host = $host; $this->base = $base; $this->conn = $conn; } /** * @param string $subject The subject string * @param string $ignore Set of characters to leave untouched * @param int $flags Any combination of LDAP_ESCAPE_* flags to indicate the * set(s) of characters to escape. * @return string */ function escape($subject, $ignore = '', $flags = 0) { if (function_exists('ldap_escape')) { return ldap_escape($subject, $ignore, $flags); } define('LDAP_ESCAPE_FILTER', 0x01); define('LDAP_ESCAPE_DN', 0x02); static $charMaps = array( LDAP_ESCAPE_FILTER => array('\\', '*', '(', ')', "\x00"), LDAP_ESCAPE_DN => array('\\', ',', '=', '+', '<', '>', ';', '"', '#'), ); // Pre-process the char maps on first call if (!isset($charMaps[0])) { $charMaps[0] = array(); for ($i = 0; $i < 256; $i++) { $charMaps[0][chr($i)] = sprintf('\\%02x', $i);; } for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_FILTER]); $i < $l; $i++) { $chr = $charMaps[LDAP_ESCAPE_FILTER][$i]; unset($charMaps[LDAP_ESCAPE_FILTER][$i]); $charMaps[LDAP_ESCAPE_FILTER][$chr] = $charMaps[0][$chr]; } for ($i = 0, $l = count($charMaps[LDAP_ESCAPE_DN]); $i < $l; $i++) { $chr = $charMaps[LDAP_ESCAPE_DN][$i]; unset($charMaps[LDAP_ESCAPE_DN][$i]); $charMaps[LDAP_ESCAPE_DN][$chr] = $charMaps[0][$chr]; } } // Create the base char map to escape $flags = (int)$flags; $charMap = array(); if ($flags & LDAP_ESCAPE_FILTER) { $charMap += $charMaps[LDAP_ESCAPE_FILTER]; } if ($flags & LDAP_ESCAPE_DN) { $charMap += $charMaps[LDAP_ESCAPE_DN]; } if (!$charMap) { $charMap = $charMaps[0]; } // Remove any chars to ignore from the list $ignore = (string)$ignore; for ($i = 0, $l = strlen($ignore); $i < $l; $i++) { unset($charMap[$ignore[$i]]); } // Do the main replacement $result = strtr($subject, $charMap); // Encode leading/trailing spaces if LDAP_ESCAPE_DN is passed if ($flags & LDAP_ESCAPE_DN) { if ($result[0] === ' ') { $result = '\\20' . substr($result, 1); } if ($result[strlen($result) - 1] === ' ') { $result = substr($result, 0, -1) . '\\20'; } } return $result; } public function search_uid($uid) { $conn = $this->conn; $bind = ldap_bind($conn); if($bind === false) throw new \ErrorException("ldap_bind() failed: ".ldap_error($conn)); #$escaped_uid = ldap_escape($uid, null, LDAP_ESCAPE_FILTER); $escaped_uid = $this->escape($uid); $results = ldap_search($conn, 'o=Universiteit van Tilburg,c=NL', "(uid=$escaped_uid)", ['*']); if($results === false) throw new \ErrorException("ldap_search() failed: ".ldap_error($conn)); $data = ldap_get_entries($conn, $results); if($data === false) throw new \ErrorException("ldap_get_entries() failed: ".ldap_error($conn)); switch($data['count']) { case 0: throw new \ErrorException("user '$uid' not found in ldap"); case 1: return $data[0]; default: throw new \ErrorException("user '$uid' not unique in ldap"); } } /** * find_email($id) * * Find the email address given either ANR or username * * @return NULL or STRING(email address) **/ public function find_email($id) { $conn = $this->conn; $bind = ldap_bind($conn); if ($bind === false) throw new \ErrorException("ldap_bind() failed: ".ldap_error($conn)); $escaped_id = $this->escape($id); $result = ldap_search($conn, 'o=Universiteit van Tilburg,c=NL', "(|(uid=$escaped_id)(employeeNumber=$escaped_id))", ['*']); if ($result === false) throw new \ErrorException("ldap_search() failed: ".ldap_error($conn)); $data = ldap_get_entries($conn, $result); if ($data == false) throw new \ErrorException("ldap_get_entries() failed: ".ldap_error($conn)); switch($data['count']) { case 1: if (array_key_exists('mail', $data[0]) && is_array($data[0]['mail']) && array_key_exists(0, $data[0]['mail'])) { return $data[0]['mail'][0]; } return NULL; // No mailaddress given in LDAP result break; default: // User not in ldap or not unique return NULL; } } }