/** * Get a user's dn by attempting to search for it in the directory. * * This method uses the query as a filter to find where the user is located in the directory * * @return array An array containing user DNs. * * @since 2.1 * @throws InvalidArgumentException Invalid argument in config related error * @throws SHLdapException Ldap search error */ private function _getDnBySearch() { // Fixes special usernames and provides simple protection against ldap injections $username = SHLdapHelper::escape($this->username); $search = str_replace(SHLdap::USERNAME_REPLACE, $username, $this->_userParams['user_query']); // We can either use a specific user base dn or use SHLdap's default $baseDn = isset($this->_userParams['user_base_dn']) && !empty($this->_userParams['user_base_dn']) ? $this->_userParams['user_base_dn'] : null; // Bind using the proxy user so the user can be found in the Ldap directory. if (!$this->client->proxyBind()) { // Failed to bind with proxy user throw new InvalidArgumentException(JText::_('LIB_SHLDAP_ERR_10322'), 10322); } // Search the directory for the user $result = $this->client->search($baseDn, $search, array($this->_userParams['user_uid'])); $return = array(); $count = $result->countEntries(); // Store the distinguished name for each user found for ($i = 0; $i < $count; ++$i) { $return[] = $result->getValue($i, 'dn', 0); } return $return; }
public function testSlapdSearchInvalidNoResults() { $ldap = new SHLdap(TestsHelper::getLdapConfig(214)); $ldap->connect(); $ldap->proxyBind(); // No results $result = $ldap->search(null, '(uid=do.not.exist)', array('mail')); $this->assertInstanceOf('SHLdapResult', $result); $this->assertEquals(0, $result->countEntries()); }
/** * Get an array of all the nested groups through the use of group recursion. * This is required usually only for Active Directory, however there could * be other LDAP platforms that cannot pick up nested groups. * * @param shldap &$ldap Reference to the LDAP object. * @param array $searchDNs Initial user groups (or ones that have already been discovered). * @param string $depth How far to search down until it should give up (0 means unlimited). * @param array &$result Holds the result of every alliteration (by reference). * @param string $attribute The LDAP attribute to store after each ldap search. * @param string $queryAttribute The LDAP filter attribute to query. * * @return array All user groups including the initial user groups. * * @since 1.0 * @throws SHLdapException */ public static function getRecursiveGroups(SHLdap &$ldap, $searchDNs, $depth, &$result, $attribute, $queryAttribute = null) { $search = null; $next = array(); $filters = array(); // As this is recursive, we want to be able to specify a optional depth --$depth; if (!isset($searchDNs)) { return $result; } foreach ($searchDNs as $dn) { // Build one or more partial filters from the DN user groups $filters[] = $queryAttribute . '=' . $dn; } if (!count($filters)) { // If there is no filter to process then we are finished return $result; } // Build the full filter using the OR operator $search = SHLdapHelper::buildFilter($filters, '|'); // Search for any groups that also contain the groups we have in the filter $results = $ldap->search(null, $search, array($attribute)); // Lets process each group that was found $entryCount = $results->countEntries(); for ($i = 0; $i < $entryCount; ++$i) { $dn = $results->getDN($i); // We don't want to re-process a group that was processed previously if (!in_array($dn, $result)) { $result[] = $dn; // Check if there are more groups we should process from the groups just discovered $valueCount = $results->countValues($i, $attribute); for ($j = 0; $j < $valueCount; ++$j) { // We want to process this object $value = $results->getValue($i, $attribute, $j); $next[] = $value; } } } /* * Only start the recursion when we have something to process next * otherwise, we would loop forever. */ if (count($next) && $depth != 0) { self::getRecursiveGroups($ldap, $next, $depth, $result, $attribute, $queryAttribute); } return $result; }