+
+function get_auth_user_prefix() {
+ global $ldap_user_account, $auth_type;
+ global $auth_provider_user_prefix_default;
+ global $auth_provider_user_prefix_ldap;
+ global $auth_provider_user_prefix_external;
+ $user_prefix = '';
+ switch ($auth_type) {
+ case AUTH_TYPE_BASIC:
+ $user_prefix = $auth_provider_user_prefix_default;
+ break;
+ case AUTH_TYPE_EXTERNAL:
+ case AUTH_TYPE_EXTERNAL_REMOTE_USER:
+ case AUTH_TYPE_EXTERNAL_X_FORWARDED_USER:
+ $user_prefix = $auth_provider_user_prefix_external;
+ break;
+ case AUTH_TYPE_FORM:
+ if ($ldap_user_account) {
+ $user_prefix = $auth_provider_user_prefix_ldap;
+ } else {
+ $user_prefix = $auth_provider_user_prefix_default;
+ }
+ break;
+ }
+ return $user_prefix;
+}
+
+function get_ldap_related_groups() {
+ global $read_auth_pages, $edit_auth_pages;
+ global $auth_provider_user_prefix_ldap;
+ $ldap_groups = array();
+ foreach ($read_auth_pages as $pattern=>$groups) {
+ $sp_groups = explode(',', $groups);
+ foreach ($sp_groups as $group) {
+ if (strpos($group, $auth_provider_user_prefix_ldap) === 0) {
+ $ldap_groups[] = $group;
+ }
+ }
+ }
+ foreach ($edit_auth_pages as $pattern=>$groups) {
+ $sp_groups = explode(',', $groups);
+ foreach ($sp_groups as $group) {
+ if (strpos($group, $auth_provider_user_prefix_ldap) === 0) {
+ $ldap_groups[] = $group;
+ }
+ }
+ }
+ $ldap_groups_unique = array_values(array_unique($ldap_groups));
+ return $ldap_groups_unique;
+}
+
+/**
+ * Get LDAP groups user belongs to
+ *
+ * @param Resource $ldapconn
+ * @param String $user
+ * @param bool $is_ad
+ * @return Array
+ */
+function get_ldap_groups_with_user($ldapconn, $user, $is_ad) {
+ global $auth_provider_user_prefix_ldap;
+ global $ldap_base_dn;
+ $related_groups = get_ldap_related_groups();
+ if (count($related_groups) == 0) {
+ return array();
+ }
+ $gfilter = '(|';
+ foreach ($related_groups as $group_full) {
+ $g = substr($group_full, strlen($auth_provider_user_prefix_ldap));
+ $gfilter .= sprintf('(cn=%s)', pkwk_ldap_escape_filter($g));
+ if ($is_ad) {
+ $gfilter .= sprintf('(sAMAccountName=%s)', pkwk_ldap_escape_filter($g));
+ }
+ }
+ $gfilter .= ')';
+ $result_g = ldap_search($ldapconn, $ldap_base_dn, $gfilter,
+ array('dn', 'uid', 'cn', 'samaccountname'));
+ $entries = ldap_get_entries($ldapconn, $result_g);
+ if (!isset($entries[0])) {
+ return false;
+ }
+ if (!$entries) {
+ return array();
+ }
+ $entry_count = $entries['count'];
+ $group_list = array();
+ for ($i = 0; $i < $entry_count; $i++) {
+ $group_name = $entries[$i]['cn'][0];
+ if ($is_ad) {
+ $group_name = $entries[$i]['samaccountname'][0];
+ }
+ $group_list[] = array(
+ 'name' => $group_name,
+ 'dn' => $entries[$i]['dn']
+ );
+ }
+ $groups_member = array();
+ $groups_nonmember = array();
+ foreach ($group_list as $gp) {
+ $fmt = '(&(uid=%s)(memberOf=%s))';
+ if ($is_ad) {
+ // LDAP_MATCHING_RULE_IN_CHAIN: Active Directory specific rule
+ $fmt = '(&(sAMAccountName=%s)(memberOf:1.2.840.113556.1.4.1941:=%s))';
+ }
+ $user_gfilter = sprintf($fmt,
+ pkwk_ldap_escape_filter($user),
+ pkwk_ldap_escape_filter($gp['dn']));
+ $result_e = ldap_search($ldapconn, $ldap_base_dn, $user_gfilter,
+ array('dn'), 0, 1);
+ $user_e = ldap_get_entries($ldapconn, $result_e);
+ if (isset($user_e['count']) && $user_e['count'] > 0) {
+ $groups_member[] = $gp['name'];
+ } else {
+ $groups_nonmember[] = $gp['name'];
+ }
+ }
+ $groups_full = array();
+ foreach ($groups_member as $g) {
+ $groups_full[] = $auth_provider_user_prefix_ldap . $g;
+ }
+ return $groups_full;
+}