Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Annotate
Revision Log

Ldap.php @ 4445

Revision 4445, 51.3 KB checked in by airton, 13 years ago (diff)
Ticket #1908 - Implementacao de melhorias na conta compartilhada - Adicao de arquivos e bibliotecas necessarias
Property svn:executable set to ``*

Line
1	<?php
2
3	/**
4	* Zend Framework
5	*
6	* LICENSE
7	*
8	* This source file is subject to the new BSD license that is bundled
9	* with this package in the file LICENSE.txt.
10	* It is also available through the world-wide-web at this URL:
11	* http://framework.zend.com/license/new-bsd
12	* If you did not receive a copy of the license and are unable to
13	* obtain it through the world-wide-web, please send an email
14	* to license@zend.com so we can send you a copy immediately.
15	*
16	* @category Zend
17	* @package Zend_Ldap
18	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
19	* @license http://framework.zend.com/license/new-bsd New BSD License
20	* @version $Id: Ldap.php 23486 2010-12-10 04:05:30Z mjh_ca $
21	*/
22
23	/**
24	* @category Zend
25	* @package Zend_Ldap
26	* @copyright Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
27	* @license http://framework.zend.com/license/new-bsd New BSD License
28	*/
29	class Zend_Ldap
30	{
31	const SEARCH_SCOPE_SUB = 1;
32	const SEARCH_SCOPE_ONE = 2;
33	const SEARCH_SCOPE_BASE = 3;
34
35	const ACCTNAME_FORM_DN = 1;
36	const ACCTNAME_FORM_USERNAME = 2;
37	const ACCTNAME_FORM_BACKSLASH = 3;
38	const ACCTNAME_FORM_PRINCIPAL = 4;
39
40	/**
41	* String used with ldap_connect for error handling purposes.
42	*
43	* @var string
44	*/
45	private $_connectString;
46
47	/**
48	* The options used in connecting, binding, etc.
49	*
50	* @var array
51	*/
52	protected $_options = null;
53
54	/**
55	* The raw LDAP extension resource.
56	*
57	* @var resource
58	*/
59	protected $_resource = null;
60
61	/**
62	* FALSE if no user is bound to the LDAP resource
63	* NULL if there has been an anonymous bind
64	* username of the currently bound user
65	*
66	* @var boolean\|null\|string
67	*/
68	protected $_boundUser = false;
69
70	/**
71	* Caches the RootDSE
72	*
73	* @var Zend_Ldap_Node
74	*/
75	protected $_rootDse = null;
76
77	/**
78	* Caches the schema
79	*
80	* @var Zend_Ldap_Node
81	*/
82	protected $_schema = null;
83
84	/**
85	* @deprecated will be removed, use {@see Zend_Ldap_Filter_Abstract::escapeValue()}
86	* @param string $str The string to escape.
87	* @return string The escaped string
88	*/
89	public static function filterEscape($str)
90	{
91	/**
92	* @see Zend_Ldap_Filter_Abstract
93	*/
94	require_once 'Zend/Ldap/Filter/Abstract.php';
95	return Zend_Ldap_Filter_Abstract::escapeValue($str);
96	}
97
98	/**
99	* @deprecated will be removed, use {@see Zend_Ldap_Dn::checkDn()}
100	* @param string $dn The DN to parse
101	* @param array $keys An optional array to receive DN keys (e.g. CN, OU, DC, ...)
102	* @param array $vals An optional array to receive DN values
103	* @return boolean True if the DN was successfully parsed or false if the string is
104	* not a valid DN.
105	*/
106	public static function explodeDn($dn, array &$keys = null, array &$vals = null)
107	{
108	/**
109	* @see Zend_Ldap_Dn
110	*/
111	require_once 'Zend/Ldap/Dn.php';
112	return Zend_Ldap_Dn::checkDn($dn, $keys, $vals);
113	}
114
115	/**
116	* Constructor.
117	*
118	* @param array\|Zend_Config $options Options used in connecting, binding, etc.
119	* @return void
120	* @throws Zend_Ldap_Exception if ext/ldap is not installed
121	*/
122	public function __construct($options = array())
123	{
124	if (!extension_loaded('ldap')) {
125	/**
126	* @see Zend_Ldap_Exception
127	*/
128	require_once 'Zend/Ldap/Exception.php';
129	throw new Zend_Ldap_Exception(null, 'LDAP extension not loaded',
130	Zend_Ldap_Exception::LDAP_X_EXTENSION_NOT_LOADED);
131	}
132	$this->setOptions($options);
133	}
134
135	/**
136	* Destructor.
137	*
138	* @return void
139	*/
140	public function __destruct()
141	{
142	$this->disconnect();
143	}
144
145	/**
146	* @return resource The raw LDAP extension resource.
147	*/
148	public function getResource()
149	{
150	if (!is_resource($this->_resource) \|\| $this->_boundUser === false) {
151	$this->bind();
152	}
153	return $this->_resource;
154	}
155
156	/**
157	* Return the LDAP error number of the last LDAP command
158	*
159	* @return int
160	*/
161	public function getLastErrorCode()
162	{
163	$ret = @ldap_get_option($this->_resource, LDAP_OPT_ERROR_NUMBER, $err);
164	if ($ret === true) {
165	if ($err <= -1 && $err >= -17) {
166	/**
167	* @see Zend_Ldap_Exception
168	*/
169	require_once 'Zend/Ldap/Exception.php';
170	/* For some reason draft-ietf-ldapext-ldap-c-api-xx.txt error
171	* codes in OpenLDAP are negative values from -1 to -17.
172	*/
173	$err = Zend_Ldap_Exception::LDAP_SERVER_DOWN + (-$err - 1);
174	}
175	return $err;
176	}
177	return 0;
178	}
179
180	/**
181	* Return the LDAP error message of the last LDAP command
182	*
183	* @param int $errorCode
184	* @param array $errorMessages
185	* @return string
186	*/
187	public function getLastError(&$errorCode = null, array &$errorMessages = null)
188	{
189	$errorCode = $this->getLastErrorCode();
190	$errorMessages = array();
191
192	/* The various error retrieval functions can return
193	* different things so we just try to collect what we
194	* can and eliminate dupes.
