use central LDAP search
This commit is contained in:
Roland Gruber
parent
90daf93e14
commit
2277a1ff1f
|
|
@ -4,7 +4,7 @@ $Id$
|
||||||
|
|
||||||
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
||||||
Copyright (C) 2003 - 2006 Tilo Lutz
|
Copyright (C) 2003 - 2006 Tilo Lutz
|
||||||
2009 Roland Gruber
|
2009 - 2010 Roland Gruber
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
|
|
@ -310,44 +310,23 @@ function search_domains($server = null, $suffix = null) {
|
||||||
if ($server == null) {
|
if ($server == null) {
|
||||||
$server = $_SESSION['ldap']->server();
|
$server = $_SESSION['ldap']->server();
|
||||||
}
|
}
|
||||||
$sr = @ldap_search($server, escapeDN($suffix), "objectClass=sambaDomain", $attr, 0, 0, 0, LDAP_DEREF_NEVER);
|
$units = searchLDAPByAttribute(null, null, 'sambaDomain', $attr, array('smbDomain'));
|
||||||
if ($sr) {
|
// extract attributes
|
||||||
$units = ldap_get_entries($server, $sr);
|
for ($i = 0; $i < sizeof($units); $i++) {
|
||||||
// delete count entry
|
$ret[$i] = new samba3domain();
|
||||||
unset($units['count']);
|
$ret[$i]->dn = $units[$i]['dn'];
|
||||||
// extract attributes
|
$ret[$i]->name = $units[$i]['sambadomainname'][0];
|
||||||
for ($i = 0; $i < sizeof($units); $i++) {
|
$ret[$i]->SID = $units[$i]['sambasid'][0];
|
||||||
$ret[$i] = new samba3domain();
|
if (isset($units[$i]['sambanextrid'][0])) $ret[$i]->nextRID = $units[$i]['sambanextrid'][0];
|
||||||
$ret[$i]->dn = $units[$i]['dn'];
|
if (isset($units[$i]['sambanextgrouprid'][0])) $ret[$i]->nextGroupRID = $units[$i]['sambanextgrouprid'][0];
|
||||||
$ret[$i]->name = $units[$i]['sambadomainname'][0];
|
if (isset($units[$i]['sambanextuserrid'][0])) $ret[$i]->nextUserRID = $units[$i]['sambanextuserrid'][0];
|
||||||
$ret[$i]->SID = $units[$i]['sambasid'][0];
|
if (isset($units[$i]['sambaalgorithmicridbase'][0])) $ret[$i]->RIDbase = $units[$i]['sambaalgorithmicridbase'][0];
|
||||||
if (isset($units[$i]['sambanextrid'][0])) $ret[$i]->nextRID = $units[$i]['sambanextrid'][0];
|
if (isset($units[$i]['sambaminpwdage'][0])) $ret[$i]->minPwdAge = $units[$i]['sambaminpwdage'][0];
|
||||||
if (isset($units[$i]['sambanextgrouprid'][0])) $ret[$i]->nextGroupRID = $units[$i]['sambanextgrouprid'][0];
|
if (isset($units[$i]['sambamaxpwdage'][0])) $ret[$i]->maxPwdAge = $units[$i]['sambamaxpwdage'][0];
|
||||||
if (isset($units[$i]['sambanextuserrid'][0])) $ret[$i]->nextUserRID = $units[$i]['sambanextuserrid'][0];
|
|
||||||
if (isset($units[$i]['sambaalgorithmicridbase'][0])) $ret[$i]->RIDbase = $units[$i]['sambaalgorithmicridbase'][0];
|
|
||||||
if (isset($units[$i]['sambaminpwdage'][0])) $ret[$i]->minPwdAge = $units[$i]['sambaminpwdage'][0];
|
|
||||||
if (isset($units[$i]['sambamaxpwdage'][0])) $ret[$i]->maxPwdAge = $units[$i]['sambamaxpwdage'][0];
|
|
||||||
}
|
|
||||||
// sort array by domain name
|
|
||||||
usort($ret, "cmp_domain");
|
|
||||||
}
|
}
|
||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Helper function to sort the domains
|
|
||||||
*
|
|
||||||
* @param string $a first argument to compare
|
|
||||||
* @param string $b second argument to compare
|
|
||||||
* @return integer 0 if equal, 1 if $a is greater, -1 if $b is greater
|
|
||||||
*/
|
|
||||||
function cmp_domain($a, $b) {
|
|
||||||
if ($a->name == $b->name) return 0;
|
|
||||||
elseif ($a->name == max($a->name, $b->name)) return 1;
|
|
||||||
else return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Represents a Samba 3 domain entry
|
* Represents a Samba 3 domain entry
|
||||||
*
|
*
|
||||||
|
|
@ -547,7 +526,7 @@ function escapeDN($dn) {
|
||||||
* @param String $value attribute value
|
* @param String $value attribute value
|
||||||
* @param String $objectClass object class (may be null)
|
* @param String $objectClass object class (may be null)
