![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/include/class_ldap.inc b/include/class_ldap.inc
index d97e1e01d0c6a57ead142fb72a64bcc8a2d300d8..b2085531dc7c755a38ee2de010ec39dad715f9da 100644 (file)
--- a/include/class_ldap.inc
+++ b/include/class_ldap.inc
/*****************************************************************************
newldap.inc - version 1.0
Copyright (C) 2003 Alejandro Escanero Blanco <alex@ofmin.com>
- Copyright (C) 2004 Cajus Pollmeier <pollmeier@gonicus.de>
+ Copyright (C) 2004-2006 Cajus Pollmeier <pollmeier@gonicus.de>
Based in code of ldap.inc of
Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
define("NO_FILE_UPLOADED",10003);
define("INSERT_OK",10000);
-define("COLON_OVERRIDE", TRUE);
+define("SPECIALS_OVERRIDE", TRUE);
class LDAP{
var $hostname = "";
var $follow_referral = FALSE;
var $referrals= array();
+ var $max_ldap_query_time = 0; // 0, empty or negative values will disable this check
function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
{
+ global $config;
$this->follow_referral= $follow_referral;
$this->tls=$tls;
$this->binddn=$this->convert($binddn);
$this->bindpw=$bindpw;
$this->hostname=$hostname;
+
+ /* Check if MAX_LDAP_QUERY_TIME is defined */
+ if(isset($config->data['MAIN']['MAX_LDAP_QUERY_TIME'])){
+ $str = $config->data['MAIN']['MAX_LDAP_QUERY_TIME'];
+ $this->max_ldap_query_time = (float)($str);
+ }
+
$this->connect();
}
+ /* Function to replace all problematic characters inside a DN by \001XX, where
+ \001 is decoded to chr(1) [ctrl+a]. It is not impossible, but very unlikely
+ that this character is inside a DN.
+
+ Currently used codes:
+ , => CO
+ \2C => CO
+ ( => OB
+ ) => CB
+ / => SL */
function convert($dn)
{
- if (COLON_OVERRIDE == TRUE){
- $res= preg_replace("/\\\\,/", '###GOSAREPLACED###', $dn);
- $res= preg_replace("/\\\\2C/", '###GOSAREPLACED###', $res);
- #if ($dn != $res){
- # echo "Conversation from '$dn' to '$res'<br>";
- #}
- return ($res);
+ if (SPECIALS_OVERRIDE == TRUE){
+ $tmp= preg_replace(array("/\\\\,/", "/\\\\2C/", "/\(/", "/\)/", "/\//"),
+ array("\001CO", "\001CO", "\001OB", "\001CB", "\001SL"),
+ $dn);
+ return (preg_replace('/,\s+/', ',', $tmp));
} else {
return ($dn);
}
}
+ /* Function to fix all problematic characters inside a DN by replacing \001XX
+ codes to their original values. See "convert" for mor information.
+ ',' characters are always expanded to \, (not \2C), since all tested LDAP
+ servers seem to take it the correct way. */
function fix($dn)
{
- if (COLON_OVERRIDE == TRUE){
- $res= preg_replace("/###GOSAREPLACED###/", '\,', $dn);
- #if ($dn != $res){
- # echo "Fix from '$dn' to '$res'<br>";
- #}
- return ($res);
+ if (SPECIALS_OVERRIDE == TRUE){
+ return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/"),
+ array("\,", "(", ")", "/"),
+ $dn));
} else {
return ($dn);
}
if ($basedn=="")
$basedn = $this->basedn;
else
- $basedn = $this-convert($this->basedn);
+ $basedn = $this->convert($this->basedn);
return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
}
{
if($this->hascon){
if ($this->reconnect) $this->connect();
+
+ $start = microtime();
+
$this->clearResult();
$this->sr = @ldap_search($this->cid, $this->fix($this->basedn), $filter, $attrs);
$this->error = @ldap_error($this->cid);
$this->resetResult();
$this->hasres=true;
-
+
+ /* Check if query took longer as specified in max_ldap_query_time */
+ if($this->max_ldap_query_time){
+ $diff = get_MicroTimeDiff($start,microtime());
+ if($diff > $this->max_ldap_query_time){
