dolibarr 20.0.0
Ldap Class Reference

Class to manage LDAP features. More...

Collaboration diagram for Ldap:

Public Member Functions

 __construct ()
 Constructor.
 
 connectBind ()
 Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.
 
 close ()
 Simply closes the connection set up earlier.
 
 bind ()
 Anonymously binds to the connection.
 
 bindauth ($bindDn, $pass)
 Binds as an authenticated user, which usually allows for write access.
 
 unbind ()
 Unbind of LDAP server (close connection).
 
 getVersion ()
 Verify LDAP server version.
 
 setVersion ()
 Set LDAP protocol version.
 
 setSizeLimit ()
 Set LDAP size limit.
 
 setReferrals ()
 Set LDAP referrals.
 
 add ($dn, $info, $user)
 Add an LDAP entry LDAP object connect and bind must have been done.
 
 modify ($dn, $info, $user)
 Modify an LDAP entry LDAP object connect and bind must have been done.
 
 rename ($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
 Rename an LDAP entry LDAP object connect and bind must have been done.
 
 update ($dn, $info, $user, $olddn, $newrdn='', $newparent='')
 Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.
 
 delete ($dn)
 Delete an LDAP entry LDAP object connect and bind must have been done.
 
 dumpContent ($dn, $info)
 Build an LDAP message.
 
 dump ($dn, $info)
 Dump an LDAP message to ldapinput.in file.
 
 serverPing ($host, $port=389, $timeout=1)
 Ping a server before ldap_connect for avoid waiting.
 
 addAttribute ($dn, $info, $user)
 Add an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 updateAttribute ($dn, $info, $user)
 Update an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 deleteAttribute ($dn, $info, $user)
 Delete an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 getAttribute ($dn, $filter)
 Returns an array containing attributes and values for first record.
 
 getAttributeValues ($filterrecord, $attribute)
 Returns an array containing values for an attribute and for first record matching filterrecord.
 
 getRecords ($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
 Returns an array containing a details or list of LDAP record(s).
 
 littleEndian ($hex)
 Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.
 
 getObjectSid ($ldapUser)
 Gets LDAP user SID.
 
 binSIDtoText ($binsid)
 Returns the textual SID Required by Active Directory.
 
 search ($checkDn, $filter)
 Search method with filter this->connection must be defined.
 
 fetch ($user, $filter)
 Load all attributes of an LDAP user.
 
 getUserIdentifier ()
 Returns the correct user identifier to use, based on the LDAP server type.
 
 parseUACF ($uacf)
 UserAccountControl Flags to more human understandable form...
 
 parseSAT ($samtype)
 SamAccountType value to text.
 
 convertTime ($value)
 Converts ActiveDirectory time to Unix timestamp.
 
 convFromOutputCharset ($str, $pagecodeto='UTF-8')
 Convert a string from output/memory charset.
 
 getNextGroupGid ($keygroup='LDAP_KEY_GROUPS')
 Return available value of group GID.
 

Private Member Functions

 convToOutputCharset ($str, $pagecodefrom='UTF-8')
 Convert a string into output/memory charset.
 

Detailed Description

Class to manage LDAP features.

Definition at line 37 of file ldap.class.php.

Member Function Documentation

◆ add()

Ldap::add ( $dn,
$info,
$user )

Add an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that create
Returns
int if KO: <0 || if OK: >0

Definition at line 608 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ addAttribute()

Ldap::addAttribute ( $dn,
$info,
$user )

Add an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that create
Returns
int if KO: <0 || if OK: >0

Definition at line 957 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ bind()

Ldap::bind ( )

Anonymously binds to the connection.

After this is done, queries and searches can be done - but read-only.

Returns
boolean true or false

Definition at line 488 of file ldap.class.php.

Referenced by add(), addAttribute(), connectBind(), delete(), deleteAttribute(), getAttribute(), modify(), rename(), update(), and updateAttribute().

◆ bindauth()

Ldap::bindauth ( $bindDn,
$pass )

Binds as an authenticated user, which usually allows for write access.

The FULL dn must be passed. For a directory manager, this is "cn=Directory Manager" under iPlanet. For a user, it will be something like "uid=jbloggs,ou=People,dc=foo,dc=com".

Parameters
string$bindDnDN
string$passPassword
Returns
boolean true or false

Definition at line 510 of file ldap.class.php.

Referenced by connectBind(), fetch(), getObjectSid(), getRecords(), and search().

◆ binSIDtoText()

Ldap::binSIDtoText ( $binsid)

Returns the textual SID Required by Active Directory.

Parameters
string$binsidBinary SID
Returns
string Textual SID

Definition at line 1336 of file ldap.class.php.

References littleEndian().

Referenced by getObjectSid().

◆ close()

Ldap::close ( )

Simply closes the connection set up earlier.

Returns true if OK, false if there was an error. This method seems a duplicate/alias of unbind().

Returns
boolean true or false
Deprecated
ldap_close is an alias of ldap_unbind, so use unbind() instead.
See also
unbind()

Definition at line 477 of file ldap.class.php.

References unbind().

◆ connectBind()

Ldap::connectBind ( )

Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.

See also
connect_bind renamed
Returns
int if KO: <0 || if bind anonymous: 1 || if bind auth: 2

Definition at line 316 of file ldap.class.php.

References bind(), bindauth(), dol_syslog(), getDolGlobalString(), serverPing(), setReferrals(), setSizeLimit(), setVersion(), and unbind().

◆ convertTime()

Ldap::convertTime ( $value)

Converts ActiveDirectory time to Unix timestamp.

Parameters
string$valueAD time to convert
Returns
integer Unix timestamp

Definition at line 1574 of file ldap.class.php.

Referenced by fetch().

◆ convFromOutputCharset()

Ldap::convFromOutputCharset ( $str,
$pagecodeto = 'UTF-8' )

Convert a string from output/memory charset.

Parameters
string$strString to convert
string$pagecodetoPage code for result string
Returns
string Converted string

Definition at line 1610 of file ldap.class.php.

Referenced by add(), addAttribute(), delete(), deleteAttribute(), modify(), rename(), search(), and updateAttribute().

◆ convToOutputCharset()

Ldap::convToOutputCharset ( $str,
$pagecodefrom = 'UTF-8' )
private

Convert a string into output/memory charset.

Parameters
string$strString to convert
string$pagecodefromPage code of src string
Returns
string Converted string

Definition at line 1591 of file ldap.class.php.

Referenced by fetch(), and getRecords().

◆ delete()

Ldap::delete ( $dn)

Delete an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
Returns
int if KO: <0 || if OK: >0

Definition at line 808 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

◆ deleteAttribute()

Ldap::deleteAttribute ( $dn,
$info,
$user )

Delete an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that create
Returns
int if KO: <0 || if OK: >0

Definition at line 1049 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ dump()

Ldap::dump ( $dn,
$info )

Dump an LDAP message to ldapinput.in file.

Parameters
string$dnDN entry key
array$infoAttributes array
Returns
int if KO: <0 || if OK: >0

Definition at line 877 of file ldap.class.php.

References dol_mkdir(), dolChmod(), and dumpContent().

Referenced by add(), addAttribute(), deleteAttribute(), modify(), and updateAttribute().

◆ dumpContent()

Ldap::dumpContent ( $dn,
$info )

Build an LDAP message.

See also
dump_content renamed
Parameters
string$dnDN entry key
array$infoAttributes array
Returns
string Content of file

Definition at line 841 of file ldap.class.php.

Referenced by dump().

◆ fetch()

Ldap::fetch ( $user,
$filter )

Load all attributes of an LDAP user.

Parameters
User | string$userNot used.
string$filterFilter for search. Must start with &. Examples: &(objectClass=inetOrgPerson) &(objectClass=user)(objectCategory=person) &(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com)
Returns
int if KO: <0 || if OK: > 0

Definition at line 1396 of file ldap.class.php.

References bindauth(), convertTime(), convToOutputCharset(), dol_syslog(), name, and parseUACF().

◆ getAttribute()

Ldap::getAttribute ( $dn,
$filter )

Returns an array containing attributes and values for first record.

Parameters
string$dnDN entry key
string$filterFilter
Returns
int|array if KO: <=0 || if OK: array

Definition at line 1093 of file ldap.class.php.

References bind().

◆ getAttributeValues()

Ldap::getAttributeValues ( $filterrecord,
$attribute )

Returns an array containing values for an attribute and for first record matching filterrecord.

Parameters
string$filterrecordRecord
string$attributeAttributes
Returns
array|boolean

Definition at line 1134 of file ldap.class.php.

◆ getNextGroupGid()

Ldap::getNextGroupGid ( $keygroup = 'LDAP_KEY_GROUPS')

Return available value of group GID.

Parameters
string$keygroupKey of group
Returns
int gid number

Definition at line 1629 of file ldap.class.php.

References getDolGlobalString(), and search().

◆ getObjectSid()

Ldap::getObjectSid ( $ldapUser)

Gets LDAP user SID.

Required by Active Directory

Parameters
string$ldapUserUser login
Returns
int|string if SID OK: SID string, if KO: -1

Definition at line 1286 of file ldap.class.php.

References bindauth(), and binSIDtoText().

Referenced by getRecords().

◆ getRecords()

Ldap::getRecords ( $search,
$userDn,
$useridentifier,
$attributeArray,
$activefilter = 0,
$attributeAsArray = array() )

Returns an array containing a details or list of LDAP record(s).

ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword

Parameters
string$searchValue of field to search, '*' for all. Not used if $activefilter is set.
string$userDnDN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
string$useridentifierName of key field (Ex: uid).
array$attributeArrayArray of fields required. Note this array must also contain field $useridentifier (Ex: sn,userPassword)
int$activefilter'1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=use field this->filtergroup as filter, 'member'=use field this->filtermember as filter
array$attributeAsArrayArray of fields wanted as an array not a string
Returns
array|int if KO: <0 || if OK: array of [id_record][ldap_field]=value

Definition at line 1177 of file ldap.class.php.

References bindauth(), convToOutputCharset(), dol_syslog(), and getObjectSid().

◆ getUserIdentifier()

Ldap::getUserIdentifier ( )

Returns the correct user identifier to use, based on the LDAP server type.

Returns
string Login

Definition at line 1480 of file ldap.class.php.

◆ getVersion()

Ldap::getVersion ( )

Verify LDAP server version.

Returns
int version

Definition at line 560 of file ldap.class.php.

◆ littleEndian()

Ldap::littleEndian ( $hex)

Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.

Parameters
string$hexHex value
Returns
string Little endian

Definition at line 1269 of file ldap.class.php.

References dol_strlen().

Referenced by binSIDtoText().

◆ modify()

Ldap::modify ( $dn,
$info,
$user )

Modify an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that modify
Returns
int if KO: <0 || if OK: >0

Definition at line 656 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ parseSAT()

Ldap::parseSAT ( $samtype)

SamAccountType value to text.

Parameters
string$samtypeSamType
Returns
string Sam string

Definition at line 1542 of file ldap.class.php.

◆ parseUACF()

Ldap::parseUACF ( $uacf)

UserAccountControl Flags to more human understandable form...

Parameters
string$uacfUACF
Returns
array

Definition at line 1495 of file ldap.class.php.

Referenced by fetch().

◆ rename()

Ldap::rename ( $dn,
$newrdn,
$newparent,
$user,
$deleteoldrdn = true )

Rename an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnOld DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
string$newrdnNew RDN entry key (uid=qqq)
string$newparentNew parent (ou=xxx,dc=aaa,dc=bbb)
User$userObject user that modify
bool$deleteoldrdnIf true the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.
Returns
int if KO: <0 || if OK: >0

Definition at line 714 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

Referenced by update().

◆ search()

Ldap::search ( $checkDn,
$filter )

Search method with filter this->connection must be defined.

The bind or bindauth methods must already have been called. Do not use for search of a given properties list because of upper-lower case conflict. Only use for pages. 'Fiche LDAP' shows readable fields by default.

See also
bind
bindauth
Parameters
string$checkDnSearch DN (Ex: ou=users,cn=my-domain,cn=com)
string$filterSearch filter (ex: (sn=name_person) )
Returns
array|int Array with answers (lowercase key - value)

Definition at line 1363 of file ldap.class.php.

References bindauth(), convFromOutputCharset(), and dol_syslog().

Referenced by getNextGroupGid().

◆ serverPing()

Ldap::serverPing ( $host,
$port = 389,
$timeout = 1 )

Ping a server before ldap_connect for avoid waiting.

Parameters
string$hostServer host or address
int$portServer port (default 389)
int$timeoutTimeout in second (default 1s)
Returns
boolean true or false

Definition at line 910 of file ldap.class.php.

Referenced by connectBind().

◆ setReferrals()

Ldap::setReferrals ( )

Set LDAP referrals.

LDAP_OPT_REFERRALS is a constant equal to ?

Returns
boolean if set LDAP option OK: true, if KO: false

Definition at line 593 of file ldap.class.php.

Referenced by connectBind().

◆ setSizeLimit()

Ldap::setSizeLimit ( )

Set LDAP size limit.

Returns
boolean if set LDAP option OK: true, if KO: false

Definition at line 582 of file ldap.class.php.

Referenced by connectBind().

◆ setVersion()

Ldap::setVersion ( )

Set LDAP protocol version.

LDAP_OPT_PROTOCOL_VERSION is a constant equal to 3

Returns
boolean if set LDAP option OK: true, if KO: false

Definition at line 572 of file ldap.class.php.

Referenced by connectBind().

◆ unbind()

Ldap::unbind ( )

Unbind of LDAP server (close connection).

Returns
boolean true or false
See also
close()

Definition at line 528 of file ldap.class.php.

References dol_syslog().

Referenced by close(), and connectBind().

◆ update()

Ldap::update ( $dn,
$info,
$user,
$olddn,
$newrdn = '',
$newparent = '' )

Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that update
string$olddnOld DN entry key (before update)
string$newrdnNew RDN entry key (uid=qqq) (for ldap_rename)
string$newparentNew parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)
Returns
int if KO: <0 || if OK: >0

Definition at line 758 of file ldap.class.php.

References add(), bind(), dol_syslog(), modify(), and rename().

◆ updateAttribute()

Ldap::updateAttribute ( $dn,
$info,
$user )

Update an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array$infoAttributes array
User$userObject user that create
Returns
int if KO: <0 || if OK: >0

Definition at line 1003 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().


The documentation for this class was generated from the following file: