Skip to content
Snippets Groups Projects
Select Git revision
  • 9f0ee42a3f9c807ecc17e42720f13559a422d4c0
  • master default protected
  • update-docs
3 results

30_Methods.md

Blame
    • 30_Methods.md 11.16 KiB

    ldap.class.php

    class imlldap

    IML LDAP CONNECTOR

    2022-02-22 ah added objGet(), sanitizeFilter() 2022-08-18 ah mask password (showing 4 chars only) 2022-08-22 ah mhash is deprecated 2022-08-26 ah fix verifyPassword 2024-07-11 ah php8 only: use variable types

    private array $_aLdap = [ 'server' => false, 'port' => false, 'DnLdapUser' => false, // ldap rdn oder dn 'PwLdapUser' => false, 'DnUserNode' => false, // ou=People... 'DnAppNode' => false, // cn=AppGroup... 'protoVersion' => 3, 'debugLevel' => 0, ]

    private object|bool $_ldapConn = false

    private object|bool $_ldapBind = false

    ldap bind object - bind was done?

    var bool $bDebug = false

    Flag if debug mode is on

    public function __construct(array $aConfig = [])

    constructor Parameters:

    Var Type Desciption
    $aConfig array optional set ldap connection

    public function debugOn(): void

    turn debug messages on; if this detail level is not enough, set a value with key debugLevel in ldap config array

    public function debugOff(): void

    turn debug messages off

    private function _w(string $sText): bool

    write debug message if denugOn() was fired.

    Parameters:

    Var Type Desciption
    $sText string message text

    Return:

    boolean

    private function _wLdaperror(string $sText = ''): bool

    write last ldap error as debug

    Parameters:

    Var Type Desciption
    $sText string message text

    Return:

    boolean

    public function setConfig(array $aConfig = []): void

    set a ldap config

            'server'       => 'ldaps://ldap.example.com',
        'port'         => 636,
        'DnLdapUser' => 'cn=Lookup,ou=ServiceAccounts,dc=org,dc=example.com',     // ldap rdn oder dn
        'PwLdapUser' => 'IkHEFFzlZ...99j0h8WdI0LrLhxU',  // password
        'DnUserNode'   => 'ou=People,ou=ORG,dc=org,dc=example.com',
        'DnAppNode'    => '' optional dn ... if a user must be member of a given group
        'protoVersion' => 3
        'debugLevel'   => 0 // for debugging set higher 0 AND call debugOn()

    Parameters:

    Var Type Desciption
    $aConfig array new config items

    public function close(): void

    close an existing ldap connection

    public function connect(): void

    connect to ldap

    public function bind(string $sUser = '', string $sPw = ''): bool

    ldap bind connects with a ldap user. If the ldap connection was not opened yet the connection will be established. If a binding exists it will be unbind

    Parameters:

    Var Type Desciption
    $sUser string optional: username (overrides _aLdap['DnLdapUser'])
    $sPw string optional: password (overrides _aLdap['PwLdapUser'])

    public function unbind(): void

    ldap unbind ... if a bind exists

    public function DnExists(string $sDn): bool

    check if a DN already exists; return is true/ false Parameters:

    Var Type Desciption
    $sDn string DN to check

    Return:

    boolean

    public function normalizeSearchentry(array $aRecord): bool|array

    get simpler array from ldap_get_entries after ldap_search If the given array doesn't contain the key "dn" it returns "false"

    Parameters:

    Var Type Desciption
    $aRecord array single result item

    Return:

    array

    static public function sanitizeFilter(string $s): string

    sanitize value to put into a search filter WARNING: the implementation is incomplete! I replaces the first N ascii chars only

    source: https://www.rfc-editor.org/rfc/rfc4515.txt

    $sCn = 'John Smith (john)'; sSearchFilter = '(cn='.oLdap->sanitizeFilter($sCn).')'; Parameters:

    Var Type Desciption
    $s string value to sanitize

    Return:

    string

    public function searchDn(string $sDn, string $sSearchFilter = '(objectclass=*)', array $aAttributesToGet = ["*"], bool $bRecursive = true): bool|array

    search in ldap directory and get result as array. It returns "false" on error: - no ldap connection - search failed

    Parameters:

    Var Type Desciption
    $sDn string DN to search for
    $sSearchFilter string filter in ldap filter syntax
    $aAttributesToGet array flat array of attributes to fetch
    $bRecursive boolean recusrive (uses ldap_search) or not (ldap_list)

    Return:

    boolean|array

    public function searchUser(string $sSearchFilter = '', array $aAttributesToGet = ["*"], bool $bRecursive = true): bool|array

    search for entries in in ldap user node and get result as array

    Parameters:

    Var Type Desciption
    $sSearchFilter string filter in ldap filter syntax
    $aAttributesToGet array flat array of attributes to fetch
    $bRecursive bool flag: recursive search? default: true (=yes, recursive)

    Return:

    boolean|array

    public function getUserInfo(string $sUser, array $aAttributesToGet = ["*"]): bool|array

    search user by a given username or email address. It returns false if the user does not exist or is not member of the group 'DnAppNode' (if it was set).

    Parameters:

    Var Type Desciption
    $sUser string user id (uid) or email (mail) to search
    $aAttributesToGet array i.e. ["ou", "sn", "vorname", "mail", "uid", "memberOf"]

    Return:

    boolean|array

    public function getUserDn(string $sUser): bool|string

    search for a DN entry with the lookup user by a given username or email address. It returns false if the user does not exist or is not member of the group 'DnAppNode' (if it was set).

    Parameters:

    Var Type Desciption
    $sUser string %s

    Return:

    string

    public function setPassword(string $sUser, string $sPW): bool

    set a password for a given user; this requires a ldap bind with master/ admin account

    Parameters:

    Var Type Desciption
    $sUser string username or email
    $sPW string password

    Return:

    boolean

    private function _getNTLMHash(string $Input): string

    get NTLM hash from a string taken from https://secure.php.net/manual/en/ref.hash.php

    Parameters:

    Var Type Desciption
    $Input string %s

    Return:

    string

    public function setPasswordSamba(string $sUser, string $sPW): bool

    set a password for a given user for Samba this requires a ldap bind with master/ admin account see https://msdn.microsoft.com/en-us/library/cc223248.aspx see http://php.net/ldap-modify-batch - last examle see https://secure.php.net/manual/en/ref.hash.php

    Parameters:

    Var Type Desciption
    $sUser string username or email
    $sPW string password

    Return:

    boolean

    public function objAdd(string $sDn, array $aItem): bool

    update an ldap object this requires a ldap bind with master/ admin account It returns true if the action was successful

    Parameters:

    Var Type Desciption
    $sDn string dn to update
    $aItem array array of new ldap properties

    Return:

    boolean

    public function objAddAttr(string $sDn, array $aItem): bool

    update an ldap attribute this requires a ldap bind with master/ admin account

    Parameters: