Пример #1
function search_uidspip ($filter,$ldap_server, $ldap_port, $dn) {
  global  $ldap_grp_attr;
  // LDAP attributs
  $ldap_grp_attr = array (
    "memberuid"  );

  $ds = @ldap_connect ( $ldap_server, $ldap_port );
  if ( $ds ) {
    $r = @ldap_bind ( $ds ); // Bind anonyme
    if ($r) {
      $result=@ldap_list ($ds, $dn["groups"], $filter, $ldap_grp_attr);
      if ($result) {
        $info = ldap_get_entries( $ds, $result );
        if ($info["count"]) {
          // Stockage des logins des membres des classes
          //  dans le tableau $ret
          for ($loop=0; $loop < $info["count"]; $loop++) {
            $group=split ("[\_\]",$info[$loop]["cn"][0],2);
            for ( $i = 0; $i < $info[$loop]["memberuid"]["count"]; $i++ ) {
              $ret[$init]["uid"] = $info[$loop]["memberuid"][$i];
              $ret[$init]["cat"] = $group[0];
        ldap_free_result ( $result );
    @ldap_close ( $ds );
  return $ret;
Пример #2
 public function getAllUsers()
     // Settings for LDAP
     if ($this->container->hasParameter('ldap_host')) {
         $ldapHostname = $this->container->getParameter("ldap_host");
         $ldapPort = $this->container->getParameter("ldap_port");
         $ldapVersion = $this->container->getParameter("ldap_version");
         $baseDn = $this->container->getParameter("ldap_user_base_dn");
         $nameAttribute = $this->container->getParameter("ldap_user_name_attribute");
         $filter = "(" . $nameAttribute . "=*)";
         $connection = @ldap_connect($ldapHostname, $ldapPort);
         ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, $ldapVersion);
         $ldapListRequest = ldap_list($connection, $baseDn, $filter);
         // or throw exeption('Unable to list. LdapError: ' . ldap_error($ldapConnection));
         $ldapUserList = ldap_get_entries($connection, $ldapListRequest);
     // Settings for local user database
     $repo = $this->getDoctrine()->getRepository('FOMUserBundle:User');
     $users = $repo->findAll();
     $all = array();
     if ($this->container->hasParameter('ldap_host')) {
         // Add Users from LDAP
         foreach ($ldapUserList as $ldapUser) {
             $user = new \stdClass();
             $user->getUsername = $ldapUser[$nameAttribute][0];
             $all[] = $user;
     // Add Mapbenderusers from database
     foreach ($users as $user) {
         $all[] = $user;
     return $all;
Пример #3
  * search ldap tree
  * @param $filter ldap filter string to use
  * @param string $ldap_scope scope either one or tree
  * @return array|bool result list or false on errors
 private function search($filter, $ldap_scope = "tree")
     $result = false;
     if ($this->ldapHandle != null) {
         // if we're looking at multple dn's, split and combine output
         foreach (explode(";", $this->baseSearchDN) as $baseDN) {
             if ($ldap_scope == "one") {
                 $sr = @ldap_list($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
             } else {
                 $sr = @ldap_search($this->ldapHandle, $baseDN, $filter, $this->ldapSearchAttr);
             if ($sr !== false) {
                 $info = @ldap_get_entries($this->ldapHandle, $sr);
                 if ($info !== false) {
                     if ($result === false) {
                         $result = array();
                         $result['count'] = 0;
                     for ($i = 0; $i < $info["count"]; $i++) {
                         $result[] = $info[$i];
     return $result;
Пример #4
function is_prof($login)
    global $ldap_server, $ldap_port, $dn;
    global $error;
    $error = "";
    $filter = "(&(cn=profs*)(memberUid={$login}))";
    $ldap_groups_attr = array("cn", "memberUid");
    $ds = @ldap_connect($ldap_server, $ldap_port);
    if ($ds) {
        $r = @ldap_bind($ds);
        if (!$r) {
            $error = "Echec du bind anonyme";
        } else {
            // Recherche du groupe d'appartenance de l'utilisateur connecte
            $result = @ldap_list($ds, $dn["groups"], $filter, $ldap_groups_attr);
            if ($result) {
                $info = @ldap_get_entries($ds, $result);
                if ($info["count"]) {
                    $is_prof = true;
                } else {
                    $is_prof = false;
    return $is_prof;
 private function getOrganizations()
     // Common functions
     $common = new common();
     // Ldap Connections
     $ldap = $common->ldapConnect($this->ldap_host, $this->ldap_root_dn, $this->ldap_root_pw);
     if ($ldap) {
         $filter = "objectClass=organizationalUnit";
         $justthese = array("ou");
         $search = ldap_list($ldap, $this->ldap_context, $filter, $justthese);
