1 <?php
3 class filterLDAP {
5 static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "", $objectBase= "")
6 {
7 global $config;
8 $ldap= $config->get_ldap_link(TRUE);
9 $result= filterLDAP::get_list($base, $scope, $filter, $attributes,
10 $category, $objectStorage, $objectBase,
11 GL_SUBSEARCH | GL_SIZELIMIT);
12 return $result;
13 }
16 static function get_list($base, $scope, $filter, $attributes, $category,
17 $objectStorage= array(), $objectBase= "", $flags= GL_SUBSEARCH)
18 {
19 global $config, $ui;
20 $departments= array();
22 /* Get LDAP link */
23 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
25 /* If we do no subsearch, adapt */
26 if ($scope != "sub") {
27 if ($objectBase != "") {
28 $base= preg_replace('/,$/', '', $objectBase).",".$base;
29 } elseif (is_string($objectStorage)) {
30 $base= preg_replace('/,$/', '', $objectStorage).",".$base;
31 }
32 }
34 /* Set search base to configured base if $base is empty */
35 if ($base == ""){
36 $base = $config->current['BASE'];
37 }
38 $ldap->cd ($base);
40 /* Ensure we have an array as storage list */
41 if(is_string($objectStorage)){
42 $objectStorage = array($objectStorage);
43 }
45 /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
46 $sub_bases = array();
47 foreach($objectStorage as $key => $sub_base){
48 if(empty($sub_base)){
50 /* Subsearch is activated and we got an empty sub_base.
51 * (This may be the case if you have empty people/group ous).
52 * Fall back to old get_list().
53 * A log entry will be written. */
54 if($flags & GL_SUBSEARCH){
55 $sub_bases = array();
56 break;
57 }else{
59 /* Do NOT search within subtrees is requested and the sub base is empty.
60 * Append all known departments that matches the base. */
61 $departments[$base] = $base;
62 }
63 }else{
64 $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
65 }
66 }
68 // If there is no sub_department specified, fall back to old method, get_list().
69 if(!count($sub_bases) && !count($departments)){
71 // Log this fall back, it may be an unpredicted behaviour.
72 if(!count($sub_bases) && !count($departments)){
73 new log("debug","all",__FILE__,$attributes,
74 sprintf("filterLDAP::get_list(): falling back to filterLDAP::get_list_old() because objectStorage is empty.".
75 " This may slow down GOsa. Filter was: '%s'", $filter));
76 }
77 return (ldapFILTER::get_list_old($filter, $category,$base,$attributes,$flags));
78 }
80 /* Get all deparments matching the given sub_bases */
81 $base_filter= "";
82 foreach($sub_bases as $sub_base){
83 $base_filter .= "(".$sub_base.")";
84 }
85 $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
86 $ldap->search($base_filter, array("dn"));
87 while($attrs = $ldap->fetch()){
88 foreach($objectStorage as $sub_dep){
90 /* Only add those departments that match the reuested list of departments.
91 *
92 * e.g. sub_deps = array("ou=servers,ou=systems,");
93 *
94 * In this case we have search for "ou=servers" and we may have also fetched
95 * departments like this "ou=servers,ou=blafasel,..."
96 * Here we filter out those blafasel departments.
97 */
98 if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){
99 $departments[$attrs['dn']] = $attrs['dn'];
100 break;
101 }
102 }
103 }
105 $result= array();
106 $limit_exceeded = FALSE;
108 /* Search in all matching departments */
109 foreach($departments as $dep){
111 /* Break if the size limit is exceeded */
112 if($limit_exceeded){
113 return($result);
114 }
116 $ldap->cd($dep);
118 /* Perform ONE or SUB scope searches? */
119 if ($flags & GL_SUBSEARCH) {
120 $ldap->search ($filter, $attributes);
121 } else {
122 $ldap->ls ($filter,$dep,$attributes);
123 }
125 /* Check for size limit exceeded messages for GUI feedback */
126 if (preg_match("/size limit/i", $ldap->get_error())){
127 session::set('limit_exceeded', TRUE);
128 $limit_exceeded = TRUE;
129 }
131 /* Crawl through result entries and perform the migration to the
132 result array */
133 while($attrs = $ldap->fetch()) {
134 $dn= $ldap->getDN();
136 /* Convert dn into a printable format */
137 if ($flags & GL_CONVERT){
138 $attrs["dn"]= convert_department_dn($dn);
139 } else {
140 $attrs["dn"]= $dn;
141 }
143 /* Skip ACL checks if we are forced to skip those checks */
144 if($flags & GL_NO_ACL_CHECK){
145 $result[]= $attrs;
146 }else{
148 /* Sort in every value that fits the permissions */
149 if (!is_array($category)){
150 $category = array($category);
151 }
152 foreach ($category as $o){
153 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
154 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
155 $result[]= $attrs;
156 break;
157 }
158 }
159 }
160 }
161 }
163 return($result);
164 }
167 function get_list_old($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
168 {
169 global $config, $ui;
171 /* Get LDAP link */
172 $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
174 /* Set search base to configured base if $base is empty */
175 if ($base == ""){
176 $ldap->cd ($config->current['BASE']);
177 } else {
178 $ldap->cd ($base);
179 }
181 /* Perform ONE or SUB scope searches? */
182 if ($flags & GL_SUBSEARCH) {
183 $ldap->search ($filter, $attributes);
184 } else {
185 $ldap->ls ($filter,$base,$attributes);
186 }
188 /* Check for size limit exceeded messages for GUI feedback */
189 if (preg_match("/size limit/i", $ldap->get_error())){
190 session::set('limit_exceeded', TRUE);
191 }
193 /* Crawl through reslut entries and perform the migration to the
194 result array */
195 $result= array();
196 while($attrs = $ldap->fetch()) {
198 $dn= $ldap->getDN();
200 /* Convert dn into a printable format */
201 if ($flags & GL_CONVERT){
202 $attrs["dn"]= convert_department_dn($dn);
203 } else {
204 $attrs["dn"]= $dn;
205 }
207 if($flags & GL_NO_ACL_CHECK){
208 $result[]= $attrs;
209 }else{
211 /* Sort in every value that fits the permissions */
212 if (!is_array($category)){
213 $category = array($category);
214 }
215 foreach ($category as $o){
216 if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
217 (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
218 $result[]= $attrs;
219 break;
220 }
221 }
222 }
223 }
225 return ($result);
226 }
228 }
230 ?>