869 lines
31 KiB
PHP
869 lines
31 KiB
PHP
<?php
|
|
|
|
namespace App\Service;
|
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface;
|
|
|
|
use App\Entity\User;
|
|
use App\Entity\Niveau01;
|
|
use App\Entity\Niveau02;
|
|
use App\Entity\Group;
|
|
use App\Entity\UserGroup;
|
|
|
|
class LdapService
|
|
{
|
|
private $appMasteridentity;
|
|
private $synchro;
|
|
private $host;
|
|
private $port;
|
|
private $usetls;
|
|
private $userwriter;
|
|
private $user;
|
|
private $password;
|
|
private $basedn;
|
|
private $baseorganisation;
|
|
private $baseniveau01;
|
|
private $baseniveau02;
|
|
private $basegroup;
|
|
private $baseuser;
|
|
private $username;
|
|
private $firstname;
|
|
private $lastname;
|
|
private $email;
|
|
private $avatar;
|
|
private $memberof;
|
|
private $groupgid;
|
|
private $groupname;
|
|
private $groupmember;
|
|
private $groupmemberisdn;
|
|
private $filtergroup;
|
|
private $filteruser;
|
|
private $userattributes;
|
|
|
|
private $connection;
|
|
|
|
public function __construct(ContainerInterface $container)
|
|
{
|
|
|
|
$this->appMasteridentity = $container->getParameter("appMasteridentity");
|
|
$this->synchro = $container->getParameter("appSynchro");
|
|
$this->host = $container->getParameter("ldapHost");
|
|
$this->port = $container->getParameter("ldapPort");
|
|
$this->usetls = $container->getParameter("ldapUsetls");
|
|
$this->userwriter = $container->getParameter("ldapUserwriter");
|
|
$this->user = $container->getParameter("ldapUser");
|
|
$this->password = $container->getParameter("ldapPassword");
|
|
$this->basedn = $container->getParameter("ldapBasedn");
|
|
$this->baseorganisation = $container->getParameter("ldapBaseorganisation");
|
|
$this->baseniveau01 = $container->getParameter("ldapBaseniveau01");
|
|
$this->baseniveau02 = $container->getParameter("ldapBaseniveau02");
|
|
$this->basegroup = $container->getParameter("ldapBasegroup");
|
|
$this->baseuser = $container->getParameter("ldapBaseuser");
|
|
$this->username = $container->getParameter("ldapUsername");
|
|
$this->firstname = $container->getParameter("ldapFirstname");
|
|
$this->lastname = $container->getParameter("ldapLastname");
|
|
$this->email = $container->getParameter("ldapEmail");
|
|
$this->avatar = $container->getParameter("ldapAvatar");
|
|
$this->memberof = $container->getParameter("ldapMemberof");
|
|
$this->groupgid = $container->getParameter("ldapGroupgid");
|
|
$this->groupname = $container->getParameter("ldapGroupname");
|
|
$this->groupmember = $container->getParameter("ldapGroupmember");
|
|
$this->groupmemberisdn = $container->getParameter("ldapGroupmemberisdn");
|
|
$this->filtergroup = $container->getParameter("ldapFiltergroup");
|
|
$this->filteruser = $container->getParameter("ldapFilteruser");
|
|
|
|
$this->userattributes = [$this->username,$this->firstname,$this->lastname,$this->email,$this->avatar,$this->memberof];
|
|
|
|
}
|
|
|
|
public function isNine2Ldap() {
|
|
return ($this->appMasteridentity=="SQL"&&$this->synchro=="NINE2LDAP"&&$this->userwriter&&$this->baseorganisation&&$this->baseniveau01&&$this->baseniveau02&&$this->basegroup&&$this->baseuser&&$this->connect());
|
|
}
|
|
|
|
public function connect() {
|
|
// Si on est déjà co = on rebind pour gérer le cas d'un timeout de connection
|
|
if($this->connection){
|
|
if(!@ldap_bind($this->connection, $this->user, $this->password)){
|
|
$this->disconnect();
|
|
}
|
|
}
|
|
|
|
if($this->connection){
|
|
return $this->connection;
|
|
} else {
|
|
$ldapConn = ldap_connect($this->host, $this->port);
|
|
|
|
if($ldapConn){
|
|
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0);
|
|
