1 <?php
2 /*****************************************************************************
3 newldap.inc - version 1.0
4 Copyright (C) 2003 Alejandro Escanero Blanco <alex@ofmin.com>
5 Copyright (C) 2004 Cajus Pollmeier <pollmeier@gonicus.de>
7 Based in code of ldap.inc of
8 Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
9 *****************************************************************************/
11 define("ALREADY_EXISTING_ENTRY",-10001);
12 define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
13 define("NO_FILE_UPLOADED",10003);
16 define("INSERT_OK",10000);
20 class LDAP{
22 var $hascon =false;
23 var $hasres =false;
24 var $reconnect=false;
25 var $tls = false;
26 var $basedn ="";
27 var $cid;
28 var $error = ""; // Any error messages to be returned can be put here
29 var $start = 0; // 0 if we are fetching the first entry, otherwise 1
30 var $objectClasses = array(); // Information read from slapd.oc.conf
31 var $binddn = "";
32 var $bindpw = "";
33 var $hostname = "";
34 var $follow_referral = FALSE;
35 var $referrals= array();
37 function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
38 {
39 $this->follow_referral= $follow_referral;
40 $this->tls=$tls;
41 $this->binddn=$binddn;
42 $this->bindpw=$bindpw;
43 $this->hostname=$hostname;
44 $this->connect();
45 }
47 function connect()
48 {
49 $this->hascon=false;
50 $this->reconnect=false;
51 if ($this->cid= @ldap_connect($this->hostname)) {
52 @ldap_set_option($this->cid, LDAP_OPT_PROTOCOL_VERSION, 3);
53 if (function_exists("ldap_set_rebind_proc") && $this->follow_referral) {
54 @ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
55 @ldap_set_rebind_proc($this->cid, array(&$this, "rebind"));
56 }
57 if (function_exists("ldap_start_tls") && $this->tls){
58 @ldap_start_tls($this->cid);
59 }
61 $this->error = "No Error";
62 if ($bid = @ldap_bind($this->cid, $this->binddn, $this->bindpw)) {
63 $this->error = "Success";
64 $this->hascon=true;
65 } else {
66 if ($this->reconnect){
67 if ($this->error != "Success"){
68 $this->error = "Could not rebind to " . $this->binddn;
69 }
70 } else {
71 $this->error = "Could not bind to " . $this->binddn;
72 }
73 }
74 } else {
75 $this->error = "Could not connect to LDAP server";
76 }
77 }
79 function rebind($ldap, $referral)
80 {
81 $credentials= $this->get_credentials($referral);
82 if (@ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
83 $this->error = "Success";
84 $this->hascon=true;
85 $this->reconnect= true;
86 return (0);
87 } else {
88 $this->error = "Could not bind to " . $credentials['ADMIN'];
89 return NULL;
90 }
91 }
93 function reconnect()
94 {
95 if ($this->reconnect){
96 @ldap_unbind($this->cid);
97 $this->cid = NULL;
98 }
99 }
101 function unbind()
102 {
103 @ldap_unbind($this->cid);
104 $this->cid = NULL;
105 }
107 function disconnect()
108 {
109 if($this->hascon){
110 @ldap_close($this->cid);
111 $this->hascon=false;
112 }
113 }
115 function cd($dir)
116 {
117 if ($dir == "..")
