[4445] | 1 | <?php |
---|
| 2 | |
---|
| 3 | class LdapService |
---|
| 4 | { |
---|
[4828] | 5 | var $limit = 11; |
---|
[4445] | 6 | |
---|
| 7 | var $allTargetTypes = array( 'i', 'g', 'l', 'u', 's' ); |
---|
| 8 | |
---|
| 9 | var $connection; |
---|
| 10 | |
---|
| 11 | function LdapService() |
---|
| 12 | { |
---|
| 13 | |
---|
| 14 | } |
---|
| 15 | |
---|
| 16 | function connect($host='', $dn='', $passwd='', $ldapreferral=false) |
---|
| 17 | { |
---|
| 18 | if(!$host || $host == $GLOBALS['phpgw_info']['server']['ldap_host']) |
---|
| 19 | { |
---|
| 20 | $dn = $dn ? $dn : $GLOBALS['phpgw_info']['server']['ldap_root_dn']; |
---|
| 21 | $passwd = $passwd ? $passwd : $GLOBALS['phpgw_info']['server']['ldap_root_pw']; |
---|
| 22 | $host = $host ? $host : $GLOBALS['phpgw_info']['server']['ldap_host']; |
---|
| 23 | } |
---|
| 24 | |
---|
| 25 | $conection = ldap_connect($host); |
---|
| 26 | |
---|
| 27 | if(!ldap_set_option($conection,LDAP_OPT_PROTOCOL_VERSION,3)) |
---|
| 28 | $GLOBALS['phpgw_info']['server']['ldap_version3'] = False; |
---|
| 29 | |
---|
| 30 | ldap_set_option($conection, LDAP_OPT_REFERRALS, $ldapreferral); |
---|
| 31 | |
---|
| 32 | if($ldapreferral) |
---|
| 33 | { |
---|
| 34 | $GLOBALS['phpgw_info']['server']['user_ldap_referral'] = $dn; |
---|
| 35 | $GLOBALS['phpgw_info']['server']['password_ldap_referral'] = $passwd; |
---|
| 36 | ldap_set_rebind_proc($conection, ldap_rebind); |
---|
| 37 | } |
---|
| 38 | |
---|
| 39 | if($dn && $passwd && !@ldap_bind($conection,$dn,$passwd)) |
---|
| 40 | @ldap_bind($conection,$dn,$passwd); |
---|
| 41 | |
---|
| 42 | $this->connection = $conection; |
---|
| 43 | |
---|
| 44 | return( $connection ); |
---|
| 45 | } |
---|
| 46 | |
---|
| 47 | function _or( $toWrap ) |
---|
| 48 | { |
---|
| 49 | if( !is_array( $toWrap ) ) |
---|
| 50 | return( $toWrap ); |
---|
| 51 | |
---|
| 52 | // if( count( $toWrap ) <= 1 ) |
---|
| 53 | // return implode( "", $toWrap ); |
---|
| 54 | |
---|
| 55 | return $this->wrap( $toWrap, '|' ); |
---|
| 56 | } |
---|
| 57 | |
---|
| 58 | function _and( $toWrap ) |
---|
| 59 | { |
---|
| 60 | if( !is_array( $toWrap ) ) |
---|
| 61 | return( $toWrap ); |
---|
| 62 | |
---|
| 63 | // if( count( $toWrap ) <= 1 ) |
---|
| 64 | // return implode( "", $toWrap ); |
---|
| 65 | |
---|
| 66 | return $this->wrap( $toWrap, '&' ); |
---|
| 67 | } |
---|
| 68 | |
---|
| 69 | function _not( $toWrap ) |
---|
| 70 | { |
---|
| 71 | return $this->wrap( $toWrap, '!' ); |
---|
| 72 | } |
---|
| 73 | |
---|
| 74 | function wrap( $toWrap, $conditional = "" ) |
---|
| 75 | { |
---|
| 76 | if( !is_array( $toWrap ) ) |
---|
| 77 | $toWrap = array( $toWrap ); |
---|
| 78 | |
---|
| 79 | $toWrap = array_unique( $toWrap ); |
---|
| 80 | |
---|
| 81 | return "(".$conditional.implode( "", $toWrap ).")"; |
---|
| 82 | } |
---|
| 83 | |
---|
| 84 | function getSearchFilter( $search, $targetTypes = false, $customFilter = '', $exact = false ) |
---|
| 85 | { |
---|
| 86 | $search = utf8_encode( $search ); |
---|
| 87 | |
---|
| 88 | if( !$targetTypes ) |
---|
| 89 | $targetTypes = $this->allTargetTypes; |
---|
| 90 | |
---|
| 91 | if( !is_array( $targetTypes ) ) |
---|
| 92 | $targetTypes = array( $targetTypes ); |
---|
| 93 | |
---|
| 94 | $searchFilter = ''; |
---|
| 95 | |
---|
| 96 | foreach( $targetTypes as $targetType ) |
---|
| 97 | { |
---|
| 98 | switch( $targetType ) |
