1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
11 return $result;
12 }
15 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
16 {
17 $ui= session::global_get('ui');
18 $config= session::global_get('config');
20 // Move to arrays for category and objectStorage
21 if (!is_array($category)) {
22 $category= array($category);
23 }
24 if (!is_array($objectStorage)) {
25 $objectStorage= array($objectStorage);
26 }
28 // Initialize search bases
29 $bases= array();
31 // Get list of sub bases to search on
32 if (count($objectStorage) == 0) {
33 $bases[$base]= "";
34 } else {
35 foreach ($objectStorage as $oc) {
36 $oc= preg_replace('/,$/', '', $oc);
37 $tmp= split(',', $oc);
38 if (count($tmp) == 1) {
39 preg_match('/([^=]+)=(.*)$/', $oc, $m);
40 if ($flags & GL_SUBSEARCH) {
41 $bases[$base][]= $m[1].":dn:=".$m[2];
42 } else {
43 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
44 }
45 } else {
46 // No, there's no \, in pre defined RDN values
47 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
48 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
49 if ($flags & GL_SUBSEARCH) {
50 $bases[$base][]= $m[1].":dn:=".$m[2];
51 } else {
52 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
53 }
54 }
55 }
56 }
58 // Get LDAP link
59 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
61 // Do search for every base
62 $result= array();
63 $limit_exceeded = FALSE;
64 foreach($bases as $base => $dnFilters) {
66 // Break if the size limit is exceeded
67 if($limit_exceeded){
68 return($result);
69 }
71 // Switch to new base and search
72 $ldap->cd($base);
73 if (is_array($dnFilters)){
74 $dnFilter= "(|";
75 foreach ($dnFilters as $df) {
76 $dnFilter.= "($df)";
77 }
78 $dnFilter.= ")";
79 } else {
80 $dnFilter= "";
81 }
82 $ldap->search ("(&$filter$dnFilter)", $attributes);
84 // Check for size limit exceeded messages for GUI feedback
85 if (preg_match("/size limit/i", $ldap->get_error())){
86 session::set('limit_exceeded', TRUE);
87 $limit_exceeded = TRUE;
88 }
90 /* Crawl through result entries and perform the migration to the
91 result array */
92 while($attrs = $ldap->fetch()) {
93 $dn= $ldap->getDN();
95 /* Convert dn into a printable format */
96 if ($flags & GL_CONVERT){
97 $attrs["dn"]= convert_department_dn($dn);
98 } else {
99 $attrs["dn"]= $dn;
100 }
102 /* Skip ACL checks if we are forced to skip those checks */
103 if($flags & GL_NO_ACL_CHECK){
104 $result[]= $attrs;
105 }else{
107 /* Sort in every value that fits the permissions */
108 foreach ($category as $o){
109 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
110 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
111 $result[]= $attrs;
112 break;
113 }
114 }
115 }
116 }
118 }
120 return $result;
121 }
124 }
126 ?>