+ print_red(sprintf(_("The LDAP server is slow (%.2fs for the last query). This may be responsible for performance breakdowns."),$diff)) ;
+ }
+ }
+
return($this->sr);
}else{
$this->error = "Could not connect to LDAP server";
$basedn = $this->basedn;
else
$basedn= $this->convert($basedn);
+
+ $start = microtime();
+
$this->sr = @ldap_list($this->cid, $this->fix($basedn), $filter,$attrs);
$this->error = @ldap_error($this->cid);
$this->resetResult();
$this->hasres=true;
+
+ /* Check if query took longer as specified in max_ldap_query_time */
+ if($this->max_ldap_query_time){
+ $diff = get_MicroTimeDiff($start,microtime());
+ if($diff > $this->max_ldap_query_time){
+ print_red(sprintf(_("The ldapserver is answering very slow (%.2f), this may be responsible for performance breakdowns."),$diff)) ;
+ }
+ }
+
return($this->sr);
}else{
$this->error = "Could not connect to LDAP server";
}
}
- function cat($dn)
+ function cat($dn,$attrs= array("*"))
{
if($this->hascon){
if ($this->reconnect) $this->connect();
$this->clearResult();
$filter = "(objectclass=*)";
- $this->sr = @ldap_read($this->cid, $this->fix($dn), $filter);
+ $this->sr = @ldap_read($this->cid, $this->fix($dn), $filter,$attrs);
$this->error = @ldap_error($this->cid);
$this->resetResult();
$this->hasres=true;
function fetch()
{
+ $att= array();
if($this->hascon){
if($this->hasres){
if ($this->start == 0)
}
/* Copy given attributes and sub-dns with attributes to destination dn
-
*/
- function copy_FAI_resource_recursive($sourcedn,$destinationdn,$type="branch",$is_first = false)
+ function copy_FAI_resource_recursive($sourcedn,$destinationdn,$destinationName,$type="branch",$is_first = true,$depth=0)
{
error_reporting(E_ALL);
+
+ if($is_first){
+ echo "<h2>".sprintf(_("Creating copy of %s"),"<i>".@LDAP::fix($sourcedn)."</i>")."</h2>";
+ }else{
+ if(preg_match("/^ou=/",$sourcedn)){
+ echo "<h3>"._("Processing")." <i>".@LDAP::fix($destinationdn)."</i></h3>";
+ }else{
+ $tmp = split(",",$sourcedn);
+
+ echo " <b>"._("Object").":</b> ";
+
+ $deststr = @LDAP::fix($destinationdn);
+ if(strlen($deststr) > 96){
+ $deststr = substr($deststr,0,96)."...";
+ }
+
+ echo $deststr."<br>";
+ }
+ }
+
+ flush();
+
if($this->hascon){
if ($this->reconnect) $this->connect();
/* Save base dn */
$basedn= $this->basedn;
$delarray= array();
-
+
/* Check if destination entry already exists */
- if($this->count($this->fetch($this->cat($destinationdn)))){
+ $this->cat($destinationdn);
+
+ if($this->count()){
return;
}else{
+
+ $this->clearResult();
- /* Get source entrie */
+ /* Get source entry */
$this->cd($basedn);
- $attr = $this->fetch($this->cat($sourcedn));
+ $this->cat($sourcedn);
+ $attr = $this->fetch();
+ /* Error while fetching object / attribute abort*/
+ if((!$attr) || (count($attr)) ==0) {
+ echo _("Error while fetching source dn - aborted!");
+ return;
+ }
+
/* check if this is a department */
if(in_array("organizationalUnit",$attr['objectClass'])){
$attr['dn'] = $this->convert($destinationdn);
/* If is first entry, append FAIbranch to department entry */
if($is_first){
- $attr= $this->fetch($this->cat($destinationdn));
+ $this->cat($destinationdn);
+ $attr= $this->fetch();
/* Filter unneeded informations */
foreach($attr as $key => $value){
if(is_numeric($key)) unset($attr[$key]);
- if(isset($attr[$key]['count'])){
- if(($attr[$key]['count']==1)&&($key!="objectClass")){
- $attr[$key] = $attr[$key][0];
- }
- }
-
if(isset($attr[$key]['count'])){
if(is_array($attr[$key])){
unset($attr[$key]['count']);
}
}
}
+
unset($attr['count']);
unset($attr['dn']);
/* Add this entry */
$this->modify($attr);
}
-
}else{
- /* If this is no department */
+
+ /* If this is no department */
foreach($attr as $key => $value){
- if(is_numeric($key)) unset($attr[$key]);
- if(isset($attr[$key]['count'])){
- if(($attr[$key]['count']==1)&&($key!="objectClass")){
- $attr[$key] = $attr[$key][0];
+ if(in_array($key ,array("FAItemplateFile","FAIscript", "gotoLogonScript", "gosaApplicationIcon"))){
+ $sr= ldap_read($this->cid, $this->fix($sourcedn), "$key=*", array($key));
+ $ei= ldap_first_entry($this->cid, $sr);
+ if ($tmp= @ldap_get_values_len($this->cid, $ei,$key)){
+ $attr[$key] = $tmp;
}
}
+
+ if(is_numeric($key)) unset($attr[$key]);
if(isset($attr[$key]['count'])){
if(is_array($attr[$key])){
unset($attr[$key]['count']);
}
unset($attr['count']);
unset($attr['dn']);
-
- if($type=="branch"){
- $attr['FAIstate'] ="branch";
- }elseif($type=="freeze"){
- $attr['FAIstate'] ="freeze";
- }else{
- print_red(_("Unknown FAIstate %s"),$type);
+
+ if(!in_array("gosaApplication" , $attr['objectClass'])){
+ if($type=="branch"){
+ $attr['FAIstate'] ="branch";
+ }elseif($type=="freeze"){
+ $attr['FAIstate'] ="freeze";
+ }else{
+ print_red(_("Unknown FAIstate %s"),$type);
+ }
}
-
+
+ /* Replace FAIdebianRelease with new release name */
+ if(in_array("FAIpackageList" , $attr['objectClass'])){
+ $attr['FAIdebianRelease'] = $destinationName;
+ }
+
/* Add entry */
$this->cd($destinationdn);
- $a = $this->fetch($this->cat($destinationdn));
+ $this->cat($destinationdn);
+ $a = $this->fetch();
if(!count($a)){
$this->add($attr);
}
asort ($delarray);
reset ($delarray);
+ $depth ++;
foreach($delarray as $dn => $bla){
if($dn != $destinationdn){
$this->cd($basedn);
$item = $this->fetch($this->cat($dn));
if(!in_array("FAIbranch",$item['objectClass'])){
- $this->copy_FAI_resource_recursive($dn,str_replace($sourcedn,$destinationdn,$dn),$type);
+ $this->copy_FAI_resource_recursive($dn,str_replace($sourcedn,$destinationdn,$dn),$destinationName,$type,false,$depth);
}
}
}
}
+ if($is_first){
+ echo "<p class='seperator'> </p>";
+ }
+
}
function modify($attrs)
{
+ if(count($attrs) == 0){
+ return (0);
+ }
if($this->hascon){
if ($this->reconnect) $this->connect();
$r = @ldap_modify($this->cid, $this->fix($this->basedn), $attrs);
if ($target == $this->basedn){
return;
}
- $l= array_reverse(explode(",", preg_replace("/,".$this->basedn."/", "", $target)));
+
+ $real_path= substr($target, 0, strlen($target) - strlen($this->basedn) -1 );
+ $l= array_reverse(ldap_explode_dn($real_path,0));
+ unset($l['count']);
$cdn= $this->basedn;
+ $tag= "";
+
foreach ($l as $part){
$cdn= "$part,$cdn";
$attrs= $this->fetch();
/* Create missing entry? */
- if (!count ($attrs)){
+ if (count ($attrs)){
+
+ /* Catch the tag - if present */
+ if (isset($attrs['gosaUnitTag'][0])){
+ $tag= $attrs['gosaUnitTag'][0];
+ }
+
+ } else {
$type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
$param= preg_replace('/^[^=]+=([^,]+),.*$/', '\\1', $cdn);
$na= array();
switch ($type){
case 'ou':
- $na["objectClass"]= "organizationalUnit";
+ if ($tag != ""){
+ $na["objectClass"]= array("organizationalUnit", "gosaAdministrativeUnitTag");
+ $na["gosaUnitTag"]= $tag;
+ } else {
+ $na["objectClass"]= "organizationalUnit";
+ }
$na["ou"]= $param;
break;
case 'dc':
- $na["objectClass"]= array("dcObject", "top", "locality");
+ if ($tag != ""){
+ $na["objectClass"]= array("dcObject", "top", "locality", "gosaAdministrativeUnitTag");
