You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7 » LdapServer.class.php » LdapServer

private function LdapServer::deriveFromAttrGroupsResursive in Lightweight Directory Access Protocol (LDAP) 7

not working yet will be ton of permission issues with service accounts need configurable obj type to avoid binding to a million user entries, printers, etc.

1 call to LdapServer::deriveFromAttrGroupsResursive()
LdapServer::deriveFromAttrGroups in ldap_servers/LdapServer.class.php
return by reference groups/authorizations when groups are defined from user attributes (such as memberOf)

File

ldap_servers/LdapServer.class.php, line 667
Defines server classes and related functions.

Class

LdapServer
LDAP Server Class

Code

private function deriveFromAttrGroupsResursive(&$all_groups, &$groups_by_level, $level, $derive_from_attribute_name, $max_depth) {

  // derive query with & of all groups at current level
  // e.g. (|(distinguishedname=cn=content editors,ou=groups,dc=ad,dc=myuniversity,dc=edu)(distinguishedname=cn=content approvers,ou=groups,dc=ad,dc=myuniversity,dc=edu))
  // execute query and loop through it to populate $groups_by_level[$level + 1]
  // call recursively provided max depth not excluded and $groups_by_level[$level + 1] > 0
  // this needs to be configurable also and default per ldap implementation
  $group_values = $groups_by_level[$derive_from_attribute_name][$level];
  $filter = "(&\n  (objectClass=" . ldap_server_massage_text($this->groupObjectClass, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ")\n" . "(" . $derive_from_attribute_name . "=*)\n" . "(|\n    (distinguishedname=" . join(")\n    (distinguishedname=", ldap_server_massage_text($group_values, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)) . ")\n  )\n)";
  $level++;
  foreach ($this->basedn as $base_dn) {

    // need to search on all basedns one at a time
    $entries = $this
      ->search($base_dn, $filter, array(
      $derive_from_attribute_name,
    ));
    foreach ($entries as $entry) {
      $attr_values = array();
      if (is_array($entry) && count($entry)) {
        if (isset($entry[$derive_from_attribute_name])) {
          $attr_values = $entry[$derive_from_attribute_name];
        }
        elseif (isset($entry[drupal_strtolower($derive_from_attribute_name)])) {
          $attr_values = $entry[drupal_strtolower($derive_from_attribute_name)];
        }
        else {
          foreach ($entry as $attr_name => $values) {
            if (strcasecmp($derive_from_attribute_name, $attr_name) != 0) {
              continue;
            }
            $attr_values = $entry[$attr_name];
            break;
          }
        }
        if (count($attr_values)) {
          for ($i = 0; $i < $attr_values['count']; $i++) {
            $value = (string) $attr_values[$i];
            if (!in_array($value, $all_groups)) {
              $groups_by_level[$derive_from_attribute_name][$level][] = $value;
              $all_groups[] = $value;
            }
          }
        }
      }
    }
  }
  if (isset($groups_by_level[$derive_from_attribute_name][$level]) && count($groups_by_level[$derive_from_attribute_name][$level]) && $level < $max_depth) {
    $this
      ->deriveFromAttrGroupsResursive($all_groups, $groups_by_level, $level, $derive_from_attribute_name, $max_depth);
  }
}