Révision bc175c27
Ajouté par Assos Assos il y a plus de 5 ans
drupal7/sites/all/modules/ldap/ldap_servers/LdapServer.class.php | ||
---|---|---|
13 | 13 |
* TODO describe preconditions for ldap_entry |
14 | 14 |
*/ |
15 | 15 |
function pretty_print_ldap_entry($ldap_entry) { |
16 |
$m=array();
|
|
17 |
for ($i=0; $i < $ldap_entry['count']; $i++) {
|
|
18 |
$k=$ldap_entry[$i];
|
|
19 |
$v=$ldap_entry[$k];
|
|
16 |
$m = array();
|
|
17 |
for ($i = 0; $i < $ldap_entry['count']; $i++) {
|
|
18 |
$k = $ldap_entry[$i];
|
|
19 |
$v = $ldap_entry[$k];
|
|
20 | 20 |
if(is_array($v)) { |
21 |
$m2=array();
|
|
22 |
$max=$v['count']>3 ? 3 : $v['count'];
|
|
23 |
for ($j=0; $j < $max; $j++) {
|
|
21 |
$m2 = array();
|
|
22 |
$max = $v['count'] > 3 ? 3 : $v['count'];
|
|
23 |
for ($j = 0; $j < $max; $j++) {
|
|
24 | 24 |
$m2[] = $v[$j]; |
25 | 25 |
} |
26 |
$v="(".join(", ", $m2).")";
|
|
26 |
$v = "(".join(", ", $m2).")";
|
|
27 | 27 |
} |
28 | 28 |
$m[] = $k . ": " . $v; |
29 | 29 |
} |
... | ... | |
106 | 106 |
public $connection; |
107 | 107 |
|
108 | 108 |
|
109 |
|
|
110 |
|
|
111 |
// direct mapping of db to object properties |
|
109 |
/** |
|
110 |
* Direct mapping of db to object properties |
|
111 |
* |
|
112 |
* @return array |
|
113 |
*/ |
|
112 | 114 |
public static function field_to_properties_map() { |
113 | 115 |
return array( |
114 | 116 |
'sid' => 'sid', |
... | ... | |
144 | 146 |
'grp_memb_attr_match_user_attr' => 'groupMembershipsAttrMatchingUserAttr', |
145 | 147 |
'grp_derive_from_dn' => 'groupDeriveFromDn', |
146 | 148 |
'grp_derive_from_dn_attr' => 'groupDeriveFromDnAttr', |
147 |
'grp_test_grp_dn' => 'groupTestGroupDn',
|
|
149 |
'grp_test_grp_dn' => 'groupTestGroupDn', |
|
148 | 150 |
'grp_test_grp_dn_writeable' => 'groupTestGroupDnWriteable', |
149 | 151 |
|
150 | 152 |
'search_pagination' => 'searchPagination', |
... | ... | |
156 | 158 |
|
157 | 159 |
/** |
158 | 160 |
* Constructor Method |
161 |
* |
|
162 |
* @param $sid |
|
159 | 163 |
*/ |
160 |
function __construct($sid) { |
|
164 |
public function __construct($sid) {
|
|
161 | 165 |
if (!is_scalar($sid)) { |
162 | 166 |
return; |
163 | 167 |
} |
... | ... | |
176 | 180 |
else { |
177 | 181 |
$select = db_select('ldap_servers') |
178 | 182 |
->fields('ldap_servers') |
179 |
->condition('ldap_servers.sid', $sid)
|
|
183 |
->condition('ldap_servers.sid', $sid) |
|
180 | 184 |
->execute(); |
181 | 185 |
foreach ($select as $record) { |
182 | 186 |
if ($record->sid == $sid) { |
... | ... | |
204 | 208 |
} |
205 | 209 |
|
206 | 210 |
/** |
207 |
* this method sets properties that don't directly map from db record. it is split out so it can be shared with ldapServerTest.class.php |
|
211 |
* This method sets properties that don't directly map from db record. |
|
212 |
* |
|
213 |
* It is split out so it can be shared with ldapServerTest.class.php |
|
214 |
* |
|
215 |
* @param $bindpw |
|
208 | 216 |
*/ |
209 | 217 |
protected function initDerivedProperties($bindpw) { |
210 | 218 |
|
... | ... | |
223 | 231 |
$this->basedn = array(); |
224 | 232 |
$token = is_scalar($basedn_unserialized) ? $basedn_unserialized : print_r($basedn_unserialized, TRUE); |
225 | 233 |
debug("basednb desearialization error". $token); |
226 |
watchdog('ldap_server', 'Failed to deserialize LdapServer::basedn of !basedn', array('!basedn' => $token), WATCHDOG_ERROR); |
|
234 |
watchdog('ldap_servers', 'Failed to deserialize LdapServer::basedn of !basedn', array('!basedn' => $token), WATCHDOG_ERROR);
|
|
227 | 235 |
} |
228 | 236 |
|
229 | 237 |
} |
... | ... | |
236 | 244 |
$this->bindpw = ($bindpw == '') ? '' : ldap_servers_decrypt($bindpw); |
237 | 245 |
} |
238 | 246 |
|
247 |
$bind_overrides = variable_get('ldap_servers_overrides', []); |
|
248 |
if (isset($bind_overrides[$this->sid])) { |
|
249 |
if (isset($bind_overrides[$this->sid]['binddn'])) { |
|
250 |
$this->binddn = $bind_overrides[$this->sid]['binddn']; |
|
251 |
} |
|
252 |
if (isset($bind_overrides[$this->sid]['bindpw'])) { |
|
253 |
$this->bindpw = $bind_overrides[$this->sid]['bindpw']; |
|
254 |
} |
|
255 |
} |
|
256 |
|
|
239 | 257 |
$this->paginationEnabled = (boolean)(ldap_servers_php_supports_pagination() && $this->searchPagination); |
240 | 258 |
|
241 | 259 |
$this->queriableWithoutUserCredentials = (boolean)( |
... | ... | |
247 | 265 |
$this->groupGroupEntryMembershipsConfigured = ($this->groupMembershipsAttrMatchingUserAttr && $this->groupMembershipsAttr); |
248 | 266 |
$this->groupUserMembershipsConfigured = ($this->groupUserMembershipsAttrExists && $this->groupUserMembershipsAttr); |
249 | 267 |
} |
268 |
|
|
250 | 269 |
/** |
251 | 270 |
* Destructor Method |
252 | 271 |
*/ |
253 |
function __destruct() { |
|
272 |
public function __destruct() {
|
|
254 | 273 |
// Close the server connection to be sure. |
255 | 274 |
$this->disconnect(); |
256 | 275 |
} |
257 | 276 |
|
258 |
|
|
259 | 277 |
/** |
260 | 278 |
* Invoke Method |
261 | 279 |
*/ |
262 |
function __invoke() { |
|
280 |
public function __invoke() {
|
|
263 | 281 |
$this->connect(); |
264 | 282 |
$this->bind(); |
265 | 283 |
} |
266 | 284 |
|
267 |
|
|
268 |
|
|
269 | 285 |
/** |
270 | 286 |
* Connect Method |
271 | 287 |
*/ |
272 |
function connect() { |
|
288 |
public function connect() { |
|
289 |
if (!function_exists('ldap_connect')) { |
|
290 |
watchdog('ldap_servers', 'PHP LDAP extension not found, aborting.'); |
|
291 |
return LDAP_NOT_SUPPORTED; |
|
292 |
} |
|
273 | 293 |
|
274 | 294 |
if (!$con = ldap_connect($this->address, $this->port)) { |
275 |
watchdog('user', 'LDAP Connect failure to ' . $this->address . ':' . $this->port);
|
|
295 |
watchdog('ldap_servers', 'LDAP Connect failure to ' . $this->address . ':' . $this->port);
|
|
276 | 296 |
return LDAP_CONNECT_ERROR; |
277 | 297 |
} |
278 | 298 |
|
... | ... | |
283 | 303 |
if ($this->tls) { |
284 | 304 |
ldap_get_option($con, LDAP_OPT_PROTOCOL_VERSION, $vers); |
285 | 305 |
if ($vers == -1) { |
286 |
