public function getAvailableValues()
{
if (!empty($this->fields['values'])) {
$ldap_values = json_decode($this->fields['values']);
$ldap_dropdown = new RuleRightParameter();
if (!$ldap_dropdown->getFromDB($ldap_values->ldap_attribute)) {
return array();
}
$attribute = array($ldap_dropdown->fields['value']);
$config_ldap = new AuthLDAP();
if (!$config_ldap->getFromDB($ldap_values->ldap_auth)) {
return array();
}
if (!function_exists('warning_handler')) {
function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext)
{
if (0 === error_reporting()) {
return false;
}
throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
}
}
set_error_handler("warning_handler", E_WARNING);
try {
$tab_values = array();
$ds = $config_ldap->connect();
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$cookie = '';
do {
if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) {
ldap_control_paged_result($ds, $config_ldap->fields['pagesize'], true, $cookie);
}
$result = ldap_search($ds, $config_ldap->fields['basedn'], $ldap_values->ldap_filter, $attribute);
$entries = ldap_get_entries($ds, $result);
array_shift($entries);
foreach ($entries as $id => $attr) {
if (isset($attr[$attribute[0]]) && !in_array($attr[$attribute[0]][0], $tab_values)) {
$tab_values[$id] = $attr[$attribute[0]][0];
}
}
if (AuthLDAP::isLdapPageSizeAvailable($config_ldap)) {
ldap_control_paged_result_response($ds, $result, $cookie);
}
} while ($cookie !== null && $cookie != '');
if ($this->fields['show_empty']) {
$tab_values = array('' => '-----') + $tab_values;
}
asort($tab_values);
return $tab_values;
} catch (Exception $e) {
return array();
}
restore_error_handler();
} else {
return array();
}
}
/**
* Display information from LDAP server for user
**/
private function showLdapDebug()
{
if ($this->fields['authtype'] != Auth::LDAP) {
return false;
}
echo "<div class='spaced'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th colspan='4'>" . __('LDAP directory') . "</th></tr>";
echo "<tr class='tab_bg_2'><td>" . __('User DN') . "</td>";
echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
if ($this->fields['user_dn']) {
echo "<tr class='tab_bg_2'><td>" . __('User information') . "</td><td>";
$config_ldap = new AuthLDAP();
$ds = false;
if ($config_ldap->getFromDB($this->fields['auths_id'])) {
$ds = $config_ldap->connect();
}
if ($ds) {
$info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
if (is_array($info)) {
Html::printCleanArray($info);
} else {
_e('No item to display');
}
} else {
_e('Connection failed');
}
echo "</td></tr>\n";
}
echo "</table></div>";
}
/**
* Validate form fields before add or update a question
*
* @param Array $input Datas used to add the item
*
* @return Array The modified $input array
*
* @param [type] $input [description]
* @return [type] [description]
*/
private function checkBeforeSave($input)
{
// Control fields values :
// - name is required
if (empty($input['name'])) {
Session::addMessageAfterRedirect(__('The title is required', 'formcreator'), false, ERROR);
return array();
}
// - field type is required
if (empty($input['fieldtype'])) {
Session::addMessageAfterRedirect(__('The field type is required', 'formcreator'), false, ERROR);
return array();
}
// - section is required
if (empty($input['plugin_formcreator_sections_id'])) {
Session::addMessageAfterRedirect(__('The section is required', 'formcreator'), false, ERROR);
return array();
}
// Values are required for GLPI dropdowns, dropdowns, multiple dropdowns, checkboxes, radios, LDAP
$itemtypes = array('select', 'multiselect', 'checkboxes', 'radios', 'ldap');
if (empty($input['values']) && in_array($input['fieldtype'], $itemtypes)) {
Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
return array();
}
// Fields are differents for dropdown lists, so we need to replace these values into the good ones
if ($input['fieldtype'] == 'dropdown') {
if (empty($input['dropdown_values'])) {
Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
return array();
}
$input['values'] = $input['dropdown_values'];
$input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : '';
}
// Fields are differents for GLPI object lists, so we need to replace these values into the good ones
if ($input['fieldtype'] == 'glpiselect') {
if (empty($input['glpi_objects'])) {
Session::addMessageAfterRedirect(__('The field value is required:', 'formcreator') . ' ' . $input['name'], false, ERROR);
return array();
}
$input['values'] = $input['glpi_objects'];
$input['default_values'] = isset($input['dropdown_default_value']) ? $input['dropdown_default_value'] : '';
}
// A description field should have a description
