Révision 32700c57
Ajouté par Assos Assos il y a environ 5 ans
drupal7/sites/all/modules/ldap/ldap_servers/LdapServer.class.php | ||
---|---|---|
3 | 3 |
/** |
4 | 4 |
* @file |
5 | 5 |
* Defines server classes and related functions. |
6 |
* |
|
7 | 6 |
*/ |
8 | 7 |
|
9 | 8 |
/** |
10 |
* TODO check if this already exists or find a better place for this function |
|
9 |
* TODO check if this already exists or find a better place for this function.
|
|
11 | 10 |
* |
12 | 11 |
* Formats a ldap-entry ready to be printed on console. |
13 |
* TODO describe preconditions for ldap_entry |
|
12 |
* TODO describe preconditions for ldap_entry.
|
|
14 | 13 |
*/ |
15 | 14 |
function pretty_print_ldap_entry($ldap_entry) { |
16 |
$m = array();
|
|
15 |
$m = [];
|
|
17 | 16 |
for ($i = 0; $i < $ldap_entry['count']; $i++) { |
18 | 17 |
$k = $ldap_entry[$i]; |
19 | 18 |
$v = $ldap_entry[$k]; |
20 |
if(is_array($v)) { |
|
21 |
$m2 = array();
|
|
19 |
if (is_array($v)) {
|
|
20 |
$m2 = [];
|
|
22 | 21 |
$max = $v['count'] > 3 ? 3 : $v['count']; |
23 | 22 |
for ($j = 0; $j < $max; $j++) { |
24 |
$m2[] = $v[$j];
|
|
23 |
$m2[] = $v[$j];
|
|
25 | 24 |
} |
26 |
$v = "(".join(", ", $m2).")";
|
|
25 |
$v = "(" . join(", ", $m2) . ")";
|
|
27 | 26 |
} |
28 | 27 |
$m[] = $k . ": " . $v; |
29 | 28 |
} |
... | ... | |
31 | 30 |
} |
32 | 31 |
|
33 | 32 |
/** |
34 |
* LDAP Server Class |
|
33 |
* LDAP Server Class.
|
|
35 | 34 |
* |
36 |
* This class is used to create, work with, and eventually destroy ldap_server
|
|
35 |
* This class is used to create, work with, and eventually destroy ldap_server |
|
37 | 36 |
* objects. |
38 | 37 |
* |
39 | 38 |
* @todo make bindpw protected |
40 | 39 |
*/ |
41 | 40 |
class LdapServer { |
42 |
// LDAP Settings |
|
43 | 41 |
|
44 | 42 |
const LDAP_CONNECT_ERROR = 0x5b; |
45 | 43 |
const LDAP_SUCCESS = 0x00; |
... | ... | |
56 | 54 |
public $tls = FALSE; |
57 | 55 |
public $followrefs = FALSE; |
58 | 56 |
public $bind_method = 0; |
59 |
public $basedn = array(); |
|
60 |
public $binddn = FALSE; // Default to an anonymous bind. |
|
61 |
public $bindpw = FALSE; // Default to an anonymous bind. |
|
57 |
public $basedn = []; |
|
58 |
|
|
59 |
/** |
|
60 |
* Default to an anonymous bind. |
|
61 |
*/ |
|
62 |
public $binddn = FALSE; |
|
63 |
|
|
64 |
/** |
|
65 |
* Default to an anonymous bind. |
|
66 |
*/ |
|
67 |
public $bindpw = FALSE; |
|
68 |
|
|
62 | 69 |
public $user_dn_expression; |
63 | 70 |
public $user_attr; |
64 |
public $account_name_attr; //lowercase |
|
65 |
public $mail_attr; //lowercase |
|
71 |
|
|
72 |
/** |
|
73 |
* Lowercase. |
|
74 |
*/ |
|
75 |
public $account_name_attr; |
|
76 |
|
|
77 |
/** |
|
78 |
* Lowercase. |
|
79 |
*/ |
|
80 |
public $mail_attr; |
|
66 | 81 |
public $mail_template; |
67 | 82 |
public $picture_attr; |
68 |
public $unique_persistent_attr; //lowercase |
|
83 |
|
|
84 |
/** |
|
85 |
* Lowercase. |
|
86 |
*/ |
|
87 |
public $unique_persistent_attr; |
|
69 | 88 |
public $unique_persistent_attr_binary = FALSE; |
70 | 89 |
public $ldapToDrupalUserPhp; |
71 | 90 |
public $testingDrupalUsername; |
72 | 91 |
public $testingDrupalUserDn; |
73 | 92 |
public $detailed_watchdog_log; |
74 | 93 |
public $editPath; |
75 |
public $queriableWithoutUserCredentials = FALSE; // can this server be queried without user credentials provided? |
|
76 |
public $userAttributeNeededCache = array(); // array of attributes needed keyed on $op such as 'user_update' |
|
94 |
|
|
95 |
/** |
|
96 |
* Can this server be queried without user credentials provided? |
|
97 |
*/ |
|
98 |
public $queriableWithoutUserCredentials = FALSE; |
|
99 |
|
|
100 |
/** |
|
101 |
* Array of attributes needed keyed on $op such as 'user_update'. |
|
102 |
*/ |
|
103 |
public $userAttributeNeededCache = []; |
|
77 | 104 |
|
78 | 105 |
public $groupFunctionalityUnused = 0; |
79 | 106 |
public $groupObjectClass; |
80 |
public $groupNested = 0; // 1 | 0 |
|
107 |
|
|
108 |
/** |
|
109 |
* 1 | 0. |
|
110 |
*/ |
|
111 |
public $groupNested = 0; |
|
81 | 112 |
public $groupDeriveFromDn = FALSE; |
82 |
public $groupDeriveFromDnAttr = NULL; //lowercase |
|
83 |
public $groupUserMembershipsAttrExists = FALSE; // does a user attribute containing groups exist? |
|
84 |
public $groupUserMembershipsAttr = NULL; //lowercase // name of user attribute containing groups |
|
85 |
public $groupUserMembershipsConfigured = FALSE; // user attribute containing memberships is configured enough to use |
|
86 | 113 |
|
87 |
public $groupMembershipsAttr = NULL; //lowercase // members, uniquemember, memberUid |
|
88 |
public $groupMembershipsAttrMatchingUserAttr = NULL; //lowercase // dn, cn, etc contained in groupMembershipsAttr |
|
89 |
public $groupGroupEntryMembershipsConfigured = FALSE; // are groupMembershipsAttrMatchingUserAttr and groupGroupEntryMembershipsConfigured populated |
|
114 |
/** |
|
115 |
* Lowercase. |
|
116 |
*/ |
|
117 |
public $groupDeriveFromDnAttr = NULL; |
|
118 |
|
|
119 |
/** |
|
120 |
* Does a user attribute containing groups exist? |
|
121 |
*/ |
|
122 |
public $groupUserMembershipsAttrExists = FALSE; |
|
123 |
|
|
124 |
/** |
|
125 |
* Lowercase name of user attribute containing groups. |
|
126 |
*/ |
|
127 |
public $groupUserMembershipsAttr = NULL; |
|
128 |
/** |
|
129 |
* User attribute containing memberships is configured enough to use. |
|
130 |
*/ |
|
131 |
public $groupUserMembershipsConfigured = FALSE; |
|
132 |
|
|
133 |
/** |
|
134 |
* Lowercase // members, uniquemember, memberUid. |
|
135 |
*/ |
|
136 |
public $groupMembershipsAttr = NULL; |
|
137 |
|
|
138 |
|
|
139 |
/** |
|
140 |
* Lowercase // dn, cn, etc contained in groupMembershipsAttr. |
|
141 |
*/ |
|
142 |
public $groupMembershipsAttrMatchingUserAttr = NULL; |
|
143 |
|
|
144 |
/** |
|
145 |
* Are groupMembershipsAttrMatchingUserAttr and |
|
146 |
* groupGroupEntryMembershipsConfigured populated. |
|
147 |
*/ |
|
148 |
public $groupGroupEntryMembershipsConfigured = FALSE; |
|
90 | 149 |
|
91 | 150 |
public $groupTestGroupDn = NULL; |
92 | 151 |
public $groupTestGroupDnWriteable = NULL; |
93 | 152 |
|
94 |
private $group_properties = array( |
|
95 |
'groupObjectClass', 'groupNested', 'groupDeriveFromDn', 'groupDeriveFromDnAttr', 'groupUserMembershipsAttrExists', |
|
96 |
'groupUserMembershipsAttr', 'groupMembershipsAttrMatchingUserAttr', 'groupTestGroupDn', 'groupTestGroupDnWriteable' |
|
97 |
); |
|
98 |
|
|
99 |
public $paginationEnabled = FALSE; // (boolean)(function_exists('ldap_control_paged_result_response') && function_exists('ldap_control_paged_result')); |
|
153 |
private $group_properties = [ |
|
154 |
'groupObjectClass', |
|
155 |
'groupNested', |
|
156 |
'groupDeriveFromDn', |
|
157 |
'groupDeriveFromDnAttr', |
|
158 |
'groupUserMembershipsAttrExists', |
|
159 |
'groupUserMembershipsAttr', |
|
160 |
'groupMembershipsAttrMatchingUserAttr', |
|
161 |
'groupTestGroupDn', |
|
162 |
'groupTestGroupDnWriteable', |
|
163 |
]; |
|
164 |
|
|
165 |
public $paginationEnabled = FALSE; |
|
100 | 166 |
public $searchPagination = FALSE; |
101 | 167 |
public $searchPageSize = 1000; |
102 | 168 |
public $searchPageStart = 0; |
... | ... | |
105 | 171 |
public $inDatabase = FALSE; |
106 | 172 |
public $connection; |
107 | 173 |
|
108 |
|
|
109 | 174 |
/** |
110 |
* Direct mapping of db to object properties |
|
175 |
* Direct mapping of db to object properties.
