use central LDAP search

This commit is contained in:
Roland Gruber 2010-02-06 11:52:48 +00:00
parent 90daf93e14
commit 2277a1ff1f
5 changed files with 54 additions and 67 deletions

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2009 Roland Gruber 2009 - 2010 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -310,44 +310,23 @@ function search_domains($server = null, $suffix = null) {
if ($server == null) { if ($server == null) {
$server = $_SESSION['ldap']->server(); $server = $_SESSION['ldap']->server();
} }
$sr = @ldap_search($server, escapeDN($suffix), "objectClass=sambaDomain", $attr, 0, 0, 0, LDAP_DEREF_NEVER); $units = searchLDAPByAttribute(null, null, 'sambaDomain', $attr, array('smbDomain'));
if ($sr) { // extract attributes
$units = ldap_get_entries($server, $sr); for ($i = 0; $i < sizeof($units); $i++) {
// delete count entry $ret[$i] = new samba3domain();
unset($units['count']); $ret[$i]->dn = $units[$i]['dn'];
// extract attributes $ret[$i]->name = $units[$i]['sambadomainname'][0];
for ($i = 0; $i < sizeof($units); $i++) { $ret[$i]->SID = $units[$i]['sambasid'][0];
$ret[$i] = new samba3domain(); if (isset($units[$i]['sambanextrid'][0])) $ret[$i]->nextRID = $units[$i]['sambanextrid'][0];
$ret[$i]->dn = $units[$i]['dn']; if (isset($units[$i]['sambanextgrouprid'][0])) $ret[$i]->nextGroupRID = $units[$i]['sambanextgrouprid'][0];
$ret[$i]->name = $units[$i]['sambadomainname'][0]; if (isset($units[$i]['sambanextuserrid'][0])) $ret[$i]->nextUserRID = $units[$i]['sambanextuserrid'][0];
$ret[$i]->SID = $units[$i]['sambasid'][0]; if (isset($units[$i]['sambaalgorithmicridbase'][0])) $ret[$i]->RIDbase = $units[$i]['sambaalgorithmicridbase'][0];
if (isset($units[$i]['sambanextrid'][0])) $ret[$i]->nextRID = $units[$i]['sambanextrid'][0]; if (isset($units[$i]['sambaminpwdage'][0])) $ret[$i]->minPwdAge = $units[$i]['sambaminpwdage'][0];
if (isset($units[$i]['sambanextgrouprid'][0])) $ret[$i]->nextGroupRID = $units[$i]['sambanextgrouprid'][0]; if (isset($units[$i]['sambamaxpwdage'][0])) $ret[$i]->maxPwdAge = $units[$i]['sambamaxpwdage'][0];
if (isset($units[$i]['sambanextuserrid'][0])) $ret[$i]->nextUserRID = $units[$i]['sambanextuserrid'][0];
if (isset($units[$i]['sambaalgorithmicridbase'][0])) $ret[$i]->RIDbase = $units[$i]['sambaalgorithmicridbase'][0];
if (isset($units[$i]['sambaminpwdage'][0])) $ret[$i]->minPwdAge = $units[$i]['sambaminpwdage'][0];
if (isset($units[$i]['sambamaxpwdage'][0])) $ret[$i]->maxPwdAge = $units[$i]['sambamaxpwdage'][0];
}
// sort array by domain name
usort($ret, "cmp_domain");
} }
return $ret; return $ret;
} }
/**
* Helper function to sort the domains
*
* @param string $a first argument to compare
* @param string $b second argument to compare
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
*/
function cmp_domain($a, $b) {
if ($a->name == $b->name) return 0;
elseif ($a->name == max($a->name, $b->name)) return 1;
else return -1;
}
/** /**
* Represents a Samba 3 domain entry * Represents a Samba 3 domain entry
* *
@ -547,7 +526,7 @@ function escapeDN($dn) {
* @param String $value attribute value * @param String $value attribute value
* @param String $objectClass object class (may be null) * @param String $objectClass object class (may be null)
* @param array $attributes list of attributes to return * @param array $attributes list of attributes to return
* @param array $scope account types * @param array $scopes account types
* @return array list of found entries * @return array list of found entries
*/ */
function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes) { function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes) {
@ -569,7 +548,7 @@ function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes
} }
for ($s = 0; $s < sizeof($scopes); $s++) { for ($s = 0; $s < sizeof($scopes); $s++) {
// search LDAP // search LDAP
$sr = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_Suffix($scopes[$s]), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix($scopes[$s])), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr); $entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
if ($entries) { if ($entries) {
@ -581,6 +560,30 @@ function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes
return $return; return $return;
} }
/**
* This will search the given LDAP suffix for all entries which match the given filter.
*
* @param String $filter
* @param array $attributes list of attributes to return
* @param array $scopes account types
*/
function searchLDAPByFilter($filter, $attributes, $scopes) {
$return = array();
for ($s = 0; $s < sizeof($scopes); $s++) {
// search LDAP
$sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix($scopes[$s])), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) {
$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
if ($entries) {
$return = array_merge($return, cleanLDAPResult($entries));
}
@ldap_free_result($sr);
}
}
return $return;
}
/** /**
* Cleans the result of an LDAP search. * Cleans the result of an LDAP search.
* This will remove all 'count' entries and also all numeric array keys. * This will remove all 'count' entries and also all numeric array keys.

View File

@ -824,6 +824,9 @@ class kolabUser extends baseModule {
// delegates // delegates
if (in_array('kolabDelegate', $fields)) { if (in_array('kolabDelegate', $fields)) {
$delegates = array(); $delegates = array();
// $entries = searchLDAPByAttribute('mail', '*', 'inetOrgPerson', array('mail'), $this->selfServiceSettings->LDAPSuffix);
$sr = @ldap_search($_SESSION['ldapHandle'], escapeDN($this->selfServiceSettings->LDAPSuffix), '(&(objectClass=inetOrgPerson)(mail=*))', array('mail'), 0, 0, 0, LDAP_DEREF_NEVER); $sr = @ldap_search($_SESSION['ldapHandle'], escapeDN($this->selfServiceSettings->LDAPSuffix), '(&(objectClass=inetOrgPerson)(mail=*))', array('mail'), 0, 0, 0, LDAP_DEREF_NEVER);
if ($sr) { if ($sr) {
$result = ldap_get_entries($_SESSION['ldapHandle'], $sr); $result = ldap_get_entries($_SESSION['ldapHandle'], $sr);

View File

@ -239,18 +239,9 @@ class lamGroupList extends lamList {
for ($i = 0; $i < sizeof($this->entries); $i++) { for ($i = 0; $i < sizeof($this->entries); $i++) {
$gid = $this->entries[$i]['gidnumber'][0]; $gid = $this->entries[$i]['gidnumber'][0];
$filter = "(&(&" . $module_filter . ")(gidNumber=" . $gid . "))"; $filter = "(&(&" . $module_filter . ")(gidNumber=" . $gid . "))";
$sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($module_suffix), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER); $entries = searchLDAPByFilter($filter, $attrs, array($scope));
if (ldap_errno($_SESSION["ldap"]->server()) == 4) { for ($j = 0; $j < sizeof($entries); $j++) {
StatusMessage("WARN", _("LDAP sizelimit exceeded, not all entries are shown."), _("See the manual for instructions to solve this problem.")); $this->primary_hash[$gid][$j] = $entries[$j]['uid'][0];
$this->refresh_primary = true;
}
if ($sr) {
$members = ldap_get_entries($_SESSION["ldap"]->server(), $sr);
ldap_free_result($sr);
$members = cleanLDAPResult($members);
for ($j = 0; $j < sizeof($members); $j++) {
$this->primary_hash[$gid][$j] = $members[$j]['uid'][0];
}
} }
} }
} }

View File

@ -167,14 +167,10 @@ class lamUserList extends lamList {
$grp_suffix = $_SESSION['config']->get_Suffix('group'); $grp_suffix = $_SESSION['config']->get_Suffix('group');
$filter = "objectClass=posixGroup"; $filter = "objectClass=posixGroup";
$attrs = array("cn", "gidNumber"); $attrs = array("cn", "gidNumber");
$sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($grp_suffix), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER); $entries = searchLDAPByAttribute(null, null, 'posixGroup', $attrs, array('group'));
if ($sr) { for ($i = 0; $i < sizeof($entries); $i++) {
$info = @ldap_get_entries($_SESSION["ldap"]->server(), $sr); $this->trans_primary_hash[$entries[$i]['gidnumber'][0]] = $entries[$i]['cn'][0];
$info = cleanLDAPResult($info); }
for ($i = 0; $i < sizeof($info); $i++) {
$this->trans_primary_hash[$info[$i]['gidnumber'][0]] = $info[$i]['cn'][0];
}
}
} }
/** /**
@ -199,7 +195,7 @@ class lamUserList extends lamList {
elseif ($attribute == "jpegphoto") { elseif ($attribute == "jpegphoto") {
if (sizeof($entry[$attribute][0]) < 100) { if (sizeof($entry[$attribute][0]) < 100) {
// looks like we have read broken binary data, reread photo // looks like we have read broken binary data, reread photo
$result = @ldap_search($_SESSION['ldap']->server(), escapeDN($entry['dn']), $attribute . "=*", array($attribute), 0, 0, 0, LDAP_DEREF_NEVER); $result = @ldap_read($_SESSION['ldap']->server(), escapeDN($entry['dn']), $attribute . "=*", array($attribute), 0, 0, 0, LDAP_DEREF_NEVER);
if ($result) { if ($result) {
$tempEntry = @ldap_first_entry($_SESSION['ldap']->server(), $result); $tempEntry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
if ($tempEntry) { if ($tempEntry) {

View File

@ -72,15 +72,9 @@ else {
* @return string DN * @return string DN
*/ */
function search_username($name) { function search_username($name) {
$filter = "(uid=$name)"; $entries = searchLDAPByAttribute('uid', $name, null, array('dn'), array('user'));
$attrs = array(); if (sizeof($entries) > 0 ) {
$sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix('user')), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER); return $entries[0]['dn'];
if ($sr) {
$info = ldap_get_entries($_SESSION['ldap']->server(), $sr);
// return only first DN entry
$ret = $info[0]["dn"];
ldap_free_result($sr);
return $ret;
} }
else return ""; else return "";
} }