![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
e888b8381b662a9fb05abe232eeda218c1045e02
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 * Copyright (C) 2003 Alejandro Escanero Blanco <aescanero@chaosdimension.org>
6 * Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
7 *
8 * ID: $$Id$$
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
25 define("ALREADY_EXISTING_ENTRY",-10001);
26 define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
27 define("NO_FILE_UPLOADED",10003);
28 define("INSERT_OK",10000);
29 define("SPECIALS_OVERRIDE", TRUE);
31 class LDAP{
33 var $hascon =false;
34 var $reconnect=false;
35 var $tls = false;
36 var $cid;
37 var $hasres = array();
38 var $sr = array();
39 var $re = array();
40 var $basedn ="";
41 var $start = array(); // 0 if we are fetching the first entry, otherwise 1
42 var $error = ""; // Any error messages to be returned can be put here
43 var $srp = 0;
44 var $objectClasses = array(); // Information read from slapd.oc.conf
45 var $binddn = "";
46 var $bindpw = "";
47 var $hostname = "";
48 var $follow_referral = FALSE;
49 var $referrals= array();
50 var $max_ldap_query_time = 0; // 0, empty or negative values will disable this check
52 function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
53 {
54 global $config;
55 $this->follow_referral= $follow_referral;
56 $this->tls=$tls;
57 $this->binddn=LDAP::convert($binddn);
59 $this->bindpw=$bindpw;
60 $this->hostname=$hostname;
62 /* Check if MAX_LDAP_QUERY_TIME is defined */
63 if(is_object($config) && $config->get_cfg_value("ldapMaxQueryTime") != ""){
64 $str = $config->get_cfg_value("ldapMaxQueryTime");
65 $this->max_ldap_query_time = (float)($str);
66 }
68 $this->connect();
69 }
72 function getSearchResource()
73 {
74 $this->sr[$this->srp]= NULL;
75 $this->start[$this->srp]= 0;
76 $this->hasres[$this->srp]= false;
77 return $this->srp++;
78 }
81 /* Function to replace all problematic characters inside a DN by \001XX, where
82 \001 is decoded to chr(1) [ctrl+a]. It is not impossible, but very unlikely
83 that this character is inside a DN.
85 Currently used codes:
86 , => CO
87 \2C => CO
88 ( => OB
89 ) => CB
90 / => SL
91 \22 => DQ */
92 static function convert($dn)
93 {
94 if (SPECIALS_OVERRIDE == TRUE){
95 $tmp= preg_replace(array("/\\\\,/", "/\\\\2C/", "/\(/", "/\)/", "/\//", "/\\\\22/", '/\\\\"/'),
96 array("\001CO", "\001CO", "\001OB", "\001CB", "\001SL", "\001DQ", "\001DQ"),
97 $dn);
98 return (preg_replace('/,\s+/', ',', $tmp));
99 } else {
100 return ($dn);
101 }
102 }
105 /* Function to fix all problematic characters inside a DN by replacing \001XX
106 codes to their original values. See "convert" for mor information.
107 ',' characters are always expanded to \, (not \2C), since all tested LDAP
108 servers seem to take it the correct way. */
109 static function fix($dn)
110 {
111 if (SPECIALS_OVERRIDE == TRUE){
112 return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/", "/\001DQ/"),
113 array("\,", "(", ")", "/", '\"'),
114 $dn));
115 } else {
116 return ($dn);
117 }
118 }
120 /* Function to fix problematic characters in DN's that are used for search
121 requests. I.e. member=.... */
122 static function prepare4filter($dn)
123 {
124 $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', LDAP::fix($dn)));
125 return str_replace('\\,', '\\\\,', $fixed);
126 }
129 function connect()
130 {
131 $this->hascon=false;
132 $this->reconnect=false;
133 if ($this->cid= @ldap_connect($this->hostname)) {
134 @ldap_set_option($this->cid, LDAP_OPT_PROTOCOL_VERSION, 3);
135 if (function_exists("ldap_set_rebind_proc") && $this->follow_referral) {
136 @ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
137 @ldap_set_rebind_proc($this->cid, array(&$this, "rebind"));
138 }
139 if (function_exists("ldap_start_tls") && $this->tls){
140 @ldap_start_tls($this->cid);
141 }
143 $this->error = "No Error";
144 if ($bid = @ldap_bind($this->cid, LDAP::fix($this->binddn), $this->bindpw)) {
145 $this->error = "Success";
146 $this->hascon=true;
147 } else {
148 if ($this->reconnect){
149 if ($this->error != "Success"){
150 $this->error = "Could not rebind to " . $this->binddn;
151 }
152 } else {
153 $this->error = "Could not bind to " . $this->binddn;
154 }
155 }
156 } else {
157 $this->error = "Could not connect to LDAP server";
158 }
159 }
161 function rebind($ldap, $referral)
162 {
163 $credentials= $this->get_credentials($referral);
164 if (@ldap_bind($ldap, LDAP::fix($credentials['ADMINDN']), $credentials['ADMINPASSWORD'])) {
165 $this->error = "Success";