         $entry = ldap_get_entries($ldap, $search);
     if ($entry['count'] > 0) {
         foreach ($entry as $tmp) {
             if ($tmp['ou'][0] != "") {
                 $result_ou[] = $tmp['ou'][0];
     } else {
         $result_ou[] = $this->ldap_context;
     return $result_ou ? $result_ou : '';
function searchonelevel($ldap, $base, $filter, $attrs, $minresults = 1, $maxresults = 999999)
    $results = ldap_list($ldap, $base, $filter, $attrs);
    $results or ldapdie($ldap, "ldap_list()");
    $entries = ldap_get_entries($ldap, $results);
    $entries or ldapdie($ldap, "ldap_get_entries()");
    $entries["count"] <= $maxresults or ldapdie($ldap, "More than {$maxresults} object(s) match \"{$filter}\"");
    $entries["count"] >= $minresults or ldapdie($ldap, "Could not find {$minresults} object(s) matching \"{$filter}\"");
    return $entries;
Пример #7
function ldap_search_withScope($ds, $basedn, $filter, $attrlist, $scope)
    if ($scope == "base") {
        $search = ldap_read($ds, $basedn, $filter, $attrlist);
    } elseif ($scope == "one") {
        $search = ldap_list($ds, $basedn, $filter, $attrlist);
    } elseif ($scope == "sub") {
        $search = ldap_search($ds, $basedn, $filter, $attrlist);
    return $search;
Пример #8
 public static function readUsers($ldapconn)
     $users = array();
     $search = ldap_list($ldapconn, USER_DN, User::FILTER_USERS, array("cn", "mail", "displayName", "sn", "givenName", "memberOf"));
     if (ldap_count_entries($ldapconn, $search) > 0) {
         $entry = ldap_first_entry($ldapconn, $search);
         do {
             $users[] = User::readFromLdapEntry($ldapconn, $entry);
         } while ($entry = ldap_next_entry($ldapconn, $entry));
     return $users;
Пример #9
function my_people_get_variables ($serveur,$port,$Dn)
  global $error;
  // LDAP attribute
  $ldap_group_attr = array (
    "description",  // Description du groupe

  $ds = @ldap_connect ( $ldap_server, $ldap_port );
  if ( $ds ) {
    $r = @ldap_bind ( $ds ); // Bind anonyme
    if ($r) {
        // Recherche des groupes d'appartenance dans la branche Groups
        $filter = "(&(objectclass=posixGroup))";
        $result = @ldap_list ( $ds, $dn["groups"], $filter, $ldap_group_attr );
        if ($result) {
          $info = @ldap_get_entries ( $ds, $result );
          if ( $info["count"]) {
            for ($loop=0; $loop<$info["count"];$loop++) {
              //if ($info[$loop]["member"][0] == "") $typegr="posixGroup"; else $typegr="groupOfNames";
              $ret_group[$loop] = array (
                "cn"           => $info[$loop]["cn"][0],
                //"owner"        => $info[$loop]["owner"][0],
                "description"  => utf8_decode($info[$loop]["description"][0]),
                "type" => $typegr
            usort($ret_group, "cmp_cn");
          @ldap_free_result ( $result );
       // Fin recherche des groupes
    } else {
      $error = "Echec du bind anonyme";
    @ldap_close ( $ds );
  } else {
    $error = "Erreur de connection au serveur LDAP";
 return array( $ret_group);
Пример #10
  * @return boolean
  * @param ResourceBundle $connection
  * @param string $connection
  * @param boolean $recursive
 public function deleteRecord($connection, $dn, $recursive = false)
     if ($recursive == false) {
         return ldap_delete($connection, $dn);
     } else {
         $sr = ldap_list($connection, $dn, "ObjectClass=*", array(""));
         $info = ldap_get_entries($connection, $sr);
         for ($i = 0; $i < $info['count']; $i++) {
             $result = myldap_delete($connection, $info[$i]['dn'], $recursive);
             if (!$result) {
                 return $result;
         return ldap_delete($connection, $dn);
Пример #11
  * suppression d'entrees OpenLDAP
  * recursivite possible
 function lda_del($ldapconn, $dn, $recursive = FALSE)
     if ($recursive == FALSE) {
         return ldap_delete($ldapconn, $dn);
     } else {
         $sr = ldap_list($ldapconn, $dn, "ObjectClass=*");
         $info = ldap_get_entries($ldapconn, $sr);
         for ($i = 0; $i < $info['count']; $i++) {
             $result = lda_del($ldapconn, $info[$i]['dn'], $recursive);
             if (!$result) {
                 return $result;
         return ldap_delete($ldapconn, $dn);
Пример #12
 public function search($base, $depth, $filter, $attrs = array('cn'))
     $attrs = array_values(array_unique($attrs));
     if ($depth == 'one') {
         if (($data = ldap_list($this->ldap, $base, $filter, $attrs)) === FALSE) {
             throw new LDAPException('ldap_list() failed', $this->ldap);
     } else {
         if (($data = ldap_search($this->ldap, $base, $filter, $attrs)) === FALSE) {
