2007-03-29 18:10:14 +02:00
|
|
|
<?php
|
|
|
|
|
/*******************************************************************************
|
|
|
|
|
* Copyright (C) 2007 Easter-eggs
|
2021-04-13 18:04:19 +02:00
|
|
|
* https://ldapsaisie.org
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* Author: See AUTHORS file in top-level directory.
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License version 2
|
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
|
2020-05-08 15:16:24 +02:00
|
|
|
LSsession :: loadLSclass('LSlog_staticLoggerClass');
|
|
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Manage access to LDAP directory
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This class hangle LDAP directory access using PEAR :: Net_LDAP2.
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*/
|
2020-05-08 15:16:24 +02:00
|
|
|
class LSldap extends LSlog_staticLoggerClass {
|
2007-03-29 18:10:14 +02:00
|
|
|
|
2022-12-31 21:15:19 +01:00
|
|
|
/**
|
|
|
|
|
* LDAP connection configuration
|
|
|
|
|
* (LSconfig.ldap_servers.<idx>.ldap_config)
|
|
|
|
|
* @see LSsession::LSldapConnect()
|
|
|
|
|
* @see LSldap::setConfig()
|
|
|
|
|
* @see LSldap::getConfig()
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
2023-01-03 12:51:45 +01:00
|
|
|
private static $config = array();
|
2022-12-31 21:15:19 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* LDAP connection (Net_LDAP2 object)
|
|
|
|
|
* @see LSldap::connect()
|
|
|
|
|
* @see LSldap::reconnectAs()
|
|
|
|
|
* @see LSldap::isConnected()
|
|
|
|
|
* @see LSldap::close()
|
|
|
|
|
* @var Net_LDAP2|null
|
|
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
private static $cnx = NULL;
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2023-03-20 16:08:35 +01:00
|
|
|
/**
|
|
|
|
|
* Registered events
|
|
|
|
|
* @see self::addEvent()
|
|
|
|
|
* @see self::fireEvent()
|
|
|
|
|
* @var array
|
|
|
|
|
*/
|
|
|
|
|
private static $_events = array();
|
|
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Set configuration
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This method permit to define LDAP server access configuration
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @param array $config Configuration array as accepted by Net_LDAP2
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return void
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2019-03-12 11:42:53 +01:00
|
|
|
public static function setConfig ($config) {
|
2009-01-25 15:37:03 +01:00
|
|
|
self :: $config = $config;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2014-11-18 13:16:38 +01:00
|
|
|
* Connect to LDAP server
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2014-11-18 13:16:38 +01:00
|
|
|
* This method establish connection to LDAP server
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param array|null $config LDAP configuration array in format of Net_LDAP2
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean true if connected, false instead
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2022-12-31 21:15:19 +01:00
|
|
|
public static function connect($config=null) {
|
2009-01-25 15:37:03 +01:00
|
|
|
if ($config) {
|
|
|
|
|
self :: setConfig($config);
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('connecting'))
|
|
|
|
|
return false;
|
2009-01-25 15:37:03 +01:00
|
|
|
self :: $cnx = Net_LDAP2::connect(self :: $config);
|
|
|
|
|
if (Net_LDAP2::isError(self :: $cnx)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('connection_failure', array('error' => self :: $cnx -> getMessage()));
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_01',self :: $cnx -> getMessage());
|
|
|
|
|
self :: $cnx = NULL;
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('connected');
|
2007-03-29 18:10:14 +02:00
|
|
|
return true;
|
|
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2014-11-18 13:16:38 +01:00
|
|
|
/**
|
|
|
|
|
* Reconnect (or connect) with other credentials
|
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn Bind DN
|
|
|
|
|
* @param string $pwd Bind password
|
|
|
|
|
* @param array|null $config LDAP configuration array as expected by Net_LDAP2
|
2021-02-17 11:45:39 +01:00
|
|
|
* (optional, default: keep current)
|
2014-11-18 13:16:38 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean true if connected, false instead
|
2014-11-18 13:16:38 +01:00
|
|
|
*/
|
2021-02-17 11:45:39 +01:00
|
|
|
public static function reconnectAs($dn, $pwd, $config=null) {
|
2014-11-18 13:16:38 +01:00
|
|
|
if ($config) {
|
|
|
|
|
self :: setConfig($config);
|
|
|
|
|
}
|
2021-02-17 11:45:39 +01:00
|
|
|
if (self :: $cnx) {
|
|
|
|
|
self :: $cnx -> done();
|
|
|
|
|
}
|
|
|
|
|
$config = self :: $config;
|
|
|
|
|
$config['binddn'] = $dn;
|
|
|
|
|
$config['bindpw'] = $pwd;
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('reconnecting', array('dn' => $dn)))
|
|
|
|
|
return false;
|
2021-02-17 11:45:39 +01:00
|
|
|
self :: $cnx = Net_LDAP2::connect($config);
|
|
|
|
|
if (Net_LDAP2::isError(self :: $cnx)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'reconnection_failure',
|
|
|
|
|
array('dn' => $dn, 'error' => self :: $cnx -> getMessage())
|
|
|
|
|
);
|
2021-02-17 11:45:39 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_01', self :: $cnx -> getMessage());
|
|
|
|
|
self :: $cnx = NULL;
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2021-02-17 11:45:39 +01:00
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('reconnected', array('dn' => $dn));
|
2021-02-17 11:45:39 +01:00
|
|
|
return true;
|
2014-11-18 13:16:38 +01:00
|
|
|
}
|
|
|
|
|
|
2021-08-26 20:16:22 +02:00
|
|
|
/**
|
|
|
|
|
* Set authz proxy control
|
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn Bind DN
|
2021-08-26 20:16:22 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean true if authz proxy controle is set, false otherwise
|
2021-08-26 20:16:22 +02:00
|
|
|
*/
|
|
|
|
|
public static function setAuthzProxyControl($dn) {
|
|
|
|
|
if (!self :: $cnx) {
|
|
|
|
|
self :: connect();
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('setting_authz_proxy', array('dn' => $dn)))
|
|
|
|
|
return false;
|
2021-08-26 20:16:22 +02:00
|
|
|
$result = self :: $cnx -> setOption(
|
|
|
|
|
'LDAP_OPT_SERVER_CONTROLS',
|
|
|
|
|
array (
|
|
|
|
|
array(
|
|
|
|
|
'oid' => '2.16.840.1.113730.3.4.18',
|
|
|
|
|
'value' => "dn:$dn",
|
|
|
|
|
'iscritical' => true
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
// Also check user exists to validate the connection with
|
|
|
|
|
// authz proxy control.