|
|
111 | 176 |
* |
112 | 177 |
* @return array |
113 | 178 |
*/ |
114 | 179 |
public static function field_to_properties_map() { |
115 |
return array(
|
|
116 |
'sid' => 'sid', |
|
117 |
'numeric_sid' => 'numericSid', |
|
118 |
'name' => 'name' , |
|
119 |
'status' => 'status', |
|
120 |
'ldap_type' => 'ldap_type', |
|
121 |
'address' => 'address', |
|
122 |
'port' => 'port', |
|
123 |
'tls' => 'tls', |
|
124 |
'followrefs' => 'followrefs', |
|
125 |
'bind_method' => 'bind_method', |
|
126 |
'basedn' => 'basedn', |
|
127 |
'binddn' => 'binddn', |
|
128 |
'user_dn_expression' => 'user_dn_expression', |
|
129 |
'user_attr' => 'user_attr', |
|
130 |
'account_name_attr' => 'account_name_attr', |
|
131 |
'mail_attr' => 'mail_attr', |
|
132 |
'mail_template' => 'mail_template', |
|
133 |
'picture_attr' => 'picture_attr', |
|
134 |
'unique_persistent_attr' => 'unique_persistent_attr', |
|
135 |
'unique_persistent_attr_binary' => 'unique_persistent_attr_binary', |
|
136 |
'ldap_to_drupal_user' => 'ldapToDrupalUserPhp', |
|
137 |
'testing_drupal_username' => 'testingDrupalUsername', |
|
138 |
'testing_drupal_user_dn' => 'testingDrupalUserDn', |
|
139 |
|
|
140 |
'grp_unused' => 'groupFunctionalityUnused', |
|
141 |
'grp_object_cat' => 'groupObjectClass', |
|
142 |
'grp_nested' => 'groupNested', |
|
143 |
'grp_user_memb_attr_exists' => 'groupUserMembershipsAttrExists', |
|
144 |
'grp_user_memb_attr' => 'groupUserMembershipsAttr', |
|
145 |
'grp_memb_attr' => 'groupMembershipsAttr', |
|
146 |
'grp_memb_attr_match_user_attr' => 'groupMembershipsAttrMatchingUserAttr', |
|
147 |
'grp_derive_from_dn' => 'groupDeriveFromDn', |
|
148 |
'grp_derive_from_dn_attr' => 'groupDeriveFromDnAttr', |
|
149 |
'grp_test_grp_dn' => 'groupTestGroupDn', |
|
150 |
'grp_test_grp_dn_writeable' => 'groupTestGroupDnWriteable', |
|
151 |
|
|
152 |
'search_pagination' => 'searchPagination', |
|
153 |
'search_page_size' => 'searchPageSize', |
|
180 |
return [
|
|
181 |
'sid' => 'sid',
|
|
182 |
'numeric_sid' => 'numericSid',
|
|
183 |
'name' => 'name' ,
|
|
184 |
'status' => 'status',
|
|
185 |
'ldap_type' => 'ldap_type',
|
|
186 |
'address' => 'address',
|
|
187 |
'port' => 'port',
|
|
188 |
'tls' => 'tls',
|
|
189 |
'followrefs' => 'followrefs',
|
|
190 |
'bind_method' => 'bind_method',
|
|
191 |
'basedn' => 'basedn',
|
|
192 |
'binddn' => 'binddn',
|
|
193 |
'user_dn_expression' => 'user_dn_expression',
|
|
194 |
'user_attr' => 'user_attr',
|
|
195 |
'account_name_attr' => 'account_name_attr',
|
|
196 |
'mail_attr' => 'mail_attr',
|
|
197 |
'mail_template' => 'mail_template',
|
|
198 |
'picture_attr' => 'picture_attr',
|
|
199 |
'unique_persistent_attr' => 'unique_persistent_attr',
|
|
200 |
'unique_persistent_attr_binary' => 'unique_persistent_attr_binary',
|
|
201 |
'ldap_to_drupal_user' => 'ldapToDrupalUserPhp',
|
|
202 |
'testing_drupal_username' => 'testingDrupalUsername',
|
|
203 |
'testing_drupal_user_dn' => 'testingDrupalUserDn',
|
|
204 |
|
|
205 |
'grp_unused' => 'groupFunctionalityUnused',
|
|
206 |
'grp_object_cat' => 'groupObjectClass',
|
|
207 |
'grp_nested' => 'groupNested',
|
|
208 |
'grp_user_memb_attr_exists' => 'groupUserMembershipsAttrExists',
|
|
209 |
'grp_user_memb_attr' => 'groupUserMembershipsAttr',
|
|
210 |
'grp_memb_attr' => 'groupMembershipsAttr',
|
|
211 |
'grp_memb_attr_match_user_attr' => 'groupMembershipsAttrMatchingUserAttr',
|
|
212 |
'grp_derive_from_dn' => 'groupDeriveFromDn',
|
|
213 |
'grp_derive_from_dn_attr' => 'groupDeriveFromDnAttr',
|
|
214 |
'grp_test_grp_dn' => 'groupTestGroupDn',
|
|
215 |
'grp_test_grp_dn_writeable' => 'groupTestGroupDnWriteable',
|
|
216 |
|
|
217 |
'search_pagination' => 'searchPagination',
|
|
218 |
'search_page_size' => 'searchPageSize',
|
|
154 | 219 |
|
155 |
);
|
|
220 |
];
|
|
156 | 221 |
|
157 | 222 |
} |
158 | 223 |
|
159 | 224 |
/** |
160 |
* Constructor Method |
|
225 |
* Constructor Method.
|
|
161 | 226 |
* |
162 | 227 |
* @param $sid |
163 | 228 |
*/ |
... | ... | |
169 | 234 |
$server_record = FALSE; |
170 | 235 |
if (module_exists('ctools')) { |
171 | 236 |
ctools_include('export'); |
172 |
$result = ctools_export_load_object('ldap_servers', 'names', array($sid));
|
|
237 |
$result = ctools_export_load_object('ldap_servers', 'names', [$sid]);
|
|
173 | 238 |
if (isset($result[$sid])) { |
174 | 239 |
$server_record = new stdClass(); |
175 | 240 |
foreach ($result[$sid] as $db_field_name => $value) { |
... | ... | |
197 | 262 |
$this->inDatabase = TRUE; |
198 | 263 |
$this->sid = $sid; |
199 | 264 |
$this->detailedWatchdogLog = variable_get('ldap_help_watchdog_detail', 0); |
200 |
foreach ($this->field_to_properties_map() as $db_field_name => $property_name ) {
|
|
265 |
foreach ($this->field_to_properties_map() as $db_field_name => $property_name) { |
|
201 | 266 |
if (isset($server_record->$db_field_name)) { |
202 | 267 |
$this->{$property_name} = $server_record->$db_field_name; |
203 | 268 |
} |
... | ... | |
210 | 275 |
/** |
211 | 276 |
* This method sets properties that don't directly map from db record. |
212 | 277 |
* |
213 |
* It is split out so it can be shared with ldapServerTest.class.php |
|
278 |
* It is split out so it can be shared with ldapServerTest.class.php.
|
|
214 | 279 |
* |
215 | 280 |
* @param $bindpw |
216 | 281 |
*/ |
217 | 282 |
protected function initDerivedProperties($bindpw) { |
218 | 283 |
|
219 |
// get this->basedn in array format
|
|
284 |
// Get this->basedn in array format.
|
|
220 | 285 |
if (!$this->basedn) { |
221 |
$this->basedn = array();
|
|
286 |
$this->basedn = [];
|
|
222 | 287 |
} |
223 |
elseif (is_array($this->basedn)) { // do nothing |
|
288 |
// Do nothing. |
|
289 |
elseif (is_array($this->basedn)) { |
|
224 | 290 |
} |
225 | 291 |
else { |
226 | 292 |
$basedn_unserialized = @unserialize($this->basedn); |
... | ... | |
228 | 294 |
$this->basedn = $basedn_unserialized; |
229 | 295 |
} |
230 | 296 |
else { |
231 |
$this->basedn = array();
|
|
297 |
$this->basedn = [];
|
|
232 | 298 |
$token = is_scalar($basedn_unserialized) ? $basedn_unserialized : print_r($basedn_unserialized, TRUE); |
233 |
debug("basednb desearialization error". $token); |
|
234 |
watchdog('ldap_servers', 'Failed to deserialize LdapServer::basedn of !basedn', array('!basedn' => $token), WATCHDOG_ERROR);
|
|
299 |
debug("basednb desearialization error" . $token);
|
|
300 |
watchdog('ldap_servers', 'Failed to deserialize LdapServer::basedn of !basedn', ['!basedn' => $token], WATCHDOG_ERROR);
|
|
235 | 301 |
} |
236 | 302 |
|
237 | 303 |
} |
... | ... | |
254 | 320 |
} |
255 | 321 |
} |
256 | 322 |
|
257 |
$this->paginationEnabled = (boolean)(ldap_servers_php_supports_pagination() && $this->searchPagination); |
|
323 |
$this->paginationEnabled = (boolean) (ldap_servers_php_supports_pagination() && $this->searchPagination);
|
|
258 | 324 |
|
259 |
$this->queriableWithoutUserCredentials = (boolean)( |
|
325 |
$this->queriableWithoutUserCredentials = (boolean) (
|
|
260 | 326 |
$this->bind_method == LDAP_SERVERS_BIND_METHOD_SERVICE_ACCT || |
261 | 327 |
$this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER |
262 | 328 |
); |
... | ... | |
267 | 333 |
} |
268 | 334 |
|
269 | 335 |
/** |
270 |
* Destructor Method |
|
336 |
* Destructor Method.
|
|
271 | 337 |
*/ |
272 | 338 |
public function __destruct() { |
273 | 339 |
// Close the server connection to be sure. |
... | ... | |
275 | 341 |
} |
276 | 342 |
|
277 | 343 |
/** |
278 |
* Invoke Method |
|
344 |
* Invoke Method.
