SimpleSAML_Auth_LDAP::searchformultiple PHP Method

SimpleSAML_Auth_LDAP Class Documentation 显示文件 Open project: simplesamlphp/simplesamlphp

searchformultiple() public method

This method was created specifically for the ldap:AttributeAddUsersGroups->searchActiveDirectory() method, but could be used for other LDAP search needs. It will search LDAP and return all the entries.
public searchformultiple ( string | array $bases, string | array $filters, string | array $attributes = [], boolean $and = true, boolean $escape = true ) : array
$bases string | array
$filters string | array Array of 'attribute' => 'values' to be combined into the filter, or a raw filter string
$attributes string | array Array of attributes requested from LDAP
$and boolean If multiple filters defined, then either bind them with & or |
$escape boolean Weather to escape the filter values or not
return array 
    public function searchformultiple($bases, $filters, $attributes = array(), $and = true, $escape = true)
    {
        // Escape the filter values, if requested
        if ($escape) {
            $filters = $this->escape_filter_value($filters, false);
        }
        // Build search filter
        $filter = '';
        if (is_array($filters)) {
            foreach ($filters as $attribute => $value) {
                $filter .= "({$attribute}={$value})";
            }
            if (count($filters) > 1) {
                $filter = ($and ? '(&' : '(|') . $filter . ')';
            }
        } elseif (is_string($filters)) {
            $filter = $filters;
        }
        // Verify filter was created
        if ($filter == '' || $filter == '(=)') {
            throw $this->makeException('ldap:LdapConnection->search_manual : No search filters defined', ERR_INTERNAL);
        }
        // Verify at least one base was passed
        $bases = (array) $bases;
        if (empty($bases)) {
            throw $this->makeException('ldap:LdapConnection->search_manual : No base DNs were passed', ERR_INTERNAL);
        }
        // Search each base until result is found
        $result = false;
        foreach ($bases as $base) {
            $result = @ldap_search($this->ldap, $base, $filter, $attributes, 0, 0, $this->timeout);
            if ($result !== false) {
                break;
            }
        }
        // Verify that a result was found in one of the bases
        if ($result === false) {
            throw $this->makeException('ldap:LdapConnection->search_manual : Failed to search LDAP using base(s) [' . implode('; ', $bases) . '] with filter [' . $filter . ']. LDAP error [' . ldap_error($this->ldap) . ']');
        } elseif (@ldap_count_entries($this->ldap, $result) < 1) {
            throw $this->makeException('ldap:LdapConnection->search_manual : No entries found in LDAP using base(s) [' . implode('; ', $bases) . '] with filter [' . $filter . ']', ERR_NO_USER);
        }
        // Get all results
        $results = ldap_get_entries($this->ldap, $result);
        if ($results === false) {
            throw $this->makeException('ldap:LdapConnection->search_manual : Unable to retrieve entries from search results');
        }
        // parse each entry and process its attributes
        for ($i = 0; $i < $results['count']; $i++) {
            $entry = $results[$i];
            // iterate over the attributes of the entry
            for ($j = 0; $j < $entry['count']; $j++) {
                $name = $entry[$j];
                $attribute = $entry[$name];
                // decide whether to base64 encode or not
                for ($k = 0; $k < $attribute['count']; $k++) {
                    // base64 encode binary attributes
                    if (strtolower($name) === 'jpegphoto' || strtolower($name) === 'objectguid') {
                        $results[$i][$name][$k] = base64_encode($attribute[$k]);
                    }
                }
            }
        }
        // Remove the count and return
        unset($results['count']);
        return $results;
    }
SimpleSAML_Auth_LDAP
__construct
asc2hex32
authzid_to_dn
bind
escape_filter_value
getAttributes
makeException
search
searchfordn
searchformultiple
setOption
validate
whoami