|
|
|
|
|
if ($result !== True || !self :: exists($dn)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('setting_authz_proxy_failure', array('dn' => $dn));
|
2021-08-26 20:16:22 +02:00
|
|
|
LSerror :: addErrorCode('LSldap_09');
|
|
|
|
|
return False;
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('set_authz_proxy', array('dn' => $dn));
|
2021-08-26 20:16:22 +02:00
|
|
|
return True;
|
|
|
|
|
}
|
|
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Disconnect
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This method permit to close the connection to the LDAP server
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return void
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
public static function close() {
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('closing'))
|
|
|
|
|
return;
|
2009-01-25 15:37:03 +01:00
|
|
|
self :: $cnx -> done();
|
2022-12-31 21:15:19 +01:00
|
|
|
self :: $cnx = null;
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('closed');
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Search in LDAP directory
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This method make a search in LDAP directory and return the result as an array.
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $filter The search LDAP filter
|
|
|
|
|
* @param string $basedn The base DN of the search
|
|
|
|
|
* @param array $params Array to search parameters as accepted by Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
* @see Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2023-01-02 01:17:46 +01:00
|
|
|
* @return array|false Return an array of entries returned by the LDAP directory.
|
|
|
|
|
* Each element of this array corresponded to one returned entry and is
|
|
|
|
|
* an array with the following keys:
|
2022-03-07 16:06:39 +01:00
|
|
|
* - dn: The DN of the entry
|
|
|
|
|
* - attrs: Associative array of the entry's attributes values
|
2023-01-02 01:17:46 +01:00
|
|
|
* False returned in case of error.
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2020-12-22 19:43:50 +01:00
|
|
|
public static function search($filter, $basedn=NULL, $params=array()) {
|
2022-12-31 21:15:19 +01:00
|
|
|
$filterstr = (is_a($filter, 'Net_LDAP2_Filter')?$filter->asString():$filter);
|
2020-12-22 19:43:50 +01:00
|
|
|
if (is_empty($basedn)) {
|
|
|
|
|
$basedn = self :: getConfig('basedn');
|
|
|
|
|
if (is_empty($basedn)) {
|
|
|
|
|
LSerror :: addErrorCode('LSldap_08');
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2020-12-22 19:43:50 +01:00
|
|
|
}
|
|
|
|
|
self :: log_debug("LSldap::search($filterstr): empty basedn provided, use basedn from configuration: ".varDump($basedn));
|
|
|
|
|
}
|
|
|
|
|
self :: log_trace("LSldap::search($filterstr, $basedn): run search with parameters: ".varDump($params));
|
|
|
|
|
$ret = self :: $cnx -> search($basedn, $filter, $params);
|
2008-04-25 15:48:12 +02:00
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2020-12-22 19:43:50 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_02', $ret -> getMessage());
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-12-22 19:43:50 +01:00
|
|
|
self :: log_debug("LSldap::search($filterstr, $basedn) : return ".$ret->count()." objet(s)");
|
|
|
|
|
$retInfos = array();
|
2012-08-02 15:51:49 +02:00
|
|
|
foreach($ret as $dn => $entry) {
|
2012-08-02 15:26:02 +02:00
|
|
|
if (!$entry instanceof Net_LDAP2_Entry) {
|
2020-12-22 19:43:50 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_02', "LDAP search return an ".get_class($entry).". object");
|
2012-08-02 15:26:02 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2020-12-22 19:43:50 +01:00
|
|
|
$retInfos[] = array(
|
|
|
|
|
'dn' => $dn,
|
|
|
|
|
'attrs' => $entry -> getValues()
|
|
|
|
|
);
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
|
|
|
|
return $retInfos;
|
|
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Count the number of mathching objects found in LDAP directory
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This method make a search in LDAP directory and return the number of
|
|
|
|
|
* macthing entries.
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $filter The search LDAP filter
|
|
|
|
|
* @param string $basedn The base DN of the search
|
|
|
|
|
* @param array $params Array to search parameters as accepted by Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2008-04-25 15:48:12 +02:00
|
|
|
* @see Net_LDAP2::search()
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return integer|null The number of matching entries on success, null otherwise
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2020-12-22 19:43:50 +01:00
|
|
|
public static function getNumberResult($filter, $basedn=NULL, $params=array()) {
|
2007-03-29 18:10:14 +02:00
|
|
|
if (empty($filter))
|
2020-12-22 19:43:50 +01:00
|
|
|
$filter = NULL;
|
2022-12-31 21:15:19 +01:00
|
|
|
$filterstr = (is_a($filter, 'Net_LDAP2_Filter')?$filter->asString():$filter);
|
2020-12-22 19:43:50 +01:00
|
|
|
if (is_empty($basedn)) {
|
|
|
|
|
$basedn = self :: getConfig('basedn');
|
|
|
|
|
if (is_empty($basedn)) {
|
|
|
|
|
LSerror :: addErrorCode('LSldap_08');
|
2023-01-02 01:17:46 +01:00
|
|
|
return null;
|
2020-12-22 19:43:50 +01:00
|
|
|
}
|
|
|
|
|
self :: log_debug("LSldap::getNumberResult($filterstr): empty basedn provided, use basedn from configuration: ".varDump($basedn));
|
|
|
|
|
}
|
|
|
|
|
self :: log_trace("LSldap::getNumberResult($filterstr, $basedn): run search with parameters: ".varDump($params));
|
|
|
|
|
$ret = self :: $cnx -> search($basedn, $filter, $params);
|
2008-04-25 15:48:12 +02:00
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2009-01-24 18:45:14 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_02',$ret -> getMessage());
|
2023-01-02 01:17:46 +01:00
|
|
|
return null;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-12-22 19:43:50 +01:00
|
|
|
$count = $ret -> count();
|
|
|
|
|
self :: log_trace("LSldap::getNumberResult($filterstr, $basedn): result=$count");
|
|
|
|
|
return $count;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2007-03-29 18:10:14 +02:00
|
|
|
/**
|
2020-09-21 12:43:47 +02:00
|
|
|
* Load values of an LDAP entry attributes
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2021-08-25 18:02:37 +02:00
|
|
|
* This method retrieve attributes values of an LDAP entry and return it
|
2020-09-21 12:43:47 +02:00
|
|
|
* as associative array.
