ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
AttributeAddFromLDAP.php
Go to the documentation of this file.
1<?php
2
36{
37
44
45
51 protected $search_filter;
52
53
59 protected $attr_policy;
60
67 public function __construct($config, $reserved)
68 {
69 /*
70 * For backwards compatibility, check for old config names
71 * @TODO Remove after 2.0
72 */
73 if (isset($config['ldap_host'])) {
74 $config['ldap.hostname'] = $config['ldap_host'];
75 }
76 if (isset($config['ldap_port'])) {
77 $config['ldap.port'] = $config['ldap_port'];
78 }
79 if (isset($config['ldap_bind_user'])) {
80 $config['ldap.username'] = $config['ldap_bind_user'];
81 }
82 if (isset($config['ldap_bind_pwd'])) {
83 $config['ldap.password'] = $config['ldap_bind_pwd'];
84 }
85 if (isset($config['userid_attribute'])) {
86 $config['attribute.username'] = $config['userid_attribute'];
87 }
88 if (isset($config['ldap_search_base_dn'])) {
89 $config['ldap.basedn'] = $config['ldap_search_base_dn'];
90 }
91 if (isset($config['ldap_search_filter'])) {
92 $config['search.filter'] = $config['ldap_search_filter'];
93 }
94 if (isset($config['ldap_search_attribute'])) {
95 $config['search.attribute'] = $config['ldap_search_attribute'];
96 }
97 if (isset($config['new_attribute_name'])) {
98 $config['attribute.new'] = $config['new_attribute_name'];
99 }
100
101 /*
102 * Remove the old config names
103 * @TODO Remove after 2.0
104 */
105 unset(
106 $config['ldap_host'],
107 $config['ldap_port'],
108 $config['ldap_bind_user'],
109 $config['ldap_bind_pwd'],
110 $config['userid_attribute'],
111 $config['ldap_search_base_dn'],
112 $config['ldap_search_filter'],
113 $config['ldap_search_attribute'],
114 $config['new_attribute_name']
115 );
116
117 // Now that we checked for BC, run the parent constructor
118 parent::__construct($config, $reserved);
119
120 // Get filter specific config options
121 $this->search_attributes = $this->config->getArrayize('attributes', array());
122 if (empty($this->search_attributes)) {
123 $new_attribute = $this->config->getString('attribute.new', '');
124 $this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
125 }
126 $this->search_filter = $this->config->getString('search.filter');
127
128 // get the attribute policy
129 $this->attr_policy = $this->config->getString('attribute.policy', 'merge');
130 }
131
132
138 public function process(&$request)
139 {
140 assert(is_array($request));
141 assert(array_key_exists('Attributes', $request));
142
143 $attributes =& $request['Attributes'];
144
145 // perform a merge on the ldap_search_filter
146 // loop over the attributes and build the search and replace arrays
147 $arrSearch = array();
148 $arrReplace = array();
149 foreach ($attributes as $attr => $val) {
150 $arrSearch[] = '%'.$attr.'%';
151
152 if (strlen($val[0]) > 0) {
153 $arrReplace[] = SimpleSAML_Auth_LDAP::escape_filter_value($val[0]);
154 } else {
155 $arrReplace[] = '';
156 }
157 }
158
159 // merge the attributes into the ldap_search_filter
160 $filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
161
162 if (strpos($filter, '%') !== false) {
163 SimpleSAML\Logger::info('AttributeAddFromLDAP: There are non-existing attributes in the search filter. ('.
164 $this->search_filter.')');
165 return;
166 }
167
168 if (!in_array($this->attr_policy, array('merge', 'replace', 'add'), true)) {
169 SimpleSAML\Logger::warning("AttributeAddFromLDAP: 'attribute.policy' must be one of 'merge',".
170 "'replace' or 'add'.");
171 return;
172 }
173
174 // getLdap
175 try {
176 $ldap = $this->getLdap();
177 } catch (Exception $e) {
178 // Added this warning in case $this->getLdap() fails
179 SimpleSAML\Logger::warning("AttributeAddFromLDAP: exception = " . $e);
180 return;
181 }
182 // search for matching entries
183 try {
184 $entries = $ldap->searchformultiple(
185 $this->base_dn,
186 $filter,
187 array_values($this->search_attributes),
188 true,
189 false
190 );
191 } catch (Exception $e) {
192 return; // silent fail, error is still logged by LDAP search
193 }
194
195 // handle [multiple] values
196 foreach ($entries as $entry) {
197 foreach ($this->search_attributes as $target => $name) {
198 if (is_numeric($target)) {
199 $target = $name;
200 }
201
202 if (isset($attributes[$target]) && $this->attr_policy === 'replace') {
203 unset($attributes[$target]);
204 }
205 $name = strtolower($name);
206 if (isset($entry[$name])) {
207 unset($entry[$name]['count']);
208 if (isset($attributes[$target])) {
209 foreach (array_values($entry[$name]) as $value) {
210 if ($this->attr_policy === 'merge') {
211 if (!in_array($value, $attributes[$target], true)) {
212 $attributes[$target][] = $value;
213 }
214 } else {
215 $attributes[$target][] = $value;
216 }
217 }
218 } else {
219 $attributes[$target] = array_values($entry[$name]);
220 }
221 }
222 }
223 }
224 }
225}
foreach($paths as $path) $request
Definition: asyncclient.php:32
An exception for terminatinating execution or to throw for unit testing.
static info($string)
Definition: Logger.php:199
static warning($string)
Definition: Logger.php:177
static escape_filter_value($values=array(), $singleValue=true)
Borrowed function from PEAR:LDAP.
Definition: LDAP.php:666
process(&$request)
Add attributes from an LDAP server.
__construct($config, $reserved)
Initialize this filter.
getLdap()
Getter for the LDAP connection object.
Definition: BaseFilter.php:259
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$target
Definition: test.php:19