2015-06-03 15:28:07 +02:00
|
|
|
<?php
|
2016-02-08 15:41:00 +01:00
|
|
|
/* Icinga Web 2 | (c) 2015 Icinga Development Team | GPLv2+ */
|
2015-06-03 15:28:07 +02:00
|
|
|
|
|
|
|
namespace Icinga\Repository;
|
|
|
|
|
2015-06-24 09:05:29 +02:00
|
|
|
use Icinga\Protocol\Ldap\LdapConnection;
|
2015-06-03 15:28:07 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Abstract base class for concrete LDAP repository implementations
|
|
|
|
*
|
|
|
|
* Additionally provided features:
|
|
|
|
* <ul>
|
|
|
|
* <li>Attribute name normalization</li>
|
|
|
|
* </ul>
|
|
|
|
*/
|
|
|
|
abstract class LdapRepository extends Repository
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* The datasource being used
|
|
|
|
*
|
2015-06-24 09:05:29 +02:00
|
|
|
* @var LdapConnection
|
2015-06-03 15:28:07 +02:00
|
|
|
*/
|
|
|
|
protected $ds;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Normed attribute names based on known LDAP environments
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $normedAttributes = array(
|
2015-09-28 10:55:41 +02:00
|
|
|
'uid' => 'uid',
|
|
|
|
'gid' => 'gid',
|
|
|
|
'user' => 'user',
|
|
|
|
'group' => 'group',
|
|
|
|
'member' => 'member',
|
|
|
|
'memberuid' => 'memberUid',
|
|
|
|
'posixgroup' => 'posixGroup',
|
|
|
|
'uniquemember' => 'uniqueMember',
|
|
|
|
'groupofnames' => 'groupOfNames',
|
|
|
|
'inetorgperson' => 'inetOrgPerson',
|
|
|
|
'samaccountname' => 'sAMAccountName',
|
|
|
|
'groupofuniquenames' => 'groupOfUniqueNames'
|
2015-06-03 15:28:07 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new LDAP repository object
|
|
|
|
*
|
2015-06-24 09:05:29 +02:00
|
|
|
* @param LdapConnection $ds The data source to use
|
2015-06-03 15:28:07 +02:00
|
|
|
*/
|
2015-06-24 09:05:29 +02:00
|
|
|
public function __construct(LdapConnection $ds)
|
2015-06-03 15:28:07 +02:00
|
|
|
{
|
|
|
|
parent::__construct($ds);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the given attribute name normed to known LDAP enviroments, if possible
|
|
|
|
*
|
|
|
|
* @param string $name
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function getNormedAttribute($name)
|
|
|
|
{
|
|
|
|
$loweredName = strtolower($name);
|
|
|
|
if (array_key_exists($loweredName, $this->normedAttributes)) {
|
|
|
|
return $this->normedAttributes[$loweredName];
|
|
|
|
}
|
|
|
|
|
|
|
|
return $name;
|
|
|
|
}
|
2015-09-28 10:56:15 +02:00
|
|
|
|
|
|
|
/**
|
2015-11-09 11:40:30 +01:00
|
|
|
* Return whether the given object DN is related to the given base DN
|
|
|
|
*
|
|
|
|
* Will use the current connection's root DN if $baseDn is not given.
|
2015-09-28 10:56:15 +02:00
|
|
|
*
|
2017-08-18 13:14:34 +02:00
|
|
|
* @deprecated This was only used by LdapUserGroupBackend::isMemberAttributeAmbiguous
|
|
|
|
* It will be removed with 2.6.0!
|
|
|
|
*
|
2015-11-09 11:40:30 +01:00
|
|
|
* @param string $dn The object DN to check
|
|
|
|
* @param string $baseDn The base DN to compare the object DN with
|
2015-09-28 10:56:15 +02:00
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2015-11-09 11:40:30 +01:00
|
|
|
protected function isRelatedDn($dn, $baseDn = null)
|
2015-09-28 10:56:15 +02:00
|
|
|
{
|
2015-11-09 11:40:30 +01:00
|
|
|
$normalizedDn = strtolower(join(',', array_map('trim', explode(',', $dn))));
|
|
|
|
$normalizedBaseDn = strtolower(join(',', array_map('trim', explode(',', $baseDn ?: $this->ds->getDn()))));
|
|
|
|
return strpos($normalizedDn, $normalizedBaseDn) !== false;
|
2015-09-28 10:56:15 +02:00
|
|
|
}
|
|
|
|
}
|