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn DN de l'entré Ldap
|
|
|
|
|
* @param string|Net_LDAP2_Filter|null $filter LDAP filter string (optional, default: null == '(objectClass=*)')
|
2022-12-31 05:52:31 +01:00
|
|
|
* @param array|null $attrs Array of requested attribute (optional, default: null == all attributes, excepted internal)
|
|
|
|
|
* @param boolean $include_internal If true, internal attributes will be included (default: false)
|
2007-03-29 18:10:14 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return array|false Associative array of attributes values (with attribute name as key), or false on error
|
2007-03-29 18:10:14 +02:00
|
|
|
*/
|
2020-09-21 12:43:47 +02:00
|
|
|
public static function getAttrs($dn, $filter=null, $attrs=null, $include_internal=false) {
|
2007-03-29 18:10:14 +02:00
|
|
|
$infos = ldap_explode_dn($dn,0);
|
|
|
|
|
if((!$infos)||($infos['count']==0))
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2020-05-14 11:05:08 +02:00
|
|
|
if (!$filter)
|
|
|
|
|
$filter = '(objectClass=*)';
|
2020-09-21 12:43:47 +02:00
|
|
|
$params = array(
|
|
|
|
|
'scope' => 'base',
|
|
|
|
|
'attributes' => (is_array($attrs)?$attrs:array('*')),
|
|
|
|
|
);
|
|
|
|
|
if ($include_internal && !in_array('+', $params['attributes']))
|
|
|
|
|
$params['attributes'][] = '+';
|
|
|
|
|
$return = self :: search($filter, $dn, $params);
|
2020-05-14 11:05:08 +02:00
|
|
|
if (is_array($return) && count($return) == 1)
|
|
|
|
|
return $return[0]['attrs'];
|
|
|
|
|
return false;
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2022-06-16 13:15:28 +02:00
|
|
|
/**
|
2023-01-02 01:17:46 +01:00
|
|
|
* Parse a date string as Datetime object
|
2022-06-16 13:15:28 +02:00
|
|
|
*
|
2023-01-02 01:17:46 +01:00
|
|
|
* @param string $value LDAP date string to parse
|
2022-06-16 13:15:28 +02:00
|
|
|
*
|
2023-01-02 01:17:46 +01:00
|
|
|
* @return Datetime|false Datetime object, or false
|
2022-06-16 13:15:28 +02:00
|
|
|
*/
|
|
|
|
|
public static function parseDate($value) {
|
|
|
|
|
$datetime = date_create_from_format('YmdHis.uO', $value);
|
2023-01-02 01:17:46 +01:00
|
|
|
return (
|
|
|
|
|
$datetime instanceof DateTime?
|
|
|
|
|
$datetime -> setTimezone(timezone_open(date_default_timezone_get())):
|
|
|
|
|
false
|
|
|
|
|
);
|
2022-06-16 13:15:28 +02:00
|
|
|
}
|
|
|
|
|
|
2023-03-20 16:42:32 +01:00
|
|
|
/**
|
|
|
|
|
* Format a Datetime object as LDAP date string
|
|
|
|
|
*
|
|
|
|
|
* @param DateTime|null $datetime The DateTime object to format (optional, default: now)
|
|
|
|
|
* @param bool $utc Force UTC timezone (optional, default: false)
|
|
|
|
|
*
|
|
|
|
|
* @return string|false LDAP date string, or false
|
|
|
|
|
*/
|
|
|
|
|
public static function formatDate($datetime=null, $utc=true) {
|
|
|
|
|
if (is_null($datetime))
|
|
|
|
|
$datetime = new DateTime('now');
|
|
|
|
|
elseif (!$datetime instanceof DateTime)
|
|
|
|
|
return false;
|
|
|
|
|
$datetime -> setTimezone(timezone_open($utc?'utc':date_default_timezone_get()));
|
|
|
|
|
$datetime_string = $datetime -> format('YmdHis.uO');
|
|
|
|
|
|
|
|
|
|
// Replace +0000 or -0000 end by Z
|
|
|
|
|
$datetime_string = preg_replace('/[\+\-]0000$/', 'Z', $datetime_string);
|
|
|
|
|
return $datetime_string;
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-14 16:06:55 +02:00
|
|
|
/**
|
2022-12-31 21:15:19 +01:00
|
|
|
* Check if an attribute exists in specified attributes collection
|
2022-06-14 16:06:55 +02:00
|
|
|
*
|
|
|
|
|
* It performs a case-insensitive search.
|
|
|
|
|
*
|
|
|
|
|
* @author Emmanuel Saracco <esaracco@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param array $attrs Array of LDAP attributes
|
|
|
|
|
* @param string $name Name of a attribute
|
2022-06-14 16:06:55 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean true if found
|
2022-06-14 16:06:55 +02:00
|
|
|
*/
|
|
|
|
|
public static function attrExists($attrs, $name) {
|
|
|
|
|
return array_key_exists(strtolower($name), array_change_key_case($attrs));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return a attribute value
|
|
|
|
|
*
|
|
|
|
|
* It performs a case-insensitive search.
|
|
|
|
|
*
|
|
|
|
|
* @author Emmanuel Saracco <esaracco@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param array $attrs Array of LDAP attributes
|
|
|
|
|
* @param string $name Name of a attribute
|
|
|
|
|
* @param boolean $multiple true if we must return array
|
2022-06-14 16:06:55 +02:00
|
|
|
*
|
2023-03-20 15:32:25 +01:00
|
|
|
* @return ($multiple is True ? array<int,string> : string|null) Found value (or array of values) or null
|
2022-06-14 16:06:55 +02:00
|
|
|
*/
|
2022-12-31 21:15:19 +01:00
|
|
|
public static function getAttr($attrs, $name, $multiple=false) {
|
2022-06-14 16:06:55 +02:00
|
|
|
$name = strtolower($name);
|
|
|
|
|
foreach ($attrs as $k => $v) {
|
|
|
|
|
if (strtolower($k) === $name) {
|
2023-03-20 15:32:25 +01:00
|
|
|
$v = ensureIsArray($v);
|
2022-06-16 13:15:28 +02:00
|
|
|
return $multiple ? $v : $v[0];
|
2022-06-14 16:06:55 +02:00
|
|
|
}
|
|
|
|
|
}
|
2022-06-16 13:15:28 +02:00
|
|
|
return $multiple ? array() : null;
|
2022-06-14 16:06:55 +02:00
|
|
|
}
|
|
|
|
|
|
2007-11-15 19:07:24 +01:00
|
|
|
/**
|
2022-03-07 16:02:50 +01:00
|
|
|
* Return an existing or new LDAP entry
|
2007-11-15 19:07:24 +01:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $object_type The object type
|
|
|
|
|
* @param string $dn The DN of the LDAP entry
|
2007-11-15 19:07:24 +01:00
|
|
|
*
|
2023-01-02 01:17:46 +01:00
|
|
|
* @return Net_LDAP2_Entry|array|false A Net_LDAP2_Entry object or an array if
|
2022-03-07 16:02:50 +01:00
|
|
|
* it's a new entry:
|
2008-05-15 12:01:59 +02:00
|
|
|
* Array (
|
2022-03-07 16:02:50 +01:00
|
|
|
* 'entry' => Net_LDAP2_Entry,
|
2008-05-15 12:01:59 +02:00
|
|
|
* 'new' => true
|
|
|
|
|
* )
|
2023-01-02 01:17:46 +01:00
|
|
|
* False returned in case of error
|
2007-11-15 19:07:24 +01:00
|
|
|
*/
|
2022-03-07 16:02:50 +01:00
|
|
|
public static function getEntry($object_type, $dn) {
|
2020-09-09 19:02:32 +02:00
|
|
|
$obj_classes = LSconfig :: get("LSobjects.$object_type.objectclass");
|
|
|
|
|
if(!is_array($obj_classes)){
|
2009-01-24 18:45:14 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_03');
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2007-11-15 19:07:24 +01:00
|
|
|
}
|
2022-03-07 16:02:50 +01:00
|
|
|
$attrs = array_keys(LSconfig :: get("LSobjects.$object_type.attrs", array(), 'array'));
|
|
|
|
|
$entry = self :: getLdapEntry($dn, $attrs);
|
2020-09-09 19:02:32 +02:00
|
|
|
if ($entry === false) {
|
|
|
|
|
$newentry = self :: getNewEntry($dn, $obj_classes, array());
|
|
|
|
|
if (!$newentry) {
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2020-09-09 19:02:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Mark entry as new
|
|
|
|
|
$newentry -> markAsNew();
|
|
|
|
|
return $newentry;
|
|
|
|
|
}
|
|
|
|
|
// Mark entry as NOT new
|
|
|
|
|
$entry -> markAsNew(false);
|
|
|
|
|
|
|
|
|
|
return $entry;
|
2007-11-15 19:07:24 +01:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2009-04-15 16:04:21 +02:00
|
|
|
/**
|
2022-03-07 16:02:50 +01:00
|
|
|
* Return a Net_LDAP2_Entry object of an existing entry
|
2009-04-15 16:04:21 +02:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn DN of the requested LDAP entry
|
2022-12-31 05:52:31 +01:00
|
|
|
* @param array|null $attrs Array of requested attribute (optional, default: null == all attributes, excepted internal)
|
2009-04-15 16:04:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @return Net_LDAP2_Entry|false A Net_LDAP2_Entry object or false if error occured
|
2009-04-15 16:04:21 +02:00
|
|
|
*/
|
2022-03-07 16:02:50 +01:00
|
|
|
public static function getLdapEntry($dn, $attrs=null) {
|
|
|
|
|
$entry = self :: $cnx -> getEntry($dn, (is_array($attrs)?$attrs:array()));
|
2009-04-15 16:04:21 +02:00
|
|
|
if (Net_LDAP2::isError($entry)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return $entry;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2020-12-14 19:42:19 +01:00
|
|
|
/**
|
|
|
|
|
* Check if an LDAP object exists
|
|
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn DN of the LDAP entry to check
|
2020-12-14 19:42:19 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True if entry exists, false otherwise
|
2020-12-14 19:42:19 +01:00
|
|
|
*/
|
|
|
|
|
public static function exists($dn) {
|
|
|
|
|
return is_a(self :: getLdapEntry($dn), 'Net_LDAP2_Entry');
|
|
|
|
|
}
|
|
|
|
|
|
2008-08-06 19:04:03 +02:00
|
|
|
/**
|
2022-03-07 16:02:50 +01:00
|
|
|
* Return a new Net_LDAP2_Entry object
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $dn The DN of the object
|
2023-01-02 01:17:46 +01:00
|
|
|
* @param array<string> $objectClass Array of the object's object classes
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param array $attrs Array of the object's attributes values
|
|
|
|
|
* @param boolean $add Set to true to add the new entry to LDAP directory (default: false)
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return Net_LDAP2_Entry|False A Net_LDAP2_Entry object on success, False otherwise
|
2008-08-06 19:04:03 +02:00
|
|
|
*/
|
2022-03-07 16:02:50 +01:00
|
|
|
public static function getNewEntry($dn, $objectClass, $attrs, $add=false) {
|
|
|
|
|
$newentry = Net_LDAP2_Entry::createFresh(
|
|
|
|
|
$dn,
|
|
|
|
|
array_merge(
|
|
|
|
|
array('objectclass' =>$objectClass),
|
|
|
|
|
ensureIsArray($attrs)
|
|
|
|
|
)
|
|
|
|
|
);
|
2008-08-06 19:04:03 +02:00
|
|
|
if(Net_LDAP2::isError($newentry)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if($add) {
|
2009-01-25 15:37:03 +01:00
|
|
|
if(!self :: $cnx -> add($newentry)) {
|
2022-12-31 21:15:19 +01:00
|
|
|
return false;
|
2008-08-06 19:04:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $newentry;
|
|
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2007-11-15 19:07:24 +01:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Update an entry in LDAP
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* Note: this method drop empty attribute values and attributes without value.
