summaryrefslogtreecommitdiff
path: root/program/lib/Roundcube/rcube_ldap.php
diff options
context:
space:
mode:
Diffstat (limited to 'program/lib/Roundcube/rcube_ldap.php')
-rw-r--r--program/lib/Roundcube/rcube_ldap.php1322
1 files changed, 864 insertions, 458 deletions
diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php
index 78573789b..7c4002337 100644
--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -3,8 +3,8 @@
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2006-2013, The Roundcube Dev Team |
- | Copyright (C) 2011-2013, Kolab Systems AG |
+ | Copyright (C) 2006-2012, The Roundcube Dev Team |
+ | Copyright (C) 2011-2012, Kolab Systems AG |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -27,51 +27,38 @@
*/
class rcube_ldap extends rcube_addressbook
{
- // public properties
+ /** public properties */
public $primary_key = 'ID';
- public $groups = false;
- public $readonly = true;
- public $ready = false;
- public $group_id = 0;
- public $coltypes = array();
- public $export_groups = false;
-
- // private properties
- protected $ldap;
- protected $prop = array();
+ public $groups = false;
+ public $readonly = true;
+ public $ready = false;
+ public $group_id = 0;
+ public $coltypes = array();
+
+ /** private properties */
+ protected $conn;
+ protected $prop = array();
protected $fieldmap = array();
- protected $filter = '';
protected $sub_filter;
- protected $result;
- protected $ldap_result;
+ protected $filter = '';
+ protected $result = null;
+ protected $ldap_result = null;
protected $mail_domain = '';
protected $debug = false;
- /**
- * Group objectclass (lowercase) to member attribute mapping
- *
- * @var array
- */
- private static $group_types = array(
- 'group' => 'member',
- 'groupofnames' => 'member',
- 'kolabgroupofnames' => 'member',
- 'groupofuniquenames' => 'uniqueMember',
- 'kolabgroupofuniquenames' => 'uniqueMember',
- 'univentiongroup' => 'uniqueMember',
- 'groupofurls' => null,
- );
-
- private $base_dn = '';
+ private $base_dn = '';
private $groups_base_dn = '';
- private $group_url;
+ private $group_url = null;
private $cache;
+ private $vlv_active = false;
+ private $vlv_count = 0;
+
/**
* Object constructor
*
- * @param array $p LDAP connection properties
+ * @param array $p LDAP connection properties
* @param boolean $debug Enables debug mode
* @param string $mail_domain Current user mail domain name
*/
@@ -79,7 +66,8 @@ class rcube_ldap extends rcube_addressbook
{
$this->prop = $p;
- $fetch_attributes = array('objectClass');
+ if (isset($p['searchonly']))
+ $this->searchonly = $p['searchonly'];
// check if groups are configured
if (is_array($p['groups']) && count($p['groups'])) {
@@ -94,21 +82,6 @@ class rcube_ldap extends rcube_addressbook
$this->prop['groups']['name_attr'] = 'cn';
if (empty($this->prop['groups']['scope']))
$this->prop['groups']['scope'] = 'sub';
-
- // add group name attrib to the list of attributes to be fetched
- $fetch_attributes[] = $this->prop['groups']['name_attr'];
- }
- if (is_array($p['group_filters']) && count($p['group_filters'])) {
- $this->groups = true;
-
- foreach ($p['group_filters'] as $k => $group_filter) {
- // set default name attribute to cn
- if (empty($group_filter['name_attr']) && empty($this->prop['groups']['name_attr']))
- $this->prop['group_filters'][$k]['name_attr'] = $group_filter['name_attr'] = 'cn';
-
- if ($group_filter['name_attr'])
- $fetch_attributes[] = $group_filter['name_attr'];
- }
}
// fieldmap property is given
@@ -196,7 +169,7 @@ class rcube_ldap extends rcube_addressbook
// Build sub_fields filter
if (!empty($this->prop['sub_fields']) && is_array($this->prop['sub_fields'])) {
$this->sub_filter = '';
- foreach ($this->prop['sub_fields'] as $class) {
+ foreach ($this->prop['sub_fields'] as $attr => $class) {
if (!empty($class)) {
$class = is_array($class) ? array_pop($class) : $class;
$this->sub_filter .= '(objectClass=' . $class . ')';
@@ -213,24 +186,7 @@ class rcube_ldap extends rcube_addressbook
// initialize cache
$rcube = rcube::get_instance();
- if ($cache_type = $rcube->config->get('ldap_cache', 'db')) {
- $cache_ttl = $rcube->config->get('ldap_cache_ttl', '10m');
- $cache_name = 'LDAP.' . asciiwords($this->prop['name']);
-
- $this->cache = $rcube->get_cache($cache_name, $cache_type, $cache_ttl);
- }
-
- // determine which attributes to fetch
- $this->prop['list_attributes'] = array_unique($fetch_attributes);
- $this->prop['attributes'] = array_merge(array_values($this->fieldmap), $fetch_attributes);
- foreach ($rcube->config->get('contactlist_fields') as $col) {
- $this->prop['list_attributes'] = array_merge($this->prop['list_attributes'], $this->_map_field($col));
- }
-
- // initialize ldap wrapper object
- $this->ldap = new rcube_ldap_generic($this->prop);
- $this->ldap->set_cache($this->cache);
- $this->ldap->set_debug($this->debug);
+ $this->cache = $rcube->get_cache('LDAP.' . asciiwords($this->prop['name']), 'db', 600);
$this->_connect();
}
@@ -243,18 +199,49 @@ class rcube_ldap extends rcube_addressbook
{
$rcube = rcube::get_instance();
- if ($this->ready)
+ if (!function_exists('ldap_connect'))
+ rcube::raise_error(array('code' => 100, 'type' => 'ldap',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "No ldap support in this installation of PHP"),
+ true, true);
+
+ if (is_resource($this->conn))
return true;
if (!is_array($this->prop['hosts']))
$this->prop['hosts'] = array($this->prop['hosts']);
+ if (empty($this->prop['ldap_version']))
+ $this->prop['ldap_version'] = 3;
+
// try to connect + bind for every host configured
// with OpenLDAP 2.x ldap_connect() always succeeds but ldap_bind will fail if host isn't reachable
// see http://www.php.net/manual/en/function.ldap-connect.php
foreach ($this->prop['hosts'] as $host) {
- // skip host if connection failed
- if (!$this->ldap->connect($host)) {
+ $host = rcube_utils::idn_to_ascii(rcube_utils::parse_host($host));
+ $hostname = $host.($this->prop['port'] ? ':'.$this->prop['port'] : '');
+
+ $this->_debug("C: Connect [$hostname] [{$this->prop['name']}]");
+
+ if ($lc = @ldap_connect($host, $this->prop['port'])) {
+ if ($this->prop['use_tls'] === true)
+ if (!ldap_start_tls($lc))
+ continue;
+
+ $this->_debug("S: OK");
+
+ ldap_set_option($lc, LDAP_OPT_PROTOCOL_VERSION, $this->prop['ldap_version']);
+ $this->prop['host'] = $host;
+ $this->conn = $lc;
+
+ if (!empty($this->prop['network_timeout']))
+ ldap_set_option($lc, LDAP_OPT_NETWORK_TIMEOUT, $this->prop['network_timeout']);
+
+ if (isset($this->prop['referrals']))
+ ldap_set_option($lc, LDAP_OPT_REFERRALS, $this->prop['referrals']);
+ }
+ else {
+ $this->_debug("S: NOT OK");
continue;
}
@@ -269,7 +256,7 @@ class rcube_ldap extends rcube_addressbook
$this->base_dn = $this->prop['base_dn'];
$this->groups_base_dn = ($this->prop['groups']['base_dn']) ?
- $this->prop['groups']['base_dn'] : $this->base_dn;
+ $this->prop['groups']['base_dn'] : $this->base_dn;
// User specific access, generate the proper values to use.