166 $this->hascon=true;
167 $this->reconnect= true;
168 return (0);
169 } else {
170 $this->error = "Could not bind to " . $credentials['ADMINDN'];
171 return NULL;
172 }
173 }
175 function reconnect()
176 {
177 if ($this->reconnect){
178 @ldap_unbind($this->cid);
179 $this->cid = NULL;
180 }
181 }
183 function unbind()
184 {
185 @ldap_unbind($this->cid);
186 $this->cid = NULL;
187 }
189 function disconnect()
190 {
191 if($this->hascon){
192 @ldap_close($this->cid);
193 $this->hascon=false;
194 }
195 }
197 function cd($dir)
198 {
199 if ($dir == ".."){
200 $this->basedn = $this->getParentDir();
201 } else {
202 $this->basedn = LDAP::convert($dir);
203 }
204 }
206 function getParentDir($basedn = "")
207 {
208 if ($basedn==""){
209 $basedn = $this->basedn;
210 } else {
211 $basedn = LDAP::convert($this->basedn);
212 }
213 return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
214 }
217 function search($srp, $filter, $attrs= array())
218 {
219 if($this->hascon){
220 if ($this->reconnect) $this->connect();
222 $start = microtime();
223 $this->clearResult($srp);
224 $this->sr[$srp] = @ldap_search($this->cid, LDAP::fix($this->basedn), $filter, $attrs);
225 $this->error = @ldap_error($this->cid);
226 $this->resetResult($srp);
227 $this->hasres[$srp]=true;
229 /* Check if query took longer as specified in max_ldap_query_time */
230 if($this->max_ldap_query_time){
231 $diff = get_MicroTimeDiff($start,microtime());
232 if($diff > $this->max_ldap_query_time){
233 msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
234 }
235 }
237 $this->log("LDAP operation: time=".get_MicroTimeDiff($start,microtime())." operation=search('".LDAP::fix($this->basedn)."', '$filter')");
238 return($this->sr[$srp]);
239 }else{
240 $this->error = "Could not connect to LDAP server";
241 return("");
242 }
243 }
245 function ls($srp, $filter = "(objectclass=*)", $basedn = "",$attrs = array("*"))
246 {
247 if($this->hascon){
248 if ($this->reconnect) $this->connect();
250 $this->clearResult($srp);
251 if ($basedn == "")
252 $basedn = $this->basedn;
253 else
254 $basedn= LDAP::convert($basedn);
256 $start = microtime();
257 $this->sr[$srp] = @ldap_list($this->cid, LDAP::fix($basedn), $filter,$attrs);
258 $this->error = @ldap_error($this->cid);
259 $this->resetResult($srp);
260 $this->hasres[$srp]=true;
262 /* Check if query took longer as specified in max_ldap_query_time */
263 if($this->max_ldap_query_time){
264 $diff = get_MicroTimeDiff($start,microtime());
265 if($diff > $this->max_ldap_query_time){
266 msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
267 }
268 }
270 $this->log("LDAP operation: time=".get_MicroTimeDiff($start,microtime())." operation=ls('".LDAP::fix($basedn)."', '$filter')");
272 return($this->sr[$srp]);
273 }else{
274 $this->error = "Could not connect to LDAP server";
275 return("");
276 }
277 }
279 function cat($srp, $dn,$attrs= array("*"))
280 {
281 if($this->hascon){
282 if ($this->reconnect) $this->connect();
284 $this->clearResult($srp);
285 $filter = "(objectclass=*)";
286 $this->sr[$srp] = @ldap_read($this->cid, LDAP::fix($dn), $filter,$attrs);
287 $this->error = @ldap_error($this->cid);
288 $this->resetResult($srp);
289 $this->hasres[$srp]=true;
290 return($this->sr[$srp]);
291 }else{
292 $this->error = "Could not connect to LDAP server";
293 return("");
294 }
295 }
297 function object_match_filter($dn,$filter)
298 {
299 if($this->hascon){
300 if ($this->reconnect) $this->connect();
301 $res = @ldap_read($this->cid, LDAP::fix($dn), $filter, array("objectClass"));
302 $rv = @ldap_count_entries($this->cid, $res);
303 return($rv);
304 }else{
305 $this->error = "Could not connect to LDAP server";
306 return(FALSE);
307 }
308 }
310 function set_size_limit($size)
311 {
312 /* Ignore zero settings */
313 if ($size == 0){
314 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, 10000000);
315 }
316 if($this->hascon){
317 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, $size);
318 } else {
319 $this->error = "Could not connect to LDAP server";
320 }
321 }
323 function fetch($srp)
324 {
325 $att= array();
326 if($this->hascon){
327 if($this->hasres[$srp]){
328 if ($this->start[$srp] == 0)
329 {
330 if ($this->sr[$srp]){
331 $this->start[$srp] = 1;
332 $this->re[$srp]= @ldap_first_entry($this->cid, $this->sr[$srp]);
333 } else {
334 return array();
335 }
336 } else {
337 $this->re[$srp]= @ldap_next_entry($this->cid, $this->re[$srp]);
338 }
339 if ($this->re[$srp])
340 {
341 $att= @ldap_get_attributes($this->cid, $this->re[$srp]);
342 $att['dn']= trim(LDAP::convert(@ldap_get_dn($this->cid, $this->re[$srp])));
343 }
344 $this->error = @ldap_error($this->cid);
345 if (!isset($att)){
346 $att= array();
347 }
348 return($att);
349 }else{
350 $this->error = "Perform a fetch with no search";
351 return("");
352 }
353 }else{
354 $this->error = "Could not connect to LDAP server";
355 return("");
356 }
357 }
359 function resetResult($srp)
360 {
361 $this->start[$srp] = 0;
362 }
364 function clearResult($srp)
365 {
366 if($this->hasres[$srp]){
367 $this->hasres[$srp] = false;
368 @ldap_free_result($this->sr[$srp]);
369 }
370 }
372 function getDN($srp)
373 {
374 if($this->hascon){
375 if($this->hasres[$srp]){
377 if(!$this->re[$srp])
378 {
379 $this->error = "Perform a Fetch with no valid Result";
380 }
381 else
382 {
383 $rv = @ldap_get_dn($this->cid, $this->re[$srp]);
385 $this->error = @ldap_error($this->cid);
386 return(trim(LDAP::convert($rv)));
387 }
388 }else{
389 $this->error = "Perform a Fetch with no Search";
390 return("");
391 }
392 }else{
393 $this->error = "Could not connect to LDAP server";
394 return("");
395 }
396 }
398 function count($srp)
399 {
400 if($this->hascon){
401 if($this->hasres[$srp]){
402 $rv = @ldap_count_entries($this->cid, $this->sr[$srp]);
403 $this->error = @ldap_error($this->cid);
404 return($rv);
405 }else{
406 $this->error = "Perform a Fetch with no Search";
407 return("");
408 }
409 }else{
410 $this->error = "Could not connect to LDAP server";
411 return("");
412 }
413 }
415 function rm($attrs = "", $dn = "")
416 {
417 if($this->hascon){
418 if ($this->reconnect) $this->connect();
419 if ($dn == "")
420 $dn = $this->basedn;
422 $r = ldap_mod_del($this->cid, LDAP::fix($dn), $attrs);
423 $this->error = @ldap_error($this->cid);
424 return($r);
425 }else{
426 $this->error = "Could not connect to LDAP server";
427 return("");
428 }
429 }
431 function mod_add($attrs = "", $dn = "")
432 {
433 if($this->hascon){
434 if ($this->reconnect) $this->connect();
435 if ($dn == "")
436 $dn = $this->basedn;
438 $r = @ldap_mod_add($this->cid, LDAP::fix($dn), $attrs);
439 $this->error = @ldap_error($this->cid);
440 return($r);
441 }else{
442 $this->error = "Could not connect to LDAP server";
443 return("");
444 }
445 }
447 function rename($attrs, $dn = "")
448 {
449 if($this->hascon){
450 if ($this->reconnect) $this->connect();
451 if ($dn == "")
452 $dn = $this->basedn;
454 $r = @ldap_mod_replace($this->cid, LDAP::fix($dn), $attrs);
455 $this->error = @ldap_error($this->cid);
456 return($r);
457 }else{
458 $this->error = "Could not connect to LDAP server";
459 return("");
460 }
461 }
463 function rmdir($deletedn)
464 {
465 if($this->hascon){
466 if ($this->reconnect) $this->connect();
467 $r = @ldap_delete($this->cid, LDAP::fix($deletedn));
468 $this->error = @ldap_error($this->cid);
469 return($r ? $r : 0);
470 }else{
471 $this->error = "Could not connect to LDAP server";
472 return("");
473 }
474 }
477 /*! \brief Move the given Ldap entry from $source to $dest
478 @param String $source The source dn.
479 @param String $dest The destination dn.
480 @return Boolean TRUE on success else FALSE.
481 */
482 function rename_dn($source,$dest)
483 {
484 /* Check if source and destination are the same entry */
485 if(strtolower($source) == strtolower($dest)){
486 trigger_error("Source and destination can't be the same entry.");
487 $this->error = "Source and destination can't be the same entry.";
488 return(FALSE);
489 }
491 /* Check if destination entry exists */
492 if($this->dn_exists($dest)){
493 trigger_error("Destination '$dest' already exists.");
494 $this->error = "Destination '$dest' already exists.";
495 return(FALSE);
496 }
498 /* Extract the name and the parent part out ouf source dn.
499 e.g. cn=herbert,ou=department,dc=...
500 parent => ou=department,dc=...
501 dest_rdn => cn=herbert
502 */
503 $parent = preg_replace("/^[^,]+,/","", $dest);
504 $dest_rdn = preg_replace("/,.*$/","",$dest);
506 if($this->hascon){
507 if ($this->reconnect) $this->connect();
508 $r= ldap_rename($this->cid,@LDAP::fix($source), @LDAP::fix($dest_rdn),@LDAP::fix($parent),TRUE);
509 $this->error = ldap_error($this->cid);
511 /* Check if destination dn exists, if not the
512 server may not support this operation */
513 $r &= is_resource($this->dn_exists($dest));
514 return($r);
515 }else{
516 $this->error = "Could not connect to LDAP server";
517 return(FALSE);
518 }
519 }
522 /**
523 * Function rmdir_recursive
524 *
525 * Description: Based in recursive_remove, adding two thing: full subtree remove, and delete own node.
