functions/abook_ldap_server.php

   1 <?php
   2
   3 /**
   4  * abook_ldap_server.php
   5  *
   6  * Copyright (c) 1999-2004 The SquirrelMail Project Team
   7  * Licensed under the GNU GPL. For full terms see the file COPYING.
   8  *
   9  * Address book backend for LDAP server
  10  *
  11  * An array with the following elements must be passed to
  12  * the class constructor (elements marked ? are optional):
  13  *
  14  *    host      => LDAP server hostname/IP-address
  15  *    base      => LDAP server root (base dn). Empty string allowed.
  16  *  ? port      => LDAP server TCP port number (default: 389)
  17  *  ? charset   => LDAP server charset (default: utf-8)
  18  *  ? name      => Name for LDAP server (default "LDAP: hostname")
  19  *                 Used to tag the result data
  20  *  ? maxrows   => Maximum # of rows in search result
  21  *  ? timeout   => Timeout for LDAP operations (in seconds, default: 30)
  22  *                 Might not work for all LDAP libraries or servers.
  23  *  ? binddn    => LDAP Bind DN.
  24  *  ? bindpw    => LDAP Bind Password.
  25  *  ? protocol  => LDAP Bind protocol.
  26  *
  27  * NOTE. This class should not be used directly. Use the
  28  *       "AddressBook" class instead.
  29  *
  30  * @version $Id$
  31  * @package squirrelmail
  32  * @subpackage addressbook
  33  */
  34
  35 /**
  36  * Undocumented class - fixme
  37  * @package squirrelmail
  38  */
  39 class abook_ldap_server extends addressbook_backend {
  40     var $btype = 'remote';
  41     var $bname = 'ldap_server';
  42
  43     /* Parameters changed by class */
  44     var $sname   = 'LDAP';       /* Service name */
  45     var $server  = '';           /* LDAP server name */
  46     var $port    = 389;          /* LDAP server port */
  47     var $basedn  = '';           /* LDAP base DN  */
  48     var $charset = 'utf-8';      /* LDAP server charset */
  49     var $linkid  = false;        /* PHP LDAP link ID */
  50     var $bound   = false;        /* True if LDAP server is bound */
  51     var $maxrows = 250;          /* Max rows in result */
  52     var $timeout = 30;           /* Timeout for LDAP operations (in seconds) */
  53     var $binddn = '';            /* DN to bind to (non-anonymous bind) */
  54     var $bindpw = '';            /* password to bind with (non-anonymous bind) */
  55     var $protocol = '';          /* protocol used to connect to ldap server */
  56
  57     /* Constructor. Connects to database */
  58     function abook_ldap_server($param) {
  59         if(!function_exists('ldap_connect')) {
  60             $this->set_error('LDAP support missing from PHP');
  61             return;
  62         }
  63         if(is_array($param)) {
  64             $this->server = $param['host'];
  65             $this->basedn = $param['base'];
  66             if(!empty($param['port'])) {
  67                 $this->port = $param['port'];
  68             }
  69             if(!empty($param['charset'])) {
  70                 $this->charset = strtolower($param['charset']);
  71             }
  72             if(isset($param['maxrows'])) {
  73                 $this->maxrows = $param['maxrows'];
  74             }
  75             if(isset($param['timeout'])) {
  76                 $this->timeout = $param['timeout'];
  77             }
  78             if(isset($param['binddn'])) {
  79                 $this->binddn = $param['binddn'];
  80             }
  81             if(isset($param['bindpw'])) {
  82                 $this->bindpw = $param['bindpw'];
  83             }
  84             if(isset($param['protocol'])) {
  85                 $this->protocol = $param['protocol'];
  86             }
  87             if(empty($param['name'])) {
  88                 $this->sname = 'LDAP: ' . $param['host'];
  89             }
  90             else {
  91                 $this->sname = $param['name'];
  92             }
  93
  94             $this->open(true);
  95         } else {
  96             $this->set_error('Invalid argument to constructor');
  97         }
  98     }
  99
 100
 101     /* Open the LDAP server. New connection if $new is true */
 102     function open($new = false) {
 103         $this->error = '';
 104
 105         /* Connection is already open */
 106         if($this->linkid != false && !$new) {
 107             return true;
 108         }
 109
 110         $this->linkid = @ldap_connect($this->server, $this->port);
 111         if(!$this->linkid) {
 112             if(function_exists('ldap_error')) {
 113                 return $this->set_error(ldap_error($this->linkid));
 114             } else {
 115                 return $this->set_error('ldap_connect failed');
 116             }
 117         }
 118
 119         if(!empty($this->protocol)) {
 120             if(!@ldap_set_option($this->linkid, LDAP_OPT_PROTOCOL_VERSION, $this->protocol)) {
 121                 if(function_exists('ldap_error')) {
 122                     return $this->set_error(ldap_error($this->linkid));
 123                 } else {
 124                     return $this->set_error('ldap_set_option failed');
 125                 }
 126             }
 127         }
 128
 129         if(!empty($this->binddn)) {
 130             if(!@ldap_bind($this->linkid, $this->binddn, $this->bindpw)) {
 131                 if(function_exists('ldap_error')) {
 132                     return $this->set_error(ldap_error($this->linkid));
 133                 } else {
 134                     return $this->set_error('authenticated ldap_bind failed');
 135                 }
 136               }
 137         } else {
 138             if(!@ldap_bind($this->linkid)) {
 139                 if(function_exists('ldap_error')) {
 140                     return $this->set_error(ldap_error($this->linkid));
 141                 } else {
 142                     return $this->set_error('anonymous ldap_bind failed');
 143                 }
 144             }
 145         }
 146
 147         $this->bound = true;
 148
 149         return true;
 150     }
 151
 152
 153     /* Encode iso8859-1 string to the charset used by this LDAP server */
 154     function charset_encode($str) {
 155         if($this->charset == 'utf-8') {
 156             if(function_exists('utf8_encode')) {
 157                 return utf8_encode($str);
 158             } else {
 159                 return $str;
 160             }
 161         } else {
 162             return $str;
 163         }
 164     }
 165
 166
 167     /* Decode from charset used by this LDAP server to iso8859-1 */
 168     function charset_decode($str) {
 169         if($this->charset == 'utf-8') {
 170             if(function_exists('utf8_decode')) {
 171                 return utf8_decode($str);
 172             } else {
 173                 return $str;
 174             }
 175         } else {
 176             return $str;
 177         }
 178     }
 179
 180
 181     /* ========================== Public ======================== */
 182
 183     /* Search the LDAP server */
 184     function search($expr) {
 185
 186         /* To be replaced by advanded search expression parsing */
 187         if(is_array($expr)) return false;
 188
 189         /* Encode the expression */
 190         $expr = $this->charset_encode($expr);
 191         if(strstr($expr, '*') === false) {
 192             $expr = "*$expr*";
 193         }
 194         $expression = "cn=$expr";
 195
 196         /* Make sure connection is there */
 197         if(!$this->open()) {
 198             return false;
 199         }
 200
 201         $sret = @ldap_search($this->linkid, $this->basedn, $expression,
 202             array('dn', 'o', 'ou', 'sn', 'givenname',
 203             'cn', 'mail', 'telephonenumber'),
 204             0, $this->maxrows, $this->timeout);
 205
 206         /* Should get error from server using the ldap_error() function,
 207          * but it only exist in the PHP LDAP documentation. */
 208         if(!$sret) {
 209             if(function_exists('ldap_error')) {
 210                 return $this->set_error(ldap_error($this->linkid));
 211             } else {
 212                 return $this->set_error('ldap_search failed');
 213             }
 214         }
 215
 216         if(@ldap_count_entries($this->linkid, $sret) <= 0) {
 217             return array();
 218         }
 219
 220         /* Get results */
 221         $ret = array();
 222         $returned_rows = 0;
 223         $res = @ldap_get_entries($this->linkid, $sret);
 224         for($i = 0 ; $i < $res['count'] ; $i++) {
 225             $row = $res[$i];
 226
 227             /* Extract data common for all e-mail addresses
 228              * of an object. Use only the first name */
 229             $nickname = $this->charset_decode($row['dn']);
 230             $fullname = $this->charset_decode($row['cn'][0]);
 231
 232             if(empty($row['telephonenumber'][0])) {
 233                 $phone = '';
 234             } else {
 235                 $phone = $this->charset_decode($row['telephonenumber'][0]);
 236             }
 237
 238             if(!empty($row['ou'][0])) {
 239                 $label = $this->charset_decode($row['ou'][0]);
 240             }
 241             else if(!empty($row['o'][0])) {
 242                 $label = $this->charset_decode($row['o'][0]);
 243             } else {
 244                 $label = '';
 245             }
 246
 247             if(empty($row['givenname'][0])) {
 248                 $firstname = '';
 249             } else {
 250                 $firstname = $this->charset_decode($row['givenname'][0]);
 251             }
 252
 253             if(empty($row['sn'][0])) {
 254                 $surname = '';
 255             } else {
 256                 $surname = $this->charset_decode($row['sn'][0]);
 257             }
 258
 259             /* Add one row to result for each e-mail address */
 260             if(isset($row['mail']['count'])) {
 261                 for($j = 0 ; $j < $row['mail']['count'] ; $j++) {
 262                     array_push($ret, array('nickname'  => $nickname,
 263                    'name'      => $fullname,
 264                    'firstname' => $firstname,
 265                    'lastname'  => $surname,
 266                    'email'     => $row['mail'][$j],
 267                    'label'     => $label,
 268                    'phone'     => $phone,
 269                    'backend'   => $this->bnum,
 270                    'source'    => &$this->sname));
 271
 272                     // Limit number of hits
 273                     $returned_rows++;
 274                     if(($returned_rows >= $this->maxrows) &&
 275                        ($this->maxrows > 0) ) {
 276                         ldap_free_result($sret);
 277                         return $ret;
 278                     }
 279
 280                 } // for($j ...)
 281
 282             } // isset($row['mail']['count'])
 283
 284         }
 285
 286         ldap_free_result($sret);
 287         return $ret;
 288     } /* end search() */
 289
 290
 291     /* If you run a tiny LDAP server and you want the "List All" button
 292      * to show EVERYONE, then uncomment this tiny block of code:
 293      *
 294      * function list_addr() {
 295      *    return $this->search('*');
 296      * }
 297      *
 298      * Careful with this -- it could get quite large for big sites. */
 299 }
 300 ?>