From e1cb2efa1b1796577ce0616c45035b2401442cb7 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 4 Jun 2012 07:59:07 +0000 Subject: [PATCH] moved uri parsing into _connect, to allow multiple uri not just multiple hosts and added parameter to constructor to throw exceptions instead of echoing error-messages and returning false on ldapConnect --- phpgwapi/inc/class.ldap.inc.php | 64 +++++++++++++++++++-------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/phpgwapi/inc/class.ldap.inc.php b/phpgwapi/inc/class.ldap.inc.php index c90373c310..6ba80dacb4 100644 --- a/phpgwapi/inc/class.ldap.inc.php +++ b/phpgwapi/inc/class.ldap.inc.php @@ -1,6 +1,6 @@ @@ -19,26 +19,42 @@ * - SSL: "ldaps://host[:port]/" * - TLS: "tls://host[:port]/" * Both require certificats installed on the webserver, otherwise the connection will fail! + * + * If multiple (space-separated) ldap hosts or urls are given, try them in order and + * move first successful one to first place in session, to try not working ones + * only once per session. */ class ldap { /** - * @var resource $ds holds the LDAP link identifier + * Holds the LDAP link identifier + * + * @var resource $ds */ var $ds; /** * Holds the detected information about the connected ldap server * - * @var ldapserverinfo + * @var ldapserverinfo $ldapserverinfo */ var $ldapServerInfo; /** - * the constructor for this class + * Throw Exceptions in ldapConnect instead of echoing error and returning false + * + * @var boolean $exception_on_error */ - function __construct() + var $exception_on_error=false; + + /** + * Constructor + * + * @param boolean $exception_on_error=false true: throw Exceptions in ldapConnect instead of echoing error and returning false + */ + function __construct($exception_on_error=false) { + $this->exception_on_error = $exception_on_error; $this->restoreSessionData(); } @@ -70,14 +86,15 @@ class ldap /** * Connect to ldap server and return a handle * - * If multiple (space-separated) ldap servers are given, try them in order and + * If multiple (space-separated) ldap hosts or urls are given, try them in order and * move first successful one to first place in session, to try not working ones * only once per session. * - * @param $host ldap host - * @param $dn ldap dn - * @param $passwd ldap pw + * @param $host='' ldap host, default $GLOBALS['egw_info']['server']['ldap_host'] + * @param $dn='' ldap dn, default $GLOBALS['egw_info']['server']['ldap_root_dn'] (only if $host default is used!) + * @param $passwd='' ldap pw, default $GLOBALS['egw_info']['server']['ldap_root_pw'] (only if $host default is used!) * @return resource|boolean resource from ldap_connect() or false on error + * @throws egw_exception_assertion_failed 'LDAP support unavailable!' (no ldap extension) */ function ldapConnect($host='', $dn='', $passwd='') { @@ -89,30 +106,18 @@ class ldap $GLOBALS['egw']->log->message('F-Abort, LDAP support unavailable'); $GLOBALS['egw']->log->commit(); } + if ($this->exception_on_error) throw new egw_exception_assertion_failed('LDAP support unavailable!'); printf('Error: LDAP support unavailable
',$host); return False; } - if(!$host) + if (empty($host)) { $host = $GLOBALS['egw_info']['server']['ldap_host']; - } - - if(!$dn) - { $dn = $GLOBALS['egw_info']['server']['ldap_root_dn']; - } - - if(!$passwd) - { $passwd = $GLOBALS['egw_info']['server']['ldap_root_pw']; } - if (($use_tls = substr($host,0,6) == 'tls://')) - { - $port = parse_url($host,PHP_URL_PORT); - $host = parse_url($host,PHP_URL_HOST); - } // if multiple hosts given, try them all, but only once per session! if (isset($_SESSION) && isset($_SESSION['ldapConnect']) && isset($_SESSION['ldapConnect'][$host])) { @@ -136,6 +141,8 @@ class ldap ' '.function_backtrace()); } // give visible error, only if we cant connect to any ldap server + if ($this->exception_on_error) throw new egw_exception_no_permission("Can't connect/bind to LDAP server '$host' and dn='$dn'!"); + echo "

Error: Can't connect/bind to LDAP server '$host' and dn='$dn'!
".function_backtrace()."

\n"; return false; @@ -144,13 +151,18 @@ class ldap /** * connect to the ldap server and return a handle * - * @param $host ldap host - * @param $dn ldap dn - * @param $passwd ldap pw + * @param string $host ldap host + * @param string $dn ldap dn + * @param string $passwd ldap pw * @return resource|boolean resource from ldap_connect() or false on error */ private function _connect($host, $dn, $passwd) { + if (($use_tls = substr($host,0,6) == 'tls://')) + { + $port = parse_url($host,PHP_URL_PORT); + $host = parse_url($host,PHP_URL_HOST); + } // connect to ldap server (never fails, as connection happens in bind!) if(!$this->ds = ldap_connect($host, $port)) {