526 * Parameters: The dn to delete
527 * GiveBack: True on sucessfull , 0 in error, and "" when we don't get a ldap conection
528 *
529 */
530 function rmdir_recursive($srp, $deletedn)
531 {
532 if($this->hascon){
533 if ($this->reconnect) $this->connect();
534 $delarray= array();
536 /* Get sorted list of dn's to delete */
537 $this->ls ($srp, "(objectClass=*)",$deletedn);
538 while ($this->fetch($srp)){
539 $deldn= $this->getDN($srp);
540 $delarray[$deldn]= strlen($deldn);
541 }
542 arsort ($delarray);
543 reset ($delarray);
545 /* Really Delete ALL dn's in subtree */
546 foreach ($delarray as $key => $value){
547 $this->rmdir_recursive($srp, $key);
548 }
550 /* Finally Delete own Node */
551 $r = @ldap_delete($this->cid, LDAP::fix($deletedn));
552 $this->error = @ldap_error($this->cid);
553 return($r ? $r : 0);
554 }else{
555 $this->error = "Could not connect to LDAP server";
556 return("");
557 }
558 }
560 function makeReadableErrors($error,$attrs)
561 {
562 global $config;
564 if($this->success()) return("");
566 $str = "";
567 if(preg_match("/^objectClass: value #([0-9]*) invalid per syntax$/", $this->get_additional_error())){
568 $oc = preg_replace("/^objectClass: value #([0-9]*) invalid per syntax$/","\\1", $this->get_additional_error());
569 if(isset($attrs['objectClass'][$oc])){
570 $str.= " - <b>objectClass: ".$attrs['objectClass'][$oc]."</b>";
571 }
572 }
573 if($error == "Undefined attribute type"){
574 $str = " - <b>attribute: ".preg_replace("/:.*$/","",$this->get_additional_error())."</b>";
575 }
577 if(is_object($config) && $config->get_cfg_value("displayerrors") == "true" && function_exists("print_a")){
578 $str .= print_a($attrs,true);
579 }
581 return($str);
582 }
584 function modify($attrs)
585 {
586 if(count($attrs) == 0){
587 return (0);
588 }
589 if($this->hascon){
590 if ($this->reconnect) $this->connect();
591 $r = @ldap_modify($this->cid, LDAP::fix($this->basedn), $attrs);
592 $this->error = @ldap_error($this->cid);
593 if(!$this->success()){
594 $this->error.= $this->makeReadableErrors($this->error,$attrs);
595 }
596 return($r ? $r : 0);
597 }else{
598 $this->error = "Could not connect to LDAP server";
599 return("");
600 }
601 }
603 function add($attrs)
604 {
605 if($this->hascon){
606 if ($this->reconnect) $this->connect();
607 $r = @ldap_add($this->cid, LDAP::fix($this->basedn), $attrs);
608 $this->error = @ldap_error($this->cid);
609 if(!$this->success()){
610 $this->error.= $this->makeReadableErrors($this->error,$attrs);
611 }
612 return($r ? $r : 0);
613 }else{
614 $this->error = "Could not connect to LDAP server";
615 return("");
616 }
617 }
619 function create_missing_trees($srp, $target)
620 {
621 global $config;
623 $real_path= substr($target, 0, strlen($target) - strlen($this->basedn) -1 );
625 if ($target == $this->basedn){
626 $l= array("dummy");
627 } else {
628 $l= array_reverse(gosa_ldap_explode_dn($real_path));
629 }
630 unset($l['count']);
631 $cdn= $this->basedn;
632 $tag= "";
634 /* Load schema if available... */
635 $classes= $this->get_objectclasses();
637 foreach ($l as $part){
638 if ($part != "dummy"){
639 $cdn= "$part,$cdn";
640 }
642 /* Ignore referrals */
643 $found= false;
644 foreach($this->referrals as $ref){
645 $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URI']);
646 if ($base == $cdn){
647 $found= true;
648 break;
649 }
650 }
651 if ($found){
652 continue;
653 }
655 $this->cat ($srp, $cdn);
656 $attrs= $this->fetch($srp);
658 /* Create missing entry? */
659 if (count ($attrs)){
661 /* Catch the tag - if present */
662 if (isset($attrs['gosaUnitTag'][0])){
663 $tag= $attrs['gosaUnitTag'][0];
664 }
666 } else {
667 $type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
668 $param= preg_replace('/^[^=]+=([^,]+).*$/', '\\1', $cdn);
670 $na= array();
672 /* Automatic or traditional? */
673 if(count($classes)){
675 /* Get name of first matching objectClass */
676 $ocname= "";
677 foreach($classes as $class){
678 if (isset($class['MUST']) && $class['MUST'] == "$type"){
680 /* Look for first classes that is structural... */
681 if (isset($class['STRUCTURAL'])){
682 $ocname= $class['NAME'];
683 break;
684 }
686 /* Look for classes that are auxiliary... */
687 if (isset($class['AUXILIARY'])){
688 $ocname= $class['NAME'];
689 }
690 }
691 }
693 /* Bail out, if we've nothing to do... */
694 if ($ocname == ""){
695 msg_dialog::display(_("Internal error"), sprintf(_("Cannot automatically create subtrees with RDN '%s': no object class found!"),$type), FATAL_ERROR_DIALOG);
696 exit();
697 }
699 /* Assemble_entry */
700 if ($tag != ""){
701 $na['objectClass']= array($ocname, "gosaAdministrativeUnitTag");
702 $na["gosaUnitTag"]= $tag;
703 } else {
704 $na['objectClass']= array($ocname);
705 }
706 if (isset($classes[$ocname]['AUXILIARY'])){
707 $na['objectClass'][]= $classes[$ocname]['SUP'];
708 }
709 if ($type == "dc"){
710 /* This is bad actually, but - tell me a better way? */
711 $na['objectClass'][]= 'locality';
712 }
713 $na[$type]= $param;
714 if (is_array($classes[$ocname]['MUST'])){
715 foreach($classes[$ocname]['MUST'] as $attr){
716 $na[$attr]= "filled";
717 }
718 }
720 } else {
722 /* Use alternative add... */
723 switch ($type){
724 case 'ou':
725 if ($tag != ""){
726 $na["objectClass"]= array("organizationalUnit", "gosaAdministrativeUnitTag");
727 $na["gosaUnitTag"]= $tag;
728 } else {
729 $na["objectClass"]= "organizationalUnit";
730 }
731 $na["ou"]= $param;
732 break;
733 case 'dc':
734 if ($tag != ""){
735 $na["objectClass"]= array("dcObject", "top", "locality", "gosaAdministrativeUnitTag");
736 $na["gosaUnitTag"]= $tag;
737 } else {
738 $na["objectClass"]= array("dcObject", "top", "locality");
739 }
740 $na["dc"]= $param;
741 break;
742 default:
743 msg_dialog::display(_("Internal error"), sprintf(_("Cannot automatically create subtrees with RDN '%s': not supported"),$type), FATAL_ERROR_DIALOG);
744 exit();
745 }
747 }
748 $this->cd($cdn);
749 $this->add($na);
751 if (!$this->success()){
753 print_a(array($cdn,$na));
755 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($this->get_error(), $cdn, LDAP_ADD, get_class()));
756 return FALSE;
757 }
758 }
759 }
761 return TRUE;
762 }
765 function recursive_remove($srp)
766 {
767 $delarray= array();
769 /* Get sorted list of dn's to delete */
770 $this->search ($srp, "(objectClass=*)");
771 while ($this->fetch($srp)){
772 $deldn= $this->getDN($srp);
773 $delarray[$deldn]= strlen($deldn);
774 }
775 arsort ($delarray);
776 reset ($delarray);
778 /* Delete all dn's in subtree */
779 foreach ($delarray as $key => $value){
780 $this->rmdir($key);
781 }
782 }
785 function get_attribute($dn, $name,$r_array=0)
786 {
787 $data= "";
788 if ($this->reconnect) $this->connect();
789 $sr= @ldap_read($this->cid, LDAP::fix($dn), "objectClass=*", array("$name"));
791 /* fill data from LDAP */
792 if ($sr) {
793 $ei= @ldap_first_entry($this->cid, $sr);
794 if ($ei) {
795 if ($info= @ldap_get_values_len($this->cid, $ei, "$name")){
796 $data= $info[0];
797 }
798 }
799 }
800 if($r_array==0) {
801 return ($data);
802 } else {
803 return ($info);
804 }
805 }
809 function get_additional_error()
810 {
811 $error= "";
812 @ldap_get_option ($this->cid, LDAP_OPT_ERROR_STRING, $error);
813 return ($error);
814 }
817 function success()
818 {
819 return (preg_match('/Success/i', $this->error));
820 }
823 function get_error()
824 {
825 if ($this->error == 'Success'){
826 return $this->error;
827 } else {
828 $adderror= $this->get_additional_error();
829 if ($adderror != ""){
830 $error= $this->error." (".$this->get_additional_error().", ".sprintf(_("while operating on '%s' using LDAP server '%s'"), $this->basedn, $this->hostname).")";
831 } else {
832 $error= $this->error." (".sprintf(_("while operating on LDAP server %s"), $this->hostname).")";
833 }
834 return $error;
835 }
836 }
838 function get_credentials($url, $referrals= NULL)
839 {
840 $ret= array();
841 $url= preg_replace('!\?\?.*$!', '', $url);
842 $server= preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $url);
844 if ($referrals === NULL){
845 $referrals= $this->referrals;
846 }
848 if (isset($referrals[$server])){
849 return ($referrals[$server]);
850 } else {
851 $ret['ADMINDN']= LDAP::fix($this->binddn);
852 $ret['ADMINPASSWORD']= $this->bindpw;
853 }
855 return ($ret);
856 }
859 function gen_ldif ($srp, $dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE)
860 {
861 $display= "";
863 if ($recursive){
864 $this->cd($dn);
865 $this->ls($srp, $filter,$dn, array('dn','objectClass'));
866 $deps = array();
868 $display .= $this->gen_one_entry($dn)."\n";
870 while ($attrs= $this->fetch($srp)){
871 $deps[] = $attrs['dn'];
872 }
873 foreach($deps as $dn){
874 $display .= $this->gen_ldif($srp, $dn, $filter,$attributes,$recursive);
875 }
876 } else {
877 $display.= $this->gen_one_entry($dn);
878 }
879 return ($display);
880 }
883 function gen_xls ($srp, $dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE,$r_array=0)
884 {
885 $display= array();
887 $this->cd($dn);
888 $this->search($srp, "$filter");
890 $i=0;
891 while ($attrs= $this->fetch($srp)){
892 $j=0;
894 foreach ($attributes as $at){
895 $display[$i][$j]= $this->get_attribute($attrs['dn'], $at,$r_array);
896 $j++;
897 }
899 $i++;
900 }
902 return ($display);
903 }
906 function gen_one_entry($dn, $filter= "(objectClass=*)" , $name= array("*"))
907 {
908 $ret = "";
909 $data = "";
910 if($this->reconnect){
911 $this->connect();
912 }
914 /* Searching Ldap Tree */
915 $sr= @ldap_read($this->cid, LDAP::fix($dn), $filter, $name);
917 /* Get the first entry */
918 $entry= @ldap_first_entry($this->cid, $sr);
920 /* Get all attributes related to that Objekt */
921 $atts = array();
923 /* Assemble dn */
924 $atts[0]['name'] = "dn";
925 $atts[0]['value'] = array('count' => 1, 0 => $dn);
927 /* Reset index */
928 $i = 1 ;
929 $identifier = array();
930 $attribute= @ldap_first_attribute($this->cid,$entry,$identifier);
931 while ($attribute) {
932 $i++;
933 $atts[$i]['name'] = $attribute;
934 $atts[$i]['value'] = @ldap_get_values_len($this->cid, $entry, "$attribute");
936 /* Next one */
937 $attribute= @ldap_next_attribute($this->cid,$entry,$identifier);
938 }
940 foreach($atts as $at)
941 {
942 for ($i= 0; $i<$at['value']['count']; $i++){
944 /* Check if we must encode the data */
945 if(!preg_match('/^[a-z0-9+@#.=, \/ -]+$/i', $at['value'][$i])) {
946 $ret .= $at['name'].":: ".base64_encode($at['value'][$i])."\n";
947 } else {
948 $ret .= $at['name'].": ".$at['value'][$i]."\n";
949 }
950 }
951 }
953 return($ret);
954 }
957 function dn_exists($dn)
958 {
959 return @ldap_list($this->cid, LDAP::fix($dn), "(objectClass=*)", array("objectClass"));
960 }
964 /* This funktion imports ldifs
966 If DeleteOldEntries is true, the destination entry will be deleted first.
967 If JustModify is true the destination entry will only be touched by the attributes specified in the ldif.
968 if JustMofify id false the destination dn will be overwritten by the new ldif.
969 */
971 function import_complete_ldif($srp, $str_attr,$error,$JustModify,$DeleteOldEntries)
972 {
973 if($this->reconnect) $this->connect();
975 /* First we have to splitt the string ito detect empty lines
976 An empty line indicates an new Entry */
977 $entries = split("\n",$str_attr);
979 $data = "";
980 $cnt = 0;
981 $current_line = 0;
983 /* FIX ldif */
984 $last = "";
985 $tmp = "";
986 $i = 0;
987 foreach($entries as $entry){
988 if(preg_match("/^ /",$entry)){
989 $tmp[$i] .= trim($entry);
990 }else{
991 $i ++;
992 $tmp[$i] = trim($entry);
993 }
994 }
996 /* Every single line ... */
997 foreach($tmp as $entry) {
998 $current_line ++;
1000 /* Removing Spaces to ..
1001 .. test if a new entry begins */
1002 $tmp = str_replace(" ","",$data );
1004 /* .. prevent empty lines in an entry */
1005 $tmp2 = str_replace(" ","",$entry);
1007 /* If the Block ends (Empty Line) */
1008 if((empty($entry))&&(!empty($tmp))) {
1009 /* Add collected lines as a complete block */
1010 $all[$cnt] = $data;
1011 $cnt ++;
1012 $data ="";
1013 } else {
1015 /* Append lines ... */
1016 if(!empty($tmp2)) {
1017 /* check if we need base64_decode for this line */
1018 if(ereg("::",$tmp2))
1019 {
1020 $encoded = split("::",$entry);
1021 $attr = trim($encoded[0]);
1022 $value = base64_decode(trim($encoded[1]));
1023 /* Add linenumber */
1024 $data .= $current_line."#".base64_encode($attr.":".$value)."\n";
1025 }
1026 else
1027 {
1028 /* Add Linenumber */
1029 $data .= $current_line."#".base64_encode($entry)."\n";
1030 }
1031 }
1032 }
1033 }
1035 /* The Data we collected is not in the array all[];
1036 For example the Data is stored like this..
1038 all[0] = "1#dn : .... \n
1039 2#ObjectType: person \n ...."
1041 Now we check every insertblock and try to insert */
1042 foreach ( $all as $single) {
1043 $lineone = split("\n",$single);
1044 $ndn = split("#", $lineone[0]);
1045 $line = base64_decode($ndn[1]);
1047 $dnn = split (":",$line,2);
1048 $current_line = $ndn[0];
1049 $dn = $dnn[0];
1050 $value = $dnn[1];
1052 /* Every block must begin with a dn */
1053 if($dn != "dn") {
1054 $error= sprintf(_("This is not a valid DN: '%s'. A block for import should begin with 'dn: ...' in line %s"), $line, $current_line);
1055 return -2;
1056 }
1058 /* Should we use Modify instead of Add */
1059 $usemodify= false;
1061 /* Delete before insert */
1062 $usermdir= false;
1064 /* The dn address already exists, Don't delete destination entry, overwrite it */
1065 if (($this->dn_exists($value))&&((!$JustModify)&&(!$DeleteOldEntries))) {
1067 $usermdir = $usemodify = false;
1069 /* Delete old entry first, then add new */
1070 } elseif(($this->dn_exists($value))&&($DeleteOldEntries)){
1072 /* Delete first, then add */
1073 $usermdir = true;
1075 } elseif(($this->dn_exists($value))&&($JustModify)) {
1077 /* Modify instead of Add */
1078 $usemodify = true;
1079 }
1081 /* If we can't Import, return with a file error */
1082 if(!$this->import_single_entry($srp, $single,$usemodify,$usermdir) ) {
1083 $error= sprintf(_("Error while importing dn: '%s', please check your LDIF from line %s on!"), $line,
1084 $current_line);
1085 return UNKNOWN_TOKEN_IN_LDIF_FILE; }
1086 }
1088 return (INSERT_OK);
1089 }
1092 /* Imports a single entry
1093 If $delete is true; The old entry will be deleted if it exists.
1094 if $modify is true; All variables that are not touched by the new ldif will be kept.
1095 if $modify is false; The new ldif overwrites the old entry, and all untouched attributes get lost.
1096 */
1097 function import_single_entry($srp, $str_attr,$modify,$delete)
1098 {
1099 global $config;
1101 if(!$config){
1102 trigger_error("Can't import ldif, can't read config object.");
1103 }
1106 if($this->reconnect) $this->connect();
1108 $ret = false;
1109 $rows= split("\n",$str_attr);
1110 $data= false;
1112 foreach($rows as $row) {
1114 /* Check if we use Linenumbers (when import_complete_ldif is called we use
1115 Linenumbers) Linenumbers are use like this 123#attribute : value */
1116 if(!empty($row)) {
1117 if(strpos($row,"#")!=FALSE) {
1119 /* We are using line numbers
1120 Because there is a # before a : */
1121 $tmp1= split("#",$row);
1122 $current_line= $tmp1[0];
1123 $row= base64_decode($tmp1[1]);
1124 }
1126 /* Split the line into attribute and value */
1127 $attr = split(":", $row,2);
1128 $attr[0]= trim($attr[0]); /* attribute */
1129 $attr[1]= $attr[1]; /* value */
1131 /* Check :: was used to indicate base64_encoded strings */
1132 if($attr[1][0] == ":"){
1133 $attr[1]=trim(preg_replace("/^:/","",$attr[1]));
1134 $attr[1]=base64_decode($attr[1]);
1135 }
1137 $attr[1] = trim($attr[1]);
1139 /* Check for attributes that are used more than once */
1140 if(!isset($data[$attr[0]])) {
1141 $data[$attr[0]]=$attr[1];
1142 } else {
1143 $tmp = $data[$attr[0]];
1145 if(!is_array($tmp)) {
1146 $new[0]=$tmp;
1147 $new[1]=$attr[1];
1148 $datas[$attr[0]]['count']=1;
1149 $data[$attr[0]]=$new;
1150 } else {
1151 $cnt = $datas[$attr[0]]['count'];
1152 $cnt ++;
1153 $data[$attr[0]][$cnt]=$attr[1];
1154 $datas[$attr[0]]['count'] = $cnt;
1155 }
1156 }
1157 }
1158 }
1160 /* If dn is an index of data, we should try to insert the data */
1161 if(isset($data['dn'])) {
1163 /* Fix dn */
1164 $tmp = gosa_ldap_explode_dn($data['dn']);
1165 unset($tmp['count']);
1166 $newdn ="";
1167 foreach($tmp as $tm){
1168 $newdn.= trim($tm).",";
1169 }
1170 $newdn = preg_replace("/,$/","",$newdn);
1171 $data['dn'] = $newdn;
1173 /* Creating Entry */
1174 $this->cd($data['dn']);
1176 /* Delete existing entry */
1177 if($delete){
1178 $this->rmdir_recursive($srp, $data['dn']);
1179 }
1181 /* Create missing trees */
1182 $this->cd ($this->basedn);
1183 $this->cd($config->current['BASE']);
1184 $this->create_missing_trees($srp, preg_replace("/^[^,]+,/","",$data['dn']));
1185 $this->cd($data['dn']);
1187 $dn = $data['dn'];
1188 unset($data['dn']);
1190 if(!$modify){
1192 $this->cat($srp, $dn);
1193 if($this->count($srp)){
1195 /* The destination entry exists, overwrite it with the new entry */
1196 $attrs = $this->fetch($srp);
1197 foreach($attrs as $name => $value ){
1198 if(!is_numeric($name)){
1199 if(in_array($name,array("dn","count"))) continue;
1200 if(!isset($data[$name])){
1201 $data[$name] = array();
1202 }
1203 }
1204 }
1205 $ret = $this->modify($data);
1207 }else{
1209 /* The destination entry doesn't exists, create it */
1210 $ret = $this->add($data);
1211 }
1213 } else {
1215 /* Keep all vars that aren't touched by this ldif */
1216 $ret = $this->modify($data);
1217 }
1218 }
1220 if (!$this->success()){
1221 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($this->get_error(), $dn, "", get_class()));
1222 }
1224 return($ret);
1225 }
1228 function importcsv($str)
1229 {
1230 $lines = split("\n",$str);
1231 foreach($lines as $line)
1232 {
1233 /* continue if theres a comment */
1234 if(substr(trim($line),0,1)=="#"){
1235 continue;
1236 }
1238 $line= str_replace ("\t\t","\t",$line);
1239 $line= str_replace ("\t" ,"," ,$line);
1240 echo $line;
1242 $cells = split(",",$line ) ;
1243 $linet= str_replace ("\t\t",",",$line);
1244 $cells = split("\t",$line);
1245 $count = count($cells);
1246 }
1248 }
1250 function get_objectclasses( $force_reload = FALSE)
1251 {
1252 $objectclasses = array();
1253 global $config;
1255 /* Only read schema if it is allowed */
1256 if(isset($config) && preg_match("/config/i",get_class($config))){
1257 if ($config->get_cfg_value("schemaCheck") != "true"){
1258 return($objectclasses);
1259 }
1260 }
1262 /* Return the cached results. */
1263 if(class_available('session') && session::global_is_set("LDAP_CACHE::get_objectclasses") && !$force_reload){
