* $attrs = array( 'attribute1' => array('value1', 'value2'),
* 'attribute2' => 'single value'
* );
*
*
* @param string $dn DN of the Entry
* @param array $attrs Attributes of the entry
*
* @static
* @return Net_LDAP_Entry
*/
function createFresh($dn, $attrs = array())
{
if (!is_array($attrs)) {
return PEAR::raiseError("Unable to create fresh entry: Parameter \$attrs needs to be an array!");
}
$entry = new Net_LDAP_Entry($attrs, $dn);
return $entry;
}
/**
* Get or set the distinguished name of the entry
*
* If called without an argument the current (or the new DN if set) DN gets returned.
* If you provide an DN, this entry is moved to the new location specified if a DN existed.
* If the DN was not set, the DN gets initialized. Call {@link update()} to actually create
* the new Entry in the directory.
* To fetch the current active DN after setting a new DN but before an update(), you can use
* {@link currentDN()} to retrieve the DN that is currently active.
*
* Please note that special characters (eg german umlauts) should be encoded using utf8_encode().
* You may use {@link Net_LDAP_Util::canonical_dn()} for properly encoding of the DN.
*
* @param string $dn New distinguished name
*
* @access public
* @return string|true Distinguished name (or true if a new DN was provided)
*/
function dn($dn = null)
{
if (false == is_null($dn)) {
if (is_null($this->_dn)) {
$this->_dn = $dn;
} else {
$this->_newdn = $dn;
}
return true;
}
return (isset($this->_newdn) ? $this->_newdn : $this->currentDN());
}
/**
* Renames or moves the entry
*
* This is just a convinience alias to {@link dn()}
* to make your code more meaningful.
*
* @param string $newdn The new DN
* @return true
*/
function move($newdn)
{
return $this->dn($newdn);
}
/**
* Sets the internal attributes array
*
* This fetches the values for the attributes from the server.
* The attribute Syntax will be checked so binary attributes will be returned
* as binary values.
*
* Attributes may be passed directly via the $attributes parameter to setup this
* entry manually. This overrides attribute fetching from the server.
*
* @param array $attributes Attributes to set for this entry
*
* @access private
* @return void
*/
function _setAttributes($attributes = null)
{
/*
* fetch attributes from the server
*/
if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) {
// fetch schema
if (is_a($this->_ldap, 'Net_LDAP')) {
$schema =& $this->_ldap->schema();
}
// fetch attributes
$attributes = array();
do {
if (empty($attr)) {
$ber = null;
$attr = @ldap_first_attribute($this->_link, $this->_entry, $ber);
} else {
$attr = @ldap_next_attribute($this->_link, $this->_entry, $ber);
}
if ($attr) {
$func = 'ldap_get_values'; // standard function to fetch value
// Try to get binary values as binary data
if (is_a($schema, 'Net_LDAP_Schema')) {
if ($schema->isBinary($attr)) {
$func = 'ldap_get_values_len';
}
}
// fetch attribute value (needs error checking?)
$attributes[$attr] = $func($this->_link, $this->_entry, $attr);
}
} while ($attr);
}
/*
* set attribute data directly, if passed
*/
if (is_array($attributes) && count($attributes) > 0) {
if (isset($attributes["count"]) && is_numeric($attributes["count"])) {
unset($attributes["count"]);
}
foreach ($attributes as $k => $v) {
// attribute names should not be numeric
if (is_numeric($k)) {
continue;
}
// map generic attribute name to real one
$this->_map[strtolower($k)] = $k;
// attribute values should be in an array
if (false == is_array($v)) {
$v = array($v);
}
// remove the value count (comes from ldap server)
if (isset($v["count"])) {
unset($v["count"]);
}
$this->_attributes[$k] = $v;
}
}
// save a copy for later use
$this->_original = $this->_attributes;
}
/**
* Get the values of all attributes in a hash
*
* The returned hash has the form
* array('attributename' => 'single value',
* 'attributename' => array('value1', value2', value3'))
*
* @access public
* @return array Hash of all attributes with their values
*/
function getValues()
{
$attrs = array();
foreach ($this->_attributes as $attr => $value) {
$attrs[$attr] = $this->getValue($attr);
}
return $attrs;
}
/**
* Get the value of a specific attribute
*
* The first parameter is the name of the attribute
* The second parameter influences the way the value is returned:
* 'single': only the first value is returned as string
* 'all': all values including the value count are returned in an
* array
* 'default': in all other cases an attribute value with a single value is
* returned as string, if it has multiple values it is returned
* as an array (without value count)
*
* @param string $attr Attribute name
* @param string $option Option
*
* @access public
* @return string|array|PEAR_Error string, array or PEAR_Error
*/
function getValue($attr, $option = null)
{
$attr = $this->_getAttrName($attr);
if (false == array_key_exists($attr, $this->_attributes)) {
return PEAR::raiseError("Unknown attribute ($attr) requested");
}
$value = $this->_attributes[$attr];
if ($option == "single" || (count($value) == 1 && $option != 'all')) {
$value = array_shift($value);
}
return $value;
}
/**
* Alias function of getValue for perl-ldap interface
*
* @see getValue()
* @return string|array|PEAR_Error
*/
function get_value()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'getValue' ), $args);
}
/**
* Returns an array of attributes names
*
* @access public
* @return array Array of attribute names
*/
function attributes()
{
return array_keys($this->_attributes);
}
/**
* Returns whether an attribute exists or not
*
* @param string $attr Attribute name
*
* @access public
* @return boolean
*/
function exists($attr)
{
$attr = $this->_getAttrName($attr);
return array_key_exists($attr, $this->_attributes);
}
/**
* Adds a new attribute or a new value to an existing attribute
*
* The paramter has to be an array of the form:
* array('attributename' => 'single value',
* 'attributename' => array('value1', 'value2))
* When the attribute already exists the values will be added, else the
* attribute will be created. These changes are local to the entry and do
* not affect the entry on the server until update() is called.
*
* Note, that you can add values of attributes that you haven't selected, but if
* you do so, {@link getValue()} and {@link getValues()} will only return the
* values you added, _NOT_ all values present on the server. To avoid this, just refetch
* the entry after calling {@link update()} or select the attribute.
*
* @param array $attr Attributes to add
*
* @access public
* @return true|Net_LDAP_Error
*/
function add($attr = array())
{
if (false == is_array($attr)) {
return PEAR::raiseError("Parameter must be an array");
}
foreach ($attr as $k => $v) {
$k = $this->_getAttrName($k);
if (false == is_array($v)) {
// Do not add empty values
if ($v == null) {
continue;
} else {
$v = array($v);
}
}
// add new values to existing attribute or add new attribute
if ($this->exists($k)) {
$this->_attributes[$k] = array_unique(array_merge($this->_attributes[$k], $v));
} else {
$this->_map[strtolower($k)] = $k;
$this->_attributes[$k] = $v;
}
// save changes for update()
if (empty($this->_changes["add"][$k])) {
$this->_changes["add"][$k] = array();
}
$this->_changes["add"][$k] = array_unique(array_merge($this->_changes["add"][$k], $v));
}
$return = true;
return $return;
}
/**
* Deletes an whole attribute or a value or the whole entry
*
* The parameter can be one of the following:
*
* "attributename" - The attribute as a whole will be deleted
* array("attributename1", "attributename2) - All given attributes will be
* deleted
* array("attributename" => "value") - The value will be deleted
* array("attributename" => array("value1", "value2") - The given values
* will be deleted
* If $attr is null or omitted , then the whole Entry will be deleted!
*
* These changes are local to the entry and do
* not affect the entry on the server until {@link update()} is called.
*
* Please note that you must select the attribute (at $ldap->search() for example)
* to be able to delete values of it, Otherwise {@link update()} will silently fail
* and remove nothing.
*
* @param string|array $attr Attributes to delete (NULL or missing to delete whole entry)
*
* @access public
* @return true
*/
function delete($attr = null)
{
if (is_null($attr)) {
$this->_delete = true;
return true;
}
if (is_string($attr)) {
$attr = array($attr);
}
// Make the assumption that attribute names cannot be numeric,
// therefore this has to be a simple list of attribute names to delete
if (is_numeric(key($attr))) {
foreach ($attr as $name) {
if (is_array($name)) {
// someone mixed modes (list mode but specific values given!)
$del_attr_name = array_search($name, $attr);
$this->delete(array($del_attr_name => $name));
} else {
$name = $this->_getAttrName($name);
if ($this->exists($name)) {
$this->_changes["delete"][$name] = null;
unset($this->_attributes[$name]);
}
}
}
} else {
// Here we have a hash with "attributename" => "value to delete"
foreach ($attr as $name => $values) {
if (is_int($name)) {
// someone mixed modes and gave us just an attribute name
$this->delete($values);
} else {
// get the correct attribute name
$name = $this->_getAttrName($name);
if ($this->exists($name)) {
if (false == is_array($values)) {
$values = array($values);
}
// save values to be deleted
if (empty($this->_changes["delete"][$name])) {
$this->_changes["delete"][$name] = array();
}
$this->_changes["delete"][$name] =
array_unique(array_merge($this->_changes["delete"][$name], $values));
foreach ($values as $value) {
// find the key for the value that should be deleted
$key = array_search($value, $this->_attributes[$name]);
if (false !== $key) {
// delete the value
unset($this->_attributes[$name][$key]);
}
}
}
}
}
}
$return = true;
return $return;
}
/**
* Replaces attributes or its values
*
* The parameter has to an array of the following form:
* array("attributename" => "single value",
* "attribute2name" => array("value1", "value2"))
* If the attribute does not yet exist it will be added instead.
* If the attribue value is null, the attribute will de deleted
*
* These changes are local to the entry and do
* not affect the entry on the server until {@link update()} is called.
*
* @param array $attr Attributes to replace
*
* @access public
* @return true|Net_LDAP_Error
*/
function replace($attr = array())
{
if (false == is_array($attr)) {
return PEAR::raiseError("Parameter must be an array");
}
foreach ($attr as $k => $v) {
$k = $this->_getAttrName($k);
if (false == is_array($v)) {
// delete attributes with empty values
if ($v == null) {
$this->delete($k);
continue;
} else {
$v = array($v);
}
}
// existing attributes will get replaced
if ($this->exists($k)) {
$this->_changes["replace"][$k] = $v;
$this->_attributes[$k] = $v;
} else {
// new ones just get added
$this->add(array($k => $v));
}
}
$return = true;
return $return;
}
/**
* Update the entry on the directory server
*
* @param Net_LDAP $ldap If passed, a call to setLDAP() is issued prior update, thus switching the LDAP-server. This is for perl-ldap interface compliance
*
* @access public
* @return true|Net_LDAP_Error
* @todo Entry rename with a DN containing special characters needs testing!
