12983d7980b10985ddfbed8b216444280a41ec93
1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "", $objectBase= "")
6 {
7 global $config;
9 echo "Base: $base<br>";
10 echo "Scope: $scope<br>";
11 echo "filter: $filter<br>";
12 print_a($attributes);
14 $ldap= $config->get_ldap_link(TRUE);
16 $result= filterLDAP::get_list($base, $scope, $filter, $attributes,
17 $category, $objectStorage, $objectBase,
18 GL_SUBSEARCH | GL_SIZELIMIT);
19 return $result;
20 }
23 static function get_list($base, $scope, $filter, $attributes, $category,
24 $objectStorage= array(), $objectBase= "", $flags= GL_SUBSEARCH)
25 {
26 global $config, $ui;
27 $departments= array();
29 /* Get LDAP link */
30 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
32 /* If we do no subsearch, adapt */
33 if ($scope != "sub") {
34 if ($objectBase != "") {
35 $base= preg_replace('/,$/', '', $objectBase).",".$base;
36 } elseif (is_string($objectStorage)) {
37 $base= preg_replace('/,$/', '', $objectStorage).",".$base;
38 }
39 }
41 /* Set search base to configured base if $base is empty */
42 if ($base == ""){
43 $base = $config->current['BASE'];
44 }
45 $ldap->cd ($base);
47 /* Ensure we have an array as storage list */
48 if(is_string($objectStorage)){
49 $objectStorage = array($objectStorage);
50 }
52 /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
53 $sub_bases = array();
54 foreach($objectStorage as $key => $sub_base){
55 if(empty($sub_base)){
57 /* Subsearch is activated and we got an empty sub_base.
58 * (This may be the case if you have empty people/group ous).
59 * Fall back to old get_list().
60 * A log entry will be written. */
61 if($flags & GL_SUBSEARCH){
62 $sub_bases = array();
63 break;
64 }else{
66 /* Do NOT search within subtrees is requested and the sub base is empty.
67 * Append all known departments that matches the base. */
68 $departments[$base] = $base;
69 }
70 }else{
71 $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
72 }
73 }
75 // If there is no sub_department specified, fall back to old method, get_list().
76 if(!count($sub_bases) && !count($departments)){
78 // Log this fall back, it may be an unpredicted behaviour.
79 if(!count($sub_bases) && !count($departments)){
80 new log("debug","all",__FILE__,$attributes,
81 sprintf("filterLDAP::get_list(): falling back to filterLDAP::get_list_old() because objectStorage is empty.".
82 " This may slow down GOsa. Filter was: '%s'", $filter));
83 }
84 return (ldapFILTER::get_list_old($filter, $category,$base,$attributes,$flags));
85 }
87 /* Get all deparments matching the given sub_bases */
88 $base_filter= "";
89 foreach($sub_bases as $sub_base){
90 $base_filter .= "(".$sub_base.")";
91 }
92 $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
93 $ldap->search($base_filter, array("dn"));
94 while($attrs = $ldap->fetch()){
95 foreach($objectStorage as $sub_dep){
97 /* Only add those departments that match the reuested list of departments.
98 *
99 * e.g. sub_deps = array("ou=servers,ou=systems,");
100 *
101 * In this case we have search for "ou=servers" and we may have also fetched
102 * departments like this "ou=servers,ou=blafasel,..."
103 * Here we filter out those blafasel departments.
104 */
105 if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){
106 $departments[$attrs['dn']] = $attrs['dn'];
107 break;
108 }
109 }
110 }
112 $result= array();
113 $limit_exceeded = FALSE;
115 /* Search in all matching departments */
116 foreach($departments as $dep){
118 /* Break if the size limit is exceeded */
119 if($limit_exceeded){
120 return($result);
121 }
123 $ldap->cd($dep);
125 /* Perform ONE or SUB scope searches? */
126 if ($flags & GL_SUBSEARCH) {
127 $ldap->search ($filter, $attributes);
128 } else {
129 $ldap->ls ($filter,$dep,$attributes);
130 }
132 /* Check for size limit exceeded messages for GUI feedback */
133 if (preg_match("/size limit/i", $ldap->get_error())){
134 session::set('limit_exceeded', TRUE);
135 $limit_exceeded = TRUE;
136 }
138 /* Crawl through result entries and perform the migration to the
139 result array */
140 while($attrs = $ldap->fetch()) {
141 $dn= $ldap->getDN();
143 /* Convert dn into a printable format */
144 if ($flags & GL_CONVERT){
145 $attrs["dn"]= convert_department_dn($dn);
146 } else {
147 $attrs["dn"]= $dn;
148 }
150 /* Skip ACL checks if we are forced to skip those checks */
151 if($flags & GL_NO_ACL_CHECK){
152 $result[]= $attrs;
153 }else{
155 /* Sort in every value that fits the permissions */
156 if (!is_array($category)){
157 $category = array($category);
158 }
159 foreach ($category as $o){
160 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
161 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
162 $result[]= $attrs;
163 break;
164 }
165 }
166 }
167 }
168 }
170 return($result);
171 }
174 function get_list_old($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
175 {
176 global $config, $ui;
178 /* Get LDAP link */
179 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
181 /* Set search base to configured base if $base is empty */
182 if ($base == ""){
183 $ldap->cd ($config->current['BASE']);
184 } else {
185 $ldap->cd ($base);
186 }
188 /* Perform ONE or SUB scope searches? */
189 if ($flags & GL_SUBSEARCH) {
190 $ldap->search ($filter, $attributes);
191 } else {
192 $ldap->ls ($filter,$base,$attributes);
193 }
195 /* Check for size limit exceeded messages for GUI feedback */
196 if (preg_match("/size limit/i", $ldap->get_error())){
197 session::set('limit_exceeded', TRUE);
198 }
200 /* Crawl through reslut entries and perform the migration to the
201 result array */
202 $result= array();
203 while($attrs = $ldap->fetch()) {
205 $dn= $ldap->getDN();
207 /* Convert dn into a printable format */
208 if ($flags & GL_CONVERT){
209 $attrs["dn"]= convert_department_dn($dn);
210 } else {
211 $attrs["dn"]= $dn;
212 }
214 if($flags & GL_NO_ACL_CHECK){
215 $result[]= $attrs;
216 }else{
218 /* Sort in every value that fits the permissions */
219 if (!is_array($category)){
220 $category = array($category);
221 }
222 foreach ($category as $o){
223 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
224 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
225 $result[]= $attrs;
226 break;
227 }
228 }
229 }
230 }
232 return ($result);
233 }
235 }
237 ?>