[squirrelmail.git] / functions / abook_ldap_server.php

<?php

/**
 * abook_ldap_server.php
 *
 * Copyright (c) 1999-2004 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * Address book backend for LDAP server
 *
 * An array with the following elements must be passed to
 * the class constructor (elements marked ? are optional):
 *
 *    host      => LDAP server hostname/IP-address
 *    base      => LDAP server root (base dn). Empty string allowed.
 *  ? port      => LDAP server TCP port number (default: 389)
 *  ? charset   => LDAP server charset (default: utf-8)
 *  ? name      => Name for LDAP server (default "LDAP: hostname")
 *                 Used to tag the result data
 *  ? maxrows   => Maximum # of rows in search result
 *  ? timeout   => Timeout for LDAP operations (in seconds, default: 30)
 *                 Might not work for all LDAP libraries or servers.
 *  ? binddn    => LDAP Bind DN.
 *  ? bindpw    => LDAP Bind Password.
 *  ? protocol  => LDAP Bind protocol.
 *
 * NOTE. This class should not be used directly. Use the
 *       "AddressBook" class instead.
 *
 * $Id$
 * @package squirrelmail
 */

/**
 * Undocumented class - fixme
 * @package squirrelmail
 */
class abook_ldap_server extends addressbook_backend {
    var $btype = 'remote';
    var $bname = 'ldap_server';

    /* Parameters changed by class */
    var $sname   = 'LDAP';       /* Service name */
    var $server  = '';           /* LDAP server name */
    var $port    = 389;          /* LDAP server port */
    var $basedn  = '';           /* LDAP base DN  */
    var $charset = 'utf-8';      /* LDAP server charset */
    var $linkid  = false;        /* PHP LDAP link ID */
    var $bound   = false;        /* True if LDAP server is bound */
    var $maxrows = 250;          /* Max rows in result */
    var $timeout = 30;           /* Timeout for LDAP operations (in seconds) */
    var $binddn = '';            /* DN to bind to (non-anonymous bind) */
    var $bindpw = '';            /* password to bind with (non-anonymous bind) */
    var $protocol = '';          /* protocol used to connect to ldap server */

    /* Constructor. Connects to database */
    function abook_ldap_server($param) {
        if(!function_exists('ldap_connect')) {
            $this->set_error('LDAP support missing from PHP');
            return;
        }
        if(is_array($param)) {
            $this->server = $param['host'];
            $this->basedn = $param['base'];
            if(!empty($param['port'])) {
                $this->port = $param['port'];
            }
            if(!empty($param['charset'])) {
                $this->charset = strtolower($param['charset']);
            }
            if(isset($param['maxrows'])) {
                $this->maxrows = $param['maxrows'];
            }
            if(isset($param['timeout'])) {
                $this->timeout = $param['timeout'];
            }
            if(isset($param['binddn'])) {
                $this->binddn = $param['binddn'];
            }
            if(isset($param['bindpw'])) {
                $this->bindpw = $param['bindpw'];
	    }
            if(isset($param['protocol'])) {
                $this->protocol = $param['protocol'];
	    }
            if(empty($param['name'])) {
                $this->sname = 'LDAP: ' . $param['host'];
            }
            else {
                $this->sname = $param['name'];
            }
            
            $this->open(true);
        } else {
            $this->set_error('Invalid argument to constructor');
        }
    }


    /* Open the LDAP server. New connection if $new is true */
    function open($new = false) {
        $this->error = '';
  
        /* Connection is already open */
        if($this->linkid != false && !$new) {
            return true;
        }
  
        $this->linkid = @ldap_connect($this->server, $this->port);
        if(!$this->linkid) {
            if(function_exists('ldap_error')) {
                return $this->set_error(ldap_error($this->linkid)); 
            } else {
                return $this->set_error('ldap_connect failed');
            }
        }
	
	if(!empty($this->protocol)) {
            if(!@ldap_set_option($this->linkid, LDAP_OPT_PROTOCOL_VERSION, $this->protocol)) {
                if(function_exists('ldap_error')) {
                    return $this->set_error(ldap_error($this->linkid));
                } else {
                    return $this->set_error('ldap_set_option failed');
        	}
	    }
	}

        if(!empty($this->binddn)) {
            if(!@ldap_bind($this->linkid, $this->binddn, $this->bindpw)) {
                if(function_exists('ldap_error')) {
                    return $this->set_error(ldap_error($this->linkid));
                } else {
                    return $this->set_error('authenticated ldap_bind failed');
                }
              }
        } else {
    	    if(!@ldap_bind($this->linkid)) {
        	if(function_exists('ldap_error')) {
            	    return $this->set_error(ldap_error($this->linkid)); 
        	} else {
            	    return $this->set_error('anonymous ldap_bind failed');
        	}
    	    }
        }

        $this->bound = true;
        
        return true;
    }


    /* Encode iso8859-1 string to the charset used by this LDAP server */
    function charset_encode($str) {
        if($this->charset == 'utf-8') {
            if(function_exists('utf8_encode')) {
                return utf8_encode($str);
            } else {
                return $str;
            }
        } else {
            return $str;
        }
    }


    /* Decode from charset used by this LDAP server to iso8859-1 */
    function charset_decode($str) {
        if($this->charset == 'utf-8') {
            if(function_exists('utf8_decode')) {
                return utf8_decode($str);
            } else {
                return $str;
            }
        } else {
            return $str;
        }
    }

    
    /* ========================== Public ======================== */

    /* Search the LDAP server */
    function search($expr) {
  
        /* To be replaced by advanded search expression parsing */
        if(is_array($expr)) return false;
  
        /* Encode the expression */
        $expr = $this->charset_encode($expr);
        if(strstr($expr, '*') === false) {
            $expr = "*$expr*";
        }
        $expression = "cn=$expr";
  
        /* Make sure connection is there */
        if(!$this->open()) {
            return false;
        }
  
        $sret = @ldap_search($this->linkid, $this->basedn, $expression,
            array('dn', 'o', 'ou', 'sn', 'givenname', 
            'cn', 'mail', 'telephonenumber'),
            0, $this->maxrows, $this->timeout);
  
        /* Should get error from server using the ldap_error() function,
         * but it only exist in the PHP LDAP documentation. */
        if(!$sret) {
            if(function_exists('ldap_error')) {
                return $this->set_error(ldap_error($this->linkid)); 
            } else {
                return $this->set_error('ldap_search failed');       
            }
        }
        
        if(@ldap_count_entries($this->linkid, $sret) <= 0) {
            return array();
        }
  
        /* Get results */
        $ret = array();
        $returned_rows = 0;
        $res = @ldap_get_entries($this->linkid, $sret);
        for($i = 0 ; $i < $res['count'] ; $i++) {
            $row = $res[$i];
           
            /* Extract data common for all e-mail addresses
             * of an object. Use only the first name */
            $nickname = $this->charset_decode($row['dn']);
            $fullname = $this->charset_decode($row['cn'][0]);
           
            if(empty($row['telephonenumber'][0])) {
                $phone = '';
            } else {
                $phone = $this->charset_decode($row['telephonenumber'][0]);
            }
           
            if(!empty($row['ou'][0])) {
                $label = $this->charset_decode($row['ou'][0]);
            }
            else if(!empty($row['o'][0])) {
                $label = $this->charset_decode($row['o'][0]);
            } else {
                $label = '';
            }
           
            if(empty($row['givenname'][0])) {
                $firstname = '';
            } else {
                $firstname = $this->charset_decode($row['givenname'][0]);
            }
           
            if(empty($row['sn'][0])) {
                $surname = '';
            } else {
                $surname = $this->charset_decode($row['sn'][0]);
            }
           
            /* Add one row to result for each e-mail address */
            if(isset($row['mail']['count'])) {
                for($j = 0 ; $j < $row['mail']['count'] ; $j++) {
                    array_push($ret, array('nickname'  => $nickname,
                   'name'      => $fullname,
                   'firstname' => $firstname,
                   'lastname'  => $surname,
                   'email'     => $row['mail'][$j],
                   'label'     => $label,
                   'phone'     => $phone,
                   'backend'   => $this->bnum,
                   'source'    => &$this->sname));
                    
                    // Limit number of hits
                    $returned_rows++;
                    if(($returned_rows >= $this->maxrows) && 
                       ($this->maxrows > 0) ) {
                        ldap_free_result($sret);
                        return $ret;
                    }

                } // for($j ...)

            } // isset($row['mail']['count'])
 
        }
  
        ldap_free_result($sret);
        return $ret;
    } /* end search() */


    /* If you run a tiny LDAP server and you want the "List All" button
     * to show EVERYONE, then uncomment this tiny block of code:
     *
     * function list_addr() {
     *    return $this->search('*');
     * }
     *
     * Careful with this -- it could get quite large for big sites. */
}
?>
Commit	Line	Data
5100704d	1	<?php
5100704d	2
35586184	3	/**
	4	* abook_ldap_server.php
	5	*
82d304a0	6	* Copyright (c) 1999-2004 The SquirrelMail Project Team
35586184	7	* Licensed under the GNU GPL. For full terms see the file COPYING.
	8	*
	9	* Address book backend for LDAP server
	10	*
	11	* An array with the following elements must be passed to
	12	* the class constructor (elements marked ? are optional):
	13	*
	14	* host => LDAP server hostname/IP-address
	15	* base => LDAP server root (base dn). Empty string allowed.
	16	* ? port => LDAP server TCP port number (default: 389)
	17	* ? charset => LDAP server charset (default: utf-8)
	18	* ? name => Name for LDAP server (default "LDAP: hostname")
	19	* Used to tag the result data
	20	* ? maxrows => Maximum # of rows in search result
	21	* ? timeout => Timeout for LDAP operations (in seconds, default: 30)
	22	* Might not work for all LDAP libraries or servers.
30e9932c	23	* ? binddn => LDAP Bind DN.
	24	* ? bindpw => LDAP Bind Password.
	25	* ? protocol => LDAP Bind protocol.
35586184	26	*
	27	* NOTE. This class should not be used directly. Use the
	28	* "AddressBook" class instead.
	29	*
	30	* $Id$
d6c32258	31	* @package squirrelmail
35586184	32	*/
5100704d	33
d6c32258	34	/**
	35	* Undocumented class - fixme
	36	* @package squirrelmail
	37	*/
35586184	38	class abook_ldap_server extends addressbook_backend {
06b4facd	39	var $btype = 'remote';
	40	var $bname = 'ldap_server';
	41
	42	/* Parameters changed by class */
	43	var $sname = 'LDAP'; /* Service name */
	44	var $server = ''; /* LDAP server name */
	45	var $port = 389; /* LDAP server port */
	46	var $basedn = ''; /* LDAP base DN */
	47	var $charset = 'utf-8'; /* LDAP server charset */
	48	var $linkid = false; /* PHP LDAP link ID */
	49	var $bound = false; /* True if LDAP server is bound */
	50	var $maxrows = 250; /* Max rows in result */
	51	var $timeout = 30; /* Timeout for LDAP operations (in seconds) */
30e9932c	52	var $binddn = ''; /* DN to bind to (non-anonymous bind) */
	53	var $bindpw = ''; /* password to bind with (non-anonymous bind) */
	54	var $protocol = ''; /* protocol used to connect to ldap server */
06b4facd	55
	56	/* Constructor. Connects to database */
	57	function abook_ldap_server($param) {
	58	if(!function_exists('ldap_connect')) {
	59	$this->set_error('LDAP support missing from PHP');
	60	return;
	61	}
	62	if(is_array($param)) {
	63	$this->server = $param['host'];
	64	$this->basedn = $param['base'];
	65	if(!empty($param['port'])) {
	66	$this->port = $param['port'];
	67	}
	68	if(!empty($param['charset'])) {
	69	$this->charset = strtolower($param['charset']);
	70	}
	71	if(isset($param['maxrows'])) {
	72	$this->maxrows = $param['maxrows'];
	73	}
	74	if(isset($param['timeout'])) {
	75	$this->timeout = $param['timeout'];
	76	}
30e9932c	77	if(isset($param['binddn'])) {
	78	$this->binddn = $param['binddn'];
	79	}
	80	if(isset($param['bindpw'])) {
	81	$this->bindpw = $param['bindpw'];
	82	}
	83	if(isset($param['protocol'])) {
	84	$this->protocol = $param['protocol'];
	85	}
06b4facd	86	if(empty($param['name'])) {
	87	$this->sname = 'LDAP: ' . $param['host'];
	88	}
	89	else {
	90	$this->sname = $param['name'];
	91	}
	92
	93	$this->open(true);
	94	} else {
	95	$this->set_error('Invalid argument to constructor');
	96	}
	97	}
	98
	99
	100	/* Open the LDAP server. New connection if $new is true */
	101	function open($new = false) {
	102	$this->error = '';
	103
	104	/* Connection is already open */
	105	if($this->linkid != false && !$new) {
	106	return true;
	107	}
	108
	109	$this->linkid = @ldap_connect($this->server, $this->port);
	110	if(!$this->linkid) {
	111	if(function_exists('ldap_error')) {
	112	return $this->set_error(ldap_error($this->linkid));
	113	} else {
	114	return $this->set_error('ldap_connect failed');
	115	}
	116	}
30e9932c	117
	118	if(!empty($this->protocol)) {
	119	if(!@ldap_set_option($this->linkid, LDAP_OPT_PROTOCOL_VERSION, $this->protocol)) {
	120	if(function_exists('ldap_error')) {
	121	return $this->set_error(ldap_error($this->linkid));
	122	} else {
	123	return $this->set_error('ldap_set_option failed');
	124	}
	125	}
	126	}
	127
	128	if(!empty($this->binddn)) {
	129	if(!@ldap_bind($this->linkid, $this->binddn, $this->bindpw)) {
	130	if(function_exists('ldap_error')) {
	131	return $this->set_error(ldap_error($this->linkid));
	132	} else {
	133	return $this->set_error('authenticated ldap_bind failed');
	134	}
	135	}
	136	} else {
	137	if(!@ldap_bind($this->linkid)) {
	138	if(function_exists('ldap_error')) {
	139	return $this->set_error(ldap_error($this->linkid));
	140	} else {
	141	return $this->set_error('anonymous ldap_bind failed');
	142	}
	143	}
06b4facd	144	}
30e9932c	145
06b4facd	146	$this->bound = true;
	147
	148	return true;
	149	}
	150
	151
	152	/* Encode iso8859-1 string to the charset used by this LDAP server */
	153	function charset_encode($str) {
	154	if($this->charset == 'utf-8') {
	155	if(function_exists('utf8_encode')) {
	156	return utf8_encode($str);
	157	} else {
	158	return $str;
	159	}
	160	} else {
	161	return $str;
	162	}
	163	}
	164
	165
	166	/* Decode from charset used by this LDAP server to iso8859-1 */
	167	function charset_decode($str) {
	168	if($this->charset == 'utf-8') {
	169	if(function_exists('utf8_decode')) {
	170	return utf8_decode($str);
97445d7d	171	} else {
06b4facd	172	return $str;
	173	}
	174	} else {
	175	return $str;
	176	}
	177	}
	178
	179
	180	/* ========================== Public ======================== */
	181
	182	/* Search the LDAP server */
	183	function search($expr) {
	184
	185	/* To be replaced by advanded search expression parsing */
	186	if(is_array($expr)) return false;
	187
	188	/* Encode the expression */
	189	$expr = $this->charset_encode($expr);
	190	if(strstr($expr, '*') === false) {
	191	$expr = "$expr";
	192	}
	193	$expression = "cn=$expr";
	194
	195	/* Make sure connection is there */
	196	if(!$this->open()) {
	197	return false;
	198	}
	199
cccfa9c2	200	$sret = @ldap_search($this->linkid, $this->basedn, $expression,
	201	array('dn', 'o', 'ou', 'sn', 'givenname',
	202	'cn', 'mail', 'telephonenumber'),
	203	0, $this->maxrows, $this->timeout);
06b4facd	204
	205	/* Should get error from server using the ldap_error() function,
	206	* but it only exist in the PHP LDAP documentation. */
	207	if(!$sret) {
	208	if(function_exists('ldap_error')) {
	209	return $this->set_error(ldap_error($this->linkid));
	210	} else {
	211	return $this->set_error('ldap_search failed');
	212	}
	213	}
	214
	215	if(@ldap_count_entries($this->linkid, $sret) <= 0) {
	216	return array();
	217	}
	218
	219	/* Get results */
	220	$ret = array();
	221	$returned_rows = 0;
	222	$res = @ldap_get_entries($this->linkid, $sret);
	223	for($i = 0 ; $i < $res['count'] ; $i++) {
	224	$row = $res[$i];
	225
	226	/* Extract data common for all e-mail addresses
	227	* of an object. Use only the first name */
	228	$nickname = $this->charset_decode($row['dn']);
	229	$fullname = $this->charset_decode($row['cn'][0]);
	230
	231	if(empty($row['telephonenumber'][0])) {
	232	$phone = '';
	233	} else {
	234	$phone = $this->charset_decode($row['telephonenumber'][0]);
	235	}
	236
	237	if(!empty($row['ou'][0])) {
	238	$label = $this->charset_decode($row['ou'][0]);
	239	}
	240	else if(!empty($row['o'][0])) {
	241	$label = $this->charset_decode($row['o'][0]);
	242	} else {
	243	$label = '';
	244	}
	245
	246	if(empty($row['givenname'][0])) {
	247	$firstname = '';
	248	} else {
	249	$firstname = $this->charset_decode($row['givenname'][0]);
	250	}
	251
	252	if(empty($row['sn'][0])) {
	253	$surname = '';
	254	} else {
	255	$surname = $this->charset_decode($row['sn'][0]);
	256	}
	257
	258	/* Add one row to result for each e-mail address */
	259	if(isset($row['mail']['count'])) {
	260	for($j = 0 ; $j < $row['mail']['count'] ; $j++) {
	261	array_push($ret, array('nickname' => $nickname,
	262	'name' => $fullname,
	263	'firstname' => $firstname,
	264	'lastname' => $surname,
	265	'email' => $row['mail'][$j],
	266	'label' => $label,
	267	'phone' => $phone,
268	'backend' => $this->bnum,
269	'source' => &$this->sname));
270
271	// Limit number of hits
272	$returned_rows++;
273	if(($returned_rows >= $this->maxrows) &&
274	($this->maxrows > 0) ) {
275	ldap_free_result($sret);
276	return $ret;
277	}
278
279	} // for($j ...)
280
281	} // isset($row['mail']['count'])
282
283	}
284
285	ldap_free_result($sret);
286	return $ret;
287	} /* end search() */
288
289
290	/* If you run a tiny LDAP server and you want the "List All" button
291	* to show EVERYONE, then uncomment this tiny block of code:
292	*
293	* function list_addr() {
294	* return $this->search('*');
295	* }
296	*
297	* Careful with this -- it could get quite large for big sites. */
298	}
cccfa9c2	299	?>