private function Server::groupMembershipsFromEntryRecursive in Lightweight Directory Access Protocol (LDAP) 8.3
Recurse through all groups, adding parent groups to $all_group_dns array.
@TODO: See if we can do this with groupAllMembers().
Parameters
array $currentGroupEntries: Entries of LDAP groups, which are that are starting point. Should include at least one entry.
array $allGroupDns: An array of all groups the user is a member of in mixed-case.
array $testedGroupIds: An array of tested group DN, CN, UID, etc. in mixed-case. Whether these value are DN, CN, UID, etc. depends on what attribute members, uniquemember, or memberUid contains whatever attribute in $this->$tested_group_ids to avoid redundant recursion.
int $level: Levels of recursion.
int $maxLevels: Maximum levels of recursion allowed.
Return value
bool False for error or misconfiguration, otherwise TRUE. Results are passed by reference.
2 calls to Server::groupMembershipsFromEntryRecursive()
- Server::getNestedGroupDnFilters in ldap_servers/
src/ Entity/ Server.php - Search within the nested groups for further filters.
- Server::groupUserMembershipsFromEntry in ldap_servers/
src/ Entity/ Server.php - Get list of all groups that a user is a member of by querying groups.
File
- ldap_servers/
src/ Entity/ Server.php, line 1502
Class
- Server
- Defines the Server entity.
Namespace
Drupal\ldap_servers\EntityCode
private function groupMembershipsFromEntryRecursive(array $currentGroupEntries, array &$allGroupDns, array &$testedGroupIds, $level, $maxLevels) {
if (!$this
->groupGroupEntryMembershipsConfigured() || !is_array($currentGroupEntries) || count($currentGroupEntries) == 0) {
return FALSE;
}
if (isset($currentGroupEntries['count'])) {
unset($currentGroupEntries['count']);
}
$orFilters = [];
foreach ($currentGroupEntries as $key => $groupEntry) {
if ($this
->groupMembershipsAttrMatchingUserAttr() == 'dn') {
$memberId = $groupEntry['dn'];
}
else {
$memberId = $this
->getFirstRdnValueFromDn($groupEntry['dn'], $this
->groupMembershipsAttrMatchingUserAttr());
}
if ($memberId && !in_array($memberId, $testedGroupIds)) {
$testedGroupIds[] = $memberId;
$allGroupDns[] = $groupEntry['dn'];
// Add $group_id (dn, cn, uid) to query.
$orFilters[] = $this
->groupMembershipsAttr() . '=' . self::ldapEscape($memberId);
}
}
if (count($orFilters)) {
// Only 50 or so per query.
for ($key = 0; $key < count($orFilters); $key = $key + self::LDAP_SERVER_LDAP_QUERY_CHUNK) {
$currentOrFilters = array_slice($orFilters, $key, self::LDAP_SERVER_LDAP_QUERY_CHUNK);
// Example 1: (|(cn=group1)(cn=group2))
// Example 2: (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
$or = '(|(' . implode(")(", $currentOrFilters) . '))';
$queryForParentGroups = '(&(objectClass=' . $this
->groupObjectClass() . ')' . $or . ')';
// Need to search on all basedns one at a time.
foreach ($this
->getBaseDn() as $baseDn) {
// No attributes, just dns needed.
$group_entries = $this
->search($baseDn, $queryForParentGroups);
if ($group_entries !== FALSE && $level < $maxLevels) {
// @TODO: Verify recursion with true return.
$this
->groupMembershipsFromEntryRecursive($group_entries, $allGroupDns, $testedGroupIds, $level + 1, $maxLevels);
}
}
}
}
return TRUE;
}