public function getGroupsContains($contains_, $attributes_ = array('name', 'description'), $limit_ = 0, $user_ = null)
{
$groups = array();
$filters = array($this->preferences['filter']);
if ($contains_ != '') {
$contains = preg_replace('/\\*\\*+/', '*', '*' . $contains_ . '*');
// ldap does not handle multiple star characters
$filter_contain_rules = array();
$missing_attribute_nb = 0;
foreach ($attributes_ as $attribute) {
if (!array_key_exists($attribute, $this->preferences['match']) || strlen($this->preferences['match'][$attribute]) == 0) {
$missing_attribute_nb++;
continue;
}
array_push($filter_contain_rules, $this->preferences['match'][$attribute] . '=' . $contains);
}
if ($missing_attribute_nb == count($attributes_)) {
return array(array(), false);
}
array_push($filters, LDAP::join_filters($filter_contain_rules, '|'));
}
$sizelimit_exceeded_user = false;
if (!is_null($user_)) {
if (in_array('group_field', $this->preferences['group_match_user'])) {
if ($this->preferences['group_field_type'] == 'user_dn') {
$value = $user_->getAttribute('dn');
} else {
$value = $user_->getAttribute('login');
}
$filter_user = $this->preferences['group_field'] . '=' . $value;
} else {
$field = $this->preferences['user_field'];
$userDB = UserDB::getInstance();
$configLDAP = $userDB->config;
$ldap = new LDAP($configLDAP);
$sr = $ldap->searchDN($user_->getAttribute('dn'), array($field));
if ($sr === false) {
Logger::error('main', 'UserGroupDB::ldapimport_by_user ldap failed (mostly timeout on server)');
return array();
}
$infos = $ldap->get_entries($sr);
if (!is_array($infos) || $infos === array()) {
return array();
}
$keys = array_keys($infos);
$dn = $keys[0];
$info = $infos[$dn];
if (is_array($info[$field])) {
if (isset($info[$field]['count'])) {
unset($info[$field]['count']);
}
$memberof = $info[$field];
} else {
$memberof = array($info[$field]);
}
while (count($memberof) > $limit_) {
$sizelimit_exceeded_user = true;
array_pop($memberof);
}
$filter_user_rules = array();
if ($this->preferences['user_field_type'] == 'group_dn') {
foreach ($memberof as $dn) {
list($rdn, $sub) = explode_with_escape(',', $dn, 2);
array_push($filter_user_rules, '(' . $rdn . ')');
}
} else {
$filters = array();
foreach ($memberof as $name) {
array_push($filter_user_rules, '(' . $this->preferences['match']['name'] . '=' . $name . ')');
}
}
$filter_user = LDAP::join_filters($filter_user_rules, '|');
}
array_push($filters, $filter_user);
}
$filter = LDAP::join_filters($filters, '&');
$ldap = new LDAP($this->get_usergroup_ldap_config());
$sr = $ldap->search($filter, array_values($this->preferences['match']), $limit_);
if ($sr === false) {
Logger::error('main', 'UsersGroupDB::ldap::getUsersContaint search failed');
return array(array(), false);
}
$sizelimit_exceeded = $ldap->errno() === 4;
// LDAP_SIZELIMIT_EXCEEDED => 0x04
$infos = $ldap->get_entries($sr);
foreach ($infos as $dn => $info) {
if (!is_null($user_) && isset($memberof)) {
if (!in_array($dn, $memberof)) {
continue;
}
}
$ug = $this->generateUsersGroupFromRow($info, $dn, $this->preferences['match']);
$groups[$dn] = $ug;
}
return array($groups, $sizelimit_exceeded_user or $sizelimit_exceeded);
}
public function getUsersContains($contains_, $attributes_ = array('login', 'displayname'), $limit_ = 0)
{
$users = array();
$ldap = new LDAP($this->config);
$contains = '*';
if ($contains_ != '') {
$contains .= $contains_ . '*';
}
$contains = preg_replace('/\\*\\*+/', '*', $contains);
// ldap does not handle multiple star characters
$filter = '(&' . $this->generateFilter() . '(|';
foreach ($attributes_ as $attribute) {
$filter .= '(' . $this->config['match'][$attribute] . '=' . $contains . ')';
}
$filter .= '))';
$sr = $ldap->search($filter, NULL, $limit_);
if ($sr === false) {
Logger::error('main', 'UserDB::ldap::getUsersContaint search failed');
return NULL;
}
$sizelimit_exceeded = $ldap->errno() === 4;
// LDAP_SIZELIMIT_EXCEEDED => 0x04
$infos = $ldap->get_entries($sr);
foreach ($infos as $dn => $info) {
$u = $this->generateUserFromRow($info);
$u->setAttribute('dn', $dn);
$u = $this->cleanupUser($u);
if ($this->isOK($u)) {
$users[] = $u;
} else {
if ($u->hasAttribute('login')) {
Logger::info('main', 'UserDB::ldap::getUsersContaint user \'' . $u->getAttribute('login') . '\' not ok');
} else {
Logger::info('main', 'UserDB::ldap::getUsersContaint user does not have login');
}
}
}
usort($users, "user_cmp");
return array($users, $sizelimit_exceeded);
}
public function getGroupsContains($contains_, $attributes_ = array('name', 'description'), $limit_ = 0)
{
$groups = array();
$userDBAD = UserDB::getInstance();
if (method_exists($userDBAD, 'makeLDAPconfig') === false) {
Logger::error('main', 'UserGroupDB::ldap_memberof makeLDAPconfig is not avalaible');
return NULL;
}
$config_ldap = $userDBAD->makeLDAPconfig();
