1 <?php
2 /*****************************************************************************
3 newldap.inc - version 1.0
4 Copyright (C) 2003 Alejandro Escanero Blanco <alex@ofmin.com>
5 Copyright (C) 2004 Cajus Pollmeier <pollmeier@gonicus.de>
7 Based in code of ldap.inc of
8 Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
9 *****************************************************************************/
11 define("ALREADY_EXISTING_ENTRY",-10001);
12 define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
13 define("NO_FILE_UPLOADED",10003);
16 define("INSERT_OK",10000);
20 class LDAP{
22 var $hascon =false;
23 var $hasres =false;
24 var $reconnect=false;
25 var $tls = false;
26 var $basedn ="";
27 var $cid;
28 var $error = ""; // Any error messages to be returned can be put here
29 var $start = 0; // 0 if we are fetching the first entry, otherwise 1
30 var $objectClasses = array(); // Information read from slapd.oc.conf
31 var $binddn = "";
32 var $bindpw = "";
33 var $hostname = "";
34 var $follow_referral = FALSE;
35 var $referrals= array();
37 function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
38 {
39 $this->follow_referral= $follow_referral;
40 $this->tls=$tls;
41 $this->binddn=$binddn;
42 $this->bindpw=$bindpw;
43 $this->hostname=$hostname;
44 $this->connect();
45 }
47 function connect()
48 {
49 $this->hascon=false;
50 $this->reconnect=false;
51 if ($this->cid= @ldap_connect($this->hostname)) {
52 @ldap_set_option($this->cid, LDAP_OPT_PROTOCOL_VERSION, 3);
53 if (function_exists("ldap_set_rebind_proc") && $this->follow_referral) {
54 @ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
55 @ldap_set_rebind_proc($this->cid, array(&$this, "rebind"));
56 }
57 if (function_exists("ldap_start_tls") && $this->tls){
58 @ldap_start_tls($this->cid);
59 }
61 $this->error = "No Error";
62 if ($bid = @ldap_bind($this->cid, $this->binddn, $this->bindpw)) {
63 $this->error = "Success";
64 $this->hascon=true;
65 } else {
66 if ($this->reconnect){
67 if ($this->error != "Success"){
68 $this->error = "Could not rebind to " . $this->binddn;
69 }
70 } else {
71 $this->error = "Could not bind to " . $this->binddn;
72 }
73 }
74 } else {
75 $this->error = "Could not connect to LDAP server";
76 }
77 }
79 function rebind($ldap, $referral)
80 {
81 $credentials= $this->get_credentials($referral);
82 if (@ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
83 $this->error = "Success";
84 $this->hascon=true;
85 $this->reconnect= true;
86 return (0);
87 } else {
88 $this->error = "Could not bind to " . $credentials['ADMIN'];
89 return NULL;
90 }
91 }
93 function reconnect()
94 {
95 if ($this->reconnect){
96 @ldap_unbind($this->cid);
97 $this->cid = NULL;
98 }
99 }
101 function unbind()
102 {
103 @ldap_unbind($this->cid);
104 $this->cid = NULL;
105 }
107 function disconnect()
108 {
109 if($this->hascon){
110 @ldap_close($this->cid);
111 $this->hascon=false;
112 }
113 }
115 function cd($dir)
116 {
117 if ($dir == "..")
