/** * @return string The LDAP search filter for matching directory accounts */ protected function _getAccountFilter($acctname) { $this->_splitName($acctname, $dname, $aname); $accountFilterFormat = $this->_getAccountFilterFormat(); $aname = Zend_Ldap::filterEscape($aname); if ($accountFilterFormat) return sprintf($accountFilterFormat, $aname); if (!$this->_bindRequiresDn) { // is there a better way to detect this? return "(&(objectClass=user)(sAMAccountName=$aname))"; } return "(&(objectClass=posixAccount)(uid=$aname))"; }
/** * returns ldap metadata of given group * * @param int $_groupId * @return array * * @todo remove obsolete code */ protected function _getGroupMetaData($_groupId) { $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId); $filter = Zend_Ldap_Filter::equals($this->_options['groupUUIDAttribute'], Zend_Ldap::filterEscape($groupId)); $result = $this->_ldap->search($filter, $this->_options['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('objectclass', 'sambasid'))->getFirst(); return $result; /* } catch (Tinebase_Exception_NotFound $e) { throw new Exception("group with id $groupId not found"); } */ }
/** * get groupmemberships of user from sync backend * * @param Tinebase_Model_User|string $_userId * @return array list of group ids */ public function getGroupMembershipsFromSyncBackend($_userId) { $userId = $_userId instanceof Tinebase_Model_User ? $_userId->getId() : $_userId; // find user in AD and retrieve memberOf attribute $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_userBaseFilter), Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($userId))); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter); } $memberOfs = $this->getLdap()->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('memberof', 'primarygroupid'))->getFirst(); if ($memberOfs === null) { return array(); } // resolve primary group id to dn $domainConfig = $this->getDomainConfiguration(); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::equals('objectsid', Zend_Ldap::filterEscape($domainConfig['domainSidPlain'] . '-' . $memberOfs['primarygroupid'][0]))); $group = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array($this->_groupUUIDAttribute))->getFirst(); $memberships = array($this->_decodeGroupId($group[$this->_groupUUIDAttribute][0])); if (isset($memberOfs['memberof'])) { // resolve $this->_groupUUIDAttribute attribute $filter = new Zend_Ldap_Filter_Or(array()); foreach ($memberOfs['memberof'] as $memberOf) { $filter = $filter->addFilter(Zend_Ldap_Filter::equals('distinguishedName', Zend_Ldap::filterEscape($memberOf))); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter); } $groups = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array($this->_groupUUIDAttribute)); foreach ($groups as $group) { $memberships[] = $this->_decodeGroupId($group[$this->_groupUUIDAttribute][0]); } } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE)); } return array_unique($memberships); }
/** * @return void */ public function testFilterEscapeBasicOperation() { $input = 'a*b(b)d\e/f'; $expected = 'a\2ab\28b\29d\5ce\2ff'; $this->assertEquals($expected, Zend_Ldap::filterEscape($input)); }
/** * get group by name * * @param string $_name * @return Tinebase_Model_Group * @throws Tinebase_Exception_Record_NotDefined */ public function getGroupByName($_name) { $groupName = Zend_Ldap::filterEscape($_name); try { $group = $this->_ldap->fetch($this->_options['groupsDn'], 'cn=' . $groupName, array('cn', 'description', 'objectGUID')); } catch (Exception $e) { throw new Tinebase_Exception_Record_NotDefined('Group not found.'); } $result = new Tinebase_Model_Group(array('id' => $group['objectGUID'][0], 'name' => $group['cn'][0], 'description' => isset($group['description'][0]) ? $group['description'][0] : '')); return $result; }
public function resolveUIdNumberToUUId($_uidNumber) { if ($this->_userUUIDAttribute == 'uidnumber') { return $_uidNumber; } $filter = Zend_Ldap_Filter::equals('uidnumber', Zend_Ldap::filterEscape($_uidNumber)); $userId = $this->_ldap->search($filter, $this->_baseDn, $this->_userSearchScope, array($this->_userUUIDAttribute))->getFirst(); return $userId[$this->_userUUIDAttribute][0]; }
/** * return sid of group * * @param string $_groupId * @return string the sid of the group */ protected function _getGroupSID($_groupId) { $ldapOptions = Tinebase_User::getBackendConfiguration(); $filter = Zend_Ldap_Filter::equals($ldapOptions['groupUUIDAttribute'], Zend_Ldap::filterEscape($_groupId)); $groups = $this->_ldap->search($filter, $ldapOptions['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('sambasid')); if (count($groups) == 0) { throw new Tinebase_Exception_NotFound('Group not found! Filter: ' . $filter->toString()); } $group = $groups->getFirst(); if (empty($group['sambasid'][0])) { throw new Tinebase_Exception_NotFound('Group has no sambaSID'); } return $group['sambasid'][0]; }
/** * resolve UUID(for example entryUUID) to uidnumber * * @param string $_uuid * @return string */ public function resolveUUIdToUIdNumber($_uuid) { if ($this->_groupUUIDAttribute == 'uidnumber') { return $_uuid; } $filter = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, Zend_Ldap::filterEscape($_uuid)); $groupId = $this->_ldap->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('uidnumber'))->getFirst(); return $groupId['uidnumber'][0]; }
/** * get groupmemberships of user from sync backend * * @param Tinebase_Model_User|string $_userId * @return array list of group ids */ public function getGroupMembershipsFromSyncBackend($_userId) { $metaData = $this->_getUserMetaData($_userId); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])), Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($metaData['dn'])))); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter); } $groups = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('cn', 'description', $this->_groupUUIDAttribute)); $memberships = array(); foreach ($groups as $group) { $memberships[] = $group[$this->_groupUUIDAttribute][0]; } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE)); } return $memberships; }