public function LdapServer::groupMembersResursive in Lightweight Directory Access Protocol (LDAP) 7.2
Same name and namespace in other branches
- 8.2 ldap_servers/LdapServer.class.php \LdapServer::groupMembersResursive()
NOT IMPLEMENTED recurse through all child groups and add members.
Parameters
array $current_group_entries: of ldap group entries that are starting point. should include at least 1 entry.
array $all_group_dns: as array of all groups user is a member of. MIXED CASE VALUES.
array $tested_group_ids: as array of tested group dn, cn, uid, etc. MIXED CASE VALUES whether these value are dn, cn, uid, etc depends on what attribute members, uniquemember, memberUid contains whatever attribute is in $this->$tested_group_ids to avoid redundant recursing.
int $level: of recursion.
int $max_levels: as max recursion allowed.
Return value
bool
1 call to LdapServer::groupMembersResursive()
- LdapServer::groupAllMembers in ldap_servers/
LdapServer.class.php - Get all members of a group.
File
- ldap_servers/
LdapServer.class.php, line 1673 - Defines server classes and related functions.
Class
- LdapServer
- LDAP Server Class.
Code
public function groupMembersResursive($current_member_entries, &$all_member_dns, &$tested_group_ids, $level, $max_levels, $object_classes = FALSE) {
if (!$this->groupGroupEntryMembershipsConfigured || !is_array($current_member_entries) || count($current_member_entries) == 0) {
return FALSE;
}
if (isset($current_member_entries['count'])) {
unset($current_member_entries['count']);
}
foreach ($current_member_entries as $i => $member_entry) {
// 1. Add entry itself if of the correct type to $all_member_dns.
$objectClassMatch = !$object_classes || count(array_intersect(array_values($member_entry['objectclass']), $object_classes)) > 0;
$objectIsGroup = in_array($this->groupObjectClass, array_values($member_entry['objectclass']));
// Add member.
if ($objectClassMatch && !in_array($member_entry['dn'], $all_member_dns)) {
$all_member_dns[] = $member_entry['dn'];
}
// 2. If its a group, keep recurse the group for descendants.
if ($objectIsGroup && $level < $max_levels) {
if ($this->groupMembershipsAttrMatchingUserAttr == 'dn') {
$group_id = $member_entry['dn'];
}
else {
$group_id = $member_entry[$this->groupMembershipsAttrMatchingUserAttr][0];
}
// 3. skip any groups that have already been tested.
if (!in_array($group_id, $tested_group_ids)) {
$tested_group_ids[] = $group_id;
$member_ids = $member_entry[$this->groupMembershipsAttr];
if (isset($member_ids['count'])) {
unset($member_ids['count']);
}
$ors = [];
foreach ($member_ids as $i => $member_id) {
// @todo this would be replaced by query template
$ors[] = $this->groupMembershipsAttr . '=' . ldap_pear_escape_filter_value($member_id);
}
if (count($ors)) {
// e.g. (|(cn=group1)(cn=group2)) or (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
$query_for_child_members = '(|(' . join(")(", $ors) . '))';
// Add or on object classe, otherwise get all object classes.
if (count($object_classes)) {
$object_classes_ors = [
'(objectClass=' . $this->groupObjectClass . ')',
];
foreach ($object_classes as $object_class) {
$object_classes_ors[] = '(objectClass=' . $object_class . ')';
}
$query_for_child_members = '&(|' . join($object_classes_ors) . ')(' . $query_for_child_members . ')';
}
// Need to search on all basedns one at a time.
foreach ($this->basedn as $base_dn) {
$child_member_entries = $this
->search($base_dn, $query_for_child_members, [
'objectclass',
$this->groupMembershipsAttr,
$this->groupMembershipsAttrMatchingUserAttr,
]);
if ($child_member_entries !== FALSE) {
$this
->groupMembersResursive($child_member_entries, $all_member_dns, $tested_group_ids, $level + 1, $max_levels, $object_classes);
}
}
}
}
}
}
}