watchdog('user', 'Could not get LDAP protocol version.');
|
|
306 |
watchdog('ldap_servers', 'Could not get LDAP protocol version.');
|
|
287 | 307 |
return LDAP_PROTOCOL_ERROR; |
288 | 308 |
} |
289 | 309 |
if ($vers != 3) { |
290 |
watchdog('user', 'Could not start TLS, only supported by LDAP v3.');
|
|
310 |
watchdog('ldap_servers', 'Could not start TLS, only supported by LDAP v3.');
|
|
291 | 311 |
return LDAP_CONNECT_ERROR; |
292 | 312 |
} |
293 | 313 |
elseif (!function_exists('ldap_start_tls')) { |
294 |
watchdog('user', 'Could not start TLS. It does not seem to be supported by this PHP setup.');
|
|
314 |
watchdog('ldap_servers', 'Could not start TLS. It does not seem to be supported by this PHP setup.');
|
|
295 | 315 |
return LDAP_CONNECT_ERROR; |
296 | 316 |
} |
297 | 317 |
elseif (!ldap_start_tls($con)) { |
298 |
$msg = t("Could not start TLS. (Error %errno: %error).", array('%errno' => ldap_errno($con), '%error' => ldap_error($con)));
|
|
299 |
watchdog('user', $msg);
|
|
318 |
$msg = t("Could not start TLS. (Error %errno: %error).", array('%errno' => ldap_errno($con), '%error' => ldap_error($con))); |
|
319 |
watchdog('ldap_servers', $msg);
|
|
300 | 320 |
return LDAP_CONNECT_ERROR; |
301 | 321 |
} |
302 | 322 |
} |
... | ... | |
318 | 338 |
* @return |
319 | 339 |
* Result of bind; TRUE if successful, FALSE otherwise. |
320 | 340 |
*/ |
321 |
function bind($userdn = NULL, $pass = NULL, $anon_bind = FALSE) { |
|
341 |
public function bind($userdn = NULL, $pass = NULL, $anon_bind = FALSE) {
|
|
322 | 342 |
|
323 | 343 |
// Ensure that we have an active server connection. |
324 | 344 |
if (!$this->connection) { |
325 |
watchdog('ldap', "LDAP bind failure for user %user. Not connected to LDAP server.", array('%user' => $userdn)); |
|
345 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Not connected to LDAP server.", array('%user' => $userdn));
|
|
326 | 346 |
return LDAP_CONNECT_ERROR; |
327 | 347 |
} |
328 | 348 |
|
... | ... | |
332 | 352 |
if ($anon_bind === TRUE) { |
333 | 353 |
if (@!ldap_bind($this->connection)) { |
334 | 354 |
if ($this->detailedWatchdogLog) { |
335 |
watchdog('ldap', "LDAP anonymous bind error. Error %errno: %error", array('%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection))); |
|
355 |
watchdog('ldap_servers', "LDAP anonymous bind error. Error %errno: %error", array('%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
|
|
336 | 356 |
} |
337 | 357 |
return ldap_errno($this->connection); |
338 | 358 |
} |
... | ... | |
347 | 367 |
} |
348 | 368 |
|
349 | 369 |
if (drupal_strlen($pass) == 0 || drupal_strlen($userdn) == 0) { |
350 |
watchdog('ldap', "LDAP bind failure for user userdn=%userdn, pass=%pass.", array('%userdn' => $userdn, '%pass' => $pass)); |
|
370 |
watchdog('ldap_servers', "LDAP bind failure for user userdn=%userdn, pass=%pass.", array('%userdn' => $userdn, '%pass' => $pass));
|
|
351 | 371 |
return LDAP_LOCAL_ERROR; |
352 | 372 |
} |
353 | 373 |
if (@!ldap_bind($this->connection, $userdn, $pass)) { |
354 | 374 |
if ($this->detailedWatchdogLog) { |
355 |
watchdog('ldap', "LDAP bind failure for user %user. Error %errno: %error", array('%user' => $userdn, '%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection))); |
|
375 |
watchdog('ldap_servers', "LDAP bind failure for user %user. Error %errno: %error", array('%user' => $userdn, '%errno' => ldap_errno($this->connection), '%error' => ldap_error($this->connection)));
|
|
356 | 376 |
} |
357 | 377 |
return ldap_errno($this->connection); |
358 | 378 |
} |
... | ... | |
364 | 384 |
/** |
365 | 385 |
* Disconnect (unbind) from an active LDAP server. |
366 | 386 |
*/ |
367 |
function disconnect() { |
|
387 |
public function disconnect() {
|
|
368 | 388 |
if (!$this->connection) { |
369 | 389 |
// never bound or not currently bound, so no need to disconnect |
370 |
//watchdog('ldap', 'LDAP disconnect failure from '. $this->server_addr . ':' . $this->port); |
|
390 |
//watchdog('ldap_servers', 'LDAP disconnect failure from '. $this->server_addr . ':' . $this->port);
|
|
371 | 391 |
} |
372 | 392 |
else { |
373 | 393 |
ldap_unbind($this->connection); |
... | ... | |
375 | 395 |
} |
376 | 396 |
} |
377 | 397 |
|
398 |
/** |
|
399 |
* |
|
400 |
*/ |
|
378 | 401 |
public function connectAndBindIfNotAlready() { |
379 | 402 |
if (! $this->connection) { |
380 | 403 |
$this->connect(); |
... | ... | |
382 | 405 |
} |
383 | 406 |
} |
384 | 407 |
|
385 |
/** |
|
386 |
* does dn exist for this server? |
|
387 |
* [ ] Finished |
|
388 |
* [ ] Test Coverage. Test ID: |
|
389 |
* [ ] Case insensitive |
|
390 |
* |
|
391 |
* @param string $dn |
|
392 |
* @param enum $return = 'boolean' or 'ldap_entry' |
|
393 |
* @param array $attributes in same form as ldap_read $attributes parameter |
|
394 |
* |
|
395 |
* @param return FALSE or ldap entry array |
|
396 |
*/ |
|
397 |
function dnExists($dn, $return = 'boolean', $attributes = NULL) { |
|
408 |
/** |
|
409 |
* does dn exist for this server? |
|
410 |
* |
|
411 |
* |
|
412 |
* @param string $dn |
|
413 |
* @param enum $return = 'boolean' or 'ldap_entry' |
|
414 |
* @param array $attributes in same form as ldap_read $attributes parameter |
|
415 |
* |
|
416 |
* @return bool|array |
|
417 |
*/ |
|
418 |
public function dnExists($dn, $return = 'boolean', $attributes = NULL) { |
|
398 | 419 |
|
399 | 420 |
$params = array( |
400 | 421 |
'base_dn' => $dn, |
... | ... | |
435 | 456 |
return ldap_count_entries($this->connection, $ldap_result); |
436 | 457 |
} |
437 | 458 |
|
438 |
|
|
439 |
|
|
440 | 459 |
/** |
441 | 460 |
* create ldap entry. |
442 | 461 |
* |
443 | 462 |
* @param array $attributes should follow the structure of ldap_add functions |
444 | 463 |
* entry array: http://us.php.net/manual/en/function.ldap-add.php |
445 |
$attributes["attribute1"] = "value"; |
|
446 |
$attributes["attribute2"][0] = "value1"; |
|
447 |
$attributes["attribute2"][1] = "value2"; |
|
464 |
* $attributes["attribute1"] = "value";