|
||||||
* @param array $attributes list of attributes to return
|
* @param array $attributes list of attributes to return
|
||||||
* @param array $scope account types
|
* @param array $scopes account types
|
||||||
* @return array list of found entries
|
* @return array list of found entries
|
||||||
*/
|
*/
|
||||||
function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes) {
|
function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes) {
|
||||||
|
|
@ -569,7 +548,7 @@ function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes
|
||||||
}
|
}
|
||||||
for ($s = 0; $s < sizeof($scopes); $s++) {
|
for ($s = 0; $s < sizeof($scopes); $s++) {
|
||||||
// search LDAP
|
// search LDAP
|
||||||
$sr = @ldap_search($_SESSION['ldap']->server(), $_SESSION['config']->get_Suffix($scopes[$s]), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER);
|
$sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix($scopes[$s])), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($sr) {
|
if ($sr) {
|
||||||
$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||||
if ($entries) {
|
if ($entries) {
|
||||||
|
|
@ -581,6 +560,30 @@ function searchLDAPByAttribute($name, $value, $objectClass, $attributes, $scopes
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This will search the given LDAP suffix for all entries which match the given filter.
|
||||||
|
*
|
||||||
|
* @param String $filter
|
||||||
|
* @param array $attributes list of attributes to return
|
||||||
|
* @param array $scopes account types
|
||||||
|
*/
|
||||||
|
function searchLDAPByFilter($filter, $attributes, $scopes) {
|
||||||
|
$return = array();
|
||||||
|
for ($s = 0; $s < sizeof($scopes); $s++) {
|
||||||
|
// search LDAP
|
||||||
|
$sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix($scopes[$s])), $filter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
|
if ($sr) {
|
||||||
|
$entries = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
||||||
|
if ($entries) {
|
||||||
|
$return = array_merge($return, cleanLDAPResult($entries));
|
||||||
|
}
|
||||||
|
@ldap_free_result($sr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $return;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Cleans the result of an LDAP search.
|
* Cleans the result of an LDAP search.
|
||||||
* This will remove all 'count' entries and also all numeric array keys.
|
* This will remove all 'count' entries and also all numeric array keys.
|
||||||
|
|
|
||||||
|
|
@ -824,6 +824,9 @@ class kolabUser extends baseModule {
|
||||||
// delegates
|
// delegates
|
||||||
if (in_array('kolabDelegate', $fields)) {
|
if (in_array('kolabDelegate', $fields)) {
|
||||||
$delegates = array();
|
$delegates = array();
|
||||||
|
|
||||||
|
// $entries = searchLDAPByAttribute('mail', '*', 'inetOrgPerson', array('mail'), $this->selfServiceSettings->LDAPSuffix);
|
||||||
|
|
||||||
$sr = @ldap_search($_SESSION['ldapHandle'], escapeDN($this->selfServiceSettings->LDAPSuffix), '(&(objectClass=inetOrgPerson)(mail=*))', array('mail'), 0, 0, 0, LDAP_DEREF_NEVER);
|
$sr = @ldap_search($_SESSION['ldapHandle'], escapeDN($this->selfServiceSettings->LDAPSuffix), '(&(objectClass=inetOrgPerson)(mail=*))', array('mail'), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($sr) {
|
if ($sr) {
|
||||||
$result = ldap_get_entries($_SESSION['ldapHandle'], $sr);
|
$result = ldap_get_entries($_SESSION['ldapHandle'], $sr);
|
||||||
|
|
|
||||||
|
|
@ -239,18 +239,9 @@ class lamGroupList extends lamList {
|
||||||
for ($i = 0; $i < sizeof($this->entries); $i++) {
|
for ($i = 0; $i < sizeof($this->entries); $i++) {
|
||||||
$gid = $this->entries[$i]['gidnumber'][0];
|
$gid = $this->entries[$i]['gidnumber'][0];
|
||||||
$filter = "(&(&" . $module_filter . ")(gidNumber=" . $gid . "))";
|
