mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-28 08:14:03 +02:00
lib/LDAP: Add support for LDAP search scope
Configurable on the LdapQuery, handled by LdapConnection::ldapSearch refs #11485
This commit is contained in:
Markus Frosch
parent
8792cfdf72
commit
202d61dd4e
@ -4,6 +4,7 @@
|
|||||||
namespace Icinga\Protocol\Ldap;
|
namespace Icinga\Protocol\Ldap;
|
||||||
|
|
||||||
use Exception;
|
use Exception;
|
||||||
|
use LogicException;
|
||||||
use ArrayIterator;
|
use ArrayIterator;
|
||||||
use Icinga\Application\Config;
|
use Icinga\Application\Config;
|
||||||
use Icinga\Application\Logger;
|
use Icinga\Application\Logger;
|
||||||
@ -1179,6 +1180,8 @@ class LdapConnection implements Selectable, Inspectable
|
|||||||
* @param int $deref
|
* @param int $deref
|
||||||
*
|
*
|
||||||
* @return resource|bool A search result identifier or false on error
|
* @return resource|bool A search result identifier or false on error
|
||||||
|
*
|
||||||
|
* @throws LogicException If the LDAP query search scope is unsupported
|
||||||
*/
|
*/
|
||||||
public function ldapSearch(
|
public function ldapSearch(
|
||||||
LdapQuery $query,
|
LdapQuery $query,
|
||||||
@ -1190,6 +1193,7 @@ class LdapConnection implements Selectable, Inspectable
|
|||||||
) {
|
) {
|
||||||
$queryString = (string) $query;
|
$queryString = (string) $query;
|
||||||
$baseDn = $query->getBase() ?: $this->getDn();
|
$baseDn = $query->getBase() ?: $this->getDn();
|
||||||
|
$scope = $query->getScope();
|
||||||
|
|
||||||
if (Logger::getInstance()->getLevel() === Logger::DEBUG) {
|
if (Logger::getInstance()->getLevel() === Logger::DEBUG) {
|
||||||
// We're checking the level by ourself to avoid rendering the ldapsearch commandline for nothing
|
// We're checking the level by ourself to avoid rendering the ldapsearch commandline for nothing
|
||||||
@ -1213,11 +1217,12 @@ class LdapConnection implements Selectable, Inspectable
|
|||||||
}
|
}
|
||||||
|
|
||||||
Logger::debug("Issueing LDAP search. Use '%s' to reproduce.", sprintf(
|
Logger::debug("Issueing LDAP search. Use '%s' to reproduce.", sprintf(
|
||||||
'ldapsearch -P 3%s -H "%s"%s -b "%s" -s "sub" -z %u -l %u -a "%s"%s%s%s',
|
'ldapsearch -P 3%s -H "%s"%s -b "%s" -s "%s" -z %u -l %u -a "%s"%s%s%s',
|
||||||
$starttlsParam,
|
$starttlsParam,
|
||||||
$ldapUrl,
|
$ldapUrl,
|
||||||
$bindParams,
|
$bindParams,
|
||||||
$baseDn,
|
$baseDn,
|
||||||
|
$scope,
|
||||||
$sizelimit,
|
$sizelimit,
|
||||||
$timelimit,
|
$timelimit,
|
||||||
$derefName,
|
$derefName,
|
||||||
@ -1227,7 +1232,21 @@ class LdapConnection implements Selectable, Inspectable
|
|||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
return @ldap_search(
|
switch($scope) {
|
||||||
|
case LdapQuery::SCOPE_SUB:
|
||||||
|
$function = 'ldap_search';
|
||||||
|
break;
|
||||||
|
case LdapQuery::SCOPE_ONE:
|
||||||
|
$function = 'ldap_list';
|
||||||
|
break;
|
||||||
|
case LdapQuery::SCOPE_BASE:
|
||||||
|
$function = 'ldap_read';
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
throw new LogicException('LDAP scope %s not supported by ldapSearch', $scope);
|
||||||
|
}
|
||||||
|
|
||||||
|
return @$function(
|
||||||
$this->getConnection(),
|
$this->getConnection(),
|
||||||
$baseDn,
|
$baseDn,
|
||||||
$queryString,
|
$queryString,
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
|
|
||||||
namespace Icinga\Protocol\Ldap;
|
namespace Icinga\Protocol\Ldap;
|
||||||
|
|
||||||
|
use LogicException;
|
||||||
use Icinga\Data\SimpleQuery;
|
use Icinga\Data\SimpleQuery;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -38,6 +39,39 @@ class LdapQuery extends SimpleQuery
|
|||||||
*/
|
*/
|
||||||
protected $nativeFilter;
|
protected $nativeFilter;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Only fetch the entry at the base of the search
|
||||||
|
*/
|
||||||
|
const SCOPE_BASE = 'base';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fetch entries one below the base DN
|
||||||
|
*/
|
||||||
|
const SCOPE_ONE = 'one';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Fetch all entries below the base DN
|
||||||
|
*/
|
||||||
|
const SCOPE_SUB = 'sub';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* All available scopes
|
||||||
|
*
|
||||||
|
* @var array
|
||||||
|
*/
|
||||||
|
public static $scopes = array(
|
||||||
|
LdapQuery::SCOPE_BASE,
|
||||||
|
LdapQuery::SCOPE_ONE,
|
||||||
|
LdapQuery::SCOPE_SUB
|
||||||
|
);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* LDAP search scope (default: SCOPE_SUB)
|
||||||
|
*
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
protected $scope = LdapQuery::SCOPE_SUB;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize this query
|
* Initialize this query
|
||||||
*/
|
*/
|
||||||
@ -223,4 +257,38 @@ class LdapQuery extends SimpleQuery
|
|||||||
{
|
{
|
||||||
return $this->renderFilter();
|
return $this->renderFilter();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get LDAP search scope
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public function getScope()
|
||||||
|
{
|
||||||
|
return $this->scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set LDAP search scope
|
||||||
|
*
|
||||||
|
* Valid: sub one base (Default: sub)
|
||||||
|
*
|
||||||
|
* @param string $scope
|
||||||
|
*
|
||||||
|
* @return LdapQuery
|
||||||
|
*
|
||||||
|
* @throws LogicException If scope value is invalid
|
||||||
|
*/
|
||||||
|
public function setScope($scope)
|
||||||
|
{
|
||||||
|
if (! in_array($scope, static::$scopes)) {
|
||||||
|
throw new LogicException(
|
||||||
|
'Can\'t set scope %d, it is is invalid. Use one of %s or LdapQuery\'s constants.',
|
||||||
|
$scope, implode(', ', static::$scopes)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$this->scope = $scope;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user