![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
1 <?php
2 /*****************************************************************************
3 newldap.inc - version 1.0
4 Copyright (C) 2003 Alejandro Escanero Blanco <alex@ofmin.com>
5 Copyright (C) 2004 Cajus Pollmeier <pollmeier@gonicus.de>
7 Based in code of ldap.inc of
8 Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
9 *****************************************************************************/
11 define("ALREADY_EXISTING_ENTRY",-10001);
12 define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
13 define("NO_FILE_UPLOADED",10003);
16 define("INSERT_OK",10000);
20 class LDAP{
22 var $hascon =false;
23 var $hasres =false;
24 var $reconnect=false;
25 var $tls = false;
26 var $basedn ="";
27 var $cid;
28 var $error = ""; // Any error messages to be returned can be put here
29 var $start = 0; // 0 if we are fetching the first entry, otherwise 1
30 var $objectClasses = array(); // Information read from slapd.oc.conf
31 var $binddn = "";
32 var $bindpw = "";
33 var $hostname = "";
34 var $follow_referral = FALSE;
35 var $referrals= array();
37 function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
38 {
39 $this->follow_referral= $follow_referral;
40 $this->tls=$tls;
41 $this->binddn=$binddn;
42 $this->bindpw=$bindpw;
43 $this->hostname=$hostname;
44 $this->connect();
45 }
47 function connect()
48 {
49 $this->hascon=false;
50 $this->reconnect=false;
51 if ($this->cid= @ldap_connect($this->hostname)) {
52 @ldap_set_option($this->cid, LDAP_OPT_PROTOCOL_VERSION, 3);
53 if (function_exists("ldap_set_rebind_proc") && $this->follow_referral) {
54 @ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
55 @ldap_set_rebind_proc($this->cid, array(&$this, "rebind"));
56 }
57 if (function_exists("ldap_start_tls") && $this->tls){
58 @ldap_start_tls($this->cid);
59 }
61 $this->error = "No Error";
62 if ($bid = @ldap_bind($this->cid, $this->binddn, $this->bindpw)) {
63 $this->error = "Success";
64 $this->hascon=true;
65 } else {
66 if ($this->reconnect){
67 if ($this->error != "Success"){
68 $this->error = "Could not rebind to " . $this->binddn;
69 }
70 } else {
71 $this->error = "Could not bind to " . $this->binddn;
72 }
73 }
74 } else {
75 $this->error = "Could not connect to LDAP server";
76 }
77 }
79 function rebind($ldap, $referral)
80 {
81 $credentials= $this->get_credentials($referral);
82 if (@ldap_bind($ldap, $credentials['ADMIN'], $credentials['PASSWORD'])) {
83 $this->error = "Success";
84 $this->hascon=true;
85 $this->reconnect= true;
86 return (0);
87 } else {
88 $this->error = "Could not bind to " . $credentials['ADMIN'];
89 return NULL;
90 }
91 }
93 function reconnect()
94 {
95 if ($this->reconnect){
96 @ldap_unbind($this->cid);
97 $this->cid = NULL;
98 }
99 }
101 function unbind()
102 {
103 @ldap_unbind($this->cid);
104 $this->cid = NULL;
105 }
107 function disconnect()
108 {
109 if($this->hascon){
110 @ldap_close($this->cid);
111 $this->hascon=false;
112 }
113 }
115 function cd($dir)
116 {
117 if ($dir == "..")
118 $this->basedn = $this->getParentDir();
119 else
120 $this->basedn = $dir;
121 }
123 function getParentDir($basedn = "")
124 {
125 if ($basedn=="")
126 $basedn = $this->basedn;
127 return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
128 }
130 function search($filter, $attrs= array())
131 {
133 if($this->hascon){
134 if ($this->reconnect) $this->connect();
135 $this->clearResult();
136 $this->sr = @ldap_search($this->cid, $this->basedn, $filter, $attrs);
137 $this->error = @ldap_error($this->cid);
138 $this->resetResult();
139 $this->hasres=true;
140 return($this->sr);
141 }else{
142 $this->error = "Could not connect to LDAP server";
143 return("");
144 }
145 }
147 function ls($filter = "(objectclass=*)", $basedn = "")
148 {
149 if($this->hascon){
150 if ($this->reconnect) $this->connect();
151 $this->clearResult();
152 if ($basedn == "")
153 $basedn = $this->basedn;
154 $this->sr = @ldap_list($this->cid, $basedn, $filter);
155 $this->error = @ldap_error($this->cid);
156 $this->resetResult();
157 $this->hasres=true;
158 return($this->sr);
159 }else{
160 $this->error = "Could not connect to LDAP server";
161 return("");
162 }
163 }
165 function cat($dn)
166 {
167 if($this->hascon){
168 if ($this->reconnect) $this->connect();
169 $this->clearResult();
170 $filter = "(objectclass=*)";
171 $this->sr = @ldap_read($this->cid, $dn, $filter);
172 $this->error = @ldap_error($this->cid);
173 $this->resetResult();
174 $this->hasres=true;
175 return($this->sr);
176 }else{
177 $this->error = "Could not connect to LDAP server";
178 return("");
179 }
180 }
182 function set_size_limit($size)
183 {
184 /* Ignore zero settings */
185 if ($size == 0){
186 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, 10000000);
187 }
188 if($this->hascon){
189 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, $size);
190 } else {
191 $this->error = "Could not connect to LDAP server";
192 }
193 }
195 function fetch()
196 {
197 if($this->hascon){
198 if($this->hasres){
199 if ($this->start == 0)
200 {
201 $this->start = 1;
202 $this->re= @ldap_first_entry($this->cid, $this->sr);
203 } else {
204 $this->re= @ldap_next_entry($this->cid, $this->re);
205 }
206 if ($this->re)
207 {
208 $att= @ldap_get_attributes($this->cid, $this->re);
209 $att['dn']= @ldap_get_dn($this->cid, $this->re);
210 }
211 $this->error = @ldap_error($this->cid);
212 if (!isset($att)){
213 $att= array();
214 }
215 return($att);
216 }else{
217 $this->error = "Perform a Fetch with no Search";
218 return("");
219 }
220 }else{
221 $this->error = "Could not connect to LDAP server";
222 return("");
223 }
224 }
226 function resetResult()
227 {
228 $this->start = 0;
229 }
231 function clearResult()
232 {
233 if($this->hasres){
234 $this->hasres = false;
235 @ldap_free_result($this->sr);
236 }
237 }
239 function getDN()
240 {
241 if($this->hascon){
242 if($this->hasres){
244 if(!$this->re)
245 {
246 $this->error = "Perform a Fetch with no valid Result";
247 }
248 else
249 {
250 $rv = @ldap_get_dn($this->cid, $this->re);
252 $this->error = @ldap_error($this->cid);
253 $rv= preg_replace("/[ ]*,[ ]*/", ",", $rv);
254 return($rv);
255 }
256 }else{
257 $this->error = "Perform a Fetch with no Search";
258 return("");
259 }
260 }else{
261 $this->error = "Could not connect to LDAP server";
262 return("");
263 }
264 }
266 function count()
267 {
268 if($this->hascon){
269 if($this->hasres){
270 $rv = @ldap_count_entries($this->cid, $this->sr);
271 $this->error = @ldap_error($this->cid);
272 return($rv);
273 }else{
274 $this->error = "Perform a Fetch with no Search";
275 return("");
276 }
277 }else{
278 $this->error = "Could not connect to LDAP server";
279 return("");
280 }
281 }
283 function rm($attrs = "", $dn = "")
284 {
285 if($this->hascon){
286 if ($this->reconnect) $this->connect();
287 if ($dn == "")
