $recursively = false)
{
$entry = $this->getEntry($from, array(), true);
if ($to instanceof Zend_Ldap_Dn) {
$toDnParts = $to->toArray();
} else {
$toDnParts = Zend_Ldap_Dn::explodeDn($to);
}
$this->add($to, $entry);
if ($recursively === true && $this->countChildren($from) > 0) {
$children = $this->_getChildrenDns($from);
foreach ($children as $c) {
$cDnParts = Zend_Ldap_Dn::explodeDn($c);
$newChildParts = array_merge(array(array_shift($cDnParts)), $toDnParts);
$newChild = Zend_Ldap_Dn::implodeDn($newChildParts);
$this->copy($c, $newChild, true);
}
}
return $this;
}
public function testDnObjectCloning()
{
$node1 = $this->_createTestNode();
$dn1 = Zend_Ldap_Dn::fromString('cn=name2,dc=example,dc=org');
$node1->setDn($dn1);
$dn1->prepend(array('cn' => 'name'));
$this->assertNotEquals($dn1->toString(), $node1->getDn()->toString());
$dn2 = Zend_Ldap_Dn::fromString('cn=name2,dc=example,dc=org');
$node2 = Zend_Ldap_Node::create($dn2);
$dn2->prepend(array('cn' => 'name'));
$this->assertNotEquals($dn2->toString(), $node2->getDn()->toString());
$dn3 = Zend_Ldap_Dn::fromString('cn=name2,dc=example,dc=org');
$node3 = Zend_Ldap_Node::fromArray(array('dn' => $dn3, 'ou' => 'Test'), false);
$dn3->prepend(array('cn' => 'name'));
$this->assertNotEquals($dn3->toString(), $node3->getDn()->toString());
}