d7/d13/AttributeAddFromLDAP_8php_source.html

<?php


class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Process_BaseFilter

{


    protected $search_attributes;


    protected $search_filter;


    protected $attr_policy;


    public function __construct($config, $reserved)

    {

        /*

         * For backwards compatibility, check for old config names

         * @TODO Remove after 2.0

         */

        if (isset($config['ldap_host'])) {

            $config['ldap.hostname'] = $config['ldap_host'];

        }

        if (isset($config['ldap_port'])) {

            $config['ldap.port'] = $config['ldap_port'];

        }

        if (isset($config['ldap_bind_user'])) {

            $config['ldap.username'] = $config['ldap_bind_user'];

        }

        if (isset($config['ldap_bind_pwd'])) {

            $config['ldap.password'] = $config['ldap_bind_pwd'];

        }

        if (isset($config['userid_attribute'])) {

            $config['attribute.username'] = $config['userid_attribute'];

        }

        if (isset($config['ldap_search_base_dn'])) {

            $config['ldap.basedn'] = $config['ldap_search_base_dn'];

        }

        if (isset($config['ldap_search_filter'])) {

            $config['search.filter'] = $config['ldap_search_filter'];

        }

        if (isset($config['ldap_search_attribute'])) {

            $config['search.attribute'] = $config['ldap_search_attribute'];

        }

        if (isset($config['new_attribute_name'])) {

            $config['attribute.new'] = $config['new_attribute_name'];

        }


        /*

         * Remove the old config names

         * @TODO Remove after 2.0

         */

        unset(

            $config['ldap_host'],

            $config['ldap_port'],

            $config['ldap_bind_user'],

            $config['ldap_bind_pwd'],

            $config['userid_attribute'],

            $config['ldap_search_base_dn'],

            $config['ldap_search_filter'],

            $config['ldap_search_attribute'],

            $config['new_attribute_name']

        );


        // Now that we checked for BC, run the parent constructor

        parent::__construct($config, $reserved);


        // Get filter specific config options

        $this->search_attributes = $this->config->getArrayize('attributes', array());

        if (empty($this->search_attributes)) {

            $new_attribute = $this->config->getString('attribute.new', '');

            $this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');

        }

        $this->search_filter = $this->config->getString('search.filter');


        // get the attribute policy

        $this->attr_policy = $this->config->getString('attribute.policy', 'merge');

    }


    public function process(&$request)

    {

        assert('is_array($request)');

        assert('array_key_exists("Attributes", $request)');


        $attributes =& $request['Attributes'];


        // perform a merge on the ldap_search_filter


        // loop over the attributes and build the search and replace arrays

        foreach ($attributes as $attr => $val) {

            $arrSearch[] = '%'.$attr.'%';


            if (strlen($val[0]) > 0) {

                $arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);

            } else {

                $arrReplace[] = '';

            }

        }


        // merge the attributes into the ldap_search_filter

        $filter = str_replace($arrSearch, $arrReplace, $this->search_filter);


        if (strpos($filter, '%') !== false) {

            SimpleSAML\Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.

                                    $this->search_filter.')');

            return;

        }


        if (!in_array($this->attr_policy, array('merge', 'replace', 'add'), true)) {

            SimpleSAML\Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".

                                       "'replace' or 'add'.");

            return;

        }


        // getLdap

        try {

            $ldap = $this->getLdap();

        } catch (Exception $e) {

            // Added this warning in case $this->getLdap() fails

            SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);

            return;

        }

        // search for matching entries

        try {

            $entries = $ldap->searchformultiple(

                $this->base_dn,

                $filter,

                array_values($this->search_attributes),

                true,

                false

            );

        } catch (Exception $e) {

            return; // silent fail, error is still logged by LDAP search

        }


        // handle [multiple] values

        foreach ($entries as $entry) {

            foreach ($this->search_attributes as $target => $name) {

                if (is_numeric($target)) {

                    $target = $name;

                }


                if (isset($attributes[$target]) && $this->attr_policy === 'replace') {

                    unset($attributes[$target]);

                }

                $name = strtolower($name);

                if (isset($entry[$name])) {

                    unset($entry[$name]['count']);

                    if (isset($attributes[$target])) {

                        foreach (array_values($entry[$name]) as $value) {

                            if ($this->attr_policy === 'merge') {

                                if (!in_array($value, $attributes[$target], true)) {

                                    $attributes[$target][] = $value;

                                }

                            } else {

                                $attributes[$target][] = $value;

                            }

                        }

                    } else {

                        $attributes[$target] = array_values($entry[$name]);

                    }

                }

            }

        }

    }

}

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:201

SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:179

SimpleSAML_Auth_LDAP\escape_filter_value
static escape_filter_value($values=array(), $singleValue=true)
Borrowed function from PEAR:LDAP.
Definition: LDAP.php:651

sspmod_ldap_Auth_Process_AttributeAddFromLDAP
Definition: AttributeAddFromLDAP.php:36

sspmod_ldap_Auth_Process_AttributeAddFromLDAP\$search_attributes
$search_attributes
Definition: AttributeAddFromLDAP.php:43

sspmod_ldap_Auth_Process_AttributeAddFromLDAP\$search_filter
$search_filter
Definition: AttributeAddFromLDAP.php:51

sspmod_ldap_Auth_Process_AttributeAddFromLDAP\process
process(&$request)
Add attributes from an LDAP server.
Definition: AttributeAddFromLDAP.php:138

sspmod_ldap_Auth_Process_AttributeAddFromLDAP\__construct
__construct($config, $reserved)
Initialize this filter.
Definition: AttributeAddFromLDAP.php:67

sspmod_ldap_Auth_Process_AttributeAddFromLDAP\$attr_policy
$attr_policy
Definition: AttributeAddFromLDAP.php:59

sspmod_ldap_Auth_Process_BaseFilter
Definition: BaseFilter.php:16

sspmod_ldap_Auth_Process_BaseFilter\getLdap
getLdap()
Getter for the LDAP connection object.
Definition: BaseFilter.php:256

sspmod_ldap_Auth_Process_BaseFilter\$config
$config
Definition: BaseFilter.php:44

sspmod_ldap_Auth_Process_BaseFilter\$ldap
$ldap
Definition: BaseFilter.php:53

$target
$target
Definition: generate-schema-cache.php:22

$name
if($format !==null) $name
Definition: metadata.php:146

$attributes
$attributes
Definition: serviceValidate.php:33