|
2007-11-15 19:07:24 +01:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $object_type The object type
|
|
|
|
|
* @param string $dn DN of the LDAP object
|
2023-03-20 16:08:35 +01:00
|
|
|
* @param array $changes Array of object attributes changes
|
2007-11-15 19:07:24 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True if object was updated, False otherwise.
|
2007-11-15 19:07:24 +01:00
|
|
|
*/
|
2023-03-20 16:08:35 +01:00
|
|
|
public static function update($object_type, $dn, $changes) {
|
|
|
|
|
self :: log_trace("update($object_type, $dn): change=".varDump($changes));
|
2020-09-09 19:02:32 +02:00
|
|
|
|
2021-08-25 18:02:37 +02:00
|
|
|
// Retrieve current LDAP entry
|
2020-09-09 19:02:32 +02:00
|
|
|
$entry = self :: getEntry($object_type, $dn);
|
|
|
|
|
if(!is_a($entry, 'Net_LDAP2_Entry')) {
|
|
|
|
|
LSerror :: addErrorCode('LSldap_04');
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2008-05-15 12:01:59 +02:00
|
|
|
}
|
2008-05-05 16:39:41 +02:00
|
|
|
|
2023-03-20 16:08:35 +01:00
|
|
|
if (
|
|
|
|
|
!self :: fireEvent(
|
|
|
|
|
'updating',
|
|
|
|
|
array('object_type' => $object_type, 'dn' => $dn, 'entry' => &$entry, 'changes' => $changes)
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
return false;
|
|
|
|
|
|
2020-09-09 19:02:32 +02:00
|
|
|
// Distinguish drop attributes from change attributes
|
|
|
|
|
$changed_attrs = array();
|
|
|
|
|
$dropped_attrs = array();
|
2023-03-20 16:08:35 +01:00
|
|
|
foreach($changes as $attrName => $attrVal) {
|
2020-09-09 19:02:32 +02:00
|
|
|
$drop = true;
|
|
|
|
|
if (is_array($attrVal)) {
|
|
|
|
|
foreach($attrVal as $val) {
|
2020-09-11 13:34:42 +02:00
|
|
|
if (!is_empty($val)) {
|
2008-04-25 15:48:12 +02:00
|
|
|
$drop = false;
|
2020-09-09 19:02:32 +02:00
|
|
|
$changed_attrs[$attrName][]=$val;
|
2008-04-25 15:48:12 +02:00
|
|
|
}
|
|
|
|
|
}
|
2010-11-16 19:49:35 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2022-12-31 04:09:56 +01:00
|
|
|
if (!is_empty($attrVal)) {
|
2020-09-09 19:02:32 +02:00
|
|
|
$drop = false;
|
|
|
|
|
$changed_attrs[$attrName][]=$attrVal;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if($drop) {
|
|
|
|
|
$dropped_attrs[] = $attrName;
|
2010-11-16 19:49:35 +01:00
|
|
|
}
|
2020-09-09 19:02:32 +02:00
|
|
|
}
|
|
|
|
|
self :: log_trace("update($object_type, $dn): changed attrs=".varDump($changed_attrs));
|
|
|
|
|
self :: log_trace("update($object_type, $dn): dropped attrs=".varDump($dropped_attrs));
|
|
|
|
|
|
|
|
|
|
// Set an error flag to false
|
|
|
|
|
$error = false;
|
2008-04-25 15:48:12 +02:00
|
|
|
|
2022-06-14 16:06:55 +02:00
|
|
|
// Handle special case: user password change
|
2022-06-23 10:17:44 +02:00
|
|
|
if ($changed_attrs && !$entry->isNew() && self :: attrExists($changed_attrs, 'userPassword')) {
|
2022-06-14 16:06:55 +02:00
|
|
|
$changed_attrs = self :: updateUserPassword($object_type, $changed_attrs, $dn);
|
|
|
|
|
if ($changed_attrs === false) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-20 16:08:35 +01:00
|
|
|
// Keep original entry (to provide to hooks)
|
|
|
|
|
$original_entry = clone $entry;
|
|
|
|
|
|
2020-09-09 19:02:32 +02:00
|
|
|
// Handle attributes changes (if need)
|
|
|
|
|
if ($changed_attrs) {
|
2022-06-14 16:06:55 +02:00
|
|
|
|
2020-09-09 19:02:32 +02:00
|
|
|
$entry -> replace($changed_attrs);
|
|
|
|
|
if ($entry -> isNew()) {
|
|
|
|
|
self :: log_debug("update($object_type, $dn): add new entry");
|
2009-01-25 15:37:03 +01:00
|
|
|
$ret = self :: $cnx -> add($entry);
|
2008-05-15 12:01:59 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2020-09-09 19:02:32 +02:00
|
|
|
self :: log_debug("update($object_type, $dn): update entry (for changed attributes)");
|
2008-05-15 12:01:59 +02:00
|
|
|
$ret = $entry -> update();
|
|
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2008-04-25 15:48:12 +02:00
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'update_failure',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'original_entry' => &$original_entry, 'entry' => &$entry,
|
|
|
|
|
'changes' => $changed_attrs, 'error' => $ret->getMessage()
|
|
|
|
|
)
|
|
|
|
|
);
|
2009-01-24 18:45:14 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_05',$dn);
|
|
|
|
|
LSerror :: addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
2020-09-09 19:02:32 +02:00
|
|
|
return false;
|
2007-11-15 19:07:24 +01:00
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'updated',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'original_entry' => &$original_entry, 'entry' => &$entry,
|
|
|
|
|
'changes' => $changed_attrs
|
|
|
|
|
)
|
|
|
|
|
);
|
2020-09-09 19:02:32 +02:00
|
|
|
}
|
|
|
|
|
elseif ($entry -> isNew()) {
|
|
|
|
|
self :: log_error("update($object_type, $dn): no changed attribute but it's a new entry...");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
self :: log_debug("update($object_type, $dn): no changed attribute");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Handle droped attributes (is need and not a new entry)
|
|
|
|
|
if ($dropped_attrs && !$entry -> isNew()) {
|
|
|
|
|
// $entry -> delete() method is buggy (for some attribute like jpegPhoto)
|
|
|
|
|
// Prefer replace attribute by an empty array
|
|
|
|
|
$replace_attrs = array();
|
|
|
|
|
foreach($dropped_attrs as $attr) {
|
|
|
|
|
// Check if attribute is present
|
|
|
|
|
if(!$entry -> exists($attr)) {
|
|
|
|
|
// Attribute not present on LDAP entry
|
|
|
|
|
self :: log_debug("update($object_type, $dn): dropped attr $attr is not present in LDAP entry => ignore it");
|
|
|
|
|
continue;
|
2008-05-15 12:01:59 +02:00
|
|
|
}
|
2020-09-09 19:02:32 +02:00
|
|
|
$replace_attrs[$attr] = array();
|
|
|
|
|
}
|
|
|
|
|
if (!$replace_attrs) {
|
|
|
|
|
self :: log_debug("update($object_type, $dn): no attribute to drop");
|
2007-11-15 19:07:24 +01:00
|
|
|
return true;
|
|
|
|
|
}
|
2020-09-09 19:02:32 +02:00
|
|
|
|
|
|
|
|
// Replace values in LDAP
|
|
|
|
|
$entry -> replace($replace_attrs);
|
|
|
|
|
self :: log_debug("update($object_type, $dn): update entry (for dropped attributes: ".implode(', ', array_keys($replace_attrs)).")");
|
|
|
|
|
$ret = $entry -> update();
|
|
|
|
|
|
|
|
|
|
// Check result
|
|
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'update_failure',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'original_entry' => &$original_entry, 'entry' => &$entry,
|
|
|
|
|
'changes' => $replace_attrs, 'error' => $ret->getMessage()
|
|
|
|
|
)
|
|
|
|
|
);
|
2020-09-09 19:02:32 +02:00
|
|
|
LSerror :: addErrorCode('LSldap_06');
|
|
|
|
|
LSerror :: addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'updated',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'original_entry' => &$original_entry, 'entry' => &$entry,
|
|
|
|
|
'changes' => $replace_attrs
|
|
|
|
|
)
|
|
|
|
|
);
|
2007-11-15 19:07:24 +01:00
|
|
|
}
|
2020-09-09 19:02:32 +02:00
|
|
|
return true;
|
2007-11-15 19:07:24 +01:00
|
|
|
}
|
2008-02-05 17:11:21 +01:00
|
|
|
|
|
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Test to bind to LDAP directory
|
2008-02-05 17:11:21 +01:00
|
|
|
*
|
2022-03-07 16:06:39 +01:00
|
|
|
* This method establish a connection to the LDAP server and test
|
|
|
|
|
* to bind with provided DN and password.
|
2008-02-05 17:11:21 +01:00
|
|
|
*
|
|
|
|
|
* @author Benjamin Renard <brenard@easter-eggs.com>
|
|
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True on bind success, False otherwise.
|
2008-02-05 17:11:21 +01:00
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
public static function checkBind($dn,$pwd) {
|
|
|
|
|
$config = self :: $config;
|
2008-02-12 18:59:44 +01:00
|
|
|
$config['binddn'] = $dn;
|
|
|
|
|
$config['bindpw'] = $pwd;
|
2008-04-25 15:48:12 +02:00
|
|
|
$cnx = Net_LDAP2::connect($config);
|
|
|
|
|
if (Net_LDAP2::isError($cnx)) {
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2008-02-05 17:11:21 +01:00
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2008-02-12 18:59:44 +01:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Return the status of the LDAP connection
|
2008-02-12 18:59:44 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True if connected on LDAP server, False otherwise
|
2008-02-12 18:59:44 +01:00
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
public static function isConnected() {
|
|
|
|
|
return (self :: $cnx == NULL)?false:true;
|
2008-02-12 18:59:44 +01:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2008-02-12 18:59:44 +01:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Drop an object in LDAP directory
|
2008-02-12 18:59:44 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @param string $dn The DN of the object to remove
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True if object was removed, False otherwise.
|
2008-02-12 18:59:44 +01:00
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
public static function remove($dn) {
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('removing', array('dn' => $dn)))
|
|
|
|
|
return false;
|
2009-01-25 15:37:03 +01:00
|
|
|
$ret = self :: $cnx -> delete($dn,array('recursive' => true));
|
2008-07-29 16:23:47 +02:00
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('remove_failure', array('dn' => $dn, 'error' => $ret->getMessage()));
|
2009-01-24 18:45:14 +01:00
|
|
|
LSerror :: addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2008-07-29 16:23:47 +02:00
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('removed', array('dn' => $dn));
|
2008-07-29 16:23:47 +02:00
|
|
|
return true;
|
2008-02-12 18:59:44 +01:00
|
|
|
}
|
2008-02-05 17:11:21 +01:00
|
|
|
|
2008-07-29 15:45:02 +02:00
|
|
|
/**
|
2022-03-07 16:06:39 +01:00
|
|
|
* Move an entry in LDAP directory
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $old The current object DN
|
|
|
|
|
* @param string $new The new object DN
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True if object was moved, False otherwise.
|
2008-07-29 15:45:02 +02:00
|
|
|
*/
|
2022-03-07 16:06:39 +01:00
|
|
|
public static function move($old, $new) {
|
2023-03-20 16:08:35 +01:00
|
|
|
if (!self :: fireEvent('moving', array('old' => $old, 'new' => $new)))
|
|
|
|
|
return false;
|
2021-02-04 11:52:26 +01:00
|
|
|
$ret = self :: $cnx -> move($old, $new);
|
2008-07-29 16:23:47 +02:00
|
|
|
if (Net_LDAP2::isError($ret)) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'move_failure',
|
|
|
|
|
array('old' => $old, 'new' => $new, 'error' => $ret->getMessage())
|
|
|
|
|
);
|
2009-01-24 18:45:14 +01:00
|
|
|
LSerror :: addErrorCode('LSldap_07');
|
|
|
|
|
LSerror :: addErrorCode(0,'NetLdap-Error : '.$ret->getMessage());
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2008-07-29 16:23:47 +02:00
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent('moved', array('old' => $old, 'new' => $new));
|
2008-07-29 16:23:47 +02:00
|
|
|
return true;
|
2008-07-29 15:45:02 +02:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2009-10-29 23:17:30 +01:00
|
|
|
/**
|
|
|
|
|
* Combine LDAP Filters
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $op The combine logical operator. May be "and",
|
2022-03-07 16:06:39 +01:00
|
|
|
* "or", "not" or the subsequent logical
|
|
|
|
|
* equivalents "&", "|", "!".
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param array[string|Net_LDAP2_Filter] $filters Array of LDAP filters (as string or
|
2022-03-07 16:06:39 +01:00
|
|
|
* Net_LDAP2_Filter object)
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param boolean $asStr Set to true if you want to retreive
|
2022-03-07 16:06:39 +01:00
|
|
|
* combined filter as string instead of
|
|
|
|
|
* as a Net_LDAP2_Filter object (optional,
|
|
|
|
|
* default: false)
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @return string|Net_LDAP2_Filter|false The combined filter or False in case of error
|
2009-10-29 23:17:30 +01:00
|
|
|
**/
|
2022-03-07 16:06:39 +01:00
|
|
|
public static function combineFilters($op, $filters, $asStr=false) {
|
2009-10-29 23:17:30 +01:00
|
|
|
if (is_array($filters) && !empty($filters)) {
|
|
|
|
|
if (count($filters)==1) {
|
2014-11-28 16:16:30 +01:00
|
|
|
if ($asStr && $filters[0] instanceof Net_LDAP2_Filter) {
|
|
|
|
|
return $filters[0]->asString();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return $filters[0];
|
|
|
|
|
}
|
2009-10-29 23:17:30 +01:00
|
|
|
}
|
|
|
|
|
$filter=Net_LDAP2_Filter::combine($op,$filters);
|
|
|
|
|
if (!Net_LDAP2::isError($filter)) {
|
|
|
|
|
if ($asStr) {
|
|
|
|
|
return $filter->asString();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
return $filter;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-02-03 03:07:30 +01:00
|
|
|
else {
|
|
|
|
|
LSerror :: addErrorCode(0,$filter -> getMessage());
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2010-02-03 03:07:30 +01:00
|
|
|
}
|
2020-04-29 15:54:21 +02:00
|
|
|
|
2010-02-03 03:07:30 +01:00
|
|
|
/**
|
|
|
|
|
* Check LDAP Filters String
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $filter A LDAP filter as string
|
2020-04-29 15:54:21 +02:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return boolean True only if the filter could be parsed
|
2010-02-03 03:07:30 +01:00
|
|
|
**/
|
|
|
|
|
public static function isValidFilter($filter) {
|
|
|
|
|
if (is_string($filter) && !empty($filter)) {
|
|
|
|
|
$filter=Net_LDAP2_Filter::parse($filter);
|
|
|
|
|
if (!Net_LDAP2::isError($filter)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
LSerror :: addErrorCode(0,$filter -> getMessage());
|
|
|
|
|
}
|
2009-10-29 23:17:30 +01:00
|
|
|
}
|
2023-01-02 01:17:46 +01:00
|
|
|
return false;
|
2009-10-29 23:17:30 +01:00
|
|
|
}
|
2022-06-14 16:06:55 +02:00
|
|
|
/**
|
|
|
|
|
* Update userPassword attribute
|
|
|
|
|
*
|
|
|
|
|
* This method uses LDAP controls when possible (Net_LDAP2 does not).
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $object_type The object type
|
|
|
|
|
* @param array $changed_attrs Array of changed attributes
|
|
|
|
|
* @param string $dn DN of the LDAP object
|
2022-06-14 16:06:55 +02:00
|
|
|
*
|
|
|
|
|
* @author Emmanuel Saracco <esaracco@easter-eggs.com>
|
|
|
|
|
*
|
2023-01-02 01:17:46 +01:00
|
|
|
* @return array|false New array of changed attributes or false
|
2022-06-14 16:06:55 +02:00
|
|
|
**/
|
|
|
|
|
private static function updateUserPassword($object_type, $changed_attrs, $dn) {
|
|
|
|
|
if (self :: getConfig('version') < 3 || !function_exists('ldap_mod_replace_ext')) {
|
|
|
|
|
return $changed_attrs;
|
|
|
|
|
}
|
|
|
|
|
$ppolicyErrorMsg = array(
|
|
|
|
|
_('The password expired'),
|
|
|
|
|
_('The account is locked'),
|
|
|
|
|
_('The password was reset and must be changed'),
|
|
|
|
|
_('It is not possible to modify the password'),
|
|
|
|
|
_('The old password must be supplied'),
|
|
|
|
|
_('The password does not meet the quality requirements'),
|
|
|
|
|
_('The password is too short'),
|
|
|
|
|
_('It is too soon to change the password'),
|
|
|
|
|
_('This password was recently used and cannot be used again'),
|
|
|
|
|
);
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: log_debug("updateUserPassword($object_type, $dn): update entry userPassword attribute");
|
|
|
|
|
$changes = array('userPassword' => self :: getAttr($changed_attrs, 'userPassword', true));
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
!self :: fireEvent(
|
|
|
|
|
'user_password_updating',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'new_passwords' => $changes['userPassword']
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
return false;
|
|
|
|
|
|
2022-06-14 16:06:55 +02:00
|
|
|
$ldap = self :: $cnx->getLink();
|
|
|
|
|
$ctrlRequest = array(array('oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST));
|
2023-03-20 16:08:35 +01:00
|
|
|
$r = ldap_mod_replace_ext($ldap, $dn, $changes, $ctrlRequest);
|
2022-06-14 16:06:55 +02:00
|
|
|
if ($r && ldap_parse_result($ldap, $r, $errcode, $matcheddn, $errmsg, $ref, $ctrlResponse)) {
|
|
|
|
|
if ($errcode !== 0 && isset($ctrlResponse[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
|
2023-03-20 16:08:35 +01:00
|
|
|
self :: fireEvent(
|
|
|
|
|
'user_password_update_failure',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'error' => $ppolicyErrorMsg[
|
|
|
|
|
$ctrlResponse[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']
|
|
|
|
|
]
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
LSerror :: addErrorCode(
|
|
|
|
|
'LSldap_10',
|
|
|
|
|
$ppolicyErrorMsg[$ctrlResponse[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value']['error']]
|
|
|
|
|
);
|
2022-06-14 16:06:55 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
// Password updated
|
|
|
|
|
self :: fireEvent(
|
|
|
|
|
'user_password_updated',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'new_passwords' => $changes['userPassword']
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
