5 commits - lib/Auth
Aleksander Machniak
machniak at kolabsys.com
Wed Aug 8 19:33:16 CEST 2012
lib/Auth/LDAP.php | 645 ++++++++++++++++++++++++++----------------------------
1 file changed, 321 insertions(+), 324 deletions(-)
New commits:
commit 2794a570b1ec26c82de67f546570feb890155504
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Wed Aug 8 19:30:28 2012 +0200
Fix PHP error after last commit, make normalize_result non-static
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 5b790d7..5e4c571 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -1633,7 +1633,7 @@ class LDAP
return $this->_search($base_dn, $filter, $attributes);
}
- public static function normalize_result($__result)
+ public function normalize_result($__result)
{
if (!is_array($__result)) {
return array();
@@ -2166,7 +2166,7 @@ class LDAP
}
$result = @ldap_get_entries($this->conn, $result);
- $result = self::normalize_result($result);
+ $result = $this->normalize_result($result);
return $result;
}
@@ -2243,7 +2243,7 @@ class LDAP
}
if ($normalize) {
- $entries = self::normalize_result($entries);
+ $entries = $this->normalize_result($entries);
}
return $entries;
commit 4e84a4c8bb9d610ca2db768b7b8cae29dc053458
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Wed Aug 8 19:26:46 2012 +0200
Use $this->conf everywhere
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 1933c08..5b790d7 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -345,22 +345,19 @@ class LDAP
public function domain_find_by_attribute($attribute)
{
- $conf = Conf::get_instance();
- $base_dn = $conf->get('ldap', 'domain_base_dn');
+ $base_dn = $this->conf->get('ldap', 'domain_base_dn');
return $this->entry_find_by_attribute($attribute, $base_dn);
}
public function domain_info($domain, $attributes = array('*'))
{
- $conf = Conf::get_instance();
-
$domain_dn = $this->entry_dn($domain);
if (!$domain_dn) {
- $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
- $domain_filter = $conf->get('ldap', 'domain_filter');
- $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
+ $domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
+ $domain_filter = $this->conf->get('ldap', 'domain_filter');
+ $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
$domain_filter = "(&$domain_filter($domain_name_attribute=$domain))";
$result = $this->_search($domain_base_dn, $domain_filter, $attributes);
@@ -394,15 +391,14 @@ class LDAP
'entryLevelRights' => array(),
);
- $output = array();
- $conf = Conf::get_instance();
-
+ $output = array();
$entry_dn = $this->entry_dn($subject);
+
if (!$entry_dn) {
- $entry_dn = $conf->get($subject . "_base_dn");
+ $entry_dn = $this->conf->get($subject . "_base_dn");
}
if (!$entry_dn) {
- $entry_dn = $conf->get("base_dn");
+ $entry_dn = $this->conf->get("base_dn");
}
//console("effective_rights for $subject resolves to $entry_dn");
@@ -1003,19 +999,17 @@ class LDAP
//console("Searching for domain $domain");
//console("From domain to root dn");
- $conf = Conf::get_instance();
-
- if (($this->_bind($conf->get('ldap', 'bind_dn'), $conf->get('ldap', 'bind_pw'))) == false) {
+ if (($this->_bind($this->conf->get('ldap', 'bind_dn'), $this->conf->get('ldap', 'bind_pw'))) == false) {
//console("WARNING: Invalid Service bind credentials supplied");
- $this->_bind($conf->manager_bind_dn, $conf->manager_bind_pw);
+ $this->_bind($this->conf->manager_bind_dn, $this->conf->manager_bind_pw);
}
- $domain_name_attribute = $conf->get('domain_name_attribute');
+ $domain_name_attribute = $this->conf->get('domain_name_attribute');
if (empty($domain_name_attribute)) {
$domain_name_attribute = 'associateddomain';
}
- $result = $this->_search($conf->get('domain_base_dn'), '(' . $domain_name_attribute . '=' . $domain . ')');
+ $result = $this->_search($this->conf->get('domain_base_dn'), '(' . $domain_name_attribute . '=' . $domain . ')');
$result = $result[key($result)];
//console("intermediate result for domain_root_dn()", $result);
@@ -1069,9 +1063,7 @@ class LDAP
private function domains_list()
{
- $conf = Conf::get_instance();
-
- $this->_bind($conf->get('bind_dn'), $conf->get('bind_pw'));
+ $this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'));
$section = $this->conf->get('kolab', 'auth_mechanism');
$base_dn = $this->conf->get($section, 'domain_base_dn');
@@ -1142,14 +1134,12 @@ class LDAP
private function groups_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
-
- $base_dn = $conf->get('group_base_dn');
+ $base_dn = $this->conf->get('group_base_dn');
if (!$base_dn)
- $base_dn = $conf->get('base_dn');
+ $base_dn = $this->conf->get('base_dn');
- $filter = $conf->get('group_filter');
+ $filter = $this->conf->get('group_filter');
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -1165,8 +1155,6 @@ class LDAP
private function init_schema()
{
- $conf = Conf::get_instance();
-
$this->_ldap_uri = $this->conf->get('ldap_uri');
$this->_ldap_server = parse_url($this->_ldap_uri, PHP_URL_HOST);
$this->_ldap_port = parse_url($this->_ldap_uri, PHP_URL_PORT);
@@ -1179,8 +1167,8 @@ class LDAP
'port' => $this->_ldap_port,
'tls' => false,
'version' => 3,
- 'binddn' => $conf->get('bind_dn'),
- 'bindpw' => $conf->get('bind_pw')
+ 'binddn' => $this->conf->get('bind_dn'),
+ 'bindpw' => $this->conf->get('bind_pw')
);
$_ldap_schema_cache_cfg = array(
@@ -1196,7 +1184,7 @@ class LDAP
// TODO: We should learn what LDAP tech. we're running against.
// Perhaps with a scope base objectclass recognize rootdse entry
- $schema_root_dn = $conf->get('schema_root_dn');
+ $schema_root_dn = $this->conf->get('schema_root_dn');
if (!$schema_root_dn) {
$_schema = $_ldap->schema();
}
@@ -1572,9 +1560,7 @@ class LDAP
private function roles_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
-
- $base_dn = $conf->get('base_dn');
+ $base_dn = $this->conf->get('base_dn');
// TODO: From config
$filter = "(&(objectclass=ldapsubentry)(objectclass=nsroledefinition))";
@@ -1592,9 +1578,7 @@ class LDAP
private function supported_controls()
{
- $conf = Conf::get_instance();
-
- $this->_bind($conf->get('bind_dn'), $conf->get('bind_pw'));
+ $this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'));
$result = $this->_read("", "(objectclass=*)", array("supportedControl"));
@@ -1603,14 +1587,13 @@ class LDAP
private function resources_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
- $base_dn = $conf->get('resource_base_dn');
+ $base_dn = $this->conf->get('resource_base_dn');
if (!$base_dn) {
- $base_dn = "ou=Resources," . $conf->get('base_dn');
+ $base_dn = "ou=Resources," . $this->conf->get('base_dn');
}
- $filter = $conf->get('resource_filter');
+ $filter = $this->conf->get('resource_filter');
if (!$filter) {
$filter = '(&(objectclass=*)(!(objectclass=organizationalunit)))';
}
@@ -1630,14 +1613,13 @@ class LDAP
private function users_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
- $base_dn = $conf->get('user_base_dn');
+ $base_dn = $this->conf->get('user_base_dn');
if (!$base_dn) {
- $base_dn = $conf->get('base_dn');
+ $base_dn = $this->conf->get('base_dn');
}
- $filter = $conf->get('user_filter');
+ $filter = $this->conf->get('user_filter');
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -1657,8 +1639,7 @@ class LDAP
return array();
}
- $conf = Conf::get_instance();
- $dn_attr = $conf->get($conf->get('kolab', 'auth_mechanism'), 'domain_name_attribute');
+ $dn_attr = $this->conf->get($this->conf->get('kolab', 'auth_mechanism'), 'domain_name_attribute');
$result = array();
for ($x = 0; $x < $__result["count"]; $x++) {
@@ -1732,11 +1713,9 @@ class LDAP
*/
private function _qualify_id($username)
{
- $conf = Conf::get_instance();
-
$username_parts = explode('@', $username);
if (count($username_parts) == 1) {
- $domain_name = $conf->get('primary_domain');
+ $domain_name = $this->conf->get('primary_domain');
}
else {
$domain_name = array_pop($username_parts);
@@ -1752,13 +1731,13 @@ class LDAP
// If the user type does not exist, issue warning and continue with
// the "All attributes" array.
- if (!isset($conf->user_types[$type])) {
+ if (!isset($this->conf->user_types[$type])) {
return array('*');
}
$attributes_filter = array();
- foreach ($conf->user_types[$type]['attributes'] as $key => $value) {
+ foreach ($this->conf->user_types[$type]['attributes'] as $key => $value) {
$attributes_filter[] = is_array($value) ? $key : $value;
}
@@ -1776,13 +1755,13 @@ class LDAP
// If the user type does not exist, issue warning and continue with
// the "All" search filter.
- if (!isset($conf->user_types[$type])) {
+ if (!isset($this->conf->user_types[$type])) {
return "(objectClass=*)";
}
$search_filter = "(&";
// We want from user_types[$type]['attributes']['objectClasses']
- foreach ($conf->user_types[$type]['attributes']['objectClass'] as $key => $value) {
+ foreach ($this->conf->user_types[$type]['attributes']['objectClass'] as $key => $value) {
$search_filter .= "(objectClass=" . $value . ")";
}
@@ -1831,11 +1810,10 @@ class LDAP
private function _domain_add_alias($domain, $parent)
{
- $conf = Conf::get_instance();
- $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
- $domain_filter = $conf->get('ldap', 'domain_filter');
+ $domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
+ $domain_filter = $this->conf->get('ldap', 'domain_filter');
- $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
+ $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
// Get the parent
$domain_filter = '(&(' . $domain_name_attribute . '=' . $parent . ')' . $domain_filter . ')';
@@ -1857,10 +1835,10 @@ class LDAP
{
//console("Auth::LDAP::_domain_add_new()", $domain);
- $conf = Conf::get_instance();
$auth = Auth::get_instance();
- $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
- $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
+
+ $domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
+ $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
if (is_array($domain)) {
$domain_name = array_shift($domain);
@@ -1897,22 +1875,22 @@ class LDAP
$this->_add($dn, $attrs);
- $domain_filter = $conf->get('ldap', 'domain_filter');
- $domain_filter = '(&(' . $domain_name_attribute . '=' . $conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
+ $domain_filter = $this->conf->get('ldap', 'domain_filter');
+ $domain_filter = '(&(' . $domain_name_attribute . '=' . $this->conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
$domain_entry = $this->_search($domain_base_dn, $domain_filter);
if (in_array('inetdomainbasedn', $domain_entry)) {
$_base_dn = $domain_entry['inetdomainbasedn'];
} else {
- $_base_dn = $this->_standard_root_dn($conf->get('kolab', 'primary_domain'));
+ $_base_dn = $this->_standard_root_dn($this->conf->get('kolab', 'primary_domain'));
}
- $result = $this->_read("cn=" . str_replace('.', '_', $conf->get('kolab', 'primary_domain') . ",cn=ldbm database,cn=plugins,cn=config"), '(objectclass=*)', array('nsslapd-directory'));
+ $result = $this->_read("cn=" . str_replace('.', '_', $this->conf->get('kolab', 'primary_domain') . ",cn=ldbm database,cn=plugins,cn=config"), '(objectclass=*)', array('nsslapd-directory'));
//console("Result normalized", $result);
$result = $result[key($result)];
- $directory = str_replace(str_replace('.', '_', $conf->get('kolab', 'primary_domain')), str_replace('.','_',$domain_name), $result['nsslapd-directory']);
+ $directory = str_replace(str_replace('.', '_', $this->conf->get('kolab', 'primary_domain')), str_replace('.','_',$domain_name), $result['nsslapd-directory']);
$dn = "cn=" . str_replace('.', '_', $domain_name) . ",cn=ldbm database,cn=plugins,cn=config";
$attrs = array(
@@ -1934,14 +1912,14 @@ class LDAP
$this->_add($dn, $attrs);
// Query the ACI for the primary domain
- $domain_filter = $conf->get('ldap', 'domain_filter');
- $domain_filter = '(&(' . $domain_name_attribute . '=' . $conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
+ $domain_filter = $this->conf->get('ldap', 'domain_filter');
+ $domain_filter = '(&(' . $domain_name_attribute . '=' . $this->conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
$domain_entry = $this->_search($domain_base_dn, $domain_filter);
if (in_array('inetdomainbasedn', $domain_entry)) {
$_base_dn = $domain_entry['inetdomainbasedn'];
} else {
- $_base_dn = $this->_standard_root_dn($conf->get('kolab', 'primary_domain'));
+ $_base_dn = $this->_standard_root_dn($this->conf->get('kolab', 'primary_domain'));
}
$result = $this->_read($_base_dn, '(objectclass=*)', array('aci'));
@@ -1955,9 +1933,9 @@ class LDAP
$_aci = $aci;
}
- $service_bind_dn = $conf->get('ldap', 'service_bind_dn');
+ $service_bind_dn = $this->conf->get('ldap', 'service_bind_dn');
if (empty($service_bind_dn)) {
- $service_bind_dn = $conf->get('ldap', 'bind_dn');
+ $service_bind_dn = $this->conf->get('ldap', 'bind_dn');
}
$dn = $inetdomainbasedn;
@@ -2230,20 +2208,18 @@ class LDAP
*/
private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'), $normalize = true)
{
- $conf = Conf::get_instance();
-
if (!$this->_connect()) {
return null;
}
- $attributes = (array)($attributes);
+ $attributes = (array)$attributes;
//console("Searching $base_dn with filter: $search_filter, attempting to get attributes", $attributes);
if (!empty($_SESSION['user'])) {
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
} else {
- $this->_bind($conf->get('ldap', 'service_bind_dn'), $conf->get('ldap', 'service_bind_pw'));
+ $this->_bind($this->conf->get('ldap', 'service_bind_dn'), $this->conf->get('ldap', 'service_bind_pw'));
}
if (!in_array($this->unique_attribute(), $attributes)) {
@@ -2382,12 +2358,12 @@ class LDAP
//console("User DN: " . $_SESSION['user']->user_bind_dn);
- if (($bind_success = ldap_bind($tmpconn, $_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw)) == false) {
+ if (ldap_bind($tmpconn, $_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw) === false) {
//message("LDAP Error: " . $this->_errstr());
return false;
}
- if (($list_success = ldap_list($tmpconn, $entry_root_dn, '(objectClass=*)', array('*', 'aci'))) == false) {
+ if (($list_success = ldap_list($tmpconn, $entry_root_dn, '(objectClass=*)', array('*', 'aci'))) === false) {
//message("LDAP Error: " . $this->_errstr());
return false;
}
@@ -2623,8 +2599,7 @@ class LDAP
*/
private function unique_attribute()
{
- $conf = Conf::get_instance();
- $unique_attr = $conf->get('unique_attribute');
+ $unique_attr = $this->conf->get('unique_attribute');
if (!$unique_attr) {
$unique_attr = 'nsuniqueid';
commit 2abe46fafdc32d689ac38333f0da751f569ecbfc
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Wed Aug 8 19:20:32 2012 +0200
Move search result serialization into _search()
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 4ccafee..1933c08 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -363,10 +363,10 @@ class LDAP
$domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
$domain_filter = "(&$domain_filter($domain_name_attribute=$domain))";
- $result = self::normalize_result($this->_search($domain_base_dn, $domain_filter, $attributes));
+ $result = $this->_search($domain_base_dn, $domain_filter, $attributes);
}
else {
- $result = self::normalize_result($this->_search($domain_dn, '(objectclass=*)', $attributes));
+ $result = $this->_search($domain_dn, '(objectclass=*)', $attributes);
}
if (!$result) {
@@ -494,7 +494,6 @@ class LDAP
"(&(objectclass=groupofuniquenames)(uniquemember=$member_dn))" .