118 $this->basedn = $this->getParentDir();
119 else
120 $this->basedn = $dir;
121 }
123 function getParentDir($basedn = "")
124 {
125 if ($basedn=="")
126 $basedn = $this->basedn;
127 return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
128 }
130 function search($filter, $attrs= array())
131 {
133 if($this->hascon){
134 if ($this->reconnect) $this->connect();
135 $this->clearResult();
136 $this->sr = @ldap_search($this->cid, $this->basedn, $filter, $attrs);
137 $this->error = @ldap_error($this->cid);
138 $this->resetResult();
139 $this->hasres=true;
140 return($this->sr);
141 }else{
142 $this->error = "Could not connect to LDAP server";
143 return("");
144 }
145 }
147 function ls($filter = "(objectclass=*)", $basedn = "")
148 {
149 if($this->hascon){
150 if ($this->reconnect) $this->connect();
151 $this->clearResult();
152 if ($basedn == "")
153 $basedn = $this->basedn;
154 $this->sr = @ldap_list($this->cid, $basedn, $filter);
155 $this->error = @ldap_error($this->cid);
156 $this->resetResult();
157 $this->hasres=true;
158 return($this->sr);
159 }else{
160 $this->error = "Could not connect to LDAP server";
161 return("");
162 }
163 }
165 function cat($dn)
166 {
167 if($this->hascon){
168 if ($this->reconnect) $this->connect();
169 $this->clearResult();
170 $filter = "(objectclass=*)";
171 $this->sr = @ldap_read($this->cid, $dn, $filter);
172 $this->error = @ldap_error($this->cid);
173 $this->resetResult();
174 $this->hasres=true;
175 return($this->sr);
176 }else{
177 $this->error = "Could not connect to LDAP server";
178 return("");
179 }
180 }
182 function set_size_limit($size)
183 {
184 /* Ignore zero settings */
185 if ($size == 0){
186 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, 10000000);
187 }
188 if($this->hascon){
189 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, $size);
190 } else {
191 $this->error = "Could not connect to LDAP server";
192 }
193 }
195 function fetch()
196 {
197 if($this->hascon){
198 if($this->hasres){
199 if ($this->start == 0)
200 {
201 $this->start = 1;
202 $this->re= @ldap_first_entry($this->cid, $this->sr);
203 } else {
204 $this->re= @ldap_next_entry($this->cid, $this->re);
205 }
206 if ($this->re)
207 {
208 $att= @ldap_get_attributes($this->cid, $this->re);
209 $att['dn']= @ldap_get_dn($this->cid, $this->re);
210 }
211 $this->error = @ldap_error($this->cid);
212 if (!isset($att)){
213 $att= array();
214 }
215 return($att);
216 }else{
217 $this->error = "Perform a Fetch with no Search";
218 return("");
219 }
220 }else{
221 $this->error = "Could not connect to LDAP server";
222 return("");
223 }
224 }
226 function resetResult()
227 {
228 $this->start = 0;
229 }
231 function clearResult()
232 {
233 if($this->hasres){
234 $this->hasres = false;
235 @ldap_free_result($this->sr);
236 }
237 }
239 function getDN()
240 {
241 if($this->hascon){
242 if($this->hasres){
244 if(!$this->re)
245 {
246 $this->error = "Perform a Fetch with no valid Result";
247 }
248 else
249 {
250 $rv = @ldap_get_dn($this->cid, $this->re);
252 $this->error = @ldap_error($this->cid);
253 $rv= preg_replace("/[ ]*,[ ]*/", ",", $rv);
254 return($rv);
255 }
256 }else{
257 $this->error = "Perform a Fetch with no Search";
258 return("");
259 }
260 }else{
261 $this->error = "Could not connect to LDAP server";
262 return("");
263 }
264 }
266 function count()
267 {
268 if($this->hascon){
269 if($this->hasres){
270 $rv = @ldap_count_entries($this->cid, $this->sr);
271 $this->error = @ldap_error($this->cid);
272 return($rv);
273 }else{
274 $this->error = "Perform a Fetch with no Search";
275 return("");
276 }
277 }else{
278 $this->error = "Could not connect to LDAP server";
279 return("");
280 }
281 }
283 function rm($attrs = "", $dn = "")
284 {
285 if($this->hascon){
286 if ($this->reconnect) $this->connect();
287 if ($dn == "")
288 $dn = $this->basedn;
290 $r = @ldap_mod_del($this->cid, $dn, $attrs);
291 $this->error = @ldap_error($this->cid);
292 return($r);
293 }else{
294 $this->error = "Could not connect to LDAP server";
295 return("");
296 }
297 }
299 function rename($attrs, $dn = "")
300 {
301 if($this->hascon){
302 if ($this->reconnect) $this->connect();
303 if ($dn == "")
304 $dn = $this->basedn;
306 $r = @ldap_mod_replace($this->cid, $dn, $attrs);
307 $this->error = @ldap_error($this->cid);
308 return($r);
309 }else{
310 $this->error = "Could not connect to LDAP server";
311 return("");
312 }
313 }
315 function rmdir($deletedn)
316 {
317 if($this->hascon){
318 if ($this->reconnect) $this->connect();
319 $r = @ldap_delete($this->cid, $deletedn);
320 $this->error = @ldap_error($this->cid);
321 return($r ? $r : 0);
322 }else{
323 $this->error = "Could not connect to LDAP server";
324 return("");
325 }
326 }
328 /**
329 * Function rmdir_recursive
330 *
331 * Description: Based in recursive_remove, adding two thing: full subtree remove, and delete own node.
332 * Parameters: The dn to delete
333 * GiveBack: True on sucessfull , 0 in error, and "" when we don't get a ldap conection
334 *
335 */
337 function rmdir_recursive($deletedn)
338 {
339 if($this->hascon){
340 if ($this->reconnect) $this->connect();
341 $delarray= array();
343 /* Get sorted list of dn's to delete */
344 $this->ls ("(objectClass=*)",$deletedn);
345 while ($this->fetch()){
346 $deldn= $this->getDN();
347 $delarray[$deldn]= strlen($deldn);
348 }
349 arsort ($delarray);
350 reset ($delarray);
352 /* Really Delete ALL dn's in subtree */
353 foreach ($delarray as $key => $value){
354 $this->rmdir_recursive($key);
355 }
357 /* Finally Delete own Node */
358 $r = @ldap_delete($this->cid, $deletedn);
359 $this->error = @ldap_error($this->cid);
360 return($r ? $r : 0);
361 }else{
362 $this->error = "Could not connect to LDAP server";
363 return("");
364 }
365 }
368 function modify($attrs)
369 {
370 if($this->hascon){
371 if ($this->reconnect) $this->connect();
372 $r = @ldap_modify($this->cid, $this->basedn, $attrs);
373 $this->error = @ldap_error($this->cid);
374 return($r ? $r : 0);
375 }else{
376 $this->error = "Could not connect to LDAP server";
377 return("");
378 }
379 }
381 function add($attrs)
382 {
383 if($this->hascon){
384 if ($this->reconnect) $this->connect();
385 $r = @ldap_add($this->cid, $this->basedn, $attrs);
386 $this->error = @ldap_error($this->cid);
387 return($r ? $r : 0);
388 }else{
389 $this->error = "Could not connect to LDAP server";
390 return("");
391 }
392 }
394 function create_missing_trees($target)
395 {
396 /* Ignore create_missing trees if the base equals target */
397 if ($target == $this->basedn){
398 return;
399 }
400 $l= array_reverse(explode(",", preg_replace("/,".$this->basedn."/", "", $target)));
401 $cdn= $this->basedn;
402 foreach ($l as $part){
403 $cdn= "$part,$cdn";
405 /* Ignore referrals */
406 $found= false;
407 foreach($this->referrals as $ref){
408 $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URL']);
409 if ($base == $cdn){
410 $found= true;
411 break;
412 }
413 }
414 if ($found){
415 continue;
416 }
418 $this->cat ($cdn);
419 $attrs= $this->fetch();
421 /* Create missing entry? */
422 if (!count ($attrs)){
423 $type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
424 $param= preg_replace('/^[^=]+=([^,]+),.*$/', '\\1', $cdn);
426 $na= array();
427 switch ($type){
428 case 'ou':
429 $na["objectClass"]= "organizationalUnit";
430 $na["ou"]= $param;
431 break;
432 case 'dc':
433 $na["objectClass"]= array("dcObject", "top", "locality");
434 $na["dc"]= $param;
435 break;
436 default:
437 print_red(sprintf(_("Autocreation of type '%s' is currently not supported. Please report to the GOsa team."), $type));
438 echo $_SESSION['errors'];
439 exit;
440 }
441 $this->cd($cdn);
442 $this->add($na);
443 }
444 }
445 }
447 function recursive_remove()
448 {
449 $delarray= array();
451 /* Get sorted list of dn's to delete */
452 $this->search ("(objectClass=*)");
453 while ($this->fetch()){
454 $deldn= $this->getDN();
455 $delarray[$deldn]= strlen($deldn);
456 }
457 arsort ($delarray);
458 reset ($delarray);
460 /* Delete all dn's in subtree */
461 foreach ($delarray as $key => $value){
462 $this->rmdir($key);
463 }
464 }
466 function get_attribute($dn, $name)
467 {
468 $data= "";
469 if ($this->reconnect) $this->connect();
470 $sr= @ldap_read($this->cid, $dn, "objectClass=*", array("$name"));
472 /* fill data from LDAP */
473 if ($sr) {
474 $ei= @ldap_first_entry($this->cid, $sr);
475 if ($ei) {
476 if ($info= @ldap_get_values_len($this->cid, $ei, "$name")){
477 $data= $info[0];
478 }
479 }
480 }
482 return ($data);
483 }
485 function get_additional_error()
486 {
487 $error= "";
488 @ldap_get_option ($this->cid, LDAP_OPT_ERROR_STRING, $error);
489 return ($error);
490 }
492 function get_error()
