moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-07 18:06:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-51723 enrol_ldap: Normalise user objectclass in dn

Browse source
This commit is contained in:
Andrew Nicols 2016-01-28 14:32:19 +08:00
parent 5677aedfd3
commit faef5d14c7
1 changed files with 29 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

32
enrol/ldap/lib.php
View file

@ -33,6 +33,13 @@ class enrol_ldap_plugin extends enrol_plugin {
protected $enroltype = 'enrol_ldap'; protected $enroltype = 'enrol_ldap';
protected $errorlogtag = '[ENROL LDAP] '; protected $errorlogtag = '[ENROL LDAP] ';
/**
* The object class to use when finding users.
*
* @var string $userobjectclass
*/
protected $userobjectclass;
/** /**
* Constructor for the plugin. In addition to calling the parent * Constructor for the plugin. In addition to calling the parent
* constructor, we define and 'fix' some settings depending on the * constructor, we define and 'fix' some settings depending on the
@ -59,6 +66,26 @@ class enrol_ldap_plugin extends enrol_plugin {
unset($ldap_usertypes); unset($ldap_usertypes);
$default = ldap_getdefaults(); $default = ldap_getdefaults();
// The objectclass in the defaults is for a user.
// This will be required later, but enrol_ldap uses 'objectclass' for its group objectclass.
// Save the normalised user objectclass for later.
$this->userobjectclass = $default['objectclass'][$this->get_config('user_type')];
if (empty($this->userobjectclass)) {
// Can't send empty filter.
$this->userobjectclass = '(objectClass=*)';
} else if (stripos($this->userobjectclass, 'objectClass=') === 0) {
// Value is 'objectClass=some-string-here', so just add ()
// around the value (filter _must_ have them).
$this->userobjectclass = '(' . $this->userobjectclass . ')';
} else if (stripos($this->userobjectclass, '(') !== 0) {
// Value is 'some-string-not-starting-with-left-parentheses',
// which is assumed to be the objectClass matching value.
// So build a valid filter with it.
$this->userobjectclass = '(objectClass=' . $this->userobjectclass . ')';
}
// Remove the objectclass default, as the values specified there are for // Remove the objectclass default, as the values specified there are for
// users, and we are dealing with groups here. // users, and we are dealing with groups here.
unset($default['objectclass']); unset($default['objectclass']);
@ -490,7 +517,7 @@ class enrol_ldap_plugin extends enrol_plugin {
// as the idnumber does not match their dn and we get dn's from membership. // as the idnumber does not match their dn and we get dn's from membership.
$memberidnumbers = array(); $memberidnumbers = array();
foreach ($ldapmembers as $ldapmember) { foreach ($ldapmembers as $ldapmember) {
$result = ldap_read($this->ldapconnection, $ldapmember, '(objectClass=*)', $result = ldap_read($this->ldapconnection, $ldapmember, $this->userobjectclass,
array($this->config->idnumber_attribute)); array($this->config->idnumber_attribute));
$entry = ldap_first_entry($this->ldapconnection, $result); $entry = ldap_first_entry($this->ldapconnection, $result);
$values = ldap_get_values($this->ldapconnection, $entry, $this->config->idnumber_attribute); $values = ldap_get_values($this->ldapconnection, $entry, $this->config->idnumber_attribute);
@ -838,10 +865,9 @@ class enrol_ldap_plugin extends enrol_plugin {
require_once($CFG->libdir.'/ldaplib.php'); require_once($CFG->libdir.'/ldaplib.php');
$ldap_contexts = explode(';', $this->get_config('user_contexts')); $ldap_contexts = explode(';', $this->get_config('user_contexts'));
$ldap_defaults = ldap_getdefaults();
return ldap_find_userdn($this->ldapconnection, $userid, $ldap_contexts, return ldap_find_userdn($this->ldapconnection, $userid, $ldap_contexts,
'(objectClass='.$ldap_defaults['objectclass'][$this->get_config('user_type')].')', $this->userobjectclass,
$this->get_config('idnumber_attribute'), $this->get_config('user_search_sub')); $this->get_config('idnumber_attribute'), $this->get_config('user_search_sub'));
} }