You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.2 » LdapServer.class.php » LdapServer

public function LdapServer::groupUserMembershipsFromEntry in Lightweight Directory Access Protocol (LDAP) 8.2

Same name and namespace in other branches
  1. 7.2 ldap_servers/LdapServer.class.php \LdapServer::groupUserMembershipsFromEntry()

get list of all groups that a user is a member of by querying groups

If $nested = TRUE, list will include all parent group. That is if user is a member of "programmer" group and "programmer" group is a member of "it" group, user is a member of both "programmer" and "it" groups.

If $nested = FALSE, list will only include groups user is in directly.

Parameters

mixed:

  • drupal user object (stdClass Object)
  • ldap entry of user (array) (with top level keys of 'dn', 'mail', 'sid' and 'attr' )
  • ldap dn of user (array)
  • drupal username of user (string)

@param boolean $nested if groups should be recursed or not.

@return array of group dns MIXED CASE VALUES

@see tests/DeriveFromEntry/ldap_servers.inc for fuller notes and test example

1 call to LdapServer::groupUserMembershipsFromEntry()
LdapServer::groupMembershipsFromUser in ldap_servers/LdapServer.class.php
get list of all groups that a user is a member of.

File

ldap_servers/LdapServer.class.php, line 1654
Defines server classes and related functions.

Class

LdapServer
LDAP Server Class

Code

public function groupUserMembershipsFromEntry($user, $nested = NULL) {
  if (!$this->groupGroupEntryMembershipsConfigured) {
    return FALSE;
  }
  if ($nested === NULL) {
    $nested = $this->groupNested;
  }
  $user_ldap_entry = $this
    ->userUserToExistingLdapEntry($user);
  $all_group_dns = array();

  // MIXED CASE VALUES
  $tested_group_ids = array();

  // array of dns already tested to avoid excess queries MIXED CASE VALUES
  $level = 0;
  if ($this->groupMembershipsAttrMatchingUserAttr == 'dn') {
    $member_value = $user_ldap_entry['dn'];
  }
  else {
    $member_value = $user_ldap_entry['attr'][$this->groupMembershipsAttrMatchingUserAttr][0];
  }
  $group_query = '(&(objectClass=' . $this->groupObjectClass . ')(' . $this->groupMembershipsAttr . "={$member_value}))";
  foreach ($this->basedn as $base_dn) {

    // need to search on all basedns one at a time
    $group_entries = $this
      ->search($base_dn, $group_query, array());

    // only need dn, so empty array forces return of no attributes
    if ($group_entries !== FALSE) {
      $max_levels = $nested ? LDAP_SERVER_LDAP_QUERY_RECURSION_LIMIT : 0;
      $this
        ->groupMembershipsFromEntryResursive($group_entries, $all_group_dns, $tested_group_ids, $level, $max_levels);
    }
  }
  return $all_group_dns;
}