![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
82263242cf1c083f78dadba92af413a19762b001
1 <?php
2 /*
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 * Copyright (C) 2003 Alejandro Escanero Blanco <aescanero@chaosdimension.org>
6 * Copyright (C) 1998 Eric Kilfoil <eric@ipass.net>
7 *
8 * ID: $$Id$$
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
25 define("ALREADY_EXISTING_ENTRY",-10001);
26 define("UNKNOWN_TOKEN_IN_LDIF_FILE",-10002);
27 define("NO_FILE_UPLOADED",10003);
28 define("INSERT_OK",10000);
29 define("SPECIALS_OVERRIDE", TRUE);
31 class LDAP{
33 var $hascon =false;
34 var $reconnect=false;
35 var $tls = false;
36 var $cid;
37 var $hasres = array();
38 var $sr = array();
39 var $re = array();
40 var $basedn ="";
41 var $start = array(); // 0 if we are fetching the first entry, otherwise 1
42 var $error = ""; // Any error messages to be returned can be put here
43 var $srp = 0;
44 var $objectClasses = array(); // Information read from slapd.oc.conf
45 var $binddn = "";
46 var $bindpw = "";
47 var $hostname = "";
48 var $follow_referral = FALSE;
49 var $referrals= array();
50 var $max_ldap_query_time = 0; // 0, empty or negative values will disable this check
52 function LDAP($binddn,$bindpw, $hostname, $follow_referral= FALSE, $tls= FALSE)
53 {
54 global $config;
55 $this->follow_referral= $follow_referral;
56 $this->tls=$tls;
57 $this->binddn=LDAP::convert($binddn);
59 $this->bindpw=$bindpw;
60 $this->hostname=$hostname;
62 /* Check if MAX_LDAP_QUERY_TIME is defined */
63 if(is_object($config) && $config->get_cfg_value("ldapMaxQueryTime") != ""){
64 $str = $config->get_cfg_value("ldapMaxQueryTime");
65 $this->max_ldap_query_time = (float)($str);
66 }
68 $this->connect();
69 }
72 function getSearchResource()
73 {
74 $this->sr[$this->srp]= NULL;
75 $this->start[$this->srp]= 0;
76 $this->hasres[$this->srp]= false;
77 return $this->srp++;
78 }
81 /* Function to replace all problematic characters inside a DN by \001XX, where
82 \001 is decoded to chr(1) [ctrl+a]. It is not impossible, but very unlikely
83 that this character is inside a DN.
85 Currently used codes:
86 , => CO
87 \2C => CO
88 ( => OB
89 ) => CB
90 / => SL
91 \22 => DQ */
92 static function convert($dn)
93 {
94 if (SPECIALS_OVERRIDE == TRUE){
95 $tmp= preg_replace(array("/\\\\,/", "/\\\\2C/", "/\(/", "/\)/", "/\//", "/\\\\22/", '/\\\\"/'),
96 array("\001CO", "\001CO", "\001OB", "\001CB", "\001SL", "\001DQ", "\001DQ"),
97 $dn);
98 return (preg_replace('/,\s+/', ',', $tmp));
99 } else {
100 return ($dn);
101 }
102 }
105 /* Function to fix all problematic characters inside a DN by replacing \001XX
106 codes to their original values. See "convert" for mor information.
107 ',' characters are always expanded to \, (not \2C), since all tested LDAP
108 servers seem to take it the correct way. */
109 static function fix($dn)
110 {
111 if (SPECIALS_OVERRIDE == TRUE){
112 return (preg_replace(array("/\001CO/", "/\001OB/", "/\001CB/", "/\001SL/", "/\001DQ/"),
113 array("\,", "(", ")", "/", '\"'),
114 $dn));
115 } else {
116 return ($dn);
117 }
118 }
120 /* Function to fix problematic characters in DN's that are used for search
121 requests. I.e. member=.... */
122 static function prepare4filter($dn)
123 {
124 $fixed= normalizeLdap(str_replace('\\\\', '\\\\\\', LDAP::fix($dn)));
125 return str_replace('\\,', '\\\\,', $fixed);
126 }
129 function connect()
130 {
131 $this->hascon=false;
132 $this->reconnect=false;
133 if ($this->cid= @ldap_connect($this->hostname)) {
134 @ldap_set_option($this->cid, LDAP_OPT_PROTOCOL_VERSION, 3);
135 if (function_exists("ldap_set_rebind_proc") && $this->follow_referral) {
136 @ldap_set_option($this->cid, LDAP_OPT_REFERRALS, 1);
137 @ldap_set_rebind_proc($this->cid, array(&$this, "rebind"));
138 }
139 if (function_exists("ldap_start_tls") && $this->tls){
140 @ldap_start_tls($this->cid);
141 }
143 $this->error = "No Error";
144 if ($bid = @ldap_bind($this->cid, LDAP::fix($this->binddn), $this->bindpw)) {
145 $this->error = "Success";
146 $this->hascon=true;
147 } else {
148 if ($this->reconnect){
149 if ($this->error != "Success"){
150 $this->error = "Could not rebind to " . $this->binddn;
151 }
152 } else {
153 $this->error = "Could not bind to " . $this->binddn;
154 }
155 }
156 } else {
157 $this->error = "Could not connect to LDAP server";
158 }
159 }
161 function rebind($ldap, $referral)
162 {
163 $credentials= $this->get_credentials($referral);
164 if (@ldap_bind($ldap, LDAP::fix($credentials['ADMINDN']), $credentials['ADMINPASSWORD'])) {
165 $this->error = "Success";
