Skip to content

Commit

Permalink
make $ldap a public variable of Ldap class and not an argument of eac…
Browse files Browse the repository at this point in the history 
…h ldap method (#4)
  • Loading branch information
David Coutadeur committed Apr 8, 2024
1 parent 1c8ca2b commit e3b333f
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 52 deletions.
85 changes: 44 additions & 41 deletions src/Ltb/Ldap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@

class Ldap {

// php ldap instance
public $ldap = null;

// ldap connection parameters
public $ldap_url = null;
public $ldap_starttls = null;
public $ldap_binddn = null;
Expand Down Expand Up @@ -69,6 +73,7 @@ function connect() {
return array(false, "ldaperror");
}

$this->ldap = $ldap;
return array($ldap, false);
}

Expand Down Expand Up @@ -130,21 +135,21 @@ function search($ldap_filter,$attributes, $attributes_map, $search_result_title,

}

function get_list($ldap, $ldap_base, $ldap_filter, $key, $value) {
function get_list($ldap_base, $ldap_filter, $key, $value) {

$return = array();

if ($ldap) {
if ($this->ldap != null) {

# Search entry
$search = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, array($key, $value) );
$search = \Ltb\PhpLDAP::ldap_search($this->ldap, $ldap_base, $ldap_filter, array($key, $value) );

$errno = \Ltb\PhpLDAP::ldap_errno($ldap);
$errno = \Ltb\PhpLDAP::ldap_errno($this->ldap);

if ( $errno ) {
error_log("LDAP - Search error $errno (".\Ltb\PhpLDAP::ldap_error($ldap).")");
error_log("LDAP - Search error $errno (".\Ltb\PhpLDAP::ldap_error($this->ldap).")");
} else {
$entries = \Ltb\PhpLDAP::ldap_get_entries($ldap, $search);
$entries = \Ltb\PhpLDAP::ldap_get_entries($this->ldap, $search);
for ($i=0; $i<$entries["count"]; $i++) {
if(isset($entries[$i][$key][0])) {
$return[$entries[$i][$key][0]] = isset($entries[$i][$value][0]) ? $entries[$i][$value][0] : $entries[$i][$key][0];
Expand Down Expand Up @@ -185,33 +190,36 @@ function ldapSort(array &$entries, $key)

# ldap_search + ldap_sort combined done at server side if possible
# if not supported fallback on client sorting.
function sorted_search($ldap, $ldap_base, $ldap_filter, $attributes, $sortby, $ldap_size_limit) {
function sorted_search($ldap_base, $ldap_filter, $attributes, $sortby, $ldap_size_limit) {

if($this->ldap == null)
return array(null, null, null);

if (isset($sortby) and $sortby)
{
$check_attribute='supportedControl';
$check = \Ltb\PhpLDAP::ldap_read($ldap, '', '(objectClass=*)', [$check_attribute]);
$entries = \Ltb\PhpLDAP::ldap_get_entries($ldap, $check);
$check = \Ltb\PhpLDAP::ldap_read($this->ldap, '', '(objectClass=*)', [$check_attribute]);
$entries = \Ltb\PhpLDAP::ldap_get_entries($this->ldap, $check);
if (in_array(LDAP_CONTROL_SORTREQUEST, $entries[0]['supportedcontrol'],true)) {
# server side sort
$controls=[['oid' => LDAP_CONTROL_SORTREQUEST, 'value' => [['attr'=>$sortby]]]];
# if $sortby is not in $attributes ? what to do ?
$ldap_result = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit, -1, LDAP_DEREF_NEVER, $controls );
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);
$ldap_result = \Ltb\PhpLDAP::ldap_search($this->ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit, -1, LDAP_DEREF_NEVER, $controls );
$errno = \Ltb\PhpLDAP::ldap_errno($this->ldap);
if ( $errno === 0 )
{
$entries=\Ltb\PhpLDAP::ldap_get_entries($ldap, $ldap_result);
$entries=\Ltb\PhpLDAP::ldap_get_entries($this->ldap, $ldap_result);
}
}
}

if (!isset($errno))
{
$ldap_result = \Ltb\PhpLDAP::ldap_search($ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
$errno = \Ltb\PhpLDAP::ldap_errno($ldap);
$ldap_result = \Ltb\PhpLDAP::ldap_search($this->ldap, $ldap_base, $ldap_filter, $attributes, 0, $ldap_size_limit);
$errno = \Ltb\PhpLDAP::ldap_errno($this->ldap);
if ( $errno === 0 )
{
$entries=\Ltb\PhpLDAP::ldap_get_entries($ldap, $ldap_result);
$entries=\Ltb\PhpLDAP::ldap_get_entries($this->ldap, $ldap_result);
$this->ldapSort($entries,$sortby);
}
else {
Expand All @@ -224,15 +232,14 @@ function sorted_search($ldap, $ldap_base, $ldap_filter, $attributes, $sortby, $l

/**
* Gets the value of the password attribute
* @param \LDAP\Connection $ldap An LDAP\Connection instance, returned by ldap_connect()
* @param string $dn the dn of the user
* @param string $pwdattribute the Attribute that contains the password
* @return string|false the first value of the password taken from ldap_get_values
*/
function get_password_value($ldap, $dn, $pwdattribute): string|false {
$search_userpassword = \Ltb\PhpLDAP::ldap_read($ldap, $dn, "(objectClass=*)", array($pwdattribute));
function get_password_value($dn, $pwdattribute): string|false {
$search_userpassword = \Ltb\PhpLDAP::ldap_read($this->ldap, $dn, "(objectClass=*)", array($pwdattribute));
if ($search_userpassword) {
$password_values = \Ltb\PhpLDAP::ldap_get_values($ldap, \Ltb\PhpLDAP::ldap_first_entry($ldap, $search_userpassword), $pwdattribute);
$password_values = \Ltb\PhpLDAP::ldap_get_values($this->ldap, \Ltb\PhpLDAP::ldap_first_entry($this->ldap, $search_userpassword), $pwdattribute);
if(isset($password_values[0]))
{
return $password_values[0];
Expand All @@ -243,13 +250,12 @@ function get_password_value($ldap, $dn, $pwdattribute): string|false {

/**
* Changes the password of a user while binded as the user in an Active Directory
* @param \LDAP\Connection|array $ldap An LDAP\Connection instance, returned by ldap_connect()
* @param string $dn the dn of the user
* @param string $oldpassword the old password
* @param string $password the new password
* @return array [$error_code, $error_msg]
*/
function change_ad_password_as_user($ldap, $dn, $oldpassword, $password): array {
function change_ad_password_as_user($dn, $oldpassword, $password): array {
# The AD password change procedure is modifying the attribute unicodePwd by
# first deleting unicodePwd with the old password and them adding it with the
# the new password
Expand All @@ -268,9 +274,9 @@ function change_ad_password_as_user($ldap, $dn, $oldpassword, $password): array
)
);

\Ltb\PhpLDAP::ldap_modify_batch($ldap, $dn, $modifications);
$error_code = \Ltb\PhpLDAP::ldap_errno($ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($ldap);
\Ltb\PhpLDAP::ldap_modify_batch($this->ldap, $dn, $modifications);
$error_code = \Ltb\PhpLDAP::ldap_errno($this->ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($this->ldap);
return array($error_code, $error_msg);
}

Expand All @@ -288,65 +294,62 @@ protected function get_ppolicy_error_code($ctrls) {

