1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
11 return $result;
12 }
15 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
16 {
17 $ui= session::global_get('ui');
18 $config= session::global_get('config');
20 // Move to arrays for category and objectStorage
21 if (!is_array($category)) {
22 $category= array($category);
23 }
24 if (!is_array($objectStorage)) {
25 $objectStorage= array($objectStorage);
26 }
27 $method= (empty($objectStorage) && !($flags & GL_SUBSEARCH))?"ls":"search";
29 // Initialize search bases
30 $bases= array();
32 // Get list of sub bases to search on
33 if (count($objectStorage) == 0) {
34 $bases[$base]= "";
35 } else {
36 foreach ($objectStorage as $oc) {
37 $oc= preg_replace('/,$/', '', $oc);
38 $tmp= split(',', $oc);
39 if (count($tmp) == 1) {
40 preg_match('/([^=]+)=(.*)$/', $oc, $m);
41 if ($flags & GL_SUBSEARCH) {
42 $bases[$base][]= $m[1].":dn:=".$m[2];
43 } else {
44 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
45 }
46 } else {
47 // No, there's no \, in pre defined RDN values
48 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
49 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
50 if ($flags & GL_SUBSEARCH) {
51 $bases[$base][]= $m[1].":dn:=".$m[2];
52 } else {
53 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
54 }
55 }
56 }
57 }
59 // Get LDAP link
60 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
62 // Do search for every base
63 $result= array();
64 $limit_exceeded = FALSE;
65 foreach($bases as $base => $dnFilters) {
67 // Break if the size limit is exceeded
68 if($limit_exceeded){
69 return($result);
70 }
72 // Switch to new base and search
73 if (is_array($dnFilters)){
74 $dnFilter= "(|";
75 foreach ($dnFilters as $df) {
76 $dnFilter.= "($df)";
77 }
78 $dnFilter.= ")";
79 } else {
80 $dnFilter= "";
81 }
82 $ldap->cd($base);
83 if ($method == "ls") {
84 $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
85 } else {
86 $ldap->search("(&$filter$dnFilter)", $attributes);
87 }
89 // Check for size limit exceeded messages for GUI feedback
90 if (preg_match("/size limit/i", $ldap->get_error())){
91 session::set('limit_exceeded', TRUE);
92 $limit_exceeded = TRUE;
93 }
95 /* Crawl through result entries and perform the migration to the
96 result array */
97 while($attrs = $ldap->fetch()) {
98 $dn= $ldap->getDN();
100 /* Convert dn into a printable format */
101 if ($flags & GL_CONVERT){
102 $attrs["dn"]= convert_department_dn($dn);
103 } else {
104 $attrs["dn"]= $dn;
105 }
107 /* Skip ACL checks if we are forced to skip those checks */
108 if($flags & GL_NO_ACL_CHECK){
109 $result[]= $attrs;
110 }else{
112 /* Sort in every value that fits the permissions */
113 foreach ($category as $o){
114 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
115 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
116 $result[]= $attrs;
117 break;
118 }
119 }
120 }
121 }
123 }
125 return $result;
126 }
129 }
131 ?>