166 $this->hascon=true;
167 $this->reconnect= true;
168 return (0);
169 } else {
170 $this->error = "Could not bind to " . $credentials['ADMINDN'];
171 return NULL;
172 }
173 }
175 function reconnect()
176 {
177 if ($this->reconnect){
178 @ldap_unbind($this->cid);
179 $this->cid = NULL;
180 }
181 }
183 function unbind()
184 {
185 @ldap_unbind($this->cid);
186 $this->cid = NULL;
187 }
189 function disconnect()
190 {
191 if($this->hascon){
192 @ldap_close($this->cid);
193 $this->hascon=false;
194 }
195 }
197 function cd($dir)
198 {
199 if ($dir == ".."){
200 $this->basedn = $this->getParentDir();
201 } else {
202 $this->basedn = LDAP::convert($dir);
203 }
204 }
206 function getParentDir($basedn = "")
207 {
208 if ($basedn==""){
209 $basedn = $this->basedn;
210 } else {
211 $basedn = LDAP::convert($basedn);
212 }
213 return(preg_replace("/[^,]*[,]*[ ]*(.*)/", "$1", $basedn));
214 }
217 function search($srp, $filter, $attrs= array())
218 {
219 if($this->hascon){
220 if ($this->reconnect) $this->connect();
222 $start = microtime(true);
223 $this->clearResult($srp);
224 $this->sr[$srp] = @ldap_search($this->cid, LDAP::fix($this->basedn), $filter, $attrs);
225 $this->error = @ldap_error($this->cid);
226 $this->resetResult($srp);
227 $this->hasres[$srp]=true;
229 /* Check if query took longer as specified in max_ldap_query_time */
230 if($this->max_ldap_query_time){
231 $diff = microtime(true) - $start;
232 if($diff > $this->max_ldap_query_time){
233 msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
234 }
235 }
237 $this->log("LDAP operation: time=".(microtime(true)-$start)." operation=search('".LDAP::fix($this->basedn)."', '$filter')");
238 return($this->sr[$srp]);
239 }else{
240 $this->error = "Could not connect to LDAP server";
241 return("");
242 }
243 }
245 function ls($srp, $filter = "(objectclass=*)", $basedn = "",$attrs = array("*"))
246 {
247 if($this->hascon){
248 if ($this->reconnect) $this->connect();
250 $this->clearResult($srp);
251 if ($basedn == "")
252 $basedn = $this->basedn;
253 else
254 $basedn= LDAP::convert($basedn);
256 $start = microtime(true);
257 $this->sr[$srp] = @ldap_list($this->cid, LDAP::fix($basedn), $filter,$attrs);
258 $this->error = @ldap_error($this->cid);
259 $this->resetResult($srp);
260 $this->hasres[$srp]=true;
262 /* Check if query took longer as specified in max_ldap_query_time */
263 if($this->max_ldap_query_time){
264 $diff = microtime(true) - $start;
265 if($diff > $this->max_ldap_query_time){
266 msg_dialog::display(_("Performance warning"), sprintf(_("LDAP performance is poor: last query took about %.2fs!"), $diff), WARNING_DIALOG);
267 }
268 }
270 $this->log("LDAP operation: time=".(microtime(true) - $start)." operation=ls('".LDAP::fix($basedn)."', '$filter')");
272 return($this->sr[$srp]);
273 }else{
274 $this->error = "Could not connect to LDAP server";
275 return("");
276 }
277 }
279 function cat($srp, $dn,$attrs= array("*"), $filter = "(objectclass=*)")
280 {
281 if($this->hascon){
282 if ($this->reconnect) $this->connect();
284 $this->clearResult($srp);
285 $this->sr[$srp] = @ldap_read($this->cid, LDAP::fix($dn), $filter,$attrs);
286 $this->error = @ldap_error($this->cid);
287 $this->resetResult($srp);
288 $this->hasres[$srp]=true;
289 return($this->sr[$srp]);
290 }else{
291 $this->error = "Could not connect to LDAP server";
292 return("");
293 }
294 }
296 function object_match_filter($dn,$filter)
297 {
298 if($this->hascon){
299 if ($this->reconnect) $this->connect();
300 $res = @ldap_read($this->cid, LDAP::fix($dn), $filter, array("objectClass"));
301 $rv = @ldap_count_entries($this->cid, $res);
302 return($rv);
303 }else{
304 $this->error = "Could not connect to LDAP server";
305 return(FALSE);
306 }
307 }
309 function set_size_limit($size)
310 {
311 /* Ignore zero settings */
312 if ($size == 0){
313 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, 10000000);
314 }
315 if($this->hascon){
316 @ldap_set_option($this->cid, LDAP_OPT_SIZELIMIT, $size);
317 } else {
318 $this->error = "Could not connect to LDAP server";
319 }
320 }
322 function fetch($srp)
323 {
324 $att= array();
325 if($this->hascon){
326 if($this->hasres[$srp]){
327 if ($this->start[$srp] == 0)
328 {
329 if ($this->sr[$srp]){
330 $this->start[$srp] = 1;
331 $this->re[$srp]= @ldap_first_entry($this->cid, $this->sr[$srp]);
332 } else {
333 return array();
334 }
335 } else {
336 $this->re[$srp]= @ldap_next_entry($this->cid, $this->re[$srp]);
337 }
338 if ($this->re[$srp])
339 {
340 $att= @ldap_get_attributes($this->cid, $this->re[$srp]);
