public function isValid($value) { $request = Zend_Controller_Front::getInstance()->getRequest(); $fields = $request->getParams(); $config = Zend_Registry::get('config'); $servers = $config['ldap']; $valid = false; foreach ($servers as $server) { try { $ldap = new Zend_Ldap($server); $ldap->bind($fields['ldapUser'], $fields['ldapPassword']); $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $value)); if (!empty($ldapEntry)) { $valid |= true; } } catch (Exception $e) { $valid |= false; } } if (!$valid) { $this->_error(self::NOT_EXISTS); return false; } return true; }
public function checkDomain($params) { foreach ($params as $param) { $data[$param['name']] = $param['value']; } if (empty($data['toCheck'])) { throw new Exception('Podaj login zgłaszającego!'); } $logic = new Logic_Validate_LdapLogin(); $config = Zend_Registry::get('config'); $servers = $config['ldap']; foreach ($servers as $server) { $ldap = new Zend_Ldap($server); $ldap->bind($data['login'], $data['password']); $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $data['toCheck'])); if (!empty($ldapEntry)) { break; } } if (!empty($ldapEntry)) { $ret['pm_name'] = $ldapEntry[0]['displayname'][0]; $ret['pm_email'] = $ldapEntry[0]['userprincipalname'][0]; return $ret; } else { throw new Exception('Nie znaleziono użytkownika w domenie!'); } }
/** * returns ldap metadata of given group * * @param int $_groupId * @return array * * @todo remove obsolete code */ protected function _getGroupMetaData($_groupId) { $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId); $filter = Zend_Ldap_Filter::equals($this->_options['groupUUIDAttribute'], Zend_Ldap::filterEscape($groupId)); $result = $this->_ldap->search($filter, $this->_options['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('objectclass', 'sambasid'))->getFirst(); return $result; /* } catch (Tinebase_Exception_NotFound $e) { throw new Exception("group with id $groupId not found"); } */ }
/** * Checks the group membership of the bound user * * @param Zend_Ldap $ldap * @param string $canonicalName * @param string $dn * @param array $adapterOptions * @return string|true */ protected function _checkGroupMembership(Zend_Ldap $ldap, $canonicalName, $dn, array $adapterOptions) { if ($adapterOptions['group'] === null) { return true; } if ($adapterOptions['memberIsDn'] === false) { $user = $canonicalName; } else { $user = $dn; } /** * @see Zend_Ldap_Filter */ require_once 'Zend/Ldap/Filter.php'; $groupName = Zend_Ldap_Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']); $membership = Zend_Ldap_Filter::equals($adapterOptions['memberAttr'], $user); $group = Zend_Ldap_Filter::andFilter($groupName, $membership); $groupFilter = $adapterOptions['groupFilter']; if (!empty($groupFilter)) { $group = $group->addAnd($groupFilter); } $result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']); if ($result === 1) { return true; } else { return 'Failed to verify group membership with ' . $group->toString(); } }
public function testRealFilterString() { $f1 = Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('sn', 'Gehrig'), Zend_Ldap_Filter::equals('sn', 'Goerke')); $f2 = Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('givenName', 'Stefan'), Zend_Ldap_Filter::equals('givenName', 'Ingo')); $f = Zend_Ldap_Filter::andFilter($f1, $f2); $this->assertEquals('(&(|(sn=Gehrig)(sn=Goerke))(|(givenName=Stefan)(givenName=Ingo)))', $f->toString()); }
/** * returns ldap metadata of given group * * @param string $_groupId * @return array * @throws Tinebase_Exception_NotFound * * @todo remove obsolete code */ protected function _getMetaData($_groupId) { $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId); $filter = Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)); $result = $this->getLdap()->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('objectclass', 'objectsid')); if (count($result) !== 1) { throw new Tinebase_Exception_NotFound("Group with id {$_groupId} not found."); } $group = $result->getFirst(); return array('dn' => $group['dn'], 'objectclass' => $group['objectclass'], 'objectsid' => Tinebase_Ldap::decodeSid($group['objectsid'][0])); }
public function testSearchEntriesShortcutWithDnObjectAndFilterObject() { $dn = Zend_Ldap_Dn::fromString(TESTS_ZEND_LDAP_WRITEABLE_SUBTREE); $filter = Zend_Ldap_Filter::equals('objectClass', 'organizationalUnit'); $entries = $this->_getLdap()->searchEntries($filter, $dn, Zend_Ldap::SEARCH_SCOPE_SUB); $this->assertType("array", $entries); $this->assertEquals(9, count($entries)); }
/** * resolve UUID(for example entryUUID) to uidnumber * * @param string $_uuid * @return string */ public function resolveUUIdToUIdNumber($_uuid) { if ($this->_userUUIDAttribute == 'uidnumber') { return $_uuid; } $filter = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($_uuid)); $groupId = $this->_ldap->search($filter, $this->_options['userDn'], $this->_userSearchScope, array('uidnumber'))->getFirst(); return $groupId['uidnumber'][0]; }
/** * Returns a condition statement string based on given field identifier and clause(s) * * @param string $field * @param array $clauses * @param string $mode * @return string */ protected function _buildConditionStatement($field, array $clauses, $mode = 'AND') { $statements = array(); foreach ($clauses as $key => $clause) { $prefix = $suffix = null; $ops = $this->_matchOperator($clause['operator']); $value = $clause['value']; if (in_array(Backend\Condition::OPERATOR_BEGINSWITH, $ops)) { $value .= '*'; $filter = \Zend_Ldap_Filter::begins($field, $value); } if (in_array(Backend\Condition::OPERATOR_ENDSWITH, $ops)) { $value = '*' . $value; if ($filter instanceof \Zend_Ldap_Filter) { $filter = \Zend_Ldap_Filter::contains($field, $value); } else { $filter = \Zend_Ldap_Filter::ends($field, $value); } } if (in_array(Backend\Condition::OPERATOR_DIFF, $ops)) { $prefix = '(!'; $suffix = ')'; } /* if value is an t41_Object_Model-derivated object, use its uri to get id value * * @todo set a better way to check that a t41_Object_Uri contains a given t41_Backend_Uri/alias * * @var $value t41_Object_Model */ if ($value instanceof ObjectModel\BaseObject) { throw new Exception("LDAP Adapter doesn't support conditions which value is an object: " . $field); } $operator = '='; $statements[] = sprintf('%s(%s%s%s)%s', $prefix, $field, $operator, $value, $suffix); } return implode($statements); }
/** * read ldap / get users and groups from tine an create mapping * * @return array */ protected function _getGroupMapping() { $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Fetching user mapping ...'); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter)); $mapping = array(); $groupNameMapping = $this->_config->groupNameMapping ? $this->_config->groupNameMapping->toArray() : array(); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group name mapping: ' . print_r($groupNameMapping, TRUE)); $ldapGroups = $this->_ldap->search($filter, $this->_config->ldap->baseDn, $this->_groupSearchScope, array('*', '+')); foreach ($ldapGroups as $group) { $groupname = isset($groupNameMapping[$group['cn'][0]]) ? $groupNameMapping[$group['cn'][0]] : $group['cn'][0]; $ldapUuid = $group['entryuuid'][0]; try { $tineGroup = $this->_tineGroupBackend->getGroupByName($groupname); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tineGroup->getId() . ' -> ' . $ldapUuid); $mapping[$tineGroup->getId()] = $ldapUuid; } catch (Tinebase_Exception_Record_NotDefined $tenf) { // @todo should be: Tinebase_Exception_NotFound $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' Group ' . $groupname . ' (' . $group['cn'][0] . '): ' . $tenf->getMessage()); } } $this->_logger->info(__METHOD__ . '::' . __LINE__ . ' Found ' . count($mapping) . ' groups for the mapping.'); $this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' ' . print_r($mapping, TRUE)); return $mapping; }
/** * Checks the group membership of the bound user * * @param Zend_Ldap $ldap * @param string $canonicalName * @param string $dn * @param array $adapterOptions * @return string|true */ protected function _checkGroupMembership(Zend_Ldap $ldap, $canonicalName, $dn, array $adapterOptions) { if ($adapterOptions['group'] === null) { return true; } if ($adapterOptions['memberIsDn'] === false) { $user = $canonicalName; } else { $user = $dn; } /** * @see Zend_Ldap_Filter */ // require_once 'Zend/Ldap/Filter.php'; $groupName = Zend_Ldap_Filter::equals($adapterOptions['groupAttr'], $adapterOptions['group']); $membership = Zend_Ldap_Filter::equals($adapterOptions['memberAttr'], $user); $group = Zend_Ldap_Filter::andFilter($groupName, $membership); $groupFilter = $adapterOptions['groupFilter']; if (!empty($groupFilter)) { $group = $group->addAnd($groupFilter); } /* * Fixes problem when authenticated user is not allowed to retrieve * group-membership information. * This requires that the user specified with "username" and "password" * in the Zend_Ldap options is able to retrieve the required information. */ $ldap->bind(); $result = $ldap->count($group, $adapterOptions['groupDn'], $adapterOptions['groupScope']); if ($result === 1) { return true; } else { return 'Failed to verify group membership with ' . $group->toString(); } }
/** * return sid of group * * @param string $_groupId * @return string the sid of the group */ protected function _getGroupSID($_groupId) { $ldapOptions = Tinebase_User::getBackendConfiguration(); $filter = Zend_Ldap_Filter::equals($ldapOptions['groupUUIDAttribute'], Zend_Ldap::filterEscape($_groupId)); $groups = $this->_ldap->search($filter, $ldapOptions['groupsDn'], Zend_Ldap::SEARCH_SCOPE_SUB, array('sambasid')); if (count($groups) == 0) { throw new Tinebase_Exception_NotFound('Group not found! Filter: ' . $filter->toString()); } $group = $groups->getFirst(); if (empty($group['sambasid'][0])) { throw new Tinebase_Exception_NotFound('Group has no sambaSID'); } return $group['sambasid'][0]; }
/** * (non-PHPdoc) */ protected function _getSpecialResultDataFromLdap() { $filter = "&"; foreach ($this->_simpleMailConfig['skeleton'] as $attr => $val) { if (is_array($val)) { foreach ($val as $val_array) { $filter .= '(' . $attr . '=' . $val_array . ')'; } } else { $filter .= '(' . $attr . '=' . $val . ')'; } } $ldap = $this->_ldap->searchEntries(Zend_Ldap_Filter::string($filter), $this->_simpleMailConfig['base'], $this->_simpleMailConfig['scope'], array()); /* Make sure, the managed rdn is last in array and properties are * ultimately read from this rdn (if entries are doubled) * * Order of array matters: * - all entries anywhere * - entries within the storage path * - the exact managed dn */ $this->_ldapRawData = array(); $managedPath = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); $managedDn = Zend_Ldap_Dn::fromString($this->_simpleMailConfig['storage_rdn'] . ',' . $this->_simpleMailConfig['storage_base'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); $managedDnExisting = false; foreach ($ldap as $dn) { $dnArr = Zend_Ldap_Dn::fromString($dn['dn'], Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER); if ($dnArr->toString() == $managedDn->toString()) { array_push($this->_ldapRawData, $dn); $managedDnExisting = true; } elseif (Zend_Ldap_Dn::isChildOf($dnArr, $managedPath)) { $managedDnExisting === true ? array_splice($this->_ldapRawData, -1, 0, array($dn)) : array_push($this->_ldapRawData, $dn); } else { $dn['simplemail_readonly'] = true; array_unshift($this->_ldapRawData, $dn); } } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' simpleMail - Tinebase_EmailUser combined with ldap: ' . print_r($this->_ldapRawData, true)); } }
/** * get groupmemberships of user from sync backend * * @param Tinebase_Model_User|string $_userId * @return array list of group ids */ public function getGroupMembershipsFromSyncBackend($_userId) { $metaData = $this->_getUserMetaData($_userId); $filter = Zend_Ldap_Filter::andFilter(Zend_Ldap_Filter::string($this->_groupBaseFilter), Zend_Ldap_Filter::orFilter(Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])), Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($metaData['dn'])))); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ldap search filter: ' . $filter); } $groups = $this->_ldap->search($filter, $this->_options['groupsDn'], $this->_groupSearchScope, array('cn', 'description', $this->_groupUUIDAttribute)); $memberships = array(); foreach ($groups as $group) { $memberships[] = $group[$this->_groupUUIDAttribute][0]; } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' group memberships: ' . print_r($memberships, TRUE)); } return $memberships; }
public function getDetailsByLoginAndController($login, $controller) { try { $ldap = $this->getLdap($controller); } catch (Exception $e) { $x = 1; } if ($ldap) { $f1 = Zend_Ldap_Filter::equals('samaccountname', $login); /* attributes = array( 'displayname', 'dn', 'givenname', 'name', 'samaccountname', 'sn', 'whencreated', 'useraccountcontrol', 'memberof', 'telephoneNumber', 'objectguid' ); */ $adUsers = $ldap->search($f1); return $adUsers->getFirst(); } return []; }
/** * Metoda pobierająca dane użytkownika o podanym loginie z domeny * @param string $login * @return array|boolean */ public function getLdapData($login, $ldapPwd) { $login = strtolower($login); $config = Zend_Registry::get('config'); $identity = Zend_Auth::getInstance()->getIdentity(); $ldapServers = $config['ldap']; foreach ($ldapServers as $server) { try { $ldap = new Zend_Ldap($server); $ldap->bind($identity->login, $ldapPwd); $ldapEntry = $ldap->searchEntries(Zend_Ldap_Filter::equals('samaccountname', $login)); if (!empty($ldapEntry)) { return array_shift($ldapEntry); } } catch (Exception $e) { // pusty catch - obsługa braku dostępu do wybranej domeny // na podstawie danych zalogowanego użytkownika } } return false; }