Class to manage LDAP features. More...

Collaboration diagram for Ldap:

Public Member Functions
	__construct ()
	Constructor.

	connectBind ()
	Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.

	close ()
	Simply closes the connection set up earlier.

	bind ()
	Anonymously binds to the connection.

	bindauth ($bindDn, $pass)
	Binds as an authenticated user, which usually allows for write access.

	unbind ()
	Unbind of LDAP server (close connection).

	getVersion ()
	Verify LDAP server version.

	setVersion ()
	Set LDAP protocol version.

	setSizeLimit ()
	Set LDAP size limit.

	setReferrals ()
	Set LDAP referrals.

	add ($dn, $info, $user)
	Add an LDAP entry LDAP object connect and bind must have been done.

	modify ($dn, $info, $user)
	Modify an LDAP entry LDAP object connect and bind must have been done.

	rename ($dn, $newrdn, $newparent, $user, $deleteoldrdn=true)
	Rename an LDAP entry LDAP object connect and bind must have been done.

	update ($dn, $info, $user, $olddn, $newrdn='', $newparent='')
	Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.

	delete ($dn)
	Delete an LDAP entry LDAP object connect and bind must have been done.

	dumpContent ($dn, $info)
	Build an LDAP message.

	dump ($dn, $info)
	Dump an LDAP message to ldapinput.in file.

	serverPing ($host, $port=389, $timeout=1)
	Ping a server before ldap_connect for avoid waiting.

	addAttribute ($dn, $info, $user)
	Add an LDAP attribute in entry LDAP object connect and bind must have been done.

	updateAttribute ($dn, $info, $user)
	Update an LDAP attribute in entry LDAP object connect and bind must have been done.

	deleteAttribute ($dn, $info, $user)
	Delete an LDAP attribute in entry LDAP object connect and bind must have been done.

	getAttribute ($dn, $filter)
	Returns an array containing attributes and values for first record.

	getAttributeValues ($filterrecord, $attribute)
	Returns an array containing values for an attribute and for first record matching filterrecord.

	getRecords ($search, $userDn, $useridentifier, $attributeArray, $activefilter=0, $attributeAsArray=array())
	Returns an array containing a details or list of LDAP record(s).

	littleEndian ($hex)
	Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.

	getObjectSid ($ldapUser)
	Gets LDAP user SID.

	binSIDtoText ($binsid)
	Returns the textual SID Required by Active Directory.

	search ($checkDn, $filter)
	Search method with filter this->connection must be defined.

	fetch ($user, $filter)
	Load all attributes of an LDAP user.

	getUserIdentifier ()
	Returns the correct user identifier to use, based on the LDAP server type.

	parseUACF ($uacf)
	UserAccountControl Flags to more human understandable form...

	parseSAT ($samtype)
	SamAccountType value to text.

	convertTime ($value)
	Converts ActiveDirectory time to Unix timestamp.

	convFromOutputCharset ($str, $pagecodeto='UTF-8')
	Convert a string from output/memory charset.

	getNextGroupGid ($keygroup='LDAP_KEY_GROUPS')
	Return available value of group GID.

Private Member Functions
	convToOutputCharset ($str, $pagecodefrom='UTF-8')
	Convert a string into output/memory charset.

Detailed Description

Class to manage LDAP features.

Definition at line 37 of file ldap.class.php.

Member Function Documentation

◆ add()

Ldap::add	(	$dn,
		$info,
		$user )

Add an LDAP entry LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string[]>	$info Attributes array
User	$user	Object user that create

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 608 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ addAttribute()

Ldap::addAttribute	(	$dn,
		$info,
		$user )

Add an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string\|string[]>	$info Attributes array
User	$user	Object user that create

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 957 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ bind()

Ldap::bind ( )

Anonymously binds to the connection.

After this is done, queries and searches can be done - but read-only.

Returns: boolean true or false

Definition at line 488 of file ldap.class.php.

Referenced by add(), addAttribute(), connectBind(), delete(), deleteAttribute(), getAttribute(), modify(), rename(), update(), and updateAttribute().

◆ bindauth()

Ldap::bindauth	(		$bindDn,
			$pass )

Binds as an authenticated user, which usually allows for write access.