288 $dn = $this->basedn;
290 $r = @ldap_mod_del($this->cid, $dn, $attrs);
291 $this->error = @ldap_error($this->cid);
292 return($r);
293 }else{
294 $this->error = "Could not connect to LDAP server";
295 return("");
296 }
297 }
299 function rename($attrs, $dn = "")
300 {
301 if($this->hascon){
302 if ($this->reconnect) $this->connect();
303 if ($dn == "")
304 $dn = $this->basedn;
306 $r = @ldap_mod_replace($this->cid, $dn, $attrs);
307 $this->error = @ldap_error($this->cid);
308 return($r);
309 }else{
310 $this->error = "Could not connect to LDAP server";
311 return("");
312 }
313 }
315 function rmdir($deletedn)
316 {
317 if($this->hascon){
318 if ($this->reconnect) $this->connect();
319 $r = @ldap_delete($this->cid, $deletedn);
320 $this->error = @ldap_error($this->cid);
321 return($r ? $r : 0);
322 }else{
323 $this->error = "Could not connect to LDAP server";
324 return("");
325 }
326 }
328 function modify($attrs)
329 {
330 if($this->hascon){
331 if ($this->reconnect) $this->connect();
332 $r = @ldap_modify($this->cid, $this->basedn, $attrs);
333 $this->error = @ldap_error($this->cid);
334 return($r ? $r : 0);
335 }else{
336 $this->error = "Could not connect to LDAP server";
337 return("");
338 }
339 }
341 function add($attrs)
342 {
343 if($this->hascon){
344 if ($this->reconnect) $this->connect();
345 $r = @ldap_add($this->cid, $this->basedn, $attrs);
346 $this->error = @ldap_error($this->cid);
347 return($r ? $r : 0);
348 }else{
349 $this->error = "Could not connect to LDAP server";
350 return("");
351 }
352 }
354 function create_missing_trees($target)
355 {
357 /* Ignore create_missing trees if the base equals target */
358 if ($target == $this->basedn){
359 return;
360 }
361 $l= array_reverse(explode(",", preg_replace("/,".$this->basedn."/", "", $target)));
362 $cdn= $this->basedn;
363 foreach ($l as $part){
364 $cdn= "$part,$cdn";
366 /* Ignore referrals */
367 $found= false;
368 foreach($this->referrals as $ref){
369 $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URL']);
370 if ($base == $cdn){
371 $found= true;
372 break;
373 }
374 }
375 if ($found){
376 continue;
377 }
379 $this->cat ($cdn);
380 $attrs= $this->fetch();
382 /* Create missing entry? */
383 if (!count ($attrs)){
384 $type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
385 $param= preg_replace('/^[^=]+=([^,]+),.*$/', '\\1', $cdn);
387 $na= array();
388 switch ($type){
389 case 'ou':
390 $na["objectClass"]= "organizationalUnit";
391 $na["ou"]= $param;
392 break;
393 case 'dc':
394 $na["objectClass"]= array("dcObject", "top", "locality");
395 $na["dc"]= $param;
396 break;
397 default:
398 print_red(sprintf(_("Autocreation of type '%s' is currently not supported. Please report to the GOsa team."), $type));
399 echo $_SESSION['errors'];
400 exit;
401 }
402 $this->cd($cdn);
403 $this->add($na);
404 }
405 }
406 }
408 function recursive_remove()
409 {
410 $delarray= array();
412 /* Get sorted list of dn's to delete */
413 $this->search ("(objectClass=*)");
414 while ($this->fetch()){
415 $deldn= $this->getDN();
416 $delarray[$deldn]= strlen($deldn);
417 }
418 arsort ($delarray);
419 reset ($delarray);
421 /* Delete all dn's in subtree */
422 foreach ($delarray as $key => $value){
423 $this->rmdir($key);
424 }
425 }
427 function get_attribute($dn, $name)
428 {
429 $data= "";
430 if ($this->reconnect) $this->connect();
431 $sr= @ldap_read($this->cid, $dn, "objectClass=*", array("$name"));
433 /* fill data from LDAP */
434 if ($sr) {
435 $ei= @ldap_first_entry($this->cid, $sr);
436 if ($ei) {
437 if ($info= @ldap_get_values_len($this->cid, $ei, "$name")){
438 $data= $info[0];
439 }
440 }
441 }
443 return ($data);
444 }
446 function get_additional_error()
447 {
448 $error= "";
449 @ldap_get_option ($this->cid, LDAP_OPT_ERROR_STRING, $error);
450 return ($error);
451 }
453 function get_error()