341 $att['dn']= trim(LDAP::convert(@ldap_get_dn($this->cid, $this->re[$srp])));
342 }
343 $this->error = @ldap_error($this->cid);
344 if (!isset($att)){
345 $att= array();
346 }
347 return($att);
348 }else{
349 $this->error = "Perform a fetch with no search";
350 return("");
351 }
352 }else{
353 $this->error = "Could not connect to LDAP server";
354 return("");
355 }
356 }
358 function resetResult($srp)
359 {
360 $this->start[$srp] = 0;
361 }
363 function clearResult($srp)
364 {
365 if($this->hasres[$srp]){
366 $this->hasres[$srp] = false;
367 @ldap_free_result($this->sr[$srp]);
368 }
369 }
371 function getDN($srp)
372 {
373 if($this->hascon){
374 if($this->hasres[$srp]){
376 if(!$this->re[$srp])
377 {
378 $this->error = "Perform a Fetch with no valid Result";
379 }
380 else
381 {
382 $rv = @ldap_get_dn($this->cid, $this->re[$srp]);
384 $this->error = @ldap_error($this->cid);
385 return(trim(LDAP::convert($rv)));
386 }
387 }else{
388 $this->error = "Perform a Fetch with no Search";
389 return("");
390 }
391 }else{
392 $this->error = "Could not connect to LDAP server";
393 return("");
394 }
395 }
397 function count($srp)
398 {
399 if($this->hascon){
400 if($this->hasres[$srp]){
401 $rv = @ldap_count_entries($this->cid, $this->sr[$srp]);
402 $this->error = @ldap_error($this->cid);
403 return($rv);
404 }else{
405 $this->error = "Perform a Fetch with no Search";
406 return("");
407 }
408 }else{
409 $this->error = "Could not connect to LDAP server";
410 return("");
411 }
412 }
414 function rm($attrs = "", $dn = "")
415 {
416 if($this->hascon){
417 if ($this->reconnect) $this->connect();
418 if ($dn == "")
419 $dn = $this->basedn;
421 $r = ldap_mod_del($this->cid, LDAP::fix($dn), $attrs);
422 $this->error = @ldap_error($this->cid);
423 return($r);
424 }else{
425 $this->error = "Could not connect to LDAP server";
426 return("");
427 }
428 }
430 function mod_add($attrs = "", $dn = "")
431 {
432 if($this->hascon){
433 if ($this->reconnect) $this->connect();
434 if ($dn == "")
435 $dn = $this->basedn;
437 $r = @ldap_mod_add($this->cid, LDAP::fix($dn), $attrs);
438 $this->error = @ldap_error($this->cid);
439 return($r);
440 }else{
441 $this->error = "Could not connect to LDAP server";
442 return("");
443 }
444 }
446 function rename($attrs, $dn = "")
447 {
448 if($this->hascon){
449 if ($this->reconnect) $this->connect();
450 if ($dn == "")
451 $dn = $this->basedn;
453 $r = @ldap_mod_replace($this->cid, LDAP::fix($dn), $attrs);
454 $this->error = @ldap_error($this->cid);
455 return($r);
456 }else{
457 $this->error = "Could not connect to LDAP server";
458 return("");
459 }
460 }
462 function rmdir($deletedn)
463 {
464 if($this->hascon){
465 if ($this->reconnect) $this->connect();
466 $r = @ldap_delete($this->cid, LDAP::fix($deletedn));
467 $this->error = @ldap_error($this->cid);
468 return($r ? $r : 0);
469 }else{
470 $this->error = "Could not connect to LDAP server";
471 return("");
472 }
473 }
476 /*! \brief Move the given Ldap entry from $source to $dest
477 @param String $source The source dn.
478 @param String $dest The destination dn.
479 @return Boolean TRUE on success else FALSE.
480 */
481 function rename_dn($source,$dest)
482 {
483 /* Check if source and destination are the same entry */
484 if(strtolower($source) == strtolower($dest)){
485 trigger_error("Source and destination can't be the same entry.");
486 $this->error = "Source and destination can't be the same entry.";
487 return(FALSE);
488 }
490 /* Check if destination entry exists */
491 if($this->dn_exists($dest)){
492 trigger_error("Destination '$dest' already exists.");
493 $this->error = "Destination '$dest' already exists.";
494 return(FALSE);
495 }
497 /* Extract the name and the parent part out ouf source dn.
498 e.g. cn=herbert,ou=department,dc=...
499 parent => ou=department,dc=...
500 dest_rdn => cn=herbert
501 */
502 $parent = preg_replace("/^[^,]+,/","", $dest);
503 $dest_rdn = preg_replace("/,.*$/","",$dest);
505 if($this->hascon){
506 if ($this->reconnect) $this->connect();
507 $r= ldap_rename($this->cid,@LDAP::fix($source), @LDAP::fix($dest_rdn),@LDAP::fix($parent),TRUE);
508 $this->error = ldap_error($this->cid);
510 /* Check if destination dn exists, if not the
511 server may not support this operation */
512 $r &= is_resource($this->dn_exists($dest));
513 return($r);
514 }else{
515 $this->error = "Could not connect to LDAP server";
516 return(FALSE);
517 }
518 }
521 /**
522 * Function rmdir_recursive
523 *
524 * Description: Based in recursive_remove, adding two thing: full subtree remove, and delete own node.
