sspmod_ldap_Auth_Process_AttributeAddFromLDAP Class Reference

Inheritance diagram for sspmod_ldap_Auth_Process_AttributeAddFromLDAP:

Collaboration diagram for sspmod_ldap_Auth_Process_AttributeAddFromLDAP:

Public Member Functions
	__construct ($config, $reserved)
	Initialize this filter. More...
	process (&$request)
	Add attributes from an LDAP server. More...
Public Member Functions inherited from sspmod_ldap_Auth_Process_BaseFilter
	__construct (&$config, $reserved)
	Checks the authsource, if defined, for configuration values to the LDAP server. More...
Public Member Functions inherited from SimpleSAML_Auth_ProcessingFilter
	__construct (&$config, $reserved)
	Constructor for a processing filter. More...
	process (&$request)
	Process a request. More...

Protected Attributes
	$search_attributes
	$search_filter
	$attr_policy
Protected Attributes inherited from sspmod_ldap_Auth_Process_BaseFilter
	$attribute_map
	$base_dn
	$config
	$product
	$title = 'ldap:BaseFilter : '
	$type_map

Additional Inherited Members
Data Fields inherited from SimpleSAML_Auth_ProcessingFilter
	$priority = 50
	Priority of this filter. More...
Protected Member Functions inherited from sspmod_ldap_Auth_Process_BaseFilter
	getLdap ()
	Getter for the LDAP connection object. More...
	var_export ($value)
	Local utility function to get details about a variable, basically converting it to a string to be used in a log message. More...

Detailed Description

Definition at line 35 of file AttributeAddFromLDAP.php.

Constructor & Destructor Documentation

__construct()

sspmod_ldap_Auth_Process_AttributeAddFromLDAP::__construct	(		$config,
			$reserved
	)

Initialize this filter.

Parameters

array	$config	Configuration information about this filter.
mixed	$reserved	For future use.

Definition at line 67 of file AttributeAddFromLDAP.php.

References sspmod_ldap_Auth_Process_BaseFilter\$config, and array.

    {
        /*
         * For backwards compatibility, check for old config names
         * @TODO Remove after 2.0
         */
        if (isset($config['ldap_host'])) {
            $config['ldap.hostname'] = $config['ldap_host'];
        }
        if (isset($config['ldap_port'])) {
            $config['ldap.port'] = $config['ldap_port'];
        }
        if (isset($config['ldap_bind_user'])) {
            $config['ldap.username'] = $config['ldap_bind_user'];
        }
        if (isset($config['ldap_bind_pwd'])) {
            $config['ldap.password'] = $config['ldap_bind_pwd'];
        }
        if (isset($config['userid_attribute'])) {
            $config['attribute.username'] = $config['userid_attribute'];
        }
        if (isset($config['ldap_search_base_dn'])) {
            $config['ldap.basedn'] = $config['ldap_search_base_dn'];
        }
        if (isset($config['ldap_search_filter'])) {
            $config['search.filter'] = $config['ldap_search_filter'];
        }
        if (isset($config['ldap_search_attribute'])) {
            $config['search.attribute'] = $config['ldap_search_attribute'];
        }
        if (isset($config['new_attribute_name'])) {
            $config['attribute.new'] = $config['new_attribute_name'];
        }

        /*
         * Remove the old config names
         * @TODO Remove after 2.0
         */
        unset(
            $config['ldap_host'],
            $config['ldap_port'],
            $config['ldap_bind_user'],
            $config['ldap_bind_pwd'],
            $config['userid_attribute'],
            $config['ldap_search_base_dn'],
            $config['ldap_search_filter'],
            $config['ldap_search_attribute'],
            $config['new_attribute_name']
        );

        // Now that we checked for BC, run the parent constructor
        parent::__construct($config, $reserved);

        // Get filter specific config options
        $this->search_attributes = $this->config->getArrayize('attributes', array());
        if (empty($this->search_attributes)) {
            $new_attribute = $this->config->getString('attribute.new', '');
            $this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
        }
        $this->search_filter = $this->config->getString('search.filter');

        // get the attribute policy
        $this->attr_policy = $this->config->getString('attribute.policy', 'merge');
    }

Member Function Documentation

process()

sspmod_ldap_Auth_Process_AttributeAddFromLDAP::process

(

&

$request

)

Add attributes from an LDAP server.

Parameters

array

&$request

The current request

Definition at line 138 of file AttributeAddFromLDAP.php.

References $attributes, sspmod_ldap_Auth_Process_BaseFilter\$ldap, $name, $target, array, SimpleSAML_Auth_LDAP\escape_filter_value(), sspmod_ldap_Auth_Process_BaseFilter\getLdap(), SimpleSAML\Logger\info(), and SimpleSAML\Logger\warning().

    {
        assert('is_array($request)');
        assert('array_key_exists("Attributes", $request)');

        $attributes =& $request['Attributes'];

        // perform a merge on the ldap_search_filter

        // loop over the attributes and build the search and replace arrays
        foreach ($attributes as $attr => $val) {
            $arrSearch[] = '%'.$attr.'%';

            if (strlen($val[0]) > 0) {
                $arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
            } else {
                $arrReplace[] = '';
            }
        }

        // merge the attributes into the ldap_search_filter
        $filter = str_replace($arrSearch, $arrReplace, $this->search_filter);

        if (strpos($filter, '%') !== false) {
            SimpleSAML\Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.
                                    $this->search_filter.')');
            return;
        }

        if (!in_array($this->attr_policy, array('merge', 'replace', 'add'), true)) {
            SimpleSAML\Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
                                       "'replace' or 'add'.");
            return;
        }

        // getLdap
        try {
            $ldap = $this->getLdap();
        } catch (Exception $e) {
            // Added this warning in case $this->getLdap() fails
            SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
            return;
        }
        // search for matching entries
        try {
            $entries = $ldap->searchformultiple(
                $this->base_dn,
                $filter,
                array_values($this->search_attributes),
                true,
                false
            );
        } catch (Exception $e) {
            return; // silent fail, error is still logged by LDAP search
        }

        // handle [multiple] values
        foreach ($entries as $entry) {
            foreach ($this->search_attributes as $target => $name) {
                if (is_numeric($target)) {
                    $target = $name;
                }

                if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
                    unset($attributes[$target]);
                }
                $name = strtolower($name);
                if (isset($entry[$name])) {
                    unset($entry[$name]['count']);
                    if (isset($attributes[$target])) {
                        foreach (array_values($entry[$name]) as $value) {
                            if ($this->attr_policy === 'merge') {
                                if (!in_array($value, $attributes[$target], true)) {
                                    $attributes[$target][] = $value;
                                }
                            } else {
                                $attributes[$target][] = $value;
                            }
                        }
                    } else {
                        $attributes[$target] = array_values($entry[$name]);
                    }
                }
            }
        }
    }

Here is the call graph for this function:

Field Documentation

$attr_policy

sspmod_ldap_Auth_Process_AttributeAddFromLDAP::$attr_policy

protected

Definition at line 59 of file AttributeAddFromLDAP.php.

$search_attributes

sspmod_ldap_Auth_Process_AttributeAddFromLDAP::$search_attributes

protected

Definition at line 43 of file AttributeAddFromLDAP.php.

$search_filter

sspmod_ldap_Auth_Process_AttributeAddFromLDAP::$search_filter

protected

Definition at line 51 of file AttributeAddFromLDAP.php.

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php