// Remove userPassword to prevent it from being processed by update()
|
2022-06-14 16:06:55 +02:00
|
|
|
unset($changed_attrs['userPassword']);
|
2023-03-20 16:08:35 +01:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
self :: fireEvent(
|
|
|
|
|
'user_password_update_failure',
|
|
|
|
|
array(
|
|
|
|
|
'object_type' => $object_type, 'dn' => $dn,
|
|
|
|
|
'error' => ldap_errno($ldap) !== 0?ldap_error($ldap):'unknown'
|
|
|
|
|
)
|
|
|
|
|
);
|
2022-06-14 16:06:55 +02:00
|
|
|
if (ldap_errno($ldap) !== 0) {
|
|
|
|
|
LSerror :: addErrorCode('LSldap_10', ldap_error($ldap));
|
2023-03-20 16:08:35 +01:00
|
|
|
}
|
|
|
|
|
else {
|
2022-06-14 16:06:55 +02:00
|
|
|
LSerror :: addErrorCode('LSldap_11');
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return $changed_attrs;
|
|
|
|
|
}
|
2020-12-22 19:43:50 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return a configuration parameter (or default value)
|
|
|
|
|
*
|
2022-12-31 21:15:19 +01:00
|
|
|
* @param string $param The configuration parameter
|
|
|
|
|
* @param mixed $default The default value (default : null)
|
|
|
|
|
* @param string $cast Cast resulting value in specific type (default : disabled)
|
2020-12-22 19:43:50 +01:00
|
|
|
*
|
2022-12-31 05:52:31 +01:00
|
|
|
* @return mixed The configuration parameter value or default value if not set
|
2020-12-22 19:43:50 +01:00
|
|
|
**/
|
|
|
|
|
private static function getConfig($param, $default=null, $cast=null) {
|
|
|
|
|
return LSconfig :: get($param, $default, $cast, self :: $config);
|
|
|
|
|
}
|
2023-03-20 16:08:35 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Registered an action on a specific event
|
|
|
|
|
*
|
|
|
|
|
* @param string $event The event name
|
|
|
|
|
* @param callable $callable The callable to run on event
|
|
|
|
|
* @param array $params Paremeters that will be pass to the callable
|
|
|
|
|
*
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public static function addEvent($event, $callable, $params=NULL) {
|
|
|
|
|
self :: $_events[$event][] = array(
|
|
|
|
|
'callable' => $callable,
|
|
|
|
|
'params' => is_array($params)?$params:array(),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Run triggered actions on specific event
|
|
|
|
|
*
|
|
|
|
|
* @param string $event Event name
|
|
|
|
|
* @param mixed $data Event data
|
|
|
|
|
*
|
|
|
|
|
* @return boolean True if all triggered actions succefully runned, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
public static function fireEvent($event, $data=null) {
|
|
|
|
|
$return = true;
|
|
|
|
|
|
|
|
|
|
// Binding via addEvent
|
|
|
|
|
if (isset(self :: $_events[$event]) && is_array(self :: $_events[$event])) {
|
|
|
|
|
foreach (self :: $_events[$event] as $e) {
|
|
|
|
|
if (is_callable($e['callable'])) {
|
|
|
|
|
try {
|
|
|
|
|
call_user_func_array(
|
|
|
|
|
$e['callable'],
|
|
|
|
|
array_merge(
|
|
|
|
|
array($data), $e['params']
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
catch(Exception $er) {
|
|
|
|
|
LSerror :: addErrorCode(
|
|
|
|
|
'LSldap_13',
|
|
|
|
|
array('callable' => format_callable($e['callable']), 'event' => $event)
|
|
|
|
|
);
|
|
|
|
|
$return = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
LSerror :: addErrorCode(
|
|
|
|
|
'LSldap_12',
|
|
|
|
|
array('callable' => format_callable($e['callable']), 'event' => $event)
|
|
|
|
|
);
|
|
|
|
|
$return = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $return;
|
|
|
|
|
}
|
2007-03-29 18:10:14 +02:00
|
|
|
}
|
|
|
|
|
|
2009-01-02 17:00:25 +01:00
|
|
|
/*
|
|
|
|
|
* Error Codes
|
|
|
|
|
*/
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_01',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error during the LDAP server connection (%{msg}).")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_02',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error during the LDAP search (%{msg}).")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_03',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Object type unknown.")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_04',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error while fetching the LDAP entry.")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_05',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error while changing the LDAP entry (DN : %{dn}).")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_06',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error while deleting empty attributes.")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2009-01-25 15:37:03 +01:00
|
|
|
LSerror :: defineError('LSldap_07',
|
2020-12-22 19:43:50 +01:00
|
|
|
___("LSldap: Error while changing the DN of the object.")
|
|
|
|
|
);
|
|
|
|
|
LSerror :: defineError('LSldap_08',
|
|
|
|
|
___("LSldap: LDAP server base DN not configured.")
|
2009-01-02 17:00:25 +01:00
|
|
|
);
|
2021-08-26 20:16:22 +02:00
|
|
|
LSerror :: defineError('LSldap_09',
|
|
|
|
|
___("LSldap: Fail to set authz proxy option on LDAP server connection.")
|
|
|
|
|
);
|
2022-06-14 16:06:55 +02:00
|
|
|
LSerror :: defineError('LSldap_10',
|
|
|
|
|
___("LSldap: Error while changing the user password: %{msg}.")
|
|
|
|
|
);
|
|
|
|
|
LSerror :: defineError('LSldap_11',
|
|
|
|
|
___("LSldap: Unknown LDAP error while updating user password")
|
|
|
|
|
);
|
2023-03-20 16:08:35 +01:00
|
|
|
LSerror :: defineError('LSldap_12',
|
|
|
|
|
___("LSldap: Fail to execute trigger %{callable} on event %{event} : is not callable.")
|
|
|
|
|
);
|
|
|
|
|
LSerror :: defineError('LSldap_13',
|
|
|
|
|
___("LSldap: Error during the execution of the trigger %{callable} on event %{event}.")
|
|
|
|
|
);
|