525 * Parameters: The dn to delete
526 * GiveBack: True on sucessfull , 0 in error, and "" when we don't get a ldap conection
527 *
528 */
529 function rmdir_recursive($srp, $deletedn)
530 {
531 if($this->hascon){
532 if ($this->reconnect) $this->connect();
533 $delarray= array();
535 /* Get sorted list of dn's to delete */
536 $this->ls ($srp, "(objectClass=*)",$deletedn);
537 while ($this->fetch($srp)){
538 $deldn= $this->getDN($srp);
539 $delarray[$deldn]= strlen($deldn);
540 }
541 arsort ($delarray);
542 reset ($delarray);
544 /* Really Delete ALL dn's in subtree */
545 foreach ($delarray as $key => $value){
546 $this->rmdir_recursive($srp, $key);
547 }
549 /* Finally Delete own Node */
550 $r = @ldap_delete($this->cid, LDAP::fix($deletedn));
551 $this->error = @ldap_error($this->cid);
552 return($r ? $r : 0);
553 }else{
554 $this->error = "Could not connect to LDAP server";
555 return("");
556 }
557 }
559 function makeReadableErrors($error,$attrs)
560 {
561 global $config;
563 if($this->success()) return("");
565 $str = "";
566 if(preg_match("/^objectClass: value #([0-9]*) invalid per syntax$/", $this->get_additional_error())){
567 $oc = preg_replace("/^objectClass: value #([0-9]*) invalid per syntax$/","\\1", $this->get_additional_error());
568 if(isset($attrs['objectClass'][$oc])){
569 $str.= " - <b>objectClass: ".$attrs['objectClass'][$oc]."</b>";
570 }
571 }
572 if($error == "Undefined attribute type"){
573 $str = " - <b>attribute: ".preg_replace("/:.*$/","",$this->get_additional_error())."</b>";
574 }
576 @DEBUG(DEBUG_LDAP,__LINE__,__FUNCTION__,__FILE__,$attrs,"Erroneous data");
578 return($str);
579 }
581 function modify($attrs)
582 {
583 if(count($attrs) == 0){
584 return (0);
585 }
586 if($this->hascon){
587 if ($this->reconnect) $this->connect();
588 $r = @ldap_modify($this->cid, LDAP::fix($this->basedn), $attrs);
589 $this->error = @ldap_error($this->cid);
590 if(!$this->success()){
591 $this->error.= $this->makeReadableErrors($this->error,$attrs);
592 }
593 return($r ? $r : 0);
594 }else{
595 $this->error = "Could not connect to LDAP server";
596 return("");
597 }
598 }
600 function add($attrs)
601 {
602 if($this->hascon){
603 if ($this->reconnect) $this->connect();
604 $r = @ldap_add($this->cid, LDAP::fix($this->basedn), $attrs);
605 $this->error = @ldap_error($this->cid);
606 if(!$this->success()){
607 $this->error.= $this->makeReadableErrors($this->error,$attrs);
608 }
609 return($r ? $r : 0);
610 }else{
611 $this->error = "Could not connect to LDAP server";
612 return("");
613 }
614 }
616 function create_missing_trees($srp, $target)
617 {
618 global $config;
620 $real_path= substr($target, 0, strlen($target) - strlen($this->basedn) -1 );
622 if ($target == $this->basedn){
623 $l= array("dummy");
624 } else {
625 $l= array_reverse(gosa_ldap_explode_dn($real_path));
626 }
627 unset($l['count']);
628 $cdn= $this->basedn;
629 $tag= "";
631 /* Load schema if available... */
632 $classes= $this->get_objectclasses();
634 foreach ($l as $part){
635 if ($part != "dummy"){
636 $cdn= "$part,$cdn";
637 }
639 /* Ignore referrals */
640 $found= false;
641 foreach($this->referrals as $ref){
642 $base= preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URI']);
643 if ($base == $cdn){
644 $found= true;
645 break;
646 }
647 }
648 if ($found){
649 continue;
650 }
652 $this->cat ($srp, $cdn);
653 $attrs= $this->fetch($srp);
655 /* Create missing entry? */
656 if (count ($attrs)){
658 /* Catch the tag - if present */
659 if (isset($attrs['gosaUnitTag'][0])){
660 $tag= $attrs['gosaUnitTag'][0];
661 }
663 } else {
664 $type= preg_replace('/^([^=]+)=.*$/', '\\1', $cdn);
665 $param= LDAP::fix(preg_replace('/^[^=]+=([^,]+).*$/', '\\1', $cdn));
666 $param=preg_replace(array('/\\\\,/','/\\\\"/'),array(',','"'),$param);
668 $na= array();
670 /* Automatic or traditional? */
671 if(count($classes)){
673 /* Get name of first matching objectClass */
674 $ocname= "";
675 foreach($classes as $class){
676 if (isset($class['MUST']) && in_array($type, $class['MUST'])){
678 /* Look for first classes that is structural... */
679 if (isset($class['STRUCTURAL'])){
680 $ocname= $class['NAME'];
681 break;
682 }
684 /* Look for classes that are auxiliary... */
685 if (isset($class['AUXILIARY'])){
686 $ocname= $class['NAME'];
687 }
688 }
689 }
691 /* Bail out, if we've nothing to do... */
692 if ($ocname == ""){
693 msg_dialog::display(_("Internal error"), sprintf(_("Cannot automatically create subtrees with RDN '%s': no object class found!"),$type), FATAL_ERROR_DIALOG);
694 exit();
695 }
697 /* Assemble_entry */
698 if ($tag != ""){
699 $na['objectClass']= array($ocname, "gosaAdministrativeUnitTag");
700 $na["gosaUnitTag"]= $tag;
701 } else {
702 $na['objectClass']= array($ocname);
703 }
704 if (isset($classes[$ocname]['AUXILIARY'])){
705 $na['objectClass'][]= $classes[$ocname]['SUP'];
706 }
707 if ($type == "dc"){
708 /* This is bad actually, but - tell me a better way? */
709 $na['objectClass'][]= 'locality';
710 }
711 $na[$type]= $param;
713 // Fill in MUST values - but do not overwrite existing ones.
714 if (is_array($classes[$ocname]['MUST'])){
715 foreach($classes[$ocname]['MUST'] as $attr){
716 if(isset($na[$attr]) && !empty($na[$attr])) continue;
717 $na[$attr]= "filled";
718 }
719 }
721 } else {
723 /* Use alternative add... */
724 switch ($type){
725 case 'ou':
726 if ($tag != ""){
727 $na["objectClass"]= array("organizationalUnit", "gosaAdministrativeUnitTag");
728 $na["gosaUnitTag"]= $tag;
729 } else {
730 $na["objectClass"]= "organizationalUnit";
731 }
732 $na["ou"]= $param;
733 break;
734 case 'dc':
735 if ($tag != ""){
736 $na["objectClass"]= array("dcObject", "top", "locality", "gosaAdministrativeUnitTag");
737 $na["gosaUnitTag"]= $tag;
738 } else {
739 $na["objectClass"]= array("dcObject", "top", "locality");
740 }
741 $na["dc"]= $param;
742 break;
743 default:
744 msg_dialog::display(_("Internal error"), sprintf(_("Cannot automatically create subtrees with RDN '%s': not supported"),$type), FATAL_ERROR_DIALOG);
745 exit();
746 }
748 }
749 $this->cd($cdn);
750 $this->add($na);
752 if (!$this->success()){
754 print_a(array($cdn,$na));
756 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($this->get_error(), $cdn, LDAP_ADD, get_class()));
757 return FALSE;
758 }
759 }
760 }
762 return TRUE;
763 }
766 function recursive_remove($srp)
767 {
768 $delarray= array();
770 /* Get sorted list of dn's to delete */
771 $this->search ($srp, "(objectClass=*)");
772 while ($this->fetch($srp)){
773 $deldn= $this->getDN($srp);
774 $delarray[$deldn]= strlen($deldn);
775 }
776 arsort ($delarray);
777 reset ($delarray);
779 /* Delete all dn's in subtree */
780 foreach ($delarray as $key => $value){
781 $this->rmdir($key);
782 }
783 }
786 function get_attribute($dn, $name,$r_array=0)
787 {
788 $data= "";
789 if ($this->reconnect) $this->connect();
790 $sr= @ldap_read($this->cid, LDAP::fix($dn), "objectClass=*", array("$name"));
792 /* fill data from LDAP */
793 if ($sr) {
794 $ei= @ldap_first_entry($this->cid, $sr);
795 if ($ei) {
796 if ($info= @ldap_get_values_len($this->cid, $ei, "$name")){
797 $data= $info[0];
798 }
799 }
800 }
801 if($r_array==0) {
802 return ($data);
803 } else {
804 return ($info);
805 }
806 }
810 function get_additional_error()
811 {
812 $error= "";
813 @ldap_get_option ($this->cid, LDAP_OPT_ERROR_STRING, $error);
814 return ($error);
815 }
818 function success()
819 {
820 return (preg_match('/Success/i', $this->error));
821 }
824 function get_error()
825 {
826 if ($this->error == 'Success'){
827 return $this->error;
828 } else {
829 $adderror= $this->get_additional_error();
830 if ($adderror != ""){
831 $error= $this->error." (".$this->get_additional_error().", ".sprintf(_("while operating on '%s' using LDAP server '%s'"), $this->basedn, $this->hostname).")";
832 } else {
833 $error= $this->error." (".sprintf(_("while operating on LDAP server %s"), $this->hostname).")";
834 }
835 return $error;
836 }
837 }
839 function get_credentials($url, $referrals= NULL)
840 {
841 $ret= array();
842 $url= preg_replace('!\?\?.*$!', '', $url);
843 $server= preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $url);
845 if ($referrals === NULL){
846 $referrals= $this->referrals;
847 }
849 if (isset($referrals[$server])){
850 return ($referrals[$server]);
851 } else {
852 $ret['ADMINDN']= LDAP::fix($this->binddn);
853 $ret['ADMINPASSWORD']= $this->bindpw;
854 }
856 return ($ret);
857 }
860 /*! \brief Generates an ldif for all entries matching the filter settings, scope and limit.
861 * @param $dn The entry to export.
862 * @param $filter Limit the exported object to those maching this filter.
863 * @param $scope 'base', 'sub' .. see manpage for 'ldapmodify' for details.
864 * @param $limit Limits the result.
865 */
866 function generateLdif ($dn, $filter= "(objectClass=*)", $attributes= array(),$scope = 'sub', $limit=0)
867 {
869 // Attributes are unused !!
870 $attrs = '';
872 // Ensure that limit is numeric if not skip here.
873 if(!empty($limit) && !is_numeric($limit)){
874 trigger_error(sprintf("Invalid parameter for limit '%s', a numeric value is required."), $limit);
875 return(NULL);
876 }
877 $limit = (!$limit)?'':' -z '.$limit;
879 // Check scope values
880 $scope = trim($scope);
881 if(!empty($scope) && !in_array($scope, array('base', 'one', 'sub', 'children'))){
882 trigger_error(sprintf("Invalid parameter for scope '%s', please use 'base', 'one', 'sub' or 'children'."), $scope);
883 return(NULL);
884 }
885 $scope = (!empty($scope))?' -s '.$scope: '';
887 // First check if we are able to call 'ldapsearch' on the command line.