118 $this->basedn = $this->getParentDir();
119 else
120 $this->basedn = $dir;
121 }
123 function getParentDir($basedn = "")
124 {
125 if ($basedn=="")
126 $basedn = $this->basedn;
127 return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
128 }
130 function search($filter, $attrs= array())
131 {
133 if($this->hascon){
134 if ($this->reconnect) $this->connect();
135 $this->clearResult();
136 $this->sr = @ldap_search($this->cid, $this->basedn, $filter, $attrs);
137 $this->error = @ldap_error($this->cid);
138 $this->resetResult();
139 $this->hasres=true;
140 return($this->sr);
141 }else{
142 $this->error = "Could not connect to LDAP server";
143 return("");
144 }
145 }
147 function ls($filter = "(objectclass=*)", $basedn = "")
148 {
149 if($this->hascon){
150 if ($this->reconnect) $this->connect();
151 $this->clearResult();
152 if ($basedn == "")
153 $basedn = $this->basedn;
154 $this->sr = @ldap_list($this->cid, $basedn, $filter);
155 $this->error = @ldap_error($this->cid);
156 $this->resetResult();
157 $this->hasres=true;
158 return($this->sr);
159 }else{
160 $this->error = "Could not connect to LDAP server";
161 return("");
162 }
163 }
165 function cat($dn)
166 {
167 if($this->hascon){
168 if ($this->reconnect) $this->connect();
169 $this->clearResult();
170 $filter = "(objectclass=*)";
171 $this->sr = @ldap_read($this->cid, $dn, $filter);
172 $this->error = @ldap_error($this->cid);
173 $this->resetResult();
174 $this->hasres=true;
175 return($this->sr);
176 }else{
177 $this->error = "Could not connect to LDAP server";
178 return("");
179 }
180 }
182 function set_size_limit($size)
183 {
184 /* Ignore zero settings */
185 if ($size == 0){
186 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, 10000000);
187 }
188 if($this->hascon){
189 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, $size);
190 } else {
191 $this->error = "Could not connect to LDAP server";
192 }
193 }
195 function fetch()
196 {
197 if($this->hascon){
198 if($this->hasres){
199 if ($this->start == 0)
200 {
201 $this->start = 1;
202 $this->re= @ldap_first_entry($this->cid, $this->sr);
203 } else {
204 $this->re= @ldap_next_entry($this->cid, $this->re);
205 }
206 if ($this->re)
207 {
208 $att= @ldap_get_attributes($this->cid, $this->re);
209 $att['dn']= @ldap_get_dn($this->cid, $this->re);
210 }
211 $this->error = @ldap_error($this->cid);
212 if (!isset($att)){
213 $att= array();
214 }
215 return($att);
216 }else{
217 $this->error = "Perform a Fetch with no Search";
218 return("");
219 }
220 }else{
221 $this->error = "Could not connect to LDAP server";
222 return("");
223 }
224 }
226 function resetResult()
227 {
228 $this->start = 0;
229 }
231 function clearResult()
232 {
233 if($this->hasres){
234 $this->hasres = false;
235 @ldap_free_result($this->sr);
236 }
237 }
239 function getDN()
240 {
241 if($this->hascon){
242 if($this->hasres){
244 if(!$this->re)
245 {
246 $this->error = "Perform a Fetch with no valid Result";
247 }
248 else
249 {
250 $rv = @ldap_get_dn($this->cid, $this->re);
252 $this->error = @ldap_error($this->cid);
253 $rv= preg_replace("/[ ]*,[ ]*/", ",", $rv);
254 return($rv);
255 }
256 }else{
257 $this->error = "Perform a Fetch with no Search";
258 return("");
259 }
260 }else{
261 $this->error = "Could not connect to LDAP server";
262 return("");
263 }
264 }
266 function count()
267 {
268 if($this->hascon){
269 if($this->hasres){
270 $rv = @ldap_count_entries($this->cid, $this->sr);
271 $this->error = @ldap_error($this->cid);
272 return($rv);
273 }else{
274 $this->error = "Perform a Fetch with no Search";
275 return("");
276 }
277 }else{
278 $this->error = "Could not connect to LDAP server";
279 return("");
280 }
281 }
283 function rm($attrs = "", $dn = "")
284 {
285 if($this->hascon){
286 if ($this->reconnect) $this->connect();
287 if ($dn == "")
288 $dn = $this->basedn;
290 $r = @ldap_mod_del($this->cid, $dn, $attrs);
291 $this->error = @ldap_error($this->cid);
292 return($r);
293 }else{
294 $this->error = "Could not connect to LDAP server";
295 return("");
296 }
297 }
299 function rename($attrs, $dn = "")
300 {
301 if($this->hascon){
302 if ($this->reconnect) $this->connect();
303 if ($dn == "")
304 $dn = $this->basedn;
306 $r = @ldap_mod_replace($this->cid, $dn, $attrs);
307 $this->error = @ldap_error($this->cid);
308 return($r);
309 }else{
310 $this->error = "Could not connect to LDAP server";
311 return("");
312 }
313 }
315 function rmdir($deletedn)
316 {
317 if($this->hascon){
318 if ($this->reconnect) $this->connect();
319 $r = @ldap_delete($this->cid, $deletedn);
320 $this->error = @ldap_error($this->cid);
321 return($r ? $r : 0);
322 }else{
323 $this->error = "Could not connect to LDAP server";
324 return("");
325 }
326 }
328 /**
329 * Function rmdir_recursive
330 *
331 * Description: Based in recursive_remove, adding two thing: full subtree remove, and delete own node.
