![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
class filterLDAP {
- static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "", $objectBase= "")
+ static function query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
{
- global $config;
+ $config= session::global_get('config');
$ldap= $config->get_ldap_link(TRUE);
- $result= filterLDAP::get_list($base, $scope, $filter, $attributes,
- $category, $objectStorage, $objectBase,
- GL_SUBSEARCH | GL_SIZELIMIT);
+ $flag= ($scope == "sub")?GL_SUBSEARCH:0;
+ $result= filterLDAP::get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
return $result;
}
- static function get_list($base, $scope, $filter, $attributes, $category,
- $objectStorage= array(), $objectBase= "", $flags= GL_SUBSEARCH)
+ static function get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
{
- global $config, $ui;
- $departments= array();
+ $ui= session::global_get('ui');
+ $config= session::global_get('config');
- /* Get LDAP link */
- $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
-
- /* If we do no subsearch, adapt */
- if ($scope != "sub") {
- if ($objectBase != "") {
- $base= preg_replace('/,$/', '', $objectBase).",".$base;
- } elseif (is_string($objectStorage)) {
- $base= preg_replace('/,$/', '', $objectStorage).",".$base;
- }
- }
-
- /* Set search base to configured base if $base is empty */
- if ($base == ""){
- $base = $config->current['BASE'];
- }
- $ldap->cd ($base);
-
- /* Ensure we have an array as storage list */
- if(is_string($objectStorage)){
- $objectStorage = array($objectStorage);
- }
-
- /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
- $sub_bases = array();
- foreach($objectStorage as $key => $sub_base){
- if(empty($sub_base)){
-
- /* Subsearch is activated and we got an empty sub_base.
- * (This may be the case if you have empty people/group ous).
- * Fall back to old get_list().
- * A log entry will be written. */
- if($flags & GL_SUBSEARCH){
- $sub_bases = array();
- break;
- }else{
-
- /* Do NOT search within subtrees is requested and the sub base is empty.
- * Append all known departments that matches the base. */
- $departments[$base] = $base;
- }
- }else{
- $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
- }
- }
-
- // If there is no sub_department specified, fall back to old method, get_list().
- if(!count($sub_bases) && !count($departments)){
-
- // Log this fall back, it may be an unpredicted behaviour.
- if(!count($sub_bases) && !count($departments)){
- new log("debug","all",__FILE__,$attributes,
- sprintf("filterLDAP::get_list(): falling back to filterLDAP::get_list_old() because objectStorage is empty.".
- " This may slow down GOsa. Filter was: '%s'", $filter));
- }
- return (ldapFILTER::get_list_old($filter, $category,$base,$attributes,$flags));
+ // Move to arrays for category and objectStorage
+ if (!is_array($category)) {
+ $category= array($category);
}
-
- /* Get all deparments matching the given sub_bases */
- $base_filter= "";
- foreach($sub_bases as $sub_base){
- $base_filter .= "(".$sub_base.")";
- }
- $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
- $ldap->search($base_filter, array("dn"));
- while($attrs = $ldap->fetch()){
- foreach($objectStorage as $sub_dep){
-
- /* Only add those departments that match the reuested list of departments.
- *
- * e.g. sub_deps = array("ou=servers,ou=systems,");
- *
- * In this case we have search for "ou=servers" and we may have also fetched
- * departments like this "ou=servers,ou=blafasel,..."
- * Here we filter out those blafasel departments.
- */
- if(preg_match("/".preg_quote($sub_dep, '/')."/",$attrs['dn'])){
- $departments[$attrs['dn']] = $attrs['dn'];
- break;
+
+ // Store in base - i.e. is a rdn value empty?
