public function Server::groupMembersRecursive in Lightweight Directory Access Protocol (LDAP) 8.3
Recurse through all child groups and add members.
Parameters
array $group_dn_entries: Entries of LDAP group entries that are starting point. Should include at least 1 entry and must include 'objectclass'.
array $all_member_dns: All member DN as an array of all groups the user is a member of. Mixed case values.
array $tested_group_dns: Tested group IDs as an array array of tested group dn, cn, uid, etc. Mixed case values. Whether these value are dn, cn, uid, etc depends on what attribute members, uniquemember, memberUid contains whatever attribute is in $this->$tested_group_ids to avoid redundant recursion.
int $level: Current level of recursion.
int $max_levels: Maximum number of recursion levels allowed.
bool|array $object_classes: You can set the object class evaluated for recursion here, otherwise derived from group configuration.
Return value
bool If operation was successful.
1 call to Server::groupMembersRecursive()
- Server::groupAllMembers in ldap_servers/
src/ Entity/ Server.php - Get all members of a group.
File
- ldap_servers/
src/ Entity/ Server.php, line 1278
Class
- Server
- Defines the Server entity.
Namespace
Drupal\ldap_servers\EntityCode
public function groupMembersRecursive(array $group_dn_entries, array &$all_member_dns, array $tested_group_dns, $level, $max_levels, $object_classes = FALSE) {
if (!$this
->groupGroupEntryMembershipsConfigured() || !is_array($group_dn_entries)) {
return FALSE;
}
if (isset($group_dn_entries['count'])) {
unset($group_dn_entries['count']);
}
foreach ($group_dn_entries as $member_entry) {
// 1. Add entry itself if of the correct type to $all_member_dns.
$object_class_match = !$object_classes || count(array_intersect(array_values($member_entry['objectclass']), $object_classes)) > 0;
$object_is_group = in_array($this
->groupObjectClass(), array_map('strtolower', array_values($member_entry['objectclass'])));
// Add member.
if ($object_class_match && !in_array($member_entry['dn'], $all_member_dns)) {
$all_member_dns[] = $member_entry['dn'];
}
// 2. If its a group, keep recurse the group for descendants.
if ($object_is_group && $level < $max_levels) {
if ($this
->groupMembershipsAttrMatchingUserAttr() == 'dn') {
$group_id = $member_entry['dn'];
}
else {
$group_id = $member_entry[$this
->groupMembershipsAttrMatchingUserAttr()][0];
}
// 3. skip any groups that have already been tested.
if (!in_array($group_id, $tested_group_dns)) {
$tested_group_dns[] = $group_id;
$member_ids = $member_entry[$this
->groupMembershipsAttr()];
if (isset($member_ids['count'])) {
unset($member_ids['count']);
}
if (count($member_ids)) {
// Example 1: (|(cn=group1)(cn=group2))
// Example 2: (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
$query_for_child_members = '(|(' . implode(")(", $member_ids) . '))';
// Add or on object classes, otherwise get all object classes.
if ($object_classes && count($object_classes)) {
$object_classes_ors = [
'(objectClass=' . $this
->groupObjectClass() . ')',
];
foreach ($object_classes as $object_class) {
$object_classes_ors[] = '(objectClass=' . $object_class . ')';
}
$query_for_child_members = '&(|' . implode($object_classes_ors) . ')(' . $query_for_child_members . ')';
}
$return_attributes = [
'objectclass',
$this
->groupMembershipsAttr(),
$this
->groupMembershipsAttrMatchingUserAttr(),
];
$child_member_entries = $this
->searchAllBaseDns($query_for_child_members, $return_attributes);
if ($child_member_entries !== FALSE) {
$this
->groupMembersRecursive($child_member_entries, $all_member_dns, $tested_group_dns, $level + 1, $max_levels, $object_classes);
}
}
}
}
}
}