public function getUserGroups()
{
$this->log('%s is called.', __FUNCTION__);
$name = strtok($this->username, '@');
$groups = array();
$this->getConnection();
//Ldap bind
if (!$this->isbound && (!empty($this->config->user) && !empty($this->password))) {
if ($this->bindRdn() === false) {
throw new Exception\LdapException(sprintf("Could not bind LDAP. %s", $this->getLdapError()));
}
}
if (empty($this->dn)) {
$filter = sprintf('(&%s(' . $this->getConfig()->usernameAttribute . '=%s))', $this->config->userFilter, self::realEscape($name));
$query = @ldap_search($this->conn, $this->config->baseDn, $filter, array('dn'), 0, 1);
$this->log("Query user baseDn:%s filter:%s - %s", $this->config->baseDn, $filter, $query !== false ? 'OK' : 'Failed');
if ($query === false) {
throw new Exception\LdapException(sprintf("Could not perform ldap_search. %s", $this->getLdapError()));
}
$results = ldap_get_entries($this->conn, $query);
$this->dn = $results[0]['dn'];
}
$baseDn = !empty($this->config->baseDnGroups) ? $this->config->baseDnGroups : $this->config->baseDn;
if ($this->memberofDn !== null && empty($this->memberofDn)) {
//User has no membership in any group.
return array();
}
if ($this->getConfig()->bindType == 'openldap') {
$uid = $this->uid ? $this->uid : $this->username;
if ($this->getConfig()->groupMemberAttributeType == 'unix_netgroup') {
$filter = "(&" . $this->config->groupFilter . "(" . $this->getConfig()->groupMemberAttribute . "" . ($this->config->groupNesting ? ":1.2.840.113556.1.4.1941:" : "") . '=\\(,' . self::escape($uid) . ',\\)))';
} elseif ($this->getConfig()->groupMemberAttributeType == 'regular') {
$filter = "(&" . $this->config->groupFilter . "(" . $this->getConfig()->groupMemberAttribute . "" . ($this->config->groupNesting ? ":1.2.840.113556.1.4.1941:" : "") . '=' . self::escape($uid) . '))';
} elseif ($this->getConfig()->groupMemberAttributeType == 'user_dn') {
$filter = "(&" . $this->config->groupFilter . "(" . $this->getConfig()->groupMemberAttribute . "" . ($this->config->groupNesting ? ":1.2.840.113556.1.4.1941:" : "") . '=' . self::escape($this->username) . '))';
}
} else {
$filter = "(&" . $this->config->groupFilter . "(" . $this->getConfig()->groupMemberAttribute . "" . ($this->config->groupNesting ? ":1.2.840.113556.1.4.1941:" : "") . "=" . ldap_escape($this->dn, null, LDAP_ESCAPE_FILTER) . "))";
}
$search = @ldap_search($this->conn, $baseDn, $filter, array($this->getConfig()->groupnameAttribute));
$this->log("Query user's groups baseDn:%s filter:%s - %s", $baseDn, $filter, $search !== false ? 'OK' : 'Failed');
if ($search === false) {
throw new Exception\LdapException(sprintf("Could not perform ldap_search. %s", $this->getLdapError()));
}
$results = ldap_get_entries($this->conn, $search);
for ($item = 0; $item < $results['count']; $item++) {
$groups[] = $results[$item][strtolower($this->getConfig()->groupnameAttribute)][0];
}
$this->log("Found groups: %s", implode(", ", $groups));
return $groups;
}