The FULL dn must be passed. For a directory manager, this is "cn=Directory Manager" under iPlanet. For a user, it will be something like "uid=jbloggs,ou=People,dc=foo,dc=com".

Parameters

string	$bindDn	DN
string	$pass	Password

Returns: bool true or false

Definition at line 510 of file ldap.class.php.

Referenced by connectBind(), fetch(), getObjectSid(), getRecords(), and search().

◆ binSIDtoText()

Ldap::binSIDtoText ( $binsid )

Returns the textual SID Required by Active Directory.

Parameters

string $binsid Binary SID

Returns: string Textual SID

Definition at line 1339 of file ldap.class.php.

References littleEndian().

Referenced by getObjectSid().

◆ close()

Ldap::close ( )

Simply closes the connection set up earlier.

Returns true if OK, false if there was an error. This method seems a duplicate/alias of unbind().

Returns: boolean true or false

Deprecated: ldap_close is an alias of ldap_unbind, so use unbind() instead.

See also: unbind()

Definition at line 477 of file ldap.class.php.

References unbind().

◆ connectBind()

Ldap::connectBind ( )

Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined.

See also: connect_bind renamed

Returns: int if KO: <0 || if bind anonymous: 1 || if bind auth: 2

Definition at line 316 of file ldap.class.php.

References bind(), bindauth(), dol_syslog(), getDolGlobalString(), serverPing(), setReferrals(), setSizeLimit(), setVersion(), and unbind().

◆ convertTime()

Ldap::convertTime ( $value )

Converts ActiveDirectory time to Unix timestamp.

Parameters

string $value AD time to convert (ns since 1601)

Returns: integer Unix timestamp

Definition at line 1577 of file ldap.class.php.

Referenced by fetch().

◆ convFromOutputCharset()

Ldap::convFromOutputCharset	(		$str,
			$pagecodeto = 'UTF-8' )

Convert a string from output/memory charset.

Parameters

string	$str	String to convert
string	$pagecodeto	Page code for result string

Returns: string Converted string

Definition at line 1619 of file ldap.class.php.

Referenced by add(), addAttribute(), delete(), deleteAttribute(), modify(), rename(), search(), and updateAttribute().

◆ convToOutputCharset()

Ldap::convToOutputCharset	(		$str,
			$pagecodefrom = 'UTF-8' )

private

Convert a string into output/memory charset.

Parameters

string	$str	String to convert
string	$pagecodefrom	Page code of src string

Returns: string Converted string

Definition at line 1600 of file ldap.class.php.

Referenced by fetch(), and getRecords().

◆ delete()

Ldap::delete ( $dn )

Delete an LDAP entry LDAP object connect and bind must have been done.

Parameters

string $dn DN entry key

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 808 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

◆ deleteAttribute()

Ldap::deleteAttribute	(	$dn,
		$info,
		$user )

Delete an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string\|string[]>	$info Attributes array
User	$user	Object user that create

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 1049 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

◆ dump()

Ldap::dump	(		$dn,
			$info )

Dump an LDAP message to ldapinput.in file.

Parameters

string	$dn	DN entry key
	array<string,string[]>	$info Attributes array

Returns: int<-1,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 877 of file ldap.class.php.

References dol_mkdir(), dolChmod(), and dumpContent().

Referenced by add(), addAttribute(), deleteAttribute(), modify(), and updateAttribute().

◆ dumpContent()

Ldap::dumpContent	(		$dn,
			$info )

Build an LDAP message.

See also: dump_content renamed

Parameters

string	$dn	DN entry key
	array<string,string[]>	$info Attributes array

Returns: string Content of file

Definition at line 841 of file ldap.class.php.

Referenced by dump().

◆ fetch()

Ldap::fetch	(		$user,
			$filter )

Load all attributes of an LDAP user.

Parameters

User \| string	$user	Not used.
string	$filter	Filter for search. Must start with &. Examples: &(objectClass=inetOrgPerson) &(objectClass=user)(objectCategory=person) &(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com)

Returns: int if KO: <0 || if OK: > 0

Definition at line 1399 of file ldap.class.php.

References bindauth(), convertTime(), convToOutputCharset(), dol_syslog(), name, and parseUACF().