---|
| 99 | { |
---|
| 100 | case 'g': |
---|
| 101 | { |
---|
| 102 | //no caso de grupos, a busca so precisa ser feita em cima do CN |
---|
| 103 | $searchFilter = $this->stemFilter( $search, 'cn' ); |
---|
| 104 | } |
---|
| 105 | break; |
---|
| 106 | |
---|
| 107 | default : |
---|
| 108 | { |
---|
| 109 | //parametros que a busca tem que ser sintaticas |
---|
| 110 | $searchFilter = /*array( */$this->stemFilter( $search, array( |
---|
| 111 | // UID e employeeNumber podem ser iguais ou muito similares, dependendo da organizacao |
---|
| 112 | 'uid', /*'employeeNumber', */'cn', |
---|
| 113 | // givenName e SN sao complementares (nome e sobrenome) |
---|
| 114 | 'givenName', 'sn', 'displayName' ) //), |
---|
| 115 | //parametros que a busca pode ser por aproximacao fonetica |
---|
| 116 | /*$this->approxFilter( $search, array( |
---|
| 117 | // O CN e displayName geralmente sao a mesma coisa |
---|
| 118 | 'cn', 'displayName' ))*/ ); |
---|
| 119 | |
---|
| 120 | $searchFilter = $this->stemFilter( $search, array( 'cn', 'givenName', 'uid', |
---|
| 121 | 'sn', 'displayName' ) ); |
---|
| 122 | } |
---|
| 123 | break; |
---|
| 124 | } |
---|
| 125 | } |
---|
| 126 | |
---|
| 127 | $filter = array(); |
---|
| 128 | |
---|
| 129 | if( $customFilter ) |
---|
| 130 | $filter[] = $customFilter; |
---|
| 131 | if( $search ) |
---|
| 132 | $filter[] = $searchFilter; |
---|
| 133 | |
---|
| 134 | return $this->_and( array( |
---|
| 135 | // Somente objetos relacionados com o Expresso |
---|
| 136 | $this->accountFilter( $targetTypes ), |
---|
| 137 | // Objetos ocultados e/ou desativados pelo Administrador nao podem ser exibidos nas consultas do Expresso |
---|
| 138 | $this->securityFilter( $targetTypes ), |
---|
| 139 | //foco da busca |
---|
| 140 | ( $exact ? $this->_and( $filter ) : $this->_or( $filter ) ) |
---|
| 141 | )); |
---|
| 142 | |
---|
| 143 | // Verificoes extras para validar o resultado |
---|
| 144 | // (& |
---|
| 145 | // // Somente objetos com e-mail no formato da RFC822 |
---|
| 146 | // (mail=*@*) |
---|
| 147 | // ) |
---|
| 148 | } |
---|
| 149 | |
---|
| 150 | function securityFilter( $targetTypes ) |
---|
| 151 | { |
---|
| 152 | if( !$targetTypes ) |
---|
| 153 | $targetTypes = $this->allTargetTypes; |
---|
| 154 | |
---|
| 155 | if( !is_array( $targetTypes ) ) |
---|
| 156 | $targetTypes = array( $targetTypes ); |
---|
| 157 | |
---|
| 158 | $typeFilter = array(); |
---|
| 159 | |
---|
| 160 | foreach( $targetTypes as $targetType ) |
---|
| 161 | { |
---|
| 162 | switch( $targetType ) |
---|
| 163 | { |
---|
| 164 | case 'g': $typeFilter[] = "(objectClass=posixGroup)"; |
---|
| 165 | break; |
---|
| 166 | |
---|
| 167 | default : $typeFilter[] = "(phpgwAccountStatus=A)"; |
---|
| 168 | break; |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | |
---|
| 172 | return $this->_and( array( '(!(phpgwAccountVisible=-1))', $this->_or( $typeFilter ) ) ); |
---|
| 173 | } |
---|
| 174 | |
---|
| 175 | function accountFilter( $targetTypes ) |
---|
| 176 | { |
---|
| 177 | if( !$targetTypes ) |
---|
| 178 | $targetTypes = $this->allTargetTypes; |
---|
| 179 | |
---|
| 180 | if( !is_array( $targetTypes ) ) |
---|
| 181 | $targetTypes = array( $targetTypes ); |
---|
| 182 | |
---|
| 183 | $typeFilter = array(); |
---|
| 184 | |
---|
| 185 | foreach( $targetTypes as $targetType ) |
---|
| 186 | $typeFilter[] = '(phpgwAccountType='.$targetType.')'; |
---|
| 187 | |
---|
| 188 | return $this->_and( array( '(objectClass=phpgwAccount)', $this->_or( $typeFilter ) ) ); |
---|
| 189 | } |
---|
| 190 | |
---|
| 191 | function stemFilter( $search, $params ) |
---|
| 192 | { |
---|
| 193 | $search = str_replace( ' ', '*', $search ); |
---|
| 194 | |
---|
| 195 | if( !is_array( $params ) ) |
---|
| 196 | $params = array( $params ); |
---|
| 197 | |
---|
| 198 | foreach( $params as $i => $param ) |
---|
| 199 | $params[$i] = "($param=*$search*)"; |
---|
| 200 | |
---|
| 201 | return $this->_or( $params ); |
---|
| 202 | } |
---|
| 203 | |
---|
| 204 | function phoneticFilter( $search, $params ) |
---|
| 205 | { |
---|
| 206 | if( eregi( "\d", $search ) ) |
---|
| 207 | return( "" ); |
---|
| 208 | |
---|
| 209 | if( !is_array( $params ) ) |
---|
| 210 | $params = array( $params ); |
---|
| 211 | |
---|
| 212 | foreach( $params as $i => $param ) |
---|
| 213 | $params[$i] = "($param~=$search)"; |
---|
| 214 | |
---|
| 215 | return $this->_or( $params ); |
---|
| 216 | } |
---|
| 217 | |
---|
| 218 | function approxFilter( $search, $params ) |
---|
| 219 | { |
---|
| 220 | return $this->_or( array( $this->stemFilter( $search, $params ), |
---|
| 221 | $this->phoneticFilter( $search, $params ) ) ); |
---|
| 222 | } |
---|
| 223 | |
---|
| 224 | // public function search() |
---|
| 225 | // { |
---|
| 226 | // |
---|
| 227 | // } |
---|
| 228 | |
---|
| 229 | public function accountSearch($search, $justthese = "*", $context = false , $accountType = false, $sort = false) |
---|
| 230 | { |
---|
| 231 | if( !$this->connection ) |
---|
| 232 | $this->connect(); |
---|
| 233 | |
---|
| 234 | $filter = $this->getSearchFilter($search,$accountType); |
---|
| 235 | |
---|
| 236 | if( !$context ) |
---|
| 237 | $context = $GLOBALS['phpgw_info']['server']['ldap_context']; |
---|
| 238 | |
---|
| 239 | $ls = ldap_search( $this->connection, utf8_encode($context), $filter, $justthese, 0, $this->limit ); |
---|
| 240 | |
---|
| 241 | if($sort) |
---|
| 242 | ldap_sort( $this->connection, $ls, $sort ); |
---|
| 243 | |
---|
| 244 | $entries = ldap_get_entries( $this->connection, $ls ); |
---|
| 245 | |
---|
| 246 | if( !$entries ) return( null ); |
---|
| 247 | |
---|
| 248 | $return = array(); |
---|
| 249 | |
---|
| 250 | for ($i=0; $i < $entries["count"]; $i++) |
---|
| 251 | { |
---|
| 252 | $entrieTmp = array(); |
---|
| 253 | foreach ($entries[$i] as $index => $value) |
---|
| 254 | { |
---|
| 255 | if(!is_numeric($index) && $index != 'count') |
---|
| 256 | { |
---|
| 257 | if(is_array($value)) |
---|
| 258 | { |
---|
| 259 | if(count($value) == 2) |
---|
| 260 | $entrieTmp[$index] = utf8_decode($value['0']); |
---|
| 261 | else |
---|
| 262 | { |
---|
| 263 | foreach ($value as $index2 =>$value2) |
---|
| 264 | { |
---|
| 265 | if($index != 'count') |
---|
| 266 | $entrieTmp[$index][$index2] = utf8_decode($value2); |
---|
| 267 | } |
---|
| 268 | } |
---|
| 269 | } |
---|
| 270 | else |
---|
| 271 | $entrieTmp[$index] = utf8_decode($value); |
---|
| 272 | } |
---|
| 273 | } |
---|
| 274 | |
---|
| 275 | $return[] = $entrieTmp; |
---|
| 276 | } |
---|
| 277 | |
---|
| 278 | return( $return ); |
---|
| 279 | } |
---|
| 280 | |
---|
| 281 | } |
---|
| 282 | |
---|
| 283 | ServiceLocator::register( 'ldap', new LdapService() ); |
---|
| 284 | |
---|