X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_ldap.inc;h=5322abebac63402d8f54001d1f9a75c598fc9277;hb=43b7d67048ad0adbd30a1bec9320c337d71151d5;hp=67921e0ba5565eb140520d50b3ee40baabe44f50;hpb=008af225edbe869973abffeed65c51bca6333505;p=gosa.git
diff --git a/gosa-core/include/class_ldap.inc b/gosa-core/include/class_ldap.inc
index 67921e0ba..5322abeba 100644
--- a/gosa-core/include/class_ldap.inc
+++ b/gosa-core/include/class_ldap.inc
@@ -60,8 +60,8 @@ class LDAP{
$this->hostname=$hostname;
/* Check if MAX_LDAP_QUERY_TIME is defined */
- if(isset($config->data['MAIN']['MAX_LDAP_QUERY_TIME'])){
- $str = $config->data['MAIN']['MAX_LDAP_QUERY_TIME'];
+ if(is_object($config) && $config->get_cfg_value("ldapMaxQueryTime") != ""){
+ $str = $config->get_cfg_value("ldapMaxQueryTime");
$this->max_ldap_query_time = (float)($str);
}
@@ -81,19 +81,20 @@ class LDAP{
/* Function to replace all problematic characters inside a DN by \001XX, where
\001 is decoded to chr(1) [ctrl+a]. It is not impossible, but very unlikely
that this character is inside a DN.
-
+
Currently used codes:
- , => CO
- \2C => CO
- ( => OB
- ) => CB
- / => SL */
+ , => CO
+ \2C => CO
+ ( => OB
+ ) => CB
+ / => SL
+ \22 => DQ */
static function convert($dn)
{
if (SPECIALS_OVERRIDE == TRUE){
- $tmp= preg_replace(array("/\\\\,/", "/\\\\2C/", "/\(/", "/\)/", "/\//"),
- array("\001CO", "\001CO", "\001OB", "\001CB", "\001SL"),
- $dn);
+ $tmp= preg_replace(array("/\\\\,/", "/\\\\2C/", "/\(/", "/\)/", "/\//", "/\\\\22/", '/\\\\"/'),
+ array("\001CO", "\001CO", "\001OB", "\001CB", "\001SL", "\001DQ", "\001DQ"),
+ $dn);
return (preg_replace('/,\s+/', ',', $tmp));
} else {
return ($dn);
@@ -108,20 +109,20 @@ class LDAP{
static function fix($dn)
{
if (SPECIALS_OVERRIDE == TRUE){
- return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/"),
- array("\,", "(", ")", "/"),
- $dn));
+ return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/", "/\001DQ/"),
+ array("\,", "(", ")", "/", '\"'),
+ $dn));
} else {
return ($dn);
}
}
-
/* Function to fix problematic characters in DN's that are used for search
requests. I.e. member=.... */
static function prepare4filter($dn)
{
- return normalizeLdap(preg_replace('/\\\\/', '\\\\\\', LDAP::fix($dn)));
+ $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', LDAP::fix($dn)));
+ return str_replace('\\,', '\\\\,', $fixed);
}
@@ -160,13 +161,13 @@ class LDAP{
function rebind($ldap, $referral)
{
$credentials= $this->get_credentials($referral);
- if (@ldap_bind($ldap, LDAP::fix($credentials['ADMIN']), $credentials['PASSWORD'])) {
+ if (@ldap_bind($ldap, LDAP::fix($credentials['ADMINDN']), $credentials['ADMINPASSWORD'])) {
$this->error = "Success";
$this->hascon=true;
$this->reconnect= true;
return (0);
} else {
- $this->error = "Could not bind to " . $credentials['ADMIN'];
+ $this->error = "Could not bind to " . $credentials['ADMINDN'];
return NULL;
}
}
@@ -207,7 +208,7 @@ class LDAP{
if ($basedn==""){
$basedn = $this->basedn;
} else {
- $basedn = LDAP::convert($this->basedn);
+ $basedn = LDAP::convert($basedn);
}
return(ereg_replace("[^,]*[,]*[ ]*(.*)", "\\1", $basedn));
}
@@ -218,7 +219,7 @@ class LDAP{
if($this->hascon){
if ($this->reconnect) $this->connect();
- $start = microtime();
+ $start = microtime(true);
$this->clearResult($srp);
$this->sr[$srp] = @ldap_search($this->cid, LDAP::fix($this->basedn), $filter, $attrs);
$this->error = @ldap_error($this->cid);
@@ -227,13 +228,13 @@ class LDAP{
/* Check if query took longer as specified in max_ldap_query_time */
if($this->max_ldap_query_time){
- $diff = get_MicroTimeDiff($start,microtime());
+ $diff = microtime(true) - $start;
if($diff > $this->max_ldap_query_time){
msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
}
}
- $this->log("LDAP operation: time=".get_MicroTimeDiff($start,microtime())." operation=search('".LDAP::fix($this->basedn)."', '$filter')");
+ $this->log("LDAP operation: time=".(microtime(true)-$start)." operation=search('".LDAP::fix($this->basedn)."', '$filter')");
return($this->sr[$srp]);
}else{
$this->error = "Could not connect to LDAP server";
@@ -252,7 +253,7 @@ class LDAP{
else
$basedn= LDAP::convert($basedn);
- $start = microtime();
+ $start = microtime(true);
$this->sr[$srp] = @ldap_list($this->cid, LDAP::fix($basedn), $filter,$attrs);
$this->error = @ldap_error($this->cid);
$this->resetResult($srp);
@@ -260,13 +261,13 @@ class LDAP{
/* Check if query took longer as specified in max_ldap_query_time */
if($this->max_ldap_query_time){
- $diff = get_MicroTimeDiff($start,microtime());
+ $diff = microtime(true) - $start;
if($diff > $this->max_ldap_query_time){
msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
}
}
- $this->log("LDAP operation: time=".get_MicroTimeDiff($start,microtime())." operation=ls('".LDAP::fix($basedn)."', '$filter')");
+ $this->log("LDAP operation: time=".(microtime(true) - $start)." operation=ls('".LDAP::fix($basedn)."', '$filter')");
return($this->sr[$srp]);
}else{
@@ -275,13 +276,12 @@ class LDAP{
}
}
- function cat($srp, $dn,$attrs= array("*"))
+ function cat($srp, $dn,$attrs= array("*"), $filter = "(objectclass=*)")
{
if($this->hascon){
if ($this->reconnect) $this->connect();
$this->clearResult($srp);
- $filter = "(objectclass=*)";
$this->sr[$srp] = @ldap_read($this->cid, LDAP::fix($dn), $filter,$attrs);
$this->error = @ldap_error($this->cid);
$this->resetResult($srp);
@@ -293,6 +293,19 @@ class LDAP{
}
}
+ function object_match_filter($dn,$filter)
+ {
+ if($this->hascon){
+ if ($this->reconnect) $this->connect();
+ $res = @ldap_read($this->cid, LDAP::fix($dn), $filter, array("objectClass"));
+ $rv = @ldap_count_entries($this->cid, $res);
+ return($rv);
+ }else{
+ $this->error = "Could not connect to LDAP server";
+ return(FALSE);
+ }
+ }
+
function set_size_limit($size)
{
/* Ignore zero settings */
@@ -405,7 +418,23 @@ class LDAP{
if ($dn == "")
$dn = $this->basedn;
- $r = @ldap_mod_del($this->cid, LDAP::fix($dn), $attrs);
+ $r = ldap_mod_del($this->cid, LDAP::fix($dn), $attrs);
+ $this->error = @ldap_error($this->cid);
+ return($r);
+ }else{
+ $this->error = "Could not connect to LDAP server";
+ return("");
+ }
+ }
+
+ function mod_add($attrs = "", $dn = "")
+ {
+ if($this->hascon){
+ if ($this->reconnect) $this->connect();
+ if ($dn == "")
+ $dn = $this->basedn;
+
+ $r = @ldap_mod_add($this->cid, LDAP::fix($dn), $attrs);
$this->error = @ldap_error($this->cid);
return($r);
}else{
@@ -451,19 +480,37 @@ class LDAP{
*/
function rename_dn($source,$dest)
{
+ /* Check if source and destination are the same entry */
+ if(strtolower($source) == strtolower($dest)){
+ trigger_error("Source and destination can't be the same entry.");
+ $this->error = "Source and destination can't be the same entry.";
+ return(FALSE);
+ }
+
+ /* Check if destination entry exists */
+ if($this->dn_exists($dest)){
+ trigger_error("Destination '$dest' already exists.");
+ $this->error = "Destination '$dest' already exists.";
+ return(FALSE);
+ }
+
/* Extract the name and the parent part out ouf source dn.
e.g. cn=herbert,ou=department,dc=...
- parent => ou=department,dc=...
- dest => cn=herbert
+ parent => ou=department,dc=...
+ dest_rdn => cn=herbert
*/
- $parent = preg_replace("/^[^,]+,/","",$dest);
- $dest = preg_replace("/,.*$/","",$dest);
-
+ $parent = preg_replace("/^[^,]+,/","", $dest);
+ $dest_rdn = preg_replace("/,.*$/","",$dest);
+
if($this->hascon){
if ($this->reconnect) $this->connect();
- $r= @ldap_rename($this->cid,$source,$dest,$parent,TRUE);
- $this->error = @ldap_error($this->cid);
- return(!$r ? $r : TRUE);
+ $r= ldap_rename($this->cid,@LDAP::fix($source), @LDAP::fix($dest_rdn),@LDAP::fix($parent),TRUE);
+ $this->error = ldap_error($this->cid);
+
+ /* Check if destination dn exists, if not the
+ server may not support this operation */
+ $r &= is_resource($this->dn_exists($dest));
+ return($r);
}else{
$this->error = "Could not connect to LDAP server";
return(FALSE);
@@ -509,6 +556,27 @@ class LDAP{
}
}
+ function makeReadableErrors($error,$attrs)
+ {
+ global $config;
+
+ if($this->success()) return("");
+
+ $str = "";
+ if(preg_match("/^objectClass: value #([0-9]*) invalid per syntax$/", $this->get_additional_error())){
+ $oc = preg_replace("/^objectClass: value #([0-9]*) invalid per syntax$/","\\1", $this->get_additional_error());
+ if(isset($attrs['objectClass'][$oc])){
+ $str.= " - objectClass: ".$attrs['objectClass'][$oc]."";
+ }
+ }
+ if($error == "Undefined attribute type"){
+ $str = " - attribute: ".preg_replace("/:.*$/","",$this->get_additional_error())."";
+ }
+
+ @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,$attrs,"Erroneous data");
+
+ return($str);
+ }
function modify($attrs)
{
@@ -519,6 +587,9 @@ class LDAP{
if ($this->reconnect) $this->connect();
$r = @ldap_modify($this->cid, LDAP::fix($this->basedn), $attrs);
$this->error = @ldap_error($this->cid);
+ if(!$this->success()){
+ $this->error.= $this->makeReadableErrors($this->error,$attrs);
+ }
return($r ? $r : 0);
}else{
$this->error = "Could not connect to LDAP server";
@@ -532,6 +603,9 @@ class LDAP{
if ($this->reconnect) $this->connect();
$r = @ldap_add($this->cid, LDAP::fix($this->basedn), $attrs);
$this->error = @ldap_error($this->cid);
+ if(!$this->success()){
+ $this->error.= $this->makeReadableErrors($this->error,$attrs);
+ }
return($r ? $r : 0);
}else{
$this->error = "Could not connect to LDAP server";
@@ -565,7 +639,7 @@ class LDAP{
/* Ignore referrals */
$found= false;
foreach($this->referrals as $ref){
- $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URL']);
+ $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URI']);
if ($base == $cdn){
$found= true;
break;
@@ -588,7 +662,7 @@ class LDAP{
} else {
$type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
- $param= preg_replace('/^[^=]+=([^,]+),.*$/', '\\1', $cdn);
+ $param= preg_replace('/^[^=]+=([^,]+).*$/', '\\1', $cdn);
$na= array();
@@ -672,6 +746,9 @@ class LDAP{
$this->add($na);
if (!$this->success()){
+
+ print_a(array($cdn,$na));
+
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($this->get_error(), $cdn, LDAP_ADD, get_class()));
return FALSE;
}
@@ -701,6 +778,7 @@ class LDAP{
}
}
+
function get_attribute($dn, $name,$r_array=0)
{
$data= "";
@@ -716,12 +794,11 @@ class LDAP{
}
}
}
- if($r_array==0)
- return ($data);
- else
- return ($info);
-
-
+ if($r_array==0) {
+ return ($data);
+ } else {
+ return ($info);
+ }
}
@@ -768,8 +845,8 @@ class LDAP{
if (isset($referrals[$server])){
return ($referrals[$server]);
} else {
- $ret['ADMIN']= LDAP::fix($this->binddn);
- $ret['PASSWORD']= $this->bindpw;
+ $ret['ADMINDN']= LDAP::fix($this->binddn);
+ $ret['ADMINPASSWORD']= $this->bindpw;
}
return ($ret);
@@ -1167,30 +1244,26 @@ class LDAP{
}
- function get_objectclasses()
+ function get_objectclasses( $force_reload = FALSE)
{
$objectclasses = array();
global $config;
/* Only read schema if it is allowed */
if(isset($config) && preg_match("/config/i",get_class($config))){
- if(!isset($config->data['MAIN']['SCHEMA_CHECK']) || !preg_match("/true/i",$config->data['MAIN']['SCHEMA_CHECK'])){
+ if ($config->get_cfg_value("schemaCheck") != "true"){
return($objectclasses);
}
}
/* Return the cached results. */
- if(class_available('session') && session::is_set("LDAP_CACHE::get_objectclasses")){
- $objectclasses = session::get("LDAP_CACHE::get_objectclasses");
+ if(class_available('session') && session::global_is_set("LDAP_CACHE::get_objectclasses") && !$force_reload){
+ $objectclasses = session::global_get("LDAP_CACHE::get_objectclasses");
return($objectclasses);
}
# Get base to look for schema
- $sr = @ldap_read ($this->cid, NULL, "objectClass=*", array("subschemaSubentry"));
- if(!$sr){
- $sr = @ldap_read ($this->cid, "", "objectClass=*", array("subschemaSubentry"));
- }
-
+ $sr = @ldap_read ($this->cid, "", "objectClass=*", array("subschemaSubentry"));
$attr = @ldap_get_entries($this->cid,$sr);
if (!isset($attr[0]['subschemasubentry'][0])){
return array();
@@ -1248,8 +1321,9 @@ class LDAP{
}
if(class_available("session")){
- session::set("LDAP_CACHE::get_objectclasses",$objectclasses);
+ session::global_set("LDAP_CACHE::get_objectclasses",$objectclasses);
}
+
return $objectclasses;
}
@@ -1278,8 +1352,8 @@ class LDAP{
function log($string)
{
- if (session::is_set('config')){
- $cfg = session::get('config');
+ if (session::global_is_set('config')){
+ $cfg = session::global_get('config');
if (isset($cfg->current['LDAPSTATS']) && preg_match('/true/i', $cfg->current['LDAPSTATS'])){
syslog (LOG_INFO, $string);
}