Added Net_LDAP2 to extlib, and add a skeleton LDAP plugin
This commit is contained in:
parent
a82df5fae8
commit
c403f7fa44
1791
extlib/Net/LDAP2.php
Normal file
1791
extlib/Net/LDAP2.php
Normal file
File diff suppressed because it is too large
Load Diff
1055
extlib/Net/LDAP2/Entry.php
Normal file
1055
extlib/Net/LDAP2/Entry.php
Normal file
File diff suppressed because it is too large
Load Diff
514
extlib/Net/LDAP2/Filter.php
Normal file
514
extlib/Net/LDAP2/Filter.php
Normal file
|
@ -0,0 +1,514 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_Filter interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: Filter.php 289978 2009-10-27 09:56:41Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
require_once 'Util.php';
|
||||
|
||||
/**
|
||||
* Object representation of a part of a LDAP filter.
|
||||
*
|
||||
* This Class is not completely compatible to the PERL interface!
|
||||
*
|
||||
* The purpose of this class is, that users can easily build LDAP filters
|
||||
* without having to worry about right escaping etc.
|
||||
* A Filter is built using several independent filter objects
|
||||
* which are combined afterwards. This object works in two
|
||||
* modes, depending how the object is created.
|
||||
* If the object is created using the {@link create()} method, then this is a leaf-object.
|
||||
* If the object is created using the {@link combine()} method, then this is a container object.
|
||||
*
|
||||
* LDAP filters are defined in RFC-2254 and can be found under
|
||||
* {@link http://www.ietf.org/rfc/rfc2254.txt}
|
||||
*
|
||||
* Here a quick copy&paste example:
|
||||
* <code>
|
||||
* $filter0 = Net_LDAP2_Filter::create('stars', 'equals', '***');
|
||||
* $filter_not0 = Net_LDAP2_Filter::combine('not', $filter0);
|
||||
*
|
||||
* $filter1 = Net_LDAP2_Filter::create('gn', 'begins', 'bar');
|
||||
* $filter2 = Net_LDAP2_Filter::create('gn', 'ends', 'baz');
|
||||
* $filter_comp = Net_LDAP2_Filter::combine('or',array($filter_not0, $filter1, $filter2));
|
||||
*
|
||||
* echo $filter_comp->asString();
|
||||
* // This will output: (|(!(stars=\0x5c0x2a\0x5c0x2a\0x5c0x2a))(gn=bar*)(gn=*baz))
|
||||
* // The stars in $filter0 are treaten as real stars unless you disable escaping.
|
||||
* </code>
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
class Net_LDAP2_Filter extends PEAR
|
||||
{
|
||||
/**
|
||||
* Storage for combination of filters
|
||||
*
|
||||
* This variable holds a array of filter objects
|
||||
* that should be combined by this filter object.
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_subfilters = array();
|
||||
|
||||
/**
|
||||
* Match of this filter
|
||||
*
|
||||
* If this is a leaf filter, then a matching rule is stored,
|
||||
* if it is a container, then it is a logical operator
|
||||
*
|
||||
* @access protected
|
||||
* @var string
|
||||
*/
|
||||
protected $_match;
|
||||
|
||||
/**
|
||||
* Single filter
|
||||
*
|
||||
* If we operate in leaf filter mode,
|
||||
* then the constructing method stores
|
||||
* the filter representation here
|
||||
*
|
||||
* @acces private
|
||||
* @var string
|
||||
*/
|
||||
protected $_filter;
|
||||
|
||||
/**
|
||||
* Create a new Net_LDAP2_Filter object and parse $filter.
|
||||
*
|
||||
* This is for PERL Net::LDAP interface.
|
||||
* Construction of Net_LDAP2_Filter objects should happen through either
|
||||
* {@link create()} or {@link combine()} which give you more control.
|
||||
* However, you may use the perl iterface if you already have generated filters.
|
||||
*
|
||||
* @param string $filter LDAP filter string
|
||||
*
|
||||
* @see parse()
|
||||
*/
|
||||
public function __construct($filter = false)
|
||||
{
|
||||
// The optional parameter must remain here, because otherwise create() crashes
|
||||
if (false !== $filter) {
|
||||
$filter_o = self::parse($filter);
|
||||
if (PEAR::isError($filter_o)) {
|
||||
$this->_filter = $filter_o; // assign error, so asString() can report it
|
||||
} else {
|
||||
$this->_filter = $filter_o->asString();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor of a new part of a LDAP filter.
|
||||
*
|
||||
* The following matching rules exists:
|
||||
* - equals: One of the attributes values is exactly $value
|
||||
* Please note that case sensitiviness is depends on the
|
||||
* attributes syntax configured in the server.
|
||||
* - begins: One of the attributes values must begin with $value
|
||||
* - ends: One of the attributes values must end with $value
|
||||
* - contains: One of the attributes values must contain $value
|
||||
* - present | any: The attribute can contain any value but must be existent
|
||||
* - greater: The attributes value is greater than $value
|
||||
* - less: The attributes value is less than $value
|
||||
* - greaterOrEqual: The attributes value is greater or equal than $value
|
||||
* - lessOrEqual: The attributes value is less or equal than $value
|
||||
* - approx: One of the attributes values is similar to $value
|
||||
*
|
||||
* If $escape is set to true (default) then $value will be escaped
|
||||
* properly. If it is set to false then $value will be treaten as raw filter value string.
|
||||
* You should escape yourself using {@link Net_LDAP2_Util::escape_filter_value()}!
|
||||
*
|
||||
* Examples:
|
||||
* <code>
|
||||
* // This will find entries that contain an attribute "sn" that ends with "foobar":
|
||||
* $filter = new Net_LDAP2_Filter('sn', 'ends', 'foobar');
|
||||
*
|
||||
* // This will find entries that contain an attribute "sn" that has any value set:
|
||||
* $filter = new Net_LDAP2_Filter('sn', 'any');
|
||||
* </code>
|
||||
*
|
||||
* @param string $attr_name Name of the attribute the filter should apply to
|
||||
* @param string $match Matching rule (equals, begins, ends, contains, greater, less, greaterOrEqual, lessOrEqual, approx, any)
|
||||
* @param string $value (optional) if given, then this is used as a filter
|
||||
* @param boolean $escape Should $value be escaped? (default: yes, see {@link Net_LDAP2_Util::escape_filter_value()} for detailed information)
|
||||
*
|
||||
* @return Net_LDAP2_Filter|Net_LDAP2_Error
|
||||
*/
|
||||
public static function &create($attr_name, $match, $value = '', $escape = true)
|
||||
{
|
||||
$leaf_filter = new Net_LDAP2_Filter();
|
||||
if ($escape) {
|
||||
$array = Net_LDAP2_Util::escape_filter_value(array($value));
|
||||
$value = $array[0];
|
||||
}
|
||||
switch (strtolower($match)) {
|
||||
case 'equals':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . ')';
|
||||
break;
|
||||
case 'begins':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '=' . $value . '*)';
|
||||
break;
|
||||
case 'ends':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . ')';
|
||||
break;
|
||||
case 'contains':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '=*' . $value . '*)';
|
||||
break;
|
||||
case 'greater':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '>' . $value . ')';
|
||||
break;
|
||||
case 'less':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '<' . $value . ')';
|
||||
break;
|
||||
case 'greaterorequal':
|
||||
case '>=':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '>=' . $value . ')';
|
||||
break;
|
||||
case 'lessorequal':
|
||||
case '<=':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '<=' . $value . ')';
|
||||
break;
|
||||
case 'approx':
|
||||
case '~=':
|
||||
$leaf_filter->_filter = '(' . $attr_name . '~=' . $value . ')';
|
||||
break;
|
||||
case 'any':
|
||||
case 'present': // alias that may improve user code readability
|
||||
$leaf_filter->_filter = '(' . $attr_name . '=*)';
|
||||
break;
|
||||
default:
|
||||
return PEAR::raiseError('Net_LDAP2_Filter create error: matching rule "' . $match . '" not known!');
|
||||
}
|
||||
return $leaf_filter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Combine two or more filter objects using a logical operator
|
||||
*
|
||||
* This static method combines two or more filter objects and returns one single
|
||||
* filter object that contains all the others.
|
||||
* Call this method statically: $filter = Net_LDAP2_Filter('or', array($filter1, $filter2))
|
||||
* If the array contains filter strings instead of filter objects, we will try to parse them.
|
||||
*
|
||||
* @param string $log_op The locicall operator. May be "and", "or", "not" or the subsequent logical equivalents "&", "|", "!"
|
||||
* @param array|Net_LDAP2_Filter $filters array with Net_LDAP2_Filter objects
|
||||
*
|
||||
* @return Net_LDAP2_Filter|Net_LDAP2_Error
|
||||
* @static
|
||||
*/
|
||||
public static function &combine($log_op, $filters)
|
||||
{
|
||||
if (PEAR::isError($filters)) {
|
||||
return $filters;
|
||||
}
|
||||
|
||||
// substitude named operators to logical operators
|
||||
if ($log_op == 'and') $log_op = '&';
|
||||
if ($log_op == 'or') $log_op = '|';
|
||||
if ($log_op == 'not') $log_op = '!';
|
||||
|
||||
// tests for sane operation
|
||||
if ($log_op == '!') {
|
||||
// Not-combination, here we only accept one filter object or filter string
|
||||
if ($filters instanceof Net_LDAP2_Filter) {
|
||||
$filters = array($filters); // force array
|
||||
} elseif (is_string($filters)) {
|
||||
$filter_o = self::parse($filters);
|
||||
if (PEAR::isError($filter_o)) {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: '.$filter_o->getMessage());
|
||||
return $err;
|
||||
} else {
|
||||
$filters = array($filter_o);
|
||||
}
|
||||
} elseif (is_array($filters)) {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is an array!');
|
||||
return $err;
|
||||
} else {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: operator is "not" but $filter is not a valid Net_LDAP2_Filter nor a filter string!');
|
||||
return $err;
|
||||
}
|
||||
} elseif ($log_op == '&' || $log_op == '|') {
|
||||
if (!is_array($filters) || count($filters) < 2) {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: parameter $filters is not an array or contains less than two Net_LDAP2_Filter objects!');
|
||||
return $err;
|
||||
}
|
||||
} else {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: logical operator is not known!');
|
||||
return $err;
|
||||
}
|
||||
|
||||
$combined_filter = new Net_LDAP2_Filter();
|
||||
foreach ($filters as $key => $testfilter) { // check for errors
|
||||
if (PEAR::isError($testfilter)) {
|
||||
return $testfilter;
|
||||
} elseif (is_string($testfilter)) {
|
||||
// string found, try to parse into an filter object
|
||||
$filter_o = self::parse($testfilter);
|
||||
if (PEAR::isError($filter_o)) {
|
||||
return $filter_o;
|
||||
} else {
|
||||
$filters[$key] = $filter_o;
|
||||
}
|
||||
} elseif (!$testfilter instanceof Net_LDAP2_Filter) {
|
||||
$err = PEAR::raiseError('Net_LDAP2_Filter combine error: invalid object passed in array $filters!');
|
||||
return $err;
|
||||
}
|
||||
}
|
||||
|
||||
$combined_filter->_subfilters = $filters;
|
||||
$combined_filter->_match = $log_op;
|
||||
return $combined_filter;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse FILTER into a Net_LDAP2_Filter object
|
||||
*
|
||||
* This parses an filter string into Net_LDAP2_Filter objects.
|
||||
*
|
||||
* @param string $FILTER The filter string
|
||||
*
|
||||
* @access static
|
||||
* @return Net_LDAP2_Filter|Net_LDAP2_Error
|
||||
* @todo Leaf-mode: Do we need to escape at all? what about *-chars?check for the need of encoding values, tackle problems (see code comments)
|
||||
*/
|
||||
public static function parse($FILTER)
|
||||
{
|
||||
if (preg_match('/^\((.+?)\)$/', $FILTER, $matches)) {
|
||||
if (in_array(substr($matches[1], 0, 1), array('!', '|', '&'))) {
|
||||
// Subfilter processing: pass subfilters to parse() and combine
|
||||
// the objects using the logical operator detected
|
||||
// we have now something like "&(...)(...)(...)" but at least one part ("!(...)").
|
||||
// Each subfilter could be an arbitary complex subfilter.
|
||||
|
||||
// extract logical operator and filter arguments
|
||||
$log_op = substr($matches[1], 0, 1);
|
||||
$remaining_component = substr($matches[1], 1);
|
||||
|
||||
// split $remaining_component into individual subfilters
|
||||
// we cannot use split() for this, because we do not know the
|
||||
// complexiness of the subfilter. Thus, we look trough the filter
|
||||
// string and just recognize ending filters at the first level.
|
||||
// We record the index number of the char and use that information
|
||||
// later to split the string.
|
||||
$sub_index_pos = array();
|
||||
$prev_char = ''; // previous character looked at
|
||||
$level = 0; // denotes the current bracket level we are,
|
||||
// >1 is too deep, 1 is ok, 0 is outside any
|
||||
// subcomponent
|
||||
for ($curpos = 0; $curpos < strlen($remaining_component); $curpos++) {
|
||||
$cur_char = substr($remaining_component, $curpos, 1);
|
||||
|
||||
// rise/lower bracket level
|
||||
if ($cur_char == '(' && $prev_char != '\\') {
|
||||
$level++;
|
||||
} elseif ($cur_char == ')' && $prev_char != '\\') {
|
||||
$level--;
|
||||
}
|
||||
|
||||
if ($cur_char == '(' && $prev_char == ')' && $level == 1) {
|
||||
array_push($sub_index_pos, $curpos); // mark the position for splitting
|
||||
}
|
||||
$prev_char = $cur_char;
|
||||
}
|
||||
|
||||
// now perform the splits. To get also the last part, we
|
||||
// need to add the "END" index to the split array
|
||||
array_push($sub_index_pos, strlen($remaining_component));
|
||||
$subfilters = array();
|
||||
$oldpos = 0;
|
||||
foreach ($sub_index_pos as $s_pos) {
|
||||
$str_part = substr($remaining_component, $oldpos, $s_pos - $oldpos);
|
||||
array_push($subfilters, $str_part);
|
||||
$oldpos = $s_pos;
|
||||
}
|
||||
|
||||
// some error checking...
|
||||
if (count($subfilters) == 1) {
|
||||
// only one subfilter found
|
||||
} elseif (count($subfilters) > 1) {
|
||||
// several subfilters found
|
||||
if ($log_op == "!") {
|
||||
return PEAR::raiseError("Filter parsing error: invalid filter syntax - NOT operator detected but several arguments given!");
|
||||
}
|
||||
} else {
|
||||
// this should not happen unless the user specified a wrong filter
|
||||
return PEAR::raiseError("Filter parsing error: invalid filter syntax - got operator '$log_op' but no argument!");
|
||||
}
|
||||
|
||||
// Now parse the subfilters into objects and combine them using the operator
|
||||
$subfilters_o = array();
|
||||
foreach ($subfilters as $s_s) {
|
||||
$o = self::parse($s_s);
|
||||
if (PEAR::isError($o)) {
|
||||
return $o;
|
||||
} else {
|
||||
array_push($subfilters_o, self::parse($s_s));
|
||||
}
|
||||
}
|
||||
|
||||
$filter_o = self::combine($log_op, $subfilters_o);
|
||||
return $filter_o;
|
||||
|
||||
} else {
|
||||
// This is one leaf filter component, do some syntax checks, then escape and build filter_o
|
||||
// $matches[1] should be now something like "foo=bar"
|
||||
|
||||
// detect multiple leaf components
|
||||
// [TODO] Maybe this will make problems with filters containing brackets inside the value
|
||||
if (stristr($matches[1], ')(')) {
|
||||
return PEAR::raiseError("Filter parsing error: invalid filter syntax - multiple leaf components detected!");
|
||||
} else {
|
||||
$filter_parts = preg_split('/(?<!\\\\)(=|=~|>|<|>=|<=)/', $matches[1], 2, PREG_SPLIT_DELIM_CAPTURE);
|
||||
if (count($filter_parts) != 3) {
|
||||
return PEAR::raiseError("Filter parsing error: invalid filter syntax - unknown matching rule used");
|
||||
} else {
|
||||
$filter_o = new Net_LDAP2_Filter();
|
||||
// [TODO]: Do we need to escape at all? what about *-chars user provide and that should remain special?
|
||||
// I think, those prevent escaping! We need to check against PERL Net::LDAP!
|
||||
// $value_arr = Net_LDAP2_Util::escape_filter_value(array($filter_parts[2]));
|
||||
// $value = $value_arr[0];
|
||||
$value = $filter_parts[2];
|
||||
$filter_o->_filter = '('.$filter_parts[0].$filter_parts[1].$value.')';
|
||||
return $filter_o;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// ERROR: Filter components must be enclosed in round brackets
|
||||
return PEAR::raiseError("Filter parsing error: invalid filter syntax - filter components must be enclosed in round brackets");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the string representation of this filter
|
||||
*
|
||||
* This method runs through all filter objects and creates
|
||||
* the string representation of the filter. If this
|
||||
* filter object is a leaf filter, then it will return
|
||||
* the string representation of this filter.
|
||||
*
|
||||
* @return string|Net_LDAP2_Error
|
||||
*/
|
||||
public function asString()
|
||||
{
|
||||
if ($this->isLeaf()) {
|
||||
$return = $this->_filter;
|
||||
} else {
|
||||
$return = '';
|
||||
foreach ($this->_subfilters as $filter) {
|
||||
$return = $return.$filter->asString();
|
||||
}
|
||||
$return = '(' . $this->_match . $return . ')';
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias for perl interface as_string()
|
||||
*
|
||||
* @see asString()
|
||||
* @return string|Net_LDAP2_Error
|
||||
*/
|
||||
public function as_string()
|
||||
{
|
||||
return $this->asString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Print the text representation of the filter to FH, or the currently selected output handle if FH is not given
|
||||
*
|
||||
* This method is only for compatibility to the perl interface.
|
||||
* However, the original method was called "print" but due to PHP language restrictions,
|
||||
* we can't have a print() method.
|
||||
*
|
||||
* @param resource $FH (optional) A filehandle resource
|
||||
*
|
||||
* @return true|Net_LDAP2_Error
|
||||
*/
|
||||
public function printMe($FH = false)
|
||||
{
|
||||
if (!is_resource($FH)) {
|
||||
if (PEAR::isError($FH)) {
|
||||
return $FH;
|
||||
}
|
||||
$filter_str = $this->asString();
|
||||
if (PEAR::isError($filter_str)) {
|
||||
return $filter_str;
|
||||
} else {
|
||||
print($filter_str);
|
||||
}
|
||||
} else {
|
||||
$filter_str = $this->asString();
|
||||
if (PEAR::isError($filter_str)) {
|
||||
return $filter_str;
|
||||
} else {
|
||||
$res = @fwrite($FH, $this->asString());
|
||||
if ($res == false) {
|
||||
return PEAR::raiseError("Unable to write filter string to filehandle \$FH!");
|
||||
}
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* This can be used to escape a string to provide a valid LDAP-Filter.
|
||||
*
|
||||
* LDAP will only recognise certain characters as the
|
||||
* character istself if they are properly escaped. This is
|
||||
* what this method does.
|
||||
* The method can be called statically, so you can use it outside
|
||||
* for your own purposes (eg for escaping only parts of strings)
|
||||
*
|
||||
* In fact, this is just a shorthand to {@link Net_LDAP2_Util::escape_filter_value()}.
|
||||
* For upward compatibiliy reasons you are strongly encouraged to use the escape
|
||||
* methods provided by the Net_LDAP2_Util class.
|
||||
*
|
||||
* @param string $value Any string who should be escaped
|
||||
*
|
||||
* @static
|
||||
* @return string The string $string, but escaped
|
||||
* @deprecated Do not use this method anymore, instead use Net_LDAP2_Util::escape_filter_value() directly
|
||||
*/
|
||||
public static function escape($value)
|
||||
{
|
||||
$return = Net_LDAP2_Util::escape_filter_value(array($value));
|
||||
return $return[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this a container or a leaf filter object?
|
||||
*
|
||||
* @access protected
|
||||
* @return boolean
|
||||
*/
|
||||
protected function isLeaf()
|
||||
{
|
||||
if (count($this->_subfilters) > 0) {
|
||||
return false; // Container!
|
||||
} else {
|
||||
return true; // Leaf!
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
922
extlib/Net/LDAP2/LDIF.php
Normal file
922
extlib/Net/LDAP2/LDIF.php
Normal file
|
@ -0,0 +1,922 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_LDIF interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: LDIF.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
require_once 'Net/LDAP2.php';
|
||||
require_once 'Net/LDAP2/Entry.php';
|
||||
require_once 'Net/LDAP2/Util.php';
|
||||
|
||||
/**
|
||||
* LDIF capabilitys for Net_LDAP2, closely taken from PERLs Net::LDAP
|
||||
*
|
||||
* It provides a means to convert between Net_LDAP2_Entry objects and LDAP entries
|
||||
* represented in LDIF format files. Reading and writing are supported and may
|
||||
* manipulate single entries or lists of entries.
|
||||
*
|
||||
* Usage example:
|
||||
* <code>
|
||||
* // Read and parse an ldif-file into Net_LDAP2_Entry objects
|
||||
* // and print out the DNs. Store the entries for later use.
|
||||
* require 'Net/LDAP2/LDIF.php';
|
||||
* $options = array(
|
||||
* 'onerror' => 'die'
|
||||
* );
|
||||
* $entries = array();
|
||||
* $ldif = new Net_LDAP2_LDIF('test.ldif', 'r', $options);
|
||||
* do {
|
||||
* $entry = $ldif->read_entry();
|
||||
* $dn = $entry->dn();
|
||||
* echo " done building entry: $dn\n";
|
||||
* array_push($entries, $entry);
|
||||
* } while (!$ldif->eof());
|
||||
* $ldif->done();
|
||||
*
|
||||
*
|
||||
* // write those entries to another file
|
||||
* $ldif = new Net_LDAP2_LDIF('test.out.ldif', 'w', $options);
|
||||
* $ldif->write_entry($entries);
|
||||
* $ldif->done();
|
||||
* </code>
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP22/
|
||||
* @see http://www.ietf.org/rfc/rfc2849.txt
|
||||
* @todo Error handling should be PEARified
|
||||
* @todo LDAPv3 controls are not implemented yet
|
||||
*/
|
||||
class Net_LDAP2_LDIF extends PEAR
|
||||
{
|
||||
/**
|
||||
* Options
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_options = array('encode' => 'base64',
|
||||
'onerror' => null,
|
||||
'change' => 0,
|
||||
'lowercase' => 0,
|
||||
'sort' => 0,
|
||||
'version' => null,
|
||||
'wrap' => 78,
|
||||
'raw' => ''
|
||||
);
|
||||
|
||||
/**
|
||||
* Errorcache
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_error = array('error' => null,
|
||||
'line' => 0
|
||||
);
|
||||
|
||||
/**
|
||||
* Filehandle for read/write
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_FH = null;
|
||||
|
||||
/**
|
||||
* Says, if we opened the filehandle ourselves
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_FH_opened = false;
|
||||
|
||||
/**
|
||||
* Linecounter for input file handle
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_input_line = 0;
|
||||
|
||||
/**
|
||||
* counter for processed entries
|
||||
*
|
||||
* @access protected
|
||||
* @var int
|
||||
*/
|
||||
protected $_entrynum = 0;
|
||||
|
||||
/**
|
||||
* Mode we are working in
|
||||
*
|
||||
* Either 'r', 'a' or 'w'
|
||||
*
|
||||
* @access protected
|
||||
* @var string
|
||||
*/
|
||||
protected $_mode = false;
|
||||
|
||||
/**
|
||||
* Tells, if the LDIF version string was already written
|
||||
*
|
||||
* @access protected
|
||||
* @var boolean
|
||||
*/
|
||||
protected $_version_written = false;
|
||||
|
||||
/**
|
||||
* Cache for lines that have build the current entry
|
||||
*
|
||||
* @access protected
|
||||
* @var boolean
|
||||
*/
|
||||
protected $_lines_cur = array();
|
||||
|
||||
/**
|
||||
* Cache for lines that will build the next entry
|
||||
*
|
||||
* @access protected
|
||||
* @var boolean
|
||||
*/
|
||||
protected $_lines_next = array();
|
||||
|
||||
/**
|
||||
* Open LDIF file for reading or for writing
|
||||
*
|
||||
* new (FILE):
|
||||
* Open the file read-only. FILE may be the name of a file
|
||||
* or an already open filehandle.
|
||||
* If the file doesn't exist, it will be created if in write mode.
|
||||
*
|
||||
* new (FILE, MODE, OPTIONS):
|
||||
* Open the file with the given MODE (see PHPs fopen()), eg "w" or "a".
|
||||
* FILE may be the name of a file or an already open filehandle.
|
||||
* PERLs Net_LDAP2 "FILE|" mode does not work curently.
|
||||
*
|
||||
* OPTIONS is an associative array and may contain:
|
||||
* encode => 'none' | 'canonical' | 'base64'
|
||||
* Some DN values in LDIF cannot be written verbatim and have to be encoded in some way:
|
||||
* 'none' No encoding.
|
||||
* 'canonical' See "canonical_dn()" in Net::LDAP::Util.
|
||||
* 'base64' Use base64. (default, this differs from the Perl interface.
|
||||
* The perl default is "none"!)
|
||||
*
|
||||
* onerror => 'die' | 'warn' | NULL
|
||||
* Specify what happens when an error is detected.
|
||||
* 'die' Net_LDAP2_LDIF will croak with an appropriate message.
|
||||
* 'warn' Net_LDAP2_LDIF will warn (echo) with an appropriate message.
|
||||
* NULL Net_LDAP2_LDIF will not warn (default), use error().
|
||||
*
|
||||
* change => 1
|
||||
* Write entry changes to the LDIF file instead of the entries itself. I.e. write LDAP
|
||||
* operations acting on the entries to the file instead of the entries contents.
|
||||
* This writes the changes usually carried out by an update() to the LDIF file.
|
||||
*
|
||||
* lowercase => 1
|
||||
* Convert attribute names to lowercase when writing.
|
||||
*
|
||||
* sort => 1
|
||||
* Sort attribute names when writing entries according to the rule:
|
||||
* objectclass first then all other attributes alphabetically sorted by attribute name
|
||||
*
|
||||
* version => '1'
|
||||
* Set the LDIF version to write to the resulting LDIF file.
|
||||
* According to RFC 2849 currently the only legal value for this option is 1.
|
||||
* When this option is set Net_LDAP2_LDIF tries to adhere more strictly to
|
||||
* the LDIF specification in RFC2489 in a few places.
|
||||
* The default is NULL meaning no version information is written to the LDIF file.
|
||||
*
|
||||
* wrap => 78
|
||||
* Number of columns where output line wrapping shall occur.
|
||||
* Default is 78. Setting it to 40 or lower inhibits wrapping.
|
||||
*
|
||||
* raw => REGEX
|
||||
* Use REGEX to denote the names of attributes that are to be
|
||||
* considered binary in search results if writing entries.
|
||||
* Example: raw => "/(?i:^jpegPhoto|;binary)/i"
|
||||
*
|
||||
* @param string|ressource $file Filename or filehandle
|
||||
* @param string $mode Mode to open filename
|
||||
* @param array $options Options like described above
|
||||
*/
|
||||
public function __construct($file, $mode = 'r', $options = array())
|
||||
{
|
||||
$this->PEAR('Net_LDAP2_Error'); // default error class
|
||||
|
||||
// First, parse options
|
||||
// todo: maybe implement further checks on possible values
|
||||
foreach ($options as $option => $value) {
|
||||
if (!array_key_exists($option, $this->_options)) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: option '.$option.' not known!');
|
||||
return;
|
||||
} else {
|
||||
$this->_options[$option] = strtolower($value);
|
||||
}
|
||||
}
|
||||
|
||||
// setup LDIF class
|
||||
$this->version($this->_options['version']);
|
||||
|
||||
// setup file mode
|
||||
if (!preg_match('/^[rwa]\+?$/', $mode)) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: file mode '.$mode.' not supported!');
|
||||
} else {
|
||||
$this->_mode = $mode;
|
||||
|
||||
// setup filehandle
|
||||
if (is_resource($file)) {
|
||||
// TODO: checks on mode possible?
|
||||
$this->_FH =& $file;
|
||||
} else {
|
||||
$imode = substr($this->_mode, 0, 1);
|
||||
if ($imode == 'r') {
|
||||
if (!file_exists($file)) {
|
||||
$this->dropError('Unable to open '.$file.' for read: file not found');
|
||||
$this->_mode = false;
|
||||
}
|
||||
if (!is_readable($file)) {
|
||||
$this->dropError('Unable to open '.$file.' for read: permission denied');
|
||||
$this->_mode = false;
|
||||
}
|
||||
}
|
||||
|
||||
if (($imode == 'w' || $imode == 'a')) {
|
||||
if (file_exists($file)) {
|
||||
if (!is_writable($file)) {
|
||||
$this->dropError('Unable to open '.$file.' for write: permission denied');
|
||||
$this->_mode = false;
|
||||
}
|
||||
} else {
|
||||
if (!@touch($file)) {
|
||||
$this->dropError('Unable to create '.$file.' for write: permission denied');
|
||||
$this->_mode = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($this->_mode) {
|
||||
$this->_FH = @fopen($file, $this->_mode);
|
||||
if (false === $this->_FH) {
|
||||
// Fallback; should never be reached if tests above are good enough!
|
||||
$this->dropError('Net_LDAP2_LDIF error: Could not open file '.$file);
|
||||
} else {
|
||||
$this->_FH_opened = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Read one entry from the file and return it as a Net::LDAP::Entry object.
|
||||
*
|
||||
* @return Net_LDAP2_Entry
|
||||
*/
|
||||
public function read_entry()
|
||||
{
|
||||
// read fresh lines, set them as current lines and create the entry
|
||||
$attrs = $this->next_lines(true);
|
||||
if (count($attrs) > 0) {
|
||||
$this->_lines_cur = $attrs;
|
||||
}
|
||||
return $this->current_entry();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true when the end of the file is reached.
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function eof()
|
||||
{
|
||||
return feof($this->_FH);
|
||||
}
|
||||
|
||||
/**
|
||||
* Write the entry or entries to the LDIF file.
|
||||
*
|
||||
* If you want to build an LDIF file containing several entries AND
|
||||
* you want to call write_entry() several times, you must open the filehandle
|
||||
* in append mode ("a"), otherwise you will always get the last entry only.
|
||||
*
|
||||
* @param Net_LDAP2_Entry|array $entries Entry or array of entries
|
||||
*
|
||||
* @return void
|
||||
* @todo implement operations on whole entries (adding a whole entry)
|
||||
*/
|
||||
public function write_entry($entries)
|
||||
{
|
||||
if (!is_array($entries)) {
|
||||
$entries = array($entries);
|
||||
}
|
||||
|
||||
foreach ($entries as $entry) {
|
||||
$this->_entrynum++;
|
||||
if (!$entry instanceof Net_LDAP2_Entry) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: entry '.$this->_entrynum.' is not an Net_LDAP2_Entry object');
|
||||
} else {
|
||||
if ($this->_options['change']) {
|
||||
// LDIF change mode
|
||||
// fetch change information from entry
|
||||
$entry_attrs_changes = $entry->getChanges();
|
||||
$num_of_changes = count($entry_attrs_changes['add'])
|
||||
+ count($entry_attrs_changes['replace'])
|
||||
+ count($entry_attrs_changes['delete']);
|
||||
|
||||
$is_changed = ($num_of_changes > 0 || $entry->willBeDeleted() || $entry->willBeMoved());
|
||||
|
||||
// write version if not done yet
|
||||
// also write DN of entry
|
||||
if ($is_changed) {
|
||||
if (!$this->_version_written) {
|
||||
$this->write_version();
|
||||
}
|
||||
$this->writeDN($entry->currentDN());
|
||||
}
|
||||
|
||||
// process changes
|
||||
// TODO: consider DN add!
|
||||
if ($entry->willBeDeleted()) {
|
||||
$this->writeLine("changetype: delete".PHP_EOL);
|
||||
} elseif ($entry->willBeMoved()) {
|
||||
$this->writeLine("changetype: modrdn".PHP_EOL);
|
||||
$olddn = Net_LDAP2_Util::ldap_explode_dn($entry->currentDN(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs
|
||||
$oldrdn = array_shift($olddn);
|
||||
$oldparent = implode(',', $olddn);
|
||||
$newdn = Net_LDAP2_Util::ldap_explode_dn($entry->dn(), array('casefold' => 'none')); // maybe gives a bug if using multivalued RDNs
|
||||
$rdn = array_shift($newdn);
|
||||
$parent = implode(',', $newdn);
|
||||
$this->writeLine("newrdn: ".$rdn.PHP_EOL);
|
||||
$this->writeLine("deleteoldrdn: 1".PHP_EOL);
|
||||
if ($parent !== $oldparent) {
|
||||
$this->writeLine("newsuperior: ".$parent.PHP_EOL);
|
||||
}
|
||||
// TODO: What if the entry has attribute changes as well?
|
||||
// I think we should check for that and make a dummy
|
||||
// entry with the changes that is written to the LDIF file
|
||||
} elseif ($num_of_changes > 0) {
|
||||
// write attribute change data
|
||||
$this->writeLine("changetype: modify".PHP_EOL);
|
||||
foreach ($entry_attrs_changes as $changetype => $entry_attrs) {
|
||||
foreach ($entry_attrs as $attr_name => $attr_values) {
|
||||
$this->writeLine("$changetype: $attr_name".PHP_EOL);
|
||||
if ($attr_values !== null) $this->writeAttribute($attr_name, $attr_values, $changetype);
|
||||
$this->writeLine("-".PHP_EOL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// finish this entrys data if we had changes
|
||||
if ($is_changed) {
|
||||
$this->finishEntry();
|
||||
}
|
||||
} else {
|
||||
// LDIF-content mode
|
||||
// fetch attributes for further processing
|
||||
$entry_attrs = $entry->getValues();
|
||||
|
||||
// sort and put objectclass-attrs to first position
|
||||
if ($this->_options['sort']) {
|
||||
ksort($entry_attrs);
|
||||
if (array_key_exists('objectclass', $entry_attrs)) {
|
||||
$oc = $entry_attrs['objectclass'];
|
||||
unset($entry_attrs['objectclass']);
|
||||
$entry_attrs = array_merge(array('objectclass' => $oc), $entry_attrs);
|
||||
}
|
||||
}
|
||||
|
||||
// write data
|
||||
if (!$this->_version_written) {
|
||||
$this->write_version();
|
||||
}
|
||||
$this->writeDN($entry->dn());
|
||||
foreach ($entry_attrs as $attr_name => $attr_values) {
|
||||
$this->writeAttribute($attr_name, $attr_values);
|
||||
}
|
||||
$this->finishEntry();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Write version to LDIF
|
||||
*
|
||||
* If the object's version is defined, this method allows to explicitely write the version before an entry is written.
|
||||
* If not called explicitely, it gets called automatically when writing the first entry.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function write_version()
|
||||
{
|
||||
$this->_version_written = true;
|
||||
if (!is_null($this->version())) {
|
||||
return $this->writeLine('version: '.$this->version().PHP_EOL, 'Net_LDAP2_LDIF error: unable to write version');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get or set LDIF version
|
||||
*
|
||||
* If called without arguments it returns the version of the LDIF file or NULL if no version has been set.
|
||||
* If called with an argument it sets the LDIF version to VERSION.
|
||||
* According to RFC 2849 currently the only legal value for VERSION is 1.
|
||||
*
|
||||
* @param int $version (optional) LDIF version to set
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function version($version = null)
|
||||
{
|
||||
if ($version !== null) {
|
||||
if ($version != 1) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: illegal LDIF version set');
|
||||
} else {
|
||||
$this->_options['version'] = $version;
|
||||
}
|
||||
}
|
||||
return $this->_options['version'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the file handle the Net_LDAP2_LDIF object reads from or writes to.
|
||||
*
|
||||
* You can, for example, use this to fetch the content of the LDIF file yourself
|
||||
*
|
||||
* @return null|resource
|
||||
*/
|
||||
public function &handle()
|
||||
{
|
||||
if (!is_resource($this->_FH)) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: invalid file resource');
|
||||
$null = null;
|
||||
return $null;
|
||||
} else {
|
||||
return $this->_FH;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Clean up
|
||||
*
|
||||
* This method signals that the LDIF object is no longer needed.
|
||||
* You can use this to free up some memory and close the file handle.
|
||||
* The file handle is only closed, if it was opened from Net_LDAP2_LDIF.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function done()
|
||||
{
|
||||
// close FH if we opened it
|
||||
if ($this->_FH_opened) {
|
||||
fclose($this->handle());
|
||||
}
|
||||
|
||||
// free variables
|
||||
foreach (get_object_vars($this) as $name => $value) {
|
||||
unset($this->$name);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns last error message if error was found.
|
||||
*
|
||||
* Example:
|
||||
* <code>
|
||||
* $ldif->someAction();
|
||||
* if ($ldif->error()) {
|
||||
* echo "Error: ".$ldif->error()." at input line: ".$ldif->error_lines();
|
||||
* }
|
||||
* </code>
|
||||
*
|
||||
* @param boolean $as_string If set to true, only the message is returned
|
||||
*
|
||||
* @return false|Net_LDAP2_Error
|
||||
*/
|
||||
public function error($as_string = false)
|
||||
{
|
||||
if (Net_LDAP2::isError($this->_error['error'])) {
|
||||
return ($as_string)? $this->_error['error']->getMessage() : $this->_error['error'];
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns lines that resulted in error.
|
||||
*
|
||||
* Perl returns an array of faulty lines in list context,
|
||||
* but we always just return an int because of PHPs language.
|
||||
*
|
||||
* @return int
|
||||
*/
|
||||
public function error_lines()
|
||||
{
|
||||
return $this->_error['line'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the current Net::LDAP::Entry object.
|
||||
*
|
||||
* @return Net_LDAP2_Entry|false
|
||||
*/
|
||||
public function current_entry()
|
||||
{
|
||||
return $this->parseLines($this->current_lines());
|
||||
}
|
||||
|
||||
/**
|
||||
* Parse LDIF lines of one entry into an Net_LDAP2_Entry object
|
||||
*
|
||||
* @param array $lines LDIF lines for one entry
|
||||
*
|
||||
* @return Net_LDAP2_Entry|false Net_LDAP2_Entry object for those lines
|
||||
* @todo what about file inclusions and urls? "jpegphoto:< file:///usr/local/directory/photos/fiona.jpg"
|
||||
*/
|
||||
public function parseLines($lines)
|
||||
{
|
||||
// parse lines into an array of attributes and build the entry
|
||||
$attributes = array();
|
||||
$dn = false;
|
||||
foreach ($lines as $line) {
|
||||
if (preg_match('/^(\w+)(:|::|:<)\s(.+)$/', $line, $matches)) {
|
||||
$attr =& $matches[1];
|
||||
$delim =& $matches[2];
|
||||
$data =& $matches[3];
|
||||
|
||||
if ($delim == ':') {
|
||||
// normal data
|
||||
$attributes[$attr][] = $data;
|
||||
} elseif ($delim == '::') {
|
||||
// base64 data
|
||||
$attributes[$attr][] = base64_decode($data);
|
||||
} elseif ($delim == ':<') {
|
||||
// file inclusion
|
||||
// TODO: Is this the job of the LDAP-client or the server?
|
||||
$this->dropError('File inclusions are currently not supported');
|
||||
//$attributes[$attr][] = ...;
|
||||
} else {
|
||||
// since the pattern above, the delimeter cannot be something else.
|
||||
$this->dropError('Net_LDAP2_LDIF parsing error: invalid syntax at parsing entry line: '.$line);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (strtolower($attr) == 'dn') {
|
||||
// DN line detected
|
||||
$dn = $attributes[$attr][0]; // save possibly decoded DN
|
||||
unset($attributes[$attr]); // remove wrongly added "dn: " attribute
|
||||
}
|
||||
} else {
|
||||
// line not in "attr: value" format -> ignore
|
||||
// maybe we should rise an error here, but this should be covered by
|
||||
// next_lines() already. A problem arises, if users try to feed data of
|
||||
// several entries to this method - the resulting entry will
|
||||
// get wrong attributes. However, this is already mentioned in the
|
||||
// methods documentation above.
|
||||
}
|
||||
}
|
||||
|
||||
if (false === $dn) {
|
||||
$this->dropError('Net_LDAP2_LDIF parsing error: unable to detect DN for entry');
|
||||
return false;
|
||||
} else {
|
||||
$newentry = Net_LDAP2_Entry::createFresh($dn, $attributes);
|
||||
return $newentry;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the lines that generated the current Net::LDAP::Entry object.
|
||||
*
|
||||
* Note that this returns an empty array if no lines have been read so far.
|
||||
*
|
||||
* @return array Array of lines
|
||||
*/
|
||||
public function current_lines()
|
||||
{
|
||||
return $this->_lines_cur;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the lines that will generate the next Net::LDAP::Entry object.
|
||||
*
|
||||
* If you set $force to TRUE then you can iterate over the lines that build
|
||||
* up entries manually. Otherwise, iterating is done using {@link read_entry()}.
|
||||
* Force will move the file pointer forward, thus returning the next entries lines.
|
||||
*
|
||||
* Wrapped lines will be unwrapped. Comments are stripped.
|
||||
*
|
||||
* @param boolean $force Set this to true if you want to iterate over the lines manually
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function next_lines($force = false)
|
||||
{
|
||||
// if we already have those lines, just return them, otherwise read
|
||||
if (count($this->_lines_next) == 0 || $force) {
|
||||
$this->_lines_next = array(); // empty in case something was left (if used $force)
|
||||
$entry_done = false;
|
||||
$fh = &$this->handle();
|
||||
$commentmode = false; // if we are in an comment, for wrapping purposes
|
||||
$datalines_read = 0; // how many lines with data we have read
|
||||
|
||||
while (!$entry_done && !$this->eof()) {
|
||||
$this->_input_line++;
|
||||
// Read line. Remove line endings, we want only data;
|
||||
// this is okay since ending spaces should be encoded
|
||||
$data = rtrim(fgets($fh));
|
||||
if ($data === false) {
|
||||
// error only, if EOF not reached after fgets() call
|
||||
if (!$this->eof()) {
|
||||
$this->dropError('Net_LDAP2_LDIF error: error reading from file at input line '.$this->_input_line, $this->_input_line);
|
||||
}
|
||||
break;
|
||||
} else {
|
||||
if (count($this->_lines_next) > 0 && preg_match('/^$/', $data)) {
|
||||
// Entry is finished if we have an empty line after we had data
|
||||
$entry_done = true;
|
||||
|
||||
// Look ahead if the next EOF is nearby. Comments and empty
|
||||
// lines at the file end may cause problems otherwise
|
||||
$current_pos = ftell($fh);
|
||||
$data = fgets($fh);
|
||||
while (!feof($fh)) {
|
||||
if (preg_match('/^\s*$/', $data) || preg_match('/^#/', $data)) {
|
||||
// only empty lines or comments, continue to seek
|
||||
// TODO: Known bug: Wrappings for comments are okay but are treaten as
|
||||
// error, since we do not honor comment mode here.
|
||||
// This should be a very theoretically case, however
|
||||
// i am willing to fix this if really necessary.
|
||||
$this->_input_line++;
|
||||
$current_pos = ftell($fh);
|
||||
$data = fgets($fh);
|
||||
} else {
|
||||
// Data found if non emtpy line and not a comment!!
|
||||
// Rewind to position prior last read and stop lookahead
|
||||
fseek($fh, $current_pos);
|
||||
break;
|
||||
}
|
||||
}
|
||||
// now we have either the file pointer at the beginning of
|
||||
// a new data position or at the end of file causing feof() to return true
|
||||
|
||||
} else {
|
||||
// build lines
|
||||
if (preg_match('/^version:\s(.+)$/', $data, $match)) {
|
||||
// version statement, set version
|
||||
$this->version($match[1]);
|
||||
} elseif (preg_match('/^\w+::?\s.+$/', $data)) {
|
||||
// normal attribute: add line
|
||||
$commentmode = false;
|
||||
$this->_lines_next[] = trim($data);
|
||||
$datalines_read++;
|
||||
} elseif (preg_match('/^\s(.+)$/', $data, $matches)) {
|
||||
// wrapped data: unwrap if not in comment mode
|
||||
if (!$commentmode) {
|
||||
if ($datalines_read == 0) {
|
||||
// first line of entry: wrapped data is illegal
|
||||
$this->dropError('Net_LDAP2_LDIF error: illegal wrapping at input line '.$this->_input_line, $this->_input_line);
|
||||
} else {
|
||||
$last = array_pop($this->_lines_next);
|
||||
$last = $last.trim($matches[1]);
|
||||
$this->_lines_next[] = $last;
|
||||
$datalines_read++;
|
||||
}
|
||||
}
|
||||
} elseif (preg_match('/^#/', $data)) {
|
||||
// LDIF comments
|
||||
$commentmode = true;
|
||||
} elseif (preg_match('/^\s*$/', $data)) {
|
||||
// empty line but we had no data for this
|
||||
// entry, so just ignore this line
|
||||
$commentmode = false;
|
||||
} else {
|
||||
$this->dropError('Net_LDAP2_LDIF error: invalid syntax at input line '.$this->_input_line, $this->_input_line);
|
||||
continue;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return $this->_lines_next;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an attribute and value to LDIF string representation
|
||||
*
|
||||
* It honors correct encoding of values according to RFC 2849.
|
||||
* Line wrapping will occur at the configured maximum but only if
|
||||
* the value is greater than 40 chars.
|
||||
*
|
||||
* @param string $attr_name Name of the attribute
|
||||
* @param string $attr_value Value of the attribute
|
||||
*
|
||||
* @access protected
|
||||
* @return string LDIF string for that attribute and value
|
||||
*/
|
||||
protected function convertAttribute($attr_name, $attr_value)
|
||||
{
|
||||
// Handle empty attribute or process
|
||||
if (strlen($attr_value) == 0) {
|
||||
$attr_value = " ";
|
||||
} else {
|
||||
$base64 = false;
|
||||
// ASCII-chars that are NOT safe for the
|
||||
// start and for being inside the value.
|
||||
// These are the int values of those chars.
|
||||
$unsafe_init = array(0, 10, 13, 32, 58, 60);
|
||||
$unsafe = array(0, 10, 13);
|
||||
|
||||
// Test for illegal init char
|
||||
$init_ord = ord(substr($attr_value, 0, 1));
|
||||
if ($init_ord > 127 || in_array($init_ord, $unsafe_init)) {
|
||||
$base64 = true;
|
||||
}
|
||||
|
||||
// Test for illegal content char
|
||||
for ($i = 0; $i < strlen($attr_value); $i++) {
|
||||
$char_ord = ord(substr($attr_value, $i, 1));
|
||||
if ($char_ord > 127 || in_array($char_ord, $unsafe)) {
|
||||
$base64 = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Test for ending space
|
||||
if (substr($attr_value, -1) == ' ') {
|
||||
$base64 = true;
|
||||
}
|
||||
|
||||
// If converting is needed, do it
|
||||
// Either we have some special chars or a matching "raw" regex
|
||||
if ($base64 || ($this->_options['raw'] && preg_match($this->_options['raw'], $attr_name))) {
|
||||
$attr_name .= ':';
|
||||
$attr_value = base64_encode($attr_value);
|
||||
}
|
||||
|
||||
// Lowercase attr names if requested
|
||||
if ($this->_options['lowercase']) $attr_name = strtolower($attr_name);
|
||||
|
||||
// Handle line wrapping
|
||||
if ($this->_options['wrap'] > 40 && strlen($attr_value) > $this->_options['wrap']) {
|
||||
$attr_value = wordwrap($attr_value, $this->_options['wrap'], PHP_EOL." ", true);
|
||||
}
|
||||
}
|
||||
|
||||
return $attr_name.': '.$attr_value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an entries DN to LDIF string representation
|
||||
*
|
||||
* It honors correct encoding of values according to RFC 2849.
|
||||
*
|
||||
* @param string $dn UTF8-Encoded DN
|
||||
*
|
||||
* @access protected
|
||||
* @return string LDIF string for that DN
|
||||
* @todo I am not sure, if the UTF8 stuff is correctly handled right now
|
||||
*/
|
||||
protected function convertDN($dn)
|
||||
{
|
||||
$base64 = false;
|
||||
// ASCII-chars that are NOT safe for the
|
||||
// start and for being inside the dn.
|
||||
// These are the int values of those chars.
|
||||
$unsafe_init = array(0, 10, 13, 32, 58, 60);
|
||||
$unsafe = array(0, 10, 13);
|
||||
|
||||
// Test for illegal init char
|
||||
$init_ord = ord(substr($dn, 0, 1));
|
||||
if ($init_ord >= 127 || in_array($init_ord, $unsafe_init)) {
|
||||
$base64 = true;
|
||||
}
|
||||
|
||||
// Test for illegal content char
|
||||
for ($i = 0; $i < strlen($dn); $i++) {
|
||||
$char = substr($dn, $i, 1);
|
||||
if (ord($char) >= 127 || in_array($init_ord, $unsafe)) {
|
||||
$base64 = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Test for ending space
|
||||
if (substr($dn, -1) == ' ') {
|
||||
$base64 = true;
|
||||
}
|
||||
|
||||
// if converting is needed, do it
|
||||
return ($base64)? 'dn:: '.base64_encode($dn) : 'dn: '.$dn;
|
||||
}
|
||||
|
||||
/**
|
||||
* Writes an attribute to the filehandle
|
||||
*
|
||||
* @param string $attr_name Name of the attribute
|
||||
* @param string|array $attr_values Single attribute value or array with attribute values
|
||||
*
|
||||
* @access protected
|
||||
* @return void
|
||||
*/
|
||||
protected function writeAttribute($attr_name, $attr_values)
|
||||
{
|
||||
// write out attribute content
|
||||
if (!is_array($attr_values)) {
|
||||
$attr_values = array($attr_values);
|
||||
}
|
||||
foreach ($attr_values as $attr_val) {
|
||||
$line = $this->convertAttribute($attr_name, $attr_val).PHP_EOL;
|
||||
$this->writeLine($line, 'Net_LDAP2_LDIF error: unable to write attribute '.$attr_name.' of entry '.$this->_entrynum);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Writes a DN to the filehandle
|
||||
*
|
||||
* @param string $dn DN to write
|
||||
*
|
||||
* @access protected
|
||||
* @return void
|
||||
*/
|
||||
protected function writeDN($dn)
|
||||
{
|
||||
// prepare DN
|
||||
if ($this->_options['encode'] == 'base64') {
|
||||
$dn = $this->convertDN($dn).PHP_EOL;
|
||||
} elseif ($this->_options['encode'] == 'canonical') {
|
||||
$dn = Net_LDAP2_Util::canonical_dn($dn, array('casefold' => 'none')).PHP_EOL;
|
||||
} else {
|
||||
$dn = $dn.PHP_EOL;
|
||||
}
|
||||
$this->writeLine($dn, 'Net_LDAP2_LDIF error: unable to write DN of entry '.$this->_entrynum);
|
||||
}
|
||||
|
||||
/**
|
||||
* Finishes an LDIF entry
|
||||
*
|
||||
* @access protected
|
||||
* @return void
|
||||
*/
|
||||
protected function finishEntry()
|
||||
{
|
||||
$this->writeLine(PHP_EOL, 'Net_LDAP2_LDIF error: unable to close entry '.$this->_entrynum);
|
||||
}
|
||||
|
||||
/**
|
||||
* Just write an arbitary line to the filehandle
|
||||
*
|
||||
* @param string $line Content to write
|
||||
* @param string $error If error occurs, drop this message
|
||||
*
|
||||
* @access protected
|
||||
* @return true|false
|
||||
*/
|
||||
protected function writeLine($line, $error = 'Net_LDAP2_LDIF error: unable to write to filehandle')
|
||||
{
|
||||
if (is_resource($this->handle()) && fwrite($this->handle(), $line, strlen($line)) === false) {
|
||||
$this->dropError($error);
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Optionally raises an error and pushes the error on the error cache
|
||||
*
|
||||
* @param string $msg Errortext
|
||||
* @param int $line Line in the LDIF that caused the error
|
||||
*
|
||||
* @access protected
|
||||
* @return void
|
||||
*/
|
||||
protected function dropError($msg, $line = null)
|
||||
{
|
||||
$this->_error['error'] = new Net_LDAP2_Error($msg);
|
||||
if ($line !== null) $this->_error['line'] = $line;
|
||||
|
||||
if ($this->_options['onerror'] == 'die') {
|
||||
die($msg.PHP_EOL);
|
||||
} elseif ($this->_options['onerror'] == 'warn') {
|
||||
echo $msg.PHP_EOL;
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
240
extlib/Net/LDAP2/RootDSE.php
Normal file
240
extlib/Net/LDAP2/RootDSE.php
Normal file
|
@ -0,0 +1,240 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_RootDSE interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Jan Wagner <wagner@netsols.de>
|
||||
* @copyright 2009 Jan Wagner
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: RootDSE.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
|
||||
/**
|
||||
* Getting the rootDSE entry of a LDAP server
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Jan Wagner <wagner@netsols.de>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP22/
|
||||
*/
|
||||
class Net_LDAP2_RootDSE extends PEAR
|
||||
{
|
||||
/**
|
||||
* @access protected
|
||||
* @var object Net_LDAP2_Entry
|
||||
**/
|
||||
protected $_entry;
|
||||
|
||||
/**
|
||||
* Class constructor
|
||||
*
|
||||
* @param Net_LDAP2_Entry &$entry Net_LDAP2_Entry object of the RootDSE
|
||||
*/
|
||||
protected function __construct(&$entry)
|
||||
{
|
||||
$this->_entry = $entry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetches a RootDSE object from an LDAP connection
|
||||
*
|
||||
* @param Net_LDAP2 $ldap Directory from which the RootDSE should be fetched
|
||||
* @param array $attrs Array of attributes to search for
|
||||
*
|
||||
* @access static
|
||||
* @return Net_LDAP2_RootDSE|Net_LDAP2_Error
|
||||
*/
|
||||
public static function fetch($ldap, $attrs = null)
|
||||
{
|
||||
if (!$ldap instanceof Net_LDAP2) {
|
||||
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
|
||||
}
|
||||
|
||||
if (is_array($attrs) && count($attrs) > 0 ) {
|
||||
$attributes = $attrs;
|
||||
} else {
|
||||
$attributes = array('vendorName',
|
||||
'vendorVersion',
|
||||
'namingContexts',
|
||||
'altServer',
|
||||
'supportedExtension',
|
||||
'supportedControl',
|
||||
'supportedSASLMechanisms',
|
||||
'supportedLDAPVersion',
|
||||
'subschemaSubentry' );
|
||||
}
|
||||
$result = $ldap->search('', '(objectClass=*)', array('attributes' => $attributes, 'scope' => 'base'));
|
||||
if (self::isError($result)) {
|
||||
return $result;
|
||||
}
|
||||
$entry = $result->shiftEntry();
|
||||
if (false === $entry) {
|
||||
return PEAR::raiseError('Could not fetch RootDSE entry');
|
||||
}
|
||||
$ret = new Net_LDAP2_RootDSE($entry);
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the requested attribute value
|
||||
*
|
||||
* Same usuage as {@link Net_LDAP2_Entry::getValue()}
|
||||
*
|
||||
* @param string $attr Attribute name
|
||||
* @param array $options Array of options
|
||||
*
|
||||
* @access public
|
||||
* @return mixed Net_LDAP2_Error object or attribute values
|
||||
* @see Net_LDAP2_Entry::get_value()
|
||||
*/
|
||||
public function getValue($attr = '', $options = '')
|
||||
{
|
||||
return $this->_entry->get_value($attr, $options);
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of getValue() for perl-ldap interface
|
||||
*
|
||||
* @see getValue()
|
||||
* @return mixed
|
||||
*/
|
||||
public function get_value()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array( &$this, 'getValue' ), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the extension is supported
|
||||
*
|
||||
* @param array $oids Array of oids to check
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function supportedExtension($oids)
|
||||
{
|
||||
return $this->checkAttr($oids, 'supportedExtension');
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of supportedExtension() for perl-ldap interface
|
||||
*
|
||||
* @see supportedExtension()
|
||||
* @return boolean
|
||||
*/
|
||||
public function supported_extension()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array( &$this, 'supportedExtension'), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the version is supported
|
||||
*
|
||||
* @param array $versions Versions to check
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function supportedVersion($versions)
|
||||
{
|
||||
return $this->checkAttr($versions, 'supportedLDAPVersion');
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of supportedVersion() for perl-ldap interface
|
||||
*
|
||||
* @see supportedVersion()
|
||||
* @return boolean
|
||||
*/
|
||||
public function supported_version()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array(&$this, 'supportedVersion'), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the control is supported
|
||||
*
|
||||
* @param array $oids Control oids to check
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function supportedControl($oids)
|
||||
{
|
||||
return $this->checkAttr($oids, 'supportedControl');
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of supportedControl() for perl-ldap interface
|
||||
*
|
||||
* @see supportedControl()
|
||||
* @return boolean
|
||||
*/
|
||||
public function supported_control()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array(&$this, 'supportedControl' ), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the sasl mechanism is supported
|
||||
*
|
||||
* @param array $mechlist SASL mechanisms to check
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function supportedSASLMechanism($mechlist)
|
||||
{
|
||||
return $this->checkAttr($mechlist, 'supportedSASLMechanisms');
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of supportedSASLMechanism() for perl-ldap interface
|
||||
*
|
||||
* @see supportedSASLMechanism()
|
||||
* @return boolean
|
||||
*/
|
||||
public function supported_sasl_mechanism()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array(&$this, 'supportedSASLMechanism'), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks for existance of value in attribute
|
||||
*
|
||||
* @param array $values values to check
|
||||
* @param string $attr attribute name
|
||||
*
|
||||
* @access protected
|
||||
* @return boolean
|
||||
*/
|
||||
protected function checkAttr($values, $attr)
|
||||
{
|
||||
if (!is_array($values)) $values = array($values);
|
||||
|
||||
foreach ($values as $value) {
|
||||
if (!@in_array($value, $this->get_value($attr, 'all'))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
516
extlib/Net/LDAP2/Schema.php
Normal file
516
extlib/Net/LDAP2/Schema.php
Normal file
|
@ -0,0 +1,516 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_Schema interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Jan Wagner <wagner@netsols.de>
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Jan Wagner, Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: Schema.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
* @todo see the comment at the end of the file
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
|
||||
/**
|
||||
* Syntax definitions
|
||||
*
|
||||
* Please don't forget to add binary attributes to isBinary() below
|
||||
* to support proper value fetching from Net_LDAP2_Entry
|
||||
*/
|
||||
define('NET_LDAP2_SYNTAX_BOOLEAN', '1.3.6.1.4.1.1466.115.121.1.7');
|
||||
define('NET_LDAP2_SYNTAX_DIRECTORY_STRING', '1.3.6.1.4.1.1466.115.121.1.15');
|
||||
define('NET_LDAP2_SYNTAX_DISTINGUISHED_NAME', '1.3.6.1.4.1.1466.115.121.1.12');
|
||||
define('NET_LDAP2_SYNTAX_INTEGER', '1.3.6.1.4.1.1466.115.121.1.27');
|
||||
define('NET_LDAP2_SYNTAX_JPEG', '1.3.6.1.4.1.1466.115.121.1.28');
|
||||
define('NET_LDAP2_SYNTAX_NUMERIC_STRING', '1.3.6.1.4.1.1466.115.121.1.36');
|
||||
define('NET_LDAP2_SYNTAX_OID', '1.3.6.1.4.1.1466.115.121.1.38');
|
||||
define('NET_LDAP2_SYNTAX_OCTET_STRING', '1.3.6.1.4.1.1466.115.121.1.40');
|
||||
|
||||
/**
|
||||
* Load an LDAP Schema and provide information
|
||||
*
|
||||
* This class takes a Subschema entry, parses this information
|
||||
* and makes it available in an array. Most of the code has been
|
||||
* inspired by perl-ldap( http://perl-ldap.sourceforge.net).
|
||||
* You will find portions of their implementation in here.
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Jan Wagner <wagner@netsols.de>
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP22/
|
||||
*/
|
||||
class Net_LDAP2_Schema extends PEAR
|
||||
{
|
||||
/**
|
||||
* Map of entry types to ldap attributes of subschema entry
|
||||
*
|
||||
* @access public
|
||||
* @var array
|
||||
*/
|
||||
public $types = array(
|
||||
'attribute' => 'attributeTypes',
|
||||
'ditcontentrule' => 'dITContentRules',
|
||||
'ditstructurerule' => 'dITStructureRules',
|
||||
'matchingrule' => 'matchingRules',
|
||||
'matchingruleuse' => 'matchingRuleUse',
|
||||
'nameform' => 'nameForms',
|
||||
'objectclass' => 'objectClasses',
|
||||
'syntax' => 'ldapSyntaxes'
|
||||
);
|
||||
|
||||
/**
|
||||
* Array of entries belonging to this type
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_attributeTypes = array();
|
||||
protected $_matchingRules = array();
|
||||
protected $_matchingRuleUse = array();
|
||||
protected $_ldapSyntaxes = array();
|
||||
protected $_objectClasses = array();
|
||||
protected $_dITContentRules = array();
|
||||
protected $_dITStructureRules = array();
|
||||
protected $_nameForms = array();
|
||||
|
||||
|
||||
/**
|
||||
* hash of all fetched oids
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_oids = array();
|
||||
|
||||
/**
|
||||
* Tells if the schema is initialized
|
||||
*
|
||||
* @access protected
|
||||
* @var boolean
|
||||
* @see parse(), get()
|
||||
*/
|
||||
protected $_initialized = false;
|
||||
|
||||
|
||||
/**
|
||||
* Constructor of the class
|
||||
*
|
||||
* @access protected
|
||||
*/
|
||||
protected function __construct()
|
||||
{
|
||||
$this->PEAR('Net_LDAP2_Error'); // default error class
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the Schema from an LDAP connection
|
||||
*
|
||||
* @param Net_LDAP2 $ldap LDAP connection
|
||||
* @param string $dn (optional) Subschema entry dn
|
||||
*
|
||||
* @access public
|
||||
* @return Net_LDAP2_Schema|NET_LDAP2_Error
|
||||
*/
|
||||
public function fetch($ldap, $dn = null)
|
||||
{
|
||||
if (!$ldap instanceof Net_LDAP2) {
|
||||
return PEAR::raiseError("Unable to fetch Schema: Parameter \$ldap must be a Net_LDAP2 object!");
|
||||
}
|
||||
|
||||
$schema_o = new Net_LDAP2_Schema();
|
||||
|
||||
if (is_null($dn)) {
|
||||
// get the subschema entry via root dse
|
||||
$dse = $ldap->rootDSE(array('subschemaSubentry'));
|
||||
if (false == Net_LDAP2::isError($dse)) {
|
||||
$base = $dse->getValue('subschemaSubentry', 'single');
|
||||
if (!Net_LDAP2::isError($base)) {
|
||||
$dn = $base;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Support for buggy LDAP servers (e.g. Siemens DirX 6.x) that incorrectly
|
||||
// call this entry subSchemaSubentry instead of subschemaSubentry.
|
||||
// Note the correct case/spelling as per RFC 2251.
|
||||
if (is_null($dn)) {
|
||||
// get the subschema entry via root dse
|
||||
$dse = $ldap->rootDSE(array('subSchemaSubentry'));
|
||||
if (false == Net_LDAP2::isError($dse)) {
|
||||
$base = $dse->getValue('subSchemaSubentry', 'single');
|
||||
if (!Net_LDAP2::isError($base)) {
|
||||
$dn = $base;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Final fallback case where there is no subschemaSubentry attribute
|
||||
// in the root DSE (this is a bug for an LDAP v3 server so report this
|
||||
// to your LDAP vendor if you get this far).
|
||||
if (is_null($dn)) {
|
||||
$dn = 'cn=Subschema';
|
||||
}
|
||||
|
||||
// fetch the subschema entry
|
||||
$result = $ldap->search($dn, '(objectClass=*)',
|
||||
array('attributes' => array_values($schema_o->types),
|
||||
'scope' => 'base'));
|
||||
if (Net_LDAP2::isError($result)) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
$entry = $result->shiftEntry();
|
||||
if (!$entry instanceof Net_LDAP2_Entry) {
|
||||
return PEAR::raiseError('Could not fetch Subschema entry');
|
||||
}
|
||||
|
||||
$schema_o->parse($entry);
|
||||
return $schema_o;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a hash of entries for the given type
|
||||
*
|
||||
* Returns a hash of entry for th givene type. Types may be:
|
||||
* objectclasses, attributes, ditcontentrules, ditstructurerules, matchingrules,
|
||||
* matchingruleuses, nameforms, syntaxes
|
||||
*
|
||||
* @param string $type Type to fetch
|
||||
*
|
||||
* @access public
|
||||
* @return array|Net_LDAP2_Error Array or Net_LDAP2_Error
|
||||
*/
|
||||
public function &getAll($type)
|
||||
{
|
||||
$map = array('objectclasses' => &$this->_objectClasses,
|
||||
'attributes' => &$this->_attributeTypes,
|
||||
'ditcontentrules' => &$this->_dITContentRules,
|
||||
'ditstructurerules' => &$this->_dITStructureRules,
|
||||
'matchingrules' => &$this->_matchingRules,
|
||||
'matchingruleuses' => &$this->_matchingRuleUse,
|
||||
'nameforms' => &$this->_nameForms,
|
||||
'syntaxes' => &$this->_ldapSyntaxes );
|
||||
|
||||
$key = strtolower($type);
|
||||
$ret = ((key_exists($key, $map)) ? $map[$key] : PEAR::raiseError("Unknown type $type"));
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a specific entry
|
||||
*
|
||||
* @param string $type Type of name
|
||||
* @param string $name Name or OID to fetch
|
||||
*
|
||||
* @access public
|
||||
* @return mixed Entry or Net_LDAP2_Error
|
||||
*/
|
||||
public function &get($type, $name)
|
||||
{
|
||||
if ($this->_initialized) {
|
||||
$type = strtolower($type);
|
||||
if (false == key_exists($type, $this->types)) {
|
||||
return PEAR::raiseError("No such type $type");
|
||||
}
|
||||
|
||||
$name = strtolower($name);
|
||||
$type_var = &$this->{'_' . $this->types[$type]};
|
||||
|
||||
if (key_exists($name, $type_var)) {
|
||||
return $type_var[$name];
|
||||
} elseif (key_exists($name, $this->_oids) && $this->_oids[$name]['type'] == $type) {
|
||||
return $this->_oids[$name];
|
||||
} else {
|
||||
return PEAR::raiseError("Could not find $type $name");
|
||||
}
|
||||
} else {
|
||||
$return = null;
|
||||
return $return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Fetches attributes that MAY be present in the given objectclass
|
||||
*
|
||||
* @param string $oc Name or OID of objectclass
|
||||
*
|
||||
* @access public
|
||||
* @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error
|
||||
*/
|
||||
public function may($oc)
|
||||
{
|
||||
return $this->_getAttr($oc, 'may');
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetches attributes that MUST be present in the given objectclass
|
||||
*
|
||||
* @param string $oc Name or OID of objectclass
|
||||
*
|
||||
* @access public
|
||||
* @return array|Net_LDAP2_Error Array with attributes or Net_LDAP2_Error
|
||||
*/
|
||||
public function must($oc)
|
||||
{
|
||||
return $this->_getAttr($oc, 'must');
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetches the given attribute from the given objectclass
|
||||
*
|
||||
* @param string $oc Name or OID of objectclass
|
||||
* @param string $attr Name of attribute to fetch
|
||||
*
|
||||
* @access protected
|
||||
* @return array|Net_LDAP2_Error The attribute or Net_LDAP2_Error
|
||||
*/
|
||||
protected function _getAttr($oc, $attr)
|
||||
{
|
||||
$oc = strtolower($oc);
|
||||
if (key_exists($oc, $this->_objectClasses) && key_exists($attr, $this->_objectClasses[$oc])) {
|
||||
return $this->_objectClasses[$oc][$attr];
|
||||
} elseif (key_exists($oc, $this->_oids) &&
|
||||
$this->_oids[$oc]['type'] == 'objectclass' &&
|
||||
key_exists($attr, $this->_oids[$oc])) {
|
||||
return $this->_oids[$oc][$attr];
|
||||
} else {
|
||||
return PEAR::raiseError("Could not find $attr attributes for $oc ");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the name(s) of the immediate superclass(es)
|
||||
*
|
||||
* @param string $oc Name or OID of objectclass
|
||||
*
|
||||
* @access public
|
||||
* @return array|Net_LDAP2_Error Array of names or Net_LDAP2_Error
|
||||
*/
|
||||
public function superclass($oc)
|
||||
{
|
||||
$o = $this->get('objectclass', $oc);
|
||||
if (Net_LDAP2::isError($o)) {
|
||||
return $o;
|
||||
}
|
||||
return (key_exists('sup', $o) ? $o['sup'] : array());
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses the schema of the given Subschema entry
|
||||
*
|
||||
* @param Net_LDAP2_Entry &$entry Subschema entry
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function parse(&$entry)
|
||||
{
|
||||
foreach ($this->types as $type => $attr) {
|
||||
// initialize map type to entry
|
||||
$type_var = '_' . $attr;
|
||||
$this->{$type_var} = array();
|
||||
|
||||
// get values for this type
|
||||
if ($entry->exists($attr)) {
|
||||
$values = $entry->getValue($attr);
|
||||
if (is_array($values)) {
|
||||
foreach ($values as $value) {
|
||||
|
||||
unset($schema_entry); // this was a real mess without it
|
||||
|
||||
// get the schema entry
|
||||
$schema_entry = $this->_parse_entry($value);
|
||||
|
||||
// set the type
|
||||
$schema_entry['type'] = $type;
|
||||
|
||||
// save a ref in $_oids
|
||||
$this->_oids[$schema_entry['oid']] = &$schema_entry;
|
||||
|
||||
// save refs for all names in type map
|
||||
$names = $schema_entry['aliases'];
|
||||
array_push($names, $schema_entry['name']);
|
||||
foreach ($names as $name) {
|
||||
$this->{$type_var}[strtolower($name)] = &$schema_entry;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
$this->_initialized = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parses an attribute value into a schema entry
|
||||
*
|
||||
* @param string $value Attribute value
|
||||
*
|
||||
* @access protected
|
||||
* @return array|false Schema entry array or false
|
||||
*/
|
||||
protected function &_parse_entry($value)
|
||||
{
|
||||
// tokens that have no value associated
|
||||
$noValue = array('single-value',
|
||||
'obsolete',
|
||||
'collective',
|
||||
'no-user-modification',
|
||||
'abstract',
|
||||
'structural',
|
||||
'auxiliary');
|
||||
|
||||
// tokens that can have multiple values
|
||||
$multiValue = array('must', 'may', 'sup');
|
||||
|
||||
$schema_entry = array('aliases' => array()); // initilization
|
||||
|
||||
$tokens = $this->_tokenize($value); // get an array of tokens
|
||||
|
||||
// remove surrounding brackets
|
||||
if ($tokens[0] == '(') array_shift($tokens);
|
||||
if ($tokens[count($tokens) - 1] == ')') array_pop($tokens); // -1 doesnt work on arrays :-(
|
||||
|
||||
$schema_entry['oid'] = array_shift($tokens); // first token is the oid
|
||||
|
||||
// cycle over the tokens until none are left
|
||||
while (count($tokens) > 0) {
|
||||
$token = strtolower(array_shift($tokens));
|
||||
if (in_array($token, $noValue)) {
|
||||
$schema_entry[$token] = 1; // single value token
|
||||
} else {
|
||||
// this one follows a string or a list if it is multivalued
|
||||
if (($schema_entry[$token] = array_shift($tokens)) == '(') {
|
||||
// this creates the list of values and cycles through the tokens
|
||||
// until the end of the list is reached ')'
|
||||
$schema_entry[$token] = array();
|
||||
while ($tmp = array_shift($tokens)) {
|
||||
if ($tmp == ')') break;
|
||||
if ($tmp != '$') array_push($schema_entry[$token], $tmp);
|
||||
}
|
||||
}
|
||||
// create a array if the value should be multivalued but was not
|
||||
if (in_array($token, $multiValue) && !is_array($schema_entry[$token])) {
|
||||
$schema_entry[$token] = array($schema_entry[$token]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// get max length from syntax
|
||||
if (key_exists('syntax', $schema_entry)) {
|
||||
if (preg_match('/{(\d+)}/', $schema_entry['syntax'], $matches)) {
|
||||
$schema_entry['max_length'] = $matches[1];
|
||||
}
|
||||
}
|
||||
// force a name
|
||||
if (empty($schema_entry['name'])) {
|
||||
$schema_entry['name'] = $schema_entry['oid'];
|
||||
}
|
||||
// make one name the default and put the other ones into aliases
|
||||
if (is_array($schema_entry['name'])) {
|
||||
$aliases = $schema_entry['name'];
|
||||
$schema_entry['name'] = array_shift($aliases);
|
||||
$schema_entry['aliases'] = $aliases;
|
||||
}
|
||||
return $schema_entry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tokenizes the given value into an array of tokens
|
||||
*
|
||||
* @param string $value String to parse
|
||||
*
|
||||
* @access protected
|
||||
* @return array Array of tokens
|
||||
*/
|
||||
protected function _tokenize($value)
|
||||
{
|
||||
$tokens = array(); // array of tokens
|
||||
$matches = array(); // matches[0] full pattern match, [1,2,3] subpatterns
|
||||
|
||||
// this one is taken from perl-ldap, modified for php
|
||||
$pattern = "/\s* (?:([()]) | ([^'\s()]+) | '((?:[^']+|'[^\s)])*)') \s*/x";
|
||||
|
||||
/**
|
||||
* This one matches one big pattern wherin only one of the three subpatterns matched
|
||||
* We are interested in the subpatterns that matched. If it matched its value will be
|
||||
* non-empty and so it is a token. Tokens may be round brackets, a string, or a string
|
||||
* enclosed by '
|
||||
*/
|
||||
preg_match_all($pattern, $value, $matches);
|
||||
|
||||
for ($i = 0; $i < count($matches[0]); $i++) { // number of tokens (full pattern match)
|
||||
for ($j = 1; $j < 4; $j++) { // each subpattern
|
||||
if (null != trim($matches[$j][$i])) { // pattern match in this subpattern
|
||||
$tokens[$i] = trim($matches[$j][$i]); // this is the token
|
||||
}
|
||||
}
|
||||
}
|
||||
return $tokens;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns wether a attribute syntax is binary or not
|
||||
*
|
||||
* This method gets used by Net_LDAP2_Entry to decide which
|
||||
* PHP function needs to be used to fetch the value in the
|
||||
* proper format (e.g. binary or string)
|
||||
*
|
||||
* @param string $attribute The name of the attribute (eg.: 'sn')
|
||||
*
|
||||
* @access public
|
||||
* @return boolean
|
||||
*/
|
||||
public function isBinary($attribute)
|
||||
{
|
||||
$return = false; // default to false
|
||||
|
||||
// This list contains all syntax that should be treaten as
|
||||
// containing binary values
|
||||
// The Syntax Definitons go into constants at the top of this page
|
||||
$syntax_binary = array(
|
||||
NET_LDAP2_SYNTAX_OCTET_STRING,
|
||||
NET_LDAP2_SYNTAX_JPEG
|
||||
);
|
||||
|
||||
// Check Syntax
|
||||
$attr_s = $this->get('attribute', $attribute);
|
||||
if (Net_LDAP2::isError($attr_s)) {
|
||||
// Attribute not found in schema
|
||||
$return = false; // consider attr not binary
|
||||
} elseif (isset($attr_s['syntax']) && in_array($attr_s['syntax'], $syntax_binary)) {
|
||||
// Syntax is defined as binary in schema
|
||||
$return = true;
|
||||
} else {
|
||||
// Syntax not defined as binary, or not found
|
||||
// if attribute is a subtype, check superior attribute syntaxes
|
||||
if (isset($attr_s['sup'])) {
|
||||
foreach ($attr_s['sup'] as $superattr) {
|
||||
$return = $this->isBinary($superattr);
|
||||
if ($return) {
|
||||
break; // stop checking parents since we are binary
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
// [TODO] add method that allows us to see to which objectclasses a certain attribute belongs to
|
||||
// it should return the result structured, e.g. sorted in "may" and "must". Optionally it should
|
||||
// be able to return it just "flat", e.g. array_merge()d.
|
||||
// We could use get_all() to achieve this easily, i think
|
||||
}
|
||||
?>
|
59
extlib/Net/LDAP2/SchemaCache.interface.php
Normal file
59
extlib/Net/LDAP2/SchemaCache.interface.php
Normal file
|
@ -0,0 +1,59 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_SchemaCache interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: SchemaCache.interface.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Interface describing a custom schema cache object
|
||||
*
|
||||
* To implement a custom schema cache, one must implement this interface and
|
||||
* pass the instanciated object to Net_LDAP2s registerSchemaCache() method.
|
||||
*/
|
||||
interface Net_LDAP2_SchemaCache
|
||||
{
|
||||
/**
|
||||
* Return the schema object from the cache
|
||||
*
|
||||
* Net_LDAP2 will consider anything returned invalid, except
|
||||
* a valid Net_LDAP2_Schema object.
|
||||
* In case you return a Net_LDAP2_Error, this error will be routed
|
||||
* to the return of the $ldap->schema() call.
|
||||
* If you return something else, Net_LDAP2 will
|
||||
* fetch a fresh Schema object from the LDAP server.
|
||||
*
|
||||
* You may want to implement a cache aging mechanism here too.
|
||||
*
|
||||
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
|
||||
*/
|
||||
public function loadSchema();
|
||||
|
||||
/**
|
||||
* Store a schema object in the cache
|
||||
*
|
||||
* This method will be called, if Net_LDAP2 has fetched a fresh
|
||||
* schema object from LDAP and wants to init or refresh the cache.
|
||||
*
|
||||
* In case of errors you may return a Net_LDAP2_Error which will
|
||||
* be routet to the client.
|
||||
* Note that doing this prevents, that the schema object fetched from LDAP
|
||||
* will be given back to the client, so only return errors if storing
|
||||
* of the cache is something crucial (e.g. for doing something else with it).
|
||||
* Normaly you dont want to give back errors in which case Net_LDAP2 needs to
|
||||
* fetch the schema once per script run and instead use the error
|
||||
* returned from loadSchema().