|
|
465 |
* $attributes["attribute2"][0] = "value1";
|
|
466 |
* $attributes["attribute2"][1] = "value2";
|
|
448 | 467 |
* @return boolean result |
449 | 468 |
*/ |
450 |
|
|
451 | 469 |
public function createLdapEntry($attributes, $dn = NULL) { |
452 | 470 |
|
453 | 471 |
if (!$this->connection) { |
... | ... | |
470 | 488 |
if (!$result) { |
471 | 489 |
$error = "LDAP Server ldap_add(%dn) Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
472 | 490 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))); |
473 |
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR); |
|
491 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR);
|
|
474 | 492 |
} |
475 | 493 |
|
476 | 494 |
return $result; |
477 | 495 |
} |
478 | 496 |
|
479 |
|
|
480 |
|
|
481 |
/** |
|
482 |
* given 2 ldap entries, old and new, removed unchanged values to avoid security errors and incorrect date modifieds |
|
483 |
* |
|
484 |
* @param ldap entry array $new_entry in form <attribute> => <value> |
|
485 |
* @param ldap entry array $old_entry in form <attribute> => array('count' => N, array(<value>,...<value> |
|
486 |
* |
|
487 |
* @return ldap array with no values that have NOT changed |
|
488 |
*/ |
|
489 |
|
|
490 |
static public function removeUnchangedAttributes($new_entry, $old_entry) { |
|
497 |
/** |
|
498 |
* Compares 2 LDAP entries and returns the difference. |
|
499 |
* |
|
500 |
* Given 2 ldap entries, old and new, removes unchanged values to avoid |
|
501 |
* security errors and incorrect date modified. |
|
502 |
* |
|
503 |
* @param array $new_entry |
|
504 |
* LDAP entry array in form <attribute> => <value>, or |
|
505 |
* <attribute> => array(<value1>, <value2>, ...). |
|
506 |
* @param array $old_entry |
|
507 |
* LDAP entry in form <attribute> => |
|
508 |
* array('count' => N, <value1>, <value2>, ...). |
|
509 |
* |
|
510 |
* @return array |
|
511 |
* The $new_entry with unchanged attributes removed. |
|
512 |
* |
|
513 |
* @see \LdapServer::modifyLdapEntry() |
|
514 |
*/ |
|
515 |
public static function removeUnchangedAttributes($new_entry, $old_entry) { |
|
491 | 516 |
|
492 | 517 |
foreach ($new_entry as $key => $new_val) { |
493 | 518 |
$old_value = FALSE; |
... | ... | |
513 | 538 |
unset($new_entry[$key]); // don't change values that aren't changing to avoid false permission constraints |
514 | 539 |
} |
515 | 540 |
} |
541 |
|
|
516 | 542 |
return $new_entry; |
517 | 543 |
} |
518 | 544 |
|
519 |
|
|
520 |
|
|
521 |
|
|
522 |
|
|
523 | 545 |
/** |
524 | 546 |
* modify attributes of ldap entry |
525 | 547 |
* |
526 | 548 |
* @param string $dn DN of entry |
527 | 549 |
* @param array $attributes should follow the structure of ldap_add functions |
528 | 550 |
* entry array: http://us.php.net/manual/en/function.ldap-add.php |
529 |
$attributes["attribute1"] = "value"; |
|
530 |
$attributes["attribute2"][0] = "value1"; |
|
531 |
$attributes["attribute2"][1] = "value2"; |
|
532 |
|
|
533 |
@return TRUE on success FALSE on error |
|
551 |
* $attributes["attribute1"] = "value";
|
|
552 |
* $attributes["attribute2"][0] = "value1";
|
|
553 |
* $attributes["attribute2"][1] = "value2";
|
|
554 |
* |
|
555 |
* @return TRUE on success FALSE on error
|
|
534 | 556 |
*/ |
535 |
|
|
536 |
function modifyLdapEntry($dn, $attributes = array(), $old_attributes = FALSE) { |
|
557 |
public function modifyLdapEntry($dn, $attributes = array(), $old_attributes = FALSE) { |
|
537 | 558 |
|
538 | 559 |
$this->connectAndBindIfNotAlready(); |
539 | 560 |
|
... | ... | |
542 | 563 |
if (!$result) { |
543 | 564 |
$error = "LDAP Server ldap_read(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
544 | 565 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))); |
545 |
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR); |
|
566 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR);
|
|
546 | 567 |
return FALSE; |
547 | 568 |
} |
548 | 569 |
|
549 | 570 |
$entries = ldap_get_entries($this->connection, $result); |
550 | 571 |
if (is_array($entries) && $entries['count'] == 1) { |
551 |
$old_attributes = $entries[0];
|
|
572 |
$old_attributes = $entries[0]; |
|
552 | 573 |
} |
553 | 574 |
} |
554 | 575 |
|
... | ... | |
577 | 598 |
if (!$result) { |
578 | 599 |
$error = "LDAP Server ldap_mod_del(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
579 | 600 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))); |
580 |
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR); |
|
601 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR);
|
|
581 | 602 |
return FALSE; |
582 | 603 |
} |
583 | 604 |
} |
... | ... | |
598 | 619 |
if (!$result) { |
599 | 620 |
$error = "LDAP Server ldap_modify(%dn) in LdapServer::modifyLdapEntry() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
600 | 621 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))); |
601 |
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR); |
|
622 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR);
|
|
602 | 623 |
return FALSE; |
603 | 624 |
} |
604 | 625 |
} |
... | ... | |
614 | 635 |
* |
615 | 636 |
* @return boolean result per ldap_delete |
616 | 637 |
*/ |
617 |
|
|
618 | 638 |
public function delete($dn) { |
619 | 639 |
if (!$this->connection) { |
620 | 640 |
$this->connect(); |
... | ... | |
624 | 644 |
if (!$result) { |
625 | 645 |
$error = "LDAP Server delete(%dn) in LdapServer::delete() Error Server ID = %sid, LDAP Err No: %ldap_errno LDAP Err Message: %ldap_err2str "; |
626 | 646 |
$tokens = array('%dn' => $dn, '%sid' => $this->sid, '%ldap_errno' => ldap_errno($this->connection), '%ldap_err2str' => ldap_err2str(ldap_errno($this->connection))); |
627 |
watchdog('ldap_server', $error, $tokens, WATCHDOG_ERROR); |
|
647 |
watchdog('ldap_servers', $error, $tokens, WATCHDOG_ERROR);
|
|
628 | 648 |
} |
629 | 649 |
return $result; |
630 | 650 |
} |
... | ... | |
640 | 660 |
* |
641 | 661 |
* @remaining params mimick ldap_search() function params |
642 | 662 |
* |
643 |
* @return |
|
644 |