195	*/
196	$estr1 = @ldap_error($this->_resource);
197	if ($errorCode !== 0 && $estr1 === 'Success') {
198	$estr1 = @ldap_err2str($errorCode);
199	}
200	if (!empty($estr1)) {
201	$errorMessages[] = $estr1;
202	}
203
204	@ldap_get_option($this->_resource, LDAP_OPT_ERROR_STRING, $estr2);
205	if (!empty($estr2) && !in_array($estr2, $errorMessages)) {
206	$errorMessages[] = $estr2;
207	}
208
209	$message = '';
210	if ($errorCode > 0) {
211	$message = '0x' . dechex($errorCode) . ' ';
212	} else {
213	$message = '';
214	}
215	if (count($errorMessages) > 0) {
216	$message .= '(' . implode('; ', $errorMessages) . ')';
217	} else {
218	$message .= '(no error message from LDAP)';
219	}
220	return $message;
221	}
222
223	/**
224	* Get the currently bound user
225	*
226	* FALSE if no user is bound to the LDAP resource
227	* NULL if there has been an anonymous bind
228	* username of the currently bound user
229	*
230	* @return false\|null\|string
231	*/
232	public function getBoundUser()
233	{
234	return $this->_boundUser;
235	}
236
237	/**
238	* Sets the options used in connecting, binding, etc.
239	*
240	* Valid option keys:
241	* host
242	* port
243	* useSsl
244	* username
245	* password
246	* bindRequiresDn
247	* baseDn
248	* accountCanonicalForm
249	* accountDomainName
250	* accountDomainNameShort
251	* accountFilterFormat
252	* allowEmptyPassword
253	* useStartTls
254	* optRefferals
255	* tryUsernameSplit
256	*
257	* @param array\|Zend_Config $options Options used in connecting, binding, etc.
258	* @return Zend_Ldap Provides a fluent interface
259	* @throws Zend_Ldap_Exception
260	*/
261	public function setOptions($options)
262	{
263	if ($options instanceof Zend_Config) {
264	$options = $options->toArray();
265	}
266
267	$permittedOptions = array(
268	'host' => null,
269	'port' => 0,
270	'useSsl' => false,
271	'username' => null,
272	'password' => null,
273	'bindRequiresDn' => false,
274	'baseDn' => null,
275	'accountCanonicalForm' => null,
276	'accountDomainName' => null,
277	'accountDomainNameShort' => null,
278	'accountFilterFormat' => null,
279	'allowEmptyPassword' => false,
280	'useStartTls' => false,
281	'optReferrals' => false,
282	'tryUsernameSplit' => true,
283	);
284
285	foreach ($permittedOptions as $key => $val) {
286	if (array_key_exists($key, $options)) {
287	$val = $options[$key];
288	unset($options[$key]);
289	/* Enforce typing. This eliminates issues like Zend_Config_Ini
290	* returning '1' as a string (ZF-3163).
291	*/
292	switch ($key) {
293	case 'port':
294	case 'accountCanonicalForm':
295	$permittedOptions[$key] = (int)$val;
296	break;
297	case 'useSsl':
298	case 'bindRequiresDn':
299	case 'allowEmptyPassword':
300	case 'useStartTls':
301	case 'optReferrals':
302	case 'tryUsernameSplit':
303	$permittedOptions[$key] = ($val === true \|\|
304	$val === '1' \|\| strcasecmp($val, 'true') == 0);
305	break;
306	default:
307	$permittedOptions[$key] = trim($val);
308	break;
309	}
310	}
311	}
312	if (count($options) > 0) {
313	$key = key($options);
314	/**
315	* @see Zend_Ldap_Exception
316	*/
317	require_once 'Zend/Ldap/Exception.php';
318	throw new Zend_Ldap_Exception(null, "Unknown Zend_Ldap option: $key");
319	}
320	$this->_options = $permittedOptions;
321	return $this;
322	}
323
324	/**
325	* @return array The current options.
326	*/
327	public function getOptions()
328	{
329	return $this->_options;
330	}
331
332	/**
333	* @return string The hostname of the LDAP server being used to authenticate accounts
334	*/
335	protected function _getHost()
336	{
337	return $this->_options['host'];
338	}
339
340	/**
341	* @return int The port of the LDAP server or 0 to indicate that no port value is set
342	*/
343	protected function _getPort()
344	{
345	return $this->_options['port'];
346	}
347
348	/**
349	* @return boolean The default SSL / TLS encrypted transport control
350	*/
351	protected function _getUseSsl()
352	{
353	return $this->_options['useSsl'];
354	}
355
356	/**
357	* @return string The default acctname for binding
358	*/
359	protected function _getUsername()
360	{
361	return $this->_options['username'];
362	}
363
364	/**
365	* @return string The default password for binding
366	*/
367	protected function _getPassword()
368	{
369	return $this->_options['password'];
370	}
371
372	/**
373	* @return boolean Bind requires DN
374	*/
375	protected function _getBindRequiresDn()
376	{
377	return $this->_options['bindRequiresDn'];
378	}
379
380	/**
381	* Gets the base DN under which objects of interest are located
382	*
383	* @return string
384	*/
385	public function getBaseDn()
386	{
387	return $this->_options['baseDn'];
388	}
389
390	/**
391	* @return integer Either ACCTNAME_FORM_BACKSLASH, ACCTNAME_FORM_PRINCIPAL or
392	* ACCTNAME_FORM_USERNAME indicating the form usernames should be canonicalized to.
393	*/
394	protected function _getAccountCanonicalForm()
395	{
396	/* Account names should always be qualified with a domain. In some scenarios
397	* using non-qualified account names can lead to security vulnerabilities. If
398	* no account canonical form is specified, we guess based in what domain
399	* names have been supplied.
400	*/
401
402	$accountCanonicalForm = $this->_options['accountCanonicalForm'];
403	if (!$accountCanonicalForm) {
404	$accountDomainName = $this->_getAccountDomainName();
405	$accountDomainNameShort = $this->_getAccountDomainNameShort();
406	if ($accountDomainNameShort) {
407	$accountCanonicalForm = Zend_Ldap::ACCTNAME_FORM_BACKSLASH;
408	} else if ($accountDomainName) {
409	$accountCanonicalForm = Zend_Ldap::ACCTNAME_FORM_PRINCIPAL;
410	} else {
411	$accountCanonicalForm = Zend_Ldap::ACCTNAME_FORM_USERNAME;
412	}
413	}
414
415	return $accountCanonicalForm;
416	}
417
418	/**
419	* @return string The account domain name
420	*/
421	protected function _getAccountDomainName()
422	{
423	return $this->_options['accountDomainName'];
424	}
425
426	/**
427	* @return string The short account domain name
428	*/
429	protected function _getAccountDomainNameShort()
430	{
431	return $this->_options['accountDomainNameShort'];
432	}
433
434	/**
435	* @return string A format string for building an LDAP search filter to match
436	* an account
437	*/
438	protected function _getAccountFilterFormat()
439	{
440	return $this->_options['accountFilterFormat'];
441	}
442
443	/**
444	* @return boolean Allow empty passwords
445	*/
446	protected function _getAllowEmptyPassword()
447	{
448	return $this->_options['allowEmptyPassword'];
449	}
450
451	/**
452	* @return boolean The default SSL / TLS encrypted transport control
453	*/
454	protected function _getUseStartTls()
455	{
456	return $this->_options['useStartTls'];
457	}
458
459	/**
460	* @return boolean Opt. Referrals
461	*/
462	protected function _getOptReferrals()
463	{
464	return $this->_options['optReferrals'];
465	}
466
467	/**
468	* @return boolean Try splitting the username into username and domain
469	*/
470	protected function _getTryUsernameSplit()
471	{
472	return $this->_options['tryUsernameSplit'];
473	}
474
475	/**
476	* @return string The LDAP search filter for matching directory accounts
477	*/
478	protected function _getAccountFilter($acctname)
479	{
480	/**
481	* @see Zend_Ldap_Filter_Abstract
482	*/
483	require_once 'Zend/Ldap/Filter/Abstract.php';
484	$this->_splitName($acctname, $dname, $aname);
485	$accountFilterFormat = $this->_getAccountFilterFormat();
486	$aname = Zend_Ldap_Filter_Abstract::escapeValue($aname);
487	if ($accountFilterFormat) {
488	return sprintf($accountFilterFormat, $aname);
489	}
490	if (!$this->_getBindRequiresDn()) {
491	// is there a better way to detect this?
492	return sprintf("(&(objectClass=user)(sAMAccountName=%s))", $aname);
493	}
494	return sprintf("(&(objectClass=posixAccount)(uid=%s))", $aname);
495	}
496
497	/**
498	* @param string $name The name to split
499	* @param string $dname The resulting domain name (this is an out parameter)
500	* @param string $aname The resulting account name (this is an out parameter)
501	* @return void
502	*/
503	protected function _splitName($name, &$dname, &$aname)
504	{
505	$dname = null;
506	$aname = $name;
507
508	if (!$this->_getTryUsernameSplit()) {
509	return;
510	}
511
512	$pos = strpos($name, '@');
513	if ($pos) {
514	$dname = substr($name, $pos + 1);
515	$aname = substr($name, 0, $pos);
516	} else {
517	$pos = strpos($name, '\\');
518	if ($pos) {
519	$dname = substr($name, 0, $pos);
520	$aname = substr($name, $pos + 1);
521	}
522	}
523	}
524
525	/**
526	* @param string $acctname The name of the account
527	* @return string The DN of the specified account
528	* @throws Zend_Ldap_Exception
529	*/
530	protected function _getAccountDn($acctname)
531	{
532	/**
533	* @see Zend_Ldap_Dn
534	*/
535	require_once 'Zend/Ldap/Dn.php';
536	if (Zend_Ldap_Dn::checkDn($acctname)) return $acctname;
537	$acctname = $this->getCanonicalAccountName($acctname, Zend_Ldap::ACCTNAME_FORM_USERNAME);
538	$acct = $this->_getAccount($acctname, array('dn'));
539	return $acct['dn'];
540	}
541
542	/**
543	* @param string $dname The domain name to check
544	* @return boolean
545	*/
546	protected function _isPossibleAuthority($dname)
547	{
548	if ($dname === null) {
549	return true;
550	}
551	$accountDomainName = $this->_getAccountDomainName();
552	$accountDomainNameShort = $this->_getAccountDomainNameShort();
553	if ($accountDomainName === null && $accountDomainNameShort === null) {
554	return true;
555	}
556	if (strcasecmp($dname, $accountDomainName) == 0) {
557	return true;
558	}
559	if (strcasecmp($dname, $accountDomainNameShort) == 0) {
560	return true;
561	}
562	return false;
563	}
564
565	/**
566	* @param string $acctname The name to canonicalize
567	* @param int $type The desired form of canonicalization
568	* @return string The canonicalized name in the desired form
569	* @throws Zend_Ldap_Exception
570	*/
571	public function getCanonicalAccountName($acctname, $form = 0)
572	{
573	$this->_splitName($acctname, $dname, $uname);
574
575	if (!$this->_isPossibleAuthority($dname)) {
576	/**
577	* @see Zend_Ldap_Exception
578	*/
579	require_once 'Zend/Ldap/Exception.php';
580	throw new Zend_Ldap_Exception(null,
581	"Binding domain is not an authority for user: $acctname",
582	Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH);
583	}
584
585	if (!$uname) {
586	/**
587	* @see Zend_Ldap_Exception
588	*/
589	require_once 'Zend/Ldap/Exception.php';
590	throw new Zend_Ldap_Exception(null, "Invalid account name syntax: $acctname");
591	}
592
593	if (function_exists('mb_strtolower')) {
594	$uname = mb_strtolower($uname, 'UTF-8');
595	} else {
596	$uname = strtolower($uname);
597	}
598
599	if ($form === 0) {
600	$form = $this->_getAccountCanonicalForm();
601	}
602
603	switch ($form) {
604	case Zend_Ldap::ACCTNAME_FORM_DN:
605	return $this->_getAccountDn($acctname);
606	case Zend_Ldap::ACCTNAME_FORM_USERNAME:
607	return $uname;
608	case Zend_Ldap::ACCTNAME_FORM_BACKSLASH:
609	$accountDomainNameShort = $this->_getAccountDomainNameShort();
610	if (!$accountDomainNameShort) {
611	/**
612	* @see Zend_Ldap_Exception
613	*/
614	require_once 'Zend/Ldap/Exception.php';
615	throw new Zend_Ldap_Exception(null, 'Option required: accountDomainNameShort');
616	}
617	return "$accountDomainNameShort\\$uname";
618	case Zend_Ldap::ACCTNAME_FORM_PRINCIPAL:
619	$accountDomainName = $this->_getAccountDomainName();
620	if (!$accountDomainName) {
621	/**
622	* @see Zend_Ldap_Exception
623	*/
624	require_once 'Zend/Ldap/Exception.php';
625	throw new Zend_Ldap_Exception(null, 'Option required: accountDomainName');
626	}
627	return "$uname@$accountDomainName";
628	default:
629	/**
630	* @see Zend_Ldap_Exception
631	*/
632	require_once 'Zend/Ldap/Exception.php';
633	throw new Zend_Ldap_Exception(null, "Unknown canonical name form: $form");
634	}
635	}
636
637	/**
638	* @param array $attrs An array of names of desired attributes
639	* @return array An array of the attributes representing the account
640	* @throws Zend_Ldap_Exception
641	*/
642	protected function _getAccount($acctname, array $attrs = null)
643	{
644	$baseDn = $this->getBaseDn();
645	if (!$baseDn) {
646	/**
647	* @see Zend_Ldap_Exception
648	*/
649	require_once 'Zend/Ldap/Exception.php';
650	throw new Zend_Ldap_Exception(null, 'Base DN not set');
651	}
652
653	$accountFilter = $this->_getAccountFilter($acctname);
654	if (!$accountFilter) {
655	/**
656	* @see Zend_Ldap_Exception
657	*/
658	require_once 'Zend/Ldap/Exception.php';
659	throw new Zend_Ldap_Exception(null, 'Invalid account filter');
660	}
661
662	if (!is_resource($this->getResource())) {
663	$this->bind();
664	}
665
666	$accounts = $this->search($accountFilter, $baseDn, self::SEARCH_SCOPE_SUB, $attrs);
667	$count = $accounts->count();
668	if ($count === 1) {
669	$acct = $accounts->getFirst();
670	$accounts->close();
671	return $acct;
672	} else if ($count === 0) {
673	/**
674	* @see Zend_Ldap_Exception
675	*/
676	require_once 'Zend/Ldap/Exception.php';
677	$code = Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT;
678	$str = "No object found for: $accountFilter";
679	} else {
680	/**
681	* @see Zend_Ldap_Exception
682	*/
683	require_once 'Zend/Ldap/Exception.php';
684	$code = Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR;
685	$str = "Unexpected result count ($count) for: $accountFilter";
686	}
687	$accounts->close();
688	/**
689	* @see Zend_Ldap_Exception
690	*/
691	require_once 'Zend/Ldap/Exception.php';
692	throw new Zend_Ldap_Exception($this, $str, $code);
693	}
694
695	/**
696	* @return Zend_Ldap Provides a fluent interface
697	*/
698	public function disconnect()
699	{
700	if (is_resource($this->_resource)) {
701	@ldap_unbind($this->_resource);
702	}
703	$this->_resource = null;
704	$this->_boundUser = false;
705	return $this;
706	}
707
708	/**
709	* To connect using SSL it seems the client tries to verify the server
710	* certificate by default. One way to disable this behavior is to set
711	* 'TLS_REQCERT never' in OpenLDAP's ldap.conf and restarting Apache. Or,
712	* if you really care about the server's cert you can put a cert on the
713	* web server.
714	*
715	* @param string $host The hostname of the LDAP server to connect to
716	* @param int $port The port number of the LDAP server to connect to
717	* @param boolean $useSsl Use SSL
718	* @param boolean $useStartTls Use STARTTLS
719	* @return Zend_Ldap Provides a fluent interface
720	* @throws Zend_Ldap_Exception
721	*/
722	public function connect($host = null, $port = null, $useSsl = null, $useStartTls = null)
723	{
724	if ($host === null) {
725	$host = $this->_getHost();
726	}
727	if ($port === null) {
728	$port = $this->_getPort();
729	} else {
730	$port = (int)$port;
731	}
732	if ($useSsl === null) {
733	$useSsl = $this->_getUseSsl();
734	} else {
735	$useSsl = (bool)$useSsl;
736	}
737	if ($useStartTls === null) {
738	$useStartTls = $this->_getUseStartTls();
739	} else {
740	$useStartTls = (bool)$useStartTls;
741	}
742
743	if (!$host) {
744	/**
745	* @see Zend_Ldap_Exception
746	*/
747	require_once 'Zend/Ldap/Exception.php';
748	throw new Zend_Ldap_Exception(null, 'A host parameter is required');
749	}
750
751	$useUri = false;
752	/* Because ldap_connect doesn't really try to connect, any connect error
753	* will actually occur during the ldap_bind call. Therefore, we save the
754	* connect string here for reporting it in error handling in bind().
755	*/
756	$hosts = array();
757	if (preg_match_all('~ldap(?:i\|s)?://~', $host, $hosts, PREG_SET_ORDER) > 0) {
758	$this->_connectString = $host;
759	$useUri = true;
760	$useSsl = false;
761	} else {
762	if ($useSsl) {
763	$this->_connectString = 'ldaps://' . $host;
764	$useUri = true;
765	} else {
766	$this->_connectString = 'ldap://' . $host;
767	}
768	if ($port) {
769	$this->_connectString .= ':' . $port;
770	}
771	}
772
773	$this->disconnect();
774
775	/* Only OpenLDAP 2.2 + supports URLs so if SSL is not requested, just
776	* use the old form.
777	*/
778	$resource = ($useUri) ? @ldap_connect($this->_connectString) : @ldap_connect($host, $port);
779
780	if (is_resource($resource) === true) {
781	$this->_resource = $resource;
782	$this->_boundUser = false;
783
784	$optReferrals = ($this->_getOptReferrals()) ? 1 : 0;
785	if (@ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3) &&
786	@ldap_set_option($resource, LDAP_OPT_REFERRALS, $optReferrals)) {
787	if ($useSsl \|\| !$useStartTls \|\| @ldap_start_tls($resource)) {
788	return $this;
789	}
790	}
791
792	/**
793	* @see Zend_Ldap_Exception
794	*/
795	require_once 'Zend/Ldap/Exception.php';
796	$zle = new Zend_Ldap_Exception($this, "$host:$port");
797	$this->disconnect();
798	throw $zle;
799	}
800	/**
801	* @see Zend_Ldap_Exception
802	*/
803	require_once 'Zend/Ldap/Exception.php';
804	throw new Zend_Ldap_Exception(null, "Failed to connect to LDAP server: $host:$port");
805	}
806
807	/**
808	* @param string $username The username for authenticating the bind
809	* @param string $password The password for authenticating the bind
810	* @return Zend_Ldap Provides a fluent interface
811	* @throws Zend_Ldap_Exception
812	*/
813	public function bind($username = null, $password = null)
814	{
815	$moreCreds = true;
816
817	if ($username === null) {
818	$username = $this->_getUsername();
819	$password = $this->_getPassword();
820	$moreCreds = false;
821	}
822
823	if (empty($username)) {
824	/* Perform anonymous bind
825	*/
826	$username = null;
827	$password = null;
828	} else {
829	/* Check to make sure the username is in DN form.
830	*/
831	/**
832	* @see Zend_Ldap_Dn
833	*/
834	require_once 'Zend/Ldap/Dn.php';
835	if (!Zend_Ldap_Dn::checkDn($username)) {
836	if ($this->_getBindRequiresDn()) {
837	/* moreCreds stops an infinite loop if _getUsername does not
838	* return a DN and the bind requires it
839	*/
840	if ($moreCreds) {
841	try {
842	$username = $this->_getAccountDn($username);
843	} catch (Zend_Ldap_Exception $zle) {
844	switch ($zle->getCode()) {
845	case Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT:
846	case Zend_Ldap_Exception::LDAP_X_DOMAIN_MISMATCH:
847	case Zend_Ldap_Exception::LDAP_X_EXTENSION_NOT_LOADED:
848	throw $zle;
849	}
850	throw new Zend_Ldap_Exception(null,
851	'Failed to retrieve DN for account: ' . $username .
852	' [' . $zle->getMessage() . ']',
853	Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR);
854	}
855	} else {
856	/**
857	* @see Zend_Ldap_Exception
858	*/
859	require_once 'Zend/Ldap/Exception.php';
860	throw new Zend_Ldap_Exception(null, 'Binding requires username in DN form');
861	}
862	} else {
863	$username = $this->getCanonicalAccountName($username,
864	$this->_getAccountCanonicalForm());
865	}
866	}
867	}
868
869	if (!is_resource($this->_resource)) {
870	$this->connect();
871	}
872
873	if ($username !== null && $password === '' && $this->_getAllowEmptyPassword() !== true) {
874	/**
875	* @see Zend_Ldap_Exception
876	*/
877	require_once 'Zend/Ldap/Exception.php';
878	$zle = new Zend_Ldap_Exception(null,
879	'Empty password not allowed - see allowEmptyPassword option.');
880	} else {
881	if (@ldap_bind($this->_resource, $username, $password)) {
882	$this->_boundUser = $username;
883	return $this;
884	}
885
886	$message = ($username === null) ? $this->_connectString : $username;
887	/**
888	* @see Zend_Ldap_Exception
889	*/
890	require_once 'Zend/Ldap/Exception.php';
891	switch ($this->getLastErrorCode()) {
892	case Zend_Ldap_Exception::LDAP_SERVER_DOWN:
893	/* If the error is related to establishing a connection rather than binding,
894	* the connect string is more informative than the username.
895	*/
896	$message = $this->_connectString;
897	}
898
899	$zle = new Zend_Ldap_Exception($this, $message);
900	}
901	$this->disconnect();
902	throw $zle;
903	}
904
905	/**
906	* A global LDAP search routine for finding information.
907	*
908	* Options can be either passed as single parameters according to the
909	* method signature or as an array with one or more of the following keys
910	* - filter
911	* - baseDn
912	* - scope
913	* - attributes
914	* - sort
915	* - collectionClass
916	* - sizelimit
917	* - timelimit
918	*
919	* @param string\|Zend_Ldap_Filter_Abstract\|array $filter
920	* @param string\|Zend_Ldap_Dn\|null $basedn
921	* @param integer $scope
922	* @param array $attributes
923	* @param string\|null $sort
924	* @param string\|null $collectionClass
925	* @param integer $sizelimit
926	* @param integer $timelimit
927	* @return Zend_Ldap_Collection
928	* @throws Zend_Ldap_Exception
929	*/
930	public function search($filter, $basedn = null, $scope = self::SEARCH_SCOPE_SUB, array $attributes = array(),
931	$sort = null, $collectionClass = null, $sizelimit = 0, $timelimit = 0)
932	{
933	if (is_array($filter)) {
934	$options = array_change_key_case($filter, CASE_LOWER);
935	foreach ($options as $key => $value) {
936	switch ($key) {
937	case 'filter':
938	case 'basedn':
939	case 'scope':
940	case 'sort':
941	$$key = $value;
942	break;
943	case 'attributes':
944	if (is_array($value)) {
945	$attributes = $value;
946	}
947	break;
948	case 'collectionclass':
949	$collectionClass = $value;
950	break;
951	case 'sizelimit':
952	case 'timelimit':
953	$$key = (int)$value;
954	}
955	}
956	}
957
958	if ($basedn === null) {
959	$basedn = $this->getBaseDn();
960	}
961	else if ($basedn instanceof Zend_Ldap_Dn) {
962	$basedn = $basedn->toString();
963	}
964
965	if ($filter instanceof Zend_Ldap_Filter_Abstract) {
966	$filter = $filter->toString();
967	}
968
969	switch ($scope) {
970	case self::SEARCH_SCOPE_ONE:
971	$search = @ldap_list($this->getResource(), $basedn, $filter, $attributes, 0, $sizelimit, $timelimit);
972	break;
973	case self::SEARCH_SCOPE_BASE:
974	$search = @ldap_read($this->getResource(), $basedn, $filter, $attributes, 0, $sizelimit, $timelimit);
975	break;
976	case self::SEARCH_SCOPE_SUB:
977	default:
978	$search = @ldap_search($this->getResource(), $basedn, $filter, $attributes, 0, $sizelimit, $timelimit);
979	break;
980	}
981
982	if($search === false) {
983	/**
984	* @see Zend_Ldap_Exception
985	*/
986	require_once 'Zend/Ldap/Exception.php';
987	throw new Zend_Ldap_Exception($this, 'searching: ' . $filter);
988	}
989	if ($sort !== null && is_string($sort)) {
990	$isSorted = @ldap_sort($this->getResource(), $search, $sort);
991	if($isSorted === false) {
992	/**
993	* @see Zend_Ldap_Exception
994	*/
995	require_once 'Zend/Ldap/Exception.php';
996	throw new Zend_Ldap_Exception($this, 'sorting: ' . $sort);
997	}
998	}
999
1000	/**
1001	* Zend_Ldap_Collection_Iterator_Default
1002	*/
1003	require_once 'Zend/Ldap/Collection/Iterator/Default.php';
1004	$iterator = new Zend_Ldap_Collection_Iterator_Default($this, $search);
1005	return $this->_createCollection($iterator, $collectionClass);
1006	}
1007
1008	/**
1009	* Extension point for collection creation
1010	*
1011	* @param Zend_Ldap_Collection_Iterator_Default $iterator
1012	* @param string\|null $collectionClass
1013	* @return Zend_Ldap_Collection
1014	* @throws Zend_Ldap_Exception
1015	*/
1016	protected function _createCollection(Zend_Ldap_Collection_Iterator_Default $iterator, $collectionClass)
1017	{
1018	if ($collectionClass === null) {
1019	/**
1020	* Zend_Ldap_Collection
1021	*/
1022	require_once 'Zend/Ldap/Collection.php';
1023	return new Zend_Ldap_Collection($iterator);
1024	} else {
1025	$collectionClass = (string)$collectionClass;
1026	if (!class_exists($collectionClass)) {
1027	/**
1028	* @see Zend_Ldap_Exception
1029	*/
1030	require_once 'Zend/Ldap/Exception.php';
1031	throw new Zend_Ldap_Exception(null,
1032	"Class '$collectionClass' can not be found");
1033	}
1034	if (!is_subclass_of($collectionClass, 'Zend_Ldap_Collection')) {
1035	/**
1036	* @see Zend_Ldap_Exception
1037	*/
1038	require_once 'Zend/Ldap/Exception.php';
1039	throw new Zend_Ldap_Exception(null,
1040	"Class '$collectionClass' must subclass 'Zend_Ldap_Collection'");
1041	}
1042	return new $collectionClass($iterator);
1043	}
1044	}
1045
1046	/**
1047	* Count items found by given filter.