if ($input['fieldtype'] == 'description' && empty($input['description'])) {
Session::addMessageAfterRedirect(__('A description field should have a description:', 'formcreator') . ' ' . $input['name'], false, ERROR);
return array();
}
// format values for numbers
if ($input['fieldtype'] == 'integer' || $input['fieldtype'] == 'float') {
$input['default_values'] = !empty($input['default_values']) ? (double) str_replace(',', '.', $input['default_values']) : null;
$input['range_min'] = !empty($input['range_min']) ? (double) str_replace(',', '.', $input['range_min']) : null;
$input['range_max'] = !empty($input['range_max']) ? (double) str_replace(',', '.', $input['range_max']) : null;
}
// LDAP fields validation
if ($input['fieldtype'] == 'ldapselect') {
// Fields are differents for dropdown lists, so we need to replace these values into the good ones
if (!empty($input['ldap_auth'])) {
$config_ldap = new AuthLDAP();
$config_ldap->getFromDB($input['ldap_auth']);
$ldap_dropdown = new RuleRightParameter();
$ldap_dropdown->getFromDB($input['ldap_attribute']);
$attribute = array($ldap_dropdown->fields['value']);
// Set specific error handler too catch LDAP errors
if (!function_exists('warning_handler')) {
function warning_handler($errno, $errstr, $errfile, $errline, array $errcontext)
{
if (0 === error_reporting()) {
return false;
}
throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
}
}
set_error_handler("warning_handler", E_WARNING);
try {
$ds = $config_ldap->connect();
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_control_paged_result($ds, 1);
$sn = ldap_search($ds, $config_ldap->fields['basedn'], $input['ldap_filter'], $attribute);
$entries = ldap_get_entries($ds, $sn);
} catch (Exception $e) {
Session::addMessageAfterRedirect(__('Cannot recover LDAP informations!', 'formcreator'), false, ERROR);
}
restore_error_handler();
$input['values'] = json_encode(array('ldap_auth' => $input['ldap_auth'], 'ldap_filter' => $input['ldap_filter'], 'ldap_attribute' => strtolower($input['ldap_attribute'])));
}
}
// Add leading and trailing regex marker automaticaly
if (!empty($input['regex'])) {
if (substr($input['regex'], 0, 1) != '/') {
if (substr($input['regex'], 0, 1) != '^') {
$input['regex'] = '/^' . $input['regex'];
} else {
$input['regex'] = '/' . $input['regex'];
}
}
if (substr($input['regex'], -1, 1) != '/') {
if (substr($input['regex'], -1, 1) != '$') {
$input['regex'] = $input['regex'] . '$/';
} else {
$input['regex'] = $input['regex'] . '/';
}
}
}
return $input;
}
/** Converts an array of parameters into a query string to be appended to a URL.
*
* @param $group_dn dn of the group to import
* @param $options array for
* - authldaps_id
* - entities_id where group must to be imported
* - is_recursive
*
* @return nothing
**/
static function ldapImportGroup($group_dn, $options = array())
{
$config_ldap = new AuthLDAP();
$res = $config_ldap->getFromDB($options['authldaps_id']);
$ldap_users = array();
$group_dn = $group_dn;
// we prevent some delay...
if (!$res) {
return false;
}
//Connect to the directory
$ds = $config_ldap->connect();
if ($ds) {
$group_infos = self::getGroupByDn($ds, stripslashes($group_dn));
$group = new Group();
if ($options['type'] == "groups") {
$group->add(array("name" => addslashes($group_infos["cn"][0]), "ldap_group_dn" => addslashes($group_infos["dn"]), "entities_id" => $options['entities_id'], "is_recursive" => $options['is_recursive']));
} else {
$group->add(array("name" => addslashes($group_infos["cn"][0]), "ldap_field" => $config_ldap->fields["group_field"], "ldap_value" => addslashes($group_infos["dn"]), "entities_id" => $options['entities_id'], "is_recursive" => $options['is_recursive']));
}
}
}
public static function displayValue($value, $values)
{
if (!empty($values)) {
$ldap_values = json_decode($values);
$ldap_dropdown = new RuleRightParameter();
$ldap_dropdown->getFromDB($ldap_values->ldap_attribute);
$attribute = array($ldap_dropdown->fields['value']);
$config_ldap = new AuthLDAP();
$config_ldap->getFromDB($ldap_values->ldap_auth);
$ds = $config_ldap->connect();
$sn = ldap_search($ds, $config_ldap->fields['basedn'], $ldap_values->ldap_filter, $attribute);
$entries = ldap_get_entries($ds, $sn);
array_shift($entries);
$tab_values = array();
foreach ($entries as $id => $attr) {
if (isset($attr[$attribute[0]]) && !in_array($attr[$attribute[0]][0], $tab_values)) {
$tab_values[$id] = $attr[$attribute[0]][0];
}
}
sort($tab_values);
}
return $value != '' ? $tab_values[$value] : '';
}
function plugin_moreldap_item_add_or_update_user($user)
{
//Ignore users without auths_id
if (!isset($user->input["auths_id"])) {
return;
}