888 $check = shell_exec('which ldapsearch');
889 if(empty($check)){
890 $this->error = sprintf(_("Missing command line programm '%s'!"), 'ldapsearch');
891 return(NULL);
892 }
894 // Prepare parameters to be valid for shell execution
895 $dn = escapeshellarg($dn);
896 $pwd = $this->bindpw;
897 $host = escapeshellarg($this->hostname);
898 $admin = escapeshellarg($this->binddn);
899 $filter = escapeshellarg($filter);
902 $cmd = "ldapsearch -x -LLLL -D {$admin} {$filter} {$limit} {$scope} -H {$host} -b {$dn} -W ";
904 // Create list of process pipes
905 $descriptorspec = array(
906 0 => array("pipe", "r"), // stdin
907 1 => array("pipe", "w"), // stdout
908 2 => array("pipe", "w")); // stderr
910 // Try to open the process
911 $process = proc_open($cmd, $descriptorspec, $pipes);
912 if (is_resource($process)) {
914 // Write the password to stdin
915 fwrite($pipes[0], $pwd);
916 fclose($pipes[0]);
918 // Get results from stdout and stderr
919 $res = stream_get_contents($pipes[1]);
920 $err = stream_get_contents($pipes[2]);
921 fclose($pipes[1]);
923 // Close the process and check its return value
924 if(proc_close($process) != 0){
925 $this->error = $err;
926 return(NULL);
927 }
928 }
929 return($res);
930 }
933 function gen_xls ($srp, $dn, $filter= "(objectClass=*)", $attributes= array('*'), $recursive= TRUE,$r_array=0)
934 {
935 $display= array();
937 $this->cd($dn);
938 $this->search($srp, "$filter");
940 $i=0;
941 while ($attrs= $this->fetch($srp)){
942 $j=0;
944 foreach ($attributes as $at){
945 $display[$i][$j]= $this->get_attribute($attrs['dn'], $at,$r_array);
946 $j++;
947 }
949 $i++;
950 }
952 return ($display);
953 }
956 function dn_exists($dn)
957 {
958 return @ldap_list($this->cid, LDAP::fix($dn), "(objectClass=*)", array("objectClass"));
959 }
963 /* This funktion imports ldifs
965 If DeleteOldEntries is true, the destination entry will be deleted first.
966 If JustModify is true the destination entry will only be touched by the attributes specified in the ldif.
967 if JustMofify id false the destination dn will be overwritten by the new ldif.
968 */
970 function import_complete_ldif($srp, $str_attr,$error,$JustModify,$DeleteOldEntries)
971 {
972 if($this->reconnect) $this->connect();
974 /* First we have to split the string into empty lines.
975 An empty line indicates an new Entry */
976 $entries = preg_split("/\n/",$str_attr);
978 $data = "";
979 $cnt = 0;
980 $current_line = 0;
982 /* FIX ldif */
983 $last = "";
984 $tmp = "";
985 $i = 0;
986 foreach($entries as $entry){
987 if(preg_match("/^ /",$entry)){
988 $tmp[$i] .= trim($entry);
989 }else{
990 $i ++;
991 $tmp[$i] = trim($entry);
992 }
993 }
995 /* Every single line ... */
996 foreach($tmp as $entry) {
997 $current_line ++;
999 /* Removing Spaces to ..
1000 .. test if a new entry begins */
1001 $tmp = str_replace(" ","",$data );
1003 /* .. prevent empty lines in an entry */
1004 $tmp2 = str_replace(" ","",$entry);
1006 /* If the Block ends (Empty Line) */
1007 if((empty($entry))&&(!empty($tmp))) {
1008 /* Add collected lines as a complete block */
1009 $all[$cnt] = $data;
1010 $cnt ++;
1011 $data ="";
1012 } else {
1014 /* Append lines ... */
1015 if(!empty($tmp2)) {
1016 /* check if we need base64_decode for this line */
1017 if(strstr($tmp2, "::") !== false)
1018 {
1019 $encoded = explode("::",$entry);
1020 $attr = trim($encoded[0]);
1021 $value = base64_decode(trim($encoded[1]));
1022 /* Add linenumber */
1023 $data .= $current_line."#".base64_encode($attr.":".$value)."\n";
1024 }
1025 else
1026 {
1027 /* Add Linenumber */
1028 $data .= $current_line."#".base64_encode($entry)."\n";
1029 }
1030 }
1031 }
1032 }
1034 /* The Data we collected is not in the array all[];
1035 For example the Data is stored like this..
1037 all[0] = "1#dn : .... \n
1038 2#ObjectType: person \n ...."
1040 Now we check every insertblock and try to insert */
1041 foreach ( $all as $single) {
1042 $lineone = preg_split("/\n/",$single);
1043 $ndn = explode("#", $lineone[0]);
1044 $line = base64_decode($ndn[1]);
1046 $dnn = explode (":",$line,2);
1047 $current_line = $ndn[0];
1048 $dn = $dnn[0];
1049 $value = $dnn[1];
1051 /* Every block must begin with a dn */
1052 if($dn != "dn") {
1053 $error= sprintf(_("This is not a valid DN: '%s'. A block for import should begin with 'dn: ...' in line %s"), $line, $current_line);
1054 return -2;
1055 }
1057 /* Should we use Modify instead of Add */
1058 $usemodify= false;
1060 /* Delete before insert */
1061 $usermdir= false;
1063 /* The dn address already exists, Don't delete destination entry, overwrite it */
1064 if (($this->dn_exists($value))&&((!$JustModify)&&(!$DeleteOldEntries))) {
1066 $usermdir = $usemodify = false;
1068 /* Delete old entry first, then add new */
1069 } elseif(($this->dn_exists($value))&&($DeleteOldEntries)){
1071 /* Delete first, then add */
1072 $usermdir = true;
1074 } elseif(($this->dn_exists($value))&&($JustModify)) {
1076 /* Modify instead of Add */
1077 $usemodify = true;
1078 }
1080 /* If we can't Import, return with a file error */
1081 if(!$this->import_single_entry($srp, $single,$usemodify,$usermdir) ) {
1082 $error= sprintf(_("Error while importing dn: '%s', please check your LDIF from line %s on!"), $line,
1083 $current_line);
1084 return UNKNOWN_TOKEN_IN_LDIF_FILE; }
1085 }
1087 return (INSERT_OK);
1088 }
1091 /* Imports a single entry
1092 If $delete is true; The old entry will be deleted if it exists.
1093 if $modify is true; All variables that are not touched by the new ldif will be kept.