1048	*
1049	* @param string\|Zend_Ldap_Filter_Abstract $filter
1050	* @param string\|Zend_Ldap_Dn\|null $basedn
1051	* @param integer $scope
1052	* @return integer
1053	* @throws Zend_Ldap_Exception
1054	*/
1055	public function count($filter, $basedn = null, $scope = self::SEARCH_SCOPE_SUB)
1056	{
1057	try {
1058	$result = $this->search($filter, $basedn, $scope, array('dn'), null);
1059	} catch (Zend_Ldap_Exception $e) {
1060	if ($e->getCode() === Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT) return 0;
1061	else throw $e;
1062	}
1063	return $result->count();
1064	}
1065
1066	/**
1067	* Count children for a given DN.
1068	*
1069	* @param string\|Zend_Ldap_Dn $dn
1070	* @return integer
1071	* @throws Zend_Ldap_Exception
1072	*/
1073	public function countChildren($dn)
1074	{
1075	return $this->count('(objectClass=*)', $dn, self::SEARCH_SCOPE_ONE);
1076	}
1077
1078	/**
1079	* Check if a given DN exists.
1080	*
1081	* @param string\|Zend_Ldap_Dn $dn
1082	* @return boolean
1083	* @throws Zend_Ldap_Exception
1084	*/
1085	public function exists($dn)
1086	{
1087	return ($this->count('(objectClass=*)', $dn, self::SEARCH_SCOPE_BASE) == 1);
1088	}
1089
1090	/**
1091	* Search LDAP registry for entries matching filter and optional attributes
1092	*
1093	* Options can be either passed as single parameters according to the
1094	* method signature or as an array with one or more of the following keys
1095	* - filter
1096	* - baseDn
1097	* - scope
1098	* - attributes
1099	* - sort
1100	* - reverseSort
1101	* - sizelimit
1102	* - timelimit
1103	*
1104	* @param string\|Zend_Ldap_Filter_Abstract\|array $filter
1105	* @param string\|Zend_Ldap_Dn\|null $basedn
1106	* @param integer $scope
1107	* @param array $attributes
1108	* @param string\|null $sort
1109	* @param boolean $reverseSort
1110	* @param integer $sizelimit
1111	* @param integer $timelimit
1112	* @return array
1113	* @throws Zend_Ldap_Exception
1114	*/
1115	public function searchEntries($filter, $basedn = null, $scope = self::SEARCH_SCOPE_SUB,
1116	array $attributes = array(), $sort = null, $reverseSort = false, $sizelimit = 0, $timelimit = 0)
1117	{
1118	if (is_array($filter)) {
1119	$filter = array_change_key_case($filter, CASE_LOWER);
1120	if (isset($filter['collectionclass'])) {
1121	unset($filter['collectionclass']);
1122	}
1123	if (isset($filter['reversesort'])) {
1124	$reverseSort = $filter['reversesort'];
1125	unset($filter['reversesort']);
1126	}
1127	}
1128	$result = $this->search($filter, $basedn, $scope, $attributes, $sort, null, $sizelimit, $timelimit);
1129	$items = $result->toArray();
1130	if ((bool)$reverseSort === true) {
1131	$items = array_reverse($items, false);
1132	}
1133	return $items;
1134	}
1135
1136	/**
1137	* Get LDAP entry by DN
1138	*
1139	* @param string\|Zend_Ldap_Dn $dn
1140	* @param array $attributes
1141	* @param boolean $throwOnNotFound
1142	* @return array
1143	* @throws Zend_Ldap_Exception
1144	*/
1145	public function getEntry($dn, array $attributes = array(), $throwOnNotFound = false)
1146	{
1147	try {
1148	$result = $this->search("(objectClass=*)", $dn, self::SEARCH_SCOPE_BASE,
1149	$attributes, null);
1150	return $result->getFirst();
1151	} catch (Zend_Ldap_Exception $e){
1152	if ($throwOnNotFound !== false) throw $e;
1153	}
1154	return null;
1155	}
1156
1157	/**
1158	* Prepares an ldap data entry array for insert/update operation
1159	*
1160	* @param array $entry
1161	* @return void
1162	* @throws InvalidArgumentException
1163	*/
1164	public static function prepareLdapEntryArray(array &$entry)
1165	{
1166	if (array_key_exists('dn', $entry)) unset($entry['dn']);
1167	foreach ($entry as $key => $value) {
1168	if (is_array($value)) {
1169	foreach ($value as $i => $v) {
1170	if ($v === null) unset($value[$i]);
1171	else if (!is_scalar($v)) {
1172	throw new InvalidArgumentException('Only scalar values allowed in LDAP data');
1173	} else {
1174	$v = (string)$v;
1175	if (strlen($v) == 0) {
1176	unset($value[$i]);
1177	} else {
1178	$value[$i] = $v;
1179	}
1180	}
1181	}
1182	$entry[$key] = array_values($value);
1183	} else {
1184	if ($value === null) $entry[$key] = array();
1185	else if (!is_scalar($value)) {
1186	throw new InvalidArgumentException('Only scalar values allowed in LDAP data');
1187	} else {
1188	$value = (string)$value;
1189	if (strlen($value) == 0) {
1190	$entry[$key] = array();
1191	} else {
1192	$entry[$key] = array($value);
1193	}
1194	}
1195	}
1196	}
1197	$entry = array_change_key_case($entry, CASE_LOWER);
1198	}
1199
1200	/**
1201	* Add new information to the LDAP repository
1202	*
1203	* @param string\|Zend_Ldap_Dn $dn
1204	* @param array $entry
1205	* @return Zend_Ldap Provides a fluid interface
1206	* @throws Zend_Ldap_Exception
1207	*/
1208	public function add($dn, array $entry)
1209	{
1210	if (!($dn instanceof Zend_Ldap_Dn)) {
1211	$dn = Zend_Ldap_Dn::factory($dn, null);
1212	}
1213	self::prepareLdapEntryArray($entry);
1214	foreach ($entry as $key => $value) {
1215	if (is_array($value) && count($value) === 0) {
1216	unset($entry[$key]);
1217	}
1218	}
1219
1220	$rdnParts = $dn->getRdn(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
1221	foreach ($rdnParts as $key => $value) {
1222	$value = Zend_Ldap_Dn::unescapeValue($value);
1223	if (!array_key_exists($key, $entry)) {
1224	$entry[$key] = array($value);
1225	} else if (!in_array($value, $entry[$key])) {
1226	$entry[$key] = array_merge(array($value), $entry[$key]);
1227	}
1228	}
1229	$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory',
1230	'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
1231	foreach ($adAttributes as $attr) {
1232	if (array_key_exists($attr, $entry)) {
1233	unset($entry[$attr]);
1234	}
1235	}
1236
1237	$isAdded = @ldap_add($this->getResource(), $dn->toString(), $entry);
1238	if($isAdded === false) {
1239	/**
1240	* @see Zend_Ldap_Exception
1241	*/
1242	require_once 'Zend/Ldap/Exception.php';
1243	throw new Zend_Ldap_Exception($this, 'adding: ' . $dn->toString());
1244	}
1245	return $this;
1246	}
1247
1248	/**
1249	* Update LDAP registry
1250	*
1251	* @param string\|Zend_Ldap_Dn $dn
1252	* @param array $entry
1253	* @return Zend_Ldap Provides a fluid interface
1254	* @throws Zend_Ldap_Exception
1255	*/
1256	public function update($dn, array $entry)
1257	{
1258	if (!($dn instanceof Zend_Ldap_Dn)) {
1259	$dn = Zend_Ldap_Dn::factory($dn, null);
1260	}
1261	self::prepareLdapEntryArray($entry);
1262
1263	$rdnParts = $dn->getRdn(Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER);
1264	foreach ($rdnParts as $key => $value) {
1265	$value = Zend_Ldap_Dn::unescapeValue($value);
1266	if (array_key_exists($key, $entry) && !in_array($value, $entry[$key])) {
1267	$entry[$key] = array_merge(array($value), $entry[$key]);
1268	}
1269	}
1270
1271	$adAttributes = array('distinguishedname', 'instancetype', 'name', 'objectcategory',
1272	'objectguid', 'usnchanged', 'usncreated', 'whenchanged', 'whencreated');
1273	foreach ($adAttributes as $attr) {
1274	if (array_key_exists($attr, $entry)) {
1275	unset($entry[$attr]);
1276	}
1277	}
1278
1279	if (count($entry) > 0) {
1280	$isModified = @ldap_modify($this->getResource(), $dn->toString(), $entry);
1281	if($isModified === false) {
1282	/**
1283	* @see Zend_Ldap_Exception
1284	*/
1285	require_once 'Zend/Ldap/Exception.php';
1286	throw new Zend_Ldap_Exception($this, 'updating: ' . $dn->toString());
1287	}
1288	}
1289	return $this;
1290	}
1291
1292	/**
1293	* Save entry to LDAP registry.
1294	*
1295	* Internally decides if entry will be updated to added by calling
1296	* {@link exists()}.
1297	*
1298	* @param string\|Zend_Ldap_Dn $dn
1299	* @param array $entry
1300	* @return Zend_Ldap Provides a fluid interface
1301	* @throws Zend_Ldap_Exception
1302	*/
1303	public function save($dn, array $entry)
1304	{
1305	if ($dn instanceof Zend_Ldap_Dn) {
1306	$dn = $dn->toString();
1307	}
1308	if ($this->exists($dn)) $this->update($dn, $entry);
1309	else $this->add($dn, $entry);
1310	return $this;
1311	}
1312
1313	/**
1314	* Delete an LDAP entry
1315	*
1316	* @param string\|Zend_Ldap_Dn $dn
1317	* @param boolean $recursively
1318	* @return Zend_Ldap Provides a fluid interface
1319	* @throws Zend_Ldap_Exception
1320	*/
1321	public function delete($dn, $recursively = false)
1322	{
1323	if ($dn instanceof Zend_Ldap_Dn) {
1324	$dn = $dn->toString();
1325	}
1326	if ($recursively === true) {
1327	if ($this->countChildren($dn)>0) {
1328	$children = $this->_getChildrenDns($dn);
1329	foreach ($children as $c) {
1330	$this->delete($c, true);
1331	}
1332	}
1333	}
1334	$isDeleted = @ldap_delete($this->getResource(), $dn);
1335	if($isDeleted === false) {
1336	/**
1337	* @see Zend_Ldap_Exception
1338	*/
1339	require_once 'Zend/Ldap/Exception.php';
1340	throw new Zend_Ldap_Exception($this, 'deleting: ' . $dn);
1341	}
1342	return $this;
1343	}
1344
1345	/**
1346	* Retrieve the immediate children DNs of the given $parentDn
1347	*
1348	* This method is used in recursive methods like {@see delete()}
1349	* or {@see copy()}
1350	*
1351	* @param string\|Zend_Ldap_Dn $parentDn
1352	* @return array of DNs
1353	*/
1354	protected function _getChildrenDns($parentDn)
1355	{
1356	if ($parentDn instanceof Zend_Ldap_Dn) {
1357	$parentDn = $parentDn->toString();
1358	}
1359	$children = array();
1360	$search = @ldap_list($this->getResource(), $parentDn, '(objectClass=*)', array('dn'));
1361	for ($entry = @ldap_first_entry($this->getResource(), $search);
1362	$entry !== false;
1363	$entry = @ldap_next_entry($this->getResource(), $entry)) {
1364	$childDn = @ldap_get_dn($this->getResource(), $entry);
1365	if ($childDn === false) {
1366	/**
1367	* @see Zend_Ldap_Exception
1368	*/
1369	require_once 'Zend/Ldap/Exception.php';
1370	throw new Zend_Ldap_Exception($this, 'getting dn');
1371	}
1372	$children[] = $childDn;
1373	}
1374	@ldap_free_result($search);
1375	return $children;
1376	}
1377
1378	/**
1379	* Moves a LDAP entry from one DN to another subtree.
1380	*
1381	* @param string\|Zend_Ldap_Dn $from
1382	* @param string\|Zend_Ldap_Dn $to
1383	* @param boolean $recursively
1384	* @param boolean $alwaysEmulate
1385	* @return Zend_Ldap Provides a fluid interface
1386	* @throws Zend_Ldap_Exception
1387	*/
1388	public function moveToSubtree($from, $to, $recursively = false, $alwaysEmulate = false)
1389	{
1390	if ($from instanceof Zend_Ldap_Dn) {
1391	$orgDnParts = $from->toArray();
1392	} else {
1393	$orgDnParts = Zend_Ldap_Dn::explodeDn($from);
1394	}
1395
1396	if ($to instanceof Zend_Ldap_Dn) {
1397	$newParentDnParts = $to->toArray();
1398	} else {
1399	$newParentDnParts = Zend_Ldap_Dn::explodeDn($to);
1400	}
1401
1402	$newDnParts = array_merge(array(array_shift($orgDnParts)), $newParentDnParts);
1403	$newDn = Zend_Ldap_Dn::fromArray($newDnParts);
1404	return $this->rename($from, $newDn, $recursively, $alwaysEmulate);
1405	}
1406
1407	/**
1408	* Moves a LDAP entry from one DN to another DN.
1409	*
1410	* This is an alias for {@link rename()}
1411	*
1412	* @param string\|Zend_Ldap_Dn $from
1413	* @param string\|Zend_Ldap_Dn $to
1414	* @param boolean $recursively
1415	* @param boolean $alwaysEmulate
1416	* @return Zend_Ldap Provides a fluid interface
1417	* @throws Zend_Ldap_Exception
1418	*/
1419	public function move($from, $to, $recursively = false, $alwaysEmulate = false)
1420	{
1421	return $this->rename($from, $to, $recursively, $alwaysEmulate);
1422	}
1423
1424	/**
1425	* Renames a LDAP entry from one DN to another DN.
1426	*
1427	* This method implicitely moves the entry to another location within the tree.
1428	*
1429	* @param string\|Zend_Ldap_Dn $from
1430	* @param string\|Zend_Ldap_Dn $to
1431	* @param boolean $recursively
1432	* @param boolean $alwaysEmulate
1433	* @return Zend_Ldap Provides a fluid interface
1434	* @throws Zend_Ldap_Exception
1435	*/
1436	public function rename($from, $to, $recursively = false, $alwaysEmulate = false)
1437	{
1438	$emulate = (bool)$alwaysEmulate;
1439	if (!function_exists('ldap_rename')) $emulate = true;
1440	else if ($recursively) $emulate = true;
1441
1442	if ($emulate === false) {
1443	if ($from instanceof Zend_Ldap_Dn) {
1444	$from = $from->toString();
1445	}
1446
1447	if ($to instanceof Zend_Ldap_Dn) {
1448	$newDnParts = $to->toArray();
1449	} else {
1450	$newDnParts = Zend_Ldap_Dn::explodeDn($to);
1451	}
1452
1453	$newRdn = Zend_Ldap_Dn::implodeRdn(array_shift($newDnParts));
1454	$newParent = Zend_Ldap_Dn::implodeDn($newDnParts);
1455	$isOK = @ldap_rename($this->getResource(), $from, $newRdn, $newParent, true);
1456	if($isOK === false) {
1457	/**
1458	* @see Zend_Ldap_Exception
1459	*/
1460	require_once 'Zend/Ldap/Exception.php';
1461	throw new Zend_Ldap_Exception($this, 'renaming ' . $from . ' to ' . $to);
1462	}
1463	else if (!$this->exists($to)) $emulate = true;
1464	}
1465	if ($emulate) {
1466	$this->copy($from, $to, $recursively);
1467	$this->delete($from, $recursively);
1468	}
1469	return $this;
1470	}
1471
1472	/**
1473	* Copies a LDAP entry from one DN to another subtree.
1474	*
1475	* @param string\|Zend_Ldap_Dn $from
1476	* @param string\|Zend_Ldap_Dn $to
1477	* @param boolean $recursively
1478	* @return Zend_Ldap Provides a fluid interface
1479	* @throws Zend_Ldap_Exception
1480	*/
1481	public function copyToSubtree($from, $to, $recursively = false)
1482	{
1483	if ($from instanceof Zend_Ldap_Dn) {
1484	$orgDnParts = $from->toArray();
1485	} else {
1486	$orgDnParts = Zend_Ldap_Dn::explodeDn($from);
1487	}
1488
1489	if ($to instanceof Zend_Ldap_Dn) {
1490	$newParentDnParts = $to->toArray();
1491	} else {
1492	$newParentDnParts = Zend_Ldap_Dn::explodeDn($to);
1493	}
1494
1495	$newDnParts = array_merge(array(array_shift($orgDnParts)), $newParentDnParts);
1496	$newDn = Zend_Ldap_Dn::fromArray($newDnParts);
1497	return $this->copy($from, $newDn, $recursively);
1498	}
1499
1500	/**
1501	* Copies a LDAP entry from one DN to another DN.
1502	*
1503	* @param string\|Zend_Ldap_Dn $from
1504	* @param string\|Zend_Ldap_Dn $to
1505	* @param boolean $recursively
1506	* @return Zend_Ldap Provides a fluid interface
1507	* @throws Zend_Ldap_Exception
1508	*/
1509	public function copy($from, $to, $recursively = false)
1510	{
1511	$entry = $this->getEntry($from, array(), true);
1512
1513	if ($to instanceof Zend_Ldap_Dn) {
1514	$toDnParts = $to->toArray();
1515	} else {
1516	$toDnParts = Zend_Ldap_Dn::explodeDn($to);
1517	}
1518	$this->add($to, $entry);
1519
1520	if ($recursively === true && $this->countChildren($from)>0) {
1521	$children = $this->_getChildrenDns($from);
1522	foreach ($children as $c) {
1523	$cDnParts = Zend_Ldap_Dn::explodeDn($c);
1524	$newChildParts = array_merge(array(array_shift($cDnParts)), $toDnParts);
1525	$newChild = Zend_Ldap_Dn::implodeDn($newChildParts);
1526	$this->copy($c, $newChild, true);
1527	}
1528	}
1529	return $this;
1530	}
1531
1532	/**
1533	* Returns the specified DN as a Zend_Ldap_Node
1534	*
1535	* @param string\|Zend_Ldap_Dn $dn
1536	* @return Zend_Ldap_Node\|null
1537	* @throws Zend_Ldap_Exception
1538	*/
1539	public function getNode($dn)
1540	{
1541	/**
1542	* Zend_Ldap_Node
1543	*/
1544	require_once 'Zend/Ldap/Node.php';
1545	return Zend_Ldap_Node::fromLdap($dn, $this);
1546	}
1547
1548	/**
1549	* Returns the base node as a Zend_Ldap_Node
1550	*
1551	* @return Zend_Ldap_Node
1552	* @throws Zend_Ldap_Exception
1553	*/
1554	public function getBaseNode()
1555	{
1556	return $this->getNode($this->getBaseDn(), $this);
1557	}
1558
1559	/**
1560	* Returns the RootDSE
1561	*
1562	* @return Zend_Ldap_Node_RootDse
1563	* @throws Zend_Ldap_Exception
1564	*/
1565	public function getRootDse()
1566	{
1567	if ($this->_rootDse === null) {
1568	/**
1569	* @see Zend_Ldap_Node_Schema
1570	*/
1571	require_once 'Zend/Ldap/Node/RootDse.php';
1572	$this->_rootDse = Zend_Ldap_Node_RootDse::create($this);
1573	}
1574	return $this->_rootDse;
1575	}
1576
1577	/**
1578	* Returns the schema
1579	*
1580	* @return Zend_Ldap_Node_Schema
1581	* @throws Zend_Ldap_Exception
1582	*/
1583	public function getSchema()
1584	{
1585	if ($this->_schema === null) {
1586	/**
1587	* @see Zend_Ldap_Node_Schema
1588	*/
1589	require_once 'Zend/Ldap/Node/Schema.php';
1590	$this->_schema = Zend_Ldap_Node_Schema::create($this);
1591	}
1592	return $this->_schema;
1593	}
1594	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: sandbox/2.2.0.2/library/Zend/Ldap.php @ 4445

Download in other formats: