You are here

private function LdapGroupManager::getNestedGroupDnFilters in Lightweight Directory Access Protocol (LDAP) 8.4

Search within the nested groups for further filters.

Parameters

array $all_group_dns: Currently set groups.

array $or_filters: Filters before diving deeper.

int $level: Last relevant nesting level.

Return value

array Nested group filters.

1 call to LdapGroupManager::getNestedGroupDnFilters()
LdapGroupManager::groupUserMembershipsFromUserAttr in ldap_servers/src/LdapGroupManager.php
Get list of groups that a user is a member of using the memberOf attribute.

File

ldap_servers/src/LdapGroupManager.php, line 51

Class

LdapGroupManager
LDAP Group Manager.

Namespace

Drupal\ldap_servers

Code

private function getNestedGroupDnFilters(array $all_group_dns, array $or_filters, int $level) : array {

  // Example 1: (|(cn=group1)(cn=group2))
  // Example 2: (|(dn=cn=group1,ou=blah...)(dn=cn=group2,ou=blah...))
  $or_filter = sprintf('(|(%s))', implode(')(', $or_filters));
  $query_for_parent_groups = sprintf('(&(objectClass=%s)%s)', $this->server
    ->get('grp_object_cat'), $or_filter);

  // Need to search on all base DN one at a time.
  foreach ($this->server
    ->getBaseDn() as $base_dn) {

    // No attributes, just dns needed.
    try {
      $ldap_result = $this->ldap
        ->query($base_dn, $query_for_parent_groups, [
        'filter' => [],
      ])
        ->execute();
    } catch (LdapException $e) {
      $this->logger
        ->critical('LDAP search error with %message', [
        '%message' => $e
          ->getMessage(),
      ]);
      continue;
    }
    if ($level < self::LDAP_QUERY_RECURSION_LIMIT && $ldap_result
      ->count() > 0) {
      $tested_group_ids = [];
      $this
        ->groupMembershipsFromEntryRecursive($ldap_result, $all_group_dns, $tested_group_ids, $level + 1, self::LDAP_QUERY_RECURSION_LIMIT);
    }
  }
  return $all_group_dns;
}