You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7 » LdapServer.class.php » LdapServer

public function LdapServer::groupsByEntryIsMember in Lightweight Directory Access Protocol (LDAP) 7

looking at all members of a child group. only need to determine if member of one of the groups, doesn't matter which one.

Parameters

string ldap attribute value $group_id. represents group in question: @param array $members. list of current group members e.g. array('cn=it,cn=groups,dc=ad,dc=myuniversity,dc=edu') @param string ldap attribute name $entries_attr that $members represent

@param string $base_dn to be searched @param array $tested_groups is an array of group_ids in form of whatever $entries_attr is (e.g. cns, dns,...)

@param string $membership_attr e.g. uniquemember @param array $user_ldap_entry @param int $depth, current recursion depth @param int $max_depth, max allowed recursion

@return TRUE or FALSE

@see tests/DeriveFromEntry/ldap_servers.inc for fuller notes and test example

1 call to LdapServer::groupsByEntryIsMember()
LdapServer::deriveFromEntryGroups in ldap_servers/LdapServer.class.php
return by reference groups/authorizations when groups are defined from entry

File

ldap_servers/LdapServer.class.php, line 802
Defines server classes and related functions.

Class

LdapServer
LDAP Server Class

Code

public function groupsByEntryIsMember($members, $entries_attr, $base_dn, &$tested_groups, $membership_attr, $matching_user_value, $depth, $max_depth) {

  // query for all members that are groups
  $filter = "(&(objectClass=" . ldap_server_massage_text($this->groupObjectClass, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ")(|\n  ({$entries_attr}=" . join(")\n    ({$entries_attr}=", ldap_server_massage_text($members, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)) . ")\n  ))";
  $entries = $this
    ->search($base_dn, $filter, array(
    'dn',
    $entries_attr,
    $membership_attr,
  ));
  if (isset($entries['count'])) {
    unset($entries['count']);
  }
  if ($entries !== FALSE) {
    foreach ($entries as $i => $entry) {
      $group_id = $entries_attr == 'dn' || $entries_attr == 'distinguishedname' ? (string) $entry['dn'] : (string) $entry[$entries_attr][0];
      if (!in_array($group_id, $tested_groups)) {
        $tested_groups[] = $group_id;
        $child_members = isset($entry[$membership_attr]) ? $entry[$membership_attr] : array(
          'count' => 0,
        );
        unset($child_members['count']);
        if (count($child_members) == 0) {
          return FALSE;
        }
        elseif (in_array($matching_user_value, array_values($child_members))) {
          return TRUE;

          // user is direct member of child group
        }
        elseif ($depth < $max_depth) {

          // $derive_from_entry_attr, $user_ldap_attr, $user_ldap_entry
          $result = $this
            ->groupsByEntryIsMember($child_members, $entries_attr, $base_dn, $tested_groups, $membership_attr, $matching_user_value, $depth + 1, $max_depth);
          return $result;
        }
      }
    }
  }
  return FALSE;
}