Given a string, try to determine if it is a valid distinguished name for a LDAP object. This is a somewhat
unsophisticated approach. A regex might be a better solution, but would probably be rather difficult to get
right.
| public static isValidLdapObjectDn ( string $dn ) : boolean | ||
| $dn | string | |
| return | boolean | |
/**
* Given a value try to determine how to get its full distinguished name.
*
* @param string $value
* @return string $dn
* @throws AttributeConverterException
*/
protected function getDnFromValue($value)
{
$options = $this->getOptionsArray();
$toSelect = isset($options['select']) ? $options['select'] : 'dn';
if ($value instanceof LdapObject && !$value->has($toSelect)) {
throw new AttributeConverterException(sprintf('The LdapObject must have a "%s" defined when used in "%s".', $toSelect, $this->getAttribute()));
} elseif ($value instanceof LdapObject) {
$value = $value->get($toSelect);
} elseif (!LdapUtilities::isValidLdapObjectDn($value) && !is_null($this->getLdapConnection())) {
$value = $this->getAttributeFromLdapQuery($value, $toSelect);
}
return $value;
}
/**
* Check all of the groups that are valid for a specific role against all of the LDAP groups that the user belongs
* to.
*
* @param array $roleGroups
* @param LdapObjectCollection $ldapGroups
* @return bool
*/
protected function hasGroupForRoles(array $roleGroups, LdapObjectCollection $ldapGroups)
{
foreach ($roleGroups as $roleGroup) {
if (LdapUtilities::isValidLdapObjectDn($roleGroup)) {
$attribute = 'dn';
} elseif (preg_match(LdapUtilities::MATCH_GUID, $roleGroup)) {
$attribute = $this->roleAttrMap['guid'];
} elseif (preg_match(LdapUtilities::MATCH_SID, $roleGroup)) {
$attribute = $this->roleAttrMap['sid'];
} else {
$attribute = $this->roleAttrMap['name'];
}
if ($this->hasGroupWithAttributeValue($ldapGroups, $attribute, $roleGroup)) {
return true;
}
}
return false;
}