if($this->usetls) ldap_start_tls($ldapConn);
|
|
|
|
if(@ldap_bind( $ldapConn, $this->user, $this->password)){
|
|
$this->connection = $ldapConn;
|
|
return $this->connection;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function userconnect($username,$userpassword) {
|
|
$ldapConn = ldap_connect($this->host, $this->port);
|
|
$this->connection = $ldapConn;
|
|
|
|
if($this->connection){
|
|
ldap_set_option($ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
|
|
ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0);
|
|
if($this->usetls) ldap_start_tls($ldapConn);
|
|
|
|
$dn = $this->getUserDN($username);
|
|
if(@ldap_bind( $ldapConn, $dn, $userpassword)){
|
|
$res = $this->search(str_replace("*",$username,$this->filteruser),$this->userattributes, $this->baseuser);
|
|
$this->disconnect();
|
|
return $res;
|
|
}
|
|
}
|
|
$this->disconnect();
|
|
return false;
|
|
}
|
|
|
|
public function getParameter($key) {
|
|
switch($key) {
|
|
case "baseuser" : return $this->baseuser; break;
|
|
case "basegroup" : return $this->basegroup; break;
|
|
case "baseniveau01" : return $this->baseniveau01; break;
|
|
case "baseniveau02" : return $this->baseniveau02; break;
|
|
case "basedn" : return $this->basedn; break;
|
|
case "filteruser" : return $this->filteruser; break;
|
|
}
|
|
}
|
|
|
|
public function search($filter, $attributes = array(), $subBranch = '') {
|
|
$connection = $this->connect();
|
|
$branch = ($subBranch ? $subBranch : $this->basedn);
|
|
$result = ldap_search($connection, $branch, $filter, $attributes,0,0,0);
|
|
if(!$result) {
|
|
$this->ldapError();
|
|
}
|
|
return $this->resultToArray($result);
|
|
}
|
|
|
|
public function searchdn($dn, $subBranch = '') {
|
|
$connection = $this->connect();
|
|
$tbdn=ldap_explode_dn($dn,0);
|
|
$branch = ($subBranch ? $subBranch : $this->basedn);
|
|
$result = ldap_search($connection, $branch, "(".$tbdn[0].")", [],0,0,0);
|
|
if(!$result) {
|
|
$this->ldapError();
|
|
}
|
|
return $this->resultToArray($result);
|
|
}
|
|
|
|
public function deleteByDN($dn){
|
|
$connection = $this->connect();
|
|
$removed = ldap_delete($connection, $dn);
|
|
if(!$removed){
|
|
$this->ldapError();
|
|
}
|
|
}
|
|
|
|
public function rename($oldDN, $newDN, $parentDN = '', $deleteOldDN = true){
|
|
$connection = $this->connect();
|
|
$result = ldap_rename($connection, $oldDN, $newDN, $parentDN, $deleteOldDN);
|
|
if(!$result) $this->ldapError();
|
|
return $result;
|
|
}
|
|
|
|
|
|
private function resultToArray($result){
|
|
|
|
$connection = $this->connect();
|
|
$resultArray = array();
|
|
|
|
if($result){
|
|
$entry = ldap_first_entry($connection, $result);
|
|
while ($entry){
|
|
$row = array();
|
|
$attr = ldap_first_attribute($connection, $entry);
|
|
while ($attr){
|
|
$val = ldap_get_values_len($connection, $entry, $attr);
|
|
if(array_key_exists('count', $val) AND $val['count'] == 1){
|
|
$row[strtolower($attr)] = $val[0];
|
|
} else {
|
|
$row[strtolower($attr)] = $val;
|
|
}
|
|
|
|
if(is_array($row[strtolower($attr)])) {
|
|
unset($row[strtolower($attr)]["count"]);
|
|
}
|
|
|
|
$attr = ldap_next_attribute($connection, $entry);
|
|
}
|
|
$resultArray[] = $row;
|
|
$entry = ldap_next_entry($connection, $entry);
|
|
}
|
|
}
|
|
|
|
return $resultArray;
|
|
}
|
|
|
|
public function in_array_r($item , $array){
|
|
return preg_match('/"'.$item.'"/i' , json_encode($array));
|
|
}
|
|
|
|
public function disconnect(){
|
|
if($this->connection) {
|
|
ldap_unbind($this->connection);
|
|
$this->connection=null;
|
|
}
|
|
}
|
|
|
|
public function ldapError(){
|
|
$connection = $this->connect();
|
|
throw new \Exception(
|
|
'Error: ('. ldap_errno($connection) .') '. ldap_error($connection)