◆ getAttribute()

Ldap::getAttribute	(		$dn,
			$filter )

Returns an array containing attributes and values for first record.

array{count:int,0..max:string|mixed[],string:array}

Parameters

string	$dn	DN entry key
string	$filter	Filter

Returns: int<-3,0>|array<'count'|int,int|mixed[]> if KO: <=0 || if OK: array

Definition at line 1095 of file ldap.class.php.

References bind().

◆ getAttributeValues()

Ldap::getAttributeValues	(		$filterrecord,
			$attribute )

Returns an array containing values for an attribute and for first record matching filterrecord.

Parameters

string	$filterrecord	Record
string	$attribute	Attributes

Returns: array<string|int,int|string>|false

Definition at line 1136 of file ldap.class.php.

◆ getNextGroupGid()

Ldap::getNextGroupGid ( $keygroup = 'LDAP_KEY_GROUPS' )

Return available value of group GID.

Parameters

string $keygroup Key of group

Returns: int gid number

Definition at line 1638 of file ldap.class.php.

References getDolGlobalString(), and search().

◆ getObjectSid()

Ldap::getObjectSid ( $ldapUser )

Gets LDAP user SID.

Required by Active Directory

Parameters

string $ldapUser User login

Returns: int|string if SID OK: SID string, if KO: -1

Definition at line 1288 of file ldap.class.php.

References bindauth(), and binSIDtoText().

Referenced by getRecords().

◆ getRecords()

Ldap::getRecords	(	$search,
		$userDn,
		$useridentifier,
		$attributeArray,
		$activefilter = 0,
		$attributeAsArray = array() )

Returns an array containing a details or list of LDAP record(s).

ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword

Parameters

string	$search	Value of field to search, '*' for all. Not used if $activefilter is set.
string	$userDn	DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
string	$useridentifier	Name of key field (Ex: uid).
string[]	$attributeArray	Array of fields required. Note this array must also contain field $useridentifier (Ex: sn,userPassword)
	0\|1\|'1'\|'user'\|'group'\|'member'	$activefilter '1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=use field this->filtergroup as filter, 'member'=use field this->filtermember as filter
string[]	$attributeAsArray	Array of fields wanted as an array not a string

Returns: array<string,array<string,string>>|int<min,-1> if KO: <0 || if OK: array of [id_record][ldap_field]=value

Definition at line 1179 of file ldap.class.php.

References bindauth(), convToOutputCharset(), dol_syslog(), and getObjectSid().

◆ getUserIdentifier()

Ldap::getUserIdentifier ( )

Returns the correct user identifier to use, based on the LDAP server type.

Returns: string Login

Definition at line 1483 of file ldap.class.php.

◆ getVersion()

Ldap::getVersion ( )

Verify LDAP server version.

Returns: int version

Definition at line 560 of file ldap.class.php.

◆ littleEndian()

Ldap::littleEndian ( $hex )

Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory.

Parameters

string $hex Hex value

Returns: string Little endian

Definition at line 1271 of file ldap.class.php.

References dol_strlen().

Referenced by binSIDtoText().

◆ modify()

Ldap::modify	(	$dn,
		$info,
		$user )

Modify an LDAP entry LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string[]>	$info Attributes array
User	$user	Object user that modify

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 656 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

Referenced by update().

◆ parseSAT()

Ldap::parseSAT ( $samtype )

SamAccountType value to text.

Parameters

string $samtype SamType

Returns: string Sam string

Definition at line 1545 of file ldap.class.php.

◆ parseUACF()

Ldap::parseUACF ( $uacf )

UserAccountControl Flags to more human understandable form...

Parameters

string $uacf UACF

Returns: array<int,string>

Definition at line 1498 of file ldap.class.php.

Referenced by fetch().

◆ rename()

Ldap::rename	(	$dn,
		$newrdn,
		$newparent,
		$user,
		$deleteoldrdn = true )

Rename an LDAP entry LDAP object connect and bind must have been done.

Parameters

string	$dn	Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
string	$newrdn	New RDN entry key (uid=qqq)
string	$newparent	New parent (ou=xxx,dc=aaa,dc=bbb)
User	$user	Object user that modify
bool	$deleteoldrdn	If true the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 714 of file ldap.class.php.

References bind(), convFromOutputCharset(), and dol_syslog().

Referenced by update().

◆ search()

Ldap::search	(		$checkDn,
			$filter )

Search method with filter this->connection must be defined.

The bind or bindauth methods must already have been called. Do not use for search of a given properties list because of upper-lower case conflict. Only use for pages. 'Fiche LDAP' shows readable fields by default.

See also: bind; bindauth

Parameters

string	$checkDn	Search DN (Ex: ou=users,cn=my-domain,cn=com)
string	$filter	Search filter (ex: (sn=name_person) )

Returns: array<int|string,int|string|mixed[]>|int<-1,-1> Array with answers (lowercase key - value)

Definition at line 1366 of file ldap.class.php.

References bindauth(), convFromOutputCharset(), and dol_syslog().

Referenced by getNextGroupGid().

◆ serverPing()

Ldap::serverPing	(	$host,
		$port = 389,
		$timeout = 1 )

Ping a server before ldap_connect for avoid waiting.

Parameters

string	$host	Server host or address
int	$port	Server port (default 389)
int	$timeout	Timeout in second (default 1s)

Returns: bool true or false

Definition at line 910 of file ldap.class.php.

Referenced by connectBind().

◆ setReferrals()

Ldap::setReferrals ( )

Set LDAP referrals.

LDAP_OPT_REFERRALS is a constant equal to ?

Returns: bool if set LDAP option OK: true, if KO: false

Definition at line 593 of file ldap.class.php.

Referenced by connectBind().

◆ setSizeLimit()

Ldap::setSizeLimit ( )

Set LDAP size limit.

Returns: bool if set LDAP option OK: true, if KO: false

Definition at line 582 of file ldap.class.php.

Referenced by connectBind().

◆ setVersion()

Ldap::setVersion ( )

Set LDAP protocol version.

LDAP_OPT_PROTOCOL_VERSION is a constant equal to 3

Returns: bool if set LDAP option OK: true, if KO: false

Definition at line 572 of file ldap.class.php.

Referenced by connectBind().

◆ unbind()

Ldap::unbind ( )

Unbind of LDAP server (close connection).

Returns: bool true or false

See also: close()

Definition at line 528 of file ldap.class.php.

References dol_syslog().

Referenced by close(), and connectBind().

◆ update()

Ldap::update	(	$dn,
		$info,
		$user,
		$olddn,
		$newrdn = '',
		$newparent = '' )

Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string[]>	$info Attributes array
User	$user	Object user that update
string	$olddn	Old DN entry key (before update)
string	$newrdn	New RDN entry key (uid=qqq) (for ldap_rename)
string	$newparent	New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 758 of file ldap.class.php.

References add(), bind(), dol_syslog(), modify(), and rename().

◆ updateAttribute()

Ldap::updateAttribute	(	$dn,
		$info,
		$user )

Update an LDAP attribute in entry LDAP object connect and bind must have been done.

Parameters

string	$dn	DN entry key
	array<string,string\|string[]>	$info Attributes array
User	$user	Object user that create

Returns: int<-3,-1>|int<1,1> if KO: <0 || if OK: >0

Definition at line 1003 of file ldap.class.php.

References bind(), convFromOutputCharset(), dol_syslog(), and dump().

The documentation for this class was generated from the following file:

dolibarr_dev/htdocs/core/class/ldap.class.php

Public Member Functions

Private Member Functions

Detailed Description

Member Function Documentation

◆ add()

◆ addAttribute()

◆ bind()

◆ bindauth()

◆ binSIDtoText()

◆ close()

◆ connectBind()

◆ convertTime()

◆ convFromOutputCharset()

◆ convToOutputCharset()

◆ delete()

◆ deleteAttribute()

◆ dump()

◆ dumpContent()

◆ fetch()

◆ getAttribute()

◆ getAttributeValues()

◆ getNextGroupGid()

◆ getObjectSid()

◆ getRecords()

◆ getUserIdentifier()

◆ getVersion()

◆ littleEndian()

◆ modify()

◆ parseSAT()

◆ parseUACF()

◆ rename()

◆ search()

◆ serverPing()

◆ setReferrals()

◆ setSizeLimit()

◆ setVersion()

◆ unbind()

◆ update()

◆ updateAttribute()