$config_ldap['match'] = array();
if (array_key_exists('match', $this->preferences)) {
$config_ldap['match'] = $this->preferences['match'];
}
$ldap = new LDAP($config_ldap);
$contains = '*';
if ($contains_ != '') {
$contains .= $contains_ . '*';
}
$filter = '(&(objectClass=group)(|';
foreach ($attributes_ as $attribute) {
$filter .= '(' . $config_ldap['match'][$attribute] . '=' . $contains . ')';
}
$filter .= '))';
$sr = $ldap->search($filter, NULL, $limit_);
if ($sr === false) {
Logger::error('main', 'UserDB::ldap::getUsersContaint search failed');
return NULL;
}
$sizelimit_exceeded = $ldap->errno() === 4;
// LDAP_SIZELIMIT_EXCEEDED => 0x04
$infos = $ldap->get_entries($sr);
foreach ($infos as $dn => $info) {
$buf = array();
foreach ($config_ldap['match'] as $attribut => $match_ldap) {
if (isset($info[$match_ldap][0])) {
$buf[$attribut] = $info[$match_ldap][0];
}
if (isset($info[$match_ldap]) && is_array($info[$match_ldap])) {
if (isset($info[$match_ldap]['count'])) {
unset($info[$match_ldap]['count']);
}
$extras[$attribut] = $info[$match_ldap];
} else {
$extras[$attribut] = array();
}
}
if (!isset($buf['description'])) {
$buf['description'] = '';
}
$ug = new UsersGroup($dn, $buf['name'], $buf['description'], true);
$ug->extras = $extras;
$groups[$dn] = $ug;
}
return array($groups, $sizelimit_exceeded);
}
public function getUsersContains($contains_, $attributes_ = array('login', 'displayname'), $limit_ = 0, $group_ = null)
{
$users = array();
$filters = array($this->generateFilter());
if ($contains_ != '') {
$contains = preg_replace('/\\*\\*+/', '*', '*' . $contains_ . '*');
// ldap does not handle multiple star characters
$filter_contain_rules = array();
$missing_attribute_nb = 0;
foreach ($attributes_ as $attribute) {
if (!array_key_exists($attribute, $this->config['match']) || strlen($this->config['match'][$attribute]) == 0) {
$missing_attribute_nb++;
continue;
}
array_push($filter_contain_rules, $this->config['match'][$attribute] . '=' . $contains);
}
if ($missing_attribute_nb == count($attributes_)) {
return array(array(), false);
}
array_push($filters, LDAP::join_filters($filter_contain_rules, '|'));
}
if (!is_null($group_)) {
$userGroupDB = UserGroupDB::getInstance('static');
$group_filter_res = $userGroupDB->get_filter_groups_member($group_);
if (array_key_exists('filter', $group_filter_res)) {
array_push($filters, $group_filter_res['filter']);
} else {
if (!array_key_exists('users', $group_filter_res) || !is_array($group_filter_res['users']) || count($group_filter_res['users']) == 0) {
return array(array(), false);
}
$filter_group_rules = array();
foreach ($group_filter_res['users'] as $login) {
array_push($filter_group_rules, '(' . $this->config['match']['login'] . '=' . $login . ')');
}
array_push($filters, LDAP::join_filters($filter_group_rules, '|'));
}
}
$filter = LDAP::join_filters($filters, '&');
$ldap = new LDAP($this->get_user_ldap_config());
$sr = $ldap->search($filter, array_values($this->config['match']), $limit_);
if ($sr === false) {
Logger::error('main', 'UserDB::ldap::getUsersContaint search failed');
return array(array(), false);
}
$sizelimit_exceeded = $ldap->errno() === 4;
// LDAP_SIZELIMIT_EXCEEDED => 0x04
$infos = $ldap->get_entries($sr);
foreach ($infos as $dn => $info) {
if (!is_null($group_) && array_key_exists('dns', $group_filter_res)) {
if (!in_array($dn, $group_filter_res['dns'])) {
continue;
}
}
$u = $this->generateUserFromRow($info);
$u->setAttribute('dn', $dn);
$u = $this->cleanupUser($u);
if ($this->isOK($u)) {
$users[] = $u;
} else {
if ($u->hasAttribute('login')) {
Logger::info('main', 'UserDB::ldap::getUsersContaint user \'' . $u->getAttribute('login') . '\' not ok');
} else {
Logger::info('main', 'UserDB::ldap::getUsersContaint user does not have login');
}
}
}
return array($users, $sizelimit_exceeded);
}
public function getGroupsContains($contains_, $attributes_ = array('name', 'description'), $limit_ = 0)
{
$groups = array();
$configLDAP = $this->makeLDAPconfig();
$ldap = new LDAP($configLDAP);
$contains = '*';
if ($contains_ != '') {
$contains .= $contains_ . '*';
}
if ($configLDAP['filter'] != '') {
$filter = '(&' . $configLDAP['filter'] . '(|';
} else {
$filter = '(|';
}
foreach ($attributes_ as $attribute) {
$filter .= '(' . $configLDAP['match'][$attribute] . '=' . $contains . ')';
}
if ($configLDAP['filter'] != '') {
$filter .= ')';
}
$filter .= ')';
$sr = $ldap->search($filter, NULL, $limit_);
if ($sr === false) {
Logger::error('main', 'UserDB::ldap_posix::getUsersContaint search failed');
return NULL;
}
$sizelimit_exceeded = $ldap->errno() === 4;
// LDAP_SIZELIMIT_EXCEEDED => 0x04
$infos = $ldap->get_entries($sr);
foreach ($infos as $dn => $info) {
$ug = $this->generateUsersGroupFromRow($info, $dn, $configLDAP['match']);
$groups[$dn] = $ug;
}
return array($groups, $sizelimit_exceeded);
}