1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "", $objectBase= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $result= filterLDAP::get_list($base, $scope, $filter, $attributes,
10 $category, $objectStorage, $objectBase,
11 GL_SUBSEARCH | GL_SIZELIMIT);
12 return $result;
13 }
16 static function get_list($base, $scope, $filter, $attributes, $category,
17 $objectStorage= array(), $objectBase= "", $flags= GL_SUBSEARCH)
18 {
19 $config= session::global_get('config');
20 $ui= session::global_get('ui');
21 $departments= array();
23 /* Get LDAP link */
24 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
26 /* If we do no subsearch, adapt */
27 if ($scope != "sub") {
28 if ($objectBase != "") {
29 $base= preg_replace('/,$/', '', $objectBase).",".$base;
30 } elseif (is_string($objectStorage)) {
31 $base= preg_replace('/,$/', '', $objectStorage).",".$base;
32 }
33 }
35 /* Set search base to configured base if $base is empty */
36 if ($base == ""){
37 $base = $config->current['BASE'];
38 }
39 $ldap->cd ($base);
41 /* Ensure we have an array as storage list */
42 if(is_string($objectStorage)){
43 $objectStorage = array($objectStorage);
44 }
46 /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
47 $sub_bases = array();
48 foreach($objectStorage as $key => $sub_base){
49 if(empty($sub_base)){
51 /* Subsearch is activated and we got an empty sub_base.
52 * (This may be the case if you have empty people/group ous).
53 * Fall back to old get_list().
54 * A log entry will be written. */
55 if($flags & GL_SUBSEARCH){
56 $sub_bases = array();
57 break;
58 }else{
60 /* Do NOT search within subtrees is requested and the sub base is empty.
61 * Append all known departments that matches the base. */
62 $departments[$base] = $base;
63 }
64 }else{
65 $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
66 }
67 }
69 // If there is no sub_department specified, fall back to old method, get_list().
70 if(!count($sub_bases) && !count($departments)){
72 // Log this fall back, it may be an unpredicted behaviour.
73 if(!count($sub_bases) && !count($departments)){
74 new log("debug","all",__FILE__,$attributes,
75 sprintf("filterLDAP::get_list(): falling back to filterLDAP::get_list_old() because objectStorage is empty.".
76 " This may slow down GOsa. Filter was: '%s'", $filter));
77 }
78 return (ldapFILTER::get_list_old($filter, $category,$base,$attributes,$flags));
79 }
81 /* Get all deparments matching the given sub_bases */
82 $base_filter= "";
83 foreach($sub_bases as $sub_base){
84 $base_filter .= "(".$sub_base.")";
85 }
86 $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
87 $ldap->search($base_filter, array("dn"));
88 while($attrs = $ldap->fetch()){
89 foreach($objectStorage as $sub_dep){
91 /* Only add those departments that match the reuested list of departments.
92 *
93 * e.g. sub_deps = array("ou=servers,ou=systems,");
94 *
95 * In this case we have search for "ou=servers" and we may have also fetched
96 * departments like this "ou=servers,ou=blafasel,..."
97 * Here we filter out those blafasel departments.
98 */
99 if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){
100 $departments[$attrs['dn']] = $attrs['dn'];
101 break;
102 }
103 }
104 }
106 $result= array();
107 $limit_exceeded = FALSE;
109 /* Search in all matching departments */
110 foreach($departments as $dep){
112 /* Break if the size limit is exceeded */
113 if($limit_exceeded){
114 return($result);
115 }
117 $ldap->cd($dep);
119 /* Perform ONE or SUB scope searches? */
120 if ($flags & GL_SUBSEARCH) {
121 $ldap->search ($filter, $attributes);
122 } else {
123 $ldap->ls ($filter,$dep,$attributes);
124 }
126 /* Check for size limit exceeded messages for GUI feedback */
127 if (preg_match("/size limit/i", $ldap->get_error())){
128 session::set('limit_exceeded', TRUE);
129 $limit_exceeded = TRUE;
130 }
132 /* Crawl through result entries and perform the migration to the
133 result array */
134 while($attrs = $ldap->fetch()) {
135 $dn= $ldap->getDN();
137 /* Convert dn into a printable format */
138 if ($flags & GL_CONVERT){
139 $attrs["dn"]= convert_department_dn($dn);
140 } else {
141 $attrs["dn"]= $dn;
142 }
144 /* Skip ACL checks if we are forced to skip those checks */
145 if($flags & GL_NO_ACL_CHECK){
146 $result[]= $attrs;
147 }else{
149 /* Sort in every value that fits the permissions */
150 if (!is_array($category)){
151 $category = array($category);
152 }
153 foreach ($category as $o){
154 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
155 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
156 $result[]= $attrs;
157 break;
158 }
159 }
160 }
161 }
162 }
164 return($result);
165 }
168 function get_list_old($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
169 {
170 $config= session::global_get('config');
171 $ui= session::global_get('ui');
173 /* Get LDAP link */
174 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
176 /* Set search base to configured base if $base is empty */
177 if ($base == ""){
178 $ldap->cd ($config->current['BASE']);
179 } else {
180 $ldap->cd ($base);
181 }
183 /* Perform ONE or SUB scope searches? */
184 if ($flags & GL_SUBSEARCH) {
185 $ldap->search ($filter, $attributes);
186 } else {
187 $ldap->ls ($filter,$base,$attributes);
188 }
190 /* Check for size limit exceeded messages for GUI feedback */
191 if (preg_match("/size limit/i", $ldap->get_error())){
192 session::set('limit_exceeded', TRUE);
193 }
195 /* Crawl through reslut entries and perform the migration to the
196 result array */
197 $result= array();
198 while($attrs = $ldap->fetch()) {
200 $dn= $ldap->getDN();
202 /* Convert dn into a printable format */
203 if ($flags & GL_CONVERT){
204 $attrs["dn"]= convert_department_dn($dn);
205 } else {
206 $attrs["dn"]= $dn;
207 }
209 if($flags & GL_NO_ACL_CHECK){
210 $result[]= $attrs;
211 }else{
213 /* Sort in every value that fits the permissions */
214 if (!is_array($category)){
215 $category = array($category);
216 }
217 foreach ($category as $o){
218 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
219 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
220 $result[]= $attrs;
221 break;
222 }
223 }
224 }
225 }
226 return ($result);
227 }
229 }
231 ?>