|
|
279 | 345 |
*/ |
280 | 346 |
public function __invoke() { |
281 | 347 |
$this->connect(); |
... | ... | |
283 | 349 |
} |
284 | 350 |
|
285 | 351 |
/** |
286 |
* Connect Method |
|
352 |
* Connect Method.
|
|
287 | 353 |
*/ |
288 | 354 |
public function connect() { |
289 | 355 |
if (!function_exists('ldap_connect')) { |
... | ... | |
297 | 363 |
} |
298 | 364 |
|
299 | 365 |
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3); |
300 |
ldap_set_option($con, LDAP_OPT_REFERRALS, (int)$this->followrefs); |
|
366 |
ldap_set_option($con, LDAP_OPT_REFERRALS, (int) $this->followrefs);
|
|
301 | 367 |
|
302 | 368 |
// Use TLS if we are configured and able to. |
303 | 369 |
if ($this->tls) { |
... | ... | |
315 | 381 |
return LDAP_CONNECT_ERROR; |
316 | 382 |
} |
317 | 383 |
elseif (!ldap_start_tls($con)) { |
318 |
$msg = t("Could not start TLS. (Error %errno: %error).", array('%errno' => ldap_errno($con), '%error' => ldap_error($con)));
|
|
384 |
$msg = t("Could not start TLS. (Error %errno: %error).", ['%errno' => ldap_errno($con), '%error' => ldap_error($con)]);
|
|
319 | 385 |
watchdog('ldap_servers', $msg); |
320 | 386 |
return LDAP_CONNECT_ERROR; |
321 | 387 |
} |
322 | 388 |
} |
323 | 389 |
|
324 |
// Store the resulting resource
|
|
325 |
$this->connection = $con; |
|
326 |
return LDAP_SUCCESS; |
|
390 |
// Store the resulting resource.
|
|
391 |
$this->connection = $con;
|
|
392 |
return LDAP_SUCCESS;
|
|
327 | 393 |
} |
328 | 394 |
|
329 |
|
|
330 | 395 |
/** |
331 |
* Bind (authenticate) against an active LDAP database.
|
|
332 |
*
|
|
333 |
* @param $userdn
|
|
334 |
* The DN to bind against. If NULL, we use $this->binddn
|
|
335 |
* @param $pass
|
|
336 |
* The password search base. If NULL, we use $this->bindpw
|
|
396 |
* Bind (authenticate) against an active LDAP database.
|
|
397 |
*
|
|
398 |
* @param $userdn
|
|
399 |
* The DN to bind against. If NULL, we use $this->binddn
|
|
400 |
* @param $pass
|
|
401 |
* The password search base. If NULL, we use $this->bindpw
|
|
337 | 402 |
* |
338 | 403 |
* @return |
339 | 404 |
* Result of bind; TRUE if successful, FALSE otherwise. |
... | ... | |
342 | 407 |
|
343 | 408 |
// Ensure that we have an active server connection. |
344 | 409 |
if (!$this->connection) { |
345 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Not connected to LDAP server.", array('%user' => $userdn));
|
|
410 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Not connected to LDAP server.", ['%user' => $userdn]);
|
|
346 | 411 |
return LDAP_CONNECT_ERROR; |
347 | 412 |
} |
348 | 413 |
|
... | ... | |
352 | 417 |
if ($anon_bind === TRUE) { |
353 | 418 |
if (@!ldap_bind($this->connection)) { |
354 | 419 |
if ($this->detailedWatchdogLog) { |
355 |
watchdog('ldap_servers', "LDAP anonymous bind error. Error %errno: %error", array('%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
|
|
420 |
watchdog('ldap_servers', "LDAP anonymous bind error. Error %errno: %error", ['%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)]);
|
|
356 | 421 |
} |
357 | 422 |
return ldap_errno($this->connection); |
358 | 423 |
} |
... | ... | |
363 | 428 |
|
364 | 429 |
if ($this->followrefs) { |
365 | 430 |
$rebHandler = new LdapServersRebindHandler($userdn, $pass); |
366 |
ldap_set_rebind_proc($this->connection, array($rebHandler, 'rebind_callback'));
|
|
431 |
ldap_set_rebind_proc($this->connection, [$rebHandler, 'rebind_callback']);
|
|
367 | 432 |
} |
368 | 433 |
|
369 | 434 |
if (drupal_strlen($pass) == 0 || drupal_strlen($userdn) == 0) { |
370 |
watchdog('ldap_servers', "LDAP bind failure for user userdn=%userdn, pass=%pass.", array('%userdn' => $userdn, '%pass' => $pass));
|
|
435 |
watchdog('ldap_servers', "LDAP bind failure for user userdn=%userdn, pass=%pass.", ['%userdn' => $userdn, '%pass' => $pass]);
|
|
371 | 436 |
return LDAP_LOCAL_ERROR; |
372 | 437 |
} |
373 | 438 |
if (@!ldap_bind($this->connection, $userdn, $pass)) { |
374 | 439 |
if ($this->detailedWatchdogLog) { |
375 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Error %errno: %error", array('%user' => $userdn, '%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
|
|
440 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Error %errno: %error", ['%user' => $userdn, '%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)]);
|
|
376 | 441 |
} |
377 | 442 |
return ldap_errno($this->connection); |
378 | 443 |
} |
... | ... | |
386 | 451 |
*/ |
387 | 452 |
public function disconnect() { |
388 | 453 |
if (!$this->connection) { |
389 |
// never bound or not currently bound, so no need to disconnect
|
|
390 |
//watchdog('ldap_servers', 'LDAP disconnect failure from '. $this->server_addr . ':' . $this->port);
|
|
454 |
// Never bound or not currently bound, so no need to disconnect
|
|
455 |
// watchdog('ldap_servers', 'LDAP disconnect failure from '. $this->server_addr . ':' . $this->port);.
|
|
391 | 456 |
} |
392 | 457 |
else { |
393 | 458 |
ldap_unbind($this->connection); |
... | ... | |
399 | 464 |
* |
400 | 465 |
*/ |
401 | 466 |
public function connectAndBindIfNotAlready() { |
402 |
if (! $this->connection) {
|
|
467 |
if (!$this->connection) { |
|
403 | 468 |
$this->connect(); |
404 | 469 |
$this->bind(); |
405 | 470 |
} |
406 | 471 |
} |
407 | 472 |
|
408 | 473 |
/** |
409 |
* does dn exist for this server? |
|
410 |
* |
|
474 |
* Does dn exist for this server? |
|
411 | 475 |
* |
412 | 476 |
* @param string $dn |
413 |
* @param enum $return = 'boolean' or 'ldap_entry' |
|
414 |
* @param array $attributes in same form as ldap_read $attributes parameter |
|
477 |
* @param enum $return |
|
478 |
* = 'boolean' or 'ldap_entry'. |
|
479 |
* @param array $attributes |
|
480 |
* in same form as ldap_read $attributes parameter. |
|
415 | 481 |
* |
416 | 482 |
* @return bool|array |
417 | 483 |
*/ |
418 | 484 |
public function dnExists($dn, $return = 'boolean', $attributes = NULL) { |
419 | 485 |
|
420 |
$params = array(
|
|
486 |
$params = [
|
|
421 | 487 |
'base_dn' => $dn, |
422 | 488 |
'attributes' => $attributes, |
423 | 489 |
'attrsonly' => FALSE, |
... | ... | |
425 | 491 |
'sizelimit' => 0, |
426 | 492 |
'timelimit' => 0, |
427 | 493 |
'deref' => NULL, |
428 |
);
|
|
494 |
];
|
|
429 | 495 |
|
430 | 496 |
if ($return == 'boolean' || !is_array($attributes)) { |
431 |
$params['attributes'] = array('objectclass');
|
|
497 |
$params['attributes'] = ['objectclass'];
|
|
432 | 498 |
} |
433 | 499 |
else { |
434 | 500 |
$params['attributes'] = $attributes; |
... | ... | |
447 | 513 |
} |
448 | 514 |
|
449 | 515 |
/** |
450 |
* @param $ldap_result as ldap link identifier |
|
516 |
* @param $ldap_result |
|
517 |
* as ldap link identifier |
|
451 | 518 |
* |
452 | 519 |
* @return FALSE on error or number of entries. |
453 | 520 |
* (if 0 entries will return 0) |
... | ... | |
457 | 524 |
} |
458 | 525 |
|
459 | 526 |
/** |
460 |
* create ldap entry.
|
|
527 |
* Create ldap entry.
|
|
461 | 528 |
* |
462 |
* @param array $attributes should follow the structure of ldap_add functions |
|
529 |
* @param array $attributes |
|
530 |
* should follow the structure of ldap_add functions |
|
463 | 531 |
* entry array: http://us.php.net/manual/en/function.ldap-add.php |
464 | 532 |
* $attributes["attribute1"] = "value"; |
465 | 533 |
* $attributes["attribute2"][0] = "value1"; |
466 |
* $attributes["attribute2"][1] = "value2"; |
|
534 |
* $attributes["attribute2"][1] = "value2";. |
|
535 |
* |
|
467 | 536 |
* @return boolean result |
468 | 537 |
*/ |
469 | 538 |
public function createLdapEntry($attributes, $dn = NULL) { |
... | ... | |
487 | 556 |
$result = @ldap_add($this->connection, $dn, $attributes); |
488 | 557 |
if (!$result) { |
489 | 558 |
$error = "LDAP Server ldap_add(%dn) Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
490 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
|
|
559 |
$tokens = ['%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))];
|
|
491 | 560 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR); |
492 | 561 |
} |
493 | 562 |
|
... | ... | |
530 | 599 |
} |
531 | 600 |
} |
532 | 601 |
|
533 |
// identical multivalued attributes
|
|
602 |
// Identical multivalued attributes.
|
|
534 | 603 |
if (is_array($new_val) && is_array($old_value) && count(array_diff($new_val, $old_value)) == 0) { |
535 | 604 |
unset($new_entry[$key]); |
536 | 605 |
} |
537 | 606 |
elseif ($old_value_is_scalar && !is_array($new_val) && drupal_strtolower($old_value) == drupal_strtolower($new_val)) { |
538 |
unset($new_entry[$key]); // don't change values that aren't changing to avoid false permission constraints |
|
607 |
// don't change values that aren't changing to avoid false permission constraints. |
|
608 |
unset($new_entry[$key]); |
|
539 | 609 |
} |
540 | 610 |
} |
541 | 611 |
|
... | ... | |
543 | 613 |
} |
544 | 614 |
|
545 | 615 |
/** |
546 |
* modify attributes of ldap entry
|
|
616 |
* Modify attributes of ldap entry.
|
|
547 | 617 |
* |
548 |
* @param string $dn DN of entry |
|
549 |
* @param array $attributes should follow the structure of ldap_add functions |
|
618 |
* @param string $dn |
|
619 |
* DN of entry. |
|
620 |
* @param array $attributes |
|
621 |
* should follow the structure of ldap_add functions |
|
550 | 622 |
* entry array: http://us.php.net/manual/en/function.ldap-add.php |
551 | 623 |
* $attributes["attribute1"] = "value"; |
552 | 624 |
* $attributes["attribute2"][0] = "value1"; |
553 |
* $attributes["attribute2"][1] = "value2"; |
|
625 |
* $attributes["attribute2"][1] = "value2";.
|
|
554 | 626 |
* |
555 | 627 |
* @return TRUE on success FALSE on error |
556 | 628 |
*/ |
557 |
public function modifyLdapEntry($dn, $attributes = array(), $old_attributes = FALSE) {
|
|
629 |
public function modifyLdapEntry($dn, $attributes = [], $old_attributes = FALSE) {
|
|
558 | 630 |
|
559 | 631 |
$this->connectAndBindIfNotAlready(); |
560 | 632 |
|
... | ... | |
562 | 634 |
$result = @ldap_read($this->connection, $dn, 'objectClass=*'); |
563 | 635 |
if (!$result) { |
564 | 636 |
$error = "LDAP Server ldap_read(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
565 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
|
|
637 |
$tokens = ['%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))];
|
|
566 | 638 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR); |
567 | 639 |
return FALSE; |
568 | 640 |
} |
... | ... | |
592 | 664 |
} |
593 | 665 |
} |
594 | 666 |
|
595 |
if ($cur_val == '' && $old_value != '') { // remove enpty attributes |
|
667 |
// Remove enpty attributes. |
|
668 |
if ($cur_val == '' && $old_value != '') { |
|
596 | 669 |
unset($attributes[$key]); |
597 |
$result = @ldap_mod_del($this->connection, $dn, array($key_lcase => $old_value));
|
|
670 |
$result = @ldap_mod_del($this->connection, $dn, [$key_lcase => $old_value]);
|
|
598 | 671 |
if (!$result) { |
599 | 672 |
$error = "LDAP Server ldap_mod_del(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
600 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
|
|
673 |
$tokens = ['%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))];
|
|
601 | 674 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR); |
602 | 675 |
return FALSE; |
603 | 676 |
} |
... | ... | |
605 | 678 |
elseif (is_array($cur_val)) { |
606 | 679 |
foreach ($cur_val as $mv_key => $mv_cur_val) { |
607 | 680 |
if ($mv_cur_val == '') { |
608 |
unset($attributes[$key][$mv_key]); // remove empty values in multivalues attributes |
|
681 |
// Remove empty values in multivalues attributes. |
|
682 |
unset($attributes[$key][$mv_key]); |
|
609 | 683 |
} |
610 | 684 |
else { |
611 | 685 |
$attributes[$key][$mv_key] = $mv_cur_val; |
... | ... | |
618 | 692 |
$result = @ldap_modify($this->connection, $dn, $attributes); |
619 | 693 |
if (!$result) { |
620 | 694 |
$error = "LDAP Server ldap_modify(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
621 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
|
|
695 |
$tokens = ['%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))];
|
|
622 | 696 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR); |
623 | 697 |
return FALSE; |
624 | 698 |
} |
... | ... | |
643 | 717 |
$result = @ldap_delete($this->connection, $dn); |
644 | 718 |
if (!$result) { |
645 | 719 |
$error = "LDAP Server delete(%dn) in LdapServer::delete() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
646 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection)));
|
|
720 |
$tokens = ['%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))];
|
|
647 | 721 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR); |
648 | 722 |
} |
649 | 723 |
return $result; |
650 | 724 |
} |
651 | 725 |
|
652 | 726 |
/** |
653 |
* Perform an LDAP search on all base dns and aggregate into one result |
|
727 |
* Perform an LDAP search on all base dns and aggregate into one result.
|
|
654 | 728 |
* |
655 | 729 |
* @param string $filter |
656 |
* The search filter. such as sAMAccountName=jbarclay. attribute values (e.g. jbarclay) should be esacaped before calling |
|
657 |
|
|
730 |
* The search filter. such as sAMAccountName=jbarclay. attribute values (e.g. jbarclay) should be esacaped before calling.
|
|
731 |
* |
|
658 | 732 |
* @param array $attributes |
659 | 733 |
* List of desired attributes. If omitted, we only return "dn". |
660 | 734 |
* |
... | ... | |
666 | 740 |
*/ |
667 | 741 |
public function searchAllBaseDns( |
668 | 742 |
$filter, |
669 |
$attributes = array(),
|
|
743 |
$attributes = [],
|
|
670 | 744 |
$attrsonly = 0, |
671 | 745 |
$sizelimit = 0, |
672 | 746 |
$timelimit = 0, |
673 | 747 |
$deref = NULL, |
674 | 748 |
$scope = LDAP_SCOPE_SUBTREE |
675 | 749 |
) { |
676 |
$all_entries = array(); |
|
677 |
foreach ($this->basedn as $base_dn) { // need to search on all basedns one at a time |
|
678 |
$entries = $this->search($base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref, $scope); // no attributes, just dns needed |
|
679 |
if ($entries === FALSE) { // if error in any search, return false |
|
750 |
$all_entries = []; |
|
751 |
// Need to search on all basedns one at a time. |
|
752 |
foreach ($this->basedn as $base_dn) { |
|
753 |
// No attributes, just dns needed. |
|
754 |
$entries = $this->search($base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref, $scope); |
|
755 |
// If error in any search, return false. |
|
756 |
if ($entries === FALSE) { |
|
680 | 757 |
return FALSE; |
681 | 758 |
} |
682 | 759 |
if (count($all_entries) == 0) { |
... | ... | |
700 | 777 |
* Perform an LDAP search. |
701 | 778 |
* |
702 | 779 |
* @param string $basedn |
703 |
* The search base. If NULL, we use $this->basedn. should not be esacaped |
|
780 |
* The search base. If NULL, we use $this->basedn. should not be esacaped.
|
|
704 | 781 |
* @param string $filter |
705 | 782 |
* The search filter. such as sAMAccountName=jbarclay. attribute values |
706 |
* (e.g. jbarclay) should be esacaped before calling
|
|
783 |
* (e.g. jbarclay) should be esacaped before calling.
|
|
707 | 784 |
* |
708 | 785 |
* @param array $attributes |
709 | 786 |
* List of desired attributes. If omitted, we only return "dn". |
... | ... | |
715 | 792 |
* elements if search returns no results), |
716 | 793 |
* or FALSE on error. |
717 | 794 |
*/ |
718 |
public function search($base_dn = NULL, $filter, $attributes = array(), |
|
719 |
$attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = NULL, $scope = LDAP_SCOPE_SUBTREE) { |
|
795 |
public function search($base_dn = NULL, |
|
796 |
$filter, |
|
797 |
$attributes = [], |
|
798 |
$attrsonly = 0, |
|
799 |
$sizelimit = 0, |
|
800 |
$timelimit = 0, |
|
801 |
$deref = NULL, |
|
802 |
$scope = LDAP_SCOPE_SUBTREE) { |
|
720 | 803 |
|
721 |
/**
|
|
804 |
/** |
|
722 | 805 |
* pagingation issues: |
723 | 806 |
* -- see documentation queue: http://markmail.org/message/52w24iae3g43ikix#query:+page:1+mid:bez5vpl6smgzmymy+state:results |
724 | 807 |
* -- wait for php 5.4? https://svn.php.net/repository/php/php-src/tags/php_5_4_0RC6/NEWS (ldap_control_paged_result |
... | ... | |
735 | 818 |
} |
736 | 819 |
|
737 | 820 |
$attr_display = is_array($attributes) ? join(',', $attributes) : 'none'; |
738 |
$query = 'ldap_search() call: ' . join(",\n", array(
|
|
821 |
$query = 'ldap_search() call: ' . join(",\n", [
|
|
739 | 822 |
'base_dn: ' . $base_dn, |
740 | 823 |
'filter = ' . $filter, |
741 | 824 |
'attributes: ' . $attr_display, |
... | ... | |
744 | 827 |
'timelimit = ' . $timelimit, |
745 | 828 |
'deref = ' . $deref, |
746 | 829 |
'scope = ' . $scope, |
747 |
)
|
|
830 |
]
|
|
748 | 831 |
); |
749 | 832 |
if ($this->detailed_watchdog_log) { |
750 |
watchdog('ldap_servers', $query, array());
|
|
833 |
watchdog('ldap_servers', $query, []);
|
|
751 | 834 |
} |
752 | 835 |
|
753 | 836 |
// When checking multiple servers, there's a chance we might not be connected yet. |
754 |
if (! $this->connection) {
|
|
837 |
if (!$this->connection) { |
|
755 | 838 |
$this->connect(); |
756 | 839 |
$this->bind(); |
757 | 840 |
} |
758 | 841 |
|
759 |
$ldap_query_params = array(
|
|
842 |
$ldap_query_params = [
|
|
760 | 843 |
'connection' => $this->connection, |
761 | 844 |
'base_dn' => $base_dn, |
762 | 845 |
'filter' => $filter, |
... | ... | |
767 | 850 |
'deref' => $deref, |
768 | 851 |
'query_display' => $query, |
769 | 852 |
'scope' => $scope, |
770 |
);
|
|
853 |
];
|
|
771 | 854 |
|
772 | 855 |
if ($this->searchPagination && $this->paginationEnabled) { |
773 | 856 |
$aggregated_entries = $this->pagedLdapQuery($ldap_query_params); |
... | ... | |
775 | 858 |
} |
776 | 859 |
else { |
777 | 860 |
$result = $this->ldapQuery($scope, $ldap_query_params); |
778 |
if ($result && ($this->countEntries($result) !== FALSE) ) {
|
|
861 |
if ($result && ($this->countEntries($result) !== FALSE)) { |
|
779 | 862 |
$entries = ldap_get_entries($this->connection, $result); |
780 | 863 |
drupal_alter('ldap_server_search_results', $entries, $ldap_query_params); |
781 | 864 |
return (is_array($entries)) ? $entries : FALSE; |
782 | 865 |
} |
783 | 866 |
elseif ($this->ldapErrorNumber()) { |
784 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], |
|
785 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), |
|
786 |
'%errno' => $this->ldapErrorNumber()); |
|
867 |
$watchdog_tokens = [ |
|
868 |
'%basedn' => $ldap_query_params['base_dn'], |
|
869 |
'%filter' => $ldap_query_params['filter'], |
|
870 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), |
|
871 |
'%errmsg' => $this->errorMsg('ldap'), |
|
872 |
'%errno' => $this->ldapErrorNumber(), |
|
873 |
]; |
|
787 | 874 |
watchdog('ldap_servers', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes: |
788 | 875 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
789 | 876 |
return FALSE; |
... | ... | |
795 | 882 |
} |
796 | 883 |
|
797 | 884 |
/** |
798 |
* execute a paged ldap query and return entries as one aggregated array
|
|
885 |
* Execute a paged ldap query and return entries as one aggregated array.
