SimpleSAML_Auth_LDAP::search PHP Method

SimpleSAML_Auth_LDAP Class Documentation 显示文件 Open project: simplesamlphp/simplesamlphp

search() private method

Search for DN from a single base.

private search ( string $base, string \| array $attribute, string $value, $searchFilter = null ) : string
$base	string	Indication of root of subtree to search
$attribute	string \| array	The attribute name(s) to search for.
$value	string	The attribute value to search for.
return	string	The DN of the resulting found element.

    private function search($base, $attribute, $value, $searchFilter = null)
    {
        // Create the search filter
        $attribute = self::escape_filter_value($attribute, false);
        $value = self::escape_filter_value($value);
        $filter = '';
        foreach ($attribute as $attr) {
            $filter .= '(' . $attr . '=' . $value . ')';
        }
        $filter = '(|' . $filter . ')';
        // Append LDAP filters if defined
        if ($searchFilter != null) {
            $filter = "(&" . $filter . "" . $searchFilter . ")";
        }
        // Search using generated filter
        SimpleSAML\Logger::debug('Library - LDAP search(): Searching base \'' . $base . '\' for \'' . $filter . '\'');
        // TODO: Should aliases be dereferenced?
        $result = @ldap_search($this->ldap, $base, $filter, array(), 0, 0, $this->timeout);
        if ($result === false) {
            throw $this->makeException('Library - LDAP search(): Failed search on base \'' . $base . '\' for \'' . $filter . '\'');
        }
        // Sanity checks on search results
        $count = @ldap_count_entries($this->ldap, $result);
        if ($count === false) {
            throw $this->makeException('Library - LDAP search(): Failed to get number of entries returned');
        } elseif ($count > 1) {
            // More than one entry is found. External error
            throw $this->makeException('Library - LDAP search(): Found ' . $count . ' entries searching base \'' . $base . '\' for \'' . $filter . '\'', ERR_AS_DATA_INCONSIST);
        } elseif ($count === 0) {
            // No entry is fond => wrong username is given (or not registered in the catalogue). User error
            throw $this->makeException('Library - LDAP search(): Found no entries searching base \'' . $base . '\' for \'' . $filter . '\'', ERR_NO_USER);
        }
        // Resolve the DN from the search result
        $entry = @ldap_first_entry($this->ldap, $result);
        if ($entry === false) {
            throw $this->makeException('Library - LDAP search(): Unable to retrieve result after searching base \'' . $base . '\' for \'' . $filter . '\'');
        }
        $dn = @ldap_get_dn($this->ldap, $entry);
        if ($dn === false) {
            throw $this->makeException('Library - LDAP search(): Unable to get DN after searching base \'' . $base . '\' for \'' . $filter . '\'');
        }
        // FIXME: Are we now sure, if no excepton has been thrown, that we are returning a DN?
        return $dn;
    }

SimpleSAML_Auth_LDAP

__construct

asc2hex32

authzid_to_dn

bind

escape_filter_value

getAttributes

makeException

searchfordn

searchformultiple

setOption

validate

whoami