1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
6 {
7 $config= session::global_get('config');
8 $ldap= $config->get_ldap_link(TRUE);
9 $flag= ($scope == "sub")?GL_SUBSEARCH:0;
10 $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
11 return $result;
12 }
15 static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
16 {
17 global $ui;
18 global $config;
20 // Move to arrays for category and objectStorage
21 if (!is_array($category)) {
22 $category= array($category);
23 }
24 if (!is_array($objectStorage)) {
25 $objectStorage= array($objectStorage);
26 }
28 // Initialize search bases
29 $bases= array();
31 // Get list of sub bases to search on and fill dn components to search for
32 $components= array();
33 foreach ($objectStorage as $oc) {
34 $oc= preg_replace('/,$/', '', $oc);
35 $tmp= split(',', $oc);
36 if (count($tmp) == 1) {
37 preg_match('/([^=]+)=(.*)$/', $oc, $m);
38 $components[]= $m[1].":dn:=".$m[2];
39 if ($flags & GL_SUBSEARCH) {
40 $bases[$base][]= $m[1].":dn:=".$m[2];
41 } else {
42 $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
43 }
44 } else {
45 // No, there's no \, in pre defined RDN values
46 preg_match('/^([^,]+),(.*)$/', $oc, $matches);
47 preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
48 $components[]= $m[1].":dn:=".$m[2];
49 if ($flags & GL_SUBSEARCH) {
50 $bases[$base][]= $m[1].":dn:=".$m[2];
51 } else {
52 $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
53 }
54 }
55 }
57 // Get LDAP link
58 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
60 // Do search for every base
61 $result= array();
62 $limit_exceeded = FALSE;
63 foreach($bases as $base => $dnFilters) {
65 // Break if the size limit is exceeded
66 if($limit_exceeded){
67 return($result);
68 }
70 // Switch to new base and search
71 $ldap->cd($base);
72 $dnFilter= "(|";
73 foreach ($dnFilters as $df) {
74 $dnFilter.= "($df)";
75 }
76 $dnFilter.= ")";
77 $ldap->search ("(&$filter$dnFilter)", $attributes);
79 // Check for size limit exceeded messages for GUI feedback
80 if (preg_match("/size limit/i", $ldap->get_error())){
81 session::set('limit_exceeded', TRUE);
82 $limit_exceeded = TRUE;
83 }
85 /* Crawl through result entries and perform the migration to the
86 result array */
87 while($attrs = $ldap->fetch()) {
88 $dn= $ldap->getDN();
90 /* Convert dn into a printable format */
91 if ($flags & GL_CONVERT){
92 $attrs["dn"]= convert_department_dn($dn);
93 } else {
94 $attrs["dn"]= $dn;
95 }
97 /* Skip ACL checks if we are forced to skip those checks */
98 if($flags & GL_NO_ACL_CHECK){
99 $result[]= $attrs;
100 }else{
102 /* Sort in every value that fits the permissions */
103 foreach ($category as $o){
104 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
105 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
106 $result[]= $attrs;
107 break;
108 }
109 }
110 }
111 }
113 }
115 return $result;
116 }
119 }
121 ?>