179 lines
3.9 KiB
PHP
179 lines
3.9 KiB
PHP
<?php
|
|
|
|
namespace Kanboard\Core\Ldap;
|
|
|
|
/**
|
|
* LDAP User
|
|
*
|
|
* @package ldap
|
|
* @author Frederic Guillot
|
|
*/
|
|
class User
|
|
{
|
|
/**
|
|
* Query
|
|
*
|
|
* @access private
|
|
* @var Query
|
|
*/
|
|
private $query;
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* @access public
|
|
* @param Query $query
|
|
*/
|
|
public function __construct(Query $query = null)
|
|
{
|
|
$this->query = $query ?: new Query;
|
|
}
|
|
|
|
/**
|
|
* Get user profile
|
|
*
|
|
* @access public
|
|
* @param resource $ldap
|
|
* @param string $baseDn
|
|
* @param string $query
|
|
* @return array
|
|
*/
|
|
public function getProfile($ldap, $baseDn, $query)
|
|
{
|
|
$this->query->execute($ldap, $baseDn, $query, $this->getAttributes());
|
|
$profile = array();
|
|
|
|
if ($this->query->hasResult()) {
|
|
$profile = $this->prepareProfile();
|
|
}
|
|
|
|
return $profile;
|
|
}
|
|
|
|
/**
|
|
* Build user profile
|
|
*
|
|
* @access private
|
|
* @return boolean|array
|
|
*/
|
|
private function prepareProfile()
|
|
{
|
|
return array(
|
|
'ldap_id' => $this->query->getAttribute('dn', ''),
|
|
'username' => $this->query->getAttributeValue($this->getAttributeUsername()),
|
|
'name' => $this->query->getAttributeValue($this->getAttributeName()),
|
|
'email' => $this->query->getAttributeValue($this->getAttributeEmail()),
|
|
'is_admin' => (int) $this->isMemberOf($this->query->getAttribute($this->getAttributeGroup(), array()), $this->getGroupAdminDn()),
|
|
'is_project_admin' => (int) $this->isMemberOf($this->query->getAttribute($this->getAttributeGroup(), array()), $this->getGroupProjectAdminDn()),
|
|
'is_ldap_user' => 1,
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Check group membership
|
|
*
|
|
* @access public
|
|
* @param array $group_entries
|
|
* @param string $group_dn
|
|
* @return boolean
|
|
*/
|
|
public function isMemberOf(array $group_entries, $group_dn)
|
|
{
|
|
if (! isset($group_entries['count']) || empty($group_dn)) {
|
|
return false;
|
|
}
|
|
|
|
for ($i = 0; $i < $group_entries['count']; $i++) {
|
|
if ($group_entries[$i] === $group_dn) {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Ge the list of attributes to fetch when reading the LDAP user entry
|
|
*
|
|
* Must returns array with index that start at 0 otherwise ldap_search returns a warning "Array initialization wrong"
|
|
*
|
|
* @access public
|
|
* @return array
|
|
*/
|
|
public function getAttributes()
|
|
{
|
|
return array_values(array_filter(array(
|
|
$this->getAttributeUsername(),
|
|
$this->getAttributeName(),
|
|
$this->getAttributeEmail(),
|
|
$this->getAttributeGroup(),
|
|
)));
|
|
}
|
|
|
|
/**
|
|
* Get LDAP account id attribute
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getAttributeUsername()
|
|
{
|
|
return LDAP_ACCOUNT_ID;
|
|
}
|
|
|
|
/**
|
|
* Get LDAP account email attribute
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getAttributeEmail()
|
|
{
|
|
return LDAP_ACCOUNT_EMAIL;
|
|
}
|
|
|
|
/**
|
|
* Get LDAP account name attribute
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getAttributeName()
|
|
{
|
|
return LDAP_ACCOUNT_FULLNAME;
|
|
}
|
|
|
|
/**
|
|
* Get LDAP account memberof attribute
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getAttributeGroup()
|
|
{
|
|
return LDAP_ACCOUNT_MEMBEROF;
|
|
}
|
|
|
|
/**
|
|
* Get LDAP admin group DN
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getGroupAdminDn()
|
|
{
|
|
return LDAP_GROUP_ADMIN_DN;
|
|
}
|
|
|
|
/**
|
|
* Get LDAP project admin group DN
|
|
*
|
|
* @access public
|
|
* @return string
|
|
*/
|
|
public function getGroupProjectAdminDn()
|
|
{
|
|
return LDAP_GROUP_PROJECT_ADMIN_DN;
|
|
}
|
|
}
|