Source of CLdap.php - Zabbix

Raw file
Source viewDiff to previous
16.28 KB
     * Get user data with specified attributes. Not available for bind type BIND_DNSTRING if password is not supplied.
 
<?php
/*
** Copyright (C) 2001-2025 Zabbix SIA
**
** This program is free software: you can redistribute it and/or modify it under the terms of
** the GNU Affero General Public License as published by the Free Software Foundation, version 3.
**
** This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
** without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
** See the GNU Affero General Public License for more details.
**
** You should have received a copy of the GNU Affero General Public License along with this program.
** If not, see <https://www.gnu.org/licenses/>.
**/
​
​
class CLdap {
​
    const BIND_NONE = 0;
    const BIND_ANONYMOUS = 1;
    const BIND_CONFIG_CREDENTIALS = 2;
    const BIND_DNSTRING = 3;
​
    const ERR_NONE = 0;
    const ERR_PHP_EXTENSION = 1;
    const ERR_SERVER_UNAVAILABLE = 2;
    const ERR_BIND_FAILED = 3;
    const ERR_BIND_ANON_FAILED = 4;
    const ERR_USER_NOT_FOUND = 5;
    const ERR_OPT_PROTOCOL_FAILED = 10;
    const ERR_OPT_TLS_FAILED = 11;
    const ERR_OPT_REFERRALS_FAILED = 12;
    const ERR_OPT_DEREF_FAILED = 13;
    const ERR_BIND_DNSTRING_UNAVAILABLE = 14;
    const ERR_QUERY_FAILED = 15;
​
    const DEFAULT_FILTER_USER = '(%{attr}=%{user})';
    const DEFAULT_FILTER_GROUP = '(%{groupattr}=%{user})';
    const DEFAULT_MEMBERSHIP_ATTRIBUTE = 'memberOf';
​
    /**
     * Type of binding made to LDAP server. One of static::BIND_ constant value.
     *
     * @var int
     */
    public $bound;
​
    /**
     * @var int
     */
    public $error;
​
    /**
     * Bind type to use when searching in LDAP tree. One of static::BIND_ constant value.
     *
     * @var int
     */
    public $bind_type;
​
    /**
     * Bind DN string, may contain placeholders when BIND_TYPE_DNSTRING is detected.
     *
     * @var string
     */
    protected $bind_dn;
​
    /**
     * @var array $cnf  LDAP connection settings.
     */
    protected $cnf = [
        'host'              => '',
        'port'              => '',
        'bind_dn'           => '',
        'bind_password'     => '',
        'base_dn'           => '',
        'search_attribute'  => '',
        'search_filter'     => '',
        'group_basedn'      => '',
        'group_name'        => '',
        'group_member'      => '',
        'group_filter'      => '',
        'group_membership'  => '',
        'referrals'         => 0,
        'version'           => 3,
        'start_tls'         => ZBX_AUTH_START_TLS_OFF,
        'deref'             => null
    ];
​
    /**
     * Placeholders with value used for building bind or search filter query.
     * Key is placeholder name, %{attr} and value is placeholder value to replace to.