<?php
+
/**
* abook_ldap_server.php
*
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
* Address book backend for LDAP server
*
* LDAP filtering code by Tim Bell
* StartTLS code by John Lane
* <starfry at users.sourceforge.net> (#1197703)
*
+ * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @subpackage addressbook
* http://www.php.net/ldap-start-tls
* Check if v3 or newer protocol is used,
* check if ldap_start_tls function is available.
- * Silently ignore setting, if requirements are not satisfied
+ * Silently ignore setting, if these requirements are not satisfied.
+ * Break with error message if somebody tries to start TLS on
+ * ldaps or socket connection.
*/
if($this->starttls &&
!empty($this->protocol) && $this->protocol >= 3 &&
function_exists('ldap_start_tls') ) {
- // make sure that $this->host is not ldaps:// URL.
- if (preg_match("/^ldaps:\/\/.+/i",$this->server)) {
- return $this->set_error("you can't enable starttls on ldaps connection.");
+ // make sure that $this->server is not ldaps:// or ldapi:// URL.
+ if (preg_match("/^ldap[si]:\/\/.+/i",$this->server)) {
+ return $this->set_error("you can't enable starttls on ldaps and ldapi connections.");
}
- // TODO: starttls and ldapi:// tests are needed
// try starting tls
if (! @ldap_start_tls($this->linkid)) {
/* Convert search from user's charset to the one used in ldap */
$expr = $this->charset_encode($expr);
- /* Make sure that search does not contain ldap special chars */
- $expression = '(cn=*' . $this->ldapspecialchars($expr) . '*)';
+ /* sanitize search string */
+ $expr = $this->ldapspecialchars($expr);
+
+ /* Search for same string in cn, main and sn */
+ $expression = '(|(cn=*'.$expr.'*)(mail=*'.$expr.'*)(sn=*'.$expr.'*))';
/* Undo sanitizing of * symbol */
$expression = str_replace('\2a','*',$expression);
- /* TODO: implement any single character (?) matching */
}
/* Add search filtering */