493 {
494 if ($this->error == 'Success'){
495 return $this->error;
496 } else {
497 $error= $this->error." (".$this->get_additional_error().")";
498 return $error;
499 }
500 }
502 function get_credentials($url, $referrals= NULL)
503 {
504 $ret= array();
505 $url= preg_replace('!\?\?.*$!', '', $url);
506 $server= preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $url);
508 if ($referrals == NULL){
509 $referrals= $this->referrals;
510 }
512 if (isset($referrals[$server])){
513 return ($referrals[$server]);
514 } else {
515 $ret['ADMIN']= $this->binddn;
516 $ret['PASSWORD']= $this->bindpw;
517 }
519 return ($ret);
520 }
523 function gen_ldif ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE)
524 {
525 $display= "";
527 if ($recursive){
528 $this->cd($dn);
529 $this->search("$filter", array('dn'));
530 while ($attrs= $this->fetch()){
531 $display.= $this->gen_one_entry($attrs['dn'], $filter, $attributes);
532 $display.= "\n";
533 }
534 } else {
535 $display.= $this->gen_one_entry($dn);
536 }
538 return ($display);
539 }
542 function gen_one_entry($dn, $filter= "(objectClass=*)" , $name= array("*"))
543 {
544 $ret = "";
545 $data = "";
546 if($this->reconnect){
547 $this->connect();
548 }
550 /* Searching Ldap Tree */
551 $sr= @ldap_read($this->cid, $dn, $filter, $name);
553 /* Get the first entry */
554 $entry= @ldap_first_entry($this->cid, $sr);
556 /* Get all attributes related to that Objekt */
557 $atts = array();
559 /* Assemble dn */
560 $atts[0]['name'] = "dn";
561 $atts[0]['value'] = array('count' => 1, 0 => $dn);
563 /* Reset index */
564 $i = 1 ;
565 $identifier = array();
566 $attribute= @ldap_first_attribute($this->cid,$entry,$identifier);
567 while ($attribute) {
568 $i++;
569 $atts[$i]['name'] = $attribute;
570 $atts[$i]['value'] = @ldap_get_values_len($this->cid, $entry, "$attribute");
572 /* Next one */
573 $attribute= @ldap_next_attribute($this->cid,$entry,$identifier);
574 }
576 foreach($atts as $at)
577 {
578 for ($i= 0; $i<$at['value']['count']; $i++){
580 /* Check if we must encode the data */
581 if(!preg_match('/^[a-z0-9+@#.=, \/ -]+$/i', $at['value'][$i])) {
582 $ret .= $at['name'].":: ".base64_encode($at['value'][$i])."\n";
583 } else {
584 $ret .= $at['name'].": ".$at['value'][$i]."\n";
585 }
586 }
587 }
589 return($ret);
590 }
593 function dn_exists($dn)
594 {
595 return @ldap_list($this->cid, $dn, "(objectClass=*)", array("objectClass"));
596 }
600 function import_complete_ldif($str_attr,&$error,$overwrite,$cleanup)
601 {
602 if($this->reconnect) $this->connect();
604 /* First we have to splitt the string ito detect empty lines
605 An empty line indicates an new Entry */
606 $entries = split("\n",$str_attr);
608 $data = "";
609 $cnt = 0;
610 $current_line = 0;
612 /* Every single line ... */
613 foreach($entries as $entry) {
614 $current_line ++;
616 /* Removing Spaces to ..
617 .. test if a new entry begins */
618 $tmp = str_replace(" ","",$data );
620 /* .. prevent empty lines in an entry */
621 $tmp2 = str_replace(" ","",$entry);
623 /* If the Block ends (Empty Line) */
624 if((empty($entry))&&(!empty($tmp))) {
625 /* Add collected lines as a complete block */
626 $all[$cnt] = $data;
627 $cnt ++;
628 $data ="";
629 } else {
631 /* Append lines ... */
632 if(!empty($tmp2)) {
633 /* check if we need base64_decode for this line */
634 if(ereg("::",$tmp2))
635 {
636 $encoded = split("::",$entry);
637 $attr = $encoded[0];
638 $value = base64_decode($encoded[1]);
639 /* Add linenumber */
640 $data .= $current_line."#".$attr.":".$value."\n";
641 }
642 else
643 {
644 /* Add Linenumber */
645 $data .= $current_line."#".$entry."\n";
646 }
647 }
648 }
649 }
651 /* The Data we collected is not in the array all[];
652 For example the Data is stored like this..
654 all[0] = "1#dn : .... \n
655 2#ObjectType: person \n ...."
