You are here

Home » API reference » Lightweight Directory Access Protocol (LDAP) 8.4 » LdapGroupManager.php » LdapGroupManager

public function LdapGroupManager::groupUserMembershipsFromEntry in Lightweight Directory Access Protocol (LDAP) 8.4

Get list of all groups that a user is a member of by querying groups.

Parameters

\Symfony\Component\Ldap\Entry $ldap_entry: LDAP entry.

Return value

array Array of group dns in mixed case.

See also

groupMembershipsFromUser()

1 call to LdapGroupManager::groupUserMembershipsFromEntry()
LdapGroupManager::groupMembershipsFromUser in ldap_servers/src/LdapGroupManager.php
Get list of all groups that a user is a member of.

File

ldap_servers/src/LdapGroupManager.php, line 554

Class

LdapGroupManager
LDAP Group Manager.

Namespace

Drupal\ldap_servers

Code

public function groupUserMembershipsFromEntry(Entry $ldap_entry) : array {

  // MIXED CASE VALUES.
  $all_group_dns = [];
  if (!$this
    ->checkAvailability() || !$this
    ->groupGroupEntryMembershipsConfigured()) {
    return $all_group_dns;
  }

  // Array of dns already tested to avoid excess queries MIXED CASE VALUES.
  $tested_group_ids = [];
  $level = 0;
  if ($this->server
    ->get('grp_memb_attr_match_user_attr') === 'dn') {
    $member_value = $ldap_entry
      ->getDn();
  }
  else {
    $member_value = $ldap_entry
      ->getAttribute($this->server
      ->get('grp_memb_attr_match_user_attr'), FALSE)[0];
  }

  // Need to search on all basedns one at a time.
  foreach ($this->server
    ->getBaseDn() as $baseDn) {

    // Only need dn, so empty array forces return of no attributes.
    // @todo See if this syntax is correct.
    // It should return a valid DN with n attributes.
    try {
      $group_query = sprintf('(&(objectClass=%s)(%s=%s))', $this->server
        ->get('grp_object_cat'), $this->server
        ->get('grp_memb_attr'), $member_value);
      $ldap_result = $this->ldap
        ->query($baseDn, $group_query, [
        'filter' => [],
      ])
        ->execute();
    } catch (LdapException $e) {
      $this->logger
        ->critical('LDAP search error with %message', [
        '%message' => $e
          ->getMessage(),
      ]);
      continue;
    }
    if ($ldap_result
      ->count() > 0) {
      $maxLevels = $this->server
        ->get('grp_nested') ? self::LDAP_QUERY_RECURSION_LIMIT : 0;
      $this
        ->groupMembershipsFromEntryRecursive($ldap_result, $all_group_dns, $tested_group_ids, $level, $maxLevels);
    }
  }
  return $all_group_dns;
}