You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.3 » Server.php » Server

private function Server::groupMembershipsFromEntryRecursive in Lightweight Directory Access Protocol (LDAP) 8.3

Recurse through all groups, adding parent groups to $all_group_dns array.

@TODO: See if we can do this with groupAllMembers().

Parameters

array $currentGroupEntries: Entries of LDAP groups, which are that are starting point. Should include at least one entry.

array $allGroupDns: An array of all groups the user is a member of in mixed-case.

array $testedGroupIds: An array of tested group DN, CN, UID, etc. in mixed-case. Whether these value are DN, CN, UID, etc. depends on what attribute members, uniquemember, or memberUid contains whatever attribute in $this->$tested_group_ids to avoid redundant recursion.

int $level: Levels of recursion.

int $maxLevels: Maximum levels of recursion allowed.

Return value

bool False for error or misconfiguration, otherwise TRUE. Results are passed by reference.

2 calls to Server::groupMembershipsFromEntryRecursive()
Server::getNestedGroupDnFilters in ldap_servers/src/Entity/Server.php
Search within the nested groups for further filters.
Server::groupUserMembershipsFromEntry in ldap_servers/src/Entity/Server.php
Get list of all groups that a user is a member of by querying groups.

File

ldap_servers/src/Entity/Server.php, line 1502

Class

Server
Defines the Server entity.

Namespace

Drupal\ldap_servers\Entity

Code

private function groupMembershipsFromEntryRecursive(array $currentGroupEntries, array &$allGroupDns, array &$testedGroupIds, $level, $maxLevels) {
  if (!$this
    ->groupGroupEntryMembershipsConfigured() || !is_array($currentGroupEntries) || count($currentGroupEntries) == 0) {
    return FALSE;
  }
  if (isset($currentGroupEntries['count'])) {
    unset($currentGroupEntries['count']);
  }
  $orFilters = [];
  foreach ($currentGroupEntries as $key => $groupEntry) {
    if ($this
      ->groupMembershipsAttrMatchingUserAttr() == 'dn') {
      $memberId = $groupEntry['dn'];
    }
    else {
      $memberId = $this
        ->getFirstRdnValueFromDn($groupEntry['dn'], $this
        ->groupMembershipsAttrMatchingUserAttr());
    }
    if ($memberId && !in_array($memberId, $testedGroupIds)) {
      $testedGroupIds[] = $memberId;
      $allGroupDns[] = $groupEntry['dn'];

      // Add $group_id (dn, cn, uid) to query.
      $orFilters[] = $this
        ->groupMembershipsAttr() . '=' . self::ldapEscape($memberId);
    }
  }
  if (count($orFilters)) {

    // Only 50 or so per query.
    for ($key = 0; $key < count($orFilters); $key = $key + self::LDAP_SERVER_LDAP_QUERY_CHUNK) {
      $currentOrFilters = array_slice($orFilters, $key, self::LDAP_SERVER_LDAP_QUERY_CHUNK);

      // Example 1: (|(cn=group1)(cn=group2))
      // Example 2: (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
      $or = '(|(' . implode(")(", $currentOrFilters) . '))';
      $queryForParentGroups = '(&(objectClass=' . $this
        ->groupObjectClass() . ')' . $or . ')';

      // Need to search on all basedns one at a time.
      foreach ($this
        ->getBaseDn() as $baseDn) {

        // No attributes, just dns needed.
        $group_entries = $this
          ->search($baseDn, $queryForParentGroups);
        if ($group_entries !== FALSE && $level < $maxLevels) {

          // @TODO: Verify recursion with true return.
          $this
            ->groupMembershipsFromEntryRecursive($group_entries, $allGroupDns, $testedGroupIds, $level + 1, $maxLevels);
        }
      }
    }
  }
  return TRUE;
}