You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 7 » LdapServer.class.php » LdapServer

function LdapServer::user_lookup in Lightweight Directory Access Protocol (LDAP) 7

Same name and namespace in other branches
  1. 8.2 ldap_servers/LdapServer.class.php \LdapServer::user_lookup()
  2. 7.2 ldap_servers/LdapServer.class.php \LdapServer::user_lookup()

Queries LDAP server for the user.

Parameters

$drupal_user_name: drupal user name.

Return value

An array with users LDAP data or NULL if not found.

File

ldap_servers/LdapServer.class.php, line 563
Defines server classes and related functions.

Class

LdapServer
LDAP Server Class

Code

function user_lookup($drupal_user_name) {
  $watchdog_tokens = array(
    '%drupal_user_name' => $drupal_user_name,
  );
  $ldap_username = $this
    ->drupalToLdapNameTransform($drupal_user_name, $watchdog_tokens);
  if (!$ldap_username) {
    return FALSE;
  }
  foreach ($this->basedn as $basedn) {
    if (empty($basedn)) {
      continue;
    }
    $filter = '(' . $this->user_attr . '=' . ldap_server_massage_text($ldap_username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP) . ')';
    $result = $this
      ->search($basedn, $filter);
    if (!$result || !isset($result['count']) || !$result['count']) {
      continue;
    }

    // Must find exactly one user for authentication to work.
    if ($result['count'] != 1) {
      $count = $result['count'];
      watchdog('ldap_servers', "Error: !count users found with {$filter} under {$basedn}.", array(
        '!count' => $count,
      ), WATCHDOG_ERROR);
      continue;
    }
    $match = $result[0];

    // These lines serve to fix the attribute name in case a
    // naughty server (i.e.: MS Active Directory) is messing the
    // characters' case.
    // This was contributed by Dan "Gribnif" Wilga, and described
    // here: http://drupal.org/node/87833
    $name_attr = $this->user_attr;
    if (isset($match[$name_attr][0])) {
    }
    elseif (isset($match[drupal_strtolower($name_attr)][0])) {
      $name_attr = drupal_strtolower($name_attr);
    }
    else {
      if ($this->bind_method == LDAP_SERVERS_BIND_METHOD_ANON_USER) {
        $result = array(
          'dn' => $match['dn'],
          'mail' => $this
            ->deriveEmailFromEntry($match),
          'attr' => $match,
        );
        return $result;
      }
      else {
        continue;
      }
    }

    // Finally, we must filter out results with spaces added before
    // or after, which are considered OK by LDAP but are no good for us
    // We allow lettercase independence, as requested by Marc Galera
    // on http://drupal.org/node/97728
    //
    // Some setups have multiple $name_attr per entry, as pointed out by
    // Clarence "sparr" Risher on http://drupal.org/node/102008, so we
    // loop through all possible options.
    foreach ($match[$name_attr] as $value) {
      if (drupal_strtolower(trim($value)) == drupal_strtolower($ldap_username)) {
        $result = array(
          'dn' => $match['dn'],
          'mail' => $this
            ->deriveEmailFromEntry($match),
          'attr' => $match,
        );
        return $result;
      }
    }
  }
}