function _ldapgroups_detect_groups in LDAP integration 5
Same name and namespace in other branches
- 5.2 ldapgroups.module \_ldapgroups_detect_groups()
- 6 ldapgroups.inc \_ldapgroups_detect_groups()
1 call to _ldapgroups_detect_groups()
File
- ./
ldapgroups.module, line 311
Code
function _ldapgroups_detect_groups($user) {
global $ldapgroups_ldap;
// Nothing to do if the user is not LDAP authentified
// or there are no groups configured
$row = db_fetch_object(db_query("SELECT ldap_groups_in_dn, ldap_groups_in_attr, ldap_groups_as_entries, ldap_group_dn_attribute, ldap_group_attr, ldap_group_entries, ldap_group_entries_attribute FROM {ldapauth} WHERE name = '%s'", $ldapgroups_ldap
->getOption('name')));
$groups_in_dn = $row->ldap_groups_in_dn;
$groups_in_attr = $row->ldap_groups_in_attr;
$groups_as_entries = $row->ldap_groups_as_entries;
$group_dn_attribute = $row->ldap_group_dn_attribute ? $row->ldap_group_dn_attribute : LDAP_DEFAULT_GROUP_DN_ATTRIBUTE;
$group_attr = $row->ldap_group_attr;
$group_entries = $row->ldap_group_entries ? $row->ldap_group_entries : '';
if (!($groups_in_dn || $groups_in_attr || $groups_as_entries)) {
return false;
}
// first try to connect with the stored user's DN and password
// If unsuccessful, connect with the BINDDN and BINDPW stored in the database for this config
$dn = isset($_SESSION['ldap_login']['dn']) ? $_SESSION['ldap_login']['dn'] : '';
$pass = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : '';
if (!$ldapgroups_ldap
->connect($dn, $pass)) {
$row2 = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE name = '%s'", $ldapgroups_ldap
->getOption('name')));
$dn = $row2->binddn;
$pass = $row2->bindpw;
if (!$ldapgroups_ldap
->connect($dn, $pass)) {
watchdog('user', "User login: user {$user->name}'s data could not be read in the LDAP directory", WATCHDOG_WARNING);
return false;
}
}
// Strategy 1: group extracted from user's DN
$dn_groups = array();
if ($groups_in_dn && ($dn_group_attr = $group_dn_attribute)) {
$pairs = explode(',', $user->ldap_dn);
foreach ($pairs as $p) {
$pair = explode('=', $p);
if (strtoupper(trim($pair[0])) == strtoupper($dn_group_attr)) {
$dn_groups[] = trim($pair[1]);
}
}
}
// Strategy 2: groups in user attributes
$attrib_groups = array();
if ($groups_in_attr && ($attributes = $group_attr)) {
$attributes_array = explode("\r\n", $attributes);
foreach ($attributes_array as $attribute) {
$tmp = $ldapgroups_ldap
->retrieveMultiAttribute($user->ldap_dn, $attribute);
$attrib_groups = array_merge($attrib_groups, $tmp);
}
}
// Strategy 3: groups as entries
$entries_groups = array();
if ($groups_as_entries && ($branches = $group_entries)) {
$branches_array = explode("\r\n", $branches);
$group_attr = $row->ldap_group_entries_attribute ? $row->ldap_group_entries_attribute : LDAP_DEFAULT_GROUP_ENTRIES_ATTRIBUTE;
foreach ($branches_array as $branch) {
$entries = $ldapgroups_ldap
->search($branch, "{$group_attr}={$user->ldap_dn}", array(
$group_attr,
));
if ($entries['count'] == 0) {
$entries = $ldapgroups_ldap
->search($branch, "{$group_attr}={$user->name}", array(
$group_attr,
));
}
foreach ($entries as $entry) {
if (isset($entry['dn'])) {
$entries_groups[] = $entry['dn'];
}
}
}
}
$ldapgroups_ldap
->disconnect();
return array_merge($dn_groups, $attrib_groups, $entries_groups);
}