Context Navigation

source: github/program/include/rcube_ldap.php @ 0131ec9

Visit:

HEADcourier-fixdev-browser-capabilitiespdorelease-0.6release-0.7release-0.8

Last change on this file since 0131ec9 was 0131ec9, checked in by alecpl <alec@…>, 4 years ago
Fix LDAP attributes case senitivity problems (#1485830)
Property mode set to `100644`
File size: 15.2 KB

Line
1	<?php
2	/*
3	+-----------------------------------------------------------------------+
4	\| program/include/rcube_ldap.php \|
5	\| \|
6	\| This file is part of the RoundCube Webmail client \|
7	\| Copyright (C) 2006-2009, RoundCube Dev. - Switzerland \|
8	\| Licensed under the GNU GPL \|
9	\| \|
10	\| PURPOSE: \|
11	\| Interface to an LDAP address directory \|
12	\| \|
13	+-----------------------------------------------------------------------+
14	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
15	+-----------------------------------------------------------------------+
16
17	$Id$
18
19	*/
20
21
22	/**
23	* Model class to access an LDAP address directory
24	*
25	* @package Addressbook
26	*/
27	class rcube_ldap extends rcube_addressbook
28	{
29	var $conn;
30	var $prop = array();
31	var $fieldmap = array();
32
33	var $filter = '';
34	var $result = null;
35	var $ldap_result = null;
36	var $sort_col = '';
37
38	/** public properties */
39	var $primary_key = 'ID';
40	var $readonly = true;
41	var $list_page = 1;
42	var $page_size = 10;
43	var $ready = false;
44
45
46	/**
47	* Object constructor
48	*
49	* @param array LDAP connection properties
50	* @param integer User-ID
51	*/
52	function __construct($p)
53	{
54	$this->prop = $p;
55
56	foreach ($p as $prop => $value)
57	if (preg_match('/^(.+)_field$/', $prop, $matches))
58	$this->fieldmap[$matches[1]] = strtolower($value);
59
60	$this->sort_col = $p['sort'];
61
62	$this->connect();
63	}
64
65
66	/**
67	* Establish a connection to the LDAP server
68	*/
69	function connect()
70	{
71	global $RCMAIL;
72
73	if (!function_exists('ldap_connect'))
74	raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "No ldap support in this installation of PHP"), true);
75
76	if (is_resource($this->conn))
77	return true;
78
79	if (!is_array($this->prop['hosts']))
80	$this->prop['hosts'] = array($this->prop['hosts']);
81
82	if (empty($this->prop['ldap_version']))
83	$this->prop['ldap_version'] = 3;
84
85	foreach ($this->prop['hosts'] as $host)
86	{
87	if ($lc = @ldap_connect($host, $this->prop['port']))
88	{
89	if ($this->prop['use_tls']===true)
90	if (!ldap_start_tls($lc))
91	continue;
92
93	ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->prop['ldap_version']);
94	$this->prop['host'] = $host;
95	$this->conn = $lc;
96	break;
97	}
98	}
99
100	if (is_resource($this->conn))
101	{
102	$this->ready = true;
103
104	// User specific access, generate the proper values to use.
105	if ($this->prop['user_specific']) {
106	// No password set, use the session password
107	if (empty($this->prop['bind_pass'])) {
108	$this->prop['bind_pass'] = $RCMAIL->decrypt($_SESSION['password']);
109	}
110
111	// Get the pieces needed for variable replacement.
112	$fu = $RCMAIL->user->get_username();
113	list($u, $d) = explode('@', $fu);
114
115	// Replace the bind_dn and base_dn variables.
116	$replaces = array('%fu' => $fu, '%u' => $u, '%d' => $d);
117	$this->prop['bind_dn'] = strtr($this->prop['bind_dn'], $replaces);
118	$this->prop['base_dn'] = strtr($this->prop['base_dn'], $replaces);
119	}
120
121	if (!empty($this->prop['bind_dn']) && !empty($this->prop['bind_pass']))
122	$this->ready = $this->bind($this->prop['bind_dn'], $this->prop['bind_pass']);
123	}
124	else
125	raise_error(array('code' => 100, 'type' => 'ldap', 'message' => "Could not connect to any LDAP server, tried $host:{$this->prop[port]} last"), true);
126
127	// See if the directory is writeable.
128	if ($this->prop['writable']) {
129	$this->readonly = false;
130	} // end if
131
132	}
133
134
135	/**
136	* Bind connection with DN and password
137	*
138	* @param string Bind DN
139	* @param string Bind password
140	* @return boolean True on success, False on error
141	*/
142	function bind($dn, $pass)
143	{
144	if (!$this->conn) {
145	return false;
146	}
147
148	if (@ldap_bind($this->conn, $dn, $pass)) {
149	return true;
150	}
151
152	raise_error(array(
153	'code' => ldap_errno($this->conn),
154	'type' => 'ldap',
155	'message' => "Bind failed for dn=$dn: ".ldap_error($this->conn)),
156	true);
157
158	return false;
159	}
160
161
162	/**
163	* Close connection to LDAP server
164	*/
165	function close()
166	{
167	if ($this->conn)
168	{
169	ldap_unbind($this->conn);
170	$this->conn = null;
171	}
172	}
173
174
175	/**
176	* Set internal list page
177	*
178	* @param number Page number to list
179	* @access public
180	*/
181	function set_page($page)
182	{
183	$this->list_page = (int)$page;
184	}
185
186
187	/**
188	* Set internal page size
189	*
190	* @param number Number of messages to display on one page
191	* @access public
192	*/
193	function set_pagesize($size)
194	{
195	$this->page_size = (int)$size;
196	}
197
198
199	/**
200	* Save a search string for future listings
201	*
202	* @param string Filter string
203	*/
204	function set_search_set($filter)
205	{
206	$this->filter = $filter;
207	}
208
209
210	/**
211	* Getter for saved search properties
212	*
213	* @return mixed Search properties used by this class
214	*/
215	function get_search_set()
216	{
217	return $this->filter;
218	}
219
220
221	/**
222	* Reset all saved results and search parameters
223	*/
224	function reset()
225	{
226	$this->result = null;
227	$this->ldap_result = null;
228	$this->filter = '';
229	}
230
231
232	/**
233	* List the current set of contact records
234	*
235	* @param array List of cols to show
236	* @param int Only return this number of records
237	* @return array Indexed list of contact records, each a hash array
238	*/
239	function list_records($cols=null, $subset=0)
240	{
241	// add general filter to query
242	if (!empty($this->prop['filter']) && empty($this->filter))
243	{
244	$filter = $this->prop['filter'];
245	$this->set_search_set($filter);
246	}
247
248	// exec LDAP search if no result resource is stored
249	if ($this->conn && !$this->ldap_result)
250	$this->_exec_search();
251
252	// count contacts for this user
253	$this->result = $this->count();
254
255	// we have a search result resource
256	if ($this->ldap_result && $this->result->count > 0)
257	{
258	if ($this->sort_col && $this->prop['scope'] !== 'base')
259	ldap_sort($this->conn, $this->ldap_result, $this->sort_col);
260
261	$start_row = $subset < 0 ? $this->result->first + $this->page_size + $subset : $this->result->first;
262	$last_row = $this->result->first + $this->page_size;
263	$last_row = $subset != 0 ? $start_row + abs($subset) : $last_row;
264
265	$entries = ldap_get_entries($this->conn, $this->ldap_result);
266	for ($i = $start_row; $i < min($entries['count'], $last_row); $i++)
267	$this->result->add($this->_ldap2result($entries[$i]));
268	}
269
270	return $this->result;
271	}
272
273
274	/**
275	* Search contacts
276	*
277	* @param array List of fields to search in
278	* @param string Search value
279	* @param boolean True if results are requested, False if count only
280	* @return array Indexed list of contact records and 'count' value
281	*/
282	function search($fields, $value, $strict=false, $select=true)
283	{
284	// special treatment for ID-based search
285	if ($fields == 'ID' \|\| $fields == $this->primary_key)
286	{
287	$ids = explode(',', $value);
288	$result = new rcube_result_set();
289	foreach ($ids as $id)
290	if ($rec = $this->get_record($id, true))
291	{
292	$result->add($rec);
293	$result->count++;
294	}
295
296	return $result;
297	}
298
299	$filter = '(\|';
