Ldap

class Ldap (View source)

Class to manage LDAP features

Constants

SYNCHRO_NONE

SYNCHRO_DOLIBARR_TO_LDAP

SYNCHRO_LDAP_TO_DOLIBARR

Properties

string $error
string[] $errors
string[] $server
string $connectedServer
int $serverPort
string $dn
string $serverType
string $ldapProtocolVersion
string $domain
string $domainFQDN
bool $bind
string $searchUser
string $searchPassword
string $people
string $groups
int|null $ldapErrorCode
string|null $ldapErrorText
string $filter
string $filtergroup
string $filtermember
string $attr_login
string $attr_sambalogin
string $attr_name
string $attr_firstname
string $attr_mail
string $attr_phone
string $attr_fax
string $attr_mobile
int $badpwdtime
string $ldapUserDN
string $name
string $firstname
string $login
string $phone
string $fax
string $mail
string $mobile
array<int, string> $uacf
int $pwdlastset
string $ldapcharset
bool|resource $connection
bool|resource $result

Methods

__construct()

Constructor

int
connectBind()

Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined

bool
close() deprecated

Simply closes the connection set up earlier. Returns true if OK, false if there was an error.

bool
bind()

Anonymously binds to the connection. After this is done, queries and searches can be done - but read-only.

bool
bindauth(string $bindDn, string $pass)

Binds as an authenticated user, which usually allows for write access. The FULL dn must be passed. For a directory manager, this is "cn=Directory Manager" under iPlanet. For a user, it will be something like "uid=jbloggs,ou=People,dc=foo,dc=com".

bool
unbind()

Unbind of LDAP server (close connection).

int
getVersion()

Verify LDAP server version

bool
setVersion()

Set LDAP protocol version.

bool
setSizeLimit()

Set LDAP size limit.

bool
setReferrals()

Set LDAP referrals.

int<-3, -1>|int<1, 1>
add(string $dn, $info, User $user)

Add an LDAP entry LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
modify(string $dn, $info, User $user)

Modify an LDAP entry LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
rename(string $dn, string $newrdn, string $newparent, User $user, bool $deleteoldrdn = true)

Rename an LDAP entry LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
update($dn, array<string, string[]> $info, $user, $olddn, $newrdn = '', string $newparent = '')

Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
delete(string $dn)

Delete an LDAP entry LDAP object connect and bind must have been done

string
dumpContent(string $dn, array<string, string[]> $info)

Build an LDAP message

int<-1, -1>|int<1, 1>
dump(string $dn, array<string, string[]> $info)

Dump an LDAP message to ldapinput.in file

bool
serverPing(string $host, int $port = 389, int $timeout = 1)

Ping a server before ldap_connect for avoid waiting

int<-3, -1>|int<1, 1>
addAttribute(string $dn, array<string, string|string[]> $info, User $user)

Add an LDAP attribute in entry LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
updateAttribute(string $dn, array<string, string|string[]> $info, User $user)

Update an LDAP attribute in entry LDAP object connect and bind must have been done

int<-3, -1>|int<1, 1>
deleteAttribute(string $dn, array<string, string|string[]> $info, User $user)

Delete an LDAP attribute in entry LDAP object connect and bind must have been done

int<-3, 0>|array<"count"|int, int|mixed[]>
getAttribute(string $dn, string $filter)

Returns an array containing attributes and values for first record

getAttributeValues($filterrecord, string $attribute)

Returns an array containing values for an attribute and for first record matching filterrecord

array<string, array<string, string>>|int<min, -1>
getRecords(string $search, string $userDn, string $useridentifier, string[] $attributeArray, 0|1|"1"|"user"|"group"|"member" $activefilter = 0, string[] $attributeAsArray = array())

Returns an array containing a details or list of LDAP record(s).

string
littleEndian(string $hex)

Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory

int|string
getObjectSid(string $ldapUser)

Gets LDAP user SID.

string
binSIDtoText(string $binsid)

Returns the textual SID Required by Active Directory

array<int|string, int|string|mixed[]>|int<-1, -1>
search($checkDn, $filter)

Search method with filter this->connection must be defined. The bind or bindauth methods must already have been called.

int
fetch($user, string $filter)

Load all attributes of an LDAP user

string
getUserIdentifier()

Returns the correct user identifier to use, based on the LDAP server type

array<int, string>
parseUACF(string $uacf)

UserAccountControl Flags to more human understandable form.

string
parseSAT(string $samtype)

SamAccountType value to text

int
convertTime(string $value)

Converts ActiveDirectory time to Unix timestamp

convFromOutputCharset($str, string $pagecodeto = 'UTF-8')

Convert a string from output/memory charset

int
getNextGroupGid(string $keygroup = 'LDAP_KEY_GROUPS')

Return available value of group GID

Details

at line 272
__construct()

Constructor

at line 318
int connectBind()

Connect and bind Use this->server, this->serverPort, this->ldapProtocolVersion, this->serverType, this->searchUser, this->searchPassword After return, this->connection and $this->bind are defined

Return Value

int

if KO: <0 || if bind anonymous: 1 || if bind auth: 2

See also

connect_bind renamed

at line 479
bool close() deprecated

deprecated ldap_close is an alias of ldap_unbind, so use unbind() instead.

Simply closes the connection set up earlier. Returns true if OK, false if there was an error.

This method seems a duplicate/alias of unbind().

Return Value

bool

true or false

See also

unbind()

at line 490
bool bind()

Anonymously binds to the connection. After this is done, queries and searches can be done - but read-only.

Return Value

bool

true or false

at line 512
bool bindauth(string $bindDn, string $pass)

Binds as an authenticated user, which usually allows for write access. The FULL dn must be passed. For a directory manager, this is "cn=Directory Manager" under iPlanet. For a user, it will be something like "uid=jbloggs,ou=People,dc=foo,dc=com".

Parameters

string $bindDn DN
string $pass Password

Return Value

bool

true or false

at line 530
bool unbind()

Unbind of LDAP server (close connection).

Return Value

bool

true or false

See also

close()

at line 562
int getVersion()

Verify LDAP server version

Return Value

int version

at line 574
bool setVersion()

Set LDAP protocol version.

LDAP_OPT_PROTOCOL_VERSION is a constant equal to 3

Return Value

bool

if set LDAP option OK: true, if KO: false

at line 584
bool setSizeLimit()

Set LDAP size limit.

Return Value

bool

if set LDAP option OK: true, if KO: false

at line 595
bool setReferrals()

Set LDAP referrals.

LDAP_OPT_REFERRALS is a constant equal to ?

Return Value

bool

if set LDAP option OK: true, if KO: false

at line 610
int<-3, -1>|int<1, 1> add(string $dn, $info, User $user)

Add an LDAP entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key @param array<string,string[]> $info Attributes array
$info
User $user

Object user that create

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 658
int<-3, -1>|int<1, 1> modify(string $dn, $info, User $user)

Modify an LDAP entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key @param array<string,string[]> $info Attributes array
$info
User $user

Object user that modify

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 716
int<-3, -1>|int<1, 1> rename(string $dn, string $newrdn, string $newparent, User $user, bool $deleteoldrdn = true)

Rename an LDAP entry LDAP object connect and bind must have been done

Parameters

string $dn

Old DN entry key (uid=qqq,ou=xxx,dc=aaa,dc=bbb) (before update)
string $newrdn

New RDN entry key (uid=qqq)
string $newparent

New parent (ou=xxx,dc=aaa,dc=bbb)
User $user

Object user that modify
bool $deleteoldrdn

If true the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 760
int<-3, -1>|int<1, 1> update($dn, array<string, string[]> $info, $user, $olddn, $newrdn = '', string $newparent = '')

Modify an LDAP entry (to use if dn != olddn) LDAP object connect and bind must have been done

@param string $dn DN entry key

Parameters

$dn
array<string, string[]> $info

Attributes array @param User $user Object user that update @param string $olddn Old DN entry key (before update) @param string $newrdn New RDN entry key (uid=qqq) (for ldap_rename)
$user
$olddn
$newrdn
string $newparent

New parent (ou=xxx,dc=aaa,dc=bbb) (for ldap_rename)

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 810
int<-3, -1>|int<1, 1> delete(string $dn)

Delete an LDAP entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 842
string dumpContent(string $dn, array<string, string[]> $info)

Build an LDAP message

Parameters

string $dn

DN entry key
array<string, string[]> $info

Attributes array

Return Value

string

Content of file

at line 878
int<-1, -1>|int<1, 1> dump(string $dn, array<string, string[]> $info)

Dump an LDAP message to ldapinput.in file

Parameters

string $dn

DN entry key
array<string, string[]> $info

Attributes array

Return Value

int<-1, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 911
bool serverPing(string $host, int $port = 389, int $timeout = 1)

Ping a server before ldap_connect for avoid waiting

Parameters

string $host

Server host or address
int $port

Server port (default 389)
int $timeout

Timeout in second (default 1s)

Return Value

bool

true or false

at line 958
int<-3, -1>|int<1, 1> addAttribute(string $dn, array<string, string|string[]> $info, User $user)

Add an LDAP attribute in entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key
array<string, string|string[]> $info

Attributes array
User $user

Object user that create

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 1004
int<-3, -1>|int<1, 1> updateAttribute(string $dn, array<string, string|string[]> $info, User $user)

Update an LDAP attribute in entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key
array<string, string|string[]> $info

Attributes array
User $user

Object user that create

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 1050
int<-3, -1>|int<1, 1> deleteAttribute(string $dn, array<string, string|string[]> $info, User $user)

