You are here

class LDAPInterface in LDAP integration 6

Same name and namespace in other branches
  1. 5.2 ldap_integration/LDAPInterface.php \LDAPInterface
  2. 5 ldap_integration/LDAPInterface.php \LDAPInterface

@file LDAPInterface class definition.

Hierarchy

Expanded class hierarchy of LDAPInterface

6 string references to 'LDAPInterface'
LDAPInterface::bind in includes/LDAPInterface.inc
LDAPInterface::create_entry in includes/LDAPInterface.inc
LDAPInterface::delete_entry in includes/LDAPInterface.inc
LDAPInterface::rename_entry in includes/LDAPInterface.inc
LDAPInterface::retrieveAttributes in includes/LDAPInterface.inc
Retrieve all or some of the attributes for the ldap dn.

... See full list

File

includes/LDAPInterface.inc, line 8
LDAPInterface class definition.

View source
class LDAPInterface {
  function LDAPInterface() {
    $this->connection = NULL;

    //http://drupal.org/node/158671
    $this->server = NULL;
    $this->port = "389";
    $this->secretKey = NULL;
    $this->tls = FALSE;
    $this->attr_filter = array(
      'LDAPInterface',
      '__empty_attr_filter',
    );
  }
  var $connection;
  var $server;
  var $port;
  var $tls;
  var $attr_filter;
  var $sid;

  // This should be static, but that's not supported in PHP4
  function __empty_attr_filter($sid, $x) {
    return $x;
  }
  function setOption($option, $value) {
    switch ($option) {
      case 'sid':
        $this->sid = $value;
        break;
      case 'name':
        $this->name = $value;
        break;
      case 'machine_name':
        $this->machine_name = $value;
        break;
      case 'server':
        $this->server = $value;
        break;
      case 'port':
        $this->port = $value;
        break;
      case 'tls':
        $this->tls = $value;
        break;
      case 'enc_type':
        $this->enc_type = $value;
        break;
      case 'user_attr':
        $this->user_attr = $value;
        break;
      case 'attr_filter':
        $this->attr_filter = $value;
        break;
      case 'basedn':
        $this->basedn = $value;
        break;
      case 'mail_attr':
        $this->mail_attr = $value;
        break;
      case 'puid_attr':
        $this->puid_attr = $value;
        break;
      case 'binary_puid':
        $this->binary_puid = $value;
        break;
      case 'binddn':
        $this->binddn = $value;
        break;
      case 'bindpw':
        $this->bindpw = $value;
        break;
    }
  }
  function getOption($option) {
    $ret = '';
    switch ($option) {
      case 'sid':
        $ret = $this->sid;
        break;
      case 'version':
        $ret = -1;
        ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $ret);
        break;
      case 'name':
        $ret = $this->name;
        break;
      case 'machine_name':
        $ret = $this->machine_name;
        break;
      case 'port':
        $ret = $this->port;
        break;
      case 'tls':
        $ret = $this->tls;
        break;
      case 'enc_type':
        $ret = $this->enc_type;
        break;
      case 'user_attr':
        $ret = isset($this->user_attr) ? $this->user_attr : NULL;
        break;
      case 'attr_filter':
        $ret = isset($this->attr_filter) ? $this->attr_filter : NULL;
        break;
      case 'basedn':
        $ret = isset($this->basedn) ? $this->basedn : NULL;
        break;
      case 'mail_attr':
        $ret = isset($this->mail_attr) ? $this->mail_attr : NULL;
        break;
      case 'puid_attr':
        $ret = isset($this->puid_attr) ? $this->puid_attr : NULL;
        break;
      case 'binary_puid':
        $ret = isset($this->binary_puid) ? $this->binary_puid : NULL;
        break;
      case 'binddn':
        $ret = isset($this->binddn) ? $this->binddn : NULL;
        break;
      case 'bindpw':
        $ret = isset($this->bindpw) ? $this->bindpw : NULL;
        break;
    }
    return $ret;
  }
  function connect($dn = '', $pass = '') {
    $ret = FALSE;

    // http://drupal.org/node/164049
    // If a connection already exists, it should be terminated
    $this
      ->disconnect();
    if ($this
      ->connectAndBind($dn, $pass)) {
      $ret = TRUE;
    }
    return $ret;
  }
  function initConnection() {
    if (!($this->connection = ldap_connect($this->server, $this->port))) {
      watchdog('ldap', 'LDAP Connect failure to @server:@port', array(
        '@server' => $this->server,
        '@port' => $this->port,
      ), WATCHDOG_ERROR);
      return;
    }
    ldap_set_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($this->connection, LDAP_OPT_REFERRALS, 0);

    // TLS encryption contributed by sfrancis@drupal.org
    if ($this->tls) {
      ldap_get_option($this->connection, LDAP_OPT_PROTOCOL_VERSION, $vers);
      if ($vers == -1) {
        watchdog('ldap', 'Could not get LDAP protocol version.', array(), WATCHDOG_ERROR);
        return;
      }
      if ($vers != 3) {
        watchdog('ldap', 'Could not start TLS, only supported by LDAP v3.', array(), WATCHDOG_ERROR);
        return;
      }
      elseif (!function_exists('ldap_start_tls')) {
        watchdog('ldap', 'Could not start TLS. It does not seem to be supported by this PHP setup.', array(), WATCHDOG_ERROR);
        return;
      }
      elseif (!ldap_start_tls($this->connection)) {
        watchdog('ldap', 'Could not start TLS. (Error %errno: %error).', array(
          '%errno' => ldap_errno($this->connection),
          '%error' => ldap_error($this->connection),
        ), WATCHDOG_ERROR);
        return;
      }
    }
  }
  function connectAndBind($dn = '', $pass = '') {
    $this
      ->initConnection();
    if ($this->connection) {
      if (!$this
        ->bind($dn, $pass)) {
        watchdog('ldap', 'LDAP Bind failure for user %user. Error %errno: %error', array(
          '%user' => $dn,
          '%errno' => ldap_errno($this->connection),
          '%error' => ldap_error($this->connection),
        ));
        return NULL;
      }
      return $this->connection;
    }
    else {
      return $false;
    }
  }
  function bind($dn, $pass) {
    ob_start();
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $ret = ldap_bind($this->connection, $dn, $pass);
    restore_error_handler();
    ob_end_clean();
    return $ret;
  }
  function disconnect() {
    if ($this->connection) {
      ldap_unbind($this->connection);
      $this->connection = NULL;
    }
  }
  function search($base_dn, $filter, $attributes = array()) {
    $ret = array();

    // For the AD the '\,' should be replaced by the '\\,' in the search filter.
    $filter = preg_replace('/\\\\,/', '\\\\\\,', $filter);
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $x = @ldap_search($this->connection, $base_dn, $filter, $attributes);
    restore_error_handler();
    if ($x && ldap_count_entries($this->connection, $x)) {
      $ret = ldap_get_entries($this->connection, $x);
    }
    return $ret;
  }

  /**
   * Retrieve all or some of the attributes for the ldap dn.
   *
   * WARNING! WARNING! WARNING!
   * This function returns its entries with lowercase attribute names.
   * Don't blame me, blame PHP's own ldap_get_entries()
   *
   * @param String $dn Required - The full dn to the object
   * @param Array  $attributes Optional - an array of specific attributes to
   *               retrieve.  See ldap_read.
   */
  function retrieveAttributes($dn, $attributes = array()) {
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $result = ldap_read($this->connection, $dn, 'objectClass=*', $attributes);
    $entries = ldap_get_entries($this->connection, $result);
    restore_error_handler();
    return call_user_func($this->attr_filter, $this->sid, $entries[0]);
  }
  function retrieveAttribute($dn, $attrname) {
    $entries = $this
      ->retrieveAttributes($dn, array(
      $attrname,
    ));
    return isset($entries[strtolower($attrname)]) ? $entries[strtolower($attrname)][0] : NULL;
  }
  function retrieveMultiAttribute($dn, $attrname) {
    $entries = $this
      ->retrieveAttributes($dn);
    $result = array();
    $retrieved = $entries[strtolower($attrname)];
    $retrieved = $retrieved ? $retrieved : array();
    foreach ($retrieved as $key => $value) {
      if ($key !== 'count') {
        $result[] = $value;
      }
    }
    return $result;
  }
  function writeAttributes($dn, $attributes) {
    foreach ($attributes as $key => $cur_val) {
      if ($cur_val == '') {
        unset($attributes[$key]);
        $old_value = $this
          ->retrieveAttribute($dn, $key);
        if (isset($old_value)) {
          ldap_mod_del($this->connection, $dn, array(
            $key => $old_value,
          ));
        }
      }

      //Encodes password for use in Active Directory // http://drupal.org/node/339821
      if ($key == "unicodePwd") {
        $cur_val = "\"" . $cur_val . "\"";
        $attributes[$key] = mb_convert_encoding($cur_val, "UTF-16LE");
      }
      if (is_array($cur_val)) {
        foreach ($cur_val as $mv_key => $mv_cur_val) {
          if ($mv_cur_val == '') {
            unset($attributes[$key][$mv_key]);
          }
          else {
            $attributes[$key][$mv_key] = $mv_cur_val;
          }
        }
      }
    }
    return ldap_modify($this->connection, $dn, $attributes);
  }
  function create_entry($dn, $attributes) {
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $ret = ldap_add($this->connection, $dn, $attributes);
    restore_error_handler();
    return $ret;
  }
  function rename_entry($dn, $newrdn, $newparent, $deleteoldrdn) {
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $ret = ldap_rename($this->connection, $dn, $newrdn, $newparent, $deleteoldrdn);
    restore_error_handler();
    return $ret;
  }
  function delete_entry($dn) {
    set_error_handler(array(
      'LDAPInterface',
      'void_error_handler',
    ));
    $ret = ldap_delete($this->connection, $dn);
    restore_error_handler();
    return $ret;
  }

  // This function is used by other modules to delete attributes once they are
  // moved to profiles cause ldap_mod_del does not delete facsimileTelephoneNumber if
  // attribute value to delete is passed to the function.
  // OpenLDAP as per RFC 2252 doesn't have equality matching for facsimileTelephoneNumber
  // http://bugs.php.net/bug.php?id=7168
  function deleteAttribute($dn, $attribute) {
    ldap_mod_del($this->connection, $dn, array(
      $attribute => array(),
    ));
  }

  // This should be static, but that's not supported in PHP4
  // Made it static and introduced a requirenment of php version 5.0.
  static function void_error_handler($num, $str, $file, $line, $context) {

    // Do nothing
  }

}

Members