*/
function update($ldap = null)
{
if ($ldap) {
$msg = $this->setLDAP($ldap);
if (Net_LDAP::isError($msg)) {
return PEAR::raiseError('You passed an invalid $ldap variable to update()');
}
}
// ensure we have a valid LDAP object
$ldap =& $this->getLDAP();
if (!is_a($ldap, 'Net_LDAP')) {
return PEAR::raiseError("The entries LDAP object is not valid");
}
// Get and check link
$link = $ldap->getLink();
if (!is_resource($link)) {
return PEAR::raiseError("Could not update entry: internal LDAP link is invalid");
}
/*
* Delete the entry
*/
if (true === $this->_delete) {
return $ldap->delete($this);
}
/*
* New entry
*/
if (true === $this->_new) {
$msg = $ldap->add($this);
if (Net_LDAP::isError($msg)) {
return $msg;
}
$this->_new = false;
$this->_changes['add'] = array();
$this->_changes['delete'] = array();
$this->_changes['replace'] = array();
$this->_original = $this->_attributes;
$return = true;
return $return;
}
/*
* Rename/move entry
*/
if (false == is_null($this->_newdn)) {
if ($ldap->getLDAPVersion() !== 3) {
return PEAR::raiseError("Renaming/Moving an entry is only supported in LDAPv3");
}
// make dn relative to parent (needed for ldap rename)
$parent = Net_LDAP_Util::ldap_explode_dn($this->_newdn, array('casefolding' => 'none', 'reverse' => false, 'onlyvalues' => false));
if (Net_LDAP::isError($parent)) {
return $parent;
}
$child = array_shift($parent);
// maybe the dn consist of a multivalued RDN, we must build the dn in this case
// because the $child-RDN is an array!
if (is_array($child)) {
$child = Net_LDAP_Util::canonical_dn($child);
}
$parent = Net_LDAP_Util::canonical_dn($parent);
// rename/move
if (false == @ldap_rename($link, $this->_dn, $child, $parent, true)) {
return PEAR::raiseError("Entry not renamed: " .
@ldap_error($link), @ldap_errno($link));
}
// reflect changes to local copy
$this->_dn = $this->_newdn;
$this->_newdn = null;
}
/*
* Carry out modifications to the entry
*/
// ADD
foreach ($this->_changes["add"] as $attr => $value) {
// if attribute exists, add new values
if ($this->exists($attr)) {
if (false === @ldap_mod_add($link, $this->dn(), array($attr => $value))) {
return PEAR::raiseError("Could not add new values to attribute $attr: " .
@ldap_error($link), @ldap_errno($link));
}
} else {
// new attribute
if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) {
return PEAR::raiseError("Could not add new attribute $attr: " .
@ldap_error($link), @ldap_errno($link));
}
}
// all went well here, I guess
unset($this->_changes["add"][$attr]);
}
// DELETE
foreach ($this->_changes["delete"] as $attr => $value) {
// In LDAPv3 you need to specify the old values for deleting
if (is_null($value) && $ldap->getLDAPVersion() === 3) {
$value = $this->_original[$attr];
}
if (false === @ldap_mod_del($link, $this->dn(), array($attr => $value))) {
return PEAR::raiseError("Could not delete attribute $attr: " .
@ldap_error($link), @ldap_errno($link));
}
unset($this->_changes["delete"][$attr]);
}
// REPLACE
foreach ($this->_changes["replace"] as $attr => $value) {
if (false === @ldap_modify($link, $this->dn(), array($attr => $value))) {
return PEAR::raiseError("Could not replace attribute $attr values: " .
@ldap_error($link), @ldap_errno($link));
}
unset($this->_changes["replace"][$attr]);
}
// all went well, so _original (server) becomes _attributes (local copy)
$this->_original = $this->_attributes;
$return = true;
return $return;
}
/**
* Returns the right attribute name
*
* @param string $attr Name of attribute
*
* @access private
* @return string The right name of the attribute
*/
function _getAttrName($attr)
{
$name = strtolower($attr);
if (array_key_exists($name, $this->_map)) {
$attr = $this->_map[$name];
}
return $attr;
}
/**
* Returns a reference to the LDAP-Object of this entry
*
* @access public
* @return Net_LDAP|Net_LDAP_Error Reference to the Net_LDAP Object (the connection) or Net_LDAP_Error
*/
function &getLDAP()
{
if (!is_a($this->_ldap, 'Net_LDAP')) {
$err = new PEAR_Error('LDAP is not a valid Net_LDAP object');
return $err;
} else {
return $this->_ldap;
}
}
/**
* Sets a reference to the LDAP-Object of this entry
*
* After setting a Net_LDAP object, calling update() will use that object for
* updating directory contents. Use this to dynamicly switch directorys.
*
* @param Net_LDAP &$ldap Net_LDAP object that this entry should be connected to
*
* @access public
* @return true|Net_LDAP_Error
*/
function setLDAP(&$ldap)
{
if (!is_a($ldap, 'Net_LDAP')) {
return PEAR::raiseError("LDAP is not a valid Net_LDAP object");
} else {
$this->_ldap =& $ldap;
return true;
}
}
/**
* Marks the entry as new.
*
* If an Entry is marked as new, it will be added to the directory when
* calling {@link update()}. This method is mainly intendet for internal
* Net_LDAP package usage, so if you use it, use it with care.
*
* @access private
* @param boolean $mark Value to set, defaults to "true"
*/
function _markAsNew($mark = true)
{
$this->_new = ($mark)? true : false;
}
/**
* Applies a regular expression onto a single- or multivalued attribute (like preg_match())
*
* This method behaves like PHPs preg_match() but with some exceptions.
* If you want to retrieve match information, then you MUST pass the
* $matches parameter via reference! otherwise you will get no matches.
* Since it is possible to have multi valued attributes the $matches
* array will have a additionally numerical dimension (one for each value):
*
* $matches = array(
* 0 => array (usual preg_match() returnarray),
* 1 => array (usual preg_match() returnarray)
* )
*
* Please note, that $matches will be initialized to an empty array inside.
*
* Usage example:
*
* $result = $entry->preg_match('/089(\d+)/', 'telephoneNumber', &$matches);
* if ( $result === true ){
* echo "First match: ".$matches[0][1]; // Match of value 1, content of first bracket
* } else {
* if ( Net_LDAP::isError($result) ) {
* echo "Error: ".$result->getMessage();
* } else {
* echo "No match found.";
* }
* }
*
*
* Please note that it is important to test for an Net_LDAP_Error, because objects are
* evaluating to true by default, thus if a error occured, and you only check using "==" then
* you get misleading results. Use the "identical" (===) operator to test for matches to
* avoid this as shown above.
*
* @param string $regex The regular expression
* @param string $attr_name The attribute to search in
* @param array $matches (optional, PASS BY REFERENCE!) Array to store matches in
*
* @return boolean|Net_LDAP_Error TRUE, if we had a match in one of the values, otherwise false. Net_LDAP_Error in case something went wrong
*/
function preg_match($regex, $attr_name, $matches = array())
{
$matches = array();
// fetch attribute values
$attr = $this->getValue($attr_name, 'all');
if (Net_LDAP::isError($attr)) {
return $attr;
} else {
unset($attr['count']);
}
// perform preg_match() on all values
$match = false;
foreach ($attr as $thisvalue) {
$matches_int = array();
if (preg_match($regex, $thisvalue, $matches_int)) {
$match = true;
array_push($matches, $matches_int); // store matches in reference
}
}
return $match;
}
/**
* Is this entry going to be deleted once update() is called?
*
* @return boolean
*/
function willBeDeleted()
{
return $this->_delete;
}
/**
* Is this entry going to be moved once update() is called?
*
* @return boolean
*/
function willBeMoved()
{
return ($this->dn() !== $this->currentDN());
}
/**
* Returns always the original DN
*
* If an entry will be moved but {@link update()} was not called,
* {@link dn()} will return the new DN. This method however, returns
* always the current active DN.
*
* @return string
*/
function currentDN()
{
return $this->_dn;
}
/**
* Returns the attribute changes to be carried out once update() is called
*
* @return array
*/
function getChanges()
{
return $this->_changes;
}
}
?>
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/LDAP/Filter.php����������������������������������������������������������������������100644 � 1750 � 1750 � 41624 11223350110 10757 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* $filter0 = Net_LDAP_Filter::create('stars', 'equals', '***');
* $filter_not0 = Net_LDAP_Filter::combine('not', $filter0);
*
* $filter1 = Net_LDAP_Filter::create('gn', 'begins', 'bar');
* $filter2 = Net_LDAP_Filter::create('gn', 'ends', 'baz');
* $filter_comp = Net_LDAP_Filter::combine('or',array($filter_not0, $filter1, $filter2));
*
* echo $filter_comp->asString();
* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz))
* // The stars in $filter0 are treaten as real stars unless you disable escaping.
*
*
* @category Net
* @package Net_LDAP
* @author Benedikt Hallinger
* // This will find entries that contain an attribute "sn" that ends with "foobar":
* $filter = new Net_LDAP_Filter('sn', 'ends', 'foobar');
*
* // This will find entries that contain an attribute "sn" that has any value set:
* $filter = new Net_LDAP_Filter('sn', 'any');
*
*
* @param string $attr_name Name of the attribute the filter should apply to
* @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any)
* @param string $value (optional) if given, then this is used as a filter
* @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP_Util::escape_filter_value()} for detailed information)
*
* @return Net_LDAP_Filter|Net_LDAP_Error
*/
function &create($attr_name, $match, $value = '', $escape = true)
{
$leaf_filter = new Net_LDAP_Filter();
if ($escape) {
$array = Net_LDAP_Util::escape_filter_value(array($value));
$value = $array[0];
}
switch (strtolower($match)) {
case 'equals':
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')';
break;
case 'begins':
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)';
break;
case 'ends':
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')';
break;
case 'contains':
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)';
break;
case 'greater':
$leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')';
break;
case 'less':
$leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')';
break;
case 'greaterorequal':
$leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')';
break;
case 'lessorequal':
$leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')';
break;
case 'approx':
$leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')';
break;
case 'any':
$leaf_filter->_filter = '(' . $attr_name . '=*)';
break;
default:
return PEAR::raiseError('Net_LDAP_Filter create error: matching rule "' . $match . '" not known!');
}
return $leaf_filter;
}
/**
* Combine two or more filter objects using a logical operator
*
* This static method combines two or more filter objects and returns one single
* filter object that contains all the others.
* Call this method statically: $filter =& Net_LDAP_Filter('or', array($filter1, $filter2))
* If the array contains filter strings instead of filter objects, we will try to parse them.
*
* @param string $log_op The locicall operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!"
* @param array|Net_LDAP_Filter $filters array with Net_LDAP_Filter objects
*
* @return Net_LDAP_Filter|Net_LDAP_Error
* @static
*/
function &combine($log_op, $filters)
{
if (PEAR::isError($filters)) {
return $filters;
}
// substitude named operators to logical operators
if ($log_op == 'and') $log_op = '&';
if ($log_op == 'or') $log_op = '|';
if ($log_op == 'not') $log_op = '!';
// tests for sane operation
if ($log_op == '!') {
// Not-combination, here we also accept one filter object or filter string
if (!is_array($filters) && is_a($filters, 'Net_LDAP_Filter')) {
$filters = array($filters); // force array
} elseif (is_string($filters)) {
$filter_o = Net_LDAP_Filter::parse($filters);
if (PEAR::isError($filter_o)) {
$err = PEAR::raiseError('Net_LDAP_Filter combine error: '.$filter_o->getMessage());
return $err;
} else {
$filters = array($filter_o);
}
} else {
$err = PEAR::raiseError('Net_LDAP_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP_Filter nor an array nor a filter string!');
return $err;
}
} elseif ($log_op == '&' || $log_op == '|') {
if (!is_array($filters) || count($filters) < 2) {
$err = PEAR::raiseError('Net_LDAP_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP_Filter objects!');
return $err;
}
} else {
$err = PEAR::raiseError('Net_LDAP_Filter combine error: logical operator is not known!');
return $err;
}
$combined_filter = new Net_LDAP_Filter();
foreach ($filters as $key => $testfilter) { // check for errors
if (PEAR::isError($testfilter)) {
return $testfilter;
} elseif (is_string($testfilter)) {
// string found, try to parse into an filter object
$filter_o = Net_LDAP_Filter::parse($testfilter);
if (PEAR::isError($filter_o)) {
return $filter_o;
} else {
$filters[$key] = $filter_o;
}
} elseif (!is_a($testfilter, 'Net_LDAP_Filter')) {
$err = PEAR::raiseError('Net_LDAP_Filter combine error: invalid object passed in array $filters!');
return $err;
}
}
$combined_filter->_subfilters = $filters;
$combined_filter->_match = $log_op;
return $combined_filter;
}
/**
* Parse FILTER into a Net_LDAP_Filter object
*
* This parses an filter string into Net_LDAP_Filter objects.
*
* @param string $FILTER The filter string
*
* @access static
* @return Net_LDAP_Filter|Net_LDAP_Error
* @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments)
*/
function parse($FILTER)
{
if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) {
if (in_array(substr($matches[1], 0, 1), array('!', '|', '&'))) {
// Subfilter processing: pass subfilters to parse() and combine
// the objects using the logical operator detected
// we have now something like "(...)(...)(...)" but at least one part ("(...)").
// extract logical operator and subfilters
$log_op = substr($matches[1], 0, 1);
$remaining_component = substr($matches[1], 1);
// bite off the next filter part and parse
$subfilters = array();
while (preg_match('/^(\(.+?\))(.*)/', $remaining_component, $matches)) {
$remaining_component = $matches[2];
$filter_o = Net_LDAP_Filter::parse($matches[1]);
if (PEAR::isError($filter_o)) {
return $filter_o;
}
array_push($subfilters, $filter_o);
}
// combine subfilters using the logical operator
$filter_o = Net_LDAP_Filter::combine($log_op, $subfilters);
return $filter_o;
} else {
// This is one leaf filter component, do some syntax checks, then escape and build filter_o
// $matches[1] should be now something like "foo=bar"
// detect multiple leaf components
// [TODO] Maybe this will make problems with filters containing brackets inside the value
if (stristr($matches[1], ')(')) {
return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!");
} else {
$filter_parts = preg_split('/(?|<|>=|<=)/', $matches[1], 2, PREG_SPLIT_DELIM_CAPTURE);
if (count($filter_parts) != 3) {
return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used");
} else {
$filter_o = new Net_LDAP_Filter();
// [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special?
// I think, those prevent escaping! We need to check against PERL Net::LDAP!
// $value_arr = Net_LDAP_Util::escape_filter_value(array($filter_parts[2]));
// $value = $value_arr[0];
$value = $filter_parts[2];
$filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')';
return $filter_o;
}
}
}
} else {
// ERROR: Filter components must be enclosed in round brackets
return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets");
}
}
/**
* Get the string representation of this filter
*
* This method runs through all filter objects and creates
* the string representation of the filter. If this
* filter object is a leaf filter, then it will return
* the string representation of this filter.
*
* @return string|Net_LDAP_Error
*/
function asString()
{
if ($this->_isLeaf()) {
$return = $this->_filter;
} else {
$return = '';
foreach ($this->_subfilters as $filter) {
$return = $return.$filter->asString();
}
$return = '(' . $this->_match . $return . ')';
}
return $return;
}
/**
* Alias for perl interface as_string()
*
* @see asString()
*/
function as_string()
{
return $this->asString();
}
/**
* Print the text representation of the filter to FH, or the currently selected output handle if FH is not given
*
* This method is only for compatibility to the perl interface.
* However, the original method was called "print" but due to PHP language restrictions,
* we can't have a print() method.
*
* @param resource $FH (optional) A filehandle resource
*
* @return true|Net_LDAP_Error
*/
function printMe($FH = false)
{
if (!is_resource($FH)) {
if (PEAR::isError($FH)) {
return $FH;
}
$filter_str = $this->asString();
if (PEAR::isError($filter_str)) {
return $filter_str;
} else {
print($filter_str);
}
} else {
$filter_str = $this->asString();
if (PEAR::isError($filter_str)) {
return $filter_str;
} else {
$res = @fwrite($FH, $this->asString());
if ($res == false) {
return PEAR::raiseError("Unable to write filter string to filehandle \$FH!");
}
}
}
return true;
}
/**
* This can be used to escape a string to provide a valid LDAP-Filter.
*
* LDAP will only recognise certain characters as the
* character istself if they are properly escaped. This is
* what this method does.
* The method can be called statically, so you can use it outside
* for your own purposes (eg for escaping only parts of strings)
*
* In fact, this is just a shorthand to {@link Net_LDAP_Util::escape_filter_value()}.
* For upward compatibiliy reasons you are strongly encouraged to use the escape
* methods provided by the Net_LDAP_Util class.
*
* @param string $value Any string who should be escaped
*
* @static
* @return string The string $string, but escaped
* @deprecated Do not use this method anymore, instead use Net_LDAP_Util::escape_filter_value() directly
*/
function escape($value)
{
$return = Net_LDAP_Util::escape_filter_value(array($value));
return $return[0];
}
/**
* Is this a container or a leaf filter object?
*
* @access private
* @return boolean
*/
function _isLeaf()
{
if (count($this->_subfilters) > 0) {
return false; // Container!
} else {
return true; // Leaf!
}
}
}
?>
������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/LDAP/RootDSE.php���������������������������������������������������������������������100644 � 1750 � 1750 � 11062 11223350110 11002 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @author Jan Wagner
* // to sort entries first by location, then by surename, but descending:
* $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC);
*
*
* @param array $attrs Array of attribute names to sort; order from left to right.
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
*
* @return array|Net_LDAP_Error Array with sorted entries or error
*/
function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC)
{
/*
* Old Code, suitable and fast for single valued sorting
* This code should be used if we know that single valued sorting is desired,
* but we need some method to get that knowledge...
*/
/*
$attrs = array_reverse($attrs);
foreach ($attrs as $attribute) {
if (!ldap_sort($this->_link, $this->_search, $attribute)){
$this->raiseError("Sorting failed for Attribute " . $attribute);
}
}
$results = ldap_get_entries($this->_link, $this->_search);
unset($results['count']); //for tidier output
if ($order) {
return array_reverse($results);
} else {
return $results;
}*/
/*
* New code: complete "client side" sorting
*/
// first some parameterchecks
if (!is_array($attrs)) {
return PEAR::raiseError("Sorting failed: Parameterlist must be an array!");
}
if ($order != SORT_ASC && $order != SORT_DESC) {
return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)");
}
// fetch the entries data
$entries = $this->as_struct();
// now sort each entries attribute values
// this is neccessary because later we can only sort by one value,
// so we need the highest or lowest attribute now, depending on the
// selected ordering for that specific attribute
foreach ($entries as $dn => $entry) {
foreach ($entry as $attr_name => $attr_values) {
sort($entries[$dn][$attr_name]);
if ($order == SORT_DESC) {
array_reverse($entries[$dn][$attr_name]);
}
}
}
// reformat entrys array for later use with array_multisort()
$to_sort = array(); // <- will be a numeric array similar to ldap_get_entries
foreach ($entries as $dn => $entry_attr) {
$row = array();
$row['dn'] = $dn;
foreach ($entry_attr as $attr_name => $attr_values) {
$row[$attr_name] = $attr_values;
}
$to_sort[] = $row;
}
// Build columns for array_multisort()
// each requested attribute is one row
$columns = array();
foreach ($attrs as $attr_name) {
foreach ($to_sort as $key => $row) {
$columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0];
}
}
// sort the colums with array_multisort, if there is something
// to sort and if we have requested sort columns
if (!empty($to_sort) && !empty($columns)) {
$sort_params = '';
foreach ($attrs as $attr_name) {
$sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', ';
}
eval("array_multisort($sort_params \$to_sort);"); // perform sorting
}
return $to_sort;
}
/**
* Return entries sorted as objects
*
* This returns a array with sorted Net_LDAP_Entry objects.
* The sorting is actually done with {@link sorted_as_struct()}.
*
* Please note that attribute names are case sensitive!
*
* Usage example:
*
* // to sort entries first by location, then by surename, but descending:
* $entries = $search->sorted(array('locality','sn'), SORT_DESC);
*
*
* @param array $attrs Array of sort attributes to sort; order from left to right.
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
*
* @return array|Net_LDAP_Error Array with sorted Net_LDAP_Entries or error
*/
function sorted($attrs = array('cn'), $order = SORT_ASC)
{
$return = array();
$sorted = $this->sorted_as_struct($attrs, $order);
if (PEAR::isError($sorted)) {
return $sorted;
}
foreach ($sorted as $key => $row) {
$entry = $this->_ldap->getEntry($row['dn'], $this->_searchedAttrs());
if (!PEAR::isError($entry)) {
array_push($return, $entry);
} else {
return $entry;
}
}
return $return;
}
/**
* Return entries as array
*
* This method returns the entries and the selected attributes values as
* array.
* The first array level contains all found entries where the keys are the
* DNs of the entries. The second level arrays contian the entries attributes
* such that the keys is the lowercased name of the attribute and the values
* are stored in another indexed array. Note that the attribute values are stored
* in an array even if there is no or just one value.
*
* The array has the following structure:
*
* $return = array(
* 'cn=foo,dc=example,dc=com' => array(
* 'sn' => array('foo'),
* 'multival' => array('val1', 'val2', 'valN')
* )
* 'cn=bar,dc=example,dc=com' => array(
* 'sn' => array('bar'),
* 'multival' => array('val1', 'valN')
* )
* )
*
*
* @return array associative result array as described above
*/
function as_struct()
{
$return = array();
$entries = $this->entries();
foreach ($entries as $entry) {
$attrs = array();
$entry_attributes = $entry->attributes();
foreach ($entry_attributes as $attr_name) {
$attr_values = $entry->getValue($attr_name, 'all');
if (!is_array($attr_values)) {
$attr_values = array($attr_values);
}
$attrs[$attr_name] = $attr_values;
}
$return[$entry->dn()] = $attrs;
}
return $return;
}
/**
* Set the search objects resource link
*
* @param resource &$search Search result identifier
*
* @access public
* @return void
*/
function setSearch(&$search)
{
$this->_search = $search;
}
/**
* Set the ldap ressource link
*
* @param resource &$link Link identifier
*
* @access public
* @return void
*/
function setLink(&$link)
{
$this->_link = $link;
}
/**
* Returns the number of entries in the searchresult
*
* @return int Number of entries in search.
*/
function count()
{
// this catches the situation where OL returned errno 32 = no such object!
if (!$this->_search) {
return 0;
}
return @ldap_count_entries($this->_link, $this->_search);
}
/**
* Get the errorcode the object got in its search.
*
* @return int The ldap error number.
*/
function getErrorCode()
{
return $this->_errorCode;
}
/**
* Destructor
*
* @access protected
*/
function _Net_LDAP_Search()
{
@ldap_free_result($this->_search);
}
/**
* Closes search result
*
* @return void
*/
function done()
{
$this->_Net_LDAP_Search();
}
/**
* Return the attribute names this search selected
*
* @return array
* @see $_searchedAttrs
* @access private
*/
function _searchedAttrs()
{
return $this->_searchedAttrs;
}
/**
* Tells if this search exceeds a sizelimit
*
* @return boolean
*/
function sizeLimitExceeded()
{
return ($this->getErrorCode() == 4);
}
}
?>
�������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/LDAP/Util.php������������������������������������������������������������������������100644 � 1750 � 1750 � 56415 11223350110 10453 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
* @author Jan Wagner
* // Read and parse an ldif-file into Net_LDAP_Entry objects
* // and print out the DNs. Store the entries for later use.
* require 'Net/LDAP/LDIF.php';
* $options = array(
* 'onerror' => 'die'
* );
* $entries = array();
* $ldif = new Net_LDAP_LDIF('test.ldif', 'r', $options);
* do {
* $entry = $ldif->read_entry();
* $dn = $entry->dn();
* echo " done building entry: $dn\n";
* array_push($entries, $entry);
* } while (!$ldif->eof());
* $ldif->done();
*
*
* // write those entries to another file
* $ldif = new Net_LDAP_LDIF('test.out.ldif', 'w', $options);
* $ldif->write_entry($entries);
* $ldif->done();
*
*
* @category Net
* @package Net_LDAP
* @author Benedikt Hallinger
* $ldif->someAction();
* if ($ldif->error()) {
* echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines();
* }
*
*
* @param boolean $as_string If set to true, only the message is returned
*
* @return false|Net_LDAP_Error
*/
function error($as_string = false)
{
if (Net_LDAP::isError($this->_error['error'])) {
return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error'];
} else {
return false;
}
}
/**
* Returns lines that resulted in error.
*
* Perl returns an array of faulty lines in list context,
* but we always just return an int because of PHPs language.
*
* @return int
*/
function error_lines()
{
return $this->_error['line'];
}
/**
* Returns the current Net::LDAP::Entry object.
*
* @return Net_LDAP_Entry|false
*/
function current_entry()
{
return $this->parseLines($this->current_lines());
}
/**
* Parse LDIF lines of one entry into an Net_LDAP_Entry object
*
* @param array $lines LDIF lines for one entry
*
* @return Net_LDAP_Entry|false Net_LDAP_Entry object for those lines
* @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg"
*/
function parseLines($lines)
{
// parse lines into an array of attributes and build the entry
$attributes = array();
$dn = false;
foreach ($lines as $line) {
if (preg_match('/^(\w+)(:|::|:<)\s(.+)$/', $line, $matches)) {
$attr =& $matches[1];
$delim =& $matches[2];
$data =& $matches[3];
if ($delim == ':') {
// normal data
$attributes[$attr][] = $data;
} elseif ($delim == '::') {
// base64 data
$attributes[$attr][] = base64_decode($data);
} elseif ($delim == ':<') {
// file inclusion
// TODO: Is this the job of the LDAP-client or the server?
$this->_dropError('File inclusions are currently not supported');
//$attributes[$attr][] = ...;
} else {
// since the pattern above, the delimeter cannot be something else.
$this->_dropError('Net_LDAP_LDIF parsing error: invalid syntax at parsing entry line: '.$line);
continue;
}
if (strtolower($attr) == 'dn') {
// DN line detected
$dn = $attributes[$attr][0]; // save possibly decoded DN
unset($attributes[$attr]); // remove wrongly added "dn: " attribute
}
} else {
// line not in "attr: value" format -> ignore
// maybe we should rise an error here, but this should be covered by
// next_lines() already. A problem arises, if users try to feed data of
// several entries to this method - the resulting entry will
// get wrong attributes. However, this is already mentioned in the
// methods documentation above.
}
}
if (false === $dn) {
$this->_dropError('Net_LDAP_LDIF parsing error: unable to detect DN for entry');
return false;
} else {
$newentry = Net_LDAP_Entry::createFresh($dn, $attributes);
return $newentry;
}
}
/**
* Returns the lines that generated the current Net::LDAP::Entry object.
*
* Note that this returns an empty array if no lines have been read so far.
*
* @return array Array of lines
*/
function current_lines()
{
return $this->_lines_cur;
}
/**
* Returns the lines that will generate the next Net::LDAP::Entry object.
*
* If you set $force to TRUE then you can iterate over the lines that build
* up entries manually. Otherwise, iterating is done using {@link read_entry()}.
* Force will move the file pointer forward, thus returning the next entries lines.
*
* Wrapped lines will be unwrapped. Comments are stripped.
*
* @param boolean $force Set this to true if you want to iterate over the lines manually
*
* @return array
*/
function next_lines($force = false)
{
// if we already have those lines, just return them, otherwise read
if (count($this->_lines_next) == 0 || $force) {
$this->_lines_next = array(); // empty in case something was left (if used $force)
$entry_done = false;
$fh = &$this->handle();
$commentmode = false; // if we are in an comment, for wrapping purposes
$datalines_read = 0; // how many lines with data we have read
while (!$entry_done && !$this->eof()) {
$this->_input_line++;
// Read line. Remove line endings, we want only data;
// this is okay since ending spaces should be encoded
$data = rtrim(fgets($fh));
if ($data === false) {
// error only, if EOF not reached after fgets() call
if (!$this->eof()) {
$this->_dropError('Net_LDAP_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line);
}
break;
} else {
if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) {
// Entry is finished if we have an empty line after we had data
$entry_done = true;
// Look ahead if the next EOF is nearby. Comments and empty
// lines at the file end may cause problems otherwise
$current_pos = ftell($fh);
$data = fgets($fh);
while (!feof($fh)) {
if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) {
// only empty lines or comments, continue to seek
// TODO: Known bug: Wrappings for comments are okay but are treaten as
// error, since we do not honor comment mode here.
// This should be a very theoretically case, however
// i am willing to fix this if really necessary.
$this->_input_line++;
$current_pos = ftell($fh);
$data = fgets($fh);
} else {
// Data found if non emtpy line and not a comment!!
// Rewind to position prior last read and stop lookahead
fseek($fh, $current_pos);
break;
}
}
// now we have either the file pointer at the beginning of
// a new data position or at the end of file causing feof() to return true
} else {
// build lines
if (preg_match('/^version:\s(.+)$/', $data, $match)) {
// version statement, set version
$this->version($match[1]);
} elseif (preg_match('/^\w+::?\s.+$/', $data)) {
// normal attribute: add line
$commentmode = false;
$this->_lines_next[] = trim($data);
$datalines_read++;
} elseif (preg_match('/^\s(.+)$/', $data, $matches)) {
// wrapped data: unwrap if not in comment mode
if (!$commentmode) {
if ($datalines_read == 0) {
// first line of entry: wrapped data is illegal
$this->_dropError('Net_LDAP_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line);
} else {
$last = array_pop($this->_lines_next);
$last = $last.trim($matches[1]);
$this->_lines_next[] = $last;
$datalines_read++;
}
}
} elseif (preg_match('/^#/', $data)) {
// LDIF comments
$commentmode = true;
} elseif (preg_match('/^\s*$/', $data)) {
// empty line but we had no data for this
// entry, so just ignore this line
$commentmode = false;
} else {
$this->_dropError('Net_LDAP_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line);
continue;
}
}
}
}
}
return $this->_lines_next;
}
/**
* Convert an attribute and value to LDIF string representation
*
* It honors correct encoding of values according to RFC 2849.
* Line wrapping will occur at the configured maximum but only if
* the value is greater than 40 chars.
*
* @param string $attr_name Name of the attribute
* @param string $attr_value Value of the attribute
*
* @access private
* @return string LDIF string for that attribute and value
*/
function _convertAttribute($attr_name, $attr_value)
{
// Handle empty attribute or process
if (strlen($attr_value) == 0) {
$attr_value = " ";
} else {
$base64 = false;
// ASCII-chars that are NOT safe for the
// start and for being inside the value.
// These are the int values of those chars.
$unsafe_init = array(0, 10, 13, 32, 58, 60);
$unsafe = array(0, 10, 13);
// Test for illegal init char
$init_ord = ord(substr($attr_value, 0, 1));
if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) {
$base64 = true;
}
// Test for illegal content char
for ($i = 0; $i < strlen($attr_value); $i++) {
$char = substr($attr_value, $i, 1);
if (ord($char) >= 127 || in_array($init_ord, $unsafe)) {
$base64 = true;
}
}
// Test for ending space
if (substr($attr_value, -1) == ' ') {
$base64 = true;
}
// If converting is needed, do it
if ($base64 && !($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) {
$attr_name .= ':';
$attr_value = base64_encode($attr_value);
}
// Lowercase attr names if requested
if ($this->_options['lowercase']) {
$attr_name = strtolower($attr_name);
}
// Handle line wrapping
if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) {
$attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true);
}
}
return $attr_name.': '.$attr_value;
}
/**
* Convert an entries DN to LDIF string representation
*
* It honors correct encoding of values according to RFC 2849.
*
* @param string $dn UTF8-Encoded DN
*
* @access private
* @return string LDIF string for that DN
* @todo I am not sure, if the UTF8 stuff is correctly handled right now
*/
function _convertDN($dn)
{
$base64 = false;
// ASCII-chars that are NOT safe for the
// start and for being inside the dn.
// These are the int values of those chars.
$unsafe_init = array(0, 10, 13, 32, 58, 60);
$unsafe = array(0, 10, 13);
// Test for illegal init char
$init_ord = ord(substr($dn, 0, 1));
if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) {
$base64 = true;
}
// Test for illegal content char
for ($i = 0; $i < strlen($dn); $i++) {
$char = substr($dn, $i, 1);
if (ord($char) >= 127 || in_array($init_ord, $unsafe)) {
$base64 = true;
}
}
// Test for ending space
if (substr($dn, -1) == ' ') {
$base64 = true;
}
// if converting is needed, do it
return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn;
}
/**
* Writes an attribute to the filehandle
*
* @param string $attr_name Name of the attribute
* @param string|array $attr_values Single attribute value or array with attribute values
*
* @access private
* @return void
*/
function _writeAttribute($attr_name, $attr_values)
{
// write out attribute content
if (!is_array($attr_values)) {
$attr_values = array($attr_values);
}
foreach ($attr_values as $attr_val) {
$line = $this->_convertAttribute($attr_name, $attr_val).PHP_EOL;
$this->_writeLine($line, 'Net_LDAP_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum);
}
}
/**
* Writes a DN to the filehandle
*
* @param string $dn DN to write
*
* @access private
* @return void
*/
function _writeDN($dn)
{
// prepare DN
if ($this->_options['encode'] == 'base64') {
$dn = $this->_convertDN($dn).PHP_EOL;
} elseif ($this->_options['encode'] == 'canonical') {
$dn = Net_LDAP_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL;
} else {
$dn = $dn.PHP_EOL;
}
$this->_writeLine($dn, 'Net_LDAP_LDIF error: unable to write DN of entry '.$this->_entrynum);
}
/**
* Finishes an LDIF entry
*
* @access private
* @return void
*/
function _finishEntry()
{
$this->_writeLine(PHP_EOL, 'Net_LDAP_LDIF error: unable to close entry '.$this->_entrynum);
}
/**
* Just write an arbitary line to the filehandle
*
* @param string $line Content to write
* @param string $error If error occurs, drop this message
*
* @access private
* @return true|false
*/
function _writeLine($line, $error = 'Net_LDAP_LDIF error: unable to write to filehandle')
{
if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) {
$this->_dropError($error);
return false;
} else {
return true;
}
}
/**
* Optionally raises an error and pushes the error on the error cache
*
* @param string $msg Errortext
* @param int $line Line in the LDIF that caused the error
*
* @access private
* @return void
*/
function _dropError($msg, $line = null)
{
$this->_error['error'] = new Net_LDAP_Error($msg);
if ($line !== null) {
$this->_error['line'] = $line;
}
if ($this->_options['onerror'] == 'die') {
die($msg.PHP_EOL);
} elseif ($this->_options['onerror'] == 'warn') {
echo $msg.PHP_EOL;
}
}
}
?>
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/manual.html����������������������������������������������������������������������100644 � 1750 � 1750 � 21135 11223350110 11204 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
To do this, use the Net_LDAP::connect function like this:
require_once('Net_LDAP/LDAP.php');
$config = array (
'binddn' => 'uid=tarjei,dc=php,dc=net',
'bindpw' => 'secret',
'basedn' => dc=php,dc=net
);
$ldap = Net_LDAP::connect($config);
But what are valid values in the config array?
Now you should have the base ldapobject stored in the variable "$ldap". But, what if it is an error? Net_LDAP returns a Net_LDAP_error object (basicly a pear_error object) when an error occurs. So wherever you need to check an error, do like this:
$ldap = Net_LDAP::connect($config); // copied from above!
if (Net_LDAP::isError($ldap)) {
print $ldap->getMessage(); // this will tell you what went wrong!
}
Two things to note:
1) The function is_a() might be faster:
if (is_a($ldap,'net_ldap_error')) {
// do the same as above
}
In PHP5 you must use the instanceof operator instead of is_a().
Most of the work you do on an ldapserver is in searching,
for example, you search for your boss's password or his wife's phonenumber.
Searching an ldapserver is a bit like doing SQL and a lot not like it at all.
Think of the directory as some sort of "telephone book".
Basically, searches are performed by applying a "filter" to objects under a
specific "base" in the directory. Additionally, there is a "scope" applied to the search,
so you can specify the recursion level in the directory tree.
$filter = '(&(objectclass=person)(sn=Ha*))';
$searchbase = 'ou=dev,ou=People,dc=php,dc=net';
$options = array(
'scope' => 'sub', // all entries below the searchbase (recursive all subtrees from there)
'attributes' => array('sn','gn','telephonenumber') // what attributes to select
);
$search = $ldap->search($searchbase, $filter, $options);
$search should now be an Net_LDAP_Search object.
This describes how to get an entry and modifying it. If we just want one single entry, it may be useful to directly fetch that entry instead of searching it manually. To do this you can use Net_LDAPs "getEntry()" method:
$dn = 'cn=Foo Bar,ou=dev,ou=People,dc=php,dc=net';
$entry =& $ldap->getEntry($dn, array('sn','gn','telephonenumber'));
With this entry object you now can perform some actions like fetching the contents of attributes:
$telephonenumber = $entry->getValue('telephonenumber','single');
Or you can modify a attribute:
$entry->replace("telephonenumber" => "0123456789"); // replace the attributes values with the new number
$entry->update(); // update temporarily modified entry on the server
Of course there are much more other possibilitys. Please note that adding and deleting
whole entrys is performed through the Net_LDAP class and not with the Net_LDAP_Entry class.
$schema = $ldap->schema();Now you got a schemaobject. To read from this schemaobject, you have several methods defined in the class Net_LDAP_Schema.
$required = $schema->must( 'inetOrgUser' );
print_r($required);
/* The output of this will be:
Array
(
[0] => sn
[1] => cn
)
*/
Ok, but what kind of attribute is sn? Let's check:
$att = $schema->get('attribute','sn');
print_r($att);
/* The output of this will be:
Array
(
[aliases] => Array
(
[0] => surname
)
[oid] => 2.5.4.4
[name] => sn
[desc] => RFC2256: last (family) name(s) for which the entity is known by
[sup] => Array
(
[0] => name
)
[type] => attribute
)
*/
Hmm, ok, the sup part is important. It means that surname derives it's syntax from another attribute,
the name attribute. So , we need to check that as well.
$att_dep = $schema->get('attribute',$att['sup'][0]);
print_r($att_dep);
/* The output of this will be:
Array
(
[aliases] => Array
(
)
[oid] => 2.5.4.41
[name] => name
[desc] => RFC2256: common supertype of name attributes
[equality] => caseIgnoreMatch
[substr] => caseIgnoreSubstringsMatch
[syntax] => 1.3.6.1.4.1.1466.115.121.1.15{32768}
[max_length] => 32768
[type] => attribute
)
*/
From this we find out that the attribute has a maxlength of 32768 characters
and has the syntax 1.3.6.1.4.1.1466.115.121.1.15{32768}.�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/README.txt�����������������������������������������������������������������������100644 � 1750 � 1750 � 1301 11223350110 10510 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������This is my own implementation of some classes for manipulation LDAP-entries in
a directory.
The classes methods and structure are based on Perls Net::LDAP
(see perl-ldap.sf.net). The test.php file shuld provide you with enough
examples to do the most basic things.
The largest difference between the perl implementation and this one (apart
from the fact that all array/list structures are different due to differences
in the two languages) is that instead of the method new you'll have to use the
method connect() instead.
Patches and comments are most welcome!
Please submit them via PEARS Bug tracking feature or via mail
to one of Net_LDAPs developers. Use unified context diffs if possible!
Tarjei�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/RootDSE.txt����������������������������������������������������������������������100644 � 1750 � 1750 � 2515 11223350110 11042 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������First of all connect as usual. (Some servers require authentication to get the
RootDSE entry)
$config = array( 'host' => 'localhost' );
$ldap = Net_LDAP::connect( $config );
if( Net_LDAP::isError( $ldap ) ) die( $ldap->getMessage() );
Now we can get the entry:
$dse = $ldap->rootDSE();
if( Net_LDAP::isError( $dse ) die( $dse->getMessage() );
You can give an array of attributes to fetch as an parameter ro rootDSE().
If none are given these ones are fetched:
namingContexts
altServer
supportedExtension
supportedControl
supportedSASLMechanisms
supportedLDAPVersion
subschemaSubentry
Then you can work with the object:
$basedn = $dse->getValue( 'namingContexts' );
if( $dse->supportedVersion( 3 ) == 3 ) {
do_something_only_ldap_v3_can_do();
}
Public functions:
getValue( string )
get the value of this attribute. same syntax as Net_LDAP_Entry::get_value()
supportedControl( oid )
supportedExtension( oid )
check if the given control/extension is supported by the server
supportedSASLMechanism( mechanism )
check if the given sasl mechanism is supported by the server
supportedVersion( version )
check if the given ldap version is supported by the serve
These are alias functions of the above, to make the api perl-ldap compatible.
get_value()
supported_control()
supported_extension()
supported_sasl_mechanism()
supported_version()
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/Schema.txt�����������������������������������������������������������������������100644 � 1750 � 1750 � 3315 11223350110 10762 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Examples:
First of all connect to your server as usual. (Some servers require
authentication to get the Subschema entry)
$config = array( 'host' => 'localhost' );
$ldap = Net_LDAP::connect( $config );
if( Net_LDAP::isError( $ldap ) ) die ( $ldap->getMessage() )
Then we can get the schema.
$schema = $ldap->schema();
if( Net_LDAP::isError( $schema ) ) die ( $schema->getMessage() );
You can give a parameter to $ldap->schema() which sets the Subschema Entry dn.
If it is omitted, the entry dn will be fetched internally via rootDSE().
If that fails it will be set to "cn=Subschema".
$schema = $ldap->schema( 'cn=Subschema' );
Now you can work with the schema and retrieve information:
$attrs = $schema->getAll( 'attributes' );
This returns an array with all attributes and their information such as syntax,
equality, max_length etc. Look at the returned array to see what information was
passed.
Valid options to getAll() are:
objectclasses
attributes
ditcontentrules
ditstructurerules
matchingrules
matchingruleuses
nameforms
syntaxes
If you know the the name of an attribute or objectclass you can get the
information directly.
$attr = $schema->get('attribute', 'userPassword');
$oc = $schema->get('objectclass', 'posixAccount');
The first parameter determines the type of entry to be fetched and can be one
of:
attribute
ditcontentrule
ditstructurerule
matchingrule
matchingruleuse
nameform
objectclass
syntax
The second parameter can be the name or the oid of the entry.
You can retrieve a list of required and optional attributes of an object class
via must( $oc ) or may( $oc ). Both return a list of attributes in an array.
$required = $schema->must( 'posixAccount' );
$optional = $schema->may( 'posixAccount' );
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/utf8.txt�������������������������������������������������������������������������100644 � 1750 � 1750 � 1351 11223350110 10446 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������UTF8 and Net_LDAP:
It is hard to know exactly what entries need utf8 every time you need them,
so here's the simple way to salvation:
Net_LDAP will check internally if utf8 is needed.
Code:
// $attr is some text a user entered with funny characters in it.
// If $attr should not be utfized (f.x. userPassword) then utf8Encode
// will not encode the attribute.
$attr = $ldap->utf8Encode($attr);
// now insert the correctly encoded attribute into the directory.
$entry->modify($attr);
// later when you access the attributes of that user, decode the ones
// that have to be decoded.
$attr = $ldap->utf8Decode( $entry->attributes() );
Thanks to Jan for the code.
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/examples/connecting.php����������������������������������������������������������100644 � 1750 � 1750 � 3017 11223350110 13476 ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 'ldap.example.org',
'host' => array('ldap1.example.org', 'ldap2.example.org'),
// 'binddn' => 'cn=admin,o=example,dc=org',
// 'bindpw' => 'your-secret-password',
'tls' => false,
'base' => 'o=example,dc=org',
'port' => 389,
'version' => 3,
'filter' => '(cn=*)',
'scope' => 'sub'
);
// Connect to configured ldap server
$ldap = Net_LDAP::connect($ldap_config);
// It is important to check for errors.
// Nearly every method of Net_LDAP returns a Net_LDAP_Error object
// if something went wrong. Through this object, you can retrieve detailed
// information on what exactly happened.
//
// Here we drop a die with the error message, so the other example
// files will not be calles unless we have a valid link.
if (Net_LDAP::isError($ldap)) {
die('BIND FAILED: '.$ldap->getMessage());
}�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/examples/fetch_entry.php���������������������������������������������������������100644 � 1750 � 1750 � 2552 11223350110 13664 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������getEntry('cn=admin,'.$ldap_config['base'], array('gn', 'sn'));
// Error checking is important!
if (Net_LDAP::isError($entry)) {
die('Could not fetch entry: '.$entry->getMessage());
}
// Now fetch the data from the entry
$surename = $entry->getValue('sn', 'single');
if (Net_LDAP::isError($surename)) {
die('Unable to get surename: '.$surename->getMessage());
}
$givenname = $entry->getValue('gn', 'single');
if (Net_LDAP::isError($givenname)) {
die('Unable to get surename: '.$givenname->getMessage());
}
// Finally output the data of the entry:
// This will give something like "Name of cn=admin,o=example,dc=org: Foo Bar"
echo 'Name of '.$entry->DN().': '.$givenname.' '.$surename;
?>������������������������������������������������������������������������������������������������������������������������������������������������������Net_LDAP-1.1.5/doc/examples/search_entries.php������������������������������������������������������100644 � 1750 � 1750 � 5773 11223350110 14360 ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������search($ldap_config['base'], ...
$requested_attributes = array('sn','gn','telephonenumber');
$search = $ldap->search(null, $filter, array('attributes' => $requested_attributes));
if (Net_LDAP::isError($search)) {
die('LDAP search failed: '.$search->getMessage());
}
// Lets see what entries we got and print the names and telephone numbers:
if ($search->count() > 0) {
echo "Found ".$search->count().' entries:$ldap = Net_LDAP::connect($ldap_config);
*
* @param array $config Configuration array
*
* @access protected
* @return void
* @see $_config
*/
function Net_LDAP($config = array())
{
$this->PEAR('Net_LDAP_Error');
$this->_setConfig($config);
}
/**
* Sets the internal configuration array
*
* @param array $config Configuration array
*
* @access private
* @return void
*/
function _setConfig($config)
{
//
// Parameter check -- probably should raise an error here if config
// is not an array.
//
if (! is_array($config)) {
return;
}
foreach ($config as $k => $v) {
if (isset($this->_config[$k])) {
$this->_config[$k] = $v;
} else {
// map old (Net_LDAP) parms to new ones
switch($k) {
case "dn":
$this->_config["binddn"] = $v;
break;
case "password":
$this->_config["bindpw"] = $v;
break;
case "tls":
$this->_config["starttls"] = $v;
break;
case "base":
$this->_config["basedn"] = $v;
break;
}
}
}
//
// Ensure the host list is an array.
//
if (is_array($this->_config['host'])) {
$this->_host_list = $this->_config['host'];
} else {
if (strlen($this->_config['host']) > 0) {
$this->_host_list = array($this->_config['host']);
} else {
// this will cause an error in _connect(), so the user is notified
$this->_host_list = array();
}
}
//
// Reset the down host list, which seems like a sensible thing to do
// if the config is being reset for some reason.
//
$this->_down_host_list = array();
}
/**
* Bind or rebind to the ldap-server
*
* This function binds with the given dn and password to the server. In case
* no connection has been made yet, it will be startet and startTLS issued
* if appropiate.
*
* The internal bind configuration is not being updated, so if you call
* bind() without parameters, you can rebind with the credentials
* provided at first connecting to the server.
*
* @param string $dn Distinguished name for binding
* @param string $password Password for binding
*
* @access public
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function bind($dn = null, $password = null)
{
// fetch current bind credentials
if (is_null($dn)) {
$dn = $this->_config["binddn"];
}
if (is_null($password)) {
$password = $this->_config["bindpw"];
}
// Connect first, if we haven't so far.
// This will also bind us to the server.
if ($this->_link === false) {
// store old credentials so we can revert them later
// then overwrite config with new bind credentials
$olddn = $this->_config["binddn"];
$oldpw = $this->_config["bindpw"];
// overwrite bind credentials in config
// so _connect() knows about them
$this->_config["binddn"] = $dn;
$this->_config["bindpw"] = $password;
// try to connect with provided credentials
$msg = $this->_connect();
// reset to previous config
$this->_config["binddn"] = $olddn;
$this->_config["bindpw"] = $oldpw;
// see if bind worked
if (Net_LDAP::isError($msg)) {
return $msg;
}
} else {
// do the requested bind as we are
// asked to bind manually
if (is_null($dn)) {
$msg = @ldap_bind($this->_link); // anonymous bind
} else {
$msg = @ldap_bind($this->_link, $dn, $password); // privilegued bind
}
if (false === $msg) {
return PEAR::raiseError("Bind failed: " .
@ldap_error($this->_link),
@ldap_errno($this->_link));
}
}
return true;
}
/**
* Connect to the ldap-server
*
* This function connects to the given LDAP server.
*
* @access private
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function _connect()
{
//
// Return true if we are already connected.
//
if ($this->_link !== false) {
return true;
}
//
// Connnect to the LDAP server if we are not connected. Note that
// with some LDAP clients, ldap_connect returns a link value even
// if no connection is made. We need to do at least one anonymous
// bind to ensure that a connection is actually valid.
//
// Ref: http://www.php.net/manual/en/function.ldap-connect.php
//
//
// Default error message in case all connection attempts fail but no message is set
//
$current_error = new PEAR_Error('Unknown connection error');
//
// Catch empty $_host_list arrays.
//
if (!is_array($this->_host_list) || count($this->_host_list) == 0) {
$current_error = PEAR::raiseError('No Servers configured! Please pass in an array of servers to Net_LDAP2');
return $current_error;
}
//
// Cycle through the host list.
//
foreach ($this->_host_list as $host) {
//
// Ensure we have a valid string for host name
//
if (is_array($host)) {
$current_error = PEAR::raiseError('No Servers configured! Please pass in an one dimensional array of servers to Net_LDAP2! (multidimensional array detected!)');
continue;
}
//
// Skip this host if it is known to be down.
//
if (in_array($host, $this->_down_host_list)) {
continue;
}
//
// Record the host that we are actually connecting to in case
// we need it later.
//
$this->_config['host'] = $host;
//
// Attempt a connection.
//
$this->_link = @ldap_connect($host, $this->_config['port']);
if (false === $this->_link) {
$current_error = PEAR::raiseError('Could not connect to ' .
$host . ':' . $this->_config['port']);
$this->_down_host_list[] = $host;
continue;
}
//
// If we're supposed to use TLS, do so before we try to bind.
//
if ($this->_config["starttls"] === true) {
if (self::isError($msg = $this->startTLS())) {
$current_error = $msg;
$this->_link = false;
$this->_down_host_list[] = $host;
continue;
}
}
//
// Attempt to bind to the server. If we have credentials configured,
// we try to use them, otherwise its an anonymous bind.
//
$msg = $this->bind();
if (self::isError($msg)) {
// The bind failed, discard link and save error msg.
// Then record the host as down and try next one
$this->_link = false;
$current_error = $msg;
$this->_down_host_list[] = $host;
continue;
}
//
// Set LDAP version after we have a bind.
//
if (self::isError($msg = $this->setLDAPVersion())) {
$current_error = $msg;
$this->_link = false;
$this->_down_host_list[] = $host;
continue;
}
//
// Set LDAP parameters, now we know we have a valid connection.
//
if (isset($this->_config['options']) &&
is_array($this->_config['options']) &&
count($this->_config['options'])) {
foreach ($this->_config['options'] as $opt => $val) {
$err = $this->setOption($opt, $val);
if (self::isError($err)) {
$current_error = $err;
$this->_link = false;
$this->_down_host_list[] = $host;
continue 2;
}
}
}
//
// At this stage we have connected, bound, and set up options,
// so we have a known good LDAP server. Time to go home.
//
return true;
}
//
// All connection attempts have failed, return the last error.
//
return $current_error;
}
/**
* Starts an encrypted session
*
* @access public
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function startTLS()
{
if (false === @ldap_start_tls($this->_link)) {
return $this->raiseError("TLS not started: " .
@ldap_error($this->_link),
@ldap_errno($this->_link));
}
return true;
}
/**
* alias function of startTLS() for perl-ldap interface
*
* @return void
* @see startTLS()
*/
function start_tls()
{
$args = func_get_args();
return call_user_func_array(array( &$this, 'startTLS' ), $args);
}
/**
* Close LDAP connection.
*
* Closes the connection. Use this when the session is over.
*
* @return void
*/
function done()
{
$this->_Net_LDAP();
}
/**
* Destructor
*
* @access private
*/
function _Net_LDAP()
{
@ldap_close($this->_link);
}
/**
* Add a new entryobject to a directory.
*
* Use add to add a new Net_LDAP_Entry object to the directory.
* This also links the entry to the connection used for the add,
* if it was a fresh entry ({@link Net_LDAP_Entry::createFresh()})
*
* @param Net_LDAP_Entry &$entry Net_LDAP_Entry
*
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function add(&$entry)
{
if (false === is_a($entry, 'Net_LDAP_Entry')) {
return PEAR::raiseError('Parameter to Net_LDAP::add() must be a Net_LDAP_Entry object.');
}
if (@ldap_add($this->_link, $entry->dn(), $entry->getValues())) {
// entry successfully added, we should update its $ldap reference
// in case it is not set so far (fresh entry)
if (!is_a($entry->getLDAP(), 'Net_LDAP')) {
$entry->setLDAP($this);
}
// store, that the entry is present inside the directory
$entry->_markAsNew(false);
return true;
} else {
return PEAR::raiseError("Could not add entry " . $entry->dn() . " " .
@ldap_error($this->_link),
@ldap_errno($this->_link));
}
}
/**
* Delete an entry from the directory
*
* The object may either be a string representing the dn or a Net_LDAP_Entry
* object. When the boolean paramter recursive is set, all subentries of the
* entry will be deleted as well.
*
* @param string|Net_LDAP_Entry $dn DN-string or Net_LDAP_Entry
* @param boolean $recursive Should we delete all children recursive as well?