|
|
799 | 886 |
* |
800 | 887 |
* $this->searchPageStart and $this->searchPageEnd should be set before calling if |
801 |
* a particular set of pages is desired |
|
888 |
* a particular set of pages is desired.
|
|
802 | 889 |
* |
803 |
* @param array $ldap_query_params of form: |
|
890 |
* @param array $ldap_query_params |
|
891 |
* of form: |
|
804 | 892 |
* 'base_dn' => base_dn, |
805 | 893 |
* 'filter' => filter, |
806 | 894 |
* 'attributes' => attributes, |
... | ... | |
813 | 901 |
* (this array of parameters is primarily passed on to ldapQuery() method) |
814 | 902 |
* |
815 | 903 |
* @return array of ldap entries or FALSE on error. |
816 |
* |
|
817 | 904 |
*/ |
818 | 905 |
public function pagedLdapQuery($ldap_query_params) { |
819 | 906 |
|
820 | 907 |
if (!($this->searchPagination && $this->paginationEnabled)) { |
908 |
$watchdog_tokens = [ |
|
909 |
'%basedn' => $ldap_query_params['base_dn'], |
|
910 |
'%filter' => $ldap_query_params['filter'], |
|
911 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), |
|
912 |
'%errmsg' => $this->errorMsg('ldap'), |
|
913 |
'%errno' => $this->ldapErrorNumber(), |
|
914 |
]; |
|
821 | 915 |
watchdog('ldap_servers', "LDAP server pagedLdapQuery() called when functionality not available in php install or |
822 | 916 |
not enabled in ldap server configuration. error. basedn: %basedn| filter: %filter| attributes: |
823 | 917 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
824 |
RETURN FALSE;
|
|
918 |
return FALSE;
|
|
825 | 919 |
} |
826 | 920 |
|
827 | 921 |
$page_token = ''; |
828 | 922 |
$page = 0; |
829 | 923 |
$estimated_entries = 0; |
830 |
$aggregated_entries = array();
|
|
924 |
$aggregated_entries = [];
|
|
831 | 925 |
$aggregated_entries_count = 0; |
832 | 926 |
$has_page_results = FALSE; |
833 | 927 |
|
... | ... | |
837 | 931 |
|
838 | 932 |
if ($page >= $this->searchPageStart) { |
839 | 933 |
$skipped_page = FALSE; |
840 |
if ($result && ($this->countEntries($result) !== FALSE) ) {
|
|
934 |
if ($result && ($this->countEntries($result) !== FALSE)) { |
|
841 | 935 |
$page_entries = ldap_get_entries($this->connection, $result); |
842 | 936 |
unset($page_entries['count']); |
843 | 937 |
$has_page_results = (is_array($page_entries) && count($page_entries) > 0); |
... | ... | |
845 | 939 |
$aggregated_entries_count = count($aggregated_entries); |
846 | 940 |
} |
847 | 941 |
elseif ($this->ldapErrorNumber()) { |
848 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], |
|
849 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), |
|
850 |
'%errno' => $this->ldapErrorNumber()); |
|
942 |
$watchdog_tokens = [ |
|
943 |
'%basedn' => $ldap_query_params['base_dn'], |
|
944 |
'%filter' => $ldap_query_params['filter'], |
|
945 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), |
|
946 |
'%errmsg' => $this->errorMsg('ldap'), |
|
947 |
'%errno' => $this->ldapErrorNumber(), |
|
948 |
]; |
|
851 | 949 |
watchdog('ldap_servers', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes: |
852 | 950 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
853 |
RETURN FALSE;
|
|
951 |
return FALSE;
|
|
854 | 952 |
} |
855 | 953 |
else { |
856 | 954 |
return FALSE; |
... | ... | |
861 | 959 |
} |
862 | 960 |
@ldap_control_paged_result_response($this->connection, $result, $page_token, $estimated_entries); |
863 | 961 |
if ($ldap_query_params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) { |
864 |
// false positive error thrown. do not set result limit error when $sizelimit specified
|
|
962 |
// False positive error thrown. do not set result limit error when $sizelimit specified.
|
|
865 | 963 |
} |
866 | 964 |
elseif ($this->hasError()) { |
867 | 965 |
watchdog('ldap_servers', 'ldap_control_paged_result_response() function error. LDAP Error: %message, ldap_list() parameters: %query', |
868 |
array('%message' => $this->errorMsg('ldap'), '%query' => $ldap_query_params['query_display']),
|
|
966 |
['%message' => $this->errorMsg('ldap'), '%query' => $ldap_query_params['query_display']],
|
|
869 | 967 |
WATCHDOG_ERROR); |
870 | 968 |
} |
871 | 969 |
|
... | ... | |
873 | 971 |
$discarded_entries = array_splice($aggregated_entries, $ldap_query_params['sizelimit']); |
874 | 972 |
break; |
875 | 973 |
} |
876 |
elseif ($this->searchPageEnd !== NULL && $page >= $this->searchPageEnd) { // user defined pagination has run out |
|
974 |
// User defined pagination has run out. |
|
975 |
elseif ($this->searchPageEnd !== NULL && $page >= $this->searchPageEnd) { |
|
877 | 976 |
break; |
878 | 977 |
} |
879 |
elseif ($page_token === NULL || $page_token == '') { // ldap reference pagination has run out |
|
978 |
// Ldap reference pagination has run out. |
|
979 |
elseif ($page_token === NULL || $page_token == '') { |
|
880 | 980 |
break; |
881 | 981 |
} |
882 | 982 |
$page++; |
... | ... | |
887 | 987 |
} |
888 | 988 |
|
889 | 989 |
/** |
890 |
* execute ldap query and return ldap records
|
|
990 |
* Execute ldap query and return ldap records.
|
|
891 | 991 |
* |
892 | 992 |
* @param scope |
993 |
* |
|
893 | 994 |
* @params see pagedLdapQuery $params |
894 | 995 |
* |
895 | 996 |
* @return array of ldap entries |
... | ... | |
903 | 1004 |
$result = @ldap_search($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], |
904 | 1005 |
$params['sizelimit'], $params['timelimit'], $params['deref']); |
905 | 1006 |
if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) { |
906 |
// false positive error thrown. do not return result limit error when $sizelimit specified
|
|
1007 |
// False positive error thrown. do not return result limit error when $sizelimit specified.
|
|
907 | 1008 |
} |
908 | 1009 |
elseif ($this->hasError()) { |
909 | 1010 |
watchdog('ldap_servers', 'ldap_search() function error. LDAP Error: %message, ldap_search() parameters: %query', |
910 |
array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']),
|
|
1011 |
['%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']],
|
|
911 | 1012 |
WATCHDOG_ERROR); |
912 | 1013 |
} |
913 | 1014 |
break; |
... | ... | |
916 | 1017 |
$result = @ldap_read($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], |
917 | 1018 |
$params['sizelimit'], $params['timelimit'], $params['deref']); |
918 | 1019 |
if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) { |
919 |
// false positive error thrown. do not result limit error when $sizelimit specified
|
|
1020 |
// False positive error thrown. do not result limit error when $sizelimit specified.
|
|
920 | 1021 |
} |
921 | 1022 |
elseif ($this->hasError()) { |
922 | 1023 |
watchdog('ldap_servers', 'ldap_read() function error. LDAP Error: %message, ldap_read() parameters: %query', |
923 |
array('%message' => $this->errorMsg('ldap'), '%query' => @$params['query_display']),
|
|
1024 |
['%message' => $this->errorMsg('ldap'), '%query' => @$params['query_display']],
|
|
924 | 1025 |
WATCHDOG_ERROR); |
925 | 1026 |
} |
926 | 1027 |
break; |
... | ... | |
929 | 1030 |
$result = @ldap_list($this->connection, $params['base_dn'], $params['filter'], $params['attributes'], $params['attrsonly'], |
930 | 1031 |
$params['sizelimit'], $params['timelimit'], $params['deref']); |
931 | 1032 |
if ($params['sizelimit'] && $this->ldapErrorNumber() == LDAP_SIZELIMIT_EXCEEDED) { |
932 |
// false positive error thrown. do not result limit error when $sizelimit specified
|
|
1033 |
// False positive error thrown. do not result limit error when $sizelimit specified.