657 Now we check every insertblock and try to insert */
658 foreach ( $all as $single) {
659 $lineone = split("\n",$single);
660 $ndn = split("#", $lineone[0]);
661 $line = $ndn[1];
663 $dnn = split (":",$line);
664 $current_line = $ndn[0];
665 $dn = $dnn[0];
666 $value = $dnn[1];
668 /* Every block must begin with a dn */
669 if($dn != "dn") {
670 $error= sprintf(_("This is not a valid DN: '%s'. A block for import should begin with 'dn: ...' in line %s"), $line, $current_line);
671 return -2;
672 }
674 /* Should we use Modify instead of Add */
675 $usemodify= false;
677 /* Delete before insert */
678 $usermdir= false;
680 /* The dn address already exists! */
681 if (($this->dn_exists($value))&&((!$overwrite)&&(!$cleanup))) {
683 $error= sprintf(_("The dn: '%s' (from line %s) already exists in the LDAP database."), $line, $current_line);
684 return ALREADY_EXISTING_ENTRY;
686 } elseif(($this->dn_exists($value))&&($cleanup)){
688 /* Delete first, then add */
689 $usermdir = true;
691 } elseif(($this->dn_exists($value))&&($overwrite)) {
693 /* Modify instead of Add */
694 $usemodify = true;
695 }
697 /* If we can't Import, return with a file error */
698 if(!$this->import_single_entry($single,$usemodify,$usermdir) ) {
699 $error= sprintf(_("Error while importing dn: '%s', please check your LDIF from line %s on!"), $line,
700 $current_line);
701 return UNKNOWN_TOKEN_IN_LDIF_FILE; }
702 }
704 return (INSERT_OK);
705 }
708 /* Imports a single entry */
709 function import_single_entry($str_attr,$modify,$delete)
710 {
711 if($this->reconnect) $this->connect();
713 $ret = false;
714 $rows= split("\n",$str_attr);
715 $data= false;
717 foreach($rows as $row) {
719 /* Check if we use Linenumbers (when import_complete_ldif is called we use
720 Linenumbers) Linenumbers are use like this 123#attribute : value */
721 if(!empty($row)) {
722 if((strpos($row,"#")!=FALSE)&&(strpos($row,"#")<strpos($row,":"))) {
724 /* We are using line numbers
725 Because there is a # before a : */
726 $tmp1= split("#",$row);
727 $current_line= $tmp1[0];
728 $row= $tmp1[1];
729 }
731 /* Split the line into attribute and value */
732 $attr = split(":", $row);
733 $attr[0]= trim($attr[0]); /* attribute */
734 $attr[1]= trim($attr[1]); /* value */
736 /* Check for attributes that are used more than once */
737 if(!isset($data[$attr[0]])) {
738 $data[$attr[0]]=$attr[1];
739 } else {
740 $tmp = $data[$attr[0]];
742 if(!is_array($tmp)) {
743 $new[0]=$tmp;
744 $new[1]=$attr[1];
745 $datas[$attr[0]]['count']=1;
746 $data[$attr[0]]=$new;
747 } else {
748 $cnt = $datas[$attr[0]]['count'];
749 $cnt ++;
750 $data[$attr[0]][$cnt]=$attr[1];
751 $datas[$attr[0]]['count'] = $cnt;
752 }
753 }
754 }
755 }
757 /* If dn is an index of data, we should try to insert the data */
758 if(isset($data['dn'])) {
759 /* Creating Entry */
760 $this->cd($data['dn']);
762 /* Delete existing entry */
763 if($delete){
764 $this->rmdir($data['dn']);
765 }
767 /* Create missing trees */
768 $this->create_missing_trees($data['dn']);
769 unset($data['dn']);
771 /* If entry exists use modify */
772 if(!$modify){
773 $ret = $this->add($data);
774 } else {
775 $ret = $this->modify($data);
776 }
777 }
779 return($ret);
780 }
783 function importcsv($str)
784 {
785 $lines = split("\n",$str);
786 foreach($lines as $line)
787 {
788 /* continue if theres a comment */
789 if(substr(trim($line),0,1)=="#"){
790 continue;
791 }
793 $line= str_replace ("\t\t","\t",$line);
794 $line= str_replace ("\t" ,"," ,$line);
795 echo $line;
797 $cells = split(",",$line ) ;
798 $linet= str_replace ("\t\t",",",$line);
799 $cells = split("\t",$line);
800 $count = count($cells);
801 }
803 }
805 }
807 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
808 ?>