fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-623 "El feature enterprise 'LdapAdvanced' no retorna todos lo objetos" SOLVED

Browse Source 
Issue:
    El feature enterprise "LdapAdvanced" no retorna todos lo objetos
Cause:
    En el server ActiveDirectory se tiene mas de 1000 departamentos
Solution:
    Se completo el uso de la funcion "ldap_control_paged_result" en:
        - ADMIN > Users > AuthenticationSources > SynchronizeDepartments
        - ADMIN > Users > AuthenticationSources > SynchronizeGroups
Note:
    Los AuthenticationSources ya registrados deberan ser editados (no hacer cambios) y guardados nuevamente
This commit is contained in:
Victor Saisa Lopez
2016-04-14 13:15:17 -04:00
parent a51721f684
commit ca8a74fdf7
3 changed files with 230 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
workflow/engine/bin/cron_single.php
View File

@@ -112,7 +112,6 @@ try {
define('DEBUG_CALENDAR_LOG', $arraySystemConfiguration['debug_calendar']);
define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']);
define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']);
define('TIME_ZONE', ini_get('date.timezone'));
//require_once(PATH_GULLIVER . PATH_SEP . 'class.bootstrap.php');
//define('PATH_GULLIVER_HOME', PATH_TRUNK . 'gulliver' . PATH_SEP);

385
workflow/engine/classes/class.ldapAdvanced.php
View File

@@ -493,10 +493,10 @@ class ldapAdvanced
$ldapErrorNr = 0;
if ($link != null) {
$ldapErrorNr = @ldap_errno($link);
$ldapErrorNr = ldap_errno($link);
if ( $ldapErrorNr != 0 ) {
$ldapErrorMsg = @ldap_error($link);
$ldapErrorMsg = ldap_error($link);
$text = $ldapErrorMsg . " : " . $text;
}
}
@@ -544,27 +544,24 @@ class ldapAdvanced
}
}
$ldapcnn = @ldap_connect($aAuthSource["AUTH_SOURCE_SERVER_NAME"], $aAuthSource["AUTH_SOURCE_PORT"]);
$ldapcnn = ldap_connect($aAuthSource['AUTH_SOURCE_SERVER_NAME'], $aAuthSource['AUTH_SOURCE_PORT']);
$ldapServer = $aAuthSource["AUTH_SOURCE_SERVER_NAME"] . ":" . $aAuthSource["AUTH_SOURCE_PORT"] ;
@ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, $aAuthSource["AUTH_SOURCE_VERSION"]);
//$this->log($ldapcnn, "ldap set Protocol Version " . $aAuthSource["AUTH_SOURCE_VERSION"]);
@ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
//$this->log($ldapcnn, "ldap set option Referrals");
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapcnn, LDAP_OPT_REFERRALS, 0);
if (isset($aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) && $aAuthSource["AUTH_SOURCE_ENABLED_TLS"]) {
@ldap_start_tls($ldapcnn);
ldap_start_tls($ldapcnn);
$ldapServer = "TLS " . $ldapServer;
//$this->log($ldapcnn, "start tls");
}
if ($aAuthSource["AUTH_ANONYMOUS"] == "1") {
$bBind = @ldap_bind($ldapcnn);
$bBind = ldap_bind($ldapcnn);
$this->log($ldapcnn, "bind $ldapServer like anonymous user");
} else {
$bBind = @ldap_bind($ldapcnn, $aAuthSource["AUTH_SOURCE_SEARCH_USER"], $aAuthSource["AUTH_SOURCE_PASSWORD"]);
$bBind = ldap_bind($ldapcnn, $aAuthSource['AUTH_SOURCE_SEARCH_USER'], $aAuthSource['AUTH_SOURCE_PASSWORD']);
$this->log($ldapcnn, "bind $ldapServer with user " . $aAuthSource["AUTH_SOURCE_SEARCH_USER"]);
}
@@ -587,9 +584,9 @@ class ldapAdvanced
try {
$arrayAttributes = array();
$arrayAttributes["dn"] = @ldap_get_dn($ldapcnn, $entry);
$arrayAttributes['dn'] = ldap_get_dn($ldapcnn, $entry);
$arrayAux = @ldap_get_attributes($ldapcnn, $entry);
$arrayAux = ldap_get_attributes($ldapcnn, $entry);
for ($i = 0; $i <= $arrayAux["count"] - 1; $i++) {
$key = strtolower($arrayAux[$i]);
@@ -641,7 +638,7 @@ class ldapAdvanced
if ($searchResult) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK");
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartmentSearchResult() > ldap_list > OK > \$numEntries ----> $numEntries");
@@ -650,7 +647,7 @@ class ldapAdvanced
if ($numEntries > 0) {
$this->log($ldapcnn, "Search $dn accounts with identifier = $uidUserIdentifier");
$entry = @ldap_first_entry($ldapcnn, $searchResult);
$entry = ldap_first_entry($ldapcnn, $searchResult);
do {
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -682,7 +679,7 @@ class ldapAdvanced
//Progress bar