|
|
933 | 1034 |
} |
934 | 1035 |
elseif ($this->hasError()) { |
935 | 1036 |
watchdog('ldap_servers', 'ldap_list() function error. LDAP Error: %message, ldap_list() parameters: %query', |
936 |
array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']),
|
|
1037 |
['%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']],
|
|
937 | 1038 |
WATCHDOG_ERROR); |
938 | 1039 |
} |
939 | 1040 |
break; |
... | ... | |
942 | 1043 |
} |
943 | 1044 |
|
944 | 1045 |
/** |
945 |
* @param array $dns Mixed Case |
|
1046 |
* @param array $dns |
|
1047 |
* Mixed Case. |
|
946 | 1048 |
* @return array $dns Lower Case |
947 | 1049 |
*/ |
948 | 1050 |
public function dnArrayToLowerCase($dns) { |
... | ... | |
950 | 1052 |
} |
951 | 1053 |
|
952 | 1054 |
/** |
953 |
* userUserEntityFromPuid.
|
|
1055 |
* UserUserEntityFromPuid.
|
|
954 | 1056 |
* |
955 | 1057 |
* @param string $puid |
956 | 1058 |
* Binary or string as returned from ldap_read or other ldap function. |
... | ... | |
961 | 1063 |
|
962 | 1064 |
$query = new EntityFieldQuery(); |
963 | 1065 |
$query->entityCondition('entity_type', 'user') |
964 |
->fieldCondition('ldap_user_puid_sid', 'value', $this->sid, '=') |
|
965 |
->fieldCondition('ldap_user_puid', 'value', $puid, '=') |
|
966 |
->fieldCondition('ldap_user_puid_property', 'value', $this->unique_persistent_attr, '=') |
|
967 |
->addMetaData('account', user_load(1)); // run the query as user 1 |
|
1066 |
->fieldCondition('ldap_user_puid_sid', 'value', $this->sid, '=') |
|
1067 |
->fieldCondition('ldap_user_puid', 'value', $puid, '=') |
|
1068 |
->fieldCondition('ldap_user_puid_property', 'value', $this->unique_persistent_attr, '=') |
|
1069 |
// Run the query as user 1. |
|
1070 |
->addMetaData('account', user_load(1)); |
|
968 | 1071 |
|
969 | 1072 |
$result = $query->execute(); |
970 | 1073 |
|
... | ... | |
976 | 1079 |
} |
977 | 1080 |
else { |
978 | 1081 |
$uids = join(',', $uids); |
979 |
$tokens = array('%uids' => $uids, '%puid' => $puid, '%sid' => $this->sid, '%ldap_user_puid_property' => $this->unique_persistent_attr);
|
|
1082 |
$tokens = ['%uids' => $uids, '%puid' => $puid, '%sid' => $this->sid, '%ldap_user_puid_property' => $this->unique_persistent_attr];
|
|
980 | 1083 |
watchdog('ldap_servers', 'multiple users (uids: %uids) with same puid (puid=%puid, sid=%sid, ldap_user_puid_property=%ldap_user_puid_property)', $tokens, WATCHDOG_ERROR); |
981 | 1084 |
return FALSE; |
982 | 1085 |
} |
... | ... | |
1004 | 1107 |
$watchdog_tokens['%code_result'] = $code_result; |
1005 | 1108 |
$ldap_username = $code_result; |
1006 | 1109 |
$watchdog_tokens['%ldap_username'] = $ldap_username; |
1007 |
$name = $old_name_value; // important because of global scope of $name |
|
1110 |
// Important because of global scope of $name. |
|
1111 |
$name = $old_name_value; |
|
1008 | 1112 |
if ($this->detailedWatchdogLog) { |
1009 | 1113 |
watchdog('ldap_servers', '%drupal_user_name tansformed to %ldap_username by applying code <code>%code</code>', $watchdog_tokens, WATCHDOG_DEBUG); |
1010 | 1114 |
} |
... | ... | |
1013 | 1117 |
$ldap_username = $drupal_username; |
1014 | 1118 |
} |
1015 | 1119 |
|
1016 |
// Let other modules alter the ldap name |
|
1017 |
$context = array(
|
|
1120 |
// Let other modules alter the ldap name.
|
|
1121 |
$context = [
|
|
1018 | 1122 |
'ldap_server' => $this, |
1019 |
);
|
|
1123 |
];
|
|
1020 | 1124 |
drupal_alter('ldap_servers_username_to_ldapname', $ldap_username, $drupal_username, $context); |
1021 | 1125 |
|
1022 | 1126 |
return $ldap_username; |
1023 | 1127 |
|
1024 | 1128 |
} |
1025 | 1129 |
|
1026 |
|
|
1027 | 1130 |
/** |
1028 |
* userUsernameFromLdapEntry.
|
|
1131 |
* UserUsernameFromLdapEntry.
|
|
1029 | 1132 |
* |
1030 | 1133 |
* @param array $ldap_entry |
1031 | 1134 |
* |
... | ... | |
1034 | 1137 |
*/ |
1035 | 1138 |
public function userUsernameFromLdapEntry($ldap_entry) { |
1036 | 1139 |
|
1037 |
|
|
1038 | 1140 |
if ($this->account_name_attr) { |
1039 | 1141 |
$accountname = (empty($ldap_entry[$this->account_name_attr][0])) ? FALSE : $ldap_entry[$this->account_name_attr][0]; |
1040 | 1142 |
} |
1041 |
elseif ($this->user_attr) {
|
|
1143 |
elseif ($this->user_attr) { |
|
1042 | 1144 |
$accountname = (empty($ldap_entry[$this->user_attr][0])) ? FALSE : $ldap_entry[$this->user_attr][0]; |
1043 | 1145 |
} |
1044 | 1146 |
else { |
... | ... | |
1049 | 1151 |
} |
1050 | 1152 |
|
1051 | 1153 |
/** |
1052 |
* userUsernameFromDn.
|
|
1154 |
* UserUsernameFromDn.
|
|
1053 | 1155 |
* |
1054 | 1156 |
* @param string $dn |
1055 | 1157 |
* |
... | ... | |
1058 | 1160 |
*/ |
1059 | 1161 |
public function userUsernameFromDn($dn) { |
1060 | 1162 |
|
1061 |
$ldap_entry = @$this->dnExists($dn, 'ldap_entry', array());
|
|
1163 |
$ldap_entry = @$this->dnExists($dn, 'ldap_entry', []);
|
|
1062 | 1164 |
if (!$ldap_entry || !is_array($ldap_entry)) { |
1063 | 1165 |
return FALSE; |
1064 | 1166 |
} |
... | ... | |
1075 | 1177 |
*/ |
1076 | 1178 |
public function userEmailFromLdapEntry($ldap_entry) { |
1077 | 1179 |
|
1078 |
if ($ldap_entry && $this->mail_attr) { // not using template |
|
1180 |
// Not using template. |
|
1181 |
if ($ldap_entry && $this->mail_attr) { |
|
1079 | 1182 |
$mail = isset($ldap_entry[$this->mail_attr][0]) ? $ldap_entry[$this->mail_attr][0] : FALSE; |
1080 | 1183 |
return $mail; |
1081 | 1184 |
} |
1082 |
elseif ($ldap_entry && $this->mail_template) { // template is of form [cn]@illinois.edu |
|
1185 |
// Template is of form [cn]@illinois.edu. |
|
1186 |
elseif ($ldap_entry && $this->mail_template) { |
|
1083 | 1187 |
ldap_servers_module_load_include('inc', 'ldap_servers', 'ldap_servers.functions'); |
1084 | 1188 |
return ldap_servers_token_replace($ldap_entry, $this->mail_template, 'ldap_entry'); |
1085 | 1189 |
} |
... | ... | |
1088 | 1192 |
} |
1089 | 1193 |
} |
1090 | 1194 |
|
1091 |
/**
|
|
1092 |
* @param array $ldap_entry
|
|
1093 |
*
|
|
1094 |
* @return object|bool
|
|
1195 |
/**
|
|
1196 |
* @param array $ldap_entry
|
|
1197 |
*
|
|
1198 |
* @return object|bool
|
|
1095 | 1199 |
* Drupal file object image user's thumbnail or FALSE if none present or |
1096 | 1200 |
* ERROR happens. |
1097 |
*/ |
|
1098 |
public function userPictureFromLdapEntry($ldap_entry, $drupal_username = FALSE) { |
|
1099 |
if ($ldap_entry && $this->picture_attr) { |
|
1100 |
//Check if ldap entry has been provisioned. |
|
1101 |
|
|
1102 |
$image_data = isset($ldap_entry[$this->picture_attr][0]) ? $ldap_entry[$this->picture_attr][0] : FALSE; |
|
1103 |
if (!$image_data) { |
|
1104 |
return FALSE; |
|
1105 |
} |
|
1201 |
*/ |
|
1202 |
public function userPictureFromLdapEntry($ldap_entry, $drupal_username = FALSE) { |
|
1203 |
if ($ldap_entry && $this->picture_attr) { |
|
1204 |
// Check if ldap entry has been provisioned. |
|
1205 |
$image_data = isset($ldap_entry[$this->picture_attr][0]) ? $ldap_entry[$this->picture_attr][0] : FALSE; |
|
1206 |
if (!$image_data) { |
|
1207 |
return FALSE; |
|
1208 |
} |
|
1106 | 1209 |
|
1107 |
$md5thumb = md5($image_data);
|
|
1210 |
$md5thumb = md5($image_data);
|
|
1108 | 1211 |
|
1109 |
/**
|
|
1110 |
* If the existing account already has picture check if it has changed. If
|
|
1212 |
/**
|
|
1213 |
* If the existing account already has picture check if it has changed. If
|
|
1111 | 1214 |
* so remove the old file and create the new one. If a picture is not set |
1112 | 1215 |
* but the account has an md5 hash, something is wrong and we exit. |
1113 |
*/
|
|
1114 |
if ($drupal_username && $account = user_load_by_name($drupal_username)) {
|
|
1216 |
*/
|
|
1217 |
if ($drupal_username && $account = user_load_by_name($drupal_username)) {
|
|
1115 | 1218 |
if ($account->uid == 0 || $account->uid == 1) { |
1116 | 1219 |
return FALSE; |
1117 | 1220 |
} |
... | ... | |
1141 | 1244 |
return $this->savePictureData($image_data, $md5thumb); |
1142 | 1245 |
} |
1143 | 1246 |
return FALSE; |
1144 |
} |
|
1145 |
|
|
1247 |
} |
|
1146 | 1248 |
|
1147 | 1249 |
/** |
1148 | 1250 |
* @param $image_data |
1149 | 1251 |
* @param $md5thumb |
1252 |
* |
|
1253 |
* @return bool|\stdClass |
|
1150 | 1254 |
*/ |
1151 | 1255 |
private function savePictureData($image_data, $md5thumb) { |
1152 |
//Create tmp file to get image format. |
|
1256 |
// Create tmp file to get image format.
|
|
1153 | 1257 |
$filename = uniqid(); |
1154 | 1258 |
$fileuri = file_directory_temp() . '/' . $filename; |
1155 | 1259 |
$size = file_put_contents($fileuri, $image_data); |
1156 | 1260 |
$info = image_get_info($fileuri); |
1157 | 1261 |
unlink($fileuri); |
1158 |
// create file object
|
|
1262 |
// Create file object.
|
|
1159 | 1263 |
$file = file_save_data($image_data, file_default_scheme() . '://' . variable_get('user_picture_path') . '/' . $filename . '.' . $info['extension']); |
1160 | 1264 |
$file->md5Sum = $md5thumb; |
1161 |
// standard Drupal validators for user pictures
|
|
1265 |
// Standard Drupal validators for user pictures.
|
|
1162 | 1266 |
$validators = [ |
1163 | 1267 |
'file_validate_is_image' => [], |
1164 | 1268 |
'file_validate_image_resolution' => [variable_get('user_picture_dimensions', '85x85')], |
... | ... | |
1176 | 1280 |
} |
1177 | 1281 |
} |
1178 | 1282 |
|
1179 |
|
|
1180 | 1283 |
/** |
1181 | 1284 |
* @param array $ldap_entry |
1182 | 1285 |
* |
1183 |
* @return string user's PUID or permanent user id (within ldap), converted from binary, if applicable |
|
1286 |
* @return string |
|
1287 |
* user's PUID or permanent user id (within ldap), converted from binary, if applicable |
|
1184 | 1288 |
*/ |
1185 | 1289 |
public function userPuidFromLdapEntry($ldap_entry) { |
1186 | 1290 |
|
... | ... | |
1202 | 1306 |
} |
1203 | 1307 |
|
1204 | 1308 |
/** |
1205 |
* @param mixed $user
|
|
1206 |
* - drupal user object (stdClass Object)
|
|
1309 |
* @param mixed $user |
|
1310 |
* - drupal user object (stdClass Object) |
|
1207 | 1311 |
* - ldap entry of user (array) |
1208 | 1312 |
* - ldap dn of user (string) |
1209 | 1313 |
* - drupal username of user (string) |
1210 | 1314 |
* |
1211 |
* @return array $ldap_user_entry (with top level keys of 'dn', 'mail', 'sid' and 'attr' )
|
|
1315 |
* @return array $ldap_user_entry (with top level keys of 'dn', 'mail', 'sid' and 'attr' ) |
|
1212 | 1316 |
*/ |
1213 | 1317 |
public function user_lookup($user) { |
1214 | 1318 |
return $this->userUserToExistingLdapEntry($user); |
1215 | 1319 |
} |
1320 |
|
|
1321 |
/** |
|
1322 |
* |
|
1323 |
*/ |
|
1216 | 1324 |
public function userUserToExistingLdapEntry($user) { |
1217 | 1325 |
|
1218 | 1326 |
if (is_object($user)) { |
... | ... | |
1222 | 1330 |
$user_ldap_entry = $user; |
1223 | 1331 |
} |
1224 | 1332 |
elseif (is_scalar($user)) { |
1225 |
if (strpos($user, '=') === FALSE) { // username |
|
1333 |
// Username. |
|
1334 |
if (strpos($user, '=') === FALSE) { |
|
1226 | 1335 |
$user_ldap_entry = $this->userUserNameToExistingLdapEntry($user); |
1227 | 1336 |
} |
1228 | 1337 |
else { |
... | ... | |
1238 | 1347 |
* @param string $drupal_user_name |
1239 | 1348 |
* |
1240 | 1349 |
* @param string or int $prov_event |
1241 |
* This could be anything, particularly when used by other modules. Other modules should use string like 'mymodule_myevent' |
|
1242 |
* LDAP_USER_EVENT_ALL signifies get all attributes needed by all other contexts/ops |
|
1350 |
* This could be anything, particularly when used by other modules. |
|
1351 |
* Other modules should use string like 'mymodule_myevent' |
|
1352 |
* LDAP_USER_EVENT_ALL signifies get all attributes needed by all other |
|
1353 |
* contexts/ops. |
|
1243 | 1354 |
* |
1244 |
* @return associative array representing ldap data of a user. for example of returned value. |
|
1355 |
* @return array |
|
1356 |
* representing ldap data of a user. for example of returned value. |
|
1245 | 1357 |
* 'sid' => ldap server id |
1246 | 1358 |
* 'mail' => derived from ldap mail (not always populated). |
1247 | 1359 |
* 'dn' => dn of user |
... | ... | |
1250 | 1362 |
*/ |
1251 | 1363 |
public function userUserNameToExistingLdapEntry($drupal_user_name, $ldap_context = NULL) { |
1252 | 1364 |
|
1253 |
$watchdog_tokens = array('%drupal_user_name' => $drupal_user_name);
|
|
1365 |
$watchdog_tokens = ['%drupal_user_name' => $drupal_user_name];
|
|
1254 | 1366 |
$ldap_username = $this->userUsernameToLdapNameTransform($drupal_user_name, $watchdog_tokens); |
1255 | 1367 |
if (!$ldap_username) { |
1256 | 1368 |
return FALSE; |
1257 | 1369 |
} |
1258 | 1370 |
if (!$ldap_context) { |
1259 |
$attributes = array();
|
|
1371 |
$attributes = [];
|
|
1260 | 1372 |
} |
1261 | 1373 |
else { |
1262 | 1374 |
$attribute_maps = ldap_servers_attributes_needed($this->sid, $ldap_context); |
... | ... | |
1264 | 1376 |
} |
1265 | 1377 |
|
1266 | 1378 |
foreach ($this->basedn as $basedn) { |
1267 |
if (empty($basedn)) continue; |
|
1379 |
if (empty($basedn)) { |
|
1380 |
continue; |
|
1381 |
} |
|
1268 | 1382 |
$filter = '(' . $this->user_attr . '=' . ldap_server_massage_text($ldap_username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ')'; |
1269 | 1383 |
$result = $this->search($basedn, $filter, $attributes); |
1270 |
if (!$result || !isset($result['count']) || !$result['count']) continue; |
|
1384 |
if (!$result || !isset($result['count']) || !$result['count']) { |
|
1385 |
continue; |
|
1386 |
} |
|
1271 | 1387 |
|
1272 | 1388 |
// Must find exactly one user for authentication to work. |
1273 |
|
|
1274 | 1389 |
if ($result['count'] != 1) { |
1275 | 1390 |
$count = $result['count']; |
1276 |
watchdog('ldap_servers', "Error: !count users found with $filter under $basedn.", array('!count' => $count), WATCHDOG_ERROR);
|
|
1391 |
watchdog('ldap_servers', "Error: !count users found with $filter under $basedn.", ['!count' => $count], WATCHDOG_ERROR);
|
|
1277 | 1392 |
continue; |
1278 | 1393 |
} |
1279 | 1394 |
$match = $result[0]; |
... | ... | |
1285 | 1400 |
$name_attr = $this->user_attr; |
1286 | 1401 |
|
1287 | 1402 |
if (isset($match[$name_attr][0])) { |
1288 |
// leave name
|
|
1403 |
// Leave name.
|
|
1289 | 1404 |
} |
1290 | 1405 |
elseif (isset($match[drupal_strtolower($name_attr)][0])) { |
1291 | 1406 |
$name_attr = drupal_strtolower($name_attr); |
... | ... | |
1293 | 1408 |
} |
1294 | 1409 |
else { |
1295 | 1410 |
if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) { |
1296 |
$result = array(
|
|
1411 |
$result = [
|
|
1297 | 1412 |
'dn' => $match['dn'], |
1298 | 1413 |
'mail' => $this->userEmailFromLdapEntry($match), |
1299 | 1414 |
'attr' => $match, |
1300 | 1415 |
'sid' => $this->sid, |
1301 |
);
|
|
1416 |
];
|
|
1302 | 1417 |
return $result; |
1303 | 1418 |
} |
1304 | 1419 |
else { |
... | ... | |
1316 | 1431 |
// loop through all possible options. |
1317 | 1432 |
foreach ($match[$name_attr] as $value) { |
1318 | 1433 |
if (drupal_strtolower(trim($value)) == drupal_strtolower($ldap_username)) { |
1319 |
$result = array(
|
|
1434 |
$result = [
|
|
1320 | 1435 |
'dn' => $match['dn'], |
1321 | 1436 |
'mail' => $this->userEmailFromLdapEntry($match), |
1322 | 1437 |
'attr' => $match, |
1323 | 1438 |
'sid' => $this->sid, |
1324 |
);
|
|
1439 |
];
|
|
1325 | 1440 |
return $result; |
1326 | 1441 |
} |
1327 | 1442 |
} |
... | ... | |
1331 | 1446 |
/** |
1332 | 1447 |
* Is a user a member of group? |
1333 | 1448 |
* |
1334 |
* @param string $group_dn MIXED CASE |
|
1449 |
* @param string $group_dn |
|
1450 |
* MIXED CASE. |
|
1335 | 1451 |
* @param mixed $user |
1336 |
* - drupal user object (stdClass Object)
|
|
1452 |
* - drupal user object (stdClass Object) |
|
1337 | 1453 |
* - ldap entry of user (array) |
1338 | 1454 |
* - ldap dn of user (array) |
1339 | 1455 |
* - drupal user name (string) |
1340 |
* @param enum $nested = NULL (default to server configuration), TRUE, or FALSE indicating to test for nested groups |
|
1456 |
* @param enum $nested |
|
1457 |
* = NULL (default to server configuration), TRUE, or FALSE indicating to |
|
1458 |
* test for nested groups. |
|
1459 |
* |
|
1460 |
* @return bool |
|
1341 | 1461 |
*/ |
1342 | 1462 |
public function groupIsMember($group_dn, $user, $nested = NULL) { |
1343 | 1463 |
|
1344 | 1464 |
$nested = ($nested === TRUE || $nested === FALSE) ? $nested : $this->groupNested; |
1345 | 1465 |
$group_dns = $this->groupMembershipsFromUser($user, 'group_dns', $nested); |
1346 |
// while list of group dns is going to be in correct mixed case, $group_dn may not since it may be derived from user entered values
|
|
1347 |
// so make sure in_array() is case insensitive |
|
1466 |
// While list of group dns is going to be in correct mixed case, $group_dn may not since it may be derived from user entered values
|
|
1467 |
// so make sure in_array() is case insensitive.
|
|
1348 | 1468 |
return (is_array($group_dns) && in_array(drupal_strtolower($group_dn), $this->dnArrayToLowerCase($group_dns))); |
1349 | 1469 |
} |
1350 | 1470 |
|
1351 | 1471 |
/** |
1352 | 1472 |
* NOT TESTED |
1353 |
* add a group entry |
|
1473 |
* add a group entry.
|
|
1354 | 1474 |
* |
1355 |
* @param string $group_dn as ldap dn |
|
1356 |
* @param array $attributes in key value form |
|
1357 |
* $attributes = array( |
|
1475 |
* @param string $group_dn |
|
1476 |
* as ldap dn. |
|
1477 |
* @param array $attributes |
|
1478 |
* in key value form |
|
1479 |
* $attributes = array( |
|
1358 | 1480 |
* "attribute1" = "value", |
1359 | 1481 |
* "attribute2" = array("value1", "value2"), |
1360 | 1482 |
* ) |
1483 |
* |
|
1361 | 1484 |
* @return boolean success |
1362 | 1485 |
*/ |
1363 |
public function groupAddGroup($group_dn, $attributes = array()) {
|
|
1486 |
public function groupAddGroup($group_dn, $attributes = []) {
|
|
1364 | 1487 |
|
1365 | 1488 |
if ($this->dnExists($group_dn, 'boolean')) { |
1366 | 1489 |
return FALSE; |
... | ... | |
1373 | 1496 |
/** |
1374 | 1497 |
* 2. give other modules a chance to add or alter attributes |
1375 | 1498 |
*/ |
1376 |
$context = array(
|
|
1499 |
$context = [
|
|
1377 | 1500 |
'action' => 'add', |
1378 |
'corresponding_drupal_data' => array($group_dn => $attributes),
|
|
1501 |
'corresponding_drupal_data' => [$group_dn => $attributes],
|
|
1379 | 1502 |
'corresponding_drupal_data_type' => 'group', |
1380 |
);
|
|
1381 |
$ldap_entries = array($group_dn => $attributes);
|
|
1503 |
];
|
|
1504 |
$ldap_entries = [$group_dn => $attributes];
|
|
1382 | 1505 |
drupal_alter('ldap_entry_pre_provision', $ldap_entries, $this, $context); |
1383 | 1506 |
$attributes = $ldap_entries[$group_dn]; |
1384 | 1507 |
|
1385 |
|
|
1386 |
/** |
|
1508 |
/** |
|
1387 | 1509 |
* 4. provision ldap entry |
1388 | 1510 |
* @todo how is error handling done here? |
1389 | 1511 |
*/ |
1390 | 1512 |
$ldap_entry_created = $this->createLdapEntry($attributes, $group_dn); |
1391 | 1513 |
|
1392 |
|
|
1393 |
/** |
|
1514 |
/** |
|
1394 | 1515 |
* 5. allow other modules to react to provisioned ldap entry |
1395 | 1516 |
* @todo how is error handling done here? |
1396 | 1517 |
*/ |
... | ... | |
1406 | 1527 |
|
1407 | 1528 |
/** |
1408 | 1529 |
* NOT TESTED |
1409 |
* remove a group entry |
|
1530 |
* remove a group entry.
|
|
1410 | 1531 |
* |
1411 |
* @param string $group_dn as ldap dn |
|
1412 |
* @param boolean $only_if_group_empty |
|
1532 |
* @param string $group_dn |
|
1533 |
* as ldap dn. |
|
1534 |
* @param bool $only_if_group_empty |
|
1413 | 1535 |
* TRUE = group should not be removed if not empty |
1414 |
* FALSE = groups should be deleted regardless of members |
|
1536 |
* FALSE = groups should be deleted regardless of members. |
|
1537 |
* |
|
1538 |
* @return bool |
|
1415 | 1539 |
*/ |
1416 | 1540 |
public function groupRemoveGroup($group_dn, $only_if_group_empty = TRUE) { |
1417 | 1541 |
|
... | ... | |
1428 | 1552 |
|
1429 | 1553 |
/** |
1430 | 1554 |
* NOT TESTED |
1431 |
* add a member to a group |
|
1555 |
* add a member to a group.
|
|
1432 | 1556 |
* |
1433 |
* @param string $ldap_user_dn as ldap dn |
|
1557 |
* @param string $ldap_user_dn |
|
1558 |
* as ldap dn. |
|
1434 | 1559 |
* @param mixed $user |
1435 |
* - drupal user object (stdClass Object) |
|
1436 |
* - ldap entry of user (array) (with top level keys of 'dn', 'mail', 'sid' and 'attr' ) |
|
1560 |
* - drupal user object (stdClass Object) |
|
1561 |
* - ldap entry of user (array) (with top level keys of 'dn', 'mail', |
|
1562 |
* 'sid' and 'attr' ) |
|
1437 | 1563 |
* - ldap dn of user (array) |
1438 | 1564 |
* - drupal username of user (string) |
1565 |
* |
|
1566 |
* @return bool |
|
1439 | 1567 |
*/ |
1440 | 1568 |
public function groupAddMember($group_dn, $user) { |
1441 | 1569 |
|
1442 | 1570 |
$user_ldap_entry = $this->userUserToExistingLdapEntry($user); |
1443 | 1571 |
$result = FALSE; |
1444 | 1572 |
if ($user_ldap_entry && $this->groupGroupEntryMembershipsConfigured) { |
1445 |
$add = array();
|
|
1573 |
$add = [];
|
|
1446 | 1574 |
$add[$this->groupMembershipsAttr] = $user_ldap_entry['dn']; |
1447 | 1575 |
$this->connectAndBindIfNotAlready(); |
1448 | 1576 |
$result = @ldap_mod_add($this->connection, $group_dn, $add); |
... | ... | |
1453 | 1581 |
|
1454 | 1582 |
/** |
1455 | 1583 |
* NOT TESTED |
1456 |
* remove a member from a group |
|
1584 |
* remove a member from a group.
|
|
1457 | 1585 |
* |
1458 |
* @param string $group_dn as ldap dn |
|
1586 |
* @param string $group_dn |
|
1587 |
* as ldap dn. |
|
1459 | 1588 |
* @param mixed $user |
1460 |
* - drupal user object (stdClass Object) |
|
1461 |
* - ldap entry of user (array) (with top level keys of 'dn', 'mail', 'sid' and 'attr' ) |
|
1589 |
* - drupal user object (stdClass Object) |
|
1590 |
* - ldap entry of user (array) (with top level keys of 'dn', 'mail', |
|
1591 |
* 'sid' and 'attr' ) |
|
1462 | 1592 |
* - ldap dn of user (array) |
1463 | 1593 |
* - drupal username of user (string) |
1594 |
* |
|
1595 |
* @return bool |
|
1464 | 1596 |
*/ |
1465 | 1597 |
public function groupRemoveMember($group_dn, $user) { |
1466 | 1598 |
|
1467 | 1599 |
$user_ldap_entry = $this->userUserToExistingLdapEntry($user); |
1468 | 1600 |
$result = FALSE; |
1469 | 1601 |
if ($user_ldap_entry && $this->groupGroupEntryMembershipsConfigured) { |
1470 |
$del = array();
|
|
1602 |
$del = [];
|
|
1471 | 1603 |
$del[$this->groupMembershipsAttr] = $user_ldap_entry['dn']; |
1472 | 1604 |
$this->connectAndBindIfNotAlready(); |
1473 | 1605 |
$result = @ldap_mod_del($this->connection, $group_dn, $del); |
... | ... | |
1475 | 1607 |
return $result; |
1476 | 1608 |
} |
1477 | 1609 |
|
1478 |
|
|
1479 | 1610 |
/** |
1611 |
* Get all members of a group. |
|
1480 | 1612 |
* |
1481 | 1613 |
* @todo: NOT IMPLEMENTED: nested groups |
1482 | 1614 |
* |
1483 |
* get all members of a group |
|
1484 |
* |
|
1485 |
* @param string $group_dn as ldap dn |
Formats disponibles : Unified diff
Weekly update of contrib modules