Skip to content

Commit 4cd81cd

Browse files
author
robin.kluth
committed
This release adds support for paging (currently hardcoded pageSoze of 500) and handles it itself. I also updated the onlyActive filter during search.
1 parent 68d2ac4 commit 4cd81cd

File tree

1 file changed

+54
-35
lines changed

1 file changed

+54
-35
lines changed

src/LdapAuth.php

+54-35
Original file line numberDiff line numberDiff line change
@@ -332,7 +332,7 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $do
332332
$onlyActive = '';
333333

334334
if ($onlyActiveAccounts) {
335-
$onlyActive = '(!(userAccountControl=2))(!(userAccountControl=16))(!(userAccountControl=514))'; // 2 & 514: deactivated, 16: locked
335+
$onlyActive = '(|(userAccountControl=16)(userAccountControl=512)(userAccountControl=544)(userAccountControl=66048))'; #https://www.der-windows-papst.de/2016/12/18/active-directory-useraccountcontrol-values/
336336
}
337337

338338
if (empty($searchFilter)) {
@@ -359,57 +359,76 @@ public function searchUser($searchFor, $attributes = "", $searchFilter = "", $do
359359
} else {
360360
Yii::error('LDAP Connect or Bind error (' . ldap_errno($this->_l) . ' - ' . ldap_error($this->_l) . ') on ' . $domain['hostname'] . ', skipping...');
361361
}
362-
continue; // Skip the whole domain
363362
}
364363

365364
$searchFilter = str_replace("%searchFor%", addslashes($searchFor), $searchFilter);
366365

367366
Yii::debug('Search-Filter: ' . $searchFilter, __METHOD__);
368367

369-
$result = ldap_search($this->_l, $this->_ldapBaseDn, $searchFilter, $attributes);
368+
$cookie = '';
370369

371-
if ($result) {
372-
$entries = ldap_get_entries($this->_l, $result);
373-
foreach ($entries as $entry) {
374-
if (!is_array($entry) || empty($entry)) {
375-
continue;
376-
}
377-
if (!isset($entry['objectsid'])) {
378-
Yii::warning('No objectsid! ignoring!', __METHOD__);
379-
continue;
380-
}
381-
$sid = self::SIDtoString($entry['objectsid'])[0];
382-
$sidHistory = isset($entry['sidhistory']) ? self::SIDtoString($entry['sidhistory']) : null;
370+
do {
371+
$result = @ldap_search($this->_l, $this->_ldapBaseDn, $searchFilter, $attributes, 0, 0, 0, LDAP_DEREF_NEVER, [
372+
['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 500, 'cookie' => $cookie]]
373+
]);
374+
ldap_parse_result($this->_l, $result, $errcode, $matcheddn, $errmsg, $referrals, $controls);
383375

384376

385-
if ($this->filterBySidhistory) {
386-
// Check if this user is maybe already listed in the results - ifo so, determine which one is newer
387-
foreach ($return as $_sid => $_data) {
388-
if (!empty($_data['sidhistory']) && in_array($sid, $_data['sidhistory'])) {
389-
Yii::debug('This user is listed in another users history - skipping', __METHOD__);
390-
continue 2;
391-
}
377+
if ($result) {
378+
$entries = ldap_get_entries($this->_l, $result);
379+
Yii::debug('Found entries: ' . ($entries ? count($entries) : '0'), __FUNCTION__);
380+
foreach ($entries as $entry) {
381+
if (!is_array($entry) || empty($entry)) {
382+
continue;
383+
}
384+
if (!isset($entry['objectsid'])) {
385+
Yii::warning('No objectsid! ignoring!', __METHOD__);
386+
continue;
392387
}
388+
$sid = self::SIDtoString($entry['objectsid'])[0];
389+
$sidHistory = isset($entry['sidhistory']) ? self::SIDtoString($entry['sidhistory']) : null;
390+
391+
392+
if ($this->filterBySidhistory) {
393+
// Check if this user is maybe already listed in the results - ifo so, determine which one is newer
394+
foreach ($return as $_sid => $_data) {
395+
if (!empty($_data['sidhistory']) && in_array($sid, $_data['sidhistory'])) {
396+
Yii::debug('This user is listed in another users history - skipping', __METHOD__);
397+
continue 2;
398+
}
399+
}
393400

394-
if ($sidHistory) {
395-
foreach ($sidHistory as $item) {
396-
if (array_key_exists($item, $return)) {
397-
Yii::debug('User already exists with its sidhistory in results! Unsetting the old entry...', __METHOD__);
398-
unset($return[$item]);
401+
if ($sidHistory) {
402+
foreach ($sidHistory as $item) {
403+
if (array_key_exists($item, $return)) {
404+
Yii::debug('User already exists with its sidhistory in results! Unsetting the old entry...', __METHOD__);
405+
unset($return[$item]);
406+
}
399407
}
400408
}
401409
}
402-
}
403410

404411

405-
$additionalData = ['sid' => $sid, 'sidhistory' => $sidHistory, 'dn' => $entry['dn'], 'domainKey' => $i];
406-
if (count($this->domains) > 1) {
407-
// Enable domainName output if more than one domains configured
408-
$additionalData['domainName'] = $this->domains[$i]['name'];
412+
$additionalData = ['sid' => $sid, 'sidhistory' => $sidHistory, 'dn' => $entry['dn'], 'domainKey' => $i];
413+
if (count($this->domains) > 1) {
414+
// Enable domainName output if more than one domains configured
415+
$additionalData['domainName'] = $this->domains[$i]['name'];
416+
}
417+
$return[$sid] = array_merge($additionalData, self::handleEntry($entry));
409418
}
410-
$return[$sid] = array_merge($additionalData, self::handleEntry($entry));
411419
}
412-
}
420+
421+
422+
if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
423+
// You need to pass the cookie from the last call to the next one
424+
$cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
425+
} else {
426+
$cookie = '';
427+
}
428+
// Empty cookie means last page
429+
} while (!empty($cookie));
430+
431+
413432
$i++;
414433

415434
// Reset LDAP Link
@@ -459,7 +478,7 @@ public static function handleEntry($entry)
459478
if (is_int($attr) || $attr == 'objectsid' || $attr == 'sidhistory' || !isset($value['count'])) {
460479
continue;
461480
}
462-
$count = $value['count'];
481+
$count = $value['count'];
463482
$newVal = "";
464483
for ($i = 0; $i < $count; $i++) {
465484
$newVal .= $value[$i];

0 commit comments

Comments
 (0)