|
|
);
|
|
}
|
|
|
|
public function ldapModify($dn,$attrs) {
|
|
$connection = $this->connect();
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function Organisation==========================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
public function addOrganisations() {
|
|
$ldapentrys=$this->searchdn($this->baseorganisation);
|
|
if(empty($ldapentrys)) {
|
|
$this->addOrganisation($this->baseorganisation);
|
|
}
|
|
|
|
$ldapentrys=$this->searchdn($this->baseniveau01,$this->baseorganisation);
|
|
if(empty($ldapentrys)) {
|
|
$this->addOrganisation($this->baseniveau01);
|
|
}
|
|
|
|
$ldapentrys=$this->searchdn($this->baseniveau02,$this->baseorganisation);
|
|
if(empty($ldapentrys)) {
|
|
$this->addOrganisation($this->baseniveau02);
|
|
}
|
|
|
|
$ldapentrys=$this->searchdn($this->basegroup,$this->baseorganisation);
|
|
if(empty($ldapentrys)) {
|
|
$this->addOrganisation($this->basegroup);
|
|
}
|
|
|
|
$ldapentrys=$this->searchdn($this->baseuser,$this->baseorganisation);
|
|
if(empty($ldapentrys)) {
|
|
$this->addOrganisation($this->baseuser);
|
|
}
|
|
}
|
|
|
|
public function addOrganisation($dn) {
|
|
|
|
$connection = $this->connect();
|
|
$attrs = array();
|
|
$attrs['objectclass'] = ["top","organizationalUnit"];
|
|
$result = ldap_add($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
|
|
return $result;
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function User==================================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
public function addUser(User $user) {
|
|
|
|
$connection = $this->connect();
|
|
$dn = $this->getUserDN($user->getUsername());
|
|
|
|
$attrs = array();
|
|
$attrs['objectclass'] = $this->getObjectClassesUser();
|
|
$this->fillAttributesUser($user, $attrs);
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
|
|
$result = ldap_add($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
|
|
return $result;
|
|
}
|
|
|
|
public function ismodifyUser(User $user,$entry){
|
|
$attrs = [];
|
|
$this->fillAttributesUser($user, $attrs);
|
|
|
|
foreach($attrs as $key => $value) {
|
|
if(!array_key_exists($key,$entry)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$entry)&&$value!=$entry[$key]) return true;
|
|
}
|
|
|
|
foreach($entry as $key => $value) {
|
|
if(!array_key_exists($key,$attrs)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$attrs)&&$value!=$attrs[$key]) return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public function modifyUser(User $user){
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
$attrs = array();
|
|
$this->fillAttributesUser($user, $attrs);
|
|
|
|
// Rechercher le DN du user
|
|
$dn = $this->getUserDN($user->getUsername());
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
// Bien mettre un @ car si l'attribut est déjà vide cela crache une erreur car l'attribut n'existe déjà plus
|
|
@ldap_mod_del($connection, $dn, array($key => array()));
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
|
|
public function modifyUserpwd(User $user){
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
$attrs = array();
|
|
|
|
// Attributs associés au password
|
|
$attrs['userpassword'] = $user->getPassword();
|
|
|
|
// Rechercher le DN du user
|
|
$dn = $this->getUserDN($user->getUsername());
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
// Bien mettre un @ car si l'attribut est déjà vide cela crache une erreur car l'attribut n'existe déjà plus
|
|
@ldap_mod_del($connection, $dn, array($key => array()));
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
public function updateNiveauUser(User $user,$todel=false) {
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
