Skip to content
Snippets Groups Projects
Commit f6ada0bc authored by Jaime Pérez Crespo's avatar Jaime Pérez Crespo
Browse files

Add support for adding multiple attributes in AttributeAddFromLDAP. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3371 44740490-163a-0410-bde0-09ae8108e29a
parent ff0e0ecb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
modules/ldap/lib/Auth/Process/AttributeAddFromLDAP.php
+ 152
112
View file @ f6ada0bc
...@@ -18,28 +18,26 @@ ...@@ -18,28 +18,26 @@
* - Added conversion of original filter option names for backwards-compatibility * - Added conversion of original filter option names for backwards-compatibility
* - Updated the constructor to use the new config method * - Updated the constructor to use the new config method
* - Updated the process method to use the new config variable names * - Updated the process method to use the new config variable names
* Updated: 20131119 Yørn de Jong / Jaime Perez
* - Added support for retrieving multiple values at once from LDAP
* - Don't crash but fail silently on LDAP errors; the plugin is to complement attributes
* *
* @author Steve Moitozo, JAARS, Inc., Ryan Panning * @author Yørn de Jong
* @author Jaime Perez
* @author Steve Moitozo
* @author JAARS, Inc.
* @author Ryan Panning
* @package simpleSAMLphp * @package simpleSAMLphp
* @version $Id$ * @version $Id$
*/ */
class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Process_BaseFilter { class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Process_BaseFilter {
/**
* Name of the attribute to add LDAP values to
*
* @var string
*/
protected $new_attribute;
/** /**
* LDAP attribute to add to the request attributes * LDAP attribute to add to the request attributes
* *
* @var string * @var string
*/ */
protected $search_attribute; protected $search_attributes;
/** /**
...@@ -58,18 +56,42 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro ...@@ -58,18 +56,42 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
*/ */
public function __construct($config, $reserved) { public function __construct($config, $reserved) {
// For backwards compatibility, check for old config names /*
if (isset($config['ldap_host'])) $config['ldap.hostname'] = $config['ldap_host']; * For backwards compatibility, check for old config names
if (isset($config['ldap_port'])) $config['ldap.port'] = $config['ldap_port']; * @TODO Remove after 2.0
if (isset($config['ldap_bind_user'])) $config['ldap.username'] = $config['ldap_bind_user']; */
if (isset($config['ldap_bind_pwd'])) $config['ldap.password'] = $config['ldap_bind_pwd']; if (isset($config['ldap_host'])) {
if (isset($config['userid_attribute'])) $config['attribute.username'] = $config['userid_attribute']; $config['ldap.hostname'] = $config['ldap_host'];
if (isset($config['ldap_search_base_dn'])) $config['ldap.basedn'] = $config['ldap_search_base_dn']; }
if (isset($config['ldap_search_filter'])) $config['search.filter'] = $config['ldap_search_filter']; if (isset($config['ldap_port'])) {
if (isset($config['ldap_search_attribute'])) $config['search.attribute'] = $config['ldap_search_attribute']; $config['ldap.port'] = $config['ldap_port'];
if (isset($config['new_attribute_name'])) $config['attribute.new'] = $config['new_attribute_name']; }
if (isset($config['ldap_bind_user'])) {
// Remove the old config names $config['ldap.username'] = $config['ldap_bind_user'];
}
if (isset($config['ldap_bind_pwd'])) {
$config['ldap.password'] = $config['ldap_bind_pwd'];
}
if (isset($config['userid_attribute'])) {
$config['attribute.username'] = $config['userid_attribute'];
}
if (isset($config['ldap_search_base_dn'])) {
$config['ldap.basedn'] = $config['ldap_search_base_dn'];
}
if (isset($config['ldap_search_filter'])) {
$config['search.filter'] = $config['ldap_search_filter'];
}
if (isset($config['ldap_search_attribute'])) {
$config['search.attribute'] = $config['ldap_search_attribute'];
}
if (isset($config['new_attribute_name'])) {
$config['attribute.new'] = $config['new_attribute_name'];
}
/*
* Remove the old config names
* @TODO Remove after 2.0
*/
unset( unset(
$config['ldap_host'], $config['ldap_host'],
$config['ldap_port'], $config['ldap_port'],
...@@ -86,8 +108,11 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro ...@@ -86,8 +108,11 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
parent::__construct($config, $reserved); parent::__construct($config, $reserved);
// Get filter specific config options // Get filter specific config options
$this->new_attribute = $this->config->getString('attribute.new'); $this->search_attributes = $this->config->getArrayize('attributes', array());
$this->search_attribute = $this->config->getString('search.attribute'); if (empty($this->search_attributes)) {
$new_attribute = $this->config->getString('attribute.new', '');
$this->search_attributes[$new_attribute] = $this->config->getString('search.attribute');
}
$this->search_filter = $this->config->getString('search.filter'); $this->search_filter = $this->config->getString('search.filter');
} }
...@@ -119,21 +144,36 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro ...@@ -119,21 +144,36 @@ class sspmod_ldap_Auth_Process_AttributeAddFromLDAP extends sspmod_ldap_Auth_Pro
// merge the attributes into the ldap_search_filter // merge the attributes into the ldap_search_filter
$filter = str_replace($arrSearch, $arrReplace, $this->search_filter); $filter = str_replace($arrSearch, $arrReplace, $this->search_filter);
if (strpos($filter, '%') !== FALSE) {
SimpleSAML_Logger::info('There are non-existing attributes in the search filter. ('.
$this->search_filter.')');
return;
}
// search for matching entries // search for matching entries
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter, (array) $this->search_attribute, TRUE, FALSE); try {
$entries = $this->getLdap()->searchformultiple($this->base_dn, $filter,
array_values($this->search_attributes), TRUE, FALSE);
} catch (Exception $e) {
return; // silent fail, error is still logged by LDAP search
}
// handle [multiple] values // handle [multiple] values
if(is_array($entries) && is_array($entries[0])){
$results = array();
foreach ($entries as $entry) { foreach ($entries as $entry) {
$entry = $entry[strtolower($this->search_attribute)]; foreach ($this->search_attributes as $target => $name) {
for($i = 0; $i < $entry['count']; $i++){ if (is_numeric($target)) {
$results[] = $entry[$i]; $target = $name;
}
$name = strtolower($name);
if (isset($entry[$name])) {
unset($entry[$name]['count']);
if (isset($attributes[$target])) {
$attributes[$target] = array_merge($attributes[$target], array_values($entry[$name]));
} else {
$attributes[$target] = array_values($entry[$name]);
}
} }
} }
$attributes[$this->new_attribute] = array_values($results);
} }
} }
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment