1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "", $objectBase= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $scope, $filter, $attributes,
11 $category, $objectStorage, $objectBase,
12 $flag | GL_SIZELIMIT);
13 return $result;
14 }
17 static function get_list($base, $scope, $filter, $attributes, $category,
18 $objectStorage= array(), $objectBase= "", $flags= GL_SUBSEARCH)
19 {
20 $config= session::global_get('config');
21 $ui= session::global_get('ui');
22 $departments= array();
24 /* Get LDAP link */
25 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
27 /* If we do no subsearch, adapt */
28 if ($scope != "sub") {
29 if ($objectBase != "") {
30 $base= preg_replace('/,$/', '', $objectBase).",".$base;
31 } elseif (is_string($objectStorage)) {
32 $base= preg_replace('/,$/', '', $objectStorage).",".$base;
33 }
34 }
36 /* Set search base to configured base if $base is empty */
37 if ($base == ""){
38 $base = $config->current['BASE'];
39 }
40 $ldap->cd ($base);
42 /* Ensure we have an array as storage list */
43 if(is_string($objectStorage)){
44 $objectStorage = array($objectStorage);
45 }
47 /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
48 $sub_bases = array();
49 foreach($objectStorage as $key => $sub_base){
50 if(empty($sub_base)){
52 /* Subsearch is activated and we got an empty sub_base.
53 * (This may be the case if you have empty people/group ous).
54 * Fall back to old get_list().
55 * A log entry will be written. */
56 if($flags & GL_SUBSEARCH){
57 $sub_bases = array();
58 break;
59 }else{
61 /* Do NOT search within subtrees is requested and the sub base is empty.
62 * Append all known departments that matches the base. */
63 $departments[$base] = $base;
64 }
65 }else{
66 $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
67 }
68 }
70 // If there is no sub_department specified, fall back to old method, get_list().
71 if(!count($sub_bases) && !count($departments)){
73 // Log this fall back, it may be an unpredicted behaviour.
74 if(!count($sub_bases) && !count($departments)){
75 new log("debug","all",__FILE__,$attributes,
76 sprintf("filterLDAP::get_list(): falling back to filterLDAP::get_list_old() because objectStorage is empty.".
77 " This may slow down GOsa. Filter was: '%s'", $filter));
78 }
79 return (ldapFILTER::get_list_old($filter, $category,$base,$attributes,$flags));
80 }
82 /* Get all deparments matching the given sub_bases */
83 $base_filter= "";
84 foreach($sub_bases as $sub_base){
85 $base_filter .= "(".$sub_base.")";
86 }
87 $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
88 $ldap->search($base_filter, array("dn"));
89 while($attrs = $ldap->fetch()){
90 foreach($objectStorage as $sub_dep){
92 /* Only add those departments that match the reuested list of departments.
93 *
94 * e.g. sub_deps = array("ou=servers,ou=systems,");
95 *
96 * In this case we have search for "ou=servers" and we may have also fetched
97 * departments like this "ou=servers,ou=blafasel,..."
98 * Here we filter out those blafasel departments.
99 */
100 if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){
101 $departments[$attrs['dn']] = $attrs['dn'];
102 break;
103 }
104 }
105 }
107 $result= array();
108 $limit_exceeded = FALSE;
110 /* Search in all matching departments */
111 foreach($departments as $dep){
113 /* Break if the size limit is exceeded */
114 if($limit_exceeded){
115 return($result);
116 }
118 $ldap->cd($dep);
120 /* Perform ONE or SUB scope searches? */
121 if ($flags & GL_SUBSEARCH) {
122 $ldap->search ($filter, $attributes);
123 } else {
124 $ldap->ls ($filter,$dep,$attributes);
125 }
127 /* Check for size limit exceeded messages for GUI feedback */
128 if (preg_match("/size limit/i", $ldap->get_error())){
129 session::set('limit_exceeded', TRUE);
130 $limit_exceeded = TRUE;
131 }
133 /* Crawl through result entries and perform the migration to the
134 result array */
135 while($attrs = $ldap->fetch()) {
136 $dn= $ldap->getDN();
138 /* Convert dn into a printable format */
139 if ($flags & GL_CONVERT){
140 $attrs["dn"]= convert_department_dn($dn);
141 } else {
142 $attrs["dn"]= $dn;
143 }
145 /* Skip ACL checks if we are forced to skip those checks */
146 if($flags & GL_NO_ACL_CHECK){
147 $result[]= $attrs;
148 }else{
150 /* Sort in every value that fits the permissions */
151 if (!is_array($category)){
152 $category = array($category);
153 }
154 foreach ($category as $o){
155 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
156 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
157 $result[]= $attrs;
158 break;
159 }
160 }
161 }
162 }
163 }
165 return($result);
166 }
169 function get_list_old($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
170 {
171 $config= session::global_get('config');
172 $ui= session::global_get('ui');
174 /* Get LDAP link */
175 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
177 /* Set search base to configured base if $base is empty */
178 if ($base == ""){
179 $ldap->cd ($config->current['BASE']);
180 } else {
181 $ldap->cd ($base);
182 }
184 /* Perform ONE or SUB scope searches? */
185 if ($flags & GL_SUBSEARCH) {
186 $ldap->search ($filter, $attributes);
187 } else {
188 $ldap->ls ($filter,$base,$attributes);
189 }
191 /* Check for size limit exceeded messages for GUI feedback */
192 if (preg_match("/size limit/i", $ldap->get_error())){
193 session::set('limit_exceeded', TRUE);
194 }
196 /* Crawl through reslut entries and perform the migration to the
197 result array */
198 $result= array();
199 while($attrs = $ldap->fetch()) {
201 $dn= $ldap->getDN();
203 /* Convert dn into a printable format */
204 if ($flags & GL_CONVERT){
205 $attrs["dn"]= convert_department_dn($dn);
206 } else {
207 $attrs["dn"]= $dn;
208 }
210 if($flags & GL_NO_ACL_CHECK){
211 $result[]= $attrs;
212 }else{
214 /* Sort in every value that fits the permissions */
215 if (!is_array($category)){
216 $category = array($category);
217 }
218 foreach ($category as $o){
219 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
220 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
221 $result[]= $attrs;
222 break;
223 }
224 }
225 }
226 }
227 return ($result);
228 }
230 }
232 ?>