// We update LDAP field only if LDAP directory is defined
if (isset($user->input["locations_id"])) {
return;
}
// default : store locations outside of any entity
$entityID = -1;
$pluginAuthLDAP = new PluginMoreldapAuthLDAP();
$authsId = isset($user->input["auths_id"]) ? $user->input["auths_id"] : $user->fields["auths_id"];
if ($authsId > 0 && $pluginAuthLDAP->getFromDBByQuery("WHERE `id`='{$authsId}'")) {
// The target entity for the locations to be created
$entityID = $pluginAuthLDAP->fields['entities_id'];
// find from config all attributes to read from LDAP
$fields = array();
$locationHierarchy = explode('>', $pluginAuthLDAP->fields['location']);
foreach ($locationHierarchy as $locationSubAttribute) {
$locationSubAttribute = trim($locationSubAttribute);
if (strlen($locationSubAttribute) > 0) {
$fields[] = $locationSubAttribute;
}
}
// LDAP query to read the needed attributes for the user
$ldap_connection = 0;
if (!isset($user->input["_ldap_conn"]) || !isset($user->fields["_ldap_conn"])) {
$ldap = new AuthLDAP();
$ldap->getFromDB($authsId);
$ldap_connection = $ldap->connect();
} else {
$ldap_connection = isset($user->input["_ldap_conn"]) ? $user->input["_ldap_conn"] : $user->fields["_ldap_conn"];
}
$userdn = isset($user->input["user_dn"]) ? $user->input["user_dn"] : $user->fields["user_dn"];
$userdn = str_replace('\\\\', '\\', $userdn);
$sr = @ldap_read($ldap_connection, $userdn, "objectClass=*", $fields);
if (!is_resource($sr) || ldap_errno($ldap_connection) > 0) {
return;
}
$v = AuthLDAP::get_entries_clean($ldap_connection, $sr);
//Find all locations needed to create the deepest one
$locationPath = array();
$incompleteLocation = false;
foreach ($fields as $locationSubAttribute) {
$locationSubAttribute = strtolower($locationSubAttribute);
if (isset($v[0][$locationSubAttribute][0])) {
$locationPath[] = $v[0][$locationSubAttribute][0];
} else {
// A LDAP attribute is not defined for the user. Cannot build the completename
// Therefore we must giveup importing this location
$incompleteLocation = true;
}
}
// TODO : test if location import is enabled earlier in this function
if ($pluginAuthLDAP->fields['location_enabled'] == 'Y') {
if ($incompleteLocation == false) {
$location = new Location();
$locationAncestor = 0;
$locationCompleteName = array();
$allLocationsExist = true;
// Assume we created or found all locations
// while ($locatinItem = array_shift($locationPath) && $allLocationsExist) {
foreach ($locationPath as $locationItem) {
if ($allLocationsExist) {
$locationCompleteName[] = $locationItem;
$locationItem = Toolbox::addslashes_deep(array('entities_id' => $entityID, 'name' => $locationItem, 'locations_id' => $locationAncestor, 'completename' => implode(' > ', $locationCompleteName), 'is_recursive' => $pluginAuthLDAP->fields['is_recursive'], 'comment' => __("Created by MoreLDAP", "moreldap")));
$locationAncestor = $location->findID($locationItem);
if ($locationAncestor == -1) {
// The location does not exists yet
$locationAncestor = $location->add($locationItem);
}
if ($locationAncestor == false) {
// If a location could not be imported and does not exist
// then give up importing children items
$allLocationsExist = false;
}
}
}
if ($allLocationsExist) {
// All locations exist to match the path described un LDAP
$locations_id = $locationAncestor;
$myuser = new User();
// new var to prevent user->input erasing (object are always passed by "reference")
$myuser->update(array('id' => $user->getID(), 'locations_id' => $locations_id));
}
}
} else {
// If the location retrieval is disabled, enablig this line will erase the location for the user.
// $fields['locations_id'] = 0;
}
}
}
/**
* Display information from LDAP server for user
**/
private function showLdapDebug()
{
global $LANG;
if ($this->fields['authtype'] != Auth::LDAP) {
return false;
}
echo "<div class='spaced'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr><th colspan='4'>" . $LANG['setup'][137] . ' - ' . $LANG['login'][2] . "</th></tr>";
echo "<tr class='tab_bg_2'><td>" . $LANG['ldap'][26] . " :</td>";
echo "<td>" . $this->fields['user_dn'] . "</td></tr>\n";
if ($this->fields['user_dn']) {
echo "<tr class='tab_bg_2'><td>" . $LANG['title'][13] . " :</td><td>";
$config_ldap = new AuthLDAP();
$ds = false;
if ($config_ldap->getFromDB($this->fields['auths_id'])) {
$ds = $config_ldap->connect();
}
if ($ds) {
$info = AuthLdap::getUserByDn($ds, $this->fields['user_dn'], array('*', 'createTimeStamp', 'modifyTimestamp'));
if (is_array($info)) {
printCleanArray($info);
} else {
echo $LANG['stats'][2];
}
} else {
echo $LANG['log'][41];
}
echo "</td></tr>\n";
}
echo "</table></div>";
}
