53084d28a2463c119143d842c47c24838d3ecf1e
1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
11 return $result;
12 }
15 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
16 {
17 global $ui;
18 global $config;
20 // Move to arrays for category and objectStorage
21 if (!is_array($category)) {
22 $category= array($category);
23 }
24 if (!is_array($objectStorage)) {
25 $objectStorage= array($objectStorage);
26 }
28 // Initialize search bases
29 $bases= array();
31 // Get list of sub bases to search on
32 foreach ($objectStorage as $oc) {
33 $oc= preg_replace('/,$/', '', $oc);
34 $tmp= split(',', $oc);
35 if (count($tmp) == 1) {
36 preg_match('/([^=]+)=(.*)$/', $oc, $m);
37 if ($flags & GL_SUBSEARCH) {
38 $bases[$base][]= $m[1].":dn:=".$m[2];
39 } else {
40 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
41 }
42 } else {
43 // No, there's no \, in pre defined RDN values
44 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
45 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
46 if ($flags & GL_SUBSEARCH) {
47 $bases[$base][]= $m[1].":dn:=".$m[2];
48 } else {
49 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
50 }
51 }
52 }
54 // Get LDAP link
55 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
57 // Do search for every base
58 $result= array();
59 $limit_exceeded = FALSE;
60 foreach($bases as $base => $dnFilters) {
62 // Break if the size limit is exceeded
63 if($limit_exceeded){
64 return($result);
65 }
67 // Switch to new base and search
68 $ldap->cd($base);
69 $dnFilter= "(|";
70 foreach ($dnFilters as $df) {
71 $dnFilter.= "($df)";
72 }
73 $dnFilter.= ")";
74 $ldap->search ("(&$filter$dnFilter)", $attributes);
76 // Check for size limit exceeded messages for GUI feedback
77 if (preg_match("/size limit/i", $ldap->get_error())){
78 session::set('limit_exceeded', TRUE);
79 $limit_exceeded = TRUE;
80 }
82 /* Crawl through result entries and perform the migration to the
83 result array */
84 while($attrs = $ldap->fetch()) {
85 $dn= $ldap->getDN();
87 /* Convert dn into a printable format */
88 if ($flags & GL_CONVERT){
89 $attrs["dn"]= convert_department_dn($dn);
90 } else {
91 $attrs["dn"]= $dn;
92 }
94 /* Skip ACL checks if we are forced to skip those checks */
95 if($flags & GL_NO_ACL_CHECK){
96 $result[]= $attrs;
97 }else{
99 /* Sort in every value that fits the permissions */
100 foreach ($category as $o){
101 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
102 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
103 $result[]= $attrs;
104 break;
105 }
106 }
107 }
108 }
110 }
112 return $result;
113 }
116 }
118 ?>