* An array of matching entries->attributes (will have 0 |
|
645 |
* elements if search returns no results), |
|
646 |
* or FALSE on error on any of the basedn queries |
|
663 |
* @return array |
|
664 |
* An array of matching entries->attributes (will have 0 elements if search |
|
665 |
* returns no results), or FALSE on error on any of the basedn queries. |
|
647 | 666 |
*/ |
648 |
|
|
649 | 667 |
public function searchAllBaseDns( |
650 | 668 |
$filter, |
651 | 669 |
$attributes = array(), |
... | ... | |
678 | 696 |
|
679 | 697 |
} |
680 | 698 |
|
681 |
|
|
682 | 699 |
/** |
683 | 700 |
* Perform an LDAP search. |
701 |
* |
|
684 | 702 |
* @param string $basedn |
685 | 703 |
* The search base. If NULL, we use $this->basedn. should not be esacaped |
686 |
* |
|
687 | 704 |
* @param string $filter |
688 |
* The search filter. such as sAMAccountName=jbarclay. attribute values (e.g. jbarclay) should be esacaped before calling |
|
689 |
|
|
705 |
* The search filter. such as sAMAccountName=jbarclay. attribute values |
|
706 |
* (e.g. jbarclay) should be esacaped before calling |
|
707 |
* |
|
690 | 708 |
* @param array $attributes |
691 | 709 |
* List of desired attributes. If omitted, we only return "dn". |
692 | 710 |
* |
... | ... | |
697 | 715 |
* elements if search returns no results), |
698 | 716 |
* or FALSE on error. |
699 | 717 |
*/ |
700 |
|
|
701 |
function search($base_dn = NULL, $filter, $attributes = array(), |
|
718 |
public function search($base_dn = NULL, $filter, $attributes = array(), |
|
702 | 719 |
$attrsonly = 0, $sizelimit = 0, $timelimit = 0, $deref = NULL, $scope = LDAP_SCOPE_SUBTREE) { |
703 | 720 |
|
704 | 721 |
/** |
... | ... | |
708 | 725 |
* -- http://sgehrig.wordpress.com/2009/11/06/reading-paged-ldap-results-with-php-is-a-show-stopper/ |
709 | 726 |
*/ |
710 | 727 |
|
711 |
|
|
712 | 728 |
if ($base_dn == NULL) { |
713 | 729 |
if (count($this->basedn) == 1) { |
714 | 730 |
$base_dn = $this->basedn[0]; |
... | ... | |
718 | 734 |
} |
719 | 735 |
} |
720 | 736 |
|
721 |
$attr_display = is_array($attributes) ? join(',', $attributes) : 'none';
|
|
737 |
$attr_display = is_array($attributes) ? join(',', $attributes) : 'none'; |
|
722 | 738 |
$query = 'ldap_search() call: ' . join(",\n", array( |
723 | 739 |
'base_dn: ' . $base_dn, |
724 | 740 |
'filter = ' . $filter, |
... | ... | |
731 | 747 |
) |
732 | 748 |
); |
733 | 749 |
if ($this->detailed_watchdog_log) { |
734 |
watchdog('ldap_server', $query, array()); |
|
750 |
watchdog('ldap_servers', $query, array());
|
|
735 | 751 |
} |
736 | 752 |
|
737 | 753 |
// When checking multiple servers, there's a chance we might not be connected yet. |
... | ... | |
765 | 781 |
return (is_array($entries)) ? $entries : FALSE; |
766 | 782 |
} |
767 | 783 |
elseif ($this->ldapErrorNumber()) { |
768 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'],
|
|
784 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], |
|
769 | 785 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), |
770 | 786 |
'%errno' => $this->ldapErrorNumber()); |
771 |
watchdog('ldap', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes: |
|
787 |
watchdog('ldap_servers', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes:
|
|
772 | 788 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
773 | 789 |
return FALSE; |
774 | 790 |
} |
... | ... | |
778 | 794 |
} |
779 | 795 |
} |
780 | 796 |
|
781 |
|
|
782 | 797 |
/** |
783 | 798 |
* execute a paged ldap query and return entries as one aggregated array |
784 | 799 |
* |
... | ... | |
786 | 801 |
* a particular set of pages is desired |
787 | 802 |
* |
788 | 803 |
* @param array $ldap_query_params of form: |
789 |
'base_dn' => base_dn, |
|
790 |
'filter' => filter, |
|
791 |
'attributes' => attributes, |
|
792 |
'attrsonly' => attrsonly, |
|
793 |
'sizelimit' => sizelimit, |
|
794 |
'timelimit' => timelimit, |
|
795 |
'deref' => deref, |
|
796 |
'scope' => scope, |
|
797 |
|
|
798 |
(this array of parameters is primarily passed on to ldapQuery() method) |
|
804 |
* 'base_dn' => base_dn,
|
|
805 |
* 'filter' => filter,
|
|
806 |
* 'attributes' => attributes,
|
|
807 |
* 'attrsonly' => attrsonly,
|
|
808 |
* 'sizelimit' => sizelimit,
|
|
809 |
* 'timelimit' => timelimit,
|
|
810 |
* 'deref' => deref,
|
|
811 |
* 'scope' => scope,
|
|
812 |
* |
|
813 |
* (this array of parameters is primarily passed on to ldapQuery() method)
|
|
799 | 814 |
* |
800 | 815 |
* @return array of ldap entries or FALSE on error. |
801 | 816 |
* |
... | ... | |
803 | 818 |
public function pagedLdapQuery($ldap_query_params) { |
804 | 819 |
|
805 | 820 |
if (!($this->searchPagination && $this->paginationEnabled)) { |
806 |
watchdog('ldap', "LDAP server pagedLdapQuery() called when functionality not available in php install or |
|
821 |
watchdog('ldap_servers', "LDAP server pagedLdapQuery() called when functionality not available in php install or
|
|
807 | 822 |
not enabled in ldap server configuration. error. basedn: %basedn| filter: %filter| attributes: |
808 | 823 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
809 | 824 |
RETURN FALSE; |
810 | 825 |
} |
811 | 826 |
|
812 |
$paged_entries = array(); |
|
813 | 827 |
$page_token = ''; |
814 | 828 |
$page = 0; |
815 | 829 |
$estimated_entries = 0; |
... | ... | |
831 | 845 |
$aggregated_entries_count = count($aggregated_entries); |
832 | 846 |
} |
833 | 847 |
elseif ($this->ldapErrorNumber()) { |
834 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'],
|
|
848 |
$watchdog_tokens = array('%basedn' => $ldap_query_params['base_dn'], '%filter' => $ldap_query_params['filter'], |
|
835 | 849 |
'%attributes' => print_r($ldap_query_params['attributes'], TRUE), '%errmsg' => $this->errorMsg('ldap'), |
836 | 850 |
'%errno' => $this->ldapErrorNumber()); |
837 |
watchdog('ldap', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes: |
|
851 |
watchdog('ldap_servers', "LDAP ldap_search error. basedn: %basedn| filter: %filter| attributes:
|
|
838 | 852 |
%attributes| errmsg: %errmsg| ldap err no: %errno|", $watchdog_tokens); |
839 | 853 |
RETURN FALSE; |
840 | 854 |
} |
... | ... | |
850 | 864 |
// false positive error thrown. do not set result limit error when $sizelimit specified |
851 | 865 |
} |
852 | 866 |
elseif ($this->hasError()) { |
853 |
watchdog('ldap_server', 'ldap_control_paged_result_response() function error. LDAP Error: %message, ldap_list() parameters: %query', |
|
867 |
watchdog('ldap_servers', 'ldap_control_paged_result_response() function error. LDAP Error: %message, ldap_list() parameters: %query',
|
|
854 | 868 |
array('%message' => $this->errorMsg('ldap'), '%query' => $ldap_query_params['query_display']), |
855 | 869 |
WATCHDOG_ERROR); |
856 | 870 |
} |
... | ... | |
880 | 894 |
* |
881 | 895 |
* @return array of ldap entries |
882 | 896 |
*/ |
883 |
function ldapQuery($scope, $params) { |
|
897 |
public function ldapQuery($scope, $params) {
|
|
884 | 898 |
|
885 | 899 |
$this->connectAndBindIfNotAlready(); |
886 | 900 |
|
... | ... | |
892 | 906 |
// false positive error thrown. do not return result limit error when $sizelimit specified |
893 | 907 |
} |
894 | 908 |
elseif ($this->hasError()) { |
895 |
watchdog('ldap_server', 'ldap_search() function error. LDAP Error: %message, ldap_search() parameters: %query', |
|
909 |
watchdog('ldap_servers', 'ldap_search() function error. LDAP Error: %message, ldap_search() parameters: %query',
|
|
896 | 910 |
array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']), |
897 | 911 |
WATCHDOG_ERROR); |
898 | 912 |
} |
... | ... | |
905 | 919 |
// false positive error thrown. do not result limit error when $sizelimit specified |
906 | 920 |
} |
907 | 921 |
elseif ($this->hasError()) { |
908 |
watchdog('ldap_server', 'ldap_read() function error. LDAP Error: %message, ldap_read() parameters: %query', |
|
922 |
watchdog('ldap_servers', 'ldap_read() function error. LDAP Error: %message, ldap_read() parameters: %query',
|
|
909 | 923 |
array('%message' => $this->errorMsg('ldap'), '%query' => @$params['query_display']), |
910 | 924 |
WATCHDOG_ERROR); |
911 | 925 |
} |
... | ... | |
918 | 932 |
// false positive error thrown. do not result limit error when $sizelimit specified |
919 | 933 |
} |
920 | 934 |
elseif ($this->hasError()) { |
921 |
watchdog('ldap_server', 'ldap_list() function error. LDAP Error: %message, ldap_list() parameters: %query', |
|
935 |
watchdog('ldap_servers', 'ldap_list() function error. LDAP Error: %message, ldap_list() parameters: %query',
|
|
922 | 936 |
array('%message' => $this->errorMsg('ldap'), '%query' => $params['query_display']), |
923 | 937 |
WATCHDOG_ERROR); |
924 | 938 |
} |
... | ... | |
931 | 945 |
* @param array $dns Mixed Case |
932 | 946 |
* @return array $dns Lower Case |
933 | 947 |
*/ |
934 |
|
|
935 | 948 |
public function dnArrayToLowerCase($dns) { |
936 | 949 |
return array_keys(array_change_key_case(array_flip($dns), CASE_LOWER)); |
937 | 950 |
} |
938 | 951 |
|
939 | 952 |
/** |
940 |
* @param binary or string $puid as returned from ldap_read or other ldap function
|
|
953 |
* userUserEntityFromPuid.
|
|
941 | 954 |
* |
955 |
* @param string $puid |
|
956 |
* Binary or string as returned from ldap_read or other ldap function. |
|
957 |
* |
|
958 |
* @return mixed |
|
942 | 959 |
*/ |
943 | 960 |
public function userUserEntityFromPuid($puid) { |
944 | 961 |
|
... | ... | |
959 | 976 |
} |
960 | 977 |
else { |
961 | 978 |
$uids = join(',', $uids); |
962 |
$tokens = array('%uids' => $uids, '%puid' => $puid, '%sid' => $this->sid, '%ldap_user_puid_property' => $this->unique_persistent_attr);
|
|
963 |
watchdog('ldap_server', 'multiple users (uids: %uids) with same puid (puid=%puid, sid=%sid, ldap_user_puid_property=%ldap_user_puid_property)', $tokens, WATCHDOG_ERROR); |
|
979 |
$tokens = array('%uids' => $uids, '%puid' => $puid, '%sid' => $this->sid, '%ldap_user_puid_property' => $this->unique_persistent_attr);
|
|
980 |
watchdog('ldap_servers', 'multiple users (uids: %uids) with same puid (puid=%puid, sid=%sid, ldap_user_puid_property=%ldap_user_puid_property)', $tokens, WATCHDOG_ERROR);
|
|
964 | 981 |
return FALSE; |
965 | 982 |
} |
966 | 983 |
} |
... | ... | |
970 | 987 |
|
971 | 988 |
} |
972 | 989 |
|
973 |
function userUsernameToLdapNameTransform($drupal_username, &$watchdog_tokens) { |
|
990 |
/** |
|
991 |
* @param $drupal_username |
|
992 |
* @param $watchdog_tokens |
|
993 |
* |
|
994 |
* @return string |
|
995 |
*/ |
|
996 |
public function userUsernameToLdapNameTransform($drupal_username, &$watchdog_tokens) { |
|
974 | 997 |
if ($this->ldapToDrupalUserPhp && module_exists('php')) { |
975 | 998 |
global $name; |
976 | 999 |
$old_name_value = $name; |
... | ... | |
983 | 1006 |
$watchdog_tokens['%ldap_username'] = $ldap_username; |
984 | 1007 |
$name = $old_name_value; // important because of global scope of $name |
985 | 1008 |
if ($this->detailedWatchdogLog) { |
986 |
watchdog('ldap_server', '%drupal_user_name tansformed to %ldap_username by applying code <code>%code</code>', $watchdog_tokens, WATCHDOG_DEBUG); |
|
1009 |
watchdog('ldap_servers', '%drupal_user_name tansformed to %ldap_username by applying code <code>%code</code>', $watchdog_tokens, WATCHDOG_DEBUG);
|
|
987 | 1010 |
} |
988 | 1011 |
} |
989 | 1012 |
else { |
... | ... | |
1001 | 1024 |
} |
1002 | 1025 |
|
1003 | 1026 |
|
1004 |
/** |
|
1005 |
* @param ldap entry array $ldap_entry |
|
1027 |
/** |
|
1028 |
* userUsernameFromLdapEntry. |
|
1029 |
* |
|
1030 |
* @param array $ldap_entry |
|
1006 | 1031 |
* |
1007 |
* @return string user's username value |
|
1032 |
* @return string |
|
1033 |
* user's username value |
|
1008 | 1034 |
*/ |
1009 | 1035 |
public function userUsernameFromLdapEntry($ldap_entry) { |
1010 | 1036 |
|
... | ... | |
1022 | 1048 |
return $accountname; |
1023 | 1049 |
} |
1024 | 1050 |
|
1025 |
/** |
|
1026 |
* @param string $dn ldap dn
|
|
1051 |
/**
|
|
1052 |
* userUsernameFromDn.
|
|
1027 | 1053 |
* |
1028 |
* @return mixed string user's username value of FALSE |
|
1054 |
* @param string $dn |
|
1055 |
* |
|
1056 |
* @return mixed |
|
1057 |
* string user's username value of FALSE |
|
1029 | 1058 |
*/ |
1030 | 1059 |
public function userUsernameFromDn($dn) { |
1031 | 1060 |
|
... | ... | |
1060 | 1089 |
} |
1061 | 1090 |
|
1062 | 1091 |
/** |
1063 |
* @param ldap entry array $ldap_entry
|
|
1092 |
* @param array $ldap_entry |
|
1064 | 1093 |
* |
1065 |
* @return drupal file object image user's thumbnail or FALSE if none present or ERROR happens. |
|
1094 |
* @return object|bool |
|
1095 |
* Drupal file object image user's thumbnail or FALSE if none present or |
|
1096 |
* ERROR happens. |
|
1066 | 1097 |
*/ |
1067 | 1098 |
public function userPictureFromLdapEntry($ldap_entry, $drupal_username = FALSE) { |
1068 | 1099 |
if ($ldap_entry && $this->picture_attr) { |
1069 | 1100 |
//Check if ldap entry has been provisioned. |
1070 | 1101 |
|
1071 |
$thumb = isset($ldap_entry[$this->picture_attr][0]) ? $ldap_entry[$this->picture_attr][0] : FALSE;
|
|
1072 |
if(!$thumb){
|
|
1102 |
$image_data = isset($ldap_entry[$this->picture_attr][0]) ? $ldap_entry[$this->picture_attr][0] : FALSE;
|
|
1103 |
if (!$image_data) {
|
|
1073 | 1104 |
return FALSE; |
1074 | 1105 |
} |
1075 | 1106 |
|
1076 |
//Create md5 check. |
|
1077 |
$md5thumb = md5($thumb); |
|
1107 |
$md5thumb = md5($image_data); |
|
1078 | 1108 |
|
1079 | 1109 |
/** |
1080 |
* If existing account already has picture check if it has changed if so remove old file and create the new one |
|
1081 |
* If picture is not set but account has md5 something is wrong exit. |
|
1110 |
* If the existing account already has picture check if it has changed. If |
|
1111 |
* so remove the old file and create the new one. If a picture is not set |
|
1112 |
* but the account has an md5 hash, something is wrong and we exit. |
|
1082 | 1113 |
*/ |
1083 | 1114 |
if ($drupal_username && $account = user_load_by_name($drupal_username)) { |
1084 |
if ($account->uid == 0 || $account->uid == 1){ |
|
1115 |
if ($account->uid == 0 || $account->uid == 1) {
|
|
1085 | 1116 |
return FALSE; |
1086 | 1117 |
} |
1087 |
if (isset($account->picture)){ |
|
1088 |
// Check if image has changed |
|
1089 |
if (isset($account->data['ldap_user']['init']['thumb5md']) && $md5thumb === $account->data['ldap_user']['init']['thumb5md']){ |
|
1090 |
//No change return same image |
|
1118 |
if (isset($account->picture)) { |
|
1119 |
// Check if image has changed. |
|
1120 |
if (isset($account->data['ldap_user']['init']['thumb5md']) && $md5thumb === $account->data['ldap_user']['init']['thumb5md']) { |
|
1121 |
// No change, return same image. |
|
1122 |
$account->picture->md5Sum = $md5thumb; |
|
1091 | 1123 |
return $account->picture; |
1092 | 1124 |
} |
1093 | 1125 |
else { |
1094 |
//Image is different check wether is obj/str and remove fileobject
|
|
1095 |
if (is_object($account->picture)){ |
|
1126 |
// Image is different, remove file object.
|
|
1127 |
if (is_object($account->picture)) {
|
|
1096 | 1128 |
file_delete($account->picture, TRUE); |
1097 | 1129 |
} |
1098 |
elseif (is_string($account->picture)){ |
|
1130 |
elseif (is_string($account->picture)) {
|
|
1099 | 1131 |
$file = file_load(intval($account->picture)); |
1100 | 1132 |
file_delete($file, TRUE); |
1101 | 1133 |
} |
1102 | 1134 |
} |
1103 | 1135 |
} |
1104 | 1136 |
elseif (isset($account->data['ldap_user']['init']['thumb5md'])) { |
1105 |
watchdog('ldap_server', "Some error happened during thumbnailPhoto sync");
|
|
1137 |
watchdog('ldap_servers', "Some error happened during thumbnailPhoto sync.");
|
|
1106 | 1138 |
return FALSE; |
1107 | 1139 |
} |
1108 | 1140 |
} |
1109 |
//Create tmp file to get image format. |
|
1110 |
$filename = uniqid(); |
|
1111 |
$fileuri = file_directory_temp() .'/'. $filename; |
|
1112 |
$size = file_put_contents($fileuri, $thumb); |
|
1113 |
$info = image_get_info($fileuri); |
|
1114 |
unlink($fileuri); |
|
1115 |
// create file object |
|
1116 |
$file = file_save_data($thumb, 'public://' . variable_get('user_picture_path') .'/'. $filename .'.'. $info['extension']); |
|
1117 |
$file->md5Sum = $md5thumb; |
|
1118 |
// standard Drupal validators for user pictures |
|
1119 |
$validators = array( |
|
1120 |
'file_validate_is_image' => array(), |
|
1121 |
'file_validate_image_resolution' => array(variable_get('user_picture_dimensions', '85x85')), |
|
1122 |
'file_validate_size' => array(variable_get('user_picture_file_size', '30') * 1024), |
|
1123 |
); |
|
1124 |
$errors = file_validate($file ,$validators); |
|
1125 |
if (empty($errors)) { |
|
1126 |
return $file; |
|
1127 |
} |
|
1128 |
else { |
|
1129 |
foreach ($errors as $err => $err_val){ |
|
1130 |
watchdog('ldap_server', "Error storing picture: %$err", array("%$err" => $err_val), WATCHDOG_ERROR); |
|
1131 |
} |
|
1132 |
return FALSE; |
|
1133 |
} |
|
1134 |
} |
|
1141 |
return $this->savePictureData($image_data, $md5thumb); |
|
1142 |
} |
|
1143 |
return FALSE; |
|
1135 | 1144 |
} |
1136 | 1145 |
|
1137 | 1146 |
|
1138 | 1147 |
/** |
1139 |
* @param ldap entry array $ldap_entry |
|
1148 |
* @param $image_data |
|
1149 |
* @param $md5thumb |
|
1150 |
*/ |
|
1151 |
private function savePictureData($image_data, $md5thumb) { |
|
1152 |
//Create tmp file to get image format. |
|
1153 |
$filename = uniqid(); |
|
1154 |
$fileuri = file_directory_temp() . '/' . $filename; |
|
1155 |
$size = file_put_contents($fileuri, $image_data); |
|
1156 |
$info = image_get_info($fileuri); |
|
1157 |
unlink($fileuri); |
|
1158 |
// create file object |
|
1159 |
$file = file_save_data($image_data, file_default_scheme() . '://' . variable_get('user_picture_path') . '/' . $filename . '.' . $info['extension']); |
|
1160 |
$file->md5Sum = $md5thumb; |
|
1161 |
// standard Drupal validators for user pictures |
|
1162 |
$validators = [ |
|
1163 |
'file_validate_is_image' => [], |
|
1164 |
'file_validate_image_resolution' => [variable_get('user_picture_dimensions', '85x85')], |
|
1165 |
'file_validate_size' => [variable_get('user_picture_file_size', '30') * 1024], |
|
1166 |
]; |
|
1167 |
$errors = file_validate($file, $validators); |
|
1168 |
if (empty($errors)) { |
|
1169 |
return $file; |
|
1170 |
} |
|
1171 |
else { |
|
1172 |
foreach ($errors as $err => $err_val) { |
|
1173 |
watchdog('ldap_servers', "Error storing picture: %error", ["%error" => $err_val], WATCHDOG_ERROR); |
|
1174 |
} |
|
1175 |
return FALSE; |
|
1176 |
} |
|
1177 |
} |
|
1178 |
|
|
1179 |
|
|
1180 |
/** |
|
1181 |
* @param array $ldap_entry |
|
1140 | 1182 |
* |
1141 | 1183 |
* @return string user's PUID or permanent user id (within ldap), converted from binary, if applicable |
1142 | 1184 |
*/ |
... | ... | |
1159 | 1201 |
} |
1160 | 1202 |
} |
1161 | 1203 |
|
1162 |
/**
|
|
1204 |
/** |
|
1163 | 1205 |
* @param mixed $user |
1164 | 1206 |
* - drupal user object (stdClass Object) |
1165 | 1207 |
* - ldap entry of user (array) |
... | ... | |
1167 | 1209 |
* - drupal username of user (string) |
1168 | 1210 |
* |
1169 | 1211 |
* @return array $ldap_user_entry (with top level keys of 'dn', 'mail', 'sid' and 'attr' ) |
1170 |
*/ |
|
1212 |
*/
|
|
1171 | 1213 |
public function user_lookup($user) { |
1172 | 1214 |
return $this->userUserToExistingLdapEntry($user); |
1173 | 1215 |
} |
... | ... | |
1206 | 1248 |
* 'attr' => single ldap entry array in form returned from ldap_search() extension, e.g. |
1207 | 1249 |
* 'dn' => dn of entry |
1208 | 1250 |
*/ |
1209 |
function userUserNameToExistingLdapEntry($drupal_user_name, $ldap_context = NULL) { |
|
1251 |
public function userUserNameToExistingLdapEntry($drupal_user_name, $ldap_context = NULL) {
|
|
1210 | 1252 |
|
1211 | 1253 |
$watchdog_tokens = array('%drupal_user_name' => $drupal_user_name); |
1212 | 1254 |
$ldap_username = $this->userUsernameToLdapNameTransform($drupal_user_name, $watchdog_tokens); |
... | ... | |
1252 | 1294 |
else { |
1253 | 1295 |
if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) { |
1254 | 1296 |
$result = array( |
1255 |
'dn' => $match['dn'],
|
|
1297 |
'dn' => $match['dn'], |
|
1256 | 1298 |
'mail' => $this->userEmailFromLdapEntry($match), |
1257 | 1299 |
'attr' => $match, |
1258 | 1300 |
'sid' => $this->sid, |
... | ... | |
1275 | 1317 |
foreach ($match[$name_attr] as $value) { |
1276 | 1318 |
if (drupal_strtolower(trim($value)) == drupal_strtolower($ldap_username)) { |
1277 | 1319 |
$result = array( |
1278 |
'dn' => $match['dn'],
|
|
1320 |
'dn' => $match['dn'], |
|
1279 | 1321 |
'mail' => $this->userEmailFromLdapEntry($match), |
1280 | 1322 |
'attr' => $match, |
1281 | 1323 |
'sid' => $this->sid, |
... | ... | |
1306 | 1348 |
return (is_array($group_dns) && in_array(drupal_strtolower($group_dn), $this->dnArrayToLowerCase($group_dns))); |
1307 | 1349 |
} |
1308 | 1350 |
|
1309 |
|
|
1310 |
|
|
1311 | 1351 |
/** |
1312 | 1352 |
* NOT TESTED |
1313 | 1353 |
* add a group entry |
... | ... | |
1475 | 1515 |
|
1476 | 1516 |
} |
1477 | 1517 |
|
1478 |
/** |
|
1518 |
/**
|
|
1479 | 1519 |
* NOT IMPLEMENTED |
1480 | 1520 |
* recurse through all child groups and add members. |