+ $na["gosaUnitTag"]= $tag;
+ } else {
+ $na["objectClass"]= array("dcObject", "top", "locality");
+ }
$na["dc"]= $param;
break;
default:
if ($this->error == 'Success'){
return $this->error;
} else {
- $error= $this->error." (".$this->get_additional_error().")";
+ $adderror= $this->get_additional_error();
+ if ($adderror != ""){
+ $error= $this->error." (".$this->get_additional_error().", ".sprintf(_("while operating on '%s' using LDAP server '%s'"), $this->basedn, $this->hostname).")";
+ } else {
+ $error= $this->error." (".sprintf(_("while operating on LDAP server %s"), $this->hostname).")";
+ }
return $error;
}
}
@@ -819,12 +936,12 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
$attr = $encoded[0];
$value = base64_decode($encoded[1]);
/* Add linenumber */
- $data .= $current_line."#".$attr.":".$value."\n";
+ $data .= $current_line."#".base64_encode($attr.":".$value)."\n";
}
else
{
/* Add Linenumber */
- $data .= $current_line."#".$entry."\n";
+ $data .= $current_line."#".base64_encode($entry)."\n";
}
}
}
@@ -840,7 +957,7 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
foreach ( $all as $single) {
$lineone = split("\n",$single);
$ndn = split("#", $lineone[0]);
- $line = $ndn[1];
+ $line = base64_decode($ndn[1]);
$dnn = split (":",$line);
$current_line = $ndn[0];
@@ -892,6 +1009,8 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
{
if($this->reconnect) $this->connect();
+
+
$ret = false;
$rows= split("\n",$str_attr);
$data= false;
@@ -901,13 +1020,13 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
/* Check if we use Linenumbers (when import_complete_ldif is called we use
Linenumbers) Linenumbers are use like this 123#attribute : value */
if(!empty($row)) {
- if((strpos($row,"#")!=FALSE)&&(strpos($row,"#")<strpos($row,":"))) {
+ if(strpos($row,"#")!=FALSE) {
/* We are using line numbers
Because there is a # before a : */
$tmp1= split("#",$row);
$current_line= $tmp1[0];
- $row= $tmp1[1];
+ $row= base64_decode($tmp1[1]);
}
/* Split the line into attribute and value */
@@ -935,7 +1054,6 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
}
}
}
-
/* If dn is an index of data, we should try to insert the data */
if(isset($data['dn'])) {
/* Creating Entry */
@@ -943,7 +1061,7 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
/* Delete existing entry */
if($delete){
- $this->rmdir($data['dn']);
+ $this->rmdir_recursive($data['dn']);
}
/* Create missing trees */
@@ -957,7 +1075,7 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
$ret = $this->modify($data);
}
}
-
+ show_ldap_error($this->get_error(),_("Ldap import failed"));
return($ret);
}
@@ -983,6 +1101,35 @@ function gen_xls ($dn, $filter= "(objectClass=*)", $attributes= array('*'), $rec
}
}
+
+ function get_objectclasses()
+ {
+ $objectclasses = array();
+
+ # Get base to look for schema
+ $sr = @ldap_read ($this->cid, NULL, "objectClass=*", array("subschemaSubentry"));
+ $attr = @ldap_get_entries($this->cid,$sr);
+ if (!isset($attr[0]['subschemasubentry'][0])){
+ return array();
+ }
+
+ # Get list of objectclasses
+ $nb= $attr[0]['subschemasubentry'][0];
+ $objectclasses= array();
+ $sr= ldap_read ($this->cid, $nb, "objectClass=*", array("objectclasses"));
+ $attrs= ldap_get_entries($this->cid,$sr);
+ if (!isset($attrs[0])){
+ return array();
+ }
+ foreach ($attrs[0]['objectclasses'] as $val){
+ $name= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
+ if ($name != $val){
+ $objectclasses[$name]= $val;
+ }
+ }
+
+ return $objectclasses;
+ }
}