1264 $objectclasses = session::global_get("LDAP_CACHE::get_objectclasses");
1265 return($objectclasses);
1266 }
1268 # Get base to look for schema
1269 $sr = @ldap_read ($this->cid, "", "objectClass=*", array("subschemaSubentry"));
1270 $attr = @ldap_get_entries($this->cid,$sr);
1271 if (!isset($attr[0]['subschemasubentry'][0])){
1272 return array();
1273 }
1275 /* Get list of objectclasses and fill array */
1276 $nb= $attr[0]['subschemasubentry'][0];
1277 $objectclasses= array();
1278 $sr= ldap_read ($this->cid, $nb, "objectClass=*", array("objectclasses"));
1279 $attrs= ldap_get_entries($this->cid,$sr);
1280 if (!isset($attrs[0])){
1281 return array();
1282 }
1283 foreach ($attrs[0]['objectclasses'] as $val){
1284 if (preg_match('/^[0-9]+$/', $val)){
1285 continue;
1286 }
1287 $name= "OID";
1288 $pattern= split(' ', $val);
1289 $ocname= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
1290 $objectclasses[$ocname]= array();
1292 foreach($pattern as $chunk){
1293 switch($chunk){
1295 case '(':
1296 $value= "";
1297 break;
1299 case ')': if ($name != ""){
1300 $objectclasses[$ocname][$name]= $this->value2container($value);
1301 }
1302 $name= "";
1303 $value= "";
1304 break;
1306 case 'NAME':
1307 case 'DESC':
1308 case 'SUP':
1309 case 'STRUCTURAL':
1310 case 'ABSTRACT':
1311 case 'AUXILIARY':
1312 case 'MUST':
1313 case 'MAY':
1314 if ($name != ""){
1315 $objectclasses[$ocname][$name]= $this->value2container($value);
1316 }
1317 $name= $chunk;
1318 $value= "";
1319 break;
1321 default: $value.= $chunk." ";
1322 }
1323 }
1325 }
1326 if(class_available("session")){
1327 session::global_set("LDAP_CACHE::get_objectclasses",$objectclasses);
1328 }
1330 return $objectclasses;
1331 }
1334 function value2container($value)
1335 {
1336 /* Set emtpy values to "true" only */
1337 if (preg_match('/^\s*$/', $value)){
1338 return true;
1339 }
1341 /* Remove ' and " if needed */
1342 $value= preg_replace('/^[\'"]/', '', $value);
1343 $value= preg_replace('/[\'"] *$/', '', $value);
1345 /* Convert to array if $ is inside... */
1346 if (preg_match('/\$/', $value)){
1347 $container= preg_split('/\s*\$\s*/', $value);
1348 } else {
1349 $container= chop($value);
1350 }
1352 return ($container);
1353 }
1356 function log($string)
1357 {
1358 if (session::global_is_set('config')){
1359 $cfg = session::global_get('config');
1360 if (isset($cfg->current['LDAPSTATS']) && preg_match('/true/i', $cfg->current['LDAPSTATS'])){
1361 syslog (LOG_INFO, $string);
1362 }
1363 }
1364 }
1366 /* added by Guido Serra aka Zeph <zeph@purotesto.it> */
1367 function getCn($dn){
1368 $simple= split(",", $dn);
1370 foreach($simple as $piece) {
1371 $partial= split("=", $piece);
1373 if($partial[0] == "cn"){
1374 return $partial[1];
1375 }
1376 }
1377 }
1380 function get_naming_contexts($server, $admin= "", $password= "")
1381 {
1382 /* Build LDAP connection */
1383 $ds= ldap_connect ($server);
1384 if (!$ds) {
1385 die ("Can't bind to LDAP. No check possible!");
1386 }
1387 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
1388 $r= ldap_bind ($ds, $admin, $password);
1390 /* Get base to look for naming contexts */
1391 $sr = @ldap_read ($ds, "", "objectClass=*", array("+"));
1392 $attr= @ldap_get_entries($ds,$sr);
1394 return ($attr[0]['namingcontexts']);
1395 }
1398 function get_root_dse($server, $admin= "", $password= "")
1399 {
1400 /* Build LDAP connection */
1401 $ds= ldap_connect ($server);
1402 if (!$ds) {
1403 die ("Can't bind to LDAP. No check possible!");
1404 }
1405 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
1406 $r= ldap_bind ($ds, $admin, $password);
1408 /* Get base to look for naming contexts */
1409 $sr = @ldap_read ($ds, "", "objectClass=*", array("+"));
1410 $attr= @ldap_get_entries($ds,$sr);
1412 /* Return empty array, if nothing was set */
1413 if (!isset($attr[0])){
1414 return array();
1415 }
1417 /* Rework array... */
1418 $result= array();
1419 for ($i= 0; $i<$attr[0]['count']; $i++){
1420 $result[$attr[0][$i]]= $attr[0][$attr[0][$i]];
1421 unset($result[$attr[0][$i]]['count']);
1422 }
1424 return ($result);
1425 }
1427 }
1428 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1429 ?>