if ($this->prop['user_specific']) {
@@ -288,47 +275,30 @@ class rcube_ldap extends rcube_addressbook
$replaces = array('%dn' => '', '%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u);
- // Search for the dn to use to authenticate
if ($this->prop['search_base_dn'] && $this->prop['search_filter']) {
- $search_bind_dn = strtr($this->prop['search_bind_dn'], $replaces);
- $search_base_dn = strtr($this->prop['search_base_dn'], $replaces);
- $search_filter = strtr($this->prop['search_filter'], $replaces);
-
- $cache_key = 'DN.' . md5("$host:$search_bind_dn:$search_base_dn:$search_filter:"
- .$this->prop['search_bind_pw']);
-
- if ($this->cache && ($dn = $this->cache->get($cache_key))) {
- $replaces['%dn'] = $dn;
+ if (!empty($this->prop['search_bind_dn']) && !empty($this->prop['search_bind_pw'])) {
+ $this->bind($this->prop['search_bind_dn'], $this->prop['search_bind_pw']);
}
- else {
- $ldap = $this->ldap;
- if (!empty($search_bind_dn) && !empty($this->prop['search_bind_pw'])) {
- // To protect from "Critical extension is unavailable" error
- // we need to use a separate LDAP connection
- if (!empty($this->prop['vlv'])) {
- $ldap = new rcube_ldap_generic($this->prop);
- $ldap->set_debug($this->debug);
- $ldap->set_cache($this->cache);
- if (!$ldap->connect($host)) {
- continue;
- }
- }
-
- if (!$ldap->bind($search_bind_dn, $this->prop['search_bind_pw'])) {
- continue; // bind failed, try next host
- }
- }
- $res = $ldap->search($search_base_dn, $search_filter, 'sub', array('uid'));
- if ($res) {
- $res->rewind();
- $replaces['%dn'] = $res->get_dn();
- }
+ // Search for the dn to use to authenticate
+ $this->prop['search_base_dn'] = strtr($this->prop['search_base_dn'], $replaces);
+ $this->prop['search_filter'] = strtr($this->prop['search_filter'], $replaces);
+
+ $this->_debug("S: searching with base {$this->prop['search_base_dn']} for {$this->prop['search_filter']}");
- if ($ldap != $this->ldap) {
- $ldap->close();
+ $res = @ldap_search($this->conn, $this->prop['search_base_dn'], $this->prop['search_filter'], array('uid'));
+ if ($res) {
+ if (($entry = ldap_first_entry($this->conn, $res))
+ && ($bind_dn = ldap_get_dn($this->conn, $entry))
+ ) {
+ $this->_debug("S: search returned dn: $bind_dn");
+ $dn = ldap_explode_dn($bind_dn, 1);
+ $replaces['%dn'] = $dn[0];
}
}
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
+ }
// DN not found
if (empty($replaces['%dn'])) {
@@ -339,13 +309,9 @@ class rcube_ldap extends rcube_addressbook
'code' => 100, 'type' => 'ldap',
'file' => __FILE__, 'line' => __LINE__,
'message' => "DN not found using LDAP search."), true);
- continue;
+ return false;
}
}
-
- if ($this->cache && !empty($replaces['%dn'])) {
- $this->cache->set($cache_key, $replaces['%dn']);
- }
}
// Replace the bind_dn and base_dn variables.
@@ -363,13 +329,13 @@ class rcube_ldap extends rcube_addressbook
}
else {
if (!empty($bind_dn)) {
- $this->ready = $this->ldap->bind($bind_dn, $bind_pass);
+ $this->ready = $this->bind($bind_dn, $bind_pass);
}
else if (!empty($this->prop['auth_cid'])) {
- $this->ready = $this->ldap->sasl_bind($this->prop['auth_cid'], $bind_pass, $bind_user);
+ $this->ready = $this->sasl_bind($this->prop['auth_cid'], $bind_pass, $bind_user);
}
else {
- $this->ready = $this->ldap->sasl_bind($bind_user, $bind_pass);
+ $this->ready = $this->sasl_bind($bind_user, $bind_pass);
}
}
@@ -380,10 +346,10 @@ class rcube_ldap extends rcube_addressbook
} // end foreach hosts
- if (!is_resource($this->ldap->conn)) {
+ if (!is_resource($this->conn)) {
rcube::raise_error(array('code' => 100, 'type' => 'ldap',
'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not connect to any LDAP server, last tried $host"), true);
+ 'message' => "Could not connect to any LDAP server, last tried $hostname"), true);
return false;
}
@@ -393,47 +359,112 @@ class rcube_ldap extends rcube_addressbook
/**
- * Close connection to LDAP server
+ * Bind connection with (SASL-) user and password
+ *
+ * @param string $authc Authentication user
+ * @param string $pass Bind password
+ * @param string $authz Autorization user
+ *
+ * @return boolean True on success, False on error
*/
- function close()
+ public function sasl_bind($authc, $pass, $authz=null)
{
- if ($this->ldap) {
- $this->ldap->close();
+ if (!$this->conn) {
+ return false;
+ }
+
+ if (!function_exists('ldap_sasl_bind')) {
+ rcube::raise_error(array('code' => 100, 'type' => 'ldap',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Unable to bind: ldap_sasl_bind() not exists"),
+ true, true);
}
+
+ if (!empty($authz)) {
+ $authz = 'u:' . $authz;
+ }
+
+ if (!empty($this->prop['auth_method'])) {
+ $method = $this->prop['auth_method'];
+ }
+ else {
+ $method = 'DIGEST-MD5';
+ }
+
+ $this->_debug("C: Bind [mech: $method, authc: $authc, authz: $authz] [pass: $pass]");
+
+ if (ldap_sasl_bind($this->conn, NULL, $pass, $method, NULL, $authc, $authz)) {
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ $this->_debug("S: ".ldap_error($this->conn));
+
+ rcube::raise_error(array(
+ 'code' => ldap_errno($this->conn), 'type' => 'ldap',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Bind failed for authcid=$authc ".ldap_error($this->conn)),
+ true);
+
+ return false;
}
/**
- * Returns address book name
+ * Bind connection with DN and password
*
- * @return string Address book name
+ * @param string Bind DN
+ * @param string Bind password
+ *
+ * @return boolean True on success, False on error
*/
- function get_name()
+ public function bind($dn, $pass)
{
- return $this->prop['name'];
+ if (!$this->conn) {
+ return false;
+ }
+
+ $this->_debug("C: Bind [dn: $dn] [pass: $pass]");
+
+ if (@ldap_bind($this->conn, $dn, $pass)) {
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ $this->_debug("S: ".ldap_error($this->conn));
+
+ rcube::raise_error(array(
+ 'code' => ldap_errno($this->conn), 'type' => 'ldap',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Bind failed for dn=$dn: ".ldap_error($this->conn)),
+ true);
+
+ return false;
}
/**
- * Set internal list page
- *
- * @param number Page number to list
+ * Close connection to LDAP server
*/
- function set_page($page)
+ function close()
{
- $this->list_page = (int)$page;
- $this->ldap->set_vlv_page($this->list_page, $this->page_size);
+ if ($this->conn)
+ {
+ $this->_debug("C: Close");
+ ldap_unbind($this->conn);
+ $this->conn = null;
+ }
}
+
/**
- * Set internal page size
+ * Returns address book name
*
- * @param number Number of records to display on one page
+ * @return string Address book name
*/
- function set_pagesize($size)
+ function get_name()
{
- $this->page_size = (int)$size;
- $this->ldap->set_vlv_page($this->list_page, $this->page_size);
+ return $this->prop['name'];
}
@@ -493,14 +524,16 @@ class rcube_ldap extends rcube_addressbook
*/
function list_records($cols=null, $subset=0)
{
- if ($this->prop['searchonly'] && empty($this->filter) && !$this->group_id) {
+ if ($this->prop['searchonly'] && empty($this->filter) && !$this->group_id)
+ {
$this->result = new rcube_result_set(0);
$this->result->searchonly = true;
return $this->result;
}
// fetch group members recursively
- if ($this->group_id && $this->group_data['dn']) {
+ if ($this->group_id && $this->group_data['dn'])
+ {
$entries = $this->list_group_members($this->group_data['dn']);
// make list of entries unique and sort it
@@ -514,35 +547,34 @@ class rcube_ldap extends rcube_addressbook
$entries['count'] = count($entries);
$this->result = new rcube_result_set($entries['count'], ($this->list_page-1) * $this->page_size);
}
- else {
- $prop = $this->group_id ? $this->group_data : $this->prop;
- $base_dn = $this->group_id ? $this->group_base_dn : $this->base_dn;
-
- // use global search filter
- if (!empty($this->filter))
- $prop['filter'] = $this->filter;
+ else
+ {
+ // add general filter to query
+ if (!empty($this->prop['filter']) && empty($this->filter))
+ $this->set_search_set($this->prop['filter']);
// exec LDAP search if no result resource is stored
- if ($this->ready && !$this->ldap_result)
- $this->ldap_result = $this->ldap->search($base_dn, $prop['filter'], $prop['scope'], $this->prop['attributes'], $prop);
+ if ($this->conn && !$this->ldap_result)
+ $this->_exec_search();
// count contacts for this user
$this->result = $this->count();
// we have a search result resource
- if ($this->ldap_result && $this->result->count > 0) {
+ if ($this->ldap_result && $this->result->count > 0)
+ {
// sorting still on the ldap server
- if ($this->sort_col && $prop['scope'] !== 'base' && !$this->ldap->vlv_active)
- $this->ldap_result->sort($this->sort_col);
+ if ($this->sort_col && $this->prop['scope'] !== 'base' && !$this->vlv_active)
+ ldap_sort($this->conn, $this->ldap_result, $this->sort_col);
// get all entries from the ldap server
- $entries = $this->ldap_result->entries();
+ $entries = ldap_get_entries($this->conn, $this->ldap_result);
}
} // end else
// start and end of the page
- $start_row = $this->ldap->vlv_active ? 0 : $this->result->first;
+ $start_row = $this->vlv_active ? 0 : $this->result->first;
$start_row = $subset < 0 ? $start_row + $this->page_size + $subset : $start_row;
$last_row = $this->result->first + $this->page_size;
$last_row = $subset != 0 ? $start_row + abs($subset) : $last_row;
@@ -567,34 +599,43 @@ class rcube_ldap extends rcube_addressbook
// fetch group object
if (empty($entries)) {
- $attribs = array('dn','objectClass','member','uniqueMember','memberURL');
- $entries = $this->ldap->read_entries($dn, '(objectClass=*)', $attribs);
- if ($entries === false) {
+ $result = @ldap_read($this->conn, $dn, '(objectClass=*)', array('dn','objectClass','member','uniqueMember','memberURL'));
+ if ($result === false)
+ {
+ $this->_debug("S: ".ldap_error($this->conn));
return $group_members;
}
+
+ $entries = @ldap_get_entries($this->conn, $result);
}
- for ($i=0; $i < $entries['count']; $i++) {
+ for ($i=0; $i < $entries['count']; $i++)
+ {
$entry = $entries[$i];
- $attrs = array();
- foreach ((array)$entry['objectclass'] as $objectclass) {
- if (strtolower($objectclass) == 'groupofurls') {
- $members = $this->_list_group_memberurl($dn, $entry, $count);
- $group_members = array_merge($group_members, $members);
- }
- else if (($member_attr = $this->get_group_member_attr(array($objectclass), ''))
- && ($member_attr = strtolower($member_attr)) && !in_array($member_attr, $attrs)
- ) {
- $members = $this->_list_group_members($dn, $entry, $member_attr, $count);
- $group_members = array_merge($group_members, $members);
- $attrs[] = $member_attr;
- }
+ if (empty($entry['objectclass']))
+ continue;
- if ($this->prop['sizelimit'] && count($group_members) > $this->prop['sizelimit']) {
- break 2;
+ foreach ((array)$entry['objectclass'] as $objectclass)
+ {
+ switch (strtolower($objectclass)) {
+ case "group":
+ case "groupofnames":
+ case "kolabgroupofnames":
+ $group_members = array_merge($group_members, $this->_list_group_members($dn, $entry, 'member', $count));
+ break;
+ case "groupofuniquenames":
+ case "kolabgroupofuniquenames":
+ $group_members = array_merge($group_members, $this->_list_group_members($dn, $entry, 'uniquemember', $count));
+ break;
+ case "groupofurls":
+ $group_members = array_merge($group_members, $this->_list_group_memberurl($dn, $entry, $count));
+ break;
}
}
+
+ if ($this->prop['sizelimit'] && count($group_members) > $this->prop['sizelimit'])
+ break;
}
return array_filter($group_members);
@@ -613,24 +654,28 @@ class rcube_ldap extends rcube_addressbook
// Use the member attributes to return an array of member ldap objects
// NOTE that the member attribute is supposed to contain a DN
$group_members = array();
- if (empty($entry[$attr])) {
+ if (empty($entry[$attr]))
return $group_members;
- }
// read these attributes for all members
- $attrib = $count ? array('dn','objectClass') : $this->prop['list_attributes'];
+ $attrib = $count ? array('dn') : array_values($this->fieldmap);
+ $attrib[] = 'objectClass';
$attrib[] = 'member';
$attrib[] = 'uniqueMember';
$attrib[] = 'memberURL';
- $filter = $this->prop['groups']['member_filter'] ? $this->prop['groups']['member_filter'] : '(objectclass=*)';
-
- for ($i=0; $i < $entry[$attr]['count']; $i++) {
+ for ($i=0; $i < $entry[$attr]['count']; $i++)
+ {
if (empty($entry[$attr][$i]))
continue;
- $members = $this->ldap->read_entries($entry[$attr][$i], $filter, $attrib);
- if ($members == false) {
+ $result = @ldap_read($this->conn, $entry[$attr][$i], '(objectclass=*)',
+ $attrib, 0, (int)$this->prop['sizelimit'], (int)$this->prop['timelimit']);
+
+ $members = @ldap_get_entries($this->conn, $result);
+ if ($members == false)
+ {
+ $this->_debug("S: ".ldap_error($this->conn));
$members = array();
}
@@ -656,22 +701,34 @@ class rcube_ldap extends rcube_addressbook
{
$group_members = array();
- for ($i=0; $i < $entry['memberurl']['count']; $i++) {
+ for ($i=0; $i < $entry['memberurl']['count']; $i++)
+ {
// extract components from url
if (!preg_match('!ldap:///([^\?]+)\?\?(\w+)\?(.*)$!', $entry['memberurl'][$i], $m))
continue;
// add search filter if any
$filter = $this->filter ? '(&(' . $m[3] . ')(' . $this->filter . '))' : $m[3];
- $attrs = $count ? array('dn','objectClass') : $this->prop['list_attributes'];
- if ($result = $this->ldap->search($m[1], $filter, $m[2], $attrs, $this->group_data)) {
- $entries = $result->entries();
- for ($j = 0; $j < $entries['count']; $j++) {
- if (self::is_group_entry($entries[$j]) && ($nested_group_members = $this->list_group_members($entries[$j]['dn'], $count)))
- $group_members = array_merge($group_members, $nested_group_members);
- else
- $group_members[] = $entries[$j];
- }
+ $func = $m[2] == 'sub' ? 'ldap_search' : ($m[2] == 'base' ? 'ldap_read' : 'ldap_list');
+
+ $attrib = $count ? array('dn') : array_values($this->fieldmap);
+ if ($result = @$func($this->conn, $m[1], $filter,
+ $attrib, 0, (int)$this->prop['sizelimit'], (int)$this->prop['timelimit'])
+ ) {
+ $this->_debug("S: ".ldap_count_entries($this->conn, $result)." record(s) for ".$m[1]);
+ }
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return $group_members;
+ }
+
+ $entries = @ldap_get_entries($this->conn, $result);
+ for ($j = 0; $j < $entries['count']; $j++)
+ {
+ if ($nested_group_members = $this->list_group_members($entries[$j]['dn'], $count))
+ $group_members = array_merge($group_members, $nested_group_members);
+ else
+ $group_members[] = $entries[$j];
}
}
@@ -707,11 +764,14 @@ class rcube_ldap extends rcube_addressbook
$mode = intval($mode);
// special treatment for ID-based search
- if ($fields == 'ID' || $fields == $this->primary_key) {
+ if ($fields == 'ID' || $fields == $this->primary_key)
+ {
$ids = !is_array($value) ? explode(',', $value) : $value;
$result = new rcube_result_set();
- foreach ($ids as $id) {
- if ($rec = $this->get_record($id, true)) {
+ foreach ($ids as $id)
+ {
+ if ($rec = $this->get_record($id, true))
+ {
$result->add($rec);
$result->count++;
}
@@ -723,20 +783,34 @@ class rcube_ldap extends rcube_addressbook
$rcube = rcube::get_instance();
$list_fields = $rcube->config->get('contactlist_fields');
- if ($this->prop['vlv_search'] && $this->ready && join(',', (array)$fields) == join(',', $list_fields)) {
+ if ($this->prop['vlv_search'] && $this->conn && join(',', (array)$fields) == join(',', $list_fields))
+ {
+ // add general filter to query
+ if (!empty($this->prop['filter']) && empty($this->filter))
+ $this->set_search_set($this->prop['filter']);
+
+ // set VLV controls with encoded search string
+ $this->_vlv_set_controls($this->prop, $this->list_page, $this->page_size, $value);
+
+ $function = $this->_scope2func($this->prop['scope']);
+ $this->ldap_result = @$function($this->conn, $this->base_dn, $this->filter ? $this->filter : '(objectclass=*)',
+ array_values($this->fieldmap), 0, $this->page_size, (int)$this->prop['timelimit']);
+
$this->result = new rcube_result_set(0);
- $search_suffix = $this->prop['fuzzy_search'] && $mode != 1 ? '*' : '';
- $ldap_data = $this->ldap->search($this->base_dn, $this->prop['filter'], $this->prop['scope'], $this->prop['attributes'],
- array('search' => $value . $search_suffix /*, 'sort' => $this->prop['sort'] */));
- if ($ldap_data === false) {
+ if (!$this->ldap_result) {
+ $this->_debug("S: ".ldap_error($this->conn));
return $this->result;
}
+ $this->_debug("S: ".ldap_count_entries($this->conn, $this->ldap_result)." record(s)");
+
// get all entries of this page and post-filter those that really match the query
- $search = mb_strtolower($value);
- foreach ($ldap_data as $i => $entry) {
- $rec = $this->_ldap2result($entry);
+ $search = mb_strtolower($value);
+ $entries = ldap_get_entries($this->conn, $this->ldap_result);
+
+ for ($i = 0; $i < $entries['count']; $i++) {
+ $rec = $this->_ldap2result($entries[$i]);
foreach ($fields as $f) {
foreach ((array)$rec[$f] as $val) {
if ($this->compare_search_value($f, $val, $search, $mode)) {
@@ -762,27 +836,31 @@ class rcube_ldap extends rcube_addressbook
}
}
- if ($fields == '*') {
+ if ($fields == '*')
+ {
// search_fields are required for fulltext search
- if (empty($this->prop['search_fields'])) {
+ if (empty($this->prop['search_fields']))
+ {
$this->set_error(self::ERROR_SEARCH, 'nofulltextsearch');
$this->result = new rcube_result_set();
return $this->result;
}
- if (is_array($this->prop['search_fields'])) {
+ if (is_array($this->prop['search_fields']))
+ {
foreach ($this->prop['search_fields'] as $field) {
- $filter .= "($field=$wp" . rcube_ldap_generic::quote_string($value) . "$ws)";
+ $filter .= "($field=$wp" . $this->_quote_string($value) . "$ws)";
}
}
}
- else {
+ else
+ {
foreach ((array)$fields as $idx => $field) {
$val = is_array($value) ? $value[$idx] : $value;
if ($attrs = $this->_map_field($field)) {
if (count($attrs) > 1)
$filter .= '(|';
foreach ($attrs as $f)
- $filter .= "($f=$wp" . rcube_ldap_generic::quote_string($val) . "$ws)";
+ $filter .= "($f=$wp" . $this->_quote_string($val) . "$ws)";
if (count($attrs) > 1)
$filter .= ')';
}
@@ -817,6 +895,7 @@ class rcube_ldap extends rcube_addressbook
// set filter string and execute search
$this->set_search_set($filter);
+ $this->_exec_search();
if ($select)
$this->list_records();
@@ -835,21 +914,20 @@ class rcube_ldap extends rcube_addressbook
function count()
{
$count = 0;
- if ($this->ldap_result) {
- $count = $this->ldap_result->count();
+ if ($this->conn && $this->ldap_result) {
+ $count = $this->vlv_active ? $this->vlv_count : ldap_count_entries($this->conn, $this->ldap_result);
}
else if ($this->group_id && $this->group_data['dn']) {
$count = count($this->list_group_members($this->group_data['dn'], true));
}
- // We have a connection but no result set, attempt to get one.
- else if ($this->ready) {
- $prop = $this->group_id ? $this->group_data : $this->prop;
- $base_dn = $this->group_id ? $this->group_base_dn : $this->base_dn;
-
- if (!empty($this->filter)) { // Use global search filter
- $prop['filter'] = $this->filter;
+ else if ($this->conn) {
+ // We have a connection but no result set, attempt to get one.
+ if (empty($this->filter)) {
+ // The filter is not set, set it.
+ $this->filter = $this->prop['filter'];
}
- $count = $this->ldap->search($base_dn, $prop['filter'], $prop['scope'], array('dn'), $prop, true);
+
+ $count = (int) $this->_exec_search(true);
}
return new rcube_result_set($count, ($this->list_page-1) * $this->page_size);
@@ -879,16 +957,28 @@ class rcube_ldap extends rcube_addressbook
{
$res = $this->result = null;
- if ($this->ready && $dn) {
+ if ($this->conn && $dn)
+ {
$dn = self::dn_decode($dn);
- if ($rec = $this->ldap->get_entry($dn)) {
- $rec = array_change_key_case($rec, CASE_LOWER);
+ $this->_debug("C: Read [dn: $dn] [(objectclass=*)]");
+
+ if ($ldap_result = @ldap_read($this->conn, $dn, '(objectclass=*)', array_values($this->fieldmap))) {
+ $this->_debug("S: OK");
+
+ $entry = ldap_first_entry($this->conn, $ldap_result);
+
+ if ($entry && ($rec = ldap_get_attributes($this->conn, $entry))) {
+ $rec = array_change_key_case($rec, CASE_LOWER);
+ }
+ }
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
}
// Use ldap_list to get subentries like country (c) attribute (#1488123)
if (!empty($rec) && $this->sub_filter) {
- if ($entries = $this->ldap->list_entries($dn, $this->sub_filter, array_keys($this->prop['sub_fields']))) {
+ if ($entries = $this->ldap_list($dn, $this->sub_filter, array_keys($this->prop['sub_fields']))) {
foreach ($entries as $entry) {
$lrec = array_change_key_case($entry, CASE_LOWER);
$rec = array_merge($lrec, $rec);
@@ -900,7 +990,7 @@ class rcube_ldap extends rcube_addressbook
// Add in the dn for the entry.
$rec['dn'] = $dn;
$res = $this->_ldap2result($rec);
- $this->result = new rcube_result_set(1);
+ $this->result = new rcube_result_set();
$this->result->add($res);
}
}
@@ -947,6 +1037,7 @@ class rcube_ldap extends rcube_addressbook
$mail_field = $this->fieldmap['email'];
// try to extract surname and firstname from displayname
+ $reverse_map = array_flip($this->fieldmap);
$name_parts = preg_split('/[\s,.]+/', $save_data['name']);
if ($sn_field && $missing[$sn_field]) {
@@ -1013,12 +1104,12 @@ class rcube_ldap extends rcube_addressbook
}
// Build the new entries DN.
- $dn = $this->prop['LDAP_rdn'].'='.rcube_ldap_generic::quote_string($newentry[$this->prop['LDAP_rdn']], true).','.$this->base_dn;
+ $dn = $this->prop['LDAP_rdn'].'='.$this->_quote_string($newentry[$this->prop['LDAP_rdn']], true).','.$this->base_dn;
// Remove attributes that need to be added separately (child objects)
$xfields = array();
if (!empty($this->prop['sub_fields']) && is_array($this->prop['sub_fields'])) {
- foreach (array_keys($this->prop['sub_fields']) as $xf) {
+ foreach ($this->prop['sub_fields'] as $xf => $xclass) {
if (!empty($newentry[$xf])) {
$xfields[$xf] = $newentry[$xf];
unset($newentry[$xf]);
@@ -1026,19 +1117,19 @@ class rcube_ldap extends rcube_addressbook
}
}
- if (!$this->ldap->add($dn, $newentry)) {
+ if (!$this->ldap_add($dn, $newentry)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
foreach ($xfields as $xidx => $xf) {
- $xdn = $xidx.'='.rcube_ldap_generic::quote_string($xf).','.$dn;
+ $xdn = $xidx.'='.$this->_quote_string($xf).','.$dn;
$xf = array(
$xidx => $xf,
'objectClass' => (array) $this->prop['sub_fields'][$xidx],
);
- $this->ldap->add($xdn, $xf);
+ $this->ldap_add($xdn, $xf);
}
$dn = self::dn_encode($dn);
@@ -1081,7 +1172,7 @@ class rcube_ldap extends rcube_addressbook
}
}
- foreach ($this->fieldmap as $fld) {
+ foreach ($this->fieldmap as $col => $fld) {
if ($fld) {
$val = $ldap_data[$fld];
$old = $old_data[$fld];
@@ -1144,7 +1235,7 @@ class rcube_ldap extends rcube_addressbook
// Update the entry as required.
if (!empty($deletedata)) {
// Delete the fields.
- if (!$this->ldap->mod_del($dn, $deletedata)) {
+ if (!$this->ldap_mod_del($dn, $deletedata)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1154,17 +1245,17 @@ class rcube_ldap extends rcube_addressbook
// Handle RDN change
if ($replacedata[$this->prop['LDAP_rdn']]) {
$newdn = $this->prop['LDAP_rdn'].'='
- .rcube_ldap_generic::quote_string($replacedata[$this->prop['LDAP_rdn']], true)
+ .$this->_quote_string($replacedata[$this->prop['LDAP_rdn']], true)
.','.$this->base_dn;
if ($dn != $newdn) {
$newrdn = $this->prop['LDAP_rdn'].'='
- .rcube_ldap_generic::quote_string($replacedata[$this->prop['LDAP_rdn']], true);
+ .$this->_quote_string($replacedata[$this->prop['LDAP_rdn']], true);
unset($replacedata[$this->prop['LDAP_rdn']]);
}
}
// Replace the fields.
if (!empty($replacedata)) {
- if (!$this->ldap->mod_replace($dn, $replacedata)) {
+ if (!$this->ldap_mod_replace($dn, $replacedata)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1180,8 +1271,8 @@ class rcube_ldap extends rcube_addressbook
// remove sub-entries
if (!empty($subdeldata)) {
foreach ($subdeldata as $fld => $val) {
- $subdn = $fld.'='.rcube_ldap_generic::quote_string($val).','.$dn;
- if (!$this->ldap->delete($subdn)) {
+ $subdn = $fld.'='.$this->_quote_string($val).','.$dn;
+ if (!$this->ldap_delete($subdn)) {
return false;
}
}
@@ -1189,7 +1280,7 @@ class rcube_ldap extends rcube_addressbook
if (!empty($newdata)) {
// Add the fields.
- if (!$this->ldap->mod_add($dn, $newdata)) {
+ if (!$this->ldap_mod_add($dn, $newdata)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1197,7 +1288,7 @@ class rcube_ldap extends rcube_addressbook
// Handle RDN change
if (!empty($newrdn)) {
- if (!$this->ldap->rename($dn, $newrdn, null, true)) {
+ if (!$this->ldap_rename($dn, $newrdn, null, true)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1208,7 +1299,8 @@ class rcube_ldap extends rcube_addressbook
// change the group membership of the contact
if ($this->groups) {
$group_ids = $this->get_record_groups($dn);
- foreach (array_keys($group_ids) as $group_id) {
+ foreach ($group_ids as $group_id)
+ {
$this->remove_from_group($group_id, $dn);
$this->add_to_group($group_id, $newdn);
}
@@ -1220,12 +1312,12 @@ class rcube_ldap extends rcube_addressbook
// add sub-entries
if (!empty($subnewdata)) {
foreach ($subnewdata as $fld => $val) {
- $subdn = $fld.'='.rcube_ldap_generic::quote_string($val).','.$dn;
+ $subdn = $fld.'='.$this->_quote_string($val).','.$dn;
$xf = array(
$fld => $val,
'objectClass' => (array) $this->prop['sub_fields'][$fld],
);
- $this->ldap->add($subdn, $xf);
+ $this->ldap_add($subdn, $xf);
}
}
@@ -1253,9 +1345,9 @@ class rcube_ldap extends rcube_addressbook
// Need to delete all sub-entries first
if ($this->sub_filter) {
- if ($entries = $this->ldap->list_entries($dn, $this->sub_filter)) {
+ if ($entries = $this->ldap_list($dn, $this->sub_filter)) {
foreach ($entries as $entry) {
- if (!$this->ldap->delete($entry['dn'])) {
+ if (!$this->ldap_delete($entry['dn'])) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1264,7 +1356,7 @@ class rcube_ldap extends rcube_addressbook
}
// Delete the record.
- if (!$this->ldap->delete($dn)) {
+ if (!$this->ldap_delete($dn)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
@@ -1273,7 +1365,7 @@ class rcube_ldap extends rcube_addressbook
if ($this->groups) {
$dn = self::dn_encode($dn);
$group_ids = $this->get_record_groups($dn);
- foreach (array_keys($group_ids) as $group_id) {
+ foreach ($group_ids as $group_id) {
$this->remove_from_group($group_id, $dn);
}
}
@@ -1288,8 +1380,8 @@ class rcube_ldap extends rcube_addressbook
*/
function delete_all()
{
- // searching for contact entries
- $dn_list = $this->ldap->list_entries($this->base_dn, $this->prop['filter'] ? $this->prop['filter'] : '(objectclass=*)');
+ //searching for contact entries
+ $dn_list = $this->ldap_list($this->base_dn, $this->prop['filter'] ? $this->prop['filter'] : '(objectclass=*)');
if (!empty($dn_list)) {
foreach ($dn_list as $idx => $entry) {
@@ -1306,10 +1398,6 @@ class rcube_ldap extends rcube_addressbook
*/
protected function add_autovalues(&$attrs)
{
- if (empty($this->prop['autovalues'])) {
- return;
- }
-
$attrvals = array();
foreach ($attrs as $k => $v) {
$attrvals['{'.$k.'}'] = is_array($v) ? $v[0] : $v;
@@ -1320,16 +1408,7 @@ class rcube_ldap extends rcube_addressbook
if (strpos($templ, '(') !== false) {
// replace {attr} placeholders with (escaped!) attribute values to be safely eval'd
$code = preg_replace('/\{\w+\}/', '', strtr($templ, array_map('addslashes', $attrvals)));
- $fn = create_function('', "return ($code);");
- if (!$fn) {
- rcube::raise_error(array(
- 'code' => 505, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Expression parse error on: ($code)"), true, false);
- continue;
- }
-
- $attrs[$lf] = $fn();
+ $attrs[$lf] = eval("return ($code);");
}
else {
// replace {attr} placeholders with concrete attribute values
@@ -1339,26 +1418,120 @@ class rcube_ldap extends rcube_addressbook
}
}
+ /**
+ * Execute the LDAP search based on the stored credentials
+ */
+ private function _exec_search($count = false)
+ {
+ if ($this->ready)
+ {
+ $filter = $this->filter ? $this->filter : '(objectclass=*)';
+ $function = $this->_scope2func($this->prop['scope'], $ns_function);
+
+ $this->_debug("C: Search [$filter][dn: $this->base_dn]");
+
+ // when using VLV, we get the total count by...
+ if (!$count && $function != 'ldap_read' && $this->prop['vlv'] && !$this->group_id) {
+ // ...either reading numSubOrdinates attribute
+ if ($this->prop['numsub_filter'] && ($result_count = @$ns_function($this->conn, $this->base_dn, $this->prop['numsub_filter'], array('numSubOrdinates'), 0, 0, 0))) {
+ $counts = ldap_get_entries($this->conn, $result_count);
+ for ($this->vlv_count = $j = 0; $j < $counts['count']; $j++)
+ $this->vlv_count += $counts[$j]['numsubordinates'][0];
+ $this->_debug("D: total numsubordinates = " . $this->vlv_count);
+ }
+ else if (!function_exists('ldap_parse_virtuallist_control')) // ...or by fetching all records dn and count them
+ $this->vlv_count = $this->_exec_search(true);
+
+ $this->vlv_active = $this->_vlv_set_controls($this->prop, $this->list_page, $this->page_size);
+ }
+
+ // only fetch dn for count (should keep the payload low)
+ $attrs = $count ? array('dn') : array_values($this->fieldmap);
+ if ($this->ldap_result = @$function($this->conn, $this->base_dn, $filter,
+ $attrs, 0, (int)$this->prop['sizelimit'], (int)$this->prop['timelimit'])
+ ) {
+ // when running on a patched PHP we can use the extended functions to retrieve the total count from the LDAP search result
+ if ($this->vlv_active && function_exists('ldap_parse_virtuallist_control')) {
+ if (ldap_parse_result($this->conn, $this->ldap_result,
+ $errcode, $matcheddn, $errmsg, $referrals, $serverctrls)
+ && $serverctrls // can be null e.g. in case of adm. limit error
+ ) {
+ ldap_parse_virtuallist_control($this->conn, $serverctrls,
+ $last_offset, $this->vlv_count, $vresult);
+ $this->_debug("S: VLV result: last_offset=$last_offset; content_count=$this->vlv_count");
+ }
+ else {
+ $this->_debug("S: ".($errmsg ? $errmsg : ldap_error($this->conn)));
+ }
+ }
+
+ $entries_count = ldap_count_entries($this->conn, $this->ldap_result);
+ $this->_debug("S: $entries_count record(s)");
+
+ return $count ? $entries_count : true;
+ }
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Choose the right PHP function according to scope property
+ */
+ private function _scope2func($scope, &$ns_function = null)
+ {
+ switch ($scope) {
+ case 'sub':
+ $function = $ns_function = 'ldap_search';
+ break;
+ case 'base':
+ $function = $ns_function = 'ldap_read';
+ break;
+ default:
+ $function = 'ldap_list';
+ $ns_function = 'ldap_read';
+ break;
+ }
+
+ return $function;
+ }
+
+ /**
+ * Set server controls for Virtual List View (paginated listing)
+ */
+ private function _vlv_set_controls($prop, $list_page, $page_size, $search = null)
+ {
+ $sort_ctrl = array('oid' => "1.2.840.113556.1.4.473", 'value' => $this->_sort_ber_encode((array)$prop['sort']));
+ $vlv_ctrl = array('oid' => "2.16.840.1.113730.3.4.9", 'value' => $this->_vlv_ber_encode(($offset = ($list_page-1) * $page_size + 1), $page_size, $search), 'iscritical' => true);
+
+ $sort = (array)$prop['sort'];
+ $this->_debug("C: set controls sort=" . join(' ', unpack('H'.(strlen($sort_ctrl['value'])*2), $sort_ctrl['value'])) . " ($sort[0]);"
+ . " vlv=" . join(' ', (unpack('H'.(strlen($vlv_ctrl['value'])*2), $vlv_ctrl['value']))) . " ($offset/$page_size)");
+
+ if (!ldap_set_option($this->conn, LDAP_OPT_SERVER_CONTROLS, array($sort_ctrl, $vlv_ctrl))) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ $this->set_error(self::ERROR_SEARCH, 'vlvnotsupported');
+ return false;
+ }
+
+ return true;
+ }
+
/**
* Converts LDAP entry into an array
*/
private function _ldap2result($rec)
{
- $out = array('_type' => 'person');
- $fieldmap = $this->fieldmap;
+ $out = array();
if ($rec['dn'])
$out[$this->primary_key] = self::dn_encode($rec['dn']);
- // determine record type
- if (self::is_group_entry($rec)) {
- $out['_type'] = 'group';
- $out['readonly'] = true;
- $fieldmap['name'] = $this->group_data['name_attr'] ? $this->group_data['name_attr'] : $this->prop['groups']['name_attr'];
- }
-
- foreach ($fieldmap as $rf => $lf)
+ foreach ($this->fieldmap as $rf => $lf)
{
for ($i=0; $i < $rec[$lf]['count']; $i++) {
if (!($value = $rec[$lf][$i]))
@@ -1420,10 +1593,8 @@ class rcube_ldap extends rcube_addressbook
if (is_array($colprop['serialized'])) {
foreach ($colprop['serialized'] as $subtype => $delim) {
$key = $col.':'.$subtype;
- foreach ((array)$save_cols[$key] as $i => $val) {
- $values = array($val['street'], $val['locality'], $val['zipcode'], $val['country']);
- $save_cols[$key][$i] = count(array_filter($values)) ? join($delim, $values) : null;
- }
+ foreach ((array)$save_cols[$key] as $i => $val)
+ $save_cols[$key][$i] = join($delim, array($val['street'], $val['locality'], $val['zipcode'], $val['country']));
}
}
}
@@ -1461,11 +1632,11 @@ class rcube_ldap extends rcube_addressbook
{
// list of known attribute aliases
static $aliases = array(
- 'gn' => 'givenname',
+ 'gn' => 'givenname',
'rfc822mailbox' => 'email',
- 'userid' => 'uid',
- 'emailaddress' => 'email',
- 'pkcs9email' => 'email',
+ 'userid' => 'uid',
+ 'emailaddress' => 'email',
+ 'pkcs9email' => 'email',
);
list($name, $limit) = explode(':', $namev, 2);
@@ -1474,15 +1645,6 @@ class rcube_ldap extends rcube_addressbook
return (isset($aliases[$name]) ? $aliases[$name] : $name) . $suffix;
}
- /**
- * Determines whether the given LDAP entry is a group record
- */
- private static function is_group_entry($entry)
- {
- $classes = array_map('strtolower', (array)$entry['objectclass']);
-
- return count(array_intersect(array_keys(self::$group_types), $classes)) > 0;
- }
/**
* Prints debug info to the log
@@ -1499,27 +1661,55 @@ class rcube_ldap extends rcube_addressbook
* Activate/deactivate debug mode
*
* @param boolean $dbg True if LDAP commands should be logged
+ * @access public
*/
function set_debug($dbg = true)
{
$this->debug = $dbg;
+ }
- if ($this->ldap) {
- $this->ldap->set_debug($dbg);
- }
+
+ /**
+ * Quotes attribute value string
+ *
+ * @param string $str Attribute value
+ * @param bool $dn True if the attribute is a DN
+ *
+ * @return string Quoted string
+ */
+ private static function _quote_string($str, $dn=false)
+ {
+ // take firt entry if array given
+ if (is_array($str))
+ $str = reset($str);
+
+ if ($dn)
+ $replace = array(','=>'\2c', '='=>'\3d', '+'=>'\2b', '<'=>'\3c',
+ '>'=>'\3e', ';'=>'\3b', '\\'=>'\5c', '"'=>'\22', '#'=>'\23');
+ else
+ $replace = array('*'=>'\2a', '('=>'\28', ')'=>'\29', '\\'=>'\5c',
+ '/'=>'\2f');
+
+ return strtr($str, $replace);
}
/**
* Setter for the current group
+ * (empty, has to be re-implemented by extending class)
*/
function set_group($group_id)
{
- if ($group_id) {
+ if ($group_id)
+ {
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
+
$this->group_id = $group_id;
- $this->group_data = $this->get_group_entry($group_id);
+ $this->group_data = $group_cache[$group_id];
}
- else {
+ else
+ {
$this->group_id = 0;
$this->group_data = null;
}
@@ -1538,13 +1728,15 @@ class rcube_ldap extends rcube_addressbook
*/
function list_groups($search = null, $mode = 0)
{
- if (!$this->groups) {
+ if (!$this->groups)
return array();
- }
- $group_cache = $this->_fetch_groups();
- $groups = array();
+ // use cached list for searching
+ $this->cache->expunge();
+ if (!$search || ($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
+ $groups = array();
if ($search) {
foreach ($group_cache as $group) {
if ($this->compare_search_value('name', $group['name'], $search, $mode)) {
@@ -1552,9 +1744,8 @@ class rcube_ldap extends rcube_addressbook
}
}
}
- else {
+ else
$groups = $group_cache;
- }
return array_values($groups);
}
@@ -1562,140 +1753,80 @@ class rcube_ldap extends rcube_addressbook
/**
* Fetch groups from server
*/
- private function _fetch_groups($vlv_page = null)
+ private function _fetch_groups($vlv_page = 0)
{
- // special case: list groups from 'group_filters' config
- if ($vlv_page === null && !empty($this->prop['group_filters'])) {
- $groups = array();
-
- // list regular groups configuration as special filter
- if (!empty($this->prop['groups']['filter'])) {
- $id = '__groups__';
- $groups[$id] = array('ID' => $id, 'name' => rcube_label('groups'), 'virtual' => true) + $this->prop['groups'];
- }
-
- foreach ($this->prop['group_filters'] as $id => $prop) {
- $groups[$id] = $prop + array('ID' => $id, 'name' => ucfirst($id), 'virtual' => true, 'base_dn' => $this->base_dn);
- }
-
- return $groups;
- }
-
- if ($this->cache && $vlv_page === null && ($groups = $this->cache->get('groups')) !== null) {
- return $groups;
- }
-
- $base_dn = $this->groups_base_dn;
- $filter = $this->prop['groups']['filter'];
- $scope = $this->prop['groups']['scope'];
- $name_attr = $this->prop['groups']['name_attr'];
+ $base_dn = $this->groups_base_dn;
+ $filter = $this->prop['groups']['filter'];
+ $name_attr = $this->prop['groups']['name_attr'];
$email_attr = $this->prop['groups']['email_attr'] ? $this->prop['groups']['email_attr'] : 'mail';
$sort_attrs = $this->prop['groups']['sort'] ? (array)$this->prop['groups']['sort'] : array($name_attr);
- $sort_attr = $sort_attrs[0];
+ $sort_attr = $sort_attrs[0];
- $ldap = $this->ldap;
+ $this->_debug("C: Search [$filter][dn: $base_dn]");
// use vlv to list groups
if ($this->prop['groups']['vlv']) {
$page_size = 200;
- if (!$this->prop['groups']['sort']) {
+ if (!$this->prop['groups']['sort'])
$this->prop['groups']['sort'] = $sort_attrs;
- }
-
- $ldap = clone $this->ldap;
- $ldap->set_config($this->prop['groups']);
- $ldap->set_vlv_page($vlv_page+1, $page_size);
+ $vlv_active = $this->_vlv_set_controls($this->prop['groups'], $vlv_page+1, $page_size);
}
- $attrs = array_unique(array('dn', 'objectClass', $name_attr, $email_attr, $sort_attr));
- $ldap_data = $ldap->search($base_dn, $filter, $scope, $attrs, $this->prop['groups']);
-
- if ($ldap_data === false) {
+ $function = $this->_scope2func($this->prop['groups']['scope'], $ns_function);
+ $res = @$function($this->conn, $base_dn, $filter, array_unique(array('dn', 'objectClass', $name_attr, $email_attr, $sort_attr)));
+ if ($res === false)
+ {
+ $this->_debug("S: ".ldap_error($this->conn));
return array();
}
- $groups = array();
- $group_sortnames = array();
- $group_count = $ldap_data->count();
-
- foreach ($ldap_data as $entry) {
- if (!$entry['dn']) // DN is mandatory
- $entry['dn'] = $ldap_data->get_dn();
+ $ldap_data = ldap_get_entries($this->conn, $res);
+ $this->_debug("S: ".ldap_count_entries($this->conn, $res)." record(s)");
- $group_name = is_array($entry[$name_attr]) ? $entry[$name_attr][0] : $entry[$name_attr];
- $group_id = self::dn_encode($entry['dn']);
+ $groups = array();
+ $group_sortnames = array();
+ $group_count = $ldap_data["count"];
+ for ($i=0; $i < $group_count; $i++)
+ {
+ $group_name = is_array($ldap_data[$i][$name_attr]) ? $ldap_data[$i][$name_attr][0] : $ldap_data[$i][$name_attr];
+ $group_id = self::dn_encode($group_name);
$groups[$group_id]['ID'] = $group_id;
- $groups[$group_id]['dn'] = $entry['dn'];
+ $groups[$group_id]['dn'] = $ldap_data[$i]['dn'];
$groups[$group_id]['name'] = $group_name;
- $groups[$group_id]['member_attr'] = $this->get_group_member_attr($entry['objectclass']);
+ $groups[$group_id]['member_attr'] = $this->get_group_member_attr($ldap_data[$i]['objectclass']);
// list email attributes of a group
- for ($j=0; $entry[$email_attr] && $j < $entry[$email_attr]['count']; $j++) {
- if (strpos($entry[$email_attr][$j], '@') > 0)
- $groups[$group_id]['email'][] = $entry[$email_attr][$j];
+ for ($j=0; $ldap_data[$i][$email_attr] && $j < $ldap_data[$i][$email_attr]['count']; $j++) {
+ if (strpos($ldap_data[$i][$email_attr][$j], '@') > 0)
+ $groups[$group_id]['email'][] = $ldap_data[$i][$email_attr][$j];
}
- $group_sortnames[] = mb_strtolower($entry[$sort_attr][0]);
+ $group_sortnames[] = mb_strtolower($ldap_data[$i][$sort_attr][0]);
}
// recursive call can exit here
- if ($vlv_page > 0) {
+ if ($vlv_page > 0)
return $groups;
- }
// call recursively until we have fetched all groups
- while ($this->prop['groups']['vlv'] && $group_count == $page_size) {
- $next_page = $this->_fetch_groups(++$vlv_page);
- $groups = array_merge($groups, $next_page);
+ while ($vlv_active && $group_count == $page_size)
+ {
+ $next_page = $this->_fetch_groups(++$vlv_page);
+ $groups = array_merge($groups, $next_page);
$group_count = count($next_page);
}
// when using VLV the list of groups is already sorted
- if (!$this->prop['groups']['vlv']) {
+ if (!$this->prop['groups']['vlv'])
array_multisort($group_sortnames, SORT_ASC, SORT_STRING, $groups);
- }
// cache this
- if ($this->cache) {
- $this->cache->set('groups', $groups);
- }
+ $this->cache->set('groups', $groups);
return $groups;
}
/**
- * Fetch a group entry from LDAP and save in local cache
- */
- private function get_group_entry($group_id)
- {
- $group_cache = $this->_fetch_groups();
-
- // add group record to cache if it isn't yet there
- if (!isset($group_cache[$group_id])) {
- $name_attr = $this->prop['groups']['name_attr'];
- $dn = self::dn_decode($group_id);
-
- if ($list = $this->ldap->read_entries($dn, '(objectClass=*)', array('dn','objectClass','member','uniqueMember','memberURL',$name_attr,$this->fieldmap['email']))) {
- $entry = $list[0];
- $group_name = is_array($entry[$name_attr]) ? $entry[$name_attr][0] : $entry[$name_attr];
- $group_cache[$group_id]['ID'] = $group_id;
- $group_cache[$group_id]['dn'] = $dn;
- $group_cache[$group_id]['name'] = $group_name;
- $group_cache[$group_id]['member_attr'] = $this->get_group_member_attr($entry['objectclass']);
- }
- else {
- $group_cache[$group_id] = false;
- }
-
- if ($this->cache) {
- $this->cache->set('groups', $group_cache);
- }
- }
-
- return $group_cache[$group_id];
- }
-
- /**
* Get group properties such as name and email address(es)
*
* @param string Group identifier
@@ -1703,7 +1834,10 @@ class rcube_ldap extends rcube_addressbook
*/
function get_group($group_id)
{
- $group_data = $this->get_group_entry($group_id);
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
+
+ $group_data = $group_cache[$group_id];
unset($group_data['dn'], $group_data['member_attr']);
return $group_data;
@@ -1717,24 +1851,24 @@ class rcube_ldap extends rcube_addressbook
*/
function create_group($group_name)
{
- $new_dn = 'cn=' . rcube_ldap_generic::quote_string($group_name, true) . ',' . $this->groups_base_dn;
- $new_gid = self::dn_encode($new_dn);
+ $base_dn = $this->groups_base_dn;
+ $new_dn = "cn=$group_name,$base_dn";
+ $new_gid = self::dn_encode($group_name);
$member_attr = $this->get_group_member_attr();
- $name_attr = $this->prop['groups']['name_attr'] ? $this->prop['groups']['name_attr'] : 'cn';
- $new_entry = array(
+ $name_attr = $this->prop['groups']['name_attr'] ? $this->prop['groups']['name_attr'] : 'cn';
+
+ $new_entry = array(
'objectClass' => $this->prop['groups']['object_classes'],
$name_attr => $group_name,
$member_attr => '',
);
- if (!$this->ldap->add($new_dn, $new_entry)) {
+ if (!$this->ldap_add($new_dn, $new_entry)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
- if ($this->cache) {
- $this->cache->remove('groups');
- }
+ $this->cache->remove('groups');
return array('id' => $new_gid, 'name' => $group_name);
}
@@ -1747,18 +1881,19 @@ class rcube_ldap extends rcube_addressbook
*/
function delete_group($group_id)
{
- $group_cache = $this->_fetch_groups();
- $del_dn = $group_cache[$group_id]['dn'];
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
- if (!$this->ldap->delete($del_dn)) {
+ $base_dn = $this->groups_base_dn;
+ $group_name = $group_cache[$group_id]['name'];
+ $del_dn = "cn=$group_name,$base_dn";
+
+ if (!$this->ldap_delete($del_dn)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
- if ($this->cache) {
- unset($group_cache[$group_id]);
- $this->cache->set('groups', $group_cache);
- }
+ $this->cache->remove('groups');
return true;
}
@@ -1773,19 +1908,21 @@ class rcube_ldap extends rcube_addressbook
*/
function rename_group($group_id, $new_name, &$new_gid)
{
- $group_cache = $this->_fetch_groups();
- $old_dn = $group_cache[$group_id]['dn'];
- $new_rdn = "cn=" . rcube_ldap_generic::quote_string($new_name, true);
- $new_gid = self::dn_encode($new_rdn . ',' . $this->groups_base_dn);
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
+
+ $base_dn = $this->groups_base_dn;
+ $group_name = $group_cache[$group_id]['name'];
+ $old_dn = "cn=$group_name,$base_dn";
+ $new_rdn = "cn=$new_name";
+ $new_gid = self::dn_encode($new_name);
- if (!$this->ldap->rename($old_dn, $new_rdn, null, true)) {
+ if (!$this->ldap_rename($old_dn, $new_rdn, null, true)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return false;
}
- if ($this->cache) {
- $this->cache->remove('groups');
- }
+ $this->cache->remove('groups');
return $new_name;
}
@@ -1800,27 +1937,27 @@ class rcube_ldap extends rcube_addressbook
*/
function add_to_group($group_id, $contact_ids)
{
- $group_cache = $this->_fetch_groups();
- $member_attr = $group_cache[$group_id]['member_attr'];
- $group_dn = $group_cache[$group_id]['dn'];
- $new_attrs = array();
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
- if (!is_array($contact_ids)) {
+ if (!is_array($contact_ids))
$contact_ids = explode(',', $contact_ids);
- }
- foreach ($contact_ids as $id) {
+ $base_dn = $this->groups_base_dn;
+ $group_name = $group_cache[$group_id]['name'];
+ $member_attr = $group_cache[$group_id]['member_attr'];
+ $group_dn = "cn=$group_name,$base_dn";
+ $new_attrs = array();
+
+ foreach ($contact_ids as $id)
$new_attrs[$member_attr][] = self::dn_decode($id);
- }
- if (!$this->ldap->mod_add($group_dn, $new_attrs)) {
+ if (!$this->ldap_mod_add($group_dn, $new_attrs)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return 0;
}
- if ($this->cache) {
- $this->cache->remove('groups');
- }
+ $this->cache->remove('groups');
return count($new_attrs[$member_attr]);
}
@@ -1835,27 +1972,27 @@ class rcube_ldap extends rcube_addressbook
*/
function remove_from_group($group_id, $contact_ids)
{
- $group_cache = $this->_fetch_groups();
- $member_attr = $group_cache[$group_id]['member_attr'];
- $group_dn = $group_cache[$group_id]['dn'];
- $del_attrs = array();
+ if (($group_cache = $this->cache->get('groups')) === null)
+ $group_cache = $this->_fetch_groups();
- if (!is_array($contact_ids)) {
+ if (!is_array($contact_ids))
$contact_ids = explode(',', $contact_ids);
- }
- foreach ($contact_ids as $id) {
+ $base_dn = $this->groups_base_dn;
+ $group_name = $group_cache[$group_id]['name'];
+ $member_attr = $group_cache[$group_id]['member_attr'];
+ $group_dn = "cn=$group_name,$base_dn";
+ $del_attrs = array();
+
+ foreach ($contact_ids as $id)
$del_attrs[$member_attr][] = self::dn_decode($id);
- }
- if (!$this->ldap->mod_del($group_dn, $del_attrs)) {
+ if (!$this->ldap_mod_del($group_dn, $del_attrs)) {
$this->set_error(self::ERROR_SAVING, 'errorsaving');
return 0;
}
- if ($this->cache) {
- $this->cache->remove('groups');
- }
+ $this->cache->remove('groups');
return count($del_attrs[$member_attr]);
}
@@ -1870,63 +2007,206 @@ class rcube_ldap extends rcube_addressbook
*/
function get_record_groups($contact_id)
{
- if (!$this->groups) {
+ if (!$this->groups)
return array();
- }
$base_dn = $this->groups_base_dn;
$contact_dn = self::dn_decode($contact_id);
$name_attr = $this->prop['groups']['name_attr'] ? $this->prop['groups']['name_attr'] : 'cn';
$member_attr = $this->get_group_member_attr();
$add_filter = '';
-
if ($member_attr != 'member' && $member_attr != 'uniqueMember')
$add_filter = "($member_attr=$contact_dn)";
$filter = strtr("(|(member=$contact_dn)(uniqueMember=$contact_dn)$add_filter)", array('\\' => '\\\\'));
- $ldap_data = $this->ldap->search($base_dn, $filter, 'sub', array('dn', $name_attr));
- if ($res === false) {
+ $this->_debug("C: Search [$filter][dn: $base_dn]");
+
+ $res = @ldap_search($this->conn, $base_dn, $filter, array($name_attr));
+ if ($res === false)
+ {
+ $this->_debug("S: ".ldap_error($this->conn));
return array();
}
+ $ldap_data = ldap_get_entries($this->conn, $res);
+ $this->_debug("S: ".ldap_count_entries($this->conn, $res)." record(s)");
$groups = array();
- foreach ($ldap_data as $entry) {
- if (!$entry['dn'])
- $entry['dn'] = $ldap_data->get_dn();
- $group_name = $entry[$name_attr][0];
- $group_id = self::dn_encode($entry['dn']);
- $groups[$group_id] = $group_name;
+ for ($i=0; $i<$ldap_data["count"]; $i++)
+ {
+ $group_name = $ldap_data[$i][$name_attr][0];
+ $group_id = self::dn_encode($group_name);
+ $groups[$group_id] = $group_id;
}
-
return $groups;
}
/**
* Detects group member attribute name
*/
- private function get_group_member_attr($object_classes = array(), $default = 'member')
+ private function get_group_member_attr($object_classes = array())
{
if (empty($object_classes)) {
$object_classes = $this->prop['groups']['object_classes'];
}
-
if (!empty($object_classes)) {
foreach ((array)$object_classes as $oc) {
- if ($attr = self::$group_types[strtolower($oc)]) {
- return $attr;
+ switch (strtolower($oc)) {
+ case 'group':
+ case 'groupofnames':
+ case 'kolabgroupofnames':
+ $member_attr = 'member';
+ break;
+
+ case 'groupofuniquenames':
+ case 'kolabgroupofuniquenames':
+ $member_attr = 'uniqueMember';
+ break;
}
}
}
+ if (!empty($member_attr)) {
+ return $member_attr;
+ }
+
if (!empty($this->prop['groups']['member_attr'])) {
return $this->prop['groups']['member_attr'];
}
- return $default;
+ return 'member';
}
/**
+ * Generate BER encoded string for Virtual List View option
+ *
+ * @param integer List offset (first record)
+ * @param integer Records per page
+ * @return string BER encoded option value
+ */
+ private function _vlv_ber_encode($offset, $rpp, $search = '')
+ {
+ # this string is ber-encoded, php will prefix this value with:
+ # 04 (octet string) and 10 (length of 16 bytes)
+ # the code behind this string is broken down as follows:
+ # 30 = ber sequence with a length of 0e (14) bytes following
+ # 02 = type integer (in two's complement form) with 2 bytes following (beforeCount): 01 00 (ie 0)
+ # 02 = type integer (in two's complement form) with 2 bytes following (afterCount): 01 18 (ie 25-1=24)
+ # a0 = type context-specific/constructed with a length of 06 (6) bytes following
+ # 02 = type integer with 2 bytes following (offset): 01 01 (ie 1)
+ # 02 = type integer with 2 bytes following (contentCount): 01 00
+
+ # whith a search string present:
+ # 81 = type context-specific/constructed with a length of 04 (4) bytes following (the length will change here)
+ # 81 indicates a user string is present where as a a0 indicates just a offset search
+ # 81 = type context-specific/constructed with a length of 06 (6) bytes following
+
+ # the following info was taken from the ISO/IEC 8825-1:2003 x.690 standard re: the
+ # encoding of integer values (note: these values are in
+ # two-complement form so since offset will never be negative bit 8 of the
+ # leftmost octet should never by set to 1):
+ # 8.3.2: If the contents octets of an integer value encoding consist
+ # of more than one octet, then the bits of the first octet (rightmost) and bit 8
+ # of the second (to the left of first octet) octet:
+ # a) shall not all be ones; and
+ # b) shall not all be zero
+
+ if ($search)
+ {
+ $search = preg_replace('/[^-[:alpha:] ,.()0-9]+/', '', $search);
+ $ber_val = self::_string2hex($search);
+ $str = self::_ber_addseq($ber_val, '81');
+ }
+ else
+ {
+ # construct the string from right to left
+ $str = "020100"; # contentCount
+
+ $ber_val = self::_ber_encode_int($offset); // returns encoded integer value in hex format
+
+ // calculate octet length of $ber_val
+ $str = self::_ber_addseq($ber_val, '02') . $str;
+
+ // now compute length over $str
+ $str = self::_ber_addseq($str, 'a0');
+ }
+
+ // now tack on records per page
+ $str = "020100" . self::_ber_addseq(self::_ber_encode_int($rpp-1), '02') . $str;
+
+ // now tack on sequence identifier and length
+ $str = self::_ber_addseq($str, '30');
+
+ return pack('H'.strlen($str), $str);
+ }
+
+
+ /**
+ * create ber encoding for sort control
+ *
+ * @param array List of cols to sort by
+ * @return string BER encoded option value
+ */
+ private function _sort_ber_encode($sortcols)
+ {
+ $str = '';
+ foreach (array_reverse((array)$sortcols) as $col) {
+ $ber_val = self::_string2hex($col);
+
+ # 30 = ber sequence with a length of octet value
+ # 04 = octet string with a length of the ascii value
+ $oct = self::_ber_addseq($ber_val, '04');
+ $str = self::_ber_addseq($oct, '30') . $str;
+ }
+
+ // now tack on sequence identifier and length
+ $str = self::_ber_addseq($str, '30');
+
+ return pack('H'.strlen($str), $str);
+ }
+
+ /**
+ * Add BER sequence with correct length and the given identifier
+ */
+ private static function _ber_addseq($str, $identifier)
+ {
+ $len = dechex(strlen($str)/2);
+ if (strlen($len) % 2 != 0)
+ $len = '0'.$len;
+
+ return $identifier . $len . $str;
+ }
+
+ /**
+ * Returns BER encoded integer value in hex format
+ */
+ private static function _ber_encode_int($offset)
+ {
+ $val = dechex($offset);
+ $prefix = '';
+
+ // check if bit 8 of high byte is 1
+ if (preg_match('/^[89abcdef]/', $val))
+ $prefix = '00';
+
+ if (strlen($val)%2 != 0)
+ $prefix .= '0';
+
+ return $prefix . $val;
+ }
+
+ /**
+ * Returns ascii string encoded in hex
+ */
+ private static function _string2hex($str)
+ {
+ $hex = '';
+ for ($i=0; $i < strlen($str); $i++)
+ $hex .= dechex(ord($str[$i]));
+ return $hex;
+ }
+
+ /**
* HTML-safe DN string encoding
*
* @param string $str DN string
@@ -1953,4 +2233,130 @@ class rcube_ldap extends rcube_addressbook
return base64_decode($str);
}
+ /**
+ * Wrapper for ldap_add()
+ */
+ protected function ldap_add($dn, $entry)
+ {
+ $this->_debug("C: Add [dn: $dn]: ".print_r($entry, true));
+
+ $res = ldap_add($this->conn, $dn, $entry);
+ if ($res === false) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_delete()
+ */
+ protected function ldap_delete($dn)
+ {
+ $this->_debug("C: Delete [dn: $dn]");
+
+ $res = ldap_delete($this->conn, $dn);
+ if ($res === false) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_mod_replace()
+ */
+ protected function ldap_mod_replace($dn, $entry)
+ {
+ $this->_debug("C: Replace [dn: $dn]: ".print_r($entry, true));
+
+ if (!ldap_mod_replace($this->conn, $dn, $entry)) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_mod_add()
+ */
+ protected function ldap_mod_add($dn, $entry)
+ {
+ $this->_debug("C: Add [dn: $dn]: ".print_r($entry, true));
+
+ if (!ldap_mod_add($this->conn, $dn, $entry)) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_mod_del()
+ */
+ protected function ldap_mod_del($dn, $entry)
+ {
+ $this->_debug("C: Delete [dn: $dn]: ".print_r($entry, true));
+
+ if (!ldap_mod_del($this->conn, $dn, $entry)) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_rename()
+ */
+ protected function ldap_rename($dn, $newrdn, $newparent = null, $deleteoldrdn = true)
+ {
+ $this->_debug("C: Rename [dn: $dn] [dn: $newrdn]");
+
+ if (!ldap_rename($this->conn, $dn, $newrdn, $newparent, $deleteoldrdn)) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return false;
+ }
+
+ $this->_debug("S: OK");
+ return true;
+ }
+
+ /**
+ * Wrapper for ldap_list()
+ */
+ protected function ldap_list($dn, $filter, $attrs = array(''))
+ {
+ $list = array();
+ $this->_debug("C: List [dn: $dn] [{$filter}]");
+
+ if ($result = ldap_list($this->conn, $dn, $filter, $attrs)) {
+ $list = ldap_get_entries($this->conn, $result);
+
+ if ($list === false) {
+ $this->_debug("S: ".ldap_error($this->conn));
+ return array();
+ }
+
+ $count = $list['count'];
+ unset($list['count']);
+
+ $this->_debug("S: $count record(s)");
+ }
+ else {
+ $this->_debug("S: ".ldap_error($this->conn));
+ }
+
+ return $list;
+ }
+
}