             throw new LDAPException('ldap_search() failed', $this->ldap);
     if (($result = ldap_get_entries($this->ldap, $data)) === FALSE) {
         throw new LDAPException('ldap_get_entries() failed', $this->ldap);
     return $result;
Пример #13
 public function query(LdapQuery $query)
     switch ($query->scope) {
         case LDAP_SCOPE_SUBTREE:
             $sr = ldap_search($this->ds, $query->base, $query->filter, $query->attrs, 0, $query->sizeLimit, $query->timeLimit, $query->deref);
         case LDAP_SCOPE_ONELEVEL:
             $sr = ldap_list($this->ds, $query->base, $query->filter, $query->attrs, 0, $query->sizeLimit, $query->timeLimit, $query->deref);
         case LDAP_SCOPE_BASE:
             $sr = ldap_read($this->ds, $query->base, $query->filter, $query->attrs, 0, $query->sizeLimit, $query->timeLimit, $query->deref);
             throw new LdapException("Unknown query scope");
     return new LdapEntries($this->ds, $sr);
Пример #14
 public function login($username, $password)
     $CI =& get_instance();
     $config = $CI->config->item("auth_ldap");
     if ($username == "" || $password == "") {
         return false;
     $ds = ldap_connect($config['host'], $config['port']);
     if ($ds === false) {
         return false;
     switch ($config["scope"]) {
         case "base":
             $r = ldap_read($ds, $config['basedn'], $config["username_field"] . '=' . $username);
         case "one":
             $r = ldap_list($ds, $config['basedn'], $config["username_field"] . '=' . $username);
         case "subtree":
             $r = ldap_search($ds, $config['basedn'], $config["username_field"] . '=' . $username);
             throw new \exceptions\ApiException("libraries/duser/ldap/invalid-ldap-scope", "Invalid LDAP scope");
     if ($r === false) {
         return false;
     foreach ($config["options"] as $key => $value) {
         if (ldap_set_option($ds, $key, $value) === false) {
             return false;
     $result = ldap_get_entries($ds, $r);
     if ($result === false || !isset($result[0])) {
         return false;
     // ignore errors from ldap_bind as it will throw an error if the password is incorrect
     if (@ldap_bind($ds, $result[0]['dn'], $password)) {
         return array("username" => $result[0][$config["username_field"]][0], "userid" => $result[0][$config["userid_field"]][0]);
     return false;
Пример #15
function delete_ldap($dn, $connect, $recursive = false)
    if ($recursive == false) {
        if (!@ldap_delete($connect, $dn)) {
            echo "Deleting {$dn}...\n";
            echo "ERROR: ldap_delete \"{$dn}\"" . ldap_err2str(ldap_errno($connect)) . "\n";
            return false;
    $sr = @ldap_list($connect, $dn, "ObjectClass=*");
    if ($sr) {
        $info = @ldap_get_entries($connect, $sr);
        for ($i = 0; $i < $info['count']; $i++) {
            $result = delete_ldap($info[$i]['dn'], $connect, $recursive);
            if (!$result) {
                return $result;
        return delete_ldap($dn, $connect, false);
Пример #16
  * execute ldap query and return ldap records
  * @param scope
  * @params see pagedLdapQuery $params
  * @return array of ldap entries
 function ldapQuery($scope, $params)
     switch ($scope) {
         case LDAP_SCOPE_SUBTREE:
             $result = @ldap_search($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], $params['sizelimit'], $params['timelimit'], $params['deref']);
             if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) {
                 // false positive error thrown.  do not return result limit error when $sizelimit specified
             } elseif ($this->hasError()) {
                 watchdog('ldap_server', 'ldap_search() function error. LDAP Error: %message, ldap_search() parameters: %query', array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']), WATCHDOG_ERROR);
         case LDAP_SCOPE_BASE:
             $result = @ldap_read($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], $params['sizelimit'], $params['timelimit'], $params['deref']);
             if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) {
                 // false positive error thrown.  do not result limit error when $sizelimit specified
             } elseif ($this->hasError()) {
                 watchdog('ldap_server', 'ldap_read() function error.  LDAP Error: %message, ldap_read() parameters: %query', array('%message' => $this->errorMsg('ldap'), '%query' => @$params['query_display']), WATCHDOG_ERROR);
         case LDAP_SCOPE_ONELEVEL:
             $result = @ldap_list($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], $params['sizelimit'], $params['timelimit'], $params['deref']);
             if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) {
                 // false positive error thrown.  do not result limit error when $sizelimit specified
             } elseif ($this->hasError()) {
                 watchdog('ldap_server', 'ldap_list() function error. LDAP Error: %message, ldap_list() parameters: %query', array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']), WATCHDOG_ERROR);
     return $result;
Пример #17
     * Validate the login using CAS
    function validate_login($null, $username, $password)
        if (!$this->cas_configured) {
            die('Error. Cas not configured and I was unable to redirect you to wp-login. Use define("WPCAS_BYPASS",true); in your wp-config.php
					to bypass wpCAS');
        // might as well be paranoid
        if (!phpCAS::isAuthenticated()) {
        $username = phpCAS::getUser();
        $password = md5($username . 'wpCASAuth!"#$"!$!"%$#"%#$' . rand() . $this->generateRandomString(20));
        $user = get_user_by('login', $username);
        if ($user) {
            if (is_multisite()) {
                if ($this->canUserRegister($username) && !is_user_member_of_blog($user->ID, get_current_blog_id())) {
                    $nextrole = $this->canUserRegister($username);
                    add_user_to_blog(get_current_blog_id(), $user->ID, $nextrole);
            return $user;
        /** Register a new user, if it is allowed */
        if ($user_role = $this->canUserRegister($username)) {
            $user_email = '';
            $email_registration = $this->settings['e-mail_registration'];
            //How does the site is configured to get the email?
            switch ($email_registration) {
                case 2:
                    //Using sufix
                    $user_email = $username . '@' . $this->settings['email_suffix'];
                case 3:
                    //Using LDAP
                    /*fetch user email from ldap*/
                    $ds = ldap_connect($this->settings['ldap_server']);
                    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $this->settings['ldap_protocol']);
                    ldap_set_option($ds, LDAP_OPT_RESTART, TRUE);
                    $r = ldap_bind($ds, $this->settings['ldap_username_rdn'], $this->settings['ldap_password']);
                    $list = ldap_list($ds, $this->settings['ldap_basedn'], "uid={$username}");
                    if ($list !== FALSE) {
                        $result = ldap_get_entries($ds, $list);
                        if ($result['count'] > 0) {
                            $result = $result[0];
                            if (isset($result['mail']) && is_array($result['mail'])) {
                                $user_email = $result['mail'][0];
                            if (isset($result['displayname']) && is_array($result['displayname'])) {
                                $user_realname = $result['displayname'][0];
                                $exploded_name = explode(' ', $user_realname);
                                $firstname = $exploded_name[0];
                                $lastname = end($exploded_name);
                    //No email predition
            $user_info = array();
            $user_info['user_pass'] = $password;
            $user_info['user_email'] = $user_email;
            $user_info['user_login'] = $username;
            $user_info['display_name'] = $user_realname;
            $user_info['first_name'] = $firstname;
            $user_info['last_name'] = $lastname;
            //Verify if we need to add user to a specified role
            if (!is_bool($user_role)) {
                $user_info['role'] = $user_role;
            if (!is_wp_error(wp_insert_user($user_info))) {
                $send_user = !empty($user_info['user_email']);
                //False, if user has no email
                if (!isset($user_info['role']) && $this->settings['wait_mail']['send_user']) {
                    //If user has no role and is allowed to send wait mail to user
                    $this->processMailing(WPCAS_WAITACCESS_MAIL, $user_info, $send_user);
                } else {
                    if (!isset($user_info['role']) && !$this->settings['wait_mail']['send_user']) {
                        //Otherwise, if has no role and we don't want a wait for access mail, send the welcome mail
                        $this->processMailing(WPCAS_WELCOME_MAIL, $user_info, $send_user);
                    } else {
                        //In any other case, send a Welcome Mail
                        $this->processMailing(WPCAS_WELCOME_MAIL, $user_info, $send_user);
                $user = get_user_by('login', $username);
                if (!isset($user_info['user_role'])) {
                    update_user_meta($user->ID, '_wpcas_waiting', true);
                return $user;
        } else {
            $caserror_file = get_template_directory() . '/cas_error.php';
            include file_exists($caserror_file) ? $caserror_file : "cas_error.php";
Пример #18
Файл: Ldap.php Проект: Rovak/zf2
  * Retrieve the immediate children DNs of the given $parentDn
  * This method is used in recursive methods like {@see delete()}
  * or {@see copy()}
  * @param  string|Dn $parentDn
  * @throws Exception\LdapException
  * @return array of DNs
 protected function getChildrenDns($parentDn)
     if ($parentDn instanceof Dn) {
         $parentDn = $parentDn->toString();
     $children = array();
     $search = ldap_list($this->getResource(), $parentDn, '(objectClass=*)', array('dn'));
     for ($entry = ldap_first_entry($this->getResource(), $search); $entry !== false; $entry = ldap_next_entry($this->getResource(), $entry)) {
         $childDn = ldap_get_dn($this->getResource(), $entry);
         if ($childDn === false) {
             throw new Exception\LdapException($this, 'getting dn');
         $children[] = $childDn;
     return $children;
Пример #19
  * Wraps around ldap_search, ldap_list or ldap_read depending on $scope
  * @param  $scope string - can be 'base', 'one' or 'sub'
  * @author Andreas Gohr <*****@*****.**>
 function _ldapsearch($link_identifier, $base_dn, $filter, $scope = 'sub', $attributes = null, $attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = LDAP_DEREF_NEVER)
     if (is_null($attributes)) {
         $attributes = array();
     if ($scope == 'base') {
         return @ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
     } elseif ($scope == 'one') {
         return @ldap_list($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
     } else {
         return @ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
Пример #20
  * @param $login
  * @return bool|Model\Organization
 public function getOrga($login)
     $infos = ldap_get_entries($this->connection, ldap_list($this->connection, 'ou=people,dc=utt,dc=fr', 'uid=' . $login));
     if (empty($infos[0]) || !isset($infos[0])) {
         return false;
     return $this->mapOrga($infos[0]);
Пример #21
 function find_ext_enrolments($ldap_connection, $memberuid, $role)
     /// role is a record from the mdl_role table
     /// return multidimentional array array with of courses (at least dn and idnumber)
     global $CFG;
     if (empty($memberuid)) {
         // No "idnumber" stored for this user, so no LDAP enrolments
         return array();
     //default return value
     $courses = array();
     //get all contexts and look for first matching user
     $ldap_contexts = explode(";", $CFG->{'enrol_ldap_contexts_role' . $role->id});
     // get all the fields we will want for the potential course creation
     // as they are light. don't get membership -- potentially a lot of data.
     $ldap_fields_wanted = array('dn', $CFG->enrol_ldap_course_idnumber);
     if (!empty($CFG->enrol_ldap_course_fullname)) {
         array_push($ldap_fields_wanted, $CFG->enrol_ldap_course_fullname);
     if (!empty($CFG->enrol_ldap_course_shortname)) {
         array_push($ldap_fields_wanted, $CFG->enrol_ldap_course_shortname);
     if (!empty($CFG->enrol_ldap_course_summary)) {
         array_push($ldap_fields_wanted, $CFG->enrol_ldap_course_summary);
     // define the search pattern
     $ldap_search_pattern = "(" . $CFG->{'enrol_ldap_memberattribute_role' . $role->id} . "=" . $memberuid . ")";
     if (!empty($CFG->enrol_ldap_objectclass)) {
         $ldap_search_pattern = '(&(objectclass=' . $CFG->enrol_ldap_objectclass . ')' . $ldap_search_pattern . ')';
     foreach ($ldap_contexts as $context) {
         $context == trim($context);
         if (empty($context)) {
             // next;
         if ($CFG->enrol_ldap_search_sub) {
             //use ldap_search to find first user from subtree
             $ldap_result = ldap_search($ldap_connection, $context, $ldap_search_pattern, $ldap_fields_wanted);
         } else {
             //search only in this context
             $ldap_result = ldap_list($ldap_connection, $context, $ldap_search_pattern, $ldap_fields_wanted);
         // check and push results
         $records = ldap_get_entries($ldap_connection, $ldap_result);
         // ldap libraries return an odd array, really. fix it:
         $flat_records = array();
         for ($c = 0; $c < $records['count']; $c++) {
             array_push($flat_records, $records["{$c}"]);
         if (count($flat_records)) {
             $courses = array_merge($courses, $flat_records);
     return $courses;
Пример #22
  * Performs a single level search on the current connection.
  * @param string $dn
  * @param string $filter
  * @param array  $attributes
  * @return mixed
 public function listing($dn, $filter, array $attributes)
     if ($this->suppressErrors) {
         return @ldap_list($this->getConnection(), $dn, $filter, $attributes);
     return ldap_list($this->getConnection(), $dn, $filter, $attributes);
  * Gets the userss by the indicated  details as well as the  role. worker method
  * @oaram boolean $role Defaults to false
  * @param array $details of string.  The details we wish on the user.  Defaults to empty array
  * @returns array of usernames which mathc the give input
 public function _getUsersByInfo($role = false, $details = array())
     $usernames = array();
     if (!($ldap = $this->getConnection())) {
         return $usernames;
     $usernames = array();
     $p_attrs = array();
     foreach ($details as $detail => $value) {
         if (array_key_exists($detail, $this->options['p_details'])) {
             $p_attrs[] = '(' . $this->options['p_details'][$detail] . '=' . $value . ')';
     //first we get all the people by their people details. then we limit them based on app details if there are any
     $p_filter = '';
     $p_attrs[] = '(cn=*)';
     if (count($p_attrs) > 0) {
         $p_filter = '(&' . implode('', $p_attrs) . ')';
     if (!($r1 = @ldap_list($ldap, $this->getPeopleQry(), $p_filter, array('dn', 'uid')))) {
         return false;
     $entry = ldap_first_entry($ldap, $r1);
     $e = 0;
     while ($entry) {
         $dn = ldap_get_dn($ldap, $entry);
         $entry = ldap_next_entry($ldap, $entry);
         $username = $this->getUIDFromDN($dn);
         if (!$username) {
             I2CE::raiseError("No username from {$dn}");
         if ($role) {
             $existingin_role = $this->getRole($username);
             if ($exisiting_role != $role) {
         $usernames[] = $username;
     return $usernames;
Пример #24
 protected function recursive_delete($connection, $dn, $filter)
     if ($res = ldap_list($connection, $dn, $filter, array('dn'))) {
         $info = ldap_get_entries($connection, $res);
         if ($info['count'] > 0) {
             if ($res = ldap_search($connection, "{$filter},{$dn}", 'cn=*', array('dn'))) {
                 $info = ldap_get_entries($connection, $res);
                 foreach ($info as $i) {
                     if (isset($i['dn'])) {
                         ldap_delete($connection, $i['dn']);
             if ($res = ldap_search($connection, "{$filter},{$dn}", 'ou=*', array('dn'))) {
                 $info = ldap_get_entries($connection, $res);
                 foreach ($info as $i) {
                     if (isset($i['dn']) and $info[0]['dn'] != $i['dn']) {
                         ldap_delete($connection, $i['dn']);
             ldap_delete($connection, "{$filter},{$dn}");
Пример #25
 public function is_phonebook_admin($ldapconn, $dn)
     $search = ldap_list($ldapconn, "ou=groups, dc=mozilla", "(&(member={$dn})(cn=phonebook_admin))", array("cn"));
     $results = ldap_get_entries($ldapconn, $search);
     return $results["count"];
Пример #26
  * Performs a request against the LDAP server
  * The type of request (and the corresponding PHP ldap function called)
  * depend on two additional parameters, added in respect to the
  * DB_common interface.
  * @param string $filter text of the request to send to the LDAP server
  * @param string $action type of request to perform, defaults to search (ldap_search())
  * @param array $params array of additional parameters to pass to the PHP ldap function requested
  * @return result from ldap function or DB Error object if no result
 function simpleQuery($filter, $action = null, $params = null)
     if ($action === null) {
         $action = !empty($this->q_action) ? $this->q_action : $this->action;
     if ($params === null) {
         $params = count($this->q_params) > 0 ? $this->q_params : array();
     if (!$this->isManip($action)) {
         $base = $this->q_base ? $this->q_base : $this->base;
         $attributes = array();
         $attrsonly = 0;
         $sizelimit = 0;
         $timelimit = 0;
         $deref = LDAP_DEREF_NEVER;
         $sorting = '';
         $sorting_method = '';
         while (list($k, $v) = each($params)) {
             if (isset(${$k})) {
                 ${$k} = $v;
         $this->sorting = $sorting;
         $this->sorting_method = $sorting_method;
         $this->attributes = $attributes;
         # double escape char for filter: '(o=Przedsi\C4\99biorstwo)' => '(o=Przedsi\\C4\\99biorstwo)'
         $filter = str_replace('\\', '\\\\', $filter);
         $this->last_query = $filter;
         if ($action == 'search') {
             $result = @ldap_search($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
         } else {
             if ($action == 'list') {
                 $result = @ldap_list($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
             } else {
                 if ($action == 'read') {
                     $result = @ldap_read($this->connection, $base, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref);
                 } else {
                     return $this->ldapRaiseError(DB_ERROR_UNKNOWN_LDAP_ACTION);
         if (!$result) {
             return $this->ldapRaiseError();
     } else {
         # If first argument is an array, it contains the entry with DN.
         if (is_array($filter)) {
             $entry = $filter;
             $filter = $entry["dn"];
         } else {
             $entry = array();
         $attribute = '';
         $value = '';
         $newrdn = '';
         $newparent = '';
         $deleteoldrdn = false;
         while (list($k, $v) = each($params)) {
             if (isset(${$k})) {
                 ${$k} = $v;
         $this->last_query = $filter;
         if ($action == 'add') {
             $result = @ldap_add($this->connection, $filter, $entry);
         } else {
             if ($action == 'compare') {
                 $result = @ldap_add($this->connection, $filter, $attribute, $value);
             } else {
                 if ($action == 'delete') {
                     $result = @ldap_delete($this->connection, $filter);
                 } else {
                     if ($action == 'modify') {
                         $result = @ldap_modify($this->connection, $filter, $entry);
                     } else {
                         if ($action == 'mod_add') {
                             $result = @ldap_mod_add($this->connection, $filter, $entry);
                         } else {
                             if ($action == 'mod_del') {
                                 $result = @ldap_mod_del($this->connection, $filter, $entry);
                             } else {
                                 if ($action == 'mod_replace') {
                                     $result = @ldap_mod_replace($this->connection, $filter, $entry);
                                 } else {
                                     if ($action == 'rename') {
                                         $result = @ldap_rename($this->connection, $filter, $newrdn, $newparent, $deleteoldrdn);
                                     } else {
                                         return $this->ldapRaiseError(DB_ERROR_UNKNOWN_LDAP_ACTION);
         if (!$result) {
             return $this->ldapRaiseError();
     return $result;
Пример #27
 * assigns all countries to the template
function tpl_country()
    global $conf;
    global $LDAP_CON;
    global $smarty;
    if (!$conf['openxchange']) {
    $country = array();
    $sr = ldap_list($LDAP_CON, $conf['publicbook'], "ObjectClass=OXUserObject", array("userCountry"));
    $result1 = ldap_get_binentries($LDAP_CON, $sr);
    //check users private addressbook
    if (!empty($_SESSION['ldapab']['binddn']) && $conf['privatebook']) {
        $sr = @ldap_list($LDAP_CON, $conf['privatebook'] . ',' . $_SESSION['ldapab']['binddn'], "ObjectClass=OXUserObject", array("userCountry"));
        $result2 = ldap_get_binentries($LDAP_CON, $sr);
    $result = array_merge((array) $result1, (array) $result2);
    if (count($result)) {
        foreach ($result as $entry) {
            if (count($entry['userCountry'])) {
                foreach ($entry['userCountry'] as $c) {
                    array_push($country, $c);
    $country = array_unique($country);
    sort($country, SORT_STRING);
    $smarty->assign('country', $country);
Пример #28
  * returns the distinct values of the target LDAP attribute
  * these will be the names of the synched Mahara groups
  * @returns array of string 
 function get_attribute_distinct_values()
     global $CFG, $DB;
     // only these groups will be synched
     if (!empty($this->config->group_synching_ldap_attribute_values)) {
         return $this->config->group_synching_ldap_attribute_values;
     //build a filter to fetch all users having something in the target LDAP attribute
     $filter = '(' . $this->config['user_attribute'] . '=*)';
     if (!empty($this->config['objectclass'])) {
         $filter .= "&(" . $this->config['objectclass'] . "))";
     $filter = '(&' . $filter . '(' . $this->config['group_synching_ldap_attribute_attribute'] . '=*))';
     if ($CFG->debug_ldap_groupes) {
         moodle_print_object('looking for ', $filter);
     $ldapconnection = $this->ldap_connect();
     $ldap_contexts = explode(";", $this->config['contexts']);
     $matchings = array();
     foreach ($ldap_contexts as $context) {
         $context = trim($context);
         if (empty($context)) {
         if ($this->config['search_sub'] == 'yes') {
             // Use ldap_search to find first user from subtree
             $ldap_result = ldap_search($ldapconnection, $context, $filter, array($this->group_synching_ldap_attribute_attribute));
         } else {
             // Search only in this context
             $ldap_result = ldap_list($ldapconnection, $context, $filter, array($this->group_synching_ldap_attribute_attribute));
         if (!$ldap_result) {
         // this API function returns all attributes as an array
         // wether they are single or multiple
         $users = $this->ldap_get_entries($ldapconnection, $ldap_result);
         // Add found DISTINCT values to list
         for ($i = 0; $i < count($users); $i++) {
             $count = $users[$i][$this->config['group_synching_ldap_attribute_attribute']]['count'];
             for ($j = 0; $j < $count; $j++) {
                    $value=  textlib::convert($users[$i][$this->config['group_synching_ldap_attribute_attribute']][$j],
                                 $this->config->ldapencoding, 'utf-8');
                 $value = $users[$i][$this->config['group_synching_ldap_attribute_attribute']][$j];
                 if (!in_array($value, $matchings)) {
                     array_push($matchings, $value);
     return $matchings;
Пример #29
  * Retrieve the immediate children DNs of the given $parentDn
  * This method is used in recursive methods like {@see delete()}
  * or {@see copy()}
  * @param  string|Zend_Ldap_Dn $parentDn
  * @return array of DNs
 protected function _getChildrenDns($parentDn)
     if ($parentDn instanceof Zend_Ldap_Dn) {
         $parentDn = $parentDn->toString();
     $children = array();
     $search = @ldap_list($this->getResource(), $parentDn, '(objectClass=*)', array('dn'));
     for ($entry = @ldap_first_entry($this->getResource(), $search); $entry !== false; $entry = @ldap_next_entry($this->getResource(), $entry)) {
         $childDn = @ldap_get_dn($this->getResource(), $entry);
         if ($childDn === false) {
              * @see Zend_Ldap_Exception
             #require_once 'Zend/Ldap/Exception.php';
             throw new Zend_Ldap_Exception($this, 'getting dn');
         $children[] = $childDn;
     return $children;
Пример #30
  * Return multidimensional array with details of user courses (at
  * least dn and idnumber).
  * @param string $memberuid user idnumber (without magic quotes).
  * @param object role is a record from the mdl_role table.
  * @return array
 protected function find_ext_enrolments($memberuid, $role)
     global $CFG;
     require_once $CFG->libdir . '/ldaplib.php';
     if (empty($memberuid)) {
         // No "idnumber" stored for this user, so no LDAP enrolments
         return array();
     $ldap_contexts = trim($this->get_config('contexts_role' . $role->id));
     if (empty($ldap_contexts)) {
         // No role contexts, so no LDAP enrolments
         return array();
     $extmemberuid = core_text::convert($memberuid, 'utf-8', $this->get_config('ldapencoding'));
     if ($this->get_config('memberattribute_isdn')) {
         if (!($extmemberuid = $this->ldap_find_userdn($extmemberuid))) {
             return array();
     $ldap_search_pattern = '';
     if ($this->get_config('nested_groups')) {
         $usergroups = $this->ldap_find_user_groups($extmemberuid);
         if (count($usergroups) > 0) {
             foreach ($usergroups as $group) {
                 $ldap_search_pattern .= '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . $group . ')';
     // Default return value
     $courses = array();
     // Get all the fields we will want for the potential course creation
     // as they are light. don't get membership -- potentially a lot of data.
     $ldap_fields_wanted = array('dn', $this->get_config('course_idnumber'));
     $fullname = $this->get_config('course_fullname');
     $shortname = $this->get_config('course_shortname');
     $summary = $this->get_config('course_summary');
     if (isset($fullname)) {
         array_push($ldap_fields_wanted, $fullname);
     if (isset($shortname)) {
         array_push($ldap_fields_wanted, $shortname);
     if (isset($summary)) {
         array_push($ldap_fields_wanted, $summary);
     // Define the search pattern
     if (empty($ldap_search_pattern)) {
         $ldap_search_pattern = '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')';
     } else {
         $ldap_search_pattern = '(|' . $ldap_search_pattern . '(' . $this->get_config('memberattribute_role' . $role->id) . '=' . ldap_filter_addslashes($extmemberuid) . ')' . ')';
     $ldap_search_pattern = '(&' . $this->get_config('objectclass') . $ldap_search_pattern . ')';
     // Get all contexts and look for first matching user
     $ldap_contexts = explode(';', $ldap_contexts);
     $ldap_pagedresults = ldap_paged_results_supported($this->get_config('ldap_version'));
     foreach ($ldap_contexts as $context) {
         $context = trim($context);
         if (empty($context)) {
         $ldap_cookie = '';
         $flat_records = array();
         do {
             if ($ldap_pagedresults) {
                 ldap_control_paged_result($this->ldapconnection, $this->config->pagesize, true, $ldap_cookie);
             if ($this->get_config('course_search_sub')) {
                 // Use ldap_search to find first user from subtree
                 $ldap_result = @ldap_search($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
             } else {
                 // Search only in this context
                 $ldap_result = @ldap_list($this->ldapconnection, $context, $ldap_search_pattern, $ldap_fields_wanted);
             if (!$ldap_result) {
             if ($ldap_pagedresults) {
                 ldap_control_paged_result_response($this->ldapconnection, $ldap_result, $ldap_cookie);
             // Check and push results. ldap_get_entries() already
             // lowercases the attribute index, so there's no need to
             // use array_change_key_case() later.
             $records = ldap_get_entries($this->ldapconnection, $ldap_result);
             // LDAP libraries return an odd array, really. Fix it.
             for ($c = 0; $c < $records['count']; $c++) {
                 array_push($flat_records, $records[$c]);
             // Free some mem
         } while ($ldap_pagedresults && !empty($ldap_cookie));
         // If LDAP paged results were used, the current connection must be completely
         // closed and a new one created, to work without paged results from here on.
         if ($ldap_pagedresults) {
         if (count($flat_records)) {
             $courses = array_merge($courses, $flat_records);
     return $courses;