dolibarr 21.0.0-beta
Ldap Class Reference

Class to manage LDAP features. More...

Collaboration diagram for Ldap:

Public Member Functions

 __construct ()
 Constructor.
 
 connectBind ()
 Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.
 
 close ()
 Simply closes the connection set up earlier.
 
 bind ()
 Anonymously binds to the connection.
 
 bindauth ($bindDn, $pass)
 Binds as an authenticated user, which usually allows for write access.
 
 unbind ()
 Unbind of LDAP server (close connection).
 
 getVersion ()
 Verify LDAP server version.
 
 setVersion ()
 Set LDAP protocol version.
 
 setSizeLimit ()
 Set LDAP size limit.
 
 setReferrals ()
 Set LDAP referrals.
 
 add ($dn, $info, $user)
 Add an LDAP entry LDAP object connect and bind must have been done.
 
 modify ($dn, $info, $user)
 Modify an LDAP entry LDAP object connect and bind must have been done.
 
 rename ($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
 Rename an LDAP entry LDAP object connect and bind must have been done.
 
 update ($dn, $info, $user, $olddn, $newrdn='', $newparent='')
 Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.
 
 delete ($dn)
 Delete an LDAP entry LDAP object connect and bind must have been done.
 
 dumpContent ($dn, $info)
 Build an LDAP message.
 
 dump ($dn, $info)
 Dump an LDAP message to ldapinput.in file.
 
 serverPing ($host, $port=389, $timeout=1)
 Ping a server before ldap_connect for avoid waiting.
 
 addAttribute ($dn, $info, $user)
 Add an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 updateAttribute ($dn, $info, $user)
 Update an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 deleteAttribute ($dn, $info, $user)
 Delete an LDAP attribute in entry LDAP object connect and bind must have been done.
 
 getAttribute ($dn, $filter)
 Returns an array containing attributes and values for first record.
 
 getAttributeValues ($filterrecord, $attribute)
 Returns an array containing values for an attribute and for first record matching filterrecord.
 
 getRecords ($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
 Returns an array containing a details or list of LDAP record(s).
 
 littleEndian ($hex)
 Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.
 
 getObjectSid ($ldapUser)
 Gets LDAP user SID.
 
 binSIDtoText ($binsid)
 Returns the textual SID Required by Active Directory.
 
 search ($checkDn, $filter)
 Search method with filter this->connection must be defined.
 
 fetch ($user, $filter)
 Load all attributes of an LDAP user.
 
 getUserIdentifier ()
 Returns the correct user identifier to use, based on the LDAP server type.
 
 parseUACF ($uacf)
 UserAccountControl Flags to more human understandable form...
 
 parseSAT ($samtype)
 SamAccountType value to text.
 
 convertTime ($value)
 Converts ActiveDirectory time to Unix timestamp.
 
 convFromOutputCharset ($str, $pagecodeto='UTF-8')
 Convert a string from output/memory charset.
 
 getNextGroupGid ($keygroup='LDAP_KEY_GROUPS')
 Return available value of group GID.
 

Private Member Functions

 convToOutputCharset ($str, $pagecodefrom='UTF-8')
 Convert a string into output/memory charset.
 

Detailed Description

Class to manage LDAP features.

Definition at line 38 of file ldap.class.php.

Member Function Documentation

◆ add()

Ldap::add ( $dn,
$info,
$user )

Add an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string[]>$info Attributes array
User$userObject user that create
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 609 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ addAttribute()

Ldap::addAttribute ( $dn,
$info,
$user )

Add an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string|string[]>$info Attributes array
User$userObject user that create
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 958 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ bind()

Ldap::bind ( )

Anonymously binds to the connection.

After this is done, queries and searches can be done - but read-only.

Returns
boolean true or false

Definition at line 489 of file ldap.class.php.

Referenced by add(), addAttribute(), connectBind(), delete(), deleteAttribute(), getAttribute(), modify(), rename(), update(), and updateAttribute().

◆ bindauth()

Ldap::bindauth ( $bindDn,
$pass )

Binds as an authenticated user, which usually allows for write access.

The FULL dn must be passed. For a directory manager, this is "cn=Directory Manager" under iPlanet. For a user, it will be something like "uid=jbloggs,ou=People,dc=foo,dc=com".

Parameters
string$bindDnDN
string$passPassword
Returns
bool true or false

Definition at line 511 of file ldap.class.php.

Referenced by connectBind(), fetch(), getObjectSid(), getRecords(), and search().

◆ binSIDtoText()

Ldap::binSIDtoText ( $binsid)

Returns the textual SID Required by Active Directory.

Parameters
string$binsidBinary SID
Returns
string Textual SID

Definition at line 1340 of file ldap.class.php.

References littleEndian().

Referenced by getObjectSid().

◆ close()

Ldap::close ( )

Simply closes the connection set up earlier.

Returns true if OK, false if there was an error. This method seems a duplicate/alias of unbind().

Returns
boolean true or false
Deprecated
ldap_close is an alias of ldap_unbind, so use unbind() instead.
See also
unbind()

Definition at line 478 of file ldap.class.php.

References unbind().

◆ connectBind()

Ldap::connectBind ( )

Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.

See also
connect_bind renamed
Returns
int if KO: <0 || if bind anonymous: 1 || if bind auth: 2

Definition at line 317 of file ldap.class.php.

References bind(), bindauth(), dol_syslog(), getDolGlobalString(), serverPing(), setReferrals(), setSizeLimit(), setVersion(), and unbind().

◆ convertTime()

Ldap::convertTime ( $value)

Converts ActiveDirectory time to Unix timestamp.

Parameters
string$valueAD time to convert (ns since 1601)
Returns
integer Unix timestamp

Definition at line 1578 of file ldap.class.php.

Referenced by fetch().

◆ convFromOutputCharset()

Ldap::convFromOutputCharset ( $str,
$pagecodeto = 'UTF-8' )

Convert a string from output/memory charset.

Parameters
string$strString to convert
string$pagecodetoPage code for result string
Returns
string Converted string

Definition at line 1620 of file ldap.class.php.

References $conf.

Referenced by add(), addAttribute(), delete(), deleteAttribute(), modify(), rename(), search(), and updateAttribute().

◆ convToOutputCharset()

Ldap::convToOutputCharset ( $str,
$pagecodefrom = 'UTF-8' )
private

Convert a string into output/memory charset.

Parameters
string$strString to convert
string$pagecodefromPage code of src string
Returns
string Converted string

Definition at line 1601 of file ldap.class.php.

References $conf.

Referenced by fetch(), and getRecords().

◆ delete()

Ldap::delete ( $dn)

Delete an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 809 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

◆ deleteAttribute()

Ldap::deleteAttribute ( $dn,
$info,
$user )

Delete an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string|string[]>$info Attributes array
User$userObject user that create
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 1050 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ dump()

Ldap::dump ( $dn,
$info )

Dump an LDAP message to ldapinput.in file.

Parameters
string$dnDN entry key
array<string,string[]>$info Attributes array
Returns
int<-1,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 878 of file ldap.class.php.

References $conf, dol_mkdir(), dolChmod(), and dumpContent().

Referenced by add(), addAttribute(), deleteAttribute(), modify(), and updateAttribute().

◆ dumpContent()

Ldap::dumpContent ( $dn,
$info )

Build an LDAP message.

See also
dump_content renamed
Parameters
string$dnDN entry key
array<string,string[]>$info Attributes array
Returns
string Content of file

Definition at line 842 of file ldap.class.php.

Referenced by dump().

◆ fetch()

Ldap::fetch ( $user,
$filter )

Load all attributes of an LDAP user.

Parameters
User | string$userNot used.
string$filterFilter for search. Must start with &. Examples: &(objectClass=inetOrgPerson) &(objectClass=user)(objectCategory=person) &(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com)
Returns
int if KO: <0 || if OK: > 0

Definition at line 1400 of file ldap.class.php.

References bindauth(), convertTime(), convToOutputCharset(), dol_syslog(), name, and parseUACF().

◆ getAttribute()

Ldap::getAttribute ( $dn,
$filter )

Returns an array containing attributes and values for first record.

array{count:int,0..max:string|mixed[],string:array}

Parameters
string$dnDN entry key
string$filterFilter
Returns
int<-3,0>|array<'count'|int,int|mixed[]> if KO: <=0 || if OK: array

Definition at line 1096 of file ldap.class.php.

References bind().

◆ getAttributeValues()

Ldap::getAttributeValues ( $filterrecord,
$attribute )

Returns an array containing values for an attribute and for first record matching filterrecord.

Parameters
string$filterrecordRecord
string$attributeAttributes
Returns
array<string|int,int|string>|false

Definition at line 1137 of file ldap.class.php.

◆ getNextGroupGid()

Ldap::getNextGroupGid ( $keygroup = 'LDAP_KEY_GROUPS')

Return available value of group GID.

Parameters
string$keygroupKey of group
Returns
int gid number

Definition at line 1639 of file ldap.class.php.

References getDolGlobalString(), and search().

◆ getObjectSid()

Ldap::getObjectSid ( $ldapUser)

Gets LDAP user SID.

Required by Active Directory

Parameters
string$ldapUserUser login
Returns
int|string if SID OK: SID string, if KO: -1

Definition at line 1289 of file ldap.class.php.

References bindauth(), and binSIDtoText().

Referenced by getRecords().

◆ getRecords()

Ldap::getRecords ( $search,
$userDn,
$useridentifier,
$attributeArray,
$activefilter = 0,
$attributeAsArray = array() )

Returns an array containing a details or list of LDAP record(s).

ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword

Parameters
string$searchValue of field to search, '*' for all. Not used if $activefilter is set.
string$userDnDN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
string$useridentifierName of key field (Ex: uid).
string[]$attributeArrayArray of fields required. Note this array must also contain field $useridentifier (Ex: sn,userPassword)
0|1|'1'|'user'|'group'|'member'$activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=use field this->filtergroup as filter, 'member'=use field this->filtermember as filter
string[]$attributeAsArrayArray of fields wanted as an array not a string
Returns
array<string,array<string,string>>|int<min,-1> if KO: <0 || if OK: array of [id_record][ldap_field]=value

Definition at line 1180 of file ldap.class.php.

References bindauth(), convToOutputCharset(), dol_syslog(), and getObjectSid().

◆ getUserIdentifier()

Ldap::getUserIdentifier ( )

Returns the correct user identifier to use, based on the LDAP server type.

Returns
string Login

Definition at line 1484 of file ldap.class.php.

◆ getVersion()

Ldap::getVersion ( )

Verify LDAP server version.

Returns
int version

Definition at line 561 of file ldap.class.php.

◆ littleEndian()

Ldap::littleEndian ( $hex)

Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.

Parameters
string$hexHex value
Returns
string Little endian

Definition at line 1272 of file ldap.class.php.

References dol_strlen().

Referenced by binSIDtoText().

◆ modify()

Ldap::modify ( $dn,
$info,
$user )

Modify an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string[]>$info Attributes array
User$userObject user that modify
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 657 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ parseSAT()

Ldap::parseSAT ( $samtype)

SamAccountType value to text.

Parameters
string$samtypeSamType
Returns
string Sam string

Definition at line 1546 of file ldap.class.php.

◆ parseUACF()

Ldap::parseUACF ( $uacf)

UserAccountControl Flags to more human understandable form...

Parameters
string$uacfUACF
Returns
array<int,string>

Definition at line 1499 of file ldap.class.php.

Referenced by fetch().

◆ rename()

Ldap::rename ( $dn,
$newrdn,
$newparent,
$user,
$deleteoldrdn = true )

Rename an LDAP entry LDAP object connect and bind must have been done.

Parameters
string$dnOld DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
string$newrdnNew RDN entry key (uid=qqq)
string$newparentNew parent (ou=xxx,dc=aaa,dc=bbb)
User$userObject user that modify
bool$deleteoldrdnIf true the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 715 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

Referenced by update().

◆ search()

Ldap::search ( $checkDn,
$filter )

Search method with filter this->connection must be defined.

The bind or bindauth methods must already have been called. Do not use for search of a given properties list because of upper-lower case conflict. Only use for pages. 'Fiche LDAP' shows readable fields by default.

See also
bind
bindauth
Parameters
string$checkDnSearch DN (Ex: ou=users,cn=my-domain,cn=com)
string$filterSearch filter (ex: (sn=name_person) )
Returns
array<int|string,int|string|mixed[]>|int<-1,-1> Array with answers (lowercase key - value)

Definition at line 1367 of file ldap.class.php.

References bindauth(), convFromOutputCharset(), and dol_syslog().

Referenced by getNextGroupGid().

◆ serverPing()

Ldap::serverPing ( $host,
$port = 389,
$timeout = 1 )

Ping a server before ldap_connect for avoid waiting.

Parameters
string$hostServer host or address
int$portServer port (default 389)
int$timeoutTimeout in second (default 1s)
Returns
bool true or false

Definition at line 911 of file ldap.class.php.

Referenced by connectBind().

◆ setReferrals()

Ldap::setReferrals ( )

Set LDAP referrals.

LDAP_OPT_REFERRALS is a constant equal to ?

Returns
bool if set LDAP option OK: true, if KO: false

Definition at line 594 of file ldap.class.php.

Referenced by connectBind().

◆ setSizeLimit()

Ldap::setSizeLimit ( )

Set LDAP size limit.

Returns
bool if set LDAP option OK: true, if KO: false

Definition at line 583 of file ldap.class.php.

Referenced by connectBind().

◆ setVersion()

Ldap::setVersion ( )

Set LDAP protocol version.

LDAP_OPT_PROTOCOL_VERSION is a constant equal to 3

Returns
bool if set LDAP option OK: true, if KO: false

Definition at line 573 of file ldap.class.php.

Referenced by connectBind().

◆ unbind()

Ldap::unbind ( )

Unbind of LDAP server (close connection).

Returns
bool true or false
See also
close()

Definition at line 529 of file ldap.class.php.

References dol_syslog().

Referenced by close(), and connectBind().

◆ update()

Ldap::update ( $dn,
$info,
$user,
$olddn,
$newrdn = '',
$newparent = '' )

Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string[]>$info Attributes array
User$userObject user that update
string$olddnOld DN entry key (before update)
string$newrdnNew RDN entry key (uid=qqq) (for ldap_rename)
string$newparentNew parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 759 of file ldap.class.php.

References add(), bind(), dol_syslog(), modify(), and rename().

◆ updateAttribute()

Ldap::updateAttribute ( $dn,
$info,
$user )

Update an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters
string$dnDN entry key
array<string,string|string[]>$info Attributes array
User$userObject user that create
Returns
int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 1004 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().


The documentation for this class was generated from the following file: