diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-11-27 09:15:12 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-11-27 09:15:12 -0500 |
| commit | 2451706316f08db2aa4b79730c02d297a5f5d59b (patch) | |
| tree | 6fb8570e9a699f9838f481dfbd8c11302ddb2d7a /app/Core/Ldap/User.php | |
| parent | f837e70a2d74eb37c4c5de7e4f54c8bf8ec78db7 (diff) | |
Add generic LDAP client library
Diffstat (limited to 'app/Core/Ldap/User.php')
| -rw-r--r-- | app/Core/Ldap/User.php | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/app/Core/Ldap/User.php b/app/Core/Ldap/User.php new file mode 100644 index 00000000..e44a4dda --- /dev/null +++ b/app/Core/Ldap/User.php @@ -0,0 +1,178 @@ +<?php + +namespace Kanboard\Core\Ldap; + +/** + * LDAP User + * + * @package ldap + * @author Frederic Guillot + */ +class User +{ + /** + * Query + * + * @access private + * @var Query + */ + private $query; + + /** + * Constructor + * + * @access public + * @param Query $query + */ + public function __construct(Query $query = null) + { + $this->query = $query ?: new Query; + } + + /** + * Get user profile + * + * @access public + * @param resource $ldap + * @param string $baseDn + * @param string $query + * @return array + */ + public function getProfile($ldap, $baseDn, $query) + { + $this->query->execute($ldap, $baseDn, $query, $this->getAttributes()); + $profile = array(); + + if ($this->query->hasResult()) { + $profile = $this->prepareProfile(); + } + + return $profile; + } + + /** + * Build user profile + * + * @access private + * @return boolean|array + */ + private function prepareProfile() + { + return array( + 'ldap_id' => $this->query->getAttribute('dn', ''), + 'username' => $this->query->getAttributeValue($this->getAttributeUsername()), + 'name' => $this->query->getAttributeValue($this->getAttributeName()), + 'email' => $this->query->getAttributeValue($this->getAttributeEmail()), + 'is_admin' => (int) $this->isMemberOf($this->query->getAttribute($this->getAttributeGroup(), array()), $this->getGroupAdminDn()), + 'is_project_admin' => (int) $this->isMemberOf($this->query->getAttribute($this->getAttributeGroup(), array()), $this->getGroupProjectAdminDn()), + 'is_ldap_user' => 1, + ); + } + + /** + * Check group membership + * + * @access public + * @param array $group_entries + * @param string $group_dn + * @return boolean + */ + public function isMemberOf(array $group_entries, $group_dn) + { + if (! isset($group_entries['count']) || empty($group_dn)) { + return false; + } + + for ($i = 0; $i < $group_entries['count']; $i++) { + if ($group_entries[$i] === $group_dn) { + return true; + } + } + + return false; + } + + /** + * Ge the list of attributes to fetch when reading the LDAP user entry + * + * Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong" + * + * @access public + * @return array + */ + public function getAttributes() + { + return array_values(array_filter(array( + $this->getAttributeUsername(), + $this->getAttributeName(), + $this->getAttributeEmail(), + $this->getAttributeGroup(), + ))); + } + + /** + * Get LDAP account id attribute + * + * @access public + * @return string + */ + public function getAttributeUsername() + { + return LDAP_ACCOUNT_ID; + } + + /** + * Get LDAP account email attribute + * + * @access public + * @return string + */ + public function getAttributeEmail() + { + return LDAP_ACCOUNT_EMAIL; + } + + /** + * Get LDAP account name attribute + * + * @access public + * @return string + */ + public function getAttributeName() + { + return LDAP_ACCOUNT_FULLNAME; + } + + /** + * Get LDAP account memberof attribute + * + * @access public + * @return string + */ + public function getAttributeGroup() + { + return LDAP_ACCOUNT_MEMBEROF; + } + + /** + * Get LDAP admin group DN + * + * @access public + * @return string + */ + public function getGroupAdminDn() + { + return LDAP_GROUP_ADMIN_DN; + } + + /** + * Get LDAP project admin group DN + * + * @access public + * @return string + */ + public function getGroupProjectAdminDn() + { + return LDAP_GROUP_PROJECT_ADMIN_DN; + } +} |