public function LdapServer::userUserNameToExistingLdapEntry in Lightweight Directory Access Protocol (LDAP) 7.2
Same name and namespace in other branches
- 8.2 ldap_servers/LdapServer.class.php \LdapServer::userUserNameToExistingLdapEntry()
Queries LDAP server for the user.
Parameters
string $drupal_user_name:
string or int $prov_event: This could be anything, particularly when used by other modules. Other modules should use string like 'mymodule_myevent' LDAP_USER_EVENT_ALL signifies get all attributes needed by all other contexts/ops.
Return value
array representing ldap data of a user. for example of returned value. 'sid' => ldap server id 'mail' => derived from ldap mail (not always populated). 'dn' => dn of user 'attr' => single ldap entry array in form returned from ldap_search() extension, e.g. 'dn' => dn of entry
1 call to LdapServer::userUserNameToExistingLdapEntry()
- LdapServer::userUserToExistingLdapEntry in ldap_servers/
LdapServer.class.php
File
- ldap_servers/
LdapServer.class.php, line 1363 - Defines server classes and related functions.
Class
- LdapServer
- LDAP Server Class.
Code
public function userUserNameToExistingLdapEntry($drupal_user_name, $ldap_context = NULL) {
$watchdog_tokens = [
'%drupal_user_name' => $drupal_user_name,
];
$ldap_username = $this
->userUsernameToLdapNameTransform($drupal_user_name, $watchdog_tokens);
if (!$ldap_username) {
return FALSE;
}
if (!$ldap_context) {
$attributes = [];
}
else {
$attribute_maps = ldap_servers_attributes_needed($this->sid, $ldap_context);
$attributes = array_keys($attribute_maps);
}
foreach ($this->basedn as $basedn) {
if (empty($basedn)) {
continue;
}
$filter = '(' . $this->user_attr . '=' . ldap_server_massage_text($ldap_username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ')';
$result = $this
->search($basedn, $filter, $attributes);
if (!$result || !isset($result['count']) || !$result['count']) {
continue;
}
// Must find exactly one user for authentication to work.
if ($result['count'] != 1) {
$count = $result['count'];
watchdog('ldap_servers', "Error: !count users found with {$filter} under {$basedn}.", [
'!count' => $count,
], WATCHDOG_ERROR);
continue;
}
$match = $result[0];
// These lines serve to fix the attribute name in case a
// naughty server (i.e.: MS Active Directory) is messing the
// characters' case.
// This was contributed by Dan "Gribnif" Wilga, and described
// here: http://drupal.org/node/87833
$name_attr = $this->user_attr;
if (isset($match[$name_attr][0])) {
// Leave name.
}
elseif (isset($match[drupal_strtolower($name_attr)][0])) {
$name_attr = drupal_strtolower($name_attr);
}
else {
if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
$result = [
'dn' => $match['dn'],
'mail' => $this
->userEmailFromLdapEntry($match),
'attr' => $match,
'sid' => $this->sid,
];
return $result;
}
else {
continue;
}
}
// Finally, we must filter out results with spaces added before
// or after, which are considered OK by LDAP but are no good for us
// We allow lettercase independence, as requested by Marc Galera
// on http://drupal.org/node/97728
//
// Some setups have multiple $name_attr per entry, as pointed out by
// Clarence "sparr" Risher on http://drupal.org/node/102008, so we
// loop through all possible options.
foreach ($match[$name_attr] as $value) {
if (drupal_strtolower(trim($value)) == drupal_strtolower($ldap_username)) {
$result = [
'dn' => $match['dn'],
'mail' => $this
->userEmailFromLdapEntry($match),
'attr' => $match,
'sid' => $this->sid,
];
return $result;
}
}
}
}