tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

LdapConnection: Add method ldapSearch() 

This will now emit a debug message for each issued search operation.

refs #10567
This commit is contained in:
Johannes Meyer 2015-11-11 10:01:00 +01:00
parent 60a951a97d
commit c85bce7211
1 changed files with 82 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
library/Icinga/Protocol/Ldap/LdapConnection.php
View File

@ -377,14 +377,7 @@ class LdapConnection implements Selectable, Inspectable
} }
$ds = $this->getConnection(); $ds = $this->getConnection();
$results = @ldap_search( $results = $this->ldapSearch($query, array('dn'));
$ds,
$query->getBase() ?: $this->getDn(),
(string) $query,
array('dn'),
0,
0
);
if ($results === false) { if ($results === false) {
if (ldap_errno($ds) !== self::LDAP_NO_SUCH_OBJECT) { if (ldap_errno($ds) !== self::LDAP_NO_SUCH_OBJECT) {
@ -701,12 +694,10 @@ class LdapConnection implements Selectable, Inspectable
} }
} }
$results = @ldap_search( $results = $this->ldapSearch(
$ds, $query,
$query->getBase() ?: $this->rootDn,
(string) $query,
array_values($fields), array_values($fields),
0, // Attributes and values 0,
$serverSorting && $limit ? $offset + $limit : 0 $serverSorting && $limit ? $offset + $limit : 0
); );
if ($results === false) { if ($results === false) {
@ -799,8 +790,6 @@ class LdapConnection implements Selectable, Inspectable
$limit = $query->getLimit(); $limit = $query->getLimit();
$offset = $query->hasOffset() ? $query->getOffset() : 0; $offset = $query->hasOffset() ? $query->getOffset() : 0;
$queryString = (string) $query;
$base = $query->getBase() ?: $this->rootDn;
if ($fields === null) { if ($fields === null) {
$fields = $query->getColumns(); $fields = $query->getColumns();
@ -835,12 +824,10 @@ class LdapConnection implements Selectable, Inspectable
)); ));
} }
$results = @ldap_search( $results = $this->ldapSearch(
$ds, $query,
$base,
$queryString,
array_values($fields), array_values($fields),
0, // Attributes and values 0,
$serverSorting && $limit ? $offset + $limit : 0 $serverSorting && $limit ? $offset + $limit : 0
); );
if ($results === false) { if ($results === false) {
@ -850,8 +837,8 @@ class LdapConnection implements Selectable, Inspectable
throw new LdapException( throw new LdapException(
'LDAP query "%s" (base %s) failed. Error: %s', 'LDAP query "%s" (base %s) failed. Error: %s',
$queryString, (string) $query,
$base, $query->getBase() ?: $this->getDn(),
ldap_error($ds) ldap_error($ds)
); );
} elseif (ldap_count_entries($ds, $results) === 0) { } elseif (ldap_count_entries($ds, $results) === 0) {
@ -932,7 +919,8 @@ class LdapConnection implements Selectable, Inspectable
// pagedResultsControl with the size set to zero (0) and the cookie set to the last cookie returned by // pagedResultsControl with the size set to zero (0) and the cookie set to the last cookie returned by
// the server: https://www.ietf.org/rfc/rfc2696.txt // the server: https://www.ietf.org/rfc/rfc2696.txt
ldap_control_paged_result($ds, 0, false, $cookie); ldap_control_paged_result($ds, 0, false, $cookie);
ldap_search($ds, $base, $queryString); // Returns no entries, due to the page size // Returns no entries, due to the page size
ldap_search($ds, $query->getBase() ?: $this->getDn(), (string) $query);
} }
if (! $serverSorting && $query->hasOrder()) { if (! $serverSorting && $query->hasOrder()) {
@ -1119,6 +1107,77 @@ class LdapConnection implements Selectable, Inspectable
return $ds; return $ds;
} }
/**
* Perform a LDAP search and return the result
*
* @param LdapQuery $query
* @param array $attributes An array of the required attributes
* @param int $attrsonly Should be set to 1 if only attribute types are wanted
* @param int $sizelimit Enables you to limit the count of entries fetched
* @param int $timelimit Sets the number of seconds how long is spend on the search
* @param int $deref
*
* @return resource|bool A search result identifier or false on error
*/
public function ldapSearch(
LdapQuery $query,
array $attributes = null,
$attrsonly = 0,
$sizelimit = 0,
$timelimit = 0,
$deref = LDAP_DEREF_NEVER
) {
$queryString = (string) $query;
$baseDn = $query->getBase() ?: $this->getDn();
if (Logger::getInstance()->getLevel() === Logger::DEBUG) {
// We're checking the level by ourself to avoid rendering the ldapsearch commandline for nothing
$starttlsParam = $this->encryption === static::STARTTLS ? ' -ZZ' : '';
$ldapUrl = ($this->encryption === static::LDAPS ? 'ldaps://' : 'ldap://')
. $this->hostname
. ($this->port ? ':' . $this->port : '');
if ($this->bound) {
$bindParams = ' -D "' . $this->bindDn . '"' . ($this->bindPw ? ' -w "' . $this->bindPw . '"' : '');
}
if ($deref === LDAP_DEREF_NEVER) {
$derefName = 'never';
} elseif ($deref === LDAP_DEREF_ALWAYS) {
$derefName = 'always';
} elseif ($deref === LDAP_DEREF_SEARCHING) {
$derefName = 'search';
} else { // $deref === LDAP_DEREF_FINDING
$derefName = 'find';
}
Logger::debug("Issueing LDAP search. Use '%s' to reproduce.", sprintf(
'ldapsearch -P 3%s -H "%s"%s -b "%s" -s "sub" -z %u -l %u -a "%s"%s%s%s',
$starttlsParam,
$ldapUrl,
$bindParams,
$baseDn,
$sizelimit,
$timelimit,
$derefName,
$attrsonly ? ' -A' : '',
$queryString ? ' "' . $queryString . '"' : '',
$attributes ? ' "' . join('" "', $attributes) . '"' : ''
));
}
return @ldap_search(
$this->getConnection(),
$baseDn,
$queryString,
$attributes,
$attrsonly,
$sizelimit,
$timelimit,
$deref
);
}
/** /**
* Create an LDAP entry * Create an LDAP entry
* *