")");
- $entries = self::normalize_result($entries);
$groups = array_keys($entries);
return $groups;
@@ -503,7 +502,6 @@ class LDAP
public function get_attribute($subject_dn, $attribute)
{
$result = $this->_search($subject_dn, '(objectclass=*)', (array)($attribute));
- $result = self::normalize_result($result);
$dn = key($result);
$attr = key($result[$dn]);
@@ -513,7 +511,6 @@ class LDAP
public function get_attributes($subject_dn, $attributes)
{
$result = $this->_search($subject_dn, '(objectclass=*)', $attributes);
- $result = self::normalize_result($result);
if (!empty($result)) {
$result = array_pop($result);
@@ -604,7 +601,7 @@ class LDAP
return false;
}
- return self::normalize_result($this->_search($group_dn, '(objectclass=*)', $attributes));
+ return $this->_search($group_dn, '(objectclass=*)', $attributes);
}
public function group_members_list($group, $recurse = true)
@@ -621,7 +618,6 @@ class LDAP
public function list_domains()
{
$domains = $this->domains_list();
- $domains = self::normalize_result($domains);
return $domains;
}
@@ -635,7 +631,6 @@ class LDAP
}
$groups = $this->groups_list($attributes, $search);
- $groups = self::normalize_result($groups);
if (!empty($params['sort_by'])) {
$this->sort_result_key = $params['sort_by'];
@@ -666,7 +661,6 @@ class LDAP
}
$users = $this->users_list($attributes, $search);
- $users = self::normalize_result($users);
if (!empty($params['sort_by'])) {
$this->sort_result_key = $params['sort_by'];
@@ -697,7 +691,6 @@ class LDAP
}
$resources = $this->resources_list($attributes, $search);
- $resources = self::normalize_result($resources);
if (!empty($params['sort_by'])) {
$this->sort_result_key = $params['sort_by'];
@@ -720,7 +713,6 @@ class LDAP
}
$roles = $this->roles_list($attributes, $search);
- $roles = self::normalize_result($roles);
if (!empty($params['sort_by'])) {
$this->sort_result_key = $params['sort_by'];
@@ -822,7 +814,7 @@ class LDAP
return false;
}
- return self::normalize_result($this->_search($resource_dn, '(objectclass=*)', $attributes));
+ return $this->_search($resource_dn, '(objectclass=*)', $attributes);
}
public function resource_members_list($resource, $recurse = true)
@@ -882,7 +874,7 @@ class LDAP
return false;
}
- return self::normalize_result($this->_search($role_dn, '(objectclass=ldapsubentry)', $attributes));
+ return $this->_search($role_dn, '(objectclass=ldapsubentry)', $attributes);
}
public function user_add($attrs, $typeid = null)
@@ -987,7 +979,7 @@ class LDAP
return false;
}
- return self::normalize_result($this->_search($user_dn, '(objectclass=*)', $attributes));
+ return $this->_search($user_dn, '(objectclass=*)', $attributes);
}
public function user_find_by_attribute($attribute)
@@ -1023,13 +1015,7 @@ class LDAP
$domain_name_attribute = 'associateddomain';
}
- $result = self::normalize_result(
- $this->_search(
- $conf->get('domain_base_dn'),
- '(' . $domain_name_attribute . '=' . $domain . ')'
- )
- );
-
+ $result = $this->_search($conf->get('domain_base_dn'), '(' . $domain_name_attribute . '=' . $domain . ')');
$result = $result[key($result)];
//console("intermediate result for domain_root_dn()", $result);
@@ -1075,7 +1061,7 @@ class LDAP
$_base_dn = $base_dn;
}
- $result = self::normalize_result($this->_search($_base_dn, $search_filter, $attributes));
+ $result = $this->_search($_base_dn, $search_filter, $attributes);
$result = array_keys($result);
return $result;
@@ -1142,7 +1128,7 @@ class LDAP
//console("Using base_dn from domain " . $this->domain . ": " . $base_dn);
}
- $result = self::normalize_result($this->_search($base_dn, $filter, array_keys($attribute)));
+ $result = $this->_search($base_dn, $filter, array_keys($attribute));
if (count($result) > 0) {
//console("Results found: " . implode(', ', array_keys($result)));
@@ -1260,7 +1246,7 @@ class LDAP
'attributeLevelRights' => array(),
);
- $subject = self::normalize_result($this->_search($subject_dn));
+ $subject = $this->_search($subject_dn);
$attributes = $this->allowed_attributes($subject[$subject_dn]['objectclass']);
$attributes = array_merge($attributes['may'], $attributes['must']);
@@ -1617,16 +1603,17 @@ class LDAP
private function resources_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
-
+ $conf = Conf::get_instance();
$base_dn = $conf->get('resource_base_dn');
- if (!$base_dn)
+ if (!$base_dn) {
$base_dn = "ou=Resources," . $conf->get('base_dn');
+ }
$filter = $conf->get('resource_filter');
- if (!$filter)
+ if (!$filter) {
$filter = '(&(objectclass=*)(!(objectclass=organizationalunit)))';
+ }
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -1643,8 +1630,7 @@ class LDAP
private function users_list($attributes = array(), $search = array())
{
- $conf = Conf::get_instance();
-
+ $conf = Conf::get_instance();
$base_dn = $conf->get('user_base_dn');
if (!$base_dn) {
@@ -1854,8 +1840,8 @@ class LDAP
// Get the parent
$domain_filter = '(&(' . $domain_name_attribute . '=' . $parent . ')' . $domain_filter . ')';
- $domain_entry = self::normalize_result($this->_search($domain_base_dn, $domain_filter));
- $domain_dn = key($domain_entry);
+ $domain_entry = $this->_search($domain_base_dn, $domain_filter);
+ $domain_dn = key($domain_entry);
$_old_attr = array($domain_name_attribute => $domain_entry[$domain_dn][$domain_name_attribute]);
if (is_array($domain)) {
@@ -1913,7 +1899,8 @@ class LDAP
$domain_filter = $conf->get('ldap', 'domain_filter');
$domain_filter = '(&(' . $domain_name_attribute . '=' . $conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
- $domain_entry = self::normalize_result($this->_search($domain_base_dn, $domain_filter));
+ $domain_entry = $this->_search($domain_base_dn, $domain_filter);
+
if (in_array('inetdomainbasedn', $domain_entry)) {
$_base_dn = $domain_entry['inetdomainbasedn'];
} else {
@@ -1949,7 +1936,8 @@ class LDAP
// Query the ACI for the primary domain
$domain_filter = $conf->get('ldap', 'domain_filter');
$domain_filter = '(&(' . $domain_name_attribute . '=' . $conf->get('kolab', 'primary_domain') . ')' . $domain_filter . ')';
- $domain_entry = self::normalize_result($this->_search($domain_base_dn, $domain_filter));
+ $domain_entry = $this->_search($domain_base_dn, $domain_filter);
+
if (in_array('inetdomainbasedn', $domain_entry)) {
$_base_dn = $domain_entry['inetdomainbasedn'];
} else {
@@ -2240,7 +2228,7 @@ class LDAP
/**
* Shortcut to ldap_search()
*/
- private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
+ private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'), $normalize = true)
{
$conf = Conf::get_instance();
@@ -2278,6 +2266,10 @@ class LDAP
return null;
}
+ if ($normalize) {
+ $entries = self::normalize_result($entries);
+ }
+
return $entries;
}
@@ -2480,7 +2472,7 @@ class LDAP
}
}
- $entry = self::normalize_result($this->_search($dn));
+ $entry = $this->_search($dn);
//console("ENTRIES for \$dn $dn", $entry);
@@ -2593,7 +2585,7 @@ class LDAP
foreach ((array)($memberurls) as $url) {
$ldap_uri_components = $this->_parse_memberurl($url);
- $entries = self::normalize_result($this->_search($ldap_uri_components[3], $ldap_uri_components[6]));
+ $entries = $this->_search($ldap_uri_components[3], $ldap_uri_components[6]);
foreach ($entries as $entry_dn => $_entry) {
$group_members[$entry_dn] = $_entry;
commit 932beb64ff07b6d6e24a554084e125352da78c63
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Wed Aug 8 19:10:02 2012 +0200
CS fixes and small code improvements
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b73455f..4ccafee 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -65,7 +65,7 @@ class LDAP
$this->conf = Conf::get_instance();
// See if we are to connect to any domain explicitly defined.
- if (!isset($domain) || empty($domain)) {
+ if (empty($domain)) {
// If not, attempt to get the domain from the session.
if (isset($_SESSION['user'])) {
try {
@@ -186,7 +186,7 @@ class LDAP
$subject_dn = $subject;
}
- if (($bind_ok = $this->_bind($subject_dn, $password)) == true) {
+ if ($this->_bind($subject_dn, $password)) {
// $this->_unbind();
if (isset($_SESSION['user'])) {
@@ -228,7 +228,7 @@ class LDAP
}
}
}
- } elseif (array_key_exists(strtolower($attribute), $attribs)) {
+ } else if (array_key_exists(strtolower($attribute), $attribs)) {
$attrib_details = $attribs[strtolower($attribute)];
if (!empty($attrib_details['sup'])) {
@@ -244,23 +244,21 @@ class LDAP
}
// The relevant parts only, please
- $attributes_details[$attribute] = Array(
- 'type' => (array_key_exists('single-value', $attrib_details) && $attrib_details['single-value']) ? "text" : "list",
- 'description' => $attrib_details['desc'],
- 'syntax' => $attrib_details['syntax'],
- 'max-length' => (array_key_exists('max_length', $attrib_details)) ? $attrib_details['max-length'] : false,
- );
+ $attributes_details[$attribute] = array(
+ 'type' => (array_key_exists('single-value', $attrib_details) && $attrib_details['single-value']) ? "text" : "list",
+ 'description' => $attrib_details['desc'],
+ 'syntax' => $attrib_details['syntax'],
+ 'max-length' => (array_key_exists('max_length', $attrib_details)) ? $attrib_details['max-length'] : false,
+ );
}
return $attributes_details;
}
- public function allowed_attributes($objectclasses = Array())
+ public function allowed_attributes($objectclasses = array())
{
//console("Listing allowed_attributes for objectclasses", $objectclasses);
- $_schema = $this->init_schema();
-
if (!is_array($objectclasses)) {
return false;
}
@@ -269,22 +267,23 @@ class LDAP
return false;
}
- $may = Array();
- $must = Array();
- $superclasses = Array();
+ $schema = $this->init_schema();
+ $may = array();
+ $must = array();
+ $superclasses = array();
foreach ($objectclasses as $objectclass) {
- $superclass = $_schema->superclass($objectclass);
+ $superclass = $schema->superclass($objectclass);
if (!empty($superclass)) {
$superclasses = array_merge($superclass, $superclasses);
}
- $_may = $_schema->may($objectclass);
+ $_may = $schema->may($objectclass);
if (is_array($_may)) {
$may = array_merge($may, $_may);
} /* else {
} */
- $_must = $_schema->must($objectclass);
+ $_must = $schema->must($objectclass);
if (is_array($_must)) {
$must = array_merge($must, $_must);
} /* else {
@@ -292,7 +291,7 @@ class LDAP
} */
}
- return Array('may' => $may, 'must' => $must, 'super' => $superclasses);
+ return array('may' => $may, 'must' => $must, 'super' => $superclasses);
}
@@ -328,7 +327,8 @@ class LDAP
}
$_domain_dn = $domain;
- } else {
+ }
+ else {
$_domain_dn = key($_domain);
}
@@ -347,6 +347,7 @@ class LDAP
{
$conf = Conf::get_instance();
$base_dn = $conf->get('ldap', 'domain_base_dn');
+
return $this->entry_find_by_attribute($attribute, $base_dn);
}
@@ -357,12 +358,14 @@ class LDAP
$domain_dn = $this->entry_dn($domain);
if (!$domain_dn) {
- $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
- $domain_filter = $conf->get('ldap', 'domain_filter');
+ $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
+ $domain_filter = $conf->get('ldap', 'domain_filter');
$domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
- $domain_filter = "(&$domain_filter($domain_name_attribute=$domain))";
+ $domain_filter = "(&$domain_filter($domain_name_attribute=$domain))";
+
$result = self::normalize_result($this->_search($domain_base_dn, $domain_filter, $attributes));
- } else {
+ }
+ else {
$result = self::normalize_result($this->_search($domain_dn, '(objectclass=*)', $attributes));
}
@@ -392,8 +395,7 @@ class LDAP
);
$output = array();
-
- $conf = Conf::get_instance();
+ $conf = Conf::get_instance();
$entry_dn = $this->entry_dn($subject);
if (!$entry_dn) {
@@ -483,21 +485,17 @@ class LDAP
{
//console(__FILE__ . "(" . __LINE__ . "): " . $member_dn);
- $groups = array();
-
+ $groups = array();
$root_dn = $this->domain_root_dn($this->domain);
// TODO: Do not query for both, it's either one or the other
$entries = $this->_search($root_dn, "(|" .
