Get ldap query results and clean them at the same time
static public get_entries_clean ( $link, $result ) : an | ||
Результат | an | array which contains ldap query results |
/** * Get the attributes needed for processing the rules * * @see RuleCollection::prepareInputDataForProcess() * * @param $input input datas * @param $params extra parameters given * * @return an array of attributes **/ function prepareInputDataForProcess($input, $params) { $rule_parameters = array(); //LDAP type method if ($params["type"] == "LDAP") { //Get all the field to retrieve to be able to process rule matching $rule_fields = $this->getFieldsToLookFor(); //Get all the datas we need from ldap to process the rules $sz = @ldap_read($params["connection"], $params["userdn"], "objectClass=*", $rule_fields); $rule_input = AuthLDAP::get_entries_clean($params["connection"], $sz); if (count($rule_input)) { if (isset($input)) { $groups = $input; } else { $groups = array(); } $rule_input = $rule_input[0]; //Get all the ldap fields $fields = $this->getFieldsForQuery(); foreach ($fields as $field) { switch (Toolbox::strtoupper($field)) { case "LDAP_SERVER": $rule_parameters["LDAP_SERVER"] = $params["ldap_server"]; break; case "GROUPS": foreach ($groups as $group) { $rule_parameters["GROUPS"][] = $group; } break; default: if (isset($rule_input[$field])) { if (!is_array($rule_input[$field])) { $rule_parameters[$field] = $rule_input[$field]; } else { if (count($rule_input[$field])) { foreach ($rule_input[$field] as $key => $val) { if ($key !== 'count') { $rule_parameters[$field][] = $val; } } } } } } } return $rule_parameters; } return $rule_input; } else { if ($params["type"] == "SSO") { $rule_parameters["MAIL_EMAIL"] = $params["email"]; $rule_parameters["LOGIN"] = $params["login"]; return $rule_parameters; } } //IMAP/POP login method $rule_parameters["MAIL_SERVER"] = $params["mail_server"]; $rule_parameters["MAIL_EMAIL"] = $params["email"]; return $rule_parameters; }
/** * Get all groups a user belongs to * * @param $ds ldap connection * @param $ldap_base_dn Basedn used * @param $user_dn Basedn of the user * @param $group_condition group search condition * @param $group_member_field group field member in a user object * @param $use_dn boolean search dn of user ($login_field=$user_dn) in group_member_field * @param $login_field string user login field * * @return String : basedn of the user / false if not founded **/ function ldap_get_user_groups($ds, $ldap_base_dn, $user_dn, $group_condition, $group_member_field, $use_dn, $login_field) { $groups = array(); $listgroups = array(); //User dn may contain ( or ), need to espace it! $user_dn = str_replace(array("(", ")", "\\,", "\\+"), array("\\(", "\\)", "\\\\,", "\\\\+"), $user_dn); //Only retrive cn and member attributes from groups $attrs = array('dn'); if (!$use_dn) { $filter = "(& {$group_condition} (|({$group_member_field}={$user_dn})\n ({$group_member_field}={$login_field}={$user_dn})))"; } else { $filter = "(& {$group_condition} ({$group_member_field}={$user_dn}))"; } //Perform the search $filter = Toolbox::unclean_cross_side_scripting_deep($filter); $sr = ldap_search($ds, $ldap_base_dn, $filter, $attrs); //Get the result of the search as an array $info = AuthLDAP::get_entries_clean($ds, $sr); //Browse all the groups for ($i = 0; $i < count($info); $i++) { //Get the cn of the group and add it to the list of groups if (isset($info[$i]["dn"]) && $info[$i]["dn"] != '') { $listgroups[$i] = $info[$i]["dn"]; } } //Create an array with the list of groups of the user $groups[0][$group_member_field] = $listgroups; //Return the groups of the user return $groups; }
function plugin_moreldap_item_add_or_update_user($user) { //Ignore users without auths_id if (!isset($user->input["auths_id"])) { return; } // We update LDAP field only if LDAP directory is defined if (isset($user->input["locations_id"])) { return; } // default : store locations outside of any entity $entityID = -1; $pluginAuthLDAP = new PluginMoreldapAuthLDAP(); $authsId = isset($user->input["auths_id"]) ? $user->input["auths_id"] : $user->fields["auths_id"]; if ($authsId > 0 && $pluginAuthLDAP->getFromDBByQuery("WHERE `id`='{$authsId}'")) { // The target entity for the locations to be created $entityID = $pluginAuthLDAP->fields['entities_id']; // find from config all attributes to read from LDAP $fields = array(); $locationHierarchy = explode('>', $pluginAuthLDAP->fields['location']); foreach ($locationHierarchy as $locationSubAttribute) { $locationSubAttribute = trim($locationSubAttribute); if (strlen($locationSubAttribute) > 0) { $fields[] = $locationSubAttribute; } } // LDAP query to read the needed attributes for the user $ldap_connection = 0; if (!isset($user->input["_ldap_conn"]) || !isset($user->fields["_ldap_conn"])) { $ldap = new AuthLDAP(); $ldap->getFromDB($authsId); $ldap_connection = $ldap->connect(); } else { $ldap_connection = isset($user->input["_ldap_conn"]) ? $user->input["_ldap_conn"] : $user->fields["_ldap_conn"]; } $userdn = isset($user->input["user_dn"]) ? $user->input["user_dn"] : $user->fields["user_dn"]; $userdn = str_replace('\\\\', '\\', $userdn); $sr = @ldap_read($ldap_connection, $userdn, "objectClass=*", $fields); if (!is_resource($sr) || ldap_errno($ldap_connection) > 0) { return; } $v = AuthLDAP::get_entries_clean($ldap_connection, $sr); //Find all locations needed to create the deepest one $locationPath = array(); $incompleteLocation = false; foreach ($fields as $locationSubAttribute) { $locationSubAttribute = strtolower($locationSubAttribute); if (isset($v[0][$locationSubAttribute][0])) { $locationPath[] = $v[0][$locationSubAttribute][0]; } else { // A LDAP attribute is not defined for the user. Cannot build the completename // Therefore we must giveup importing this location $incompleteLocation = true; } } // TODO : test if location import is enabled earlier in this function if ($pluginAuthLDAP->fields['location_enabled'] == 'Y') { if ($incompleteLocation == false) { $location = new Location(); $locationAncestor = 0; $locationCompleteName = array(); $allLocationsExist = true; // Assume we created or found all locations // while ($locatinItem = array_shift($locationPath) && $allLocationsExist) { foreach ($locationPath as $locationItem) { if ($allLocationsExist) { $locationCompleteName[] = $locationItem; $locationItem = Toolbox::addslashes_deep(array('entities_id' => $entityID, 'name' => $locationItem, 'locations_id' => $locationAncestor, 'completename' => implode(' > ', $locationCompleteName), 'is_recursive' => $pluginAuthLDAP->fields['is_recursive'], 'comment' => __("Created by MoreLDAP", "moreldap"))); $locationAncestor = $location->findID($locationItem); if ($locationAncestor == -1) { // The location does not exists yet $locationAncestor = $location->add($locationItem); } if ($locationAncestor == false) { // If a location could not be imported and does not exist // then give up importing children items $allLocationsExist = false; } } } if ($allLocationsExist) { // All locations exist to match the path described un LDAP $locations_id = $locationAncestor; $myuser = new User(); // new var to prevent user->input erasing (object are always passed by "reference") $myuser->update(array('id' => $user->getID(), 'locations_id' => $locations_id)); } } } else { // If the location retrieval is disabled, enablig this line will erase the location for the user. // $fields['locations_id'] = 0; } } }