$this->frontEndShow("BAR", "Departments: " . $arrayData["i"] . "/" . $arrayData["n"] . " " . $this->progressBar($totalUser, $countUser));
}
} while ($entry = @ldap_next_entry($ldapcnn, $entry));
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
}
@@ -729,12 +726,8 @@ class ldapAdvanced
$ldapcnn = $this->ldapcnn;
//Get Users
$recordSize = 1000;
$flagGetUsers = true;
$flagLdapControlPagedResult = $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["LDAP_TYPE"] == "ad" && function_exists("ldap_control_paged_result");
$flagNextRecord = false;
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
if (!isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"])) {
$arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_USERS_FILTER"] = "";
@@ -748,22 +741,15 @@ class ldapAdvanced
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
if ($flagLdapControlPagedResult) {
ldap_set_option($ldapcnn, LDAP_OPT_PROTOCOL_VERSION, 3);
$cookie = "";
}
$cookie = '';
do {
if ($flagLdapControlPagedResult) {
ldap_control_paged_result($ldapcnn, $recordSize, true, $cookie);
}
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
//$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) {
$flagGetUsers = false;
if ($error = ldap_errno($ldapcnn)) {
$flagError = true;
} else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
@@ -777,15 +763,11 @@ class ldapAdvanced
}
}
if ($flagLdapControlPagedResult) {
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
$flagNextRecord = $cookie !== null && $cookie != "";
}
} while ($flagLdapControlPagedResult && $flagNextRecord);
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
//Get Users //2
if (!$flagGetUsers) {
if ($flagError) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > Search by characters > START");
foreach ($this->characters() as $value) {
@@ -799,10 +781,8 @@ class ldapAdvanced
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > \$filter ----> $filter");
$searchResult = @ldap_list($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
//$searchResult = @ldap_search($ldapcnn, $dn, $filter, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) {
//
if ($error = ldap_errno($ldapcnn)) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > ERROR > \$error ---->\n" . print_r($error, true));
} else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromDepartment() > ldap_list > OK");
@@ -880,8 +860,7 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $dn, $filter, array($memberAttribute));
if ($error = @ldap_errno($ldapcnn)) {
//
if ($error = ldap_errno($ldapcnn)) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
} else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK1");
@@ -889,12 +868,12 @@ class ldapAdvanced
if ($searchResult) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2");
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > \$numEntries ----> $numEntries");
if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult);
$entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayGroupMemberLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -928,8 +907,7 @@ class ldapAdvanced
//Synchronize User
$searchResult2 = @ldap_search($ldapcnn, $member, $filter2, $this->arrayAttributesForUser);
if ($error = @ldap_errno($ldapcnn)) {
//
if ($error = ldap_errno($ldapcnn)) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > ERROR > \$error ---->\n" . print_r($error, true));
} else {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK1");
@@ -937,12 +915,12 @@ class ldapAdvanced
if ($searchResult2) {
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2");
$numEntries2 = @ldap_count_entries($ldapcnn, $searchResult2);
$numEntries2 = ldap_count_entries($ldapcnn, $searchResult2);
$this->debugLog("class.ldapAdvanced.php > function ldapGetUsersFromGroup() > ldap_search > OK2 > foreach > ldap_search > OK2 > \$numEntries2 ----> $numEntries2");
if ($numEntries2 > 0) {
$entry2 = @ldap_first_entry($ldapcnn, $searchResult2);
$entry2 = ldap_first_entry($ldapcnn, $searchResult2);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry2);
@@ -1313,15 +1291,15 @@ class ldapAdvanced
$oSearch = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
if ($oError = @ldap_errno($ldapcnn)) {
if ($oError = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, "Error in Search users");
} else {
if ($oSearch) {
$entries = @ldap_count_entries($ldapcnn, $oSearch);
$entries = ldap_count_entries($ldapcnn, $oSearch);
$totalUser = $entries;
if ( $entries > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch);
$oEntry = ldap_first_entry($ldapcnn, $oSearch);
$countEntries=0;
@@ -1415,7 +1393,7 @@ class ldapAdvanced
$countEntries++;
}
} while (($oEntry = @ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
} while (($oEntry = ldap_next_entry($ldapcnn, $oEntry)) && $flagNextRecord);
}
}
/*
@@ -1486,14 +1464,14 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, $attributeSetAdd));
if ($error = @ldap_errno($ldapcnn)) {
if ($error = ldap_errno($ldapcnn)) {
//
} else {
if ($searchResult) {
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult);
$entry = ldap_first_entry($ldapcnn, $searchResult);
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -1646,83 +1624,101 @@ class ldapAdvanced
*/
public function searchDepartments()
{
if (!class_exists('RBAC')) {
G::LoadSystem('rbac');
}
try {
$arrayDepartment = [];
$rbac = &RBAC::getSingleton();
//Set variables
$rbac = &RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($aAuthSource);
}
if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
}
$ldapcnn = $this->ldapcnn;
$ldapcnn = $this->ldapcnn;
$sFilter = "(" . $this->arrayObjectClassFilter["department"] . ")";
//Get Departments
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
$this->log($ldapcnn, "search Departments with Filter: $sFilter");
$filter = '(' . $this->arrayObjectClassFilter['department'] . ')';
$aDepts = array();
$unitsBase = $this->custom_ldap_explode_dn($aAuthSource['AUTH_SOURCE_BASE_DN']);
$oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $sFilter, array("dn", "ou"));
$this->log($ldapcnn, 'search Departments with Filter: ' . $filter);
if ($oError = @ldap_errno($ldapcnn)) {
$this->log($ldapcnn, "Error in Search");
return $aDepts;
} else {
if ($oSearch) {
//the first node is root
$node = array();
$node['dn'] = $aAuthSource['AUTH_SOURCE_BASE_DN'];
$node['parent'] = '';
$node['ou'] = 'ROOT';
$node['users'] = '0';
$aDepts[] = $node;
$unitsBase = $this->custom_ldap_explode_dn($arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']);
//get departments from the ldap entries
if (@ldap_count_entries($ldapcnn, $oSearch) > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch);
$cookie = '';
do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
$unitsEqual = $this->custom_ldap_explode_dn($aAttr['dn']);
do {
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
if ( count($unitsEqual ) == 1 && $unitsEqual[0] == '' ) {
continue;
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'ou']);
if ($error = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, 'Error in Search');
$flagError = true;
} else {
if ($searchResult) {
//The first node is root
if (empty($arrayDepartment)) {
$arrayDepartment[] = [
'dn' => $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'],
'parent' => '',
'ou' => 'ROOT',
'users' => 0
];
}
if (count($unitsEqual) > count($unitsBase)) {
unset($unitsEqual[0]);
}
//Get departments from the ldap entries
if (ldap_count_entries($ldapcnn, $searchResult) > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
if ( isset( $aAttr['ou'] ) && !is_array($aAttr['ou']) ) {
$node = array();
$node['dn'] = $aAttr['dn'];
$node['parent'] = isset ($unitsEqual[1]) ? implode(',', $unitsEqual) : '';
$node['ou'] = trim($aAttr['ou']);
$node['users'] = '0';
$aDepts[] = $node;
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
$unitsEqual = $this->custom_ldap_explode_dn($arrayEntryData['dn']);
if (count($unitsEqual) == 1 && $unitsEqual[0] == '') {
continue;
}
if (count($unitsEqual) > count($unitsBase)) {
unset($unitsEqual[0]);
}
if (isset($arrayEntryData['ou']) && !is_array($arrayEntryData['ou'])) {
$arrayDepartment[] = [
'dn' => $arrayEntryData['dn'],
'parent' => (isset($unitsEqual[1]))? implode(',', $unitsEqual) : '',
'ou' => trim($arrayEntryData['ou']),
'users' => 0
];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
} while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry));
//$this->createDepartments ($aDepts);
}
}
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
$str = '';
foreach ($arrayDepartment as $dep) {
$str .= ' ' . $dep['ou'];
}
$sDeptos = '';
$this->log($ldapcnn, 'found '. count($arrayDepartment) . ' departments: ' . $str);
foreach ($aDepts as $dep) {
$sDeptos .= ' ' . $dep['ou'];
}
$this->log($ldapcnn, "found ". count($aDepts) . " departments: $sDeptos");
return $aDepts;
//Return
return $arrayDepartment;
} catch (Exception $e) {
throw $e;
}
}
@@ -1749,18 +1745,18 @@ class ldapAdvanced
$oSearch = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $dFilter, $this->arrayAttributesForUser);
if ($oError = @ldap_errno($ldapcnn)) {
if ($oError = ldap_errno($ldapcnn)) {
return $aUsers;
} else {
if ($oSearch) {
//get the departments from the ldap entries
if (@ldap_count_entries($ldapcnn, $oSearch) > 0) {
$oEntry = @ldap_first_entry($ldapcnn, $oSearch);
if (ldap_count_entries($ldapcnn, $oSearch) > 0) {
$oEntry = ldap_first_entry($ldapcnn, $oSearch);
do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $oEntry);
$aUsers[] = $this->ldapGetUsersFromDepartment("GET", $aAttr["dn"]);
} while ($oEntry = @ldap_next_entry($ldapcnn, $oEntry));
} while ($oEntry = ldap_next_entry($ldapcnn, $oEntry));
//$this->createDepartments ($aDepts);
}
}
@@ -2275,74 +2271,81 @@ class ldapAdvanced
*/
public function searchGroups()
{
if (!class_exists('RBAC')) {
G::LoadSystem('rbac' );
}
try {
$arrayGroup = [];
$rbac = &RBAC::getSingleton();
//Set variables
$rbac = &RBAC::getSingleton();
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
if (is_null($rbac->authSourcesObj)) {
$rbac->authSourcesObj = new AuthenticationSource();
}
$aAuthSource = $rbac->authSourcesObj->load($this->sAuthSource);
$arrayAuthenticationSourceData = $rbac->authSourcesObj->load($this->sAuthSource);
if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($aAuthSource);
}
if (is_null($this->ldapcnn)) {
$this->ldapcnn = $this->ldapConnection($arrayAuthenticationSourceData);
}
$ldapcnn = $this->ldapcnn;
$ldapcnn = $this->ldapcnn;
$filter = "(" . $this->arrayObjectClassFilter["group"] . ")";
//Get Groups
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$flagError = false;
$this->log($ldapcnn, "search groups with Filter: $filter");
$filter = '(' . $this->arrayObjectClassFilter['group'] . ')';
$aGroups = array();
$searchResult = @ldap_search($ldapcnn, $aAuthSource["AUTH_SOURCE_BASE_DN"], $filter, array("dn", "cn"));
$this->log($ldapcnn, 'search groups with Filter: ' . $filter);
if ($oError = @ldap_errno($ldapcnn)) {
$this->log($ldapcnn, "Error in Search");
$cookie = '';
return $aGroups;
} else {
if ($searchResult) {
//the first node is root
$node = array();
/*$node['dn'] = $aAuthSource['AUTH_SOURCE_BASE_DN'];
$node['parent'] = '';
$node['cn'] = 'ROOT';
$node['users'] = '0';
$aGroups[] = $node;*/
do {
ldap_control_paged_result($ldapcnn, $limit, true, $cookie);
//get groups from the ldap entries
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN'], $filter, ['dn', 'cn']);
if ($numEntries > 0) {
$entry = @ldap_first_entry($ldapcnn, $searchResult);
if ($error = ldap_errno($ldapcnn)) {
$this->log($ldapcnn, 'Error in Search');
do {
$aAttr = $this->ldapGetAttributes($ldapcnn, $entry);
$flagError = true;
} else {
if ($searchResult) {
//Get groups from the ldap entries
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
if ( isset( $aAttr['cn'] ) && !is_array($aAttr['cn']) ) {
$node = array();
$node['dn'] = $aAttr['dn'];
$node['cn'] = trim($aAttr['cn']);
$node['users'] = '0';
$aGroups[] = $node;
if ($countEntries > 0) {
$entry = ldap_first_entry($ldapcnn, $searchResult);
do {
$arrayEntryData = $this->ldapGetAttributes($ldapcnn, $entry);
if (isset($arrayEntryData['cn']) && !is_array($arrayEntryData['cn'])) {
$arrayGroup[] = [
'dn' => $arrayEntryData['dn'],
'cn' => trim($arrayEntryData['cn']),
'users' => 0,
];
}
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
} while ($entry = @ldap_next_entry($ldapcnn, $entry));
}
}
ldap_control_paged_result_response($ldapcnn, $searchResult, $cookie);
} while (($cookie !== null && $cookie != '') && !$flagError);
$str = '';
foreach ($arrayGroup as $group) {
$str .= ' ' . $group['cn'];
}
$sGroups = '';
$this->log($ldapcnn, 'found '. count($arrayGroup) . ' groups: ' . $str);
foreach ($aGroups as $group) {
$sGroups .= ' ' . $group['cn'];
}
$this->log($ldapcnn, "found ". count($aGroups) . " groups: $sGroups");
return $aGroups;
//Return
return $arrayGroup;
} catch (Exception $e) {
throw $e;
}
}
@@ -2750,11 +2753,11 @@ class ldapAdvanced
$searchResult = @ldap_search($ldapcnn, $arrayAuthenticationSourceData["AUTH_SOURCE_BASE_DN"], $filter, array_merge($this->arrayAttributesForUser, array_values($arrayAttributesToSync)));
if ($error = @ldap_errno($ldapcnn)) {
if ($error = ldap_errno($ldapcnn)) {
//
} else {
if ($searchResult) {
$numEntries = @ldap_count_entries($ldapcnn, $searchResult);
$numEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($numEntries > 0) {
//Default attributes to sync
@@ -2793,7 +2796,7 @@ class ldapAdvanced
}
//Get Users from LDAP Server
$entry = @ldap_first_entry($ldapcnn, $searchResult);
$entry = ldap_first_entry($ldapcnn, $searchResult);
do {
$arrayUserLdap = $this->ldapGetAttributes($ldapcnn, $entry);
@@ -2856,7 +2859,7 @@ class ldapAdvanced
}
}
}
} while ($entry = @ldap_next_entry($ldapcnn, $entry));
} while ($entry = ldap_next_entry($ldapcnn, $entry));
}
}
}
@@ -2895,7 +2898,7 @@ class ldapAdvanced
$ldapcnn = $this->ldapcnn;
//Update Users
$recordSize = 1000; //$recordStart
$limit = $arrayAuthenticationSourceData['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'];
$count = 0;
$uidUserIdentifier = (isset($arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"]))? $arrayAuthenticationSourceData["AUTH_SOURCE_DATA"]["AUTH_SOURCE_IDENTIFIER_FOR_USER"] : "uid";
@@ -2911,7 +2914,7 @@ class ldapAdvanced
$filterUsers .= "($uidUserIdentifier=" . $arrayUserData["USR_USERNAME"] . ")";
$arrayUserUid[] = $arrayUserData["USR_UID"];
if ($count == $recordSize) {
if ($count == $limit) {
list($totalUser, $countUser) = $this->ldapUsersUpdateData($ldapcnn, $arrayAuthenticationSourceData, $filterUsers, $arrayUserUid, array("totalUser" => $totalUser, "countUser" => $countUser));
$count = 0;
@@ -2928,5 +2931,39 @@ class ldapAdvanced
throw $e;
}
}
/**
* Get page size limit for a search result
*
* @param resource $ldapcnn LDAP link identifier
* @param string $baseDn The base DN for the directory
*
* @return int Returns the page size limit for a search result
*/
public function getPageSizeLimit($ldapcnn, $baseDn = '')
{
try {
$limit = 1000;
if ($ldapcnn === false) {
return $limit;
}
$searchResult = @ldap_search($ldapcnn, $baseDn, '(|(objectclass=*))', ['dn']);
if ($searchResult) {
$countEntries = ldap_count_entries($ldapcnn, $searchResult);
if ($countEntries > 0) {
$limit = ($countEntries > $limit)? $limit : $countEntries;
}
}
//Return
return $limit;
} catch (Exception $e) {
throw $e;
}
}
}

19
workflow/engine/methods/authSources/ldapAdvancedProxy.php
View File

@@ -149,7 +149,25 @@ switch ($function) {
unset($aData['AUTH_SOURCE_GRID_ATTRIBUTE']);
unset($aData['AUTH_SOURCE_SHOWGRID']);
}
$aFields['AUTH_SOURCE_DATA'] = $aData;
//LDAP_PAGE_SIZE_LIMIT
$ldapAdvanced = new ldapAdvanced();
try {
$arrayAuthenticationSourceData = $aFields;
$arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;
$aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(
$ldapAdvanced->ldapConnection($arrayAuthenticationSourceData),
$arrayAuthenticationSourceData['AUTH_SOURCE_BASE_DN']
);
} catch (Exception $e) {
$aFields['AUTH_SOURCE_DATA']['LDAP_PAGE_SIZE_LIMIT'] = $ldapAdvanced->getPageSizeLimit(false);
}
//Save
if ($aFields['AUTH_SOURCE_UID'] == '') {
$RBAC->createAuthSource( $aFields );
} else {
@@ -327,6 +345,7 @@ switch ($function) {
}
$arrayAuthenticationSourceData = $_POST;
$arrayAuthenticationSourceData['AUTH_SOURCE_VERSION'] = 3;
//Test connection
$ldapAdvanced = new ldapAdvanced();