$result=null;
|
|
|
|
// NIVEAU01
|
|
// On recherche le Niveau01 actuellement asscocié à l'utilisateur
|
|
$criteria = '(&(cn=*)(memberUid='.$user->getUsername().'))';
|
|
$subbranch=$this->baseniveau01;
|
|
$results = $this->search($criteria, array('cn'), $subbranch);
|
|
foreach($results as $result) {
|
|
// Si Niveau01 différent de celui en cours on le détache de ce Niveau01
|
|
if($result["cn"]!=$user->getNiveau01()->getLabel()||$todel) {
|
|
$dn = $this->getNiveau01DN($result["cn"]);
|
|
$entry['memberuid'] = $user->getUsername();
|
|
$result = ldap_mod_del($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
}
|
|
|
|
// On recherche le Niveau01 en cours
|
|
if(!$todel) {
|
|
$criteria = '(cn='.$user->getNiveau01()->getLabel().')';
|
|
$subbranch=$this->baseniveau01;
|
|
$result = $this->search($criteria, array('memberuid'), $subbranch);
|
|
|
|
// S'il n'est pas membre du Niveau01 on le rattache
|
|
if(!$this->in_array_r($user->getUsername(),$result[0])) {
|
|
$dn = $this->getNiveau01DN($user->getNiveau01()->getLabel());
|
|
$entry['memberuid'] = $user->getUsername();
|
|
$result = ldap_mod_add($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
}
|
|
|
|
// NIVEAU02
|
|
// On recherche le Niveau02 actuellement asscocié à l'utilisateur
|
|
$criteria = '(&(cn=*)(memberUid='.$user->getUsername().'))';
|
|
$subbranch=$this->baseniveau02;
|
|
$results = $this->search($criteria, array('cn'), $subbranch);
|
|
foreach($results as $result) {
|
|
// Si Niveau02 différent de celui en cours on le détache de ce Niveau02
|
|
if($user->getNiveau02()===null||$result["cn"]!=$user->getNiveau02()->getLabel()||$todel) {
|
|
$dn = $this->getNiveau02DN($result["cn"]);
|
|
$entry['memberuid'] = $user->getUsername();
|
|
$result = ldap_mod_del($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
}
|
|
|
|
// On recherche le Niveau02 en cours
|
|
if(!$todel) {
|
|
if($user->getNiveau02()!==null) {
|
|
$criteria = '(cn='.$user->getNiveau02()->getLabel().')';
|
|
$subbranch=$this->baseniveau02;
|
|
$result = $this->search($criteria, array('memberuid'), $subbranch);
|
|
|
|
// S'il n'est pas membre du Niveau02 on le rattache
|
|
if(empty($result)||!$this->in_array_r($user->getUsername(),$result[0])) {
|
|
$dn = $this->getNiveau02DN($user->getNiveau02()->getLabel());
|
|
$entry['memberuid'] = $user->getUsername();
|
|
$result = ldap_mod_add($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
}
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
public function deleteUser(User $user){
|
|
$dn = $this->getUserDN($user->getUsername());
|
|
return $this->deleteByDN($dn);
|
|
}
|
|
|
|
public function getObjectClassesUser() {
|
|
$oc = array(
|
|
'top',
|
|
'person',
|
|
'organizationalPerson',
|
|
'inetOrgPerson',
|
|
);
|
|
return $oc;
|
|
}
|
|
|
|
public function listAttributesUser() {
|
|
return [
|
|
"uid",
|
|
"cn",
|
|
"givenname",
|
|
"sn",
|
|
"mail",
|
|
"displayname",
|
|
"telephonenumber",
|
|
"postaladdress",
|
|
"userpassword",
|
|
];
|
|
}
|
|
|
|
public function fillAttributesUser(User $user, array &$attrs) {
|
|
$attrs['uid'] = $user->getUsername();
|
|
$attrs['cn'] = $user->getFirstname() . ' ' . $user->getLastname();
|
|
$attrs['givenname'] = $user->getFirstname();
|
|
$attrs['sn'] = $user->getLastname();
|
|
$attrs['mail'] = $user->getEmail();
|
|
$attrs['displayname'] = $user->getFirstname() . ' ' . $user->getLastname();
|
|
$attrs['telephonenumber'] = $user->getTelephonenumber();
|
|
$attrs['postaladdress'] = $user->getPostaladress();
|
|
$attrs['userpassword'] = $user->getPassword();
|
|
}
|
|
|
|
public function getUserDN($username) {
|
|
return $this->username.'='.$username.','.$this->baseuser;
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function Niveau01==============================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
public function findNiveau01($ldapfilter) {
|
|
$ldapentrys=$this->search($ldapfilter,[$this->groupgid,$this->groupname,$this->groupmember],$this->baseniveau01);
|
|
return $ldapentrys;
|
|
}
|
|
|
|
public function findNiveau01ismember($ldapfilter,$username) {
|
|
$ldapentrys=$this->findNiveau01($ldapfilter);
|
|
foreach($ldapentrys as $ldapentry) {
|
|
if(is_array($ldapentry[$this->groupmember])) {
|
|
if(in_array($username,$ldapentry[$this->groupmember])) return true;
|
|
}
|
|
elseif($username==$ldapentry[$this->groupmember]) return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public function addNiveau01(Niveau01 $niveau01) {
|
|
|
|
$connection = $this->connect();
|
|
$dn = $this->getNiveau01DN($niveau01->getLabel());
|
|
|
|
$attrs = array();
|
|
$attrs['objectclass'] = $this->getObjectClassesNiveau01();
|
|
$this->fillAttributesNiveau01($niveau01, $attrs);
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
$result = ldap_add($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
|
|
return $result;
|
|
}
|
|
|
|
|
|
public function ismodifyNiveau01(Niveau01 $niveau01,$entry){
|
|
$attrs = [];
|
|
$this->fillAttributesNiveau01($niveau01, $attrs);
|
|
|
|
foreach($attrs as $key => $value) {
|
|
if(!array_key_exists($key,$entry)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$entry)&&$value!=$entry[$key]) return true;
|
|
}
|
|
|
|
foreach($entry as $key => $value) {
|
|
if(!array_key_exists($key,$attrs)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$attrs)&&$value!=$attrs[$key]) return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public function modifyNiveau01(Niveau01 $niveau01,$oldid){
|
|
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
$attrs = array();
|
|
$this->fillAttributesNiveau01($niveau01, $attrs);
|
|
unset($attrs["cn"]);
|
|
|
|
$dn = $this->getNiveau01DN($niveau01->getLabel());
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
// Bien mettre un @ car si l'attribut est déjà vide cela crache une erreur car l'attribut n'existe déjà plus
|
|
@ldap_mod_del($connection, $dn, array($key => array()));
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
if(isset($oldid)&&$oldid!=$niveau01->getLabel()) {
|
|
$olddn = $this->getNiveau01DN($oldid);
|
|
$this->rename($olddn,"cn=".$niveau01->getLabel(),$this->baseniveau01);
|
|
}
|
|
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
public function deleteNiveau01(Niveau01 $niveau01){
|
|
$dn = $this->getNiveau01DN($niveau01->getLabel());
|
|
return $this->deleteByDN($dn);
|
|
}
|
|
|
|
private function getObjectClassesNiveau01() {
|
|
$oc = array(
|
|
'top',
|
|
'posixGroup',
|
|
);
|
|
|
|
return $oc;
|
|
}
|
|
|
|
public function listAttributesNiveau01() {
|
|
return [
|
|
"cn",
|
|
"gidnumber",
|
|
"memberuid",
|
|
];
|
|
}
|
|
|
|
public function fillAttributesNiveau01(Niveau01 $niveau01, array &$attrs) {
|
|
$attrs['cn'] = $niveau01->getLabel();
|
|
$attrs['gidnumber'] = $niveau01->getId();
|
|
|
|
$attrs['memberuid'] = [];
|
|
foreach($niveau01->getUsers() as $user) {
|
|
array_push($attrs['memberuid'],$user->getUsername());
|
|
}
|
|
|
|
sort($attrs['memberuid']);
|
|
if(count($attrs['memberuid'])==1) $attrs['memberuid'] = $attrs['memberuid'][0];
|
|
}
|
|
|
|
public function getNiveau01DN($id) {
|
|
return 'cn='.$id.','.$this->baseniveau01;
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function Niveau02==============================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
public function addNiveau02(Niveau02 $niveau02) {
|
|
|
|
$connection = $this->connect();
|
|
$dn = $this->getNiveau02DN($niveau02->getLabel());
|
|
|
|
$attrs = array();
|
|
$attrs['objectclass'] = $this->getObjectClassesNiveau02();
|
|
$this->fillAttributesNiveau02($niveau02, $attrs);
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
$result = ldap_add($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
|
|
return $result;
|
|
}
|
|
|
|
public function ismodifyNiveau02(Niveau02 $niveau02,$entry){
|
|
$attrs = [];
|
|
$this->fillAttributesNiveau02($niveau02, $attrs);
|
|
|
|
foreach($attrs as $key => $value) {
|
|
if(!array_key_exists($key,$entry)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$entry)&&$value!=$entry[$key]) return true;
|
|
}
|
|
|
|
foreach($entry as $key => $value) {
|
|
if(!array_key_exists($key,$attrs)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$attrs)&&$value!=$attrs[$key]) return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public function modifyNiveau02(Niveau02 $niveau02,$oldid){
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
$attrs = array();
|
|
$this->fillAttributesNiveau02($niveau02, $attrs);
|
|
unset($attrs["cn"]);
|
|
|
|
$dn = $this->getNiveau02DN($niveau02->getLabel());
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
// Bien mettre un @ car si l'attribut est déjà vide cela crache une erreur car l'attribut n'existe déjà plus
|
|
@ldap_mod_del($connection, $dn, array($key => array()));
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
if(isset($oldid)&&$oldid!=$niveau02->getLabel()) {
|
|
$olddn = $this->getNiveau02DN($oldid);
|
|
$this->rename($olddn,"cn=".$niveau02->getLabel(),$this->baseniveau02);
|
|
}
|
|
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
|
|
|
|
public function deleteNiveau02(Niveau02 $niveau02){
|
|
$dn = $this->getNiveau02DN($niveau02->getLabel());
|
|
return $this->deleteByDN($dn);
|
|
}
|
|
|
|
private function getObjectClassesNiveau02() {
|
|
$oc = array(
|
|
'top',
|
|
'posixGroup',
|
|
);
|
|
|
|
return $oc;
|
|
}
|
|
|
|
public function listAttributesNiveau02() {
|
|
return [
|
|
"cn",
|
|
"gidnumber",
|
|
"memberuid"
|
|
];
|
|
}
|
|
|
|
public function fillAttributesNiveau02(Niveau02 $niveau02, array &$attrs) {
|
|
$attrs['cn'] = $niveau02->getLabel();
|
|
$attrs['gidnumber'] = $niveau02->getId();
|
|
|
|
$attrs['memberuid'] = [];
|
|
foreach($niveau02->getUsers() as $user) {
|
|
array_push($attrs['memberuid'],$user->getUsername());
|
|
}
|
|
|
|
sort($attrs['memberuid']);
|
|
if(count($attrs['memberuid'])==1) $attrs['memberuid'] = $attrs['memberuid'][0];
|
|
|
|
}
|
|
|
|
public function getNiveau02DN($id) {
|
|
return 'cn='.$id.','.$this->baseniveau02;
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function Group=================================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
public function addGroup(Group $group) {
|
|
|
|
$connection = $this->connect();
|
|
$dn = $this->getGroupDN($group->getLabel());
|
|
|
|
$attrs = array();
|
|
$attrs['objectclass'] = $this->getObjectClassesGroup();
|
|
$this->fillAttributesGroup($group, $attrs);
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
$result = ldap_add($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
|
|
return $result;
|
|
}
|
|
|
|
public function ismodifyGroup(Group $group,$entry){
|
|
$attrs = [];
|
|
$this->fillAttributesGroup($group, $attrs);
|
|
|
|
foreach($attrs as $key => $value) {
|
|
if(!array_key_exists($key,$entry)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$entry)&&$value!=$entry[$key]) return true;
|
|
}
|
|
|
|
foreach($entry as $key => $value) {
|
|
if(!array_key_exists($key,$attrs)&&!empty($value)) return true;
|
|
elseif(array_key_exists($key,$attrs)&&$value!=$attrs[$key]) return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public function modifyGroup(Group $group,$oldid){
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
$attrs = array();
|
|
$this->fillAttributesGroup($group, $attrs);
|
|
unset($attrs["cn"]);
|
|
|
|
$dn = $this->getGroupDN($group->getLabel());
|
|
|
|
foreach($attrs as $key => $value){
|
|
if(empty($value)){
|
|
// Bien mettre un @ car si l'attribut est déjà vide cela crache une erreur car l'attribut n'existe déjà plus
|
|
@ldap_mod_del($connection, $dn, array($key => array()));
|
|
unset($attrs[$key]);
|
|
}
|
|
}
|
|
|
|
if(isset($oldid)&&$oldid!=$group->getLabel()) {
|
|
$olddn = $this->getGroupDN($oldid);
|
|
$this->rename($olddn,"cn=".$group->getLabel(),$this->basegroup);
|
|
}
|
|
|
|
$result = ldap_modify($connection, $dn, $attrs);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
public function deleteGroup(Group $group){
|
|
$dn = $this->getGroupDN($group->getLabel());
|
|
return $this->deleteByDN($dn);
|
|
}
|
|
|
|
private function getObjectClassesGroup() {
|
|
$oc = array(
|
|
'top',
|
|
'posixGroup',
|
|
);
|
|
return $oc;
|
|
}
|
|
|
|
public function listAttributesGroup() {
|
|
return [
|
|
"cn",
|
|
"gidnumber",
|
|
"memberuid"
|
|
];
|
|
}
|
|
|
|
public function fillAttributesGroup(Group $group, array &$attrs) {
|
|
$attrs['cn'] = $group->getLabel();
|
|
$attrs['gidnumber'] = $group->getId();
|
|
|
|
|
|
$attrs['memberuid'] = [];
|
|
foreach($group->getUsers() as $usergroup) {
|
|
array_push($attrs['memberuid'],$usergroup->getUser()->getUsername());
|
|
}
|
|
|
|
sort($attrs['memberuid']);
|
|
if(count($attrs['memberuid'])==1) $attrs['memberuid'] = $attrs['memberuid'][0];
|
|
}
|
|
|
|
public function getGroupDN($id) {
|
|
return 'cn='.$id.','.$this->basegroup;
|
|
}
|
|
|
|
//==================================================================================================================================================================
|
|
//== Function UserGroup=============================================================================================================================================
|
|
//==================================================================================================================================================================
|
|
|
|
function addUserGroup(UserGroup $usergroup) {
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
// On recherche le group en cours
|
|
$criteria = '(cn='.$usergroup->getGroup()->getLabel().')';
|
|
$subbranch=$this->basegroup;
|
|
$result = $this->search($criteria, array('memberuid'), $subbranch);
|
|
|
|
if(!$this->in_array_r($usergroup->getUser()->getUsername(),$result[0])) {
|
|
$dn = $this->getGroupDN($usergroup->getGroup()->getLabel());
|
|
$entry['memberuid'] = $usergroup->getUser()->getUsername();
|
|
$result = ldap_mod_add($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
function delUserGroup(UserGroup $usergroup) {
|
|
$dn = $this->basedn;
|
|
$connection = $this->connect();
|
|
|
|
// On recherche le group en cours
|
|
$criteria = '(cn='.$usergroup->getGroup()->getLabel().')';
|
|
$subbranch=$this->basegroup;
|
|
$result = $this->search($criteria, array('memberuid'), $subbranch);
|
|
|
|
if($this->in_array_r($usergroup->getUser()->getUsername(),$result[0])) {
|
|
$dn = $this->getGroupDN($usergroup->getGroup()->getLabel());
|
|
$entry['memberuid'] = $usergroup->getUser()->getUsername();
|
|
$result = ldap_mod_del($connection, $dn, $entry);
|
|
if(!$result) $this->ldapError();
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
}
|