You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7.2 » LdapServer.class.php » LdapServer

public function LdapServer::groupUserMembershipsFromEntry in Lightweight Directory Access Protocol (LDAP) 7.2

Same name and namespace in other branches
  1. 8.2 ldap_servers/LdapServer.class.php \LdapServer::groupUserMembershipsFromEntry()

Get list of all groups that a user is a member of by querying groups.

If $nested = TRUE, list will include all parent group. That is if user is a member of "programmer" group and "programmer" group is a member of "it" group, user is a member of both "programmer" and "it" groups.

If $nested = FALSE, list will only include groups user is in directly.

Parameters

mixed:

  • drupal user object (stdClass Object)

    • ldap entry of user (array) (with top level keys of 'dn', 'mail', 'sid' and 'attr' )
    • ldap dn of user (array)
    • drupal username of user (string)

bool $nested: if groups should be recursed or not.

Return value

array of group dns MIXED CASE VALUES

See also

tests/DeriveFromEntry/ldap_servers.inc for fuller notes and test example

1 call to LdapServer::groupUserMembershipsFromEntry()
LdapServer::groupMembershipsFromUser in ldap_servers/LdapServer.class.php
Get list of all groups that a user is a member of.

File

ldap_servers/LdapServer.class.php, line 1895
Defines server classes and related functions.

Class

LdapServer
LDAP Server Class.

Code

public function groupUserMembershipsFromEntry($user, $nested = NULL) {
  if (!$this->groupGroupEntryMembershipsConfigured) {
    return FALSE;
  }
  if ($nested === NULL) {
    $nested = $this->groupNested;
  }
  $user_ldap_entry = $this
    ->userUserToExistingLdapEntry($user);

  // MIXED CASE VALUES.
  $all_group_dns = [];

  // Array of dns already tested to avoid excess queries MIXED CASE VALUES.
  $tested_group_ids = [];
  $level = 0;
  if ($this->groupMembershipsAttrMatchingUserAttr == 'dn') {
    $member_value = $user_ldap_entry['dn'];
  }
  else {
    $member_value = $user_ldap_entry['attr'][$this->groupMembershipsAttrMatchingUserAttr][0];
  }
  $member_value = ldap_pear_escape_filter_value($member_value);
  if ($this->groupObjectClass == '') {
    $group_query = '(' . $this->groupMembershipsAttr . "={$member_value})";
  }
  else {
    $group_query = '(&(objectClass=' . $this->groupObjectClass . ')(' . $this->groupMembershipsAttr . "={$member_value}))";
  }

  // Need to search on all basedns one at a time.
  foreach ($this->basedn as $base_dn) {

    // Only need dn, so empty array forces return of no attributes.
    $group_entries = $this
      ->search($base_dn, $group_query, []);
    if ($group_entries !== FALSE) {
      $max_levels = $nested ? LDAP_SERVER_LDAP_QUERY_RECURSION_LIMIT : 0;
      $this
        ->groupMembershipsFromEntryRecursive($group_entries, $all_group_dns, $tested_group_ids, $level, $max_levels);
    }
  }
  return $all_group_dns;
}