- "(&(objectclass=groupofnames)(member=$member_dn))" .
- "(&(objectclass=groupofuniquenames)(uniquemember=$member_dn))" .
+ "(&(objectclass=groupofnames)(member=$member_dn))" .
+ "(&(objectclass=groupofuniquenames)(uniquemember=$member_dn))" .
")");
$entries = self::normalize_result($entries);
-
- foreach ($entries as $entry_dn => $entry_attributes) {
- $groups[] = $entry_dn;
- }
+ $groups = array_keys($entries);
return $groups;
}
@@ -750,8 +748,9 @@ class LDAP
// Check if the resource_type has a specific base DN specified.
$base_dn = $this->conf->get($type_str . "_resource_base_dn");
// If not, take the regular user_base_dn
- if (!$base_dn)
+ if (!$base_dn) {
$base_dn = $this->conf->get("resource_base_dn");
+ }
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
@@ -819,8 +818,9 @@ class LDAP
{
$resource_dn = $this->entry_dn($resource);
- if (!$resource_dn)
+ if (!$resource_dn) {
return false;
+ }
return self::normalize_result($this->_search($resource_dn, '(objectclass=*)', $attributes));
}
@@ -866,11 +866,12 @@ class LDAP
$attribute['objectclass'] = 'ldapsubentry';
$result = $this->entry_find_by_attribute($attribute);
+
if (is_array($result) && count($result) == 0) {
return key($result);
- } else {
- return false;
}
+
+ return false;
}
public function role_info($role, $attributes = array('*'))
@@ -982,8 +983,9 @@ class LDAP
{
$user_dn = $this->entry_dn($user);
- if (!$user_dn)
+ if (!$user_dn) {
return false;
+ }
return self::normalize_result($this->_search($user_dn, '(objectclass=*)', $attributes));
}
@@ -999,8 +1001,6 @@ class LDAP
private function domain_root_dn($domain = '')
{
//console("Auth::LDAP::domain_root_dn(\$domain) called with \$domain", $domain);
- $conf = Conf::get_instance();
-
if ($domain == '') {
return false;
}
@@ -1011,6 +1011,7 @@ class LDAP
//console("Searching for domain $domain");
//console("From domain to root dn");
+ $conf = Conf::get_instance();
if (($this->_bind($conf->get('ldap', 'bind_dn'), $conf->get('ldap', 'bind_pw'))) == false) {
//console("WARNING: Invalid Service bind credentials supplied");
@@ -1035,14 +1036,17 @@ class LDAP
if (is_array($result)) {
if (in_array('inetdomainbasedn', $result) && !empty($result['inetdomainbasedn'])) {
return $result['inetdomainbasedn'];
- } else {
+ }
+ else {
if (is_array($result[$domain_name_attribute])) {
return $this->_standard_root_dn($result[$domain_name_attribute][0]);
- } else {
+ }
+ else {
return $this->_standard_root_dn($result[$domain_name_attribute]);
}
}
- } else {
+ }
+ else {
return $this->_standard_root_dn($domain);
}
@@ -1073,7 +1077,6 @@ class LDAP
$result = self::normalize_result($this->_search($_base_dn, $search_filter, $attributes));
$result = array_keys($result);
- //console($result);
return $result;
}
@@ -1456,8 +1459,6 @@ class LDAP
{
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- //console($attributes);
-
// Opportunities to set false include failed ldap commands.
$result = true;
@@ -1646,8 +1647,9 @@ class LDAP
$base_dn = $conf->get('user_base_dn');
- if (!$base_dn)
+ if (!$base_dn) {
$base_dn = $conf->get('base_dn');
+ }
$filter = $conf->get('user_filter');
@@ -1669,8 +1671,7 @@ class LDAP
return array();
}
- $conf = Conf::get_instance();
-
+ $conf = Conf::get_instance();
$dn_attr = $conf->get($conf->get('kolab', 'auth_mechanism'), 'domain_name_attribute');
$result = array();
@@ -1758,6 +1759,7 @@ class LDAP
return array(implode('@', $username_parts), $domain_name);
}
+/*
public function user_type_attribute_filter($type = false)
{
global $conf;
@@ -1804,6 +1806,7 @@ class LDAP
return $search_filter;
}
+*/
/***********************************************************
************ Shortcut functions ****************
@@ -1831,11 +1834,11 @@ class LDAP
if (($add_result = ldap_add($this->conn, $entry_dn, $attributes)) == false) {
Log::trace("LDAP: S: " . ldap_error($this->conn));
Log::warning("LDAP: Adding entry $entry_dn failed. " . ldap_error($this->conn));
+
return false;
}
- else {
- Log::trace("LDAP: S: OK");
- }
+
+ Log::trace("LDAP: S: OK");
return true;
}
@@ -1870,19 +1873,19 @@ class LDAP
$conf = Conf::get_instance();
$auth = Auth::get_instance();
- $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
+ $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
$domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
if (is_array($domain)) {
$domain_name = array_shift($domain);
} else {
$domain_name = $domain;
- $domain = (array)($domain);
+ $domain = (array)$domain;
}
$dn = $domain_name_attribute . '=' . $domain_name . ',' . $domain_base_dn;
$attrs = array(
- 'objectclass' => Array(
+ 'objectclass' => array(
'top',
'domainrelatedobject'
),
@@ -1896,7 +1899,7 @@ class LDAP
$dn = "cn=" . $cn . ",cn=mapping tree,cn=config";
$attrs = array(
- 'objectclass' => Array(
+ 'objectclass' => array(
'top',
'extensibleObject',
'nsMappingTree',
@@ -1925,8 +1928,8 @@ class LDAP
$directory = str_replace(str_replace('.', '_', $conf->get('kolab', 'primary_domain')), str_replace('.','_',$domain_name), $result['nsslapd-directory']);
$dn = "cn=" . str_replace('.', '_', $domain_name) . ",cn=ldbm database,cn=plugins,cn=config";
- $attrs = Array(
- 'objectclass' => Array(
+ $attrs = array(
+ 'objectclass' => array(
'top',
'extensibleobject',
'nsbackendinstance',
@@ -1973,11 +1976,11 @@ class LDAP
$attrs = array(
// @TODO: Probably just use ldap_explode_dn()
'dc' => substr($dn, (strpos($dn, '=')+1), ((strpos($dn, ',')-strpos($dn, '='))-1)),
- 'objectclass' => Array(
+ 'objectclass' => array(
'top',
'domain',
),
- 'aci' => Array(
+ 'aci' => array(
// Self-modification
"(targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)",
@@ -2027,39 +2030,39 @@ class LDAP
$dn = "ou=People," . $inetdomainbasedn;
$attrs = array(
- 'objectclass' => Array('top', 'organizationalunit'),
+ 'objectclass' => array('top', 'organizationalunit'),
'ou' => 'People',
);
$this->_add($dn, $attrs);
$dn = "ou=Special Users," . $inetdomainbasedn;
- $attrs = Array(
- 'objectclass' => Array('top', 'organizationalunit'),
+ $attrs = array(
+ 'objectclass' => array('top', 'organizationalunit'),
'ou' => 'Special Users',
);
$this->_add($dn, $attrs);
$dn = "ou=Resources," . $inetdomainbasedn;
- $attrs = Array(
- 'objectclass' => Array('top', 'organizationalunit'),
+ $attrs = array(
+ 'objectclass' => array('top', 'organizationalunit'),
'ou' => 'Resources',
);
$this->_add($dn, $attrs);
$dn = "ou=Shared Folders," . $inetdomainbasedn;
- $attrs = Array(
- 'objectclass' => Array('top', 'organizationalunit'),
+ $attrs = array(
+ 'objectclass' => array('top', 'organizationalunit'),
'ou' => 'Shared Folders',
);
$this->_add($dn, $attrs);
$dn = 'cn=kolab-admin,ou=People,' . $inetdomainbasedn;
- $attrs = Array(
- 'objectclass' => Array(
+ $attrs = array(
+ 'objectclass' => array(
'top',
'ldapsubentry',
'nsroledefinition',
@@ -2097,9 +2100,12 @@ class LDAP
if (@ldap_bind($this->conn, $dn, $pw) === false) {
Log::trace("LDAP: S: " . ldap_error($this->conn));
Log::warning("LDAP: Binding $dn failed. " . ldap_error($this->conn));
+
return false;
}
+ Log::trace("LDAP: S: OK");
+
return true;
}
@@ -2114,13 +2120,13 @@ class LDAP
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 9);
- Log::debug("LDAP: Connect " . $this->_ldap_server . " on port " . $this->_ldap_port);
+ Log::debug("LDAP: Connect to " . $this->_ldap_server . ":" . $this->_ldap_port);
$connection = ldap_connect($this->_ldap_server, $this->_ldap_port);
if ($connection == false) {
$this->conn = null;
- Log::error("LDAP: Could not connect to server. " . ldap_error());
+ Log::error("LDAP: Could not connect to " . ldap_error());
return false;
}
@@ -2134,6 +2140,28 @@ class LDAP
}
/**
+ * Shortcut to ldap_disconnect()
+ */
+ private function _disconnect()
+ {
+ if (!$this->conn) {
+ return true;
+ }
+
+ if (ldap_close($this->conn)) {
+ $this->conn = null;
+ $this->bind_dn = null;
+ $this->bind_pw = null;
+
+ Log::debug("LDAP: Disconnected");
+
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
* Shortcut to ldap_delete()
*/
private function _delete($entry_dn)
@@ -2179,27 +2207,6 @@ class LDAP
/**
- * Shortcut to ldap_disconnect()
- */
- private function _disconnect()
- {
- if (!$this->conn) {
- return true;
- }
-
- if (($result = ldap_close($this->conn)) == true) {
- $this->conn = null;
- $this->bind_dn = null;
- $this->bind_pw = null;
-
- return true;
- }
-
- return false;
- }
-
-
- /**
* Shortcut to ldap_get_entries() over ldap_list()
*
* Takes a $base_dn and $filter like ldap_list(), and returns an
commit 8cbf70398f5a0e8466898cba9a5bd17da0ac481d
Author: Aleksander Machniak <machniak at kolabsys.com>
Date: Tue Aug 7 19:41:00 2012 +0200
Add LDAP protocol tracking, CS fixes + code improvements
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 6686db1..b73455f 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -204,7 +204,6 @@ class LDAP
return $subject_dn;
}
else {
- //console("LDAP Error: " . $this->_errstr());
return false;
}
}
@@ -1218,10 +1217,9 @@ class LDAP
private function legacy_rights($subject)
{
- $subject_dn = $this->entry_dn($subject);
-
+ $subject_dn = $this->entry_dn($subject);
$user_is_admin = false;
- $user_is_self = false;
+ $user_is_self = false;
// List group memberships
$user_groups = $this->find_user_groups($_SESSION['user']->user_bind_dn);
@@ -1255,9 +1253,9 @@ class LDAP
}
$rights = array(
- 'entryLevelRights' => $standard_rights,
- 'attributeLevelRights' => array(),
- );
+ 'entryLevelRights' => $standard_rights,
+ 'attributeLevelRights' => array(),
+ );
$subject = self::normalize_result($this->_search($subject_dn));
$attributes = $this->allowed_attributes($subject[$subject_dn]['objectclass']);
@@ -1276,7 +1274,7 @@ class LDAP
//console("NEW ATTRIBUTES", $new_attrs);
// TODO: Get $rdn_attr - we have type_id in $new_attrs
- $dn_components = ldap_explode_dn($subject_dn, 0);
+ $dn_components = ldap_explode_dn($subject_dn, 0);
$rdn_components = explode('=', $dn_components[0]);
$rdn_attr = $rdn_components[0];
@@ -1472,10 +1470,13 @@ class LDAP
$new_parent = null;
}
- //console("Attempt to rename $olddn to $newrdn,$new_parent");
+ Log::trace("LDAP: C: Rename $olddn to $newrdn,$new_parent");
$result = ldap_rename($this->conn, $olddn, $newrdn, $new_parent, true);
+
if ($result) {
+ Log::trace("LDAP: S: OK");
+
if ($new_parent) {
$subject_dn = $newrdn . ',' . $new_parent;
} else {
@@ -1486,35 +1487,57 @@ class LDAP
$subject_dn = $newrdn . ',' . $old_parent_dn;
}
}
-
+ else {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Failed to rename $olddn to $newrdn,$new_parent");
+ return false;
+ }
}
if (is_array($attributes['replace']) && !empty($attributes['replace'])) {
+ Log::trace("LDAP: C: Mod-Replace $subject_dn: " . json_encode($attributes['replace']));
+
$result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
- }
- if (!$result) {
- //console("Failed to replace the following attributes on subject " . $subject_dn, $attributes['replace']);
- return false;
+ if ($result) {
+ Log::trace("LDAP: S: OK");
+ }
+ else {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Failed to replace attributes on $subject_dn: " . json_encode($attributes['replace']));
+ return false;
+ }
}
if (is_array($attributes['del']) && !empty($attributes['del'])) {
+ Log::trace("LDAP: C: Mod-Delete $subject_dn: " . json_encode($attributes['del']));
+
$result = ldap_mod_del($this->conn, $subject_dn, $attributes['del']);
- }
- if (!$result) {
- //console("Failed to delete the following attributes", $attributes['del']);
- return false;
+ if ($result) {
+ Log::trace("LDAP: S: OK");
+ }
+ else {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Failed to delete attributes on $subject_dn: " . json_encode($attributes['del']));
+ return false;
+ }
}
if (is_array($attributes['add']) && !empty($attributes['add'])) {
+ Log::trace("LDAP: C: Mod-Add $subject_dn: " . json_encode($attributes['add']));
+
$result = ldap_mod_add($this->conn, $subject_dn, $attributes['add']);
- }
- if (!$result) {
- //console("Failed to add the following attributes", $attributes['add']);
- return false;
+ if ($result) {
+ Log::trace("LDAP: S: OK");
+ }
+ else {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Failed to add attributes on $subject_dn: " . json_encode($attributes['add']));
+ return false;
+ }
}
return true;
@@ -1522,15 +1545,14 @@ class LDAP
private function parse_attribute_level_rights($attribute_value)
{
- $attribute_value = str_replace(", ", ",", $attribute_value);
+ $attribute_value = str_replace(", ", ",", $attribute_value);
$attribute_values = explode(",", $attribute_value);
-
- $attribute_value = array();
+ $attribute_value = array();
foreach ($attribute_values as $access_right) {
$access_right_components = explode(":", $access_right);
- $access_attribute = strtolower(array_shift($access_right_components));
- $access_value = array_shift($access_right_components);
+ $access_attribute = strtolower(array_shift($access_right_components));
+ $access_value = array_shift($access_right_components);
$attribute_value[$access_attribute] = array();
@@ -1587,9 +1609,7 @@ class LDAP
$this->_bind($conf->get('bind_dn'), $conf->get('bind_pw'));
- $result = ldap_read($this->conn, "", "(objectclass=*)", array("supportedControl"));
- $result = ldap_get_entries($this->conn, $result);
- $result = self::normalize_result($result);
+ $result = $this->_read("", "(objectclass=*)", array("supportedControl"));
return $result['']['supportedcontrol'];
}
@@ -1629,7 +1649,7 @@ class LDAP
if (!$base_dn)
$base_dn = $conf->get('base_dn');
- $filter = $conf->get('user_filter');
+ $filter = $conf->get('user_filter');
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -1806,10 +1826,16 @@ class LDAP
}
}
+ Log::trace("LDAP: C: Add $entry_dn: " . json_encode($attributes));
+
if (($add_result = ldap_add($this->conn, $entry_dn, $attributes)) == false) {
- // Issue warning
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Adding entry $entry_dn failed. " . ldap_error($this->conn));
return false;
}
+ else {
+ Log::trace("LDAP: S: OK");
+ }
return true;
}
@@ -1856,14 +1882,12 @@ class LDAP
$dn = $domain_name_attribute . '=' . $domain_name . ',' . $domain_base_dn;
$attrs = array(
- 'objectclass' => Array(
- 'top',
- 'domainrelatedobject'
- ),
- $domain_name_attribute => array_unique(
- array_merge((array)($domain_name), $domain)
- ),
- );
+ 'objectclass' => Array(
+ 'top',
+ 'domainrelatedobject'
+ ),
+ $domain_name_attribute => array_unique(array_merge((array)($domain_name), $domain)),
+ );
$this->_add($dn, $attrs);
@@ -1872,15 +1896,15 @@ class LDAP
$dn = "cn=" . $cn . ",cn=mapping tree,cn=config";
$attrs = array(
- 'objectclass' => Array(
- 'top',
- 'extensibleObject',
- 'nsMappingTree',
- ),
- 'nsslapd-state' => 'backend',
- 'cn' => $inetdomainbasedn,
- 'nsslapd-backend' => str_replace('.', '_', $domain_name),
- );
+ 'objectclass' => Array(
+ 'top',
+ 'extensibleObject',
+ 'nsMappingTree',
+ ),
+ 'nsslapd-state' => 'backend',
+ 'cn' => $inetdomainbasedn,
+ 'nsslapd-backend' => str_replace('.', '_', $domain_name),
+ );
$this->_add($dn, $attrs);
@@ -1893,10 +1917,7 @@ class LDAP
$_base_dn = $this->_standard_root_dn($conf->get('kolab', 'primary_domain'));
}
- $result = @ldap_read($this->conn, "cn=" . str_replace('.', '_', $conf->get('kolab', 'primary_domain') . ",cn=ldbm database,cn=plugins,cn=config"), '(objectclass=*)', array('nsslapd-directory'));
- $result = @ldap_get_entries($this->conn, $result);
-
- $result = self::normalize_result($result);
+ $result = $this->_read("cn=" . str_replace('.', '_', $conf->get('kolab', 'primary_domain') . ",cn=ldbm database,cn=plugins,cn=config"), '(objectclass=*)', array('nsslapd-directory'));
//console("Result normalized", $result);
@@ -1905,20 +1926,20 @@ class LDAP
$dn = "cn=" . str_replace('.', '_', $domain_name) . ",cn=ldbm database,cn=plugins,cn=config";
$attrs = Array(
- 'objectclass' => Array(
- 'top',
- 'extensibleobject',
- 'nsbackendinstance',
- ),
- 'cn' => str_replace('.', '_', $domain_name),
- 'nsslapd-suffix' => $inetdomainbasedn,
- 'nsslapd-cachesize' => '-1',
- 'nsslapd-cachememsize' => '10485760',
- 'nsslapd-readonly' => 'off',
- 'nsslapd-require-index' => 'off',
- 'nsslapd-directory' => $directory,
- 'nsslapd-dncachememsize' => '10485760'
- );
+ 'objectclass' => Array(
+ 'top',
+ 'extensibleobject',
+ 'nsbackendinstance',
+ ),
+ 'cn' => str_replace('.', '_', $domain_name),
+ 'nsslapd-suffix' => $inetdomainbasedn,
+ 'nsslapd-cachesize' => '-1',
+ 'nsslapd-cachememsize' => '10485760',
+ 'nsslapd-readonly' => 'off',
+ 'nsslapd-require-index' => 'off',
+ 'nsslapd-directory' => $directory,
+ 'nsslapd-dncachememsize' => '10485760'
+ );
$this->_add($dn, $attrs);
@@ -1932,13 +1953,9 @@ class LDAP
$_base_dn = $this->_standard_root_dn($conf->get('kolab', 'primary_domain'));
}
- $result = @ldap_read($this->conn, $_base_dn, '(objectclass=*)', array('aci'));
- $result = @ldap_get_entries($this->conn, $result);
-
- $result = self::normalize_result($result);
-
+ $result = $this->_read($_base_dn, '(objectclass=*)', array('aci'));
$result = $result[key($result)];
- $acis = $result['aci'];
+ $acis = $result['aci'];
foreach ($acis as $aci) {
if (stristr($aci, "SIE Group") === FALSE) {
@@ -2072,14 +2089,14 @@ class LDAP
return true;
}
- Log::debug("LDAP: Binding with $dn");
+ Log::debug("LDAP: C: Bind $dn");
$this->bind_dn = $dn;
$this->bind_pw = $pw;
- if (($bind_ok = ldap_bind($this->conn, $dn, $pw)) == false) {
- //console("LDAP Error: " . $this->_errstr());
- // Issue error message
+ if (@ldap_bind($this->conn, $dn, $pw) === false) {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Binding $dn failed. " . ldap_error($this->conn));
return false;
}
@@ -2097,12 +2114,13 @@ class LDAP
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 9);
- Log::debug("LDAP: Connecting to " . $this->_ldap_server . " on port " . $this->_ldap_port);
+ Log::debug("LDAP: Connect " . $this->_ldap_server . " on port " . $this->_ldap_port);
+
$connection = ldap_connect($this->_ldap_server, $this->_ldap_port);
if ($connection == false) {
$this->conn = null;
- Log::error("LDAP: Not connected: " . ldap_err2str() . " (" . ldap_errno() . ")");
+ Log::error("LDAP: Could not connect to server. " . ldap_error());
return false;
}
@@ -2110,7 +2128,7 @@ class LDAP
ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
- Log::debug("LDAP: Connected!");
+ Log::debug("LDAP: Connected");
