ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
AttributeAddFromLDAP.php
Go to the documentation of this file.
1<?php
2
36{
37
44
45
51 protected $search_filter;
52
53
59 protected $attr_policy;
60
67 public function __construct($config, $reserved)
68 {
69 /*
70 * For backwards compatibility, check for old config names
71 * @TODO Remove after 2.0
72 */
73 if (isset($config['ldap_host'])) {
74 $config['ldap.hostname'] = $config['ldap_host'];
75 }
76 if (isset($config['ldap_port'])) {
77 $config['ldap.port'] = $config['ldap_port'];
78 }
79 if (isset($config['ldap_bind_user'])) {
80 $config['ldap.username'] = $config['ldap_bind_user'];
81 }
82 if (isset($config['ldap_bind_pwd'])) {
83 $config['ldap.password'] = $config['ldap_bind_pwd'];
84 }
85 if (isset($config['userid_attribute'])) {
86 $config['attribute.username'] = $config['userid_attribute'];
87 }
88 if (isset($config['ldap_search_base_dn'])) {
89 $config['ldap.basedn'] = $config['ldap_search_base_dn'];
90 }
91 if (isset($config['ldap_search_filter'])) {
92 $config['search.filter'] = $config['ldap_search_filter'];
93 }
94 if (isset($config['ldap_search_attribute'])) {
95 $config['search.attribute'] = $config['ldap_search_attribute'];
96 }
97 if (isset($config['new_attribute_name'])) {
98 $config['attribute.new'] = $config['new_attribute_name'];
99 }
100
101 /*
102 * Remove the old config names
103 * @TODO Remove after 2.0
104 */
105 unset(
106 $config['ldap_host'],
107 $config['ldap_port'],
108 $config['ldap_bind_user'],
109 $config['ldap_bind_pwd'],
110 $config['userid_attribute'],
111 $config['ldap_search_base_dn'],
112 $config['ldap_search_filter'],
113 $config['ldap_search_attribute'],
114 $config['new_attribute_name']
115 );
116
117 // Now that we checked for BC, run the parent constructor
118 parent::__construct($config, $reserved);
119
120 // Get filter specific config options
121 $this->search_attributes = $this->config->getArrayize('attributes', array());
122 if (empty($this->search_attributes)) {
123 $new_attribute = $this->config->getString('attribute.new', '');
124 $this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
125 }
126 $this->search_filter = $this->config->getString('search.filter');
127
128 // get the attribute policy
129 $this->attr_policy = $this->config->getString('attribute.policy', 'merge');
130 }
131
132
138 public function process(&$request)
139 {
140 assert('is_array($request)');
141 assert('array_key_exists("Attributes", $request)');
142
143 $attributes =& $request['Attributes'];
144
145 // perform a merge on the ldap_search_filter
146
147 // loop over the attributes and build the search and replace arrays
148 foreach ($attributes as $attr => $val) {
149 $arrSearch[] = '%'.$attr.'%';
150
151 if (strlen($val[0]) > 0) {
152 $arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
153 } else {
154 $arrReplace[] = '';
155 }
156 }
157
158 // merge the attributes into the ldap_search_filter
159 $filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
160
161 if (strpos($filter, '%') !== false) {
162 SimpleSAML\Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.
163 $this->search_filter.')');
164 return;
165 }
166
167 if (!in_array($this->attr_policy, array('merge', 'replace', 'add'), true)) {
168 SimpleSAML\Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
169 "'replace' or 'add'.");
170 return;
171 }
172
173 // getLdap
174 try {
175 $ldap = $this->getLdap();
176 } catch (Exception $e) {
177 // Added this warning in case $this->getLdap() fails
178 SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
179 return;
180 }
181 // search for matching entries
182 try {
183 $entries = $ldap->searchformultiple(
184 $this->base_dn,
185 $filter,
186 array_values($this->search_attributes),
187 true,
188 false
189 );
190 } catch (Exception $e) {
191 return; // silent fail, error is still logged by LDAP search
192 }
193
194 // handle [multiple] values
195 foreach ($entries as $entry) {
196 foreach ($this->search_attributes as $target => $name) {
197 if (is_numeric($target)) {
198 $target = $name;
199 }
200
201 if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
202 unset($attributes[$target]);
203 }
204 $name = strtolower($name);
205 if (isset($entry[$name])) {
206 unset($entry[$name]['count']);
207 if (isset($attributes[$target])) {
208 foreach (array_values($entry[$name]) as $value) {
209 if ($this->attr_policy === 'merge') {
210 if (!in_array($value, $attributes[$target], true)) {
211 $attributes[$target][] = $value;
212 }
213 } else {
214 $attributes[$target][] = $value;
215 }
216 }
217 } else {
218 $attributes[$target] = array_values($entry[$name]);
219 }
220 }
221 }
222 }
223 }
224}
An exception for terminatinating execution or to throw for unit testing.
static info($string)
Definition: Logger.php:201
static warning($string)
Definition: Logger.php:179
static escape_filter_value($values=array(), $singleValue=true)
Borrowed function from PEAR:LDAP.
Definition: LDAP.php:651
process(&$request)
Add attributes from an LDAP server.
__construct($config, $reserved)
Initialize this filter.
getLdap()
Getter for the LDAP connection object.
Definition: BaseFilter.php:256
if($format !==null) $name
Definition: metadata.php:146
$attributes