+ $storeOnBase= count($objectStorage) == 1 && empty($objectStorage[0]);
+
+ $method= ($storeOnBase && !($flags & GL_SUBSEARCH))?"ls":"search";
+
+ // Initialize search bases
+ $bases= array();
+
+ // Get list of sub bases to search on
+ if ($storeOnBase) {
+ $bases[$base]= "";
+ } else {
+ foreach ($objectStorage as $oc) {
+ $oc= preg_replace('/,$/', '', $oc);
+ $tmp= explode(',', $oc);
+ if (count($tmp) == 1) {
+ preg_match('/([^=]+)=(.*)$/', $oc, $m);
+ if ($flags & GL_SUBSEARCH) {
+ $bases[$base][]= $m[1].":dn:=".$m[2];
+ } else {
+ $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
+ }
+ } else {
+ // No, there's no \, in pre defined RDN values
+ preg_match('/^([^,]+),(.*)$/', $oc, $matches);
+ preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
+ if ($flags & GL_SUBSEARCH) {
+ $bases[$base][]= $m[1].":dn:=".$m[2];
+ } else {
+ $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
+ }
}
}
}
-
+
+ // Get LDAP link
+ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
+
+ // Do search for every base
$result= array();
$limit_exceeded = FALSE;
-
- /* Search in all matching departments */
- foreach($departments as $dep){
-
- /* Break if the size limit is exceeded */
+ foreach($bases as $base => $dnFilters) {
+
+ // Break if the size limit is exceeded
if($limit_exceeded){
return($result);
}
-
- $ldap->cd($dep);
-
- /* Perform ONE or SUB scope searches? */
- if ($flags & GL_SUBSEARCH) {
- $ldap->search ($filter, $attributes);
+
+ // Switch to new base and search
+ if (is_array($dnFilters)){
+ $dnFilter= "(|";
+ foreach ($dnFilters as $df) {
+ $dnFilter.= "($df)";
+ }
+ $dnFilter.= ")";
+ } else {
+ $dnFilter= "";
+ }
+ $ldap->cd($base);
+ if ($method == "ls") {
+ $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
} else {
- $ldap->ls ($filter,$dep,$attributes);
+ $ldap->search("(&$filter$dnFilter)", $attributes);
}
-
- /* Check for size limit exceeded messages for GUI feedback */
+
+ // Check for size limit exceeded messages for GUI feedback
if (preg_match("/size limit/i", $ldap->get_error())){
session::set('limit_exceeded', TRUE);
$limit_exceeded = TRUE;
- }
-
+ }
+
/* Crawl through result entries and perform the migration to the
- result array */
+ result array */
while($attrs = $ldap->fetch()) {
$dn= $ldap->getDN();
-
+
/* Convert dn into a printable format */
if ($flags & GL_CONVERT){
$attrs["dn"]= convert_department_dn($dn);
} else {
$attrs["dn"]= $dn;
}
-
+
/* Skip ACL checks if we are forced to skip those checks */
if($flags & GL_NO_ACL_CHECK){
$result[]= $attrs;
}else{
-
- /* Sort in every value that fits the permissions */
- if (!is_array($category)){
- $category = array($category);
- }
- foreach ($category as $o){
- if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
- (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
+
+ // Check entry permission
+ $obj = $parent->headpage->getObjectType($parent->headpage->objectTypes, $attrs['objectClass']);
+ if(isset($obj['category'])){
+ $o = $obj['category']."/".$obj['class'];
+ if(preg_match("/r/",$ui->get_permissions($dn,$o))){
$result[]= $attrs;
- break;
}
+ }else{
+ //trigger_error("Invalid objectType given, please check listing.xml '{$dn}'!");
}
}
}
+
}
- return($result);
+ return $result;
}
- function get_list_old($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
- {
- global $config, $ui;
-
- /* Get LDAP link */
- $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
-
- /* Set search base to configured base if $base is empty */
- if ($base == ""){
- $ldap->cd ($config->current['BASE']);
- } else {
- $ldap->cd ($base);
- }
-
- /* Perform ONE or SUB scope searches? */
- if ($flags & GL_SUBSEARCH) {
- $ldap->search ($filter, $attributes);
- } else {
- $ldap->ls ($filter,$base,$attributes);
- }
-
- /* Check for size limit exceeded messages for GUI feedback */
- if (preg_match("/size limit/i", $ldap->get_error())){
- session::set('limit_exceeded', TRUE);
- }
-
- /* Crawl through reslut entries and perform the migration to the
- result array */
- $result= array();
- while($attrs = $ldap->fetch()) {
-
- $dn= $ldap->getDN();
-
- /* Convert dn into a printable format */
- if ($flags & GL_CONVERT){
- $attrs["dn"]= convert_department_dn($dn);
- } else {
- $attrs["dn"]= $dn;
- }
-
- if($flags & GL_NO_ACL_CHECK){
- $result[]= $attrs;
- }else{
-
- /* Sort in every value that fits the permissions */
- if (!is_array($category)){
- $category = array($category);
- }
- foreach ($category as $o){
- if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
- (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
- $result[]= $attrs;
- break;
- }
- }
- }
- }
-
- return ($result);
- }
-
}
?>