return true;
}
@@ -2123,15 +2141,43 @@ class LDAP
// Always bind with the session credentials
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- if (($delete_result = ldap_delete($this->conn, $entry_dn)) == false) {
- // Issue warning
+ Log::trace("LDAP: C: Delete $entry_dn");
+
+ if (ldap_delete($this->conn, $entry_dn) === false) {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Delete failed. " . ldap_error($this->conn));
return false;
}
+
+ Log::trace("LDAP: S: OK");
+
+ return true;
+ }
+
+ /**
+ * Shortcut for ldap_read()
+ */
+ private function _read($base_dn, $filter, $attributes)
+ {
+ Log::trace("LDAP: C: Read $filter " . json_encode($attributes));
+
+ $result = @ldap_read($this->conn, $base_dn, $filter, $attributes);
+
+ if ($result === false) {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Read failed. " . ldap_error($this->conn));
+ }
else {
- return true;
+ Log::trace("LDAP: S: " . ldap_count_entries($this->conn, $result) . " record(s)");
}
+
+ $result = @ldap_get_entries($this->conn, $result);
+ $result = self::normalize_result($result);
+
+ return $result;
}
+
/**
* Shortcut to ldap_disconnect()
*/
@@ -2152,20 +2198,6 @@ class LDAP
return false;
}
- /**
- * Shortcut to ldap_err2str() over ldap_errno()
- */
- private function _errstr()
- {
- if ($errno = @ldap_errno($this->conn)) {
- if ($err2str = @ldap_err2str($errno)) {
- return $err2str;
- }
- }
-
- // Issue warning
- return null;
- }
/**
* Shortcut to ldap_get_entries() over ldap_list()
@@ -2179,18 +2211,23 @@ class LDAP
return null;
}
- $ldap_entries = array( "count" => 0 );
+ Log::trace("LDAP: C: List $base_dn $filter");
- if (($ldap_list = @ldap_list($this->conn, $base_dn, $filter)) == false) {
- //message("LDAP Error: Could not search " . $base_dn . ": " . $this->_errstr() );
+ if (($result = @ldap_list($this->conn, $base_dn, $filter)) === false) {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Search failed. " . ldap_error($this->conn));
+ return null;
}
else {
- if (($ldap_entries = @ldap_get_entries($this->conn, $ldap_list)) == false) {
- //message("LDAP Error: No entries for " . $filter . " in " . $base_dn . ": " . $this->_errstr());
- }
+ Log::trace("LDAP: S: " . ldap_count_entries($this->conn, $result) . " record(s)");
+ }
+
+ if (($entries = @ldap_get_entries($this->conn, $ldap_list)) === false) {
+ Log::warning("LDAP: Getting list result failed. " . ldap_error($this->conn));
+ return null;
}
- return $ldap_entries;
+ return $entries;
}
/**
@@ -2201,7 +2238,7 @@ class LDAP
$conf = Conf::get_instance();
if (!$this->_connect()) {
- return false;
+ return null;
}
$attributes = (array)($attributes);
@@ -2218,17 +2255,21 @@ class LDAP
$attributes[] = $this->unique_attribute();
}
- if (($search_results = @ldap_search($this->conn, $base_dn, $search_filter, $attributes)) == false) {
- //console("Could not search in " . __METHOD__ . " in " . __FILE__ . " on line " . __LINE__ . ": " . $this->_errstr());
- return false;
- }
+ Log::trace("LDAP: C: Search $base_dn $search_filter " . json_encode($attributes));
- if (($entries = ldap_get_entries($this->conn, $search_results)) == false) {
- //console("Could not get the results of the search: " . $this->_errstr());
- return false;
+ if (($result = @ldap_search($this->conn, $base_dn, $search_filter, $attributes)) === false) {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ Log::warning("LDAP: Search failed. " . ldap_error($this->conn));
+ return null;
+ }
+ else {
+ Log::trace("LDAP: S: " . ldap_count_entries($this->conn, $result) . " record(s)");
}
- //console("__search() entries:", $entries);
+ if (($entries = @ldap_get_entries($this->conn, $result)) == false) {
+ Log::warning("LDAP: Getting search result failed. " . ldap_error($this->conn));
+ return null;
+ }
return $entries;
}
@@ -2293,7 +2334,16 @@ class LDAP
{
if ($yes && $really) {
if ($this->conn) {
- ldap_unbind($this->conn);
+ Log::trace("LDAP: C: Unbind");
+
+ $result = @ldap_unbind($this->conn);
+
+ if ($result) {
+ Log::trace("LDAP: S: OK");
+ }
+ else {
+ Log::trace("LDAP: S: " . ldap_error($this->conn));
+ }
}
$this->conn = null;
@@ -2384,30 +2434,6 @@ class LDAP
return "dc=" . implode(',dc=', explode('.', $relevant_associatedDomain));
}
- // @TODO: this function isn't used anymore
- private function _get_group_dn($root_dn, $search_filter)
- {
- // TODO: Why does this use privileged credentials?
- if (($this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'))) == false) {
- $this->_bind($this->conf->get('manager_bind_dn'), $this->conf->get('manager_bind_pw'));
- }
-
- //console("Searching for a group dn in $root_dn, with search filter: $search_filter");
-
- $search_results = ldap_search($this->conn, $root_dn, $search_filter);
-
- if (ldap_count_entries($this->conn, $search_results) == 0) {
- return false;
- }
-
- if (($first_entry = ldap_first_entry($this->conn, $search_results)) == false) {
- return false;
- }
-
- $group_dn = ldap_get_dn($this->conn, $first_entry);
- return $group_dn;
- }
-
private function _get_user_dn($root_dn, $search_filter)
{
// TODO: Why does this use privileged credentials?
@@ -2489,14 +2515,12 @@ class LDAP
// Use the member attributes to return an array of member ldap objects
// NOTE that the member attribute is supposed to contain a DN
foreach ($members as $member) {
- $result = @ldap_read($this->conn, $member, '(objectclass=*)');
+ $member_entry = $this->_read($member, '(objectclass=*)');
- if (!$result) {
+ if (empty($member_entry)) {
continue;
}
- $member_entry = self::normalize_result(@ldap_get_entries($this->conn, $result));
-
$group_members[$member] = array_pop($member_entry);
if ($recurse) {
@@ -2530,13 +2554,12 @@ class LDAP
}
foreach ($uniquemembers as $member) {
- $result = @ldap_read($this->conn, $member, '(objectclass=*)');
+ $member_entry = $this->_read($member, '(objectclass=*)');
- if (!$result) {
+ if (empty($member_entry)) {
continue;
}
- $member_entry = self::normalize_result(@ldap_get_entries($this->conn, $result));
$group_members[$member] = array_pop($member_entry);
if ($recurse) {
More information about the commits
mailing list