public function LdapServer::groupUserMembershipsFromEntry in Lightweight Directory Access Protocol (LDAP) 8.2
Same name and namespace in other branches
- 7.2 ldap_servers/LdapServer.class.php \LdapServer::groupUserMembershipsFromEntry()
get list of all groups that a user is a member of by querying groups
If $nested = TRUE, list will include all parent group. That is if user is a member of "programmer" group and "programmer" group is a member of "it" group, user is a member of both "programmer" and "it" groups.
If $nested = FALSE, list will only include groups user is in directly.
Parameters
mixed:
- drupal user object (stdClass Object)
- ldap entry of user (array) (with top level keys of 'dn', 'mail', 'sid' and 'attr' )
- ldap dn of user (array)
- drupal username of user (string)
@param boolean $nested if groups should be recursed or not.
@return array of group dns MIXED CASE VALUES
@see tests/DeriveFromEntry/ldap_servers.inc for fuller notes and test example
1 call to LdapServer::groupUserMembershipsFromEntry()
- LdapServer::groupMembershipsFromUser in ldap_servers/
LdapServer.class.php - get list of all groups that a user is a member of.
File
- ldap_servers/
LdapServer.class.php, line 1654 - Defines server classes and related functions.
Class
- LdapServer
- LDAP Server Class
Code
public function groupUserMembershipsFromEntry($user, $nested = NULL) {
if (!$this->groupGroupEntryMembershipsConfigured) {
return FALSE;
}
if ($nested === NULL) {
$nested = $this->groupNested;
}
$user_ldap_entry = $this
->userUserToExistingLdapEntry($user);
$all_group_dns = array();
// MIXED CASE VALUES
$tested_group_ids = array();
// array of dns already tested to avoid excess queries MIXED CASE VALUES
$level = 0;
if ($this->groupMembershipsAttrMatchingUserAttr == 'dn') {
$member_value = $user_ldap_entry['dn'];
}
else {
$member_value = $user_ldap_entry['attr'][$this->groupMembershipsAttrMatchingUserAttr][0];
}
$group_query = '(&(objectClass=' . $this->groupObjectClass . ')(' . $this->groupMembershipsAttr . "={$member_value}))";
foreach ($this->basedn as $base_dn) {
// need to search on all basedns one at a time
$group_entries = $this
->search($base_dn, $group_query, array());
// only need dn, so empty array forces return of no attributes
if ($group_entries !== FALSE) {
$max_levels = $nested ? LDAP_SERVER_LDAP_QUERY_RECURSION_LIMIT : 0;
$this
->groupMembershipsFromEntryResursive($group_entries, $all_group_dns, $tested_group_ids, $level, $max_levels);
}
}
return $all_group_dns;
}