Delete an LDAP attribute in entry LDAP object connect and bind must have been done

Parameters

string $dn

DN entry key
array<string, string|string[]> $info

Attributes array
User $user

Object user that create

Return Value

int<-3, -1>|int<1, 1>

if KO: <0 || if OK: >0

at line 1096
int<-3, 0>|array<"count"|int, int|mixed[]> getAttribute(string $dn, string $filter)

Returns an array containing attributes and values for first record

array{count:int,0..max:string|mixed[],string:array}

Parameters

string $dn

DN entry key
string $filter Filter

Return Value

int<-3, 0>|array<"count"|int, int|mixed[]>

if KO: <=0 || if OK: array

at line 1137
getAttributeValues($filterrecord, string $attribute)

Returns an array containing values for an attribute and for first record matching filterrecord

@param  string          $filterrecord       Record

Parameters

$filterrecord
string $attribute

Attributes @return array<string|int,int|string>|false

at line 1180
array<string, array<string, string>>|int<min, -1> getRecords(string $search, string $userDn, string $useridentifier, string[] $attributeArray, 0|1|"1"|"user"|"group"|"member" $activefilter = 0, string[] $attributeAsArray = array())

Returns an array containing a details or list of LDAP record(s).

ldapsearch -LLLx -hlocalhost -Dcn=admin,dc=parinux,dc=org -w password -b "ou=adherents,ou=people,dc=parinux,dc=org" userPassword

Parameters

string $search

Value of field to search, '*' for all. Not used if $activefilter is set.
string $userDn

DN (Ex: ou=adherents,ou=people,dc=parinux,dc=org)
string $useridentifier

Name of key field (Ex: uid).
string[] $attributeArray

Array of fields required. Note this array must also contain field $useridentifier (Ex: sn,userPassword)
0|1|"1"|"user"|"group"|"member" $activefilter

'1' or 'user'=use field this->filter as filter instead of parameter $search, 'group'=use field this->filtergroup as filter, 'member'=use field this->filtermember as filter
string[] $attributeAsArray

Array of fields wanted as an array not a string

Return Value

array<string, array<string, string>>|int<min, -1>

if KO: <0 || if OK: array of [id_record][ldap_field]=value

at line 1272
string littleEndian(string $hex)

Converts a little-endian hex-number to one, that 'hexdec' can convert Required by Active Directory

Parameters

string $hex

Hex value

Return Value

string

Little endian

at line 1289
int|string getObjectSid(string $ldapUser)

Gets LDAP user SID.

Required by Active Directory

Parameters

string $ldapUser

User login

Return Value

int|string

if SID OK: SID string, if KO: -1

at line 1340
string binSIDtoText(string $binsid)

Returns the textual SID Required by Active Directory

Parameters

string $binsid

Binary SID

Return Value

string

Textual SID

Search method with filter this->connection must be defined. The bind or bindauth methods must already have been called.

Do not use for search of a given properties list because of upper-lower case conflict. Only use for pages. 'Fiche LDAP' shows readable fields by default.

Parameters

$checkDn
$filter

Return Value

array<int|string, int|string|mixed[]>|int<-1, -1>

Array with answers (lowercase key - value)

See also

bind() @see bindauth() @param string $checkDn Search DN (Ex: ou=users,cn=my-domain,cn=com) @param string $filter Search filter (ex: (sn=name_person) )

at line 1400
int fetch($user, string $filter)

Load all attributes of an LDAP user

@param  User|string $user       Not used.

Parameters

$user
string $filter

Filter for search. Must start with &. Examples: &(objectClass=inetOrgPerson) &(objectClass=user)(objectCategory=person) &(isMemberOf=cn=Sales,ou=Groups,dc=opencsi,dc=com)

Return Value

int

if KO: <0 || if OK: > 0

at line 1484
string getUserIdentifier()

Returns the correct user identifier to use, based on the LDAP server type

Return Value

string Login

at line 1499
array<int, string> parseUACF(string $uacf)

UserAccountControl Flags to more human understandable form.

..

Parameters

string $uacf UACF

Return Value

array<int, string>

at line 1546
string parseSAT(string $samtype)

SamAccountType value to text

Parameters

string $samtype SamType

Return Value

string

Sam string

at line 1578
int convertTime(string $value)

Converts ActiveDirectory time to Unix timestamp

Parameters

string $value

AD time to convert (ns since 1601)

Return Value

int

Unix timestamp

at line 1620
convFromOutputCharset($str, string $pagecodeto = 'UTF-8')

Convert a string from output/memory charset

@param string $str String to convert

Parameters

$str
string $pagecodeto

Page code for result string @return string Converted string

at line 1639
int getNextGroupGid(string $keygroup = 'LDAP_KEY_GROUPS')

Return available value of group GID

Parameters

string $keygroup

Key of group

Return Value

int

gid number