300	$wc = !$strict && $this->prop['fuzzy_search'] ? '*' : '';
301	if (is_array($this->prop['search_fields']))
302	{
303	foreach ($this->prop['search_fields'] as $k => $field)
304	$filter .= "($field=$wc" . rcube_ldap::quote_string($value) . "$wc)";
305	}
306	else
307	{
308	foreach ((array)$fields as $field)
309	if ($f = $this->_map_field($field))
310	$filter .= "($f=$wc" . rcube_ldap::quote_string($value) . "$wc)";
311	}
312	$filter .= ')';
313
314	// avoid double-wildcard if $value is empty
315	$filter = preg_replace('/\+/', '', $filter);
316
317	// add general filter to query
318	if (!empty($this->prop['filter']))
319	$filter = '(&(' . preg_replace('/^\(\|\)$/', '', $this->prop['filter']) . ')' . $filter . ')';
320
321	// set filter string and execute search
322	$this->set_search_set($filter);
323	$this->_exec_search();
324
325	if ($select)
326	$this->list_records();
327	else
328	$this->result = $this->count();
329
330	return $this->result;
331	}
332
333
334	/**
335	* Count number of available contacts in database
336	*
337	* @return object rcube_result_set Resultset with values for 'count' and 'first'
338	*/
339	function count()
340	{
341	$count = 0;
342	if ($this->conn && $this->ldap_result) {
343	$count = ldap_count_entries($this->conn, $this->ldap_result);
344	} // end if
345	elseif ($this->conn) {
346	// We have a connection but no result set, attempt to get one.
347	if (empty($this->filter)) {
348	// The filter is not set, set it.
349	$this->filter = $this->prop['filter'];
350	} // end if
351	$this->_exec_search();
352	if ($this->ldap_result) {
353	$count = ldap_count_entries($this->conn, $this->ldap_result);
354	} // end if
355	} // end else
356
357	return new rcube_result_set($count, ($this->list_page-1) * $this->page_size);
358	}
359
360
361	/**
362	* Return the last result set
363	*
364	* @return object rcube_result_set Current resultset or NULL if nothing selected yet
365	*/
366	function get_result()
367	{
368	return $this->result;
369	}
370
371
372	/**
373	* Get a specific contact record
374	*
375	* @param mixed Record identifier
376	* @param boolean Return as associative array
377	* @return mixed Hash array or rcube_result_set with all record fields
378	*/
379	function get_record($dn, $assoc=false)
380	{
381	$res = null;
382	if ($this->conn && $dn)
383	{
384	$this->ldap_result = ldap_read($this->conn, base64_decode($dn), "(objectclass=*)", array_values($this->fieldmap));
385	$entry = @ldap_first_entry($this->conn, $this->ldap_result);
386
387	if ($entry && ($rec = ldap_get_attributes($this->conn, $entry)))
388	{
389	$rec = array_change_key_case($rec, CASE_LOWER);
390
391	// Add in the dn for the entry.
392	$rec['dn'] = base64_decode($dn);
393	$res = $this->_ldap2result($rec);
394	$this->result = new rcube_result_set(1);
395	$this->result->add($res);
396	}
397	}
398
399	return $assoc ? $res : $this->result;
400	}
401
402
403	/**
404	* Create a new contact record
405	*
406	* @param array Hash array with save data
407	* @return encoded record ID on success, False on error
408	*/
409	function insert($save_cols)
410	{
411	// Map out the column names to their LDAP ones to build the new entry.
412	$newentry = array();
413	$newentry['objectClass'] = $this->prop['LDAP_Object_Classes'];
414	foreach ($save_cols as $col => $val) {
415	$fld = $this->_map_field($col);
416	if ($fld != '') {
417	// The field does exist, add it to the entry.
418	$newentry[$fld] = $val;
419	} // end if
420	} // end foreach
421
422	// Verify that the required fields are set.
423	// We know that the email address is required as a default of rcube, so
424	// we will default its value into any unfilled required fields.
425	foreach ($this->prop['required_fields'] as $fld) {
426	if (!isset($newentry[$fld])) {
427	$newentry[$fld] = $newentry[$this->_map_field('email')];
428	} // end if
429	} // end foreach
430
431	// Build the new entries DN.
432	$dn = $this->prop['LDAP_rdn'].'='.$newentry[$this->prop['LDAP_rdn']].','.$this->prop['base_dn'];
433	$res = ldap_add($this->conn, $dn, $newentry);
434	if ($res === FALSE) {
435	return false;
436	} // end if
437
438	return base64_encode($dn);
439	}
440
441
442	/**
443	* Update a specific contact record
444	*
445	* @param mixed Record identifier
446	* @param array Hash array with save data
447	* @return boolean True on success, False on error
448	*/
449	function update($id, $save_cols)
450	{
451	$record = $this->get_record($id, true);
452	$result = $this->get_result();
453	$record = $result->first();
454
455	$newdata = array();
456	$replacedata = array();
457	$deletedata = array();
458	foreach ($save_cols as $col => $val) {
459	$fld = $this->_map_field($col);
460	if ($fld != '') {
461	// The field does exist compare it to the ldap record.
462	if ($record[$col] != $val) {
463	// Changed, but find out how.
464	if (!isset($record[$col])) {
465	// Field was not set prior, need to add it.
466	$newdata[$fld] = $val;
467	} // end if
468	elseif ($val == '') {
469	// Field supplied is empty, verify that it is not required.
470	if (!in_array($fld, $this->prop['required_fields'])) {
471	// It is not, safe to clear.
472	$deletedata[$fld] = $record[$col];
473	} // end if
474	} // end elseif
475	else {
476	// The data was modified, save it out.
477	$replacedata[$fld] = $val;
478	} // end else
479	} // end if
480	} // end if
481	} // end foreach
482
483	// Update the entry as required.
484	$dn = base64_decode($id);
485	if (!empty($deletedata)) {
486	// Delete the fields.
487	$res = ldap_mod_del($this->conn, $dn, $deletedata);
488	if ($res === FALSE) {
489	return false;
490	} // end if
491	} // end if
492
493	if (!empty($replacedata)) {
494	// Replace the fields.
495	$res = ldap_mod_replace($this->conn, $dn, $replacedata);
496	if ($res === FALSE) {
497	return false;
498	} // end if
499	} // end if
500
501	if (!empty($newdata)) {
502	// Add the fields.
503	$res = ldap_mod_add($this->conn, $dn, $newdata);
504	if ($res === FALSE) {
505	return false;
506	} // end if
507	} // end if
508
509	return true;
510	}
511
512
513	/**
514	* Mark one or more contact records as deleted
515	*
516	* @param array Record identifiers
517	* @return boolean True on success, False on error
518	*/
519	function delete($ids)
520	{
521	if (!is_array($ids)) {
522	// Not an array, break apart the encoded DNs.
523	$dns = explode(',', $ids);
524	} // end if
525
526	foreach ($dns as $id) {
527	$dn = base64_decode($id);
528	// Delete the record.
529	$res = ldap_delete($this->conn, $dn);
530	if ($res === FALSE) {
531	return false;
532	} // end if
533	} // end foreach
534
535	return true;
536	}
537
538
539	/**
540	* Execute the LDAP search based on the stored credentials
541	*
542	* @access private
543	*/
544	function _exec_search()
545	{
546	if ($this->ready && $this->filter)
547	{
548	$function = $this->prop['scope'] == 'sub' ? 'ldap_search' : ($this->prop['scope'] == 'base' ? 'ldap_read' : 'ldap_list');
549	$this->ldap_result = $function($this->conn, $this->prop['base_dn'], $this->filter, array_values($this->fieldmap), 0, 0);
550	return true;
551	}
552	else
553	return false;
554	}
555
556
557	/**
558	* @access private
559	*/
560	function _ldap2result($rec)
561	{
562	$out = array();
563
564	if ($rec['dn'])
565	$out[$this->primary_key] = base64_encode($rec['dn']);
566
567	foreach ($this->fieldmap as $rf => $lf)
568	{
569	if ($rec[$lf]['count'])
570	$out[$rf] = $rec[$lf][0];
571	}
572
573	return $out;
574	}
575
576
577	/**
578	* @access private
579	*/
580	function _map_field($field)
581	{
582	return $this->fieldmap[$field];
583	}
584
585
586	/**
587	* @static
588	*/
589	function quote_string($str)
590	{
591	return strtr($str, array('*'=>'\2a', '('=>'\28', ')'=>'\29', '\\'=>'\5c'));
592	}
593
594	}
595
596	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: