Get ldap query results and clean them at the same time
| static public get_entries_clean ( $link, $result ) : an | ||
| Результат | an | array which contains ldap query results |
/**
* Get the attributes needed for processing the rules
*
* @see RuleCollection::prepareInputDataForProcess()
*
* @param $input input datas
* @param $params extra parameters given
*
* @return an array of attributes
**/
function prepareInputDataForProcess($input, $params)
{
$rule_parameters = array();
//LDAP type method
if ($params["type"] == "LDAP") {
//Get all the field to retrieve to be able to process rule matching
$rule_fields = $this->getFieldsToLookFor();
//Get all the datas we need from ldap to process the rules
$sz = @ldap_read($params["connection"], $params["userdn"], "objectClass=*", $rule_fields);
$rule_input = AuthLDAP::get_entries_clean($params["connection"], $sz);
if (count($rule_input)) {
if (isset($input)) {
$groups = $input;
} else {
$groups = array();
}
$rule_input = $rule_input[0];
//Get all the ldap fields
$fields = $this->getFieldsForQuery();
foreach ($fields as $field) {
switch (Toolbox::strtoupper($field)) {
case "LDAP_SERVER":
$rule_parameters["LDAP_SERVER"] = $params["ldap_server"];
break;
case "GROUPS":
foreach ($groups as $group) {
$rule_parameters["GROUPS"][] = $group;
}
break;
default:
if (isset($rule_input[$field])) {
if (!is_array($rule_input[$field])) {
$rule_parameters[$field] = $rule_input[$field];
} else {
if (count($rule_input[$field])) {
foreach ($rule_input[$field] as $key => $val) {
if ($key !== 'count') {
$rule_parameters[$field][] = $val;
}
}
}
}
}
}
}
return $rule_parameters;
}
return $rule_input;
} else {
if ($params["type"] == "SSO") {
$rule_parameters["MAIL_EMAIL"] = $params["email"];
$rule_parameters["LOGIN"] = $params["login"];
return $rule_parameters;
}
}
//IMAP/POP login method
$rule_parameters["MAIL_SERVER"] = $params["mail_server"];
$rule_parameters["MAIL_EMAIL"] = $params["email"];
return $rule_parameters;
}
/**
* Get all groups a user belongs to
*
* @param $ds ldap connection
* @param $ldap_base_dn Basedn used
* @param $user_dn Basedn of the user
* @param $group_condition group search condition
* @param $group_member_field group field member in a user object
* @param $use_dn boolean search dn of user ($login_field=$user_dn) in group_member_field
* @param $login_field string user login field
*
* @return String : basedn of the user / false if not founded
**/
function ldap_get_user_groups($ds, $ldap_base_dn, $user_dn, $group_condition, $group_member_field, $use_dn, $login_field)
{
$groups = array();
$listgroups = array();
//User dn may contain ( or ), need to espace it!
