1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
11 return $result;
12 }
15 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
16 {
17 $ui= session::global_get('ui');
18 $config= session::global_get('config');
20 // Move to arrays for category and objectStorage
21 if (!is_array($category)) {
22 $category= array($category);
23 }
25 // Store in base - i.e. is a rdn value empty?
26 $storeOnBase= count($objectStorage) == 1 && empty($objectStorage[0]);
28 $method= ($storeOnBase && !($flags & GL_SUBSEARCH))?"ls":"search";
30 // Initialize search bases
31 $bases= array();
33 // Get list of sub bases to search on
34 if ($storeOnBase) {
35 $bases[$base]= "";
36 } else {
37 foreach ($objectStorage as $oc) {
38 $oc= preg_replace('/,$/', '', $oc);
39 $tmp= explode(',', $oc);
40 if (count($tmp) == 1) {
41 preg_match('/([^=]+)=(.*)$/', $oc, $m);
42 if ($flags & GL_SUBSEARCH) {
43 $bases[$base][]= $m[1].":dn:=".$m[2];
44 } else {
45 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
46 }
47 } else {
48 // No, there's no \, in pre defined RDN values
49 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
50 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
51 if ($flags & GL_SUBSEARCH) {
52 $bases[$base][]= $m[1].":dn:=".$m[2];
53 } else {
54 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
55 }
56 }
57 }
58 }
60 // Get LDAP link
61 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
63 // Do search for every base
64 $result= array();
65 $limit_exceeded = FALSE;
66 foreach($bases as $base => $dnFilters) {
68 // Break if the size limit is exceeded
69 if($limit_exceeded){
70 return($result);
71 }
73 // Switch to new base and search
74 if (is_array($dnFilters)){
75 $dnFilter= "(|";
76 foreach ($dnFilters as $df) {
77 $dnFilter.= "($df)";
78 }
79 $dnFilter.= ")";
80 } else {
81 $dnFilter= "";
82 }
83 $ldap->cd($base);
84 if ($method == "ls") {
85 $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
86 } else {
87 $ldap->search("(&$filter$dnFilter)", $attributes);
88 }
90 // Check for size limit exceeded messages for GUI feedback
91 if (preg_match("/size limit/i", $ldap->get_error())){
92 session::set('limit_exceeded', TRUE);
93 $limit_exceeded = TRUE;
94 }
96 /* Crawl through result entries and perform the migration to the
97 result array */
98 while($attrs = $ldap->fetch()) {
99 $dn= $ldap->getDN();
101 /* Convert dn into a printable format */
102 if ($flags & GL_CONVERT){
103 $attrs["dn"]= convert_department_dn($dn);
104 } else {
105 $attrs["dn"]= $dn;
106 }
108 /* Skip ACL checks if we are forced to skip those checks */
109 if($flags & GL_NO_ACL_CHECK){
110 $result[]= $attrs;
111 }else{
113 /* Sort in every value that fits the permissions */
114 foreach ($category as $o){
115 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
116 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
117 $result[]= $attrs;
118 break;
119 }
120 }
121 }
122 }
124 }
126 return $result;
127 }
130 }
132 ?>