1094 if $modify is false; The new ldif overwrites the old entry, and all untouched attributes get lost.
1095 */
1096 function import_single_entry($srp, $str_attr,$modify,$delete)
1097 {
1098 global $config;
1100 if(!$config){
1101 trigger_error("Can't import ldif, can't read config object.");
1102 }
1105 if($this->reconnect) $this->connect();
1107 $ret = false;
1108 $rows= preg_split("/\n/",$str_attr);
1109 $data= false;
1111 foreach($rows as $row) {
1113 /* Check if we use Linenumbers (when import_complete_ldif is called we use
1114 Linenumbers) Linenumbers are use like this 123#attribute : value */
1115 if(!empty($row)) {
1116 if(strpos($row,"#")!=FALSE) {
1118 /* We are using line numbers
1119 Because there is a # before a : */
1120 $tmp1= explode("#",$row);
1121 $current_line= $tmp1[0];
1122 $row= base64_decode($tmp1[1]);
1123 }
1125 /* Split the line into attribute and value */
1126 $attr = explode(":", $row,2);
1127 $attr[0]= trim($attr[0]); /* attribute */
1128 $attr[1]= $attr[1]; /* value */
1130 /* Check :: was used to indicate base64_encoded strings */
1131 if($attr[1][0] == ":"){
1132 $attr[1]=trim(preg_replace("/^:/","",$attr[1]));
1133 $attr[1]=base64_decode($attr[1]);
1134 }
1136 $attr[1] = trim($attr[1]);
1138 /* Check for attributes that are used more than once */
1139 if(!isset($data[$attr[0]])) {
1140 $data[$attr[0]]=$attr[1];
1141 } else {
1142 $tmp = $data[$attr[0]];
1144 if(!is_array($tmp)) {
1145 $new[0]=$tmp;
1146 $new[1]=$attr[1];
1147 $datas[$attr[0]]['count']=1;
1148 $data[$attr[0]]=$new;
1149 } else {
1150 $cnt = $datas[$attr[0]]['count'];
1151 $cnt ++;
1152 $data[$attr[0]][$cnt]=$attr[1];
1153 $datas[$attr[0]]['count'] = $cnt;
1154 }
1155 }
1156 }
1157 }
1159 /* If dn is an index of data, we should try to insert the data */
1160 if(isset($data['dn'])) {
1162 /* Fix dn */
1163 $tmp = gosa_ldap_explode_dn($data['dn']);
1164 unset($tmp['count']);
1165 $newdn ="";
1166 foreach($tmp as $tm){
1167 $newdn.= trim($tm).",";
1168 }
1169 $newdn = preg_replace("/,$/","",$newdn);
1170 $data['dn'] = $newdn;
1172 /* Creating Entry */
1173 $this->cd($data['dn']);
1175 /* Delete existing entry */
1176 if($delete){
1177 $this->rmdir_recursive($srp, $data['dn']);
1178 }
1180 /* Create missing trees */
1181 $this->cd ($this->basedn);
1182 $this->cd($config->current['BASE']);
1183 $this->create_missing_trees($srp, preg_replace("/^[^,]+,/","",$data['dn']));
1184 $this->cd($data['dn']);
1186 $dn = $data['dn'];
1187 unset($data['dn']);
1189 if(!$modify){
1191 $this->cat($srp, $dn);
1192 if($this->count($srp)){
1194 /* The destination entry exists, overwrite it with the new entry */
1195 $attrs = $this->fetch($srp);
1196 foreach($attrs as $name => $value ){
1197 if(!is_numeric($name)){
1198 if(in_array($name,array("dn","count"))) continue;
1199 if(!isset($data[$name])){
1200 $data[$name] = array();
1201 }
1202 }
1203 }
1204 $ret = $this->modify($data);
1206 }else{
1208 /* The destination entry doesn't exists, create it */
1209 $ret = $this->add($data);
1210 }
1212 } else {
1214 /* Keep all vars that aren't touched by this ldif */
1215 $ret = $this->modify($data);
1216 }
1217 }
1219 if (!$this->success()){
1220 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($this->get_error(), $dn, "", get_class()));
1221 }
1223 return($ret);
1224 }
1227 function importcsv($str)
1228 {
1229 $lines = preg_split("/\n/",$str);
1230 foreach($lines as $line)
1231 {
1232 /* continue if theres a comment */
1233 if(substr(trim($line),0,1)=="#"){
1234 continue;
1235 }
1237 $line= str_replace ("\t\t","\t",$line);
1238 $line= str_replace ("\t" ,"," ,$line);
1239 echo $line;
1241 $cells = explode(",",$line ) ;
1242 $linet= str_replace ("\t\t",",",$line);
1243 $cells = preg_split("/\t/",$line);
1244 $count = count($cells);
1245 }
1247 }
1249 function get_objectclasses( $force_reload = FALSE)
1250 {
1251 $objectclasses = array();
1252 global $config;
1254 /* Only read schema if it is allowed */
1255 if(isset($config) && preg_match("/config/i",get_class($config))){
1256 if ($config->get_cfg_value("schemaCheck") != "true"){
1257 return($objectclasses);
1258 }
1259 }
1261 /* Return the cached results. */
1262 if(class_available('session') && session::global_is_set("LDAP_CACHE::get_objectclasses") && !$force_reload){
1263 $objectclasses = session::global_get("LDAP_CACHE::get_objectclasses");
1264 return($objectclasses);
1265 }
1267 # Get base to look for schema
1268 $sr = @ldap_read ($this->cid, "", "objectClass=*", array("subschemaSubentry"));
1269 $attr = @ldap_get_entries($this->cid,$sr);
1270 if (!isset($attr[0]['subschemasubentry'][0])){
1271 return array();
1272 }
1274 /* Get list of objectclasses and fill array */
1275 $nb= $attr[0]['subschemasubentry'][0];
1276 $objectclasses= array();
1277 $sr= ldap_read ($this->cid, $nb, "objectClass=*", array("objectclasses"));
1278 $attrs= ldap_get_entries($this->cid,$sr);
1279 if (!isset($attrs[0])){
1280 return array();
1281 }
1282 foreach ($attrs[0]['objectclasses'] as $val){
1283 if (preg_match('/^[0-9]+$/', $val)){
1284 continue;
1285 }
1286 $name= "OID";
1287 $pattern= explode(' ', $val);
1288 $ocname= preg_replace("/^.* NAME\s+\(*\s*'([^']+)'\s*\)*.*$/", '\\1', $val);
1289 $objectclasses[$ocname]= array();
1291 foreach($pattern as $chunk){
1292 switch($chunk){
1294 case '(':
1295 $value= "";
1296 break;
1298 case ')': if ($name != ""){
1299 $v = $this->value2container($value);
1300 if(in_array($name, array('MUST', 'MAY')) && !is_array($v)){
1301 $v = array($v);
1302 }
1303 $objectclasses[$ocname][$name]= $v;
1304 }
1305 $name= "";
1306 $value= "";
1307 break;
1309 case 'NAME':
1310 case 'DESC':
1311 case 'SUP':
1312 case 'STRUCTURAL':
1313 case 'ABSTRACT':
1314 case 'AUXILIARY':
1315 case 'MUST':
1316 case 'MAY':
1317 if ($name != ""){
1318 $v = $this->value2container($value);
1319 if(in_array($name, array('MUST', 'MAY')) && !is_array($v)){
1320 $v = array($v);
1321 }
1322 $objectclasses[$ocname][$name]= $v;
1323 }
1324 $name= $chunk;
1325 $value= "";
1326 break;
1328 default: $value.= $chunk." ";
1329 }
1330 }
1332 }
1333 if(class_available("session")){
1334 session::global_set("LDAP_CACHE::get_objectclasses",$objectclasses);
1335 }
1337 return $objectclasses;
1338 }
1341 function value2container($value)
1342 {
1343 /* Set emtpy values to "true" only */
1344 if (preg_match('/^\s*$/', $value)){
1345 return true;
1346 }
1348 /* Remove ' and " if needed */
1349 $value= preg_replace('/^[\'"]/', '', $value);
1350 $value= preg_replace('/[\'"] *$/', '', $value);
1352 /* Convert to array if $ is inside... */
1353 if (preg_match('/\$/', $value)){
1354 $container= preg_split('/\s*\$\s*/', $value);
1355 } else {
1356 $container= chop($value);
1357 }
1359 return ($container);
1360 }
1363 function log($string)
1364 {
1365 if (session::global_is_set('config')){
1366 $cfg = session::global_get('config');
1367 if (isset($cfg->current['LDAPSTATS']) && preg_match('/true/i', $cfg->current['LDAPSTATS'])){
1368 syslog (LOG_INFO, $string);
1369 }
1370 }
1371 }
1373 /* added by Guido Serra aka Zeph <zeph@purotesto.it> */
1374 function getCn($dn){
1375 $simple= explode(",", $dn);
1377 foreach($simple as $piece) {
1378 $partial= explode("=", $piece);
1380 if($partial[0] == "cn"){
1381 return $partial[1];
1382 }
1383 }
1384 }
1387 function get_naming_contexts($server, $admin= "", $password= "")
1388 {
1389 /* Build LDAP connection */
1390 $ds= ldap_connect ($server);
1391 if (!$ds) {
1392 die ("Can't bind to LDAP. No check possible!");
1393 }
1394 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
1395 $r= ldap_bind ($ds, $admin, $password);
1397 /* Get base to look for naming contexts */
1398 $sr = @ldap_read ($ds, "", "objectClass=*", array("+"));
1399 $attr= @ldap_get_entries($ds,$sr);
1401 return ($attr[0]['namingcontexts']);
1402 }
1405 function get_root_dse($server, $admin= "", $password= "")
1406 {
1407 /* Build LDAP connection */
1408 $ds= ldap_connect ($server);
1409 if (!$ds) {
1410 die ("Can't bind to LDAP. No check possible!");
1411 }
1412 ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
1413 $r= ldap_bind ($ds, $admin, $password);
1415 /* Get base to look for naming contexts */
1416 $sr = @ldap_read ($ds, "", "objectClass=*", array("+"));
1417 $attr= @ldap_get_entries($ds,$sr);
1419 /* Return empty array, if nothing was set */
1420 if (!isset($attr[0])){
1421 return array();
1422 }
1424 /* Rework array... */
1425 $result= array();
1426 for ($i= 0; $i<$attr[0]['count']; $i++){
1427 $result[$attr[0][$i]]= $attr[0][$attr[0][$i]];
1428 unset($result[$attr[0][$i]]['count']);
1429 }
1431 return ($result);
1432 }
1434 }
1435 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
1436 ?>