1481 | 1521 |
* |
... | ... | |
1488 | 1528 |
* @param int $max_levels as max recursion allowed |
1489 | 1529 |
* |
1490 | 1530 |
*/ |
1491 |
|
|
1492 | 1531 |
public function groupMembersResursive($current_member_entries, &$all_member_dns, &$tested_group_ids, $level, $max_levels, $object_classes = FALSE) { |
1493 | 1532 |
|
1494 | 1533 |
if (!$this->groupGroupEntryMembershipsConfigured || !is_array($current_member_entries) || count($current_member_entries) == 0) { |
... | ... | |
1523 | 1562 |
}; |
1524 | 1563 |
$ors = array(); |
1525 | 1564 |
foreach ($member_ids as $i => $member_id) { |
1526 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_id); // @todo this would be replaced by query template
|
|
1565 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_id); // @todo this would be replaced by query template |
|
1527 | 1566 |
} |
1528 | 1567 |
|
1529 | 1568 |
if (count($ors)) { |
... | ... | |
1548 | 1587 |
} |
1549 | 1588 |
|
1550 | 1589 |
|
1551 |
/** |
|
1552 | 1590 |
/** |
1553 | 1591 |
* get list of all groups that a user is a member of. |
1554 | 1592 |
* |
... | ... | |
1569 | 1607 |
* |
1570 | 1608 |
* @return array of groups dns in mixed case or FALSE on error |
1571 | 1609 |
*/ |
1572 |
|
|
1573 | 1610 |
public function groupMembershipsFromUser($user, $return = 'group_dns', $nested = NULL) { |
1574 | 1611 |
|
1575 | 1612 |
$group_dns = FALSE; |
... | ... | |
1618 | 1655 |
* |
1619 | 1656 |
* @return array of group dns |
1620 | 1657 |
*/ |
1621 |
|
|
1622 | 1658 |
public function groupUserMembershipsFromUserAttr($user, $nested = NULL) { |
1623 | 1659 |
|
1624 | 1660 |
if (!$this->groupUserMembershipsConfigured) { |
... | ... | |
1656 | 1692 |
else { |
1657 | 1693 |
$member_value = ldap_servers_get_first_rdn_value_from_dn($member_group_dn, $this->groupMembershipsAttrMatchingUserAttr); |
1658 | 1694 |
} |
1659 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_value);
|
|
1695 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_value); |
|
1660 | 1696 |
} |
1661 | 1697 |
} |
1662 | 1698 |
|
1663 | 1699 |
if ($nested && count($ors)) { |
1664 | 1700 |
$count = count($ors); |
1665 |
for ($i=0; $i < $count; $i=$i+LDAP_SERVER_LDAP_QUERY_CHUNK) { // only 50 or so per query
|
|
1701 |
for ($i = 0; $i < $count; $i = $i + LDAP_SERVER_LDAP_QUERY_CHUNK) { // only 50 or so per query
|
|
1666 | 1702 |
$current_ors = array_slice($ors, $i, LDAP_SERVER_LDAP_QUERY_CHUNK); |
1667 | 1703 |
$or = '(|(' . join(")(", $current_ors) . '))'; // e.g. (|(cn=group1)(cn=group2)) or (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...)) |
1668 | 1704 |
$query_for_parent_groups = '(&(objectClass=' . $this->groupObjectClass . ')' . $or . ')'; |
... | ... | |
1758 | 1794 |
* |
1759 | 1795 |
* @return FALSE for error or misconfiguration, otherwise TRUE. results are passed by reference. |
1760 | 1796 |
*/ |
1761 |
|
|
1762 | 1797 |
public function groupMembershipsFromEntryRecursive($current_group_entries, &$all_group_dns, &$tested_group_ids, $level, $max_levels) { |
1763 | 1798 |
|
1764 | 1799 |
if (!$this->groupGroupEntryMembershipsConfigured || !is_array($current_group_entries) || count($current_group_entries) == 0) { |
... | ... | |
1777 | 1812 |
$member_id = ldap_servers_get_first_rdn_value_from_dn($group_entry['dn'], $this->groupMembershipsAttrMatchingUserAttr); |
1778 | 1813 |
if(!$member_id) { |
1779 | 1814 |
if ($this->detailed_watchdog_log) { |
1780 |
watchdog('ldap_server', 'group_entry: %ge', array('%ge'=>pretty_print_ldap_entry($group_entry)));
|
|
1815 |
watchdog('ldap_servers', 'group_entry: %ge', array('%ge' => pretty_print_ldap_entry($group_entry)));
|
|
1781 | 1816 |
} |
1782 | 1817 |
// group not identified by simple checks yet! |
1783 | 1818 |
|
1784 | 1819 |
// examine the entry and see if it matches the configured groupObjectClass |
1785 |
$goc=$group_entry['objectclass']; // TODO do we need to ensure such entry is there?
|
|
1820 |
$goc = $group_entry['objectclass']; // TODO do we need to ensure such entry is there?
|
|
1786 | 1821 |
if(is_array($goc)) { // TODO is it always an array? |
1787 | 1822 |
foreach($goc as $g) { |
1788 |
$g=drupal_strtolower($g);
|
|
1823 |
$g = drupal_strtolower($g);
|
|
1789 | 1824 |
if($g == $this->groupObjectClass) { |
1790 | 1825 |
// found a group, current user must be member in it - so: |
1791 | 1826 |
if ($this->detailed_watchdog_log) { |
1792 |
watchdog('ldap_server', 'adding %mi', array('%mi'=>$member_id));
|
|
1827 |
watchdog('ldap_servers', 'adding %mi', array('%mi' => $member_id));
|
|
1793 | 1828 |
} |
1794 |
$member_id=$group_entry['dn'];
|
|
1829 |
$member_id = $group_entry['dn'];
|
|
1795 | 1830 |
break; |
1796 | 1831 |
} |
1797 | 1832 |
} |
... | ... | |
1803 | 1838 |
$tested_group_ids[] = $member_id; |
1804 | 1839 |
$all_group_dns[] = $group_entry['dn']; |
1805 | 1840 |
// add $group_id (dn, cn, uid) to query |
1806 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_id);
|
|
1841 |
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_id); |
|
1807 | 1842 |
} |
1808 | 1843 |
} |
1809 | 1844 |
|
1810 | 1845 |
if ($level < $max_levels && count($ors)) { |
1811 | 1846 |
$count = count($ors); |
1812 |
for ($i=0; $i < $count; $i=$i+LDAP_SERVER_LDAP_QUERY_CHUNK) { // only 50 or so per query
|
|
1847 |
for ($i = 0; $i < $count; $i = $i + LDAP_SERVER_LDAP_QUERY_CHUNK) { // only 50 or so per query
|
|
1813 | 1848 |
$current_ors = array_slice($ors, $i, LDAP_SERVER_LDAP_QUERY_CHUNK); |
1814 | 1849 |
$or = '(|(' . join(")(", $current_ors) . '))'; // e.g. (|(cn=group1)(cn=group2)) or (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...)) |
1815 | 1850 |
$query_for_parent_groups = '(&(objectClass=' . $this->groupObjectClass . ')' . $or . ')'; |
... | ... | |
1827 | 1862 |
} |
1828 | 1863 |
|
1829 | 1864 |
|
1830 |
/** |
|
1831 |
* get "groups" from derived from DN. Has limited usefulness
|
|
1865 |
/**
|
|
1866 |
* Get "groups" from derived from DN. Has limited usefulness
|
|
1832 | 1867 |
* |
1833 | 1868 |
* @param mixed |
1834 | 1869 |
* - drupal user object (stdClass Object) |
Formats disponibles : Unified diff
Weekly update of contrib modules