454 {
455 if ($this->error == 'Success'){
456 return $this->error;
457 } else {
458 $error= $this->error." (".$this->get_additional_error().")";
459 return $error;
460 }
461 }
463 function get_credentials($url, $referrals= NULL)
464 {
465 $ret= array();
466 $url= preg_replace('!\?\?.*$!', '', $url);
467 $server= preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $url);
469 if ($referrals == NULL){
470 $referrals= $this->referrals;
471 }
473 if (isset($referrals[$server])){
474 return ($referrals[$server]);
475 } else {
476 $ret['ADMIN']= $this->binddn;
477 $ret['PASSWORD']= $this->bindpw;
478 }
480 return ($ret);
481 }
484 function gen_ldif ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE)
485 {
486 $display= "";
488 if ($recursive){
489 $this->cd($dn);
490 $this->search("$filter", array('dn'));
491 while ($attrs= $this->fetch()){
492 $display.= $this->gen_one_entry($attrs['dn'], $filter, $attributes);
493 $display.= "\n";
494 }
495 } else {
496 $display.= $this->gen_one_entry($dn);
497 }
499 return ($display);
500 }
503 function gen_one_entry($dn, $filter= "(objectClass=*)" , $name= array("*"))
504 {
505 $ret = "";
506 $data = "";
507 if($this->reconnect){
508 $this->connect();
509 }
511 /* Searching Ldap Tree */
512 $sr= @ldap_read($this->cid, $dn, $filter, $name);
514 /* Get the first entry */
515 $entry= @ldap_first_entry($this->cid, $sr);
517 /* Get all attributes related to that Objekt */
518 $atts = array();
520 /* Assemble dn */
521 $atts[0]['name'] = "dn";
522 $atts[0]['value'] = array('count' => 1, 0 => $dn);
524 /* Reset index */
525 $i = 1 ;
526 $identifier = array();
527 $attribute= @ldap_first_attribute($this->cid,$entry,$identifier);
528 while ($attribute) {
529 $i++;
530 $atts[$i]['name'] = $attribute;
531 $atts[$i]['value'] = @ldap_get_values_len($this->cid, $entry, "$attribute");
533 /* Next one */
534 $attribute= @ldap_next_attribute($this->cid,$entry,$identifier);
535 }
537 foreach($atts as $at)
538 {
539 for ($i= 0; $i<$at['value']['count']; $i++){
541 /* Check if we must encode the data */
542 if(!preg_match('/^[a-z0-9+@#.=, \/ -]+$/i', $at['value'][$i])) {
543 $ret .= $at['name'].":: ".base64_encode($at['value'][$i])."\n";
544 } else {
545 $ret .= $at['name'].": ".$at['value'][$i]."\n";
546 }
547 }
548 }
550 return($ret);
551 }
554 function dn_exists($dn)
555 {
556 return @ldap_list($this->cid, $dn, "(objectClass=*)", array("objectClass"));
557 }
561 function import_complete_ldif($str_attr,&$error,$overwrite,$cleanup)
562 {
563 if($this->reconnect) $this->connect();
565 /* First we have to splitt the string ito detect empty lines
566 An empty line indicates an new Entry */
567 $entries = split("\n",$str_attr);
569 $data = "";
570 $cnt = 0;
571 $current_line = 0;
573 /* Every single line ... */
574 foreach($entries as $entry) {
575 $current_line ++;
577 /* Removing Spaces to ..
578 .. test if a new entry begins */
579 $tmp = str_replace(" ","",$data );
581 /* .. prevent empty lines in an entry */
582 $tmp2 = str_replace(" ","",$entry);
584 /* If the Block ends (Empty Line) */
585 if((empty($entry))&&(!empty($tmp))) {
586 /* Add collected lines as a complete block */
587 $all[$cnt] = $data;
588 $cnt ++;
589 $data ="";
590 } else {
592 /* Append lines ... */
593 if(!empty($tmp2)) {
594 /* check if we need base64_decode for this line */
595 if(ereg("::",$tmp2))
596 {
597 $encoded = split("::",$entry);
598 $attr = $encoded[0];
599 $value = base64_decode($encoded[1]);
600 /* Add linenumber */
601 $data .= $current_line."#".$attr.":".$value."\n";
602 }
603 else
604 {
605 /* Add Linenumber */
606 $data .= $current_line."#".$entry."\n";
607 }
608 }
609 }
610 }
612 /* The Data we collected is not in the array all[];
613 For example the Data is stored like this..
615 all[0] = "1#dn : .... \n
616 2#ObjectType: person \n ...."
618 Now we check every insertblock and try to insert */
619 foreach ( $all as $single) {
620 $lineone = split("\n",$single);
621 $ndn = split("#", $lineone[0]);
622 $line = $ndn[1];
624 $dnn = split (":",$line);
625 $current_line = $ndn[0];
626 $dn = $dnn[0];
627 $value = $dnn[1];
629 /* Every block must begin with a dn */
630 if($dn != "dn") {
631 $error= sprintf(_("This is not a valid DN: '%s'. A block for import should begin with 'dn: ...' in line %s"), $line, $current_line);
632 return -2;
633 }
635 /* Should we use Modify instead of Add */
636 $usemodify= false;
638 /* Delete before insert */
639 $usermdir= false;
641 /* The dn address already exists! */
642 if (($this->dn_exists($value))&&((!$overwrite)&&(!$cleanup))) {
644 $error= sprintf(_("The dn: '%s' (from line %s) already exists in the LDAP database."), $line, $current_line);
645 return ALREADY_EXISTING_ENTRY;
647 } elseif(($this->dn_exists($value))&&($cleanup)){
649 /* Delete first, then add */
650 $usermdir = true;
652 } elseif(($this->dn_exists($value))&&($overwrite)) {
654 /* Modify instead of Add */
655 $usemodify = true;
656 }
658 /* If we can't Import, return with a file error */
659 if(!$this->import_single_entry($single,$usemodify,$usermdir) ) {
660 $error= sprintf(_("Error while importing dn: '%s', please check your LDIF from line %s on!"), $line,
661 $current_line);
662 return UNKNOWN_TOKEN_IN_LDIF_FILE; }
663 }
665 return (INSERT_OK);
666 }
669 /* Imports a single entry */
670 function import_single_entry($str_attr,$modify,$delete)
671 {
672 if($this->reconnect) $this->connect();
674 $ret = false;
675 $rows= split("\n",$str_attr);
676 $data= false;
678 foreach($rows as $row) {
680 /* Check if we use Linenumbers (when import_complete_ldif is called we use
681 Linenumbers) Linenumbers are use like this 123#attribute : value */
682 if(!empty($row)) {
683 if((strpos($row,"#")!=FALSE)&&(strpos($row,"#")<strpos($row,":"))) {
685 /* We are using line numbers
686 Because there is a # before a : */
687 $tmp1= split("#",$row);
688 $current_line= $tmp1[0];
689 $row= $tmp1[1];
690 }
692 /* Split the line into attribute and value */
693 $attr = split(":", $row);
694 $attr[0]= trim($attr[0]); /* attribute */
695 $attr[1]= trim($attr[1]); /* value */
697 /* Check for attributes that are used more than once */
698 if(!isset($data[$attr[0]])) {
699 $data[$attr[0]]=$attr[1];
700 } else {
701 $tmp = $data[$attr[0]];
703 if(!is_array($tmp)) {
704 $new[0]=$tmp;
705 $new[1]=$attr[1];
706 $datas[$attr[0]]['count']=1;
707 $data[$attr[0]]=$new;
708 } else {
709 $cnt = $datas[$attr[0]]['count'];
710 $cnt ++;
711 $data[$attr[0]][$cnt]=$attr[1];
712 $datas[$attr[0]]['count'] = $cnt;
713 }
714 }
715 }
716 }
718 /* If dn is an index of data, we should try to insert the data */
719 if(isset($data['dn'])) {
720 /* Creating Entry */
721 $this->cd($data['dn']);
723 /* Delete existing entry */
724 if($delete){
725 $this->rmdir($data['dn']);
726 }
728 /* Create missing trees */
729 $this->create_missing_trees($data['dn']);
730 unset($data['dn']);
732 /* If entry exists use modify */
733 if(!$modify){
734 $ret = $this->add($data);
735 } else {
736 $ret = $this->modify($data);
737 }
738 }
740 return($ret);
741 }
744 function importcsv($str)
745 {
746 $lines = split("\n",$str);
747 foreach($lines as $line)
748 {
749 /* continue if theres a comment */
750 if(substr(trim($line),0,1)=="#"){
751 continue;
752 }
754 $line= str_replace ("\t\t","\t",$line);
755 $line= str_replace ("\t" ,"," ,$line);
756 echo $line;
758 $cells = split(",",$line ) ;
759 $linet= str_replace ("\t\t",",",$line);
760 $cells = split("\t",$line);
761 $count = count($cells);
762 }
764 }
766 }
768 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
769 ?>