/**
* Changes the Password using extended password modification
* @param \LDAP\Connection|array $ldap An LDAP\Connection instance, returned by ldap_connect()
* @param string $dn the dn of the user
* @param string $oldpassword the old password
* @param string $password the new password
* @param array $userdata
* @param bool $use_ppolicy_control
* @return array 0: error_code, 1: error_msg, 2: ppolicy_error_code
*/
function change_password_with_exop($ldap, $dn, $oldpassword, $password, $use_ppolicy_control): array {
function change_password_with_exop($dn, $oldpassword, $password, $use_ppolicy_control): array {
$ppolicy_error_code = false;
$exop_passwd = FALSE;
if ( $use_ppolicy_control ) {
$ctrls = array();
$exop_passwd = \Ltb\PhpLDAP::ldap_exop_passwd($ldap, $dn, $oldpassword, $password, $ctrls);
$error_code = \Ltb\PhpLDAP::ldap_errno($ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($ldap);
$exop_passwd = \Ltb\PhpLDAP::ldap_exop_passwd($this->ldap, $dn, $oldpassword, $password, $ctrls);
$error_code = \Ltb\PhpLDAP::ldap_errno($this->ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($this->ldap);
if (!$exop_passwd) {
$ppolicy_error_code = self::get_ppolicy_error_code($ctrls);
}
} else {
$exop_passwd = \Ltb\PhpLDAP::ldap_exop_passwd($ldap, $dn, $oldpassword, $password);
$error_code = \Ltb\PhpLDAP::ldap_errno($ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($ldap);
$exop_passwd = \Ltb\PhpLDAP::ldap_exop_passwd($this->ldap, $dn, $oldpassword, $password);
$error_code = \Ltb\PhpLDAP::ldap_errno($this->ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($this->ldap);
}
return array($error_code, $error_msg, $ppolicy_error_code);
}

/**
* Changes attributes (and possibly password) using Password Policy Control
* @param \LDAP\Connection|array $ldap An LDAP\Connection instance, returned by ldap_connect()
* @param string $dn the dn of the user
* @param array $userdata the array, containing the modifications
* @return array 0: error_code, 1: error_msg, 2: ppolicy_error_code
*/
function modify_attributes_using_ppolicy($ldap, $dn, $userdata): array {
function modify_attributes_using_ppolicy($dn, $userdata): array {
$error_code = "";
$error_msg = "";
$matcheddn = null;
$referrals = array();
$ctrls = array();
$ppolicy_error_code = false;
$ppolicy_replace = \Ltb\PhpLDAP::ldap_mod_replace_ext($ldap, $dn, $userdata, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
if (\Ltb\PhpLDAP::ldap_parse_result($ldap, $ppolicy_replace, $error_code, $matcheddn, $error_msg, $referrals, $ctrls)) {
$ppolicy_replace = \Ltb\PhpLDAP::ldap_mod_replace_ext($this->ldap, $dn, $userdata, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
if (\Ltb\PhpLDAP::ldap_parse_result($this->ldap, $ppolicy_replace, $error_code, $matcheddn, $error_msg, $referrals, $ctrls)) {
$ppolicy_error_code = self::get_ppolicy_error_code($ctrls);
}
return array($error_code, $error_msg, $ppolicy_error_code);
}

/**
* Changes attributes (and password)
* @param \LDAP\Connection|array $ldap An LDAP\Connection instance, returned by ldap_connect()
* @param string $dn the dn of the user
* @param array $userdata the array, containing the new (hashed) password
* @return array 0: error_code, 1: error_msg
*/
function modify_attributes($ldap, $dn, $userdata): array {
\Ltb\PhpLDAP::ldap_mod_replace($ldap, $dn, $userdata);
$error_code = \Ltb\PhpLDAP::ldap_errno($ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($ldap);
function modify_attributes($dn, $userdata): array {
\Ltb\PhpLDAP::ldap_mod_replace($this->ldap, $dn, $userdata);
$error_code = \Ltb\PhpLDAP::ldap_errno($this->ldap);
$error_msg = \Ltb\PhpLDAP::ldap_error($this->ldap);
return array($error_code, $error_msg);
}

Expand Down
26 changes: 15 additions & 11 deletions tests/Ltb/LdapTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,8 +257,9 @@ public function test_get_list(): void
]);

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = "ldap_connection";
// return hashmap: [ cn_value => sn_value ]
$result = $ldapInstance->get_list("ldap_connection", "ou=people,dc=my-domain,dc=com", "(uid=test)", "cn","sn");
$result = $ldapInstance->get_list("ou=people,dc=my-domain,dc=com", "(uid=test)", "cn","sn");

$this->assertEquals('testcn1', array_keys($result)[0], "not getting testcn1 as key in get_list function");
$this->assertEquals('testsn1', $result["testcn1"], "not getting testsn1 as value in get_list function");
Expand Down Expand Up @@ -302,6 +303,7 @@ public function test_ldapSort(): void
];

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = "ldap_connection";
$return = $ldapInstance->ldapSort($entries, "sn");

$this->assertTrue($return, "Weird value returned by ldapSort function");
Expand Down Expand Up @@ -392,7 +394,8 @@ public function test_sorted_search_with_sort_control(): void
->andReturn(0);

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
list($ldap_result,$errno,$entries) = $ldapInstance->sorted_search("ldap_connection",
$ldapInstance->ldap = "ldap_connection";
list($ldap_result,$errno,$entries) = $ldapInstance->sorted_search(
"ou=people,dc=my-domain,dc=com",
"(objectClass=InetOrgPerson)",
["cn", "sn"],
Expand Down Expand Up @@ -487,7 +490,8 @@ public function test_sorted_search_without_sort_control(): void
->andReturn(0);

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
list($ldap_result,$errno,$entries) = $ldapInstance->sorted_search("ldap_connection",
$ldapInstance->ldap = "ldap_connection";
list($ldap_result,$errno,$entries) = $ldapInstance->sorted_search(
"ou=people,dc=my-domain,dc=com",
"(objectClass=InetOrgPerson)",
["cn", "sn"],
Expand Down Expand Up @@ -528,8 +532,8 @@ public function test_get_password_value(): void
->andReturn($expectedValues);

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
$value = $ldapInstance->get_password_value(
$ldap_connection,
$dn,
$pwdattribute
);
Expand All @@ -552,8 +556,8 @@ public function test_get_password_value_with_dummy_pwdattribute(): void
->andReturn(false);

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
$value = $ldapInstance->get_password_value(
$ldap_connection,
$dn,
$pwdattribute
);
Expand Down Expand Up @@ -610,9 +614,9 @@ public function test_change_ad_password_as_user(): void


$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg) =
$ldapInstance->change_ad_password_as_user(
$ldap_connection,
$dn,
$old_password,
$new_password
Expand Down Expand Up @@ -657,9 +661,9 @@ public function test_change_password_with_exop_noppolicy(): void
->andReturn("ok");

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->change_password_with_exop(
$ldap_connection,
$dn,
$old_password,
$new_password,
Expand Down Expand Up @@ -697,9 +701,9 @@ public function test_change_password_with_exop_ppolicy(): void
->andReturn("ok");

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->change_password_with_exop(
$ldap_connection,
$dn,
$old_password,
$new_password,
Expand Down Expand Up @@ -737,9 +741,9 @@ public function test_change_password_with_exop_ppolicy_fail(): void
->andReturn("Invalid credentials");

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->change_password_with_exop(
$ldap_connection,
$dn,
$old_password,
$new_password,
Expand Down Expand Up @@ -777,9 +781,9 @@ public function test_modify_attributes_using_ppolicy(): void


$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg, $ppolicy_error_code) =
$ldapInstance->modify_attributes_using_ppolicy(
$ldap_connection,
$dn,
$userdata
);
Expand Down Expand Up @@ -817,9 +821,9 @@ public function test_modify_attributes(): void
->andReturn("ok");

$ldapInstance = new \Ltb\Ldap( null, null, null, null, null, null, null, null );
$ldapInstance->ldap = $ldap_connection;
list($error_code, $error_msg) =
$ldapInstance->modify_attributes(
$ldap_connection,
$dn,
$userdata
);
Expand Down

0 comments on commit e3b333f

Please sign in to comment.