332 * Parameters: The dn to delete
333 * GiveBack: True on sucessfull , 0 in error, and "" when we don't get a ldap conection
334 *
335 */
337 function rmdir_recursive($deletedn)
338 {
339 if($this->hascon){
340 if ($this->reconnect) $this->connect();
341 $delarray= array();
343 /* Get sorted list of dn's to delete */
344 $this->ls ("(objectClass=*)",$deletedn);
345 while ($this->fetch()){
346 $deldn= $this->getDN();
347 $delarray[$deldn]= strlen($deldn);
348 }
349 arsort ($delarray);
350 reset ($delarray);
352 /* Really Delete ALL dn's in subtree */
353 foreach ($delarray as $key => $value){
354 $this->rmdir_recursive($key);
355 }
357 /* Finally Delete own Node */
358 $r = @ldap_delete($this->cid, $deletedn);
359 $this->error = @ldap_error($this->cid);
360 return($r ? $r : 0);
361 }else{
362 $this->error = "Could not connect to LDAP server";
363 return("");
364 }
365 }
368 function modify($attrs)
369 {
370 if($this->hascon){
371 if ($this->reconnect) $this->connect();
372 $r = @ldap_modify($this->cid, $this->basedn, $attrs);
373 $this->error = @ldap_error($this->cid);
374 return($r ? $r : 0);
375 }else{
376 $this->error = "Could not connect to LDAP server";
377 return("");
378 }
379 }
381 function add($attrs)
382 {
383 if($this->hascon){
384 if ($this->reconnect) $this->connect();
385 $r = @ldap_add($this->cid, $this->basedn, $attrs);
386 $this->error = @ldap_error($this->cid);
387 return($r ? $r : 0);
388 }else{
389 $this->error = "Could not connect to LDAP server";
390 return("");
391 }
392 }
394 function create_missing_trees($target)
395 {
397 /* Ignore create_missing trees if the base equals target */
398 if ($target == $this->basedn){
399 return;
400 }
401 $l= array_reverse(explode(",", preg_replace("/,".$this->basedn."/", "", $target)));
402 $cdn= $this->basedn;
403 foreach ($l as $part){
404 $cdn= "$part,$cdn";
406 /* Ignore referrals */
407 $found= false;
408 foreach($this->referrals as $ref){
409 $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URL']);
410 if ($base == $cdn){
411 $found= true;
412 break;
413 }
414 }
415 if ($found){
416 continue;
417 }
419 $this->cat ($cdn);
420 $attrs= $this->fetch();
422 /* Create missing entry? */
423 if (!count ($attrs)){
424 $type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
425 $param= preg_replace('/^[^=]+=([^,]+),.*$/', '\\1', $cdn);
427 $na= array();
428 switch ($type){
429 case 'ou':
430 $na["objectClass"]= "organizationalUnit";
431 $na["ou"]= $param;
432 break;
433 case 'dc':
434 $na["objectClass"]= array("dcObject", "top", "locality");
435 $na["dc"]= $param;
436 break;
437 default:
438 print_red(sprintf(_("Autocreation of type '%s' is currently not supported. Please report to the GOsa team."), $type));
439 echo $_SESSION['errors'];
440 exit;
441 }
442 $this->cd($cdn);
443 $this->add($na);
444 }
445 }
446 }
448 function recursive_remove()
449 {
450 $delarray= array();
452 /* Get sorted list of dn's to delete */
453 $this->search ("(objectClass=*)");
454 while ($this->fetch()){
455 $deldn= $this->getDN();
456 $delarray[$deldn]= strlen($deldn);
457 }
458 arsort ($delarray);
459 reset ($delarray);
461 /* Delete all dn's in subtree */
462 foreach ($delarray as $key => $value){
463 $this->rmdir($key);
464 }
465 }
467 function get_attribute($dn, $name)
468 {
469 $data= "";
470 if ($this->reconnect) $this->connect();
471 $sr= @ldap_read($this->cid, $dn, "objectClass=*", array("$name"));
473 /* fill data from LDAP */
474 if ($sr) {
475 $ei= @ldap_first_entry($this->cid, $sr);
476 if ($ei) {
477 if ($info= @ldap_get_values_len($this->cid, $ei, "$name")){
478 $data= $info[0];
479 }
480 }
481 }
483 return ($data);
484 }
486 function get_additional_error()
487 {
488 $error= "";
489 @ldap_get_option ($this->cid, LDAP_OPT_ERROR_STRING, $error);
490 return ($error);
491 }
493 function get_error()
494 {
495 if ($this->error == 'Success'){
496 return $this->error;
497 } else {
498 $error= $this->error." (".$this->get_additional_error().")";
499 return $error;
500 }
501 }
503 function get_credentials($url, $referrals= NULL)
504 {
505 $ret= array();
506 $url= preg_replace('!\?\?.*$!', '', $url);
507 $server= preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $url);
509 if ($referrals == NULL){
510 $referrals= $this->referrals;
511 }
513 if (isset($referrals[$server])){
514 return ($referrals[$server]);
515 } else {
516 $ret['ADMIN']= $this->binddn;
517 $ret['PASSWORD']= $this->bindpw;
518 }
520 return ($ret);
521 }
524 function gen_ldif ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE)
525 {
526 $display= "";
528 if ($recursive){
529 $this->cd($dn);
530 $this->search("$filter", array('dn'));
531 while ($attrs= $this->fetch()){
532 $display.= $this->gen_one_entry($attrs['dn'], $filter, $attributes);
533 $display.= "\n";
534 }
535 } else {
536 $display.= $this->gen_one_entry($dn);
537 }
539 return ($display);
540 }
543 function gen_one_entry($dn, $filter= "(objectClass=*)" , $name= array("*"))
544 {
545 $ret = "";
546 $data = "";
547 if($this->reconnect){
548 $this->connect();
549 }
551 /* Searching Ldap Tree */
552 $sr= @ldap_read($this->cid, $dn, $filter, $name);
554 /* Get the first entry */
555 $entry= @ldap_first_entry($this->cid, $sr);
557 /* Get all attributes related to that Objekt */
558 $atts = array();
560 /* Assemble dn */
561 $atts[0]['name'] = "dn";
562 $atts[0]['value'] = array('count' => 1, 0 => $dn);
564 /* Reset index */
565 $i = 1 ;
566 $identifier = array();
567 $attribute= @ldap_first_attribute($this->cid,$entry,$identifier);
568 while ($attribute) {
569 $i++;
570 $atts[$i]['name'] = $attribute;
571 $atts[$i]['value'] = @ldap_get_values_len($this->cid, $entry, "$attribute");
573 /* Next one */
574 $attribute= @ldap_next_attribute($this->cid,$entry,$identifier);
575 }
577 foreach($atts as $at)
578 {
579 for ($i= 0; $i<$at['value']['count']; $i++){
581 /* Check if we must encode the data */
582 if(!preg_match('/^[a-z0-9+@#.=, \/ -]+$/i', $at['value'][$i])) {
583 $ret .= $at['name'].":: ".base64_encode($at['value'][$i])."\n";
584 } else {
585 $ret .= $at['name'].": ".$at['value'][$i]."\n";
586 }
587 }
588 }
590 return($ret);
591 }
594 function dn_exists($dn)
595 {
596 return @ldap_list($this->cid, $dn, "(objectClass=*)", array("objectClass"));
597 }
601 function import_complete_ldif($str_attr,&$error,$overwrite,$cleanup)
602 {
603 if($this->reconnect) $this->connect();
605 /* First we have to splitt the string ito detect empty lines
606 An empty line indicates an new Entry */
607 $entries = split("\n",$str_attr);
609 $data = "";
610 $cnt = 0;
611 $current_line = 0;
613 /* Every single line ... */
614 foreach($entries as $entry) {
615 $current_line ++;
617 /* Removing Spaces to ..
618 .. test if a new entry begins */
619 $tmp = str_replace(" ","",$data );
621 /* .. prevent empty lines in an entry */
622 $tmp2 = str_replace(" ","",$entry);
624 /* If the Block ends (Empty Line) */
625 if((empty($entry))&&(!empty($tmp))) {
626 /* Add collected lines as a complete block */
627 $all[$cnt] = $data;
628 $cnt ++;
629 $data ="";
630 } else {
632 /* Append lines ... */
633 if(!empty($tmp2)) {
634 /* check if we need base64_decode for this line */
635 if(ereg("::",$tmp2))
636 {
637 $encoded = split("::",$entry);
638 $attr = $encoded[0];
639 $value = base64_decode($encoded[1]);
640 /* Add linenumber */
641 $data .= $current_line."#".$attr.":".$value."\n";
642 }
643 else
644 {
645 /* Add Linenumber */
646 $data .= $current_line."#".$entry."\n";
647 }
648 }
649 }
650 }
652 /* The Data we collected is not in the array all[];
653 For example the Data is stored like this..
655 all[0] = "1#dn : .... \n
656 2#ObjectType: person \n ...."
658 Now we check every insertblock and try to insert */
659 foreach ( $all as $single) {
660 $lineone = split("\n",$single);
661 $ndn = split("#", $lineone[0]);
662 $line = $ndn[1];
664 $dnn = split (":",$line);
665 $current_line = $ndn[0];
666 $dn = $dnn[0];
667 $value = $dnn[1];
669 /* Every block must begin with a dn */
670 if($dn != "dn") {
671 $error= sprintf(_("This is not a valid DN: '%s'. A block for import should begin with 'dn: ...' in line %s"), $line, $current_line);
672 return -2;
673 }
675 /* Should we use Modify instead of Add */
676 $usemodify= false;
678 /* Delete before insert */
679 $usermdir= false;
681 /* The dn address already exists! */
682 if (($this->dn_exists($value))&&((!$overwrite)&&(!$cleanup))) {
684 $error= sprintf(_("The dn: '%s' (from line %s) already exists in the LDAP database."), $line, $current_line);
685 return ALREADY_EXISTING_ENTRY;
687 } elseif(($this->dn_exists($value))&&($cleanup)){
689 /* Delete first, then add */
690 $usermdir = true;
692 } elseif(($this->dn_exists($value))&&($overwrite)) {
694 /* Modify instead of Add */
695 $usemodify = true;
696 }
698 /* If we can't Import, return with a file error */
699 if(!$this->import_single_entry($single,$usemodify,$usermdir) ) {
700 $error= sprintf(_("Error while importing dn: '%s', please check your LDIF from line %s on!"), $line,
701 $current_line);
702 return UNKNOWN_TOKEN_IN_LDIF_FILE; }
703 }
705 return (INSERT_OK);
706 }
709 /* Imports a single entry */
710 function import_single_entry($str_attr,$modify,$delete)
711 {
712 if($this->reconnect) $this->connect();
714 $ret = false;
715 $rows= split("\n",$str_attr);
716 $data= false;
718 foreach($rows as $row) {
720 /* Check if we use Linenumbers (when import_complete_ldif is called we use
721 Linenumbers) Linenumbers are use like this 123#attribute : value */
722 if(!empty($row)) {
723 if((strpos($row,"#")!=FALSE)&&(strpos($row,"#")<strpos($row,":"))) {
725 /* We are using line numbers
726 Because there is a # before a : */
727 $tmp1= split("#",$row);
728 $current_line= $tmp1[0];
729 $row= $tmp1[1];
730 }
732 /* Split the line into attribute and value */
733 $attr = split(":", $row);
734 $attr[0]= trim($attr[0]); /* attribute */
735 $attr[1]= trim($attr[1]); /* value */
737 /* Check for attributes that are used more than once */
738 if(!isset($data[$attr[0]])) {
739 $data[$attr[0]]=$attr[1];
740 } else {
741 $tmp = $data[$attr[0]];
743 if(!is_array($tmp)) {
744 $new[0]=$tmp;
745 $new[1]=$attr[1];
746 $datas[$attr[0]]['count']=1;
747 $data[$attr[0]]=$new;
748 } else {
749 $cnt = $datas[$attr[0]]['count'];
750 $cnt ++;
751 $data[$attr[0]][$cnt]=$attr[1];
752 $datas[$attr[0]]['count'] = $cnt;
753 }
754 }
755 }
756 }
758 /* If dn is an index of data, we should try to insert the data */
759 if(isset($data['dn'])) {
760 /* Creating Entry */
761 $this->cd($data['dn']);
763 /* Delete existing entry */
764 if($delete){
765 $this->rmdir($data['dn']);
766 }
768 /* Create missing trees */
769 $this->create_missing_trees($data['dn']);
770 unset($data['dn']);
772 /* If entry exists use modify */
773 if(!$modify){
774 $ret = $this->add($data);
775 } else {
776 $ret = $this->modify($data);
777 }
778 }
780 return($ret);
781 }
784 function importcsv($str)
785 {
786 $lines = split("\n",$str);
787 foreach($lines as $line)
788 {
789 /* continue if theres a comment */
790 if(substr(trim($line),0,1)=="#"){
791 continue;
792 }
794 $line= str_replace ("\t\t","\t",$line);
795 $line= str_replace ("\t" ,"," ,$line);
796 echo $line;
798 $cells = split(",",$line ) ;
799 $linet= str_replace ("\t\t",",",$line);
800 $cells = split("\t",$line);
801 $count = count($cells);
802 }
804 }
806 }
808 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
809 ?>