$user_dn = str_replace(array("(", ")", "\\,", "\\+"), array("\\(", "\\)", "\\\\,", "\\\\+"), $user_dn);
//Only retrive cn and member attributes from groups
$attrs = array('dn');
if (!$use_dn) {
$filter = "(& {$group_condition} (|({$group_member_field}={$user_dn})\n ({$group_member_field}={$login_field}={$user_dn})))";
} else {
$filter = "(& {$group_condition} ({$group_member_field}={$user_dn}))";
}
//Perform the search
$filter = Toolbox::unclean_cross_side_scripting_deep($filter);
$sr = ldap_search($ds, $ldap_base_dn, $filter, $attrs);
//Get the result of the search as an array
$info = AuthLDAP::get_entries_clean($ds, $sr);
//Browse all the groups
for ($i = 0; $i < count($info); $i++) {
//Get the cn of the group and add it to the list of groups
if (isset($info[$i]["dn"]) && $info[$i]["dn"] != '') {
$listgroups[$i] = $info[$i]["dn"];
}
}
//Create an array with the list of groups of the user
$groups[0][$group_member_field] = $listgroups;
//Return the groups of the user
return $groups;
}
function plugin_moreldap_item_add_or_update_user($user)
{
//Ignore users without auths_id
if (!isset($user->input["auths_id"])) {
return;
}
// We update LDAP field only if LDAP directory is defined
if (isset($user->input["locations_id"])) {
return;
}
// default : store locations outside of any entity
$entityID = -1;
$pluginAuthLDAP = new PluginMoreldapAuthLDAP();
$authsId = isset($user->input["auths_id"]) ? $user->input["auths_id"] : $user->fields["auths_id"];
if ($authsId > 0 && $pluginAuthLDAP->getFromDBByQuery("WHERE `id`='{$authsId}'")) {
// The target entity for the locations to be created
$entityID = $pluginAuthLDAP->fields['entities_id'];
// find from config all attributes to read from LDAP
$fields = array();
$locationHierarchy = explode('>', $pluginAuthLDAP->fields['location']);
foreach ($locationHierarchy as $locationSubAttribute) {
$locationSubAttribute = trim($locationSubAttribute);
if (strlen($locationSubAttribute) > 0) {
$fields[] = $locationSubAttribute;
}
}
// LDAP query to read the needed attributes for the user
$ldap_connection = 0;
if (!isset($user->input["_ldap_conn"]) || !isset($user->fields["_ldap_conn"])) {
$ldap = new AuthLDAP();
$ldap->getFromDB($authsId);
$ldap_connection = $ldap->connect();
} else {
$ldap_connection = isset($user->input["_ldap_conn"]) ? $user->input["_ldap_conn"] : $user->fields["_ldap_conn"];
}
$userdn = isset($user->input["user_dn"]) ? $user->input["user_dn"] : $user->fields["user_dn"];
$userdn = str_replace('\\\\', '\\', $userdn);
$sr = @ldap_read($ldap_connection, $userdn, "objectClass=*", $fields);
if (!is_resource($sr) || ldap_errno($ldap_connection) > 0) {
return;
}
$v = AuthLDAP::get_entries_clean($ldap_connection, $sr);
//Find all locations needed to create the deepest one
$locationPath = array();
$incompleteLocation = false;
foreach ($fields as $locationSubAttribute) {
$locationSubAttribute = strtolower($locationSubAttribute);
if (isset($v[0][$locationSubAttribute][0])) {
$locationPath[] = $v[0][$locationSubAttribute][0];
} else {
// A LDAP attribute is not defined for the user. Cannot build the completename
// Therefore we must giveup importing this location
$incompleteLocation = true;
}
}
// TODO : test if location import is enabled earlier in this function
if ($pluginAuthLDAP->fields['location_enabled'] == 'Y') {
if ($incompleteLocation == false) {
$location = new Location();
$locationAncestor = 0;
$locationCompleteName = array();
$allLocationsExist = true;
// Assume we created or found all locations
// while ($locatinItem = array_shift($locationPath) && $allLocationsExist) {
foreach ($locationPath as $locationItem) {
if ($allLocationsExist) {
$locationCompleteName[] = $locationItem;
$locationItem = Toolbox::addslashes_deep(array('entities_id' => $entityID, 'name' => $locationItem, 'locations_id' => $locationAncestor, 'completename' => implode(' > ', $locationCompleteName), 'is_recursive' => $pluginAuthLDAP->fields['is_recursive'], 'comment' => __("Created by MoreLDAP", "moreldap")));
$locationAncestor = $location->findID($locationItem);
if ($locationAncestor == -1) {
// The location does not exists yet
$locationAncestor = $location->add($locationItem);
}
if ($locationAncestor == false) {
// If a location could not be imported and does not exist
// then give up importing children items
$allLocationsExist = false;
}
}
}
if ($allLocationsExist) {
// All locations exist to match the path described un LDAP
$locations_id = $locationAncestor;
$myuser = new User();
// new var to prevent user->input erasing (object are always passed by "reference")
$myuser->update(array('id' => $user->getID(), 'locations_id' => $locations_id));
}
}
} else {
// If the location retrieval is disabled, enablig this line will erase the location for the user.
// $fields['locations_id'] = 0;
}
}
}