|
||||
*
|
||||
* @return true|Net_LDAP2_Error
|
||||
*/
|
||||
public function storeSchema($schema);
|
||||
}
|
614
extlib/Net/LDAP2/Search.php
Normal file
614
extlib/Net/LDAP2/Search.php
Normal file
|
@ -0,0 +1,614 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_Search interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Tarjej Huse <tarjei@bergfald.no>
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Tarjej Huse, Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: Search.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
|
||||
/**
|
||||
* Result set of an LDAP search
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Tarjej Huse <tarjei@bergfald.no>
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP22/
|
||||
*/
|
||||
class Net_LDAP2_Search extends PEAR implements Iterator
|
||||
{
|
||||
/**
|
||||
* Search result identifier
|
||||
*
|
||||
* @access protected
|
||||
* @var resource
|
||||
*/
|
||||
protected $_search;
|
||||
|
||||
/**
|
||||
* LDAP resource link
|
||||
*
|
||||
* @access protected
|
||||
* @var resource
|
||||
*/
|
||||
protected $_link;
|
||||
|
||||
/**
|
||||
* Net_LDAP2 object
|
||||
*
|
||||
* A reference of the Net_LDAP2 object for passing to Net_LDAP2_Entry
|
||||
*
|
||||
* @access protected
|
||||
* @var object Net_LDAP2
|
||||
*/
|
||||
protected $_ldap;
|
||||
|
||||
/**
|
||||
* Result entry identifier
|
||||
*
|
||||
* @access protected
|
||||
* @var resource
|
||||
*/
|
||||
protected $_entry = null;
|
||||
|
||||
/**
|
||||
* The errorcode the search got
|
||||
*
|
||||
* Some errorcodes might be of interest, but might not be best handled as errors.
|
||||
* examples: 4 - LDAP_SIZELIMIT_EXCEEDED - indicates a huge search.
|
||||
* Incomplete results are returned. If you just want to check if there's anything in the search.
|
||||
* than this is a point to handle.
|
||||
* 32 - no such object - search here returns a count of 0.
|
||||
*
|
||||
* @access protected
|
||||
* @var int
|
||||
*/
|
||||
protected $_errorCode = 0; // if not set - sucess!
|
||||
|
||||
/**
|
||||
* Cache for all entries already fetched from iterator interface
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_iteratorCache = array();
|
||||
|
||||
/**
|
||||
* What attributes we searched for
|
||||
*
|
||||
* The $attributes array contains the names of the searched attributes and gets
|
||||
* passed from $Net_LDAP2->search() so the Net_LDAP2_Search object can tell
|
||||
* what attributes was searched for ({@link searchedAttrs())
|
||||
*
|
||||
* This variable gets set from the constructor and returned
|
||||
* from {@link searchedAttrs()}
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_searchedAttrs = array();
|
||||
|
||||
/**
|
||||
* Cache variable for storing entries fetched internally
|
||||
*
|
||||
* This currently is only used by {@link pop_entry()}
|
||||
*
|
||||
* @access protected
|
||||
* @var array
|
||||
*/
|
||||
protected $_entry_cache = false;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param resource &$search Search result identifier
|
||||
* @param Net_LDAP2|resource &$ldap Net_LDAP2 object or just a LDAP-Link resource
|
||||
* @param array $attributes (optional) Array with searched attribute names. (see {@link $_searchedAttrs})
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function __construct(&$search, &$ldap, $attributes = array())
|
||||
{
|
||||
$this->PEAR('Net_LDAP2_Error');
|
||||
|
||||
$this->setSearch($search);
|
||||
|
||||
if ($ldap instanceof Net_LDAP2) {
|
||||
$this->_ldap =& $ldap;
|
||||
$this->setLink($this->_ldap->getLink());
|
||||
} else {
|
||||
$this->setLink($ldap);
|
||||
}
|
||||
|
||||
$this->_errorCode = @ldap_errno($this->_link);
|
||||
|
||||
if (is_array($attributes) && !empty($attributes)) {
|
||||
$this->_searchedAttrs = $attributes;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an array of entry objects
|
||||
*
|
||||
* @return array Array of entry objects.
|
||||
*/
|
||||
public function entries()
|
||||
{
|
||||
$entries = array();
|
||||
|
||||
while ($entry = $this->shiftEntry()) {
|
||||
$entries[] = $entry;
|
||||
}
|
||||
|
||||
return $entries;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the next entry in the searchresult.
|
||||
*
|
||||
* This will return a valid Net_LDAP2_Entry object or false, so
|
||||
* you can use this method to easily iterate over the entries inside
|
||||
* a while loop.
|
||||
*
|
||||
* @return Net_LDAP2_Entry|false Reference to Net_LDAP2_Entry object or false
|
||||
*/
|
||||
public function &shiftEntry()
|
||||
{
|
||||
if ($this->count() == 0 ) {
|
||||
$false = false;
|
||||
return $false;
|
||||
}
|
||||
|
||||
if (is_null($this->_entry)) {
|
||||
$this->_entry = @ldap_first_entry($this->_link, $this->_search);
|
||||
$entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry);
|
||||
if ($entry instanceof Net_LDAP2_Error) $entry = false;
|
||||
} else {
|
||||
if (!$this->_entry = @ldap_next_entry($this->_link, $this->_entry)) {
|
||||
$false = false;
|
||||
return $false;
|
||||
}
|
||||
$entry = Net_LDAP2_Entry::createConnected($this->_ldap, $this->_entry);
|
||||
if ($entry instanceof Net_LDAP2_Error) $entry = false;
|
||||
}
|
||||
return $entry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of shiftEntry() for perl-ldap interface
|
||||
*
|
||||
* @see shiftEntry()
|
||||
* @return Net_LDAP2_Entry|false
|
||||
*/
|
||||
public function shift_entry()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array( &$this, 'shiftEntry' ), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve the next entry in the searchresult, but starting from last entry
|
||||
*
|
||||
* This is the opposite to {@link shiftEntry()} and is also very useful
|
||||
* to be used inside a while loop.
|
||||
*
|
||||
* @return Net_LDAP2_Entry|false
|
||||
*/
|
||||
public function popEntry()
|
||||
{
|
||||
if (false === $this->_entry_cache) {
|
||||
// fetch entries into cache if not done so far
|
||||
$this->_entry_cache = $this->entries();
|
||||
}
|
||||
|
||||
$return = array_pop($this->_entry_cache);
|
||||
return (null === $return)? false : $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Alias function of popEntry() for perl-ldap interface
|
||||
*
|
||||
* @see popEntry()
|
||||
* @return Net_LDAP2_Entry|false
|
||||
*/
|
||||
public function pop_entry()
|
||||
{
|
||||
$args = func_get_args();
|
||||
return call_user_func_array(array( &$this, 'popEntry' ), $args);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return entries sorted as array
|
||||
*
|
||||
* This returns a array with sorted entries and the values.
|
||||
* Sorting is done with PHPs {@link array_multisort()}.
|
||||
* This method relies on {@link as_struct()} to fetch the raw data of the entries.
|
||||
*
|
||||
* Please note that attribute names are case sensitive!
|
||||
*
|
||||
* Usage example:
|
||||
* <code>
|
||||
* // to sort entries first by location, then by surename, but descending:
|
||||
* $entries = $search->sorted_as_struct(array('locality','sn'), SORT_DESC);
|
||||
* </code>
|
||||
*
|
||||
* @param array $attrs Array of attribute names to sort; order from left to right.
|
||||
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
|
||||
*
|
||||
* @return array|Net_LDAP2_Error Array with sorted entries or error
|
||||
* @todo what about server side sorting as specified in http://www.ietf.org/rfc/rfc2891.txt?
|
||||
*/
|
||||
public function sorted_as_struct($attrs = array('cn'), $order = SORT_ASC)
|
||||
{
|
||||
/*
|
||||
* Old Code, suitable and fast for single valued sorting
|
||||
* This code should be used if we know that single valued sorting is desired,
|
||||
* but we need some method to get that knowledge...
|
||||
*/
|
||||
/*
|
||||
$attrs = array_reverse($attrs);
|
||||
foreach ($attrs as $attribute) {
|
||||
if (!ldap_sort($this->_link, $this->_search, $attribute)){
|
||||
$this->raiseError("Sorting failed for Attribute " . $attribute);
|
||||
}
|
||||
}
|
||||
|
||||
$results = ldap_get_entries($this->_link, $this->_search);
|
||||
|
||||
unset($results['count']); //for tidier output
|
||||
if ($order) {
|
||||
return array_reverse($results);
|
||||
} else {
|
||||
return $results;
|
||||
}*/
|
||||
|
||||
/*
|
||||
* New code: complete "client side" sorting
|
||||
*/
|
||||
// first some parameterchecks
|
||||
if (!is_array($attrs)) {
|
||||
return PEAR::raiseError("Sorting failed: Parameterlist must be an array!");
|
||||
}
|
||||
if ($order != SORT_ASC && $order != SORT_DESC) {
|
||||
return PEAR::raiseError("Sorting failed: sorting direction not understood! (neither constant SORT_ASC nor SORT_DESC)");
|
||||
}
|
||||
|
||||
// fetch the entries data
|
||||
$entries = $this->as_struct();
|
||||
|
||||
// now sort each entries attribute values
|
||||
// this is neccessary because later we can only sort by one value,
|
||||
// so we need the highest or lowest attribute now, depending on the
|
||||
// selected ordering for that specific attribute
|
||||
foreach ($entries as $dn => $entry) {
|
||||
foreach ($entry as $attr_name => $attr_values) {
|
||||
sort($entries[$dn][$attr_name]);
|
||||
if ($order == SORT_DESC) {
|
||||
array_reverse($entries[$dn][$attr_name]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// reformat entrys array for later use with array_multisort()
|
||||
$to_sort = array(); // <- will be a numeric array similar to ldap_get_entries
|
||||
foreach ($entries as $dn => $entry_attr) {
|
||||
$row = array();
|
||||
$row['dn'] = $dn;
|
||||
foreach ($entry_attr as $attr_name => $attr_values) {
|
||||
$row[$attr_name] = $attr_values;
|
||||
}
|
||||
$to_sort[] = $row;
|
||||
}
|
||||
|
||||
// Build columns for array_multisort()
|
||||
// each requested attribute is one row
|
||||
$columns = array();
|
||||
foreach ($attrs as $attr_name) {
|
||||
foreach ($to_sort as $key => $row) {
|
||||
$columns[$attr_name][$key] =& $to_sort[$key][$attr_name][0];
|
||||
}
|
||||
}
|
||||
|
||||
// sort the colums with array_multisort, if there is something
|
||||
// to sort and if we have requested sort columns
|
||||
if (!empty($to_sort) && !empty($columns)) {
|
||||
$sort_params = '';
|
||||
foreach ($attrs as $attr_name) {
|
||||
$sort_params .= '$columns[\''.$attr_name.'\'], '.$order.', ';
|
||||
}
|
||||
eval("array_multisort($sort_params \$to_sort);"); // perform sorting
|
||||
}
|
||||
|
||||
return $to_sort;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return entries sorted as objects
|
||||
*
|
||||
* This returns a array with sorted Net_LDAP2_Entry objects.
|
||||
* The sorting is actually done with {@link sorted_as_struct()}.
|
||||
*
|
||||
* Please note that attribute names are case sensitive!
|
||||
* Also note, that it is (depending on server capabilitys) possible to let
|
||||
* the server sort your results. This happens through search controls
|
||||
* and is described in detail at {@link http://www.ietf.org/rfc/rfc2891.txt}
|
||||
*
|
||||
* Usage example:
|
||||
* <code>
|
||||
* // to sort entries first by location, then by surename, but descending:
|
||||
* $entries = $search->sorted(array('locality','sn'), SORT_DESC);
|
||||
* </code>
|
||||
*
|
||||
* @param array $attrs Array of sort attributes to sort; order from left to right.
|
||||
* @param int $order Ordering direction, either constant SORT_ASC or SORT_DESC
|
||||
*
|
||||
* @return array|Net_LDAP2_Error Array with sorted Net_LDAP2_Entries or error
|
||||
* @todo Entry object construction could be faster. Maybe we could use one of the factorys instead of fetching the entry again
|
||||
*/
|
||||
public function sorted($attrs = array('cn'), $order = SORT_ASC)
|
||||
{
|
||||
$return = array();
|
||||
$sorted = $this->sorted_as_struct($attrs, $order);
|
||||
if (PEAR::isError($sorted)) {
|
||||
return $sorted;
|
||||
}
|
||||
foreach ($sorted as $key => $row) {
|
||||
$entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs());
|
||||
if (!PEAR::isError($entry)) {
|
||||
array_push($return, $entry);
|
||||
} else {
|
||||
return $entry;
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return entries as array
|
||||
*
|
||||
* This method returns the entries and the selected attributes values as
|
||||
* array.
|
||||
* The first array level contains all found entries where the keys are the
|
||||
* DNs of the entries. The second level arrays contian the entries attributes
|
||||
* such that the keys is the lowercased name of the attribute and the values
|
||||
* are stored in another indexed array. Note that the attribute values are stored
|
||||
* in an array even if there is no or just one value.
|
||||
*
|
||||
* The array has the following structure:
|
||||
* <code>
|
||||
* $return = array(
|
||||
* 'cn=foo,dc=example,dc=com' => array(
|
||||
* 'sn' => array('foo'),
|
||||
* 'multival' => array('val1', 'val2', 'valN')
|
||||
* )
|
||||
* 'cn=bar,dc=example,dc=com' => array(
|
||||
* 'sn' => array('bar'),
|
||||
* 'multival' => array('val1', 'valN')
|
||||
* )
|
||||
* )
|
||||
* </code>
|
||||
*
|
||||
* @return array associative result array as described above
|
||||
*/
|
||||
public function as_struct()
|
||||
{
|
||||
$return = array();
|
||||
$entries = $this->entries();
|
||||
foreach ($entries as $entry) {
|
||||
$attrs = array();
|
||||
$entry_attributes = $entry->attributes();
|
||||
foreach ($entry_attributes as $attr_name) {
|
||||
$attr_values = $entry->getValue($attr_name, 'all');
|
||||
if (!is_array($attr_values)) {
|
||||
$attr_values = array($attr_values);
|
||||
}
|
||||
$attrs[$attr_name] = $attr_values;
|
||||
}
|
||||
$return[$entry->dn()] = $attrs;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the search objects resource link
|
||||
*
|
||||
* @param resource &$search Search result identifier
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function setSearch(&$search)
|
||||
{
|
||||
$this->_search = $search;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the ldap ressource link
|
||||
*
|
||||
* @param resource &$link Link identifier
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function setLink(&$link)
|
||||
{
|
||||
$this->_link = $link;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the number of entries in the searchresult
|
||||
*
|
||||
* @return int Number of entries in search.
|
||||
*/
|
||||
public function count()
|
||||
{
|
||||
// this catches the situation where OL returned errno 32 = no such object!
|
||||
if (!$this->_search) {
|
||||
return 0;
|
||||
}
|
||||
return @ldap_count_entries($this->_link, $this->_search);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the errorcode the object got in its search.
|
||||
*
|
||||
* @return int The ldap error number.
|
||||
*/
|
||||
public function getErrorCode()
|
||||
{
|
||||
return $this->_errorCode;
|
||||
}
|
||||
|
||||
/**
|
||||
* Destructor
|
||||
*
|
||||
* @access protected
|
||||
*/
|
||||
public function _Net_LDAP2_Search()
|
||||
{
|
||||
@ldap_free_result($this->_search);
|
||||
}
|
||||
|
||||
/**
|
||||
* Closes search result
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function done()
|
||||
{
|
||||
$this->_Net_LDAP2_Search();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the attribute names this search selected
|
||||
*
|
||||
* @return array
|
||||
* @see $_searchedAttrs
|
||||
* @access protected
|
||||
*/
|
||||
protected function searchedAttrs()
|
||||
{
|
||||
return $this->_searchedAttrs;
|
||||
}
|
||||
|
||||
/**
|
||||
* Tells if this search exceeds a sizelimit
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function sizeLimitExceeded()
|
||||
{
|
||||
return ($this->getErrorCode() == 4);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* SPL Iterator interface methods.
|
||||
* This interface allows to use Net_LDAP2_Search
|
||||
* objects directly inside a foreach loop!
|
||||
*/
|
||||
/**
|
||||
* SPL Iterator interface: Return the current element.
|
||||
*
|
||||
* The SPL Iterator interface allows you to fetch entries inside
|
||||
* a foreach() loop: <code>foreach ($search as $dn => $entry) { ...</code>
|
||||
*
|
||||
* Of course, you may call {@link current()}, {@link key()}, {@link next()},
|
||||
* {@link rewind()} and {@link valid()} yourself.
|
||||
*
|
||||
* If the search throwed an error, it returns false.
|
||||
* False is also returned, if the end is reached
|
||||
* In case no call to next() was made, we will issue one,
|
||||
* thus returning the first entry.
|
||||
*
|
||||
* @return Net_LDAP2_Entry|false
|
||||
*/
|
||||
public function current()
|
||||
{
|
||||
if (count($this->_iteratorCache) == 0) {
|
||||
$this->next();
|
||||
reset($this->_iteratorCache);
|
||||
}
|
||||
$entry = current($this->_iteratorCache);
|
||||
return ($entry instanceof Net_LDAP2_Entry)? $entry : false;
|
||||
}
|
||||
|
||||
/**
|
||||
* SPL Iterator interface: Return the identifying key (DN) of the current entry.
|
||||
*
|
||||
* @see current()
|
||||
* @return string|false DN of the current entry; false in case no entry is returned by current()
|
||||
*/
|
||||
public function key()
|
||||
{
|
||||
$entry = $this->current();
|
||||
return ($entry instanceof Net_LDAP2_Entry)? $entry->dn() :false;
|
||||
}
|
||||
|
||||
/**
|
||||
* SPL Iterator interface: Move forward to next entry.
|
||||
*
|
||||
* After a call to {@link next()}, {@link current()} will return
|
||||
* the next entry in the result set.
|
||||
*
|
||||
* @see current()
|
||||
* @return void
|
||||
*/
|
||||
public function next()
|
||||
{
|
||||
// fetch next entry.
|
||||
// if we have no entrys anymore, we add false (which is
|
||||
// returned by shiftEntry()) so current() will complain.
|
||||
if (count($this->_iteratorCache) - 1 <= $this->count()) {
|
||||
$this->_iteratorCache[] = $this->shiftEntry();
|
||||
}
|
||||
|
||||
// move on array pointer to current element.
|
||||
// even if we have added all entries, this will
|
||||
// ensure proper operation in case we rewind()
|
||||
next($this->_iteratorCache);
|
||||
}
|
||||
|
||||
/**
|
||||
* SPL Iterator interface: Check if there is a current element after calls to {@link rewind()} or {@link next()}.
|
||||
*
|
||||
* Used to check if we've iterated to the end of the collection.
|
||||
*
|
||||
* @see current()
|
||||
* @return boolean FALSE if there's nothing more to iterate over
|
||||
*/
|
||||
public function valid()
|
||||
{
|
||||
return ($this->current() instanceof Net_LDAP2_Entry);
|
||||
}
|
||||
|
||||
/**
|
||||
* SPL Iterator interface: Rewind the Iterator to the first element.
|
||||
*
|
||||
* After rewinding, {@link current()} will return the first entry in the result set.
|
||||
*
|
||||
* @see current()
|
||||
* @return void
|
||||
*/
|
||||
public function rewind()
|
||||
{
|
||||
reset($this->_iteratorCache);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
97
extlib/Net/LDAP2/SimpleFileSchemaCache.php
Normal file
97
extlib/Net/LDAP2/SimpleFileSchemaCache.php
Normal file
|
@ -0,0 +1,97 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the example simple file based Schema Caching class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: SimpleFileSchemaCache.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* A simple file based schema cacher with cache aging.
|
||||
*
|
||||
* Once the cache is too old, the loadSchema() method will return false, so
|
||||
* Net_LDAP2 will fetch a fresh object from the LDAP server that will
|
||||
* overwrite the current (outdated) old cache.
|
||||
*/
|
||||
class Net_LDAP2_SimpleFileSchemaCache implements Net_LDAP2_SchemaCache
|
||||
{
|
||||
/**
|
||||
* Internal config of this cache
|
||||
*
|
||||
* @see Net_LDAP2_SimpleFileSchemaCache()
|
||||
* @var array
|
||||
*/
|
||||
protected $config = array(
|
||||
'path' => '/tmp/Net_LDAP_Schema.cache',
|
||||
'max_age' => 1200
|
||||
);
|
||||
|
||||
/**
|
||||
* Initialize the simple cache
|
||||
*
|
||||
* Config is as following:
|
||||
* path Complete path to the cache file.
|
||||
* max_age Maximum age of cache in seconds, 0 means "endlessly".
|
||||
*
|
||||
* @param array $cfg Config array
|
||||
*/
|
||||
public function Net_LDAP2_SimpleFileSchemaCache($cfg)
|
||||
{
|
||||
foreach ($cfg as $key => $value) {
|
||||
if (array_key_exists($key, $this->config)) {
|
||||
if (gettype($this->config[$key]) != gettype($value)) {
|
||||
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key does not match type ".gettype($this->config[$key])."!");
|
||||
}
|
||||
$this->config[$key] = $value;
|
||||
} else {
|
||||
$this->getCore()->dropFatalError(__CLASS__.": Could not set config! Key $key is not defined!");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the schema object from the cache
|
||||
*
|
||||
* If file is existent and cache has not expired yet,
|
||||
* then the cache is deserialized and returned.
|
||||
*
|
||||
* @return Net_LDAP2_Schema|Net_LDAP2_Error|false
|
||||
*/
|
||||
public function loadSchema()
|
||||
{
|
||||
$return = false; // Net_LDAP2 will load schema from LDAP
|
||||
if (file_exists($this->config['path'])) {
|
||||
$cache_maxage = filemtime($this->config['path']) + $this->config['max_age'];
|
||||
if (time() <= $cache_maxage || $this->config['max_age'] == 0) {
|
||||
$return = unserialize(file_get_contents($this->config['path']));
|
||||
}
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a schema object in the cache
|
||||
*
|
||||
* This method will be called, if Net_LDAP2 has fetched a fresh
|
||||
* schema object from LDAP and wants to init or refresh the cache.
|
||||
*
|
||||
* To invalidate the cache and cause Net_LDAP2 to refresh the cache,
|
||||
* you can call this method with null or false as value.
|
||||
* The next call to $ldap->schema() will then refresh the caches object.
|
||||
*
|
||||
* @param mixed $schema The object that should be cached
|
||||
* @return true|Net_LDAP2_Error|false
|
||||
*/
|
||||
public function storeSchema($schema) {
|
||||
file_put_contents($this->config['path'], serialize($schema));
|
||||
return true;
|
||||
}
|
||||
}
|
572
extlib/Net/LDAP2/Util.php
Normal file
572
extlib/Net/LDAP2/Util.php
Normal file
|
@ -0,0 +1,572 @@
|
|||
<?php
|
||||
/* vim: set expandtab tabstop=4 shiftwidth=4: */
|
||||
/**
|
||||
* File containing the Net_LDAP2_Util interface class.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @copyright 2009 Benedikt Hallinger
|
||||
* @license http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3
|
||||
* @version SVN: $Id: Util.php 286718 2009-08-03 07:30:49Z beni $
|
||||
* @link http://pear.php.net/package/Net_LDAP2/
|
||||
*/
|
||||
|
||||
/**
|
||||
* Includes
|
||||
*/
|
||||
require_once 'PEAR.php';
|
||||
|
||||
/**
|
||||
* Utility Class for Net_LDAP2
|
||||
*
|
||||
* This class servers some functionality to the other classes of Net_LDAP2 but most of
|
||||
* the methods can be used separately as well.
|
||||
*
|
||||
* @category Net
|
||||
* @package Net_LDAP2
|
||||
* @author Benedikt Hallinger <beni@php.net>
|
||||
* @license http://www.gnu.org/copyleft/lesser.html LGPL
|
||||
* @link http://pear.php.net/package/Net_LDAP22/
|
||||
*/
|
||||
class Net_LDAP2_Util extends PEAR
|
||||
{
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
// We do nothing here, since all methods can be called statically.
|
||||
// In Net_LDAP <= 0.7, we needed a instance of Util, because
|
||||
// it was possible to do utf8 encoding and decoding, but this
|
||||
// has been moved to the LDAP class. The constructor remains only
|
||||
// here to document the downward compatibility of creating an instance.
|
||||
}
|
||||
|
||||
/**
|
||||
* Explodes the given DN into its elements
|
||||
*
|
||||
* {@link http://www.ietf.org/rfc/rfc2253.txt RFC 2253} says, a Distinguished Name is a sequence
|
||||
* of Relative Distinguished Names (RDNs), which themselves
|
||||
* are sets of Attributes. For each RDN a array is constructed where the RDN part is stored.
|
||||
*
|
||||
* For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to:
|
||||
* <kbd>array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' )</kbd>
|
||||
*
|
||||
* [NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of
|
||||
* the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded
|
||||
* and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to
|
||||
* the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to:
|
||||
* [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ];
|
||||
* See {@link http://www.vijaymukhi.com/vmis/berldap.htm} for more information on BER.
|
||||
*
|
||||
* It also performs the following operations on the given DN:
|
||||
* - Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair
|
||||
* and strings beginning with "#".
|
||||
* - Removes the leading 'OID.' characters if the type is an OID instead of a name.
|
||||
* - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.
|
||||
*
|
||||
* OPTIONS is a list of name/value pairs, valid options are:
|
||||
* casefold Controls case folding of attribute types names.
|
||||
* Attribute values are not affected by this option.
|
||||
* The default is to uppercase. Valid values are:
|
||||
* lower Lowercase attribute types names.
|
||||
* upper Uppercase attribute type names. This is the default.
|
||||
* none Do not change attribute type names.
|
||||
* reverse If TRUE, the RDN sequence is reversed.
|
||||
* onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo')
|
||||
*
|
||||
|
||||
* @param string $dn The DN that should be exploded
|
||||
* @param array $options Options to use
|
||||
*
|
||||
* @static
|
||||
* @return array Parts of the exploded DN
|
||||
* @todo implement BER
|
||||
*/
|
||||
public static function ldap_explode_dn($dn, $options = array('casefold' => 'upper'))
|
||||
{
|
||||
if (!isset($options['onlyvalues'])) $options['onlyvalues'] = false;
|
||||
if (!isset($options['reverse'])) $options['reverse'] = false;
|
||||
if (!isset($options['casefold'])) $options['casefold'] = 'upper';
|
||||
|
||||
// Escaping of DN and stripping of "OID."
|
||||
$dn = self::canonical_dn($dn, array('casefold' => $options['casefold']));
|
||||
|
||||
// splitting the DN
|
||||
$dn_array = preg_split('/(?<=[^\\\\]),/', $dn);
|
||||
|
||||
// clear wrong splitting (possibly we have split too much)
|
||||
// /!\ Not clear, if this is neccessary here
|
||||
//$dn_array = self::correct_dn_splitting($dn_array, ',');
|
||||
|
||||
// construct subarrays for multivalued RDNs and unescape DN value
|
||||
// also convert to output format and apply casefolding
|
||||
foreach ($dn_array as $key => $value) {
|
||||
$value_u = self::unescape_dn_value($value);
|
||||
$rdns = self::split_rdn_multival($value_u[0]);
|
||||
if (count($rdns) > 1) {
|
||||
// MV RDN!
|
||||
foreach ($rdns as $subrdn_k => $subrdn_v) {
|
||||
// Casefolding
|
||||
if ($options['casefold'] == 'upper') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $subrdn_v);
|
||||
if ($options['casefold'] == 'lower') $subrdn_v = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $subrdn_v);
|
||||
|
||||
if ($options['onlyvalues']) {
|
||||
preg_match('/(.+?)(?<!\\\\)=(.+)/', $subrdn_v, $matches);
|
||||
$rdn_ocl = $matches[1];
|
||||
$rdn_val = $matches[2];
|
||||
$unescaped = self::unescape_dn_value($rdn_val);
|
||||
$rdns[$subrdn_k] = $unescaped[0];
|
||||
} else {
|
||||
$unescaped = self::unescape_dn_value($subrdn_v);
|
||||
$rdns[$subrdn_k] = $unescaped[0];
|
||||
}
|
||||
}
|
||||
|
||||
$dn_array[$key] = $rdns;
|
||||
} else {
|
||||
// normal RDN
|
||||
|
||||
// Casefolding
|
||||
if ($options['casefold'] == 'upper') $value = preg_replace("/^(\w+=)/e", "''.strtoupper('\\1').''", $value);
|
||||
if ($options['casefold'] == 'lower') $value = preg_replace("/^(\w+=)/e", "''.strtolower('\\1').''", $value);
|
||||
|
||||
if ($options['onlyvalues']) {
|
||||
preg_match('/(.+?)(?<!\\\\)=(.+)/', $value, $matches);
|
||||
$dn_ocl = $matches[1];
|
||||
$dn_val = $matches[2];
|
||||
$unescaped = self::unescape_dn_value($dn_val);
|
||||
$dn_array[$key] = $unescaped[0];
|
||||
} else {
|
||||
$unescaped = self::unescape_dn_value($value);
|
||||
$dn_array[$key] = $unescaped[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($options['reverse']) {
|
||||
return array_reverse($dn_array);
|
||||
} else {
|
||||
return $dn_array;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes a DN value according to RFC 2253
|
||||
*
|
||||
* Escapes the given VALUES according to RFC 2253 so that they can be safely used in LDAP DNs.
|
||||
* The characters ",", "+", """, "\", "<", ">", ";", "#", "=" with a special meaning in RFC 2252
|
||||
* are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair.
|
||||
* Finally all leading and trailing spaces are converted to sequences of \20.
|
||||
*
|
||||
* @param array $values An array containing the DN values that should be escaped
|
||||
*
|
||||
* @static
|
||||
* @return array The array $values, but escaped
|
||||
*/
|
||||
public static function escape_dn_value($values = array())
|
||||
{
|
||||
// Parameter validation
|
||||
if (!is_array($values)) {
|
||||
$values = array($values);
|
||||
}
|
||||
|
||||
foreach ($values as $key => $val) {
|
||||
// Escaping of filter meta characters
|
||||
$val = str_replace('\\', '\\\\', $val);
|
||||
$val = str_replace(',', '\,', $val);
|
||||
$val = str_replace('+', '\+', $val);
|
||||
$val = str_replace('"', '\"', $val);
|
||||
$val = str_replace('<', '\<', $val);
|
||||
$val = str_replace('>', '\>', $val);
|
||||
$val = str_replace(';', '\;', $val);
|
||||
$val = str_replace('#', '\#', $val);
|
||||
$val = str_replace('=', '\=', $val);
|
||||
|
||||
// ASCII < 32 escaping
|
||||
$val = self::asc2hex32($val);
|
||||
|
||||
// Convert all leading and trailing spaces to sequences of \20.
|
||||
if (preg_match('/^(\s*)(.+?)(\s*)$/', $val, $matches)) {
|
||||
$val = $matches[2];
|
||||
for ($i = 0; $i < strlen($matches[1]); $i++) {
|
||||
$val = '\20'.$val;
|
||||
}
|
||||
for ($i = 0; $i < strlen($matches[3]); $i++) {
|
||||
$val = $val.'\20';
|
||||
}
|
||||
}
|
||||
|
||||
if (null === $val) $val = '\0'; // apply escaped "null" if string is empty
|
||||
|
||||
$values[$key] = $val;
|
||||
}
|
||||
|
||||
return $values;
|
||||
}
|
||||
|
||||
/**
|
||||
* Undoes the conversion done by escape_dn_value().
|
||||
*
|
||||
* Any escape sequence starting with a baskslash - hexpair or special character -
|
||||
* will be transformed back to the corresponding character.
|
||||
*
|
||||
* @param array $values Array of DN Values
|
||||
*
|
||||
* @return array Same as $values, but unescaped
|
||||
* @static
|
||||
*/
|
||||
public static function unescape_dn_value($values = array())
|
||||
{
|
||||
// Parameter validation
|
||||
if (!is_array($values)) {
|
||||
$values = array($values);
|
||||
}
|
||||
|
||||
foreach ($values as $key => $val) {
|
||||
// strip slashes from special chars
|
||||
$val = str_replace('\\\\', '\\', $val);
|
||||
$val = str_replace('\,', ',', $val);
|
||||
$val = str_replace('\+', '+', $val);
|
||||
$val = str_replace('\"', '"', $val);
|
||||
$val = str_replace('\<', '<', $val);
|
||||
$val = str_replace('\>', '>', $val);
|
||||
$val = str_replace('\;', ';', $val);
|
||||
$val = str_replace('\#', '#', $val);
|
||||
$val = str_replace('\=', '=', $val);
|
||||
|
||||
// Translate hex code into ascii
|
||||
$values[$key] = self::hex2asc($val);
|
||||
}
|
||||
|
||||
return $values;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the given DN in a canonical form
|
||||
*
|
||||
* Returns false if DN is not a valid Distinguished Name.
|
||||
* DN can either be a string or an array
|
||||
* as returned by ldap_explode_dn, which is useful when constructing a DN.
|
||||
* The DN array may have be indexed (each array value is a OCL=VALUE pair)
|
||||
* or associative (array key is OCL and value is VALUE).
|
||||
*
|
||||
* It performs the following operations on the given DN:
|
||||
* - Removes the leading 'OID.' characters if the type is an OID instead of a name.
|
||||
* - Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair.
|
||||
* - Converts all leading and trailing spaces in values to be \20.
|
||||
* - If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.
|
||||
*
|
||||
* OPTIONS is a list of name/value pairs, valid options are:
|
||||
* casefold Controls case folding of attribute type names.
|
||||
* Attribute values are not affected by this option. The default is to uppercase.
|
||||
* Valid values are:
|
||||
* lower Lowercase attribute type names.
|
||||
* upper Uppercase attribute type names. This is the default.
|
||||
* none Do not change attribute type names.
|
||||
* [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}.
|
||||
* reverse If TRUE, the RDN sequence is reversed.
|
||||
* separator Separator to use between RDNs. Defaults to comma (',').
|
||||
*
|
||||
* Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test,
|
||||
* because an empty string evaluates to false. Use the "===" operator instead.
|
||||
*
|
||||
* @param array|string $dn The DN
|
||||
* @param array $options Options to use
|
||||
*
|
||||
* @static
|
||||
* @return false|string The canonical DN or FALSE
|
||||
* @todo implement option mbcescape
|
||||
*/
|
||||
public static function canonical_dn($dn, $options = array('casefold' => 'upper', 'separator' => ','))
|
||||
{
|
||||
if ($dn === '') return $dn; // empty DN is valid!
|
||||
|
||||
// options check
|
||||
if (!isset($options['reverse'])) {
|
||||
$options['reverse'] = false;
|
||||
} else {
|
||||
$options['reverse'] = true;
|
||||
}
|
||||
if (!isset($options['casefold'])) $options['casefold'] = 'upper';
|
||||
if (!isset($options['separator'])) $options['separator'] = ',';
|
||||
|
||||
|
||||
if (!is_array($dn)) {
|
||||
// It is not clear to me if the perl implementation splits by the user defined
|
||||
// separator or if it just uses this separator to construct the new DN
|
||||
$dn = preg_split('/(?<=[^\\\\])'.$options['separator'].'/', $dn);
|
||||
|
||||
// clear wrong splitting (possibly we have split too much)
|
||||
$dn = self::correct_dn_splitting($dn, $options['separator']);
|
||||
} else {
|
||||
// Is array, check, if the array is indexed or associative
|
||||
$assoc = false;
|
||||
foreach ($dn as $dn_key => $dn_part) {
|
||||
if (!is_int($dn_key)) {
|
||||
$assoc = true;
|
||||
}
|
||||
}
|
||||
// convert to indexed, if associative array detected
|
||||
if ($assoc) {
|
||||
$newdn = array();
|
||||
foreach ($dn as $dn_key => $dn_part) {
|
||||
if (is_array($dn_part)) {
|
||||
ksort($dn_part, SORT_STRING); // we assume here, that the rdn parts are also associative
|
||||
$newdn[] = $dn_part; // copy array as-is, so we can resolve it later
|
||||
} else {
|
||||
$newdn[] = $dn_key.'='.$dn_part;
|
||||
}
|
||||
}
|
||||
$dn =& $newdn;
|
||||
}
|
||||
}
|
||||
|
||||
// Escaping and casefolding
|
||||
foreach ($dn as $pos => $dnval) {
|
||||
if (is_array($dnval)) {
|
||||
// subarray detected, this means very surely, that we had
|
||||
// a multivalued dn part, which must be resolved
|
||||
$dnval_new = '';
|
||||
foreach ($dnval as $subkey => $subval) {
|
||||
// build RDN part
|
||||
if (!is_int($subkey)) {
|
||||
$subval = $subkey.'='.$subval;
|
||||
}
|
||||
$subval_processed = self::canonical_dn($subval);
|
||||
if (false === $subval_processed) return false;
|
||||
$dnval_new .= $subval_processed.'+';
|
||||
}
|
||||
$dn[$pos] = substr($dnval_new, 0, -1); // store RDN part, strip last plus
|
||||
} else {
|
||||
// try to split multivalued RDNS into array
|
||||
$rdns = self::split_rdn_multival($dnval);
|
||||
if (count($rdns) > 1) {
|
||||
// Multivalued RDN was detected!
|
||||
// The RDN value is expected to be correctly split by split_rdn_multival().
|
||||
// It's time to sort the RDN and build the DN!
|
||||
$rdn_string = '';
|
||||
sort($rdns, SORT_STRING); // Sort RDN keys alphabetically
|
||||
foreach ($rdns as $rdn) {
|
||||
$subval_processed = self::canonical_dn($rdn);
|
||||
if (false === $subval_processed) return false;
|
||||
$rdn_string .= $subval_processed.'+';
|
||||
}
|
||||
|
||||
$dn[$pos] = substr($rdn_string, 0, -1); // store RDN part, strip last plus
|
||||
|
||||
} else {
|
||||
// no multivalued RDN!
|
||||
// split at first unescaped "="
|
||||
$dn_comp = preg_split('/(?<=[^\\\\])=/', $rdns[0], 2);
|
||||
$ocl = ltrim($dn_comp[0]); // trim left whitespaces 'cause of "cn=foo, l=bar" syntax (whitespace after comma)
|
||||
$val = $dn_comp[1];
|
||||
|
||||
// strip 'OID.', otherwise apply casefolding and escaping
|
||||
if (substr(strtolower($ocl), 0, 4) == 'oid.') {
|
||||
$ocl = substr($ocl, 4);
|
||||
} else {
|
||||
if ($options['casefold'] == 'upper') $ocl = strtoupper($ocl);
|
||||
if ($options['casefold'] == 'lower') $ocl = strtolower($ocl);
|
||||
$ocl = self::escape_dn_value(array($ocl));
|
||||
$ocl = $ocl[0];
|
||||
}
|
||||
|
||||
// escaping of dn-value
|
||||
$val = self::escape_dn_value(array($val));
|
||||
$val = str_replace('/', '\/', $val[0]);
|
||||
|
||||
$dn[$pos] = $ocl.'='.$val;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($options['reverse']) $dn = array_reverse($dn);
|
||||
return implode($options['separator'], $dn);
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.
|
||||
*
|
||||
* Any control characters with an ACII code < 32 as well as the characters with special meaning in
|
||||
* LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a
|
||||
* backslash followed by two hex digits representing the hexadecimal value of the character.
|
||||
*
|
||||
* @param array $values Array of values to escape
|
||||
*
|
||||
* @static
|
||||
* @return array Array $values, but escaped
|
||||
*/
|
||||
public static function escape_filter_value($values = array())
|
||||
{
|
||||
// Parameter validation
|
||||
if (!is_array($values)) {
|
||||
$values = array($values);
|
||||
}
|
||||
|
||||
foreach ($values as $key => $val) {
|
||||
// Escaping of filter meta characters
|
||||
$val = str_replace('\\', '\5c', $val);
|
||||
$val = str_replace('*', '\2a', $val);
|
||||
$val = str_replace('(', '\28', $val);
|
||||
$val = str_replace(')', '\29', $val);
|
||||
|
||||
// ASCII < 32 escaping
|
||||
$val = self::asc2hex32($val);
|
||||
|
||||
if (null === $val) $val = '\0'; // apply escaped "null" if string is empty
|
||||
|
||||
$values[$key] = $val;
|
||||
}
|
||||
|
||||
return $values;
|
||||
}
|
||||
|
||||
/**
|
||||
* Undoes the conversion done by {@link escape_filter_value()}.
|
||||
*
|
||||
* Converts any sequences of a backslash followed by two hex digits into the corresponding character.
|
||||
*
|
||||
* @param array $values Array of values to escape
|
||||
*
|
||||
* @static
|
||||
* @return array Array $values, but unescaped
|
||||
*/
|
||||
public static function unescape_filter_value($values = array())
|
||||
{
|
||||
// Parameter validation
|
||||
if (!is_array($values)) {
|
||||
$values = array($values);
|
||||
}
|
||||
|
||||
foreach ($values as $key => $value) {
|
||||
// Translate hex code into ascii
|
||||
$values[$key] = self::hex2asc($value);
|
||||
}
|
||||
|
||||
return $values;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts all ASCII chars < 32 to "\HEX"
|
||||
*
|
||||
* @param string $string String to convert
|
||||
*
|
||||
* @static
|
||||
* @return string
|
||||
*/
|
||||
public static function asc2hex32($string)
|
||||
{
|
||||
for ($i = 0; $i < strlen($string); $i++) {
|
||||
$char = substr($string, $i, 1);
|
||||
if (ord($char) < 32) {
|
||||
$hex = dechex(ord($char));
|
||||
if (strlen($hex) == 1) $hex = '0'.$hex;
|
||||
$string = str_replace($char, '\\'.$hex, $string);
|
||||
}
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts all Hex expressions ("\HEX") to their original ASCII characters
|
||||
*
|
||||
* @param string $string String to convert
|
||||
*
|
||||
* @static
|
||||
* @author beni@php.net, heavily based on work from DavidSmith@byu.net
|
||||
* @return string
|
||||
*/
|
||||
public static function hex2asc($string)
|
||||
{
|
||||
$string = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $string);
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Split an multivalued RDN value into an Array
|
||||
*
|
||||
* A RDN can contain multiple values, spearated by a plus sign.
|
||||
* This function returns each separate ocl=value pair of the RDN part.
|
||||
*
|
||||
* If no multivalued RDN is detected, an array containing only
|
||||
* the original rdn part is returned.
|
||||
*
|
||||
* For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to:
|
||||
* <kbd>array([0] => 'OU=Sales', [1] => 'CN=J. Smith')</kbd>
|
||||
*
|
||||
* The method trys to be smart if it encounters unescaped "+" characters, but may fail,
|
||||
* so ensure escaped "+"es in attr names and attr values.
|
||||
*
|
||||
* [BUG] If you have a multivalued RDN with unescaped plus characters
|
||||
* and there is a unescaped plus sign at the end of an value followed by an
|
||||
* attribute name containing an unescaped plus, then you will get wrong splitting:
|
||||
* $rdn = 'OU=Sales+C+N=J. Smith';
|
||||
* returns:
|
||||
* array('OU=Sales+C', 'N=J. Smith');
|
||||
* The "C+" is treaten as value of the first pair instead as attr name of the second pair.
|
||||
* To prevent this, escape correctly.
|
||||
*
|
||||
* @param string $rdn Part of an (multivalued) escaped RDN (eg. ou=foo OR ou=foo+cn=bar)
|
||||
*
|
||||
* @static
|
||||
* @return array Array with the components of the multivalued RDN or Error
|
||||
*/
|
||||
public static function split_rdn_multival($rdn)
|
||||
{
|
||||
$rdns = preg_split('/(?<!\\\\)\+/', $rdn);
|
||||
$rdns = self::correct_dn_splitting($rdns, '+');
|
||||
return array_values($rdns);
|
||||
}
|
||||
|
||||
/**
|
||||
* Splits a attribute=value syntax into an array
|
||||
*
|
||||
* The split will occur at the first unescaped '=' character.
|
||||
*
|
||||
* @param string $attr Attribute and Value Syntax
|
||||
*
|
||||
* @return array Indexed array: 0=attribute name, 1=attribute value
|
||||
*/
|
||||
public static function split_attribute_string($attr)
|
||||
{
|
||||
return preg_split('/(?<!\\\\)=/', $attr, 2);
|
||||
}
|
||||
|
||||
/**
|
||||
* Corrects splitting of dn parts
|
||||
*
|
||||
* @param array $dn Raw DN array
|
||||
* @param array $separator Separator that was used when splitting
|
||||
*
|
||||
* @return array Corrected array
|
||||
* @access protected
|
||||
*/
|
||||
protected static function correct_dn_splitting($dn = array(), $separator = ',')
|
||||
{
|
||||
foreach ($dn as $key => $dn_value) {
|
||||
$dn_value = $dn[$key]; // refresh value (foreach caches!)
|
||||
// if the dn_value is not in attr=value format, then we had an
|
||||
// unescaped separator character inside the attr name or the value.
|
||||
// We assume, that it was the attribute value.
|
||||
// [TODO] To solve this, we might ask the schema. Keep in mind, that UTIL class
|
||||
// must remain independent from the other classes or connections.
|
||||
if (!preg_match('/.+(?<!\\\\)=.+/', $dn_value)) {
|
||||
unset($dn[$key]);
|
||||
if (array_key_exists($key-1, $dn)) {
|
||||
$dn[$key-1] = $dn[$key-1].$separator.$dn_value; // append to previous attr value
|
||||
} else {
|
||||
$dn[$key+1] = $dn_value.$separator.$dn[$key+1]; // first element: prepend to next attr name
|
||||
}
|
||||
}
|
||||
}
|
||||
return array_values($dn);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -130,6 +130,14 @@ $external_libraries=array(
|
|||
'include'=>'Net/URL/Mapper.php',
|
||||
'check_class'=>'Net_URL_Mapper'
|
||||
),
|
||||
array(
|
||||
'name'=>'Net_LDAP2',
|
||||
'pear'=>'Net_LDAP2',
|
||||
'url'=>'http://pear.php.net/package/Net_LDAP2',
|
||||
'deb'=>'php-net-ldap2',
|
||||
'include'=>'Net/LDAP2.php',
|
||||
'check_class'=>'Net_LDAP2'
|
||||
),
|
||||
array(
|
||||
'name'=>'Net_Socket',
|
||||
'pear'=>'Net_Socket',
|
||||
|
|
45
plugins/Ldap/LdapPlugin.php
Normal file
45
plugins/Ldap/LdapPlugin.php
Normal file
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
/**
|
||||
* StatusNet, the distributed open-source microblogging tool
|
||||
*
|
||||
* Plugin to enable LDAP Authentication and Authorization
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* LICENCE: This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* @category Plugin
|
||||
* @package StatusNet
|
||||
* @author Craig Andrews <candrews@integralblue.com>
|
||||
* @copyright 2009 Craig Andrews http://candrews.integralblue.com
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
if (!defined('STATUSNET') && !defined('LACONICA')) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
class LdapPlugin extends Plugin
|
||||
{
|
||||
function __construct()
|
||||
{
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
function onCheckPassword($nickname, $password, &$authenticated)
|
||||
{
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user