*
* @access public
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function delete($dn, $recursive = false)
{
if (is_a($dn, 'Net_LDAP_Entry')) {
$dn = $dn->dn();
}
if (false === is_string($dn)) {
return PEAR::raiseError("Parameter is not a string nor an entry object!");
}
// Recursive delete searches for children and calls delete for them
if ($recursive) {
$result = @ldap_list($this->_link, $dn, '(objectClass=*)', array(null), 0, 0);
if (@ldap_count_entries($this->_link, $result)) {
$subentry = @ldap_first_entry($this->_link, $result);
$this->delete(@ldap_get_dn($this->_link, $subentry), true);
while ($subentry = @ldap_next_entry($this->_link, $subentry)) {
$this->delete(@ldap_get_dn($this->_link, $subentry), true);
}
}
}
// Delete the DN
if (false == @ldap_delete($this->_link, $dn)) {
$error = @ldap_errno($this->_link);
if ($error == 66) {
return PEAR::raiseError("Could not delete entry $dn because of subentries. Use the recursive param to delete them.");
} else {
return PEAR::raiseError("Could not delete entry $dn: " .
$this->errorMessage($error), $error);
}
}
return true;
}
/**
* Modify an ldapentry directly on the server
*
* This one takes the DN or a Net_LDAP_Entry object and an array of actions.
* This array should be something like this:
*
* array('add' => array('attribute1' => array('val1', 'val2'),
* 'attribute2' => array('val1')),
* 'delete' => array('attribute1'),
* 'replace' => array('attribute1' => array('val1')),
* 'changes' => array('add' => ...,
* 'replace' => ...,
* 'delete' => array('attribute1', 'attribute2' => array('val1')))
*
* The changes array is there so the order of operations can be influenced
* (the operations are done in order of appearance).
* The order of execution is as following:
* 1. adds from 'add' array
* 2. deletes from 'delete' array
* 3. replaces from 'replace' array
* 4. changes (add, replace, delete) in order of appearance
* All subarrays (add, replace, delete, changes) may be given at the same time.
*
* The function calls the corresponding functions of an Net_LDAP_Entry
* object. A detailed description of array structures can be found there.
*
* Unlike the modification methods provided by the Net_LDAP_Entry object,
* this method will instantly carry out an update() after each operation,
* thus modifying "directly" on the server.
*
* @param string|Net_LDAP_Entry &$entry DN-string or Net_LDAP_Entry
* @param array $parms Array of changes
*
* @access public
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function modify(&$entry , $parms = array())
{
if (is_string($entry)) {
$entry = $this->getEntry($entry);
if (Net_LDAP::isError($entry)) {
return $entry;
}
}
if (!is_a($entry, 'Net_LDAP_Entry')) {
return PEAR::raiseError("Parameter is not a string nor an entry object!");
}
foreach (array('add', 'delete', 'replace') as $action) {
if (isset($parms[$action])) {
$msg = $entry->$action($parms[$action]);
if (Net_LDAP::isError($msg)) {
return $msg;
}
$entry->setLDAP($this);
$msg = $entry->update();
if (Net_LDAP::isError($msg)) {
return PEAR::raiseError("Could not modify entry: ".$msg->getMessage());
}
}
}
if (isset($parms['changes']) && is_array($parms['changes'])) {
foreach ($parms['changes'] as $action => $value) {
$msg = $this->modify($entry, array($action => $value));
if (Net_LDAP::isError($msg)) {
return $msg;
}
}
}
return true;
}
/**
* Run a ldap query
*
* Search is used to query the ldap-database.
* $base and $filter may be ommitted.The one from config will then be used.
* Params may contain:
*
* scope: The scope which will be used for searching
* base - Just one entry
* sub - The whole tree
* one - Immediately below $base
* sizelimit: Limit the number of entries returned (default: 0 = unlimited),
* timelimit: Limit the time spent for searching (default: 0 = unlimited),
* attrsonly: If true, the search will only return the attribute names,
* attributes: Array of attribute names, which the entry should contain.
* It is good practice to limit this to just the ones you need.
* [NOT IMPLEMENTED]
* deref: By default aliases are dereferenced to locate the base object for the search, but not when
* searching subordinates of the base object. This may be changed by specifying one of the
* following values:
*
* never - Do not dereference aliases in searching or in locating the base object of the search.
* search - Dereference aliases in subordinates of the base object in searching, but not in
* locating the base object of the search.
* find
* always
*
* Please note, that you cannot override server side limitations to sizelimit
* and timelimit: You can always only lower a given limit.
*
* @param string $base LDAP searchbase
* @param string|Net_LDAP_Filter $filter LDAP search filter or a Net_LDAP_Filter object
* @param array $params Array of options
*
* @access public
* @return Net_LDAP_Search|Net_LDAP_Error Net_LDAP_Search object or Net_LDAP_Error object
*/
function search($base = null, $filter = null, $params = array())
{
if (is_null($base)) {
$base = $this->_config['basedn'];
}
if (is_null($filter)) {
$filter = $this->_config['filter'];
}
if (is_a($filter, 'Net_LDAP_Filter')) {
$filter = $filter->asString(); // convert Net_LDAP_Filter to string representation
}
if (PEAR::isError($filter)) {
return $filter;
}
/* setting searchparameters */
$sizelimit = isset($params['sizelimit']) ? $params['sizelimit'] : 0;
$timelimit = isset($params['timelimit']) ? $params['timelimit'] : 0;
$attrsonly = isset($params['attrsonly']) ? $params['attrsonly'] : 0;
$attributes = isset($params['attributes'])? $params['attributes'] : array();
// Ensure $attributes to be an array in case only one
// attribute name was given as string
if (!is_array($attributes)) {
$attributes = array($attributes);
}
// reorganize the $attributes array index keys
// sometimes there are problems with not consecutive indexes
$attributes = array_values($attributes);
// scoping makes searches faster!
$scope = (isset($params['scope']) ? $params['scope'] : $this->_config['scope']);
switch ($scope) {
case 'one':
$search_function = 'ldap_list';
break;
case 'base':
$search_function = 'ldap_read';
break;
default:
$search_function = 'ldap_search';
}
$search = @call_user_func($search_function,
$this->_link,
$base,
$filter,
$attributes,
$attrsonly,
$sizelimit,
$timelimit);
if ($err = @ldap_errno($this->_link)) {
if ($err == 32) {
// Errorcode 32 = no such object, i.e. a nullresult.
return $obj = & new Net_LDAP_Search ($search, $this, $attributes);
} elseif ($err == 4) {
// Errorcode 4 = sizelimit exeeded.
return $obj = & new Net_LDAP_Search ($search, $this, $attributes);
} elseif ($err == 87) {
// bad search filter
return $this->raiseError($this->errorMessage($err) . "($filter)", $err);
} else {
$msg = "\nParameters:\nBase: $base\nFilter: $filter\nScope: $scope";
return $this->raiseError($this->errorMessage($err) . $msg, $err);
}
} else {
return $obj = & new Net_LDAP_Search($search, $this, $attributes);
}
}
/**
* Set an LDAP option
*
* @param string $option Option to set
* @param mixed $value Value to set Option to
*
* @access public
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function setOption($option, $value)
{
if ($this->_link) {
if (defined($option)) {
if (@ldap_set_option($this->_link, constant($option), $value)) {
return true;
} else {
$err = @ldap_errno($this->_link);
if ($err) {
$msg = @ldap_err2str($err);
} else {
$err = NET_LDAP_ERROR;
$msg = $this->errorMessage($err);
}
return $this->raiseError($msg, $err);
}
} else {
return $this->raiseError("Unkown Option requested");
}
} else {
return $this->raiseError("Could not set LDAP option: No LDAP connection");
}
}
/**
* Get an LDAP option value
*
* @param string $option Option to get
*
* @access public
* @return Net_LDAP_Error|string Net_LDAP_Error or option value
*/
function getOption($option)
{
if ($this->_link) {
if (defined($option)) {
if (@ldap_get_option($this->_link, constant($option), $value)) {
return $value;
} else {
$err = @ldap_errno($this->_link);
if ($err) {
$msg = @ldap_err2str($err);
} else {
$err = NET_LDAP_ERROR;
$msg = $this->errorMessage($err);
}
return $this->raiseError($msg, $err);
}
} else {
$this->raiseError("Unkown Option requested");
}
} else {
$this->raiseError("No LDAP connection");
}
}
/**
* Get the LDAP_PROTOCOL_VERSION that is used on the connection.
*
* A lot of ldap functionality is defined by what protocol version the ldap server speaks.
* This might be 2 or 3.
*
* @return int
*/
function getLDAPVersion()
{
if ($this->_link) {
$version = $this->getOption("LDAP_OPT_PROTOCOL_VERSION");
} else {
$version = $this->_config['version'];
}
return $version;
}
/**
* Set the LDAP_PROTOCOL_VERSION that is used on the connection.
*
* @param int $version LDAP-version that should be used
*
* @return Net_LDAP_Error|true Net_LDAP_Error object or true
*/
function setLDAPVersion($version = 0)
{
if (!$version) {
$version = $this->_config['version'];
}
return $this->setOption("LDAP_OPT_PROTOCOL_VERSION", $version);
}
/**
* Tell if a DN does exist in the directory
*
* @param string $dn The DN of the object to test
*
* @return boolean|Net_LDAP_Error
*/
function dnExists($dn)
{
if (!is_string($dn)) {
return PEAR::raiseError('$dn is expected to be a string but is '.gettype($dn).' '.get_class($dn));
}
// make dn relative to parent
$base = Net_LDAP_Util::ldap_explode_dn($dn, array('casefold' => 'none', 'reverse' => false, 'onlyvalues' => false));
if (Net_LDAP::isError($base)) {
return $base;
}
$entry_rdn = array_shift($base);
if (is_array($entry_rdn)) {
// maybe the dn consist of a multivalued RDN, we must build the dn in this case
// because the $entry_rdn is an array!
$filter_dn = Net_LDAP_Util::canonical_dn($entry_rdn);
}
$base = Net_LDAP_Util::canonical_dn($base);
$result = @ldap_list($this->_link, $base, $entry_rdn, array(), 1, 1);
if (@ldap_count_entries($this->_link, $result)) {
return true;
}
if (ldap_errno($this->_link) == 32) {
return false;
}
if (ldap_errno($this->_link) != 0) {
return PEAR::raiseError(ldap_error($this->_link), ldap_errno($this->_link));
}
return false;
}
/**
* Get a specific entry based on the DN
*
* @param string $dn DN of the entry that should be fetched
* @param array $attr Array of Attributes to select
*
* @return Net_LDAP_Entry|Net_LDAP_Error Reference to a Net_LDAP_Entry object or Net_LDAP_Error object
* @todo Maybe check against the shema should be done to be sure the attribute type exists
*/
function &getEntry($dn, $attr = array())
{
if (!is_array($attr)) {
$attr = array($attr);
}
$result = $this->search($dn, '(objectClass=*)',
array('scope' => 'base', 'attributes' => $attr));
if (Net_LDAP::isError($result)) {
return $result;
} elseif ($result->count() == 0) {
return PEAR::raiseError('Could not fetch entry '.$dn.': no entry found');
}
$entry = $result->shiftEntry();
if (false == $entry) {
return PEAR::raiseError('Could not fetch entry (error retrieving entry from search result)');
}
return $entry;
}
/**
* Rename or move an entry
*
* This method will instantly carry out an update() after the move,
* so the entry is moved instantly.
* You can pass an optional Net_LDAP object. In this case, a cross directory
* move will be performed which deletes the entry in the source (THIS) directory
* and adds it in the directory $target_ldap.
* A cross directory move will switch the Entrys internal LDAP reference so
* updates to the entry will go to the new directory.
*
* Note that if you want to do a cross directory move, you need to
* pass an Net_LDAP_Entry object, otherwise the attributes will be empty.
*
* @param string|Net_LDAP_Entry &$entry Entry DN or Entry object
* @param string $newdn New location
* @param Net_LDAP $target_ldap (optional) Target directory for cross server move; should be passed via reference
*
* @return Net_LDAP_Error|true
*/
function move(&$entry, $newdn, $target_ldap = null)
{
if (is_string($entry)) {
$entry_o = $this->getEntry($entry);
} else {
$entry_o =& $entry;
}
if (!is_a($entry_o, 'Net_LDAP_Entry')) {
return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP_Entry object! (If DN was passed, conversion failed)');
}
if (null !== $target_ldap && !is_a($target_ldap, 'Net_LDAP')) {
return PEAR::raiseError('Parameter $target_ldap is expected to be a Net_LDAP object!');
}
if ($target_ldap && $target_ldap !== $this) {
// cross directory move
if (is_string($entry)) {
return PEAR::raiseError('Unable to perform cross directory move: operation requires a Net_LDAP_Entry object');
}
if ($target_ldap->dnExists($newdn)) {
return PEAR::raiseError('Unable to perform cross directory move: entry does exist in target directory');
}
$entry_o->dn($newdn);
$res = $target_ldap->add($entry_o);
if (Net_LDAP::isError($res)) {
return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in target directory');
}
$res = $this->delete($entry_o->currentDN());
if (Net_LDAP::isError($res)) {
$res2 = $target_ldap->delete($entry_o); // undo add
if (Net_LDAP::isError($res2)) {
$add_error_string = 'Additionally, the deletion (undo add) of $entry in target directory failed.';
}
return PEAR::raiseError('Unable to perform cross directory move: '.$res->getMessage().' in source directory. '.$add_error_string);
}
$entry_o->setLDAP($target_ldap);
return true;
} else {
// local move
$entry_o->dn($newdn);
$entry_o->setLDAP($this);
return $entry_o->update();
}
}
/**
* Copy an entry to a new location
*
* The entry will be immediately copied.
* Please note that only attributes you have
* selected will be copied.
*
* @param Net_LDAP_Entry &$entry Entry object
* @param string $newdn New FQF-DN of the entry
*
* @return Net_LDAP_Error|Net_LDAP_Entry Error Message or reference to the copied entry
*/
function ©(&$entry, $newdn)
{
if (!is_a($entry, 'Net_LDAP_Entry')) {
return PEAR::raiseError('Parameter $entry is expected to be a Net_LDAP_Entry object!');
}
$newentry = Net_LDAP_Entry::createFresh($newdn, $entry->getValues());
$result = $this->add($newentry);
if (is_a($result, 'Net_LDAP_Error')) {
return $result;
} else {
return $newentry;
}
}
/**
* Returns the string for an ldap errorcode.
*
* Made to be able to make better errorhandling
* Function based on DB::errorMessage()
* Tip: The best description of the errorcodes is found here:
* http://www.directory-info.com/LDAP/LDAPErrorCodes.html
*
* @param int $errorcode Error code
*
* @return string The errorstring for the error.
*/
function errorMessage($errorcode)
{
$errorMessages = array(
0x00 => "LDAP_SUCCESS",
0x01 => "LDAP_OPERATIONS_ERROR",
0x02 => "LDAP_PROTOCOL_ERROR",
0x03 => "LDAP_TIMELIMIT_EXCEEDED",
0x04 => "LDAP_SIZELIMIT_EXCEEDED",
0x05 => "LDAP_COMPARE_FALSE",
0x06 => "LDAP_COMPARE_TRUE",
0x07 => "LDAP_AUTH_METHOD_NOT_SUPPORTED",
0x08 => "LDAP_STRONG_AUTH_REQUIRED",
0x09 => "LDAP_PARTIAL_RESULTS",
0x0a => "LDAP_REFERRAL",
0x0b => "LDAP_ADMINLIMIT_EXCEEDED",
0x0c => "LDAP_UNAVAILABLE_CRITICAL_EXTENSION",
0x0d => "LDAP_CONFIDENTIALITY_REQUIRED",
0x0e => "LDAP_SASL_BIND_INPROGRESS",
0x10 => "LDAP_NO_SUCH_ATTRIBUTE",
0x11 => "LDAP_UNDEFINED_TYPE",
0x12 => "LDAP_INAPPROPRIATE_MATCHING",
0x13 => "LDAP_CONSTRAINT_VIOLATION",
0x14 => "LDAP_TYPE_OR_VALUE_EXISTS",
0x15 => "LDAP_INVALID_SYNTAX",
0x20 => "LDAP_NO_SUCH_OBJECT",
0x21 => "LDAP_ALIAS_PROBLEM",
0x22 => "LDAP_INVALID_DN_SYNTAX",
0x23 => "LDAP_IS_LEAF",
0x24 => "LDAP_ALIAS_DEREF_PROBLEM",
0x30 => "LDAP_INAPPROPRIATE_AUTH",
0x31 => "LDAP_INVALID_CREDENTIALS",
0x32 => "LDAP_INSUFFICIENT_ACCESS",
0x33 => "LDAP_BUSY",
0x34 => "LDAP_UNAVAILABLE",
0x35 => "LDAP_UNWILLING_TO_PERFORM",
0x36 => "LDAP_LOOP_DETECT",
0x3C => "LDAP_SORT_CONTROL_MISSING",
0x3D => "LDAP_INDEX_RANGE_ERROR",
0x40 => "LDAP_NAMING_VIOLATION",
0x41 => "LDAP_OBJECT_CLASS_VIOLATION",
0x42 => "LDAP_NOT_ALLOWED_ON_NONLEAF",
0x43 => "LDAP_NOT_ALLOWED_ON_RDN",
0x44 => "LDAP_ALREADY_EXISTS",
0x45 => "LDAP_NO_OBJECT_CLASS_MODS",
0x46 => "LDAP_RESULTS_TOO_LARGE",
0x47 => "LDAP_AFFECTS_MULTIPLE_DSAS",
0x50 => "LDAP_OTHER",
0x51 => "LDAP_SERVER_DOWN",
0x52 => "LDAP_LOCAL_ERROR",
0x53 => "LDAP_ENCODING_ERROR",
0x54 => "LDAP_DECODING_ERROR",
0x55 => "LDAP_TIMEOUT",
0x56 => "LDAP_AUTH_UNKNOWN",
0x57 => "LDAP_FILTER_ERROR",
0x58 => "LDAP_USER_CANCELLED",
0x59 => "LDAP_PARAM_ERROR",
0x5a => "LDAP_NO_MEMORY",
0x5b => "LDAP_CONNECT_ERROR",
0x5c => "LDAP_NOT_SUPPORTED",
0x5d => "LDAP_CONTROL_NOT_FOUND",
0x5e => "LDAP_NO_RESULTS_RETURNED",
0x5f => "LDAP_MORE_RESULTS_TO_RETURN",
0x60 => "LDAP_CLIENT_LOOP",
0x61 => "LDAP_REFERRAL_LIMIT_EXCEEDED",
1000 => "Unknown Net_LDAP Error"
);
return isset($errorMessages[$errorcode]) ?
$errorMessages[$errorcode] :
$errorMessages[NET_LDAP_ERROR] . ' (' . $errorcode . ')';
}
/**
* Tell whether variable is a Net_LDAP_Error or not
*
* @param mixed $var A variable, most commonly some Net_LDAP* object
*
* @access public
* @return boolean
*/
function isError($var)
{
return (is_a($var, "Net_LDAP_Error") || parent::isError($var));
}
/**
* Gets a rootDSE object
*
* @param array $attrs Array of attributes to search for
*
* @access public
* @author Jan Wagner
* $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));
*
*
* @param array $attributes Array of attributes
*
* @access public
* @return array|Net_LDAP_Error Array of UTF8 encoded attributes or Error
*/
function utf8Encode($attributes)
{
return $this->_utf8($attributes, 'utf8_encode');
}
/**
* Decodes the given attribute values if needed by schema
*
* $attributes is expected to be an array with keys describing
* the attribute names and the values as the value of this attribute:
*
* $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));
*
*
* @param array $attributes Array of attributes
*
* @access public
* @see utf8Encode()
* @return array|Net_LDAP_Error Array with decoded attribute values or Error
*/
function utf8Decode($attributes)
{
return $this->_utf8($attributes, 'utf8_decode');
}
/**
* Encodes or decodes attribute values if needed
*
* @param array $attributes Array of attributes
* @param array $function Function to apply to attribute values
*
* @access private
* @return array|Net_LDAP_Error Array of attributes with function
* applied to values or Error
*/
function _utf8($attributes, $function)
{
if (!is_array($attributes) || array_key_exists(0, $attributes)) {
$msg = 'Parameter $attributes is expected to be an associative array';
return PEAR::raiseError($msg);
}
if (!$this->_schema) {
$this->_schema = $this->schema();
}
if (!$this->_link || Net_LDAP::isError($this->_schema)
|| !function_exists($function)) {
return $attributes;
}
if (is_array($attributes) && count($attributes) > 0) {
foreach ($attributes as $k => $v) {
if (!isset($this->_schemaAttrs[$k])) {
$attr = $this->_schema->get('attribute', $k);
if (Net_LDAP::isError($attr)) {
continue;
}
$haystack = '1.3.6.1.4.1.1466.115.121.1.15';
if (false !== strpos($attr['syntax'], $haystack)) {
$encode = true;
} else {
$encode = false;
}
$this->_schemaAttrs[$k] = $encode;
} else {
$encode = $this->_schemaAttrs[$k];
}
if ($encode) {
if (is_array($v)) {
foreach ($v as $ak => $av) {
$v[$ak] = call_user_func($function, $av);
}
} else {
$v = call_user_func($function, $v);
}
}
$attributes[$k] = $v;
}
}
return $attributes;
}
/**
* Get the LDAP link
*
* @access public
* @return resource LDAP link
*/
function &getLink()
{
return $this->_link;
}
}
/**
* Net_LDAP_Error implements a class for reporting portable LDAP error messages.
*
* @category Net
* @package Net_LDAP
* @author Tarjej Huse