$filter = "(&(&" . $module_filter . ")(gidNumber=" . $gid . "))";
|
||||||
$sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($module_suffix), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER);
|
$entries = searchLDAPByFilter($filter, $attrs, array($scope));
|
||||||
if (ldap_errno($_SESSION["ldap"]->server()) == 4) {
|
for ($j = 0; $j < sizeof($entries); $j++) {
|
||||||
StatusMessage("WARN", _("LDAP sizelimit exceeded, not all entries are shown."), _("See the manual for instructions to solve this problem."));
|
$this->primary_hash[$gid][$j] = $entries[$j]['uid'][0];
|
||||||
$this->refresh_primary = true;
|
|
||||||
}
|
|
||||||
if ($sr) {
|
|
||||||
$members = ldap_get_entries($_SESSION["ldap"]->server(), $sr);
|
|
||||||
ldap_free_result($sr);
|
|
||||||
$members = cleanLDAPResult($members);
|
|
||||||
for ($j = 0; $j < sizeof($members); $j++) {
|
|
||||||
$this->primary_hash[$gid][$j] = $members[$j]['uid'][0];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -167,14 +167,10 @@ class lamUserList extends lamList {
|
||||||
$grp_suffix = $_SESSION['config']->get_Suffix('group');
|
$grp_suffix = $_SESSION['config']->get_Suffix('group');
|
||||||
$filter = "objectClass=posixGroup";
|
$filter = "objectClass=posixGroup";
|
||||||
$attrs = array("cn", "gidNumber");
|
$attrs = array("cn", "gidNumber");
|
||||||
$sr = @ldap_search($_SESSION["ldap"]->server(), escapeDN($grp_suffix), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER);
|
$entries = searchLDAPByAttribute(null, null, 'posixGroup', $attrs, array('group'));
|
||||||
if ($sr) {
|
for ($i = 0; $i < sizeof($entries); $i++) {
|
||||||
$info = @ldap_get_entries($_SESSION["ldap"]->server(), $sr);
|
$this->trans_primary_hash[$entries[$i]['gidnumber'][0]] = $entries[$i]['cn'][0];
|
||||||
$info = cleanLDAPResult($info);
|
}
|
||||||
for ($i = 0; $i < sizeof($info); $i++) {
|
|
||||||
$this->trans_primary_hash[$info[$i]['gidnumber'][0]] = $info[$i]['cn'][0];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -199,7 +195,7 @@ class lamUserList extends lamList {
|
||||||
elseif ($attribute == "jpegphoto") {
|
elseif ($attribute == "jpegphoto") {
|
||||||
if (sizeof($entry[$attribute][0]) < 100) {
|
if (sizeof($entry[$attribute][0]) < 100) {
|
||||||
// looks like we have read broken binary data, reread photo
|
// looks like we have read broken binary data, reread photo
|
||||||
$result = @ldap_search($_SESSION['ldap']->server(), escapeDN($entry['dn']), $attribute . "=*", array($attribute), 0, 0, 0, LDAP_DEREF_NEVER);
|
$result = @ldap_read($_SESSION['ldap']->server(), escapeDN($entry['dn']), $attribute . "=*", array($attribute), 0, 0, 0, LDAP_DEREF_NEVER);
|
||||||
if ($result) {
|
if ($result) {
|
||||||
$tempEntry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
|
$tempEntry = @ldap_first_entry($_SESSION['ldap']->server(), $result);
|
||||||
if ($tempEntry) {
|
if ($tempEntry) {
|
||||||
|
|
|
||||||
|
|
@ -72,15 +72,9 @@ else {
|
||||||
* @return string DN
|
* @return string DN
|
||||||
*/
|
*/
|
||||||
function search_username($name) {
|
function search_username($name) {
|
||||||
$filter = "(uid=$name)";
|
$entries = searchLDAPByAttribute('uid', $name, null, array('dn'), array('user'));
|
||||||
$attrs = array();
|
if (sizeof($entries) > 0 ) {
|
||||||
$sr = @ldap_search($_SESSION['ldap']->server(), escapeDN($_SESSION['config']->get_Suffix('user')), $filter, $attrs, 0, 0, 0, LDAP_DEREF_NEVER);
|
return $entries[0]['dn'];
|
||||||
if ($sr) {
|
|
||||||
$info = ldap_get_entries($_SESSION['ldap']->server(), $sr);
|
|
||||||
// return only first DN entry
|
|
||||||
$ret = $info[0]["dn"];
|
|
||||||
ldap_free_result($sr);
|
|
||||||
return $ret;
|
|
||||||
}
|
}
|
||||||
else return "";
|
else return "";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue