Source for file abook_ldap_server.php
Documentation is available at abook_ldap_server.php
* Address book backend for LDAP server
* @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id: abook_ldap_server.php 14840 2020-01-07 07:42:38Z pdontthink $
* @subpackage addressbook
* Address book backend for LDAP server
* An array with the following elements must be passed to
* the class constructor (elements marked ? are optional):
* host => LDAP server hostname/IP-address
* base => LDAP server root (base dn). Empty string allowed.
* ? port => LDAP server TCP port number (default: 389)
* ? charset => LDAP server charset (default: utf-8)
* ? name => Name for LDAP server (default "LDAP: hostname")
* Used to tag the result data
* ? maxrows => Maximum # of rows in search result
* ? timeout => Timeout for LDAP operations (in seconds, default: 30)
* Might not work for all LDAP libraries or servers.
* ? binddn => LDAP Bind DN.
* ? bindpw => LDAP Bind Password.
* ? protocol => LDAP Bind protocol.
* NOTE. This class should not be used directly. Use the
* "AddressBook" class instead.
* @subpackage addressbook
* @var string backend type
* @var string backend name
/* Parameters changed by class */
* @var string displayed name
var $sname =
'LDAP'; /* Service name */
* @var string LDAP server name or address or url
* @var integer LDAP server port
* @var string LDAP base DN
* @var string charset used for entries in LDAP server
* @var object PHP LDAP link ID
* @var bool True if LDAP server is bound
* @var integer max rows in result
* @var integer timeout of LDAP operations (in seconds)
* @var string DN to bind to (non-anonymous bind)
* @var string password to bind with (non-anonymous bind)
* @var integer protocol used to connect to ldap server
* Constructor (PHP5 style, required in some future version of PHP)
* Connects to the database
* @param array connection options
$this->set_error('LDAP support missing from PHP');
$this->server =
$param['host'];
$this->basedn =
$param['base'];
if(!empty($param['port'])) {
$this->port =
$param['port'];
if(!empty($param['charset'])) {
if(isset
($param['maxrows'])) {
$this->maxrows =
$param['maxrows'];
if(isset
($param['timeout'])) {
$this->timeout =
$param['timeout'];
if(isset
($param['binddn'])) {
$this->binddn =
$param['binddn'];
if(isset
($param['bindpw'])) {
$this->bindpw =
$param['bindpw'];
if(isset
($param['protocol'])) {
if(empty($param['name'])) {
$this->sname =
'LDAP: ' .
$param['host'];
$this->sname =
$param['name'];
$this->set_error('Invalid argument to constructor');
* Constructor (PHP4 style, kept for compatibility reasons)
* Connects to the database
* @param array connection options
return self::__construct($param);
* @param bool $new is it a new connection
function open($new =
false) {
/* Connection is already open */
if($this->linkid !=
false &&
!$new) {
return $this->set_error('ldap_connect failed');
if(!@ldap_set_option($this->linkid, LDAP_OPT_PROTOCOL_VERSION, $this->protocol)) {
return $this->set_error('ldap_set_option failed');
return $this->set_error('authenticated ldap_bind failed');
if(!@ldap_bind($this->linkid)) {
return $this->set_error('anonymous ldap_bind failed');
* Converts string to the charset used by LDAP server
* @param string string that has to be converted
* @return string converted string
if($this->charset !=
$default_charset) {
* Convert from charset used by LDAP server to charset used by translation
* Output must be sanitized.
* @param string string that has to be converted
* @return string converted string
if ($this->charset !=
$default_charset) {
* Sanitizes ldap search strings.
* @link http://www.faqs.org/rfcs/rfc2254.html
* @return string sanitized string
$sanitized=
array('\\' =>
'\5c',
/* ========================== Public ======================== */
* @param string $expr search expression
* @return array search results
/* To be replaced by advanded search expression parsing */
/* Encode the expression */
* allow use of one asterisk in search.
* Don't allow any ldap special chars if search is different
/* Undo sanitizing of * symbol */
$expr =
preg_replace('/\*+/', '*', $expr); // LDAP chokes on more than one *
$expression =
"(|(cn=$expr)(sn=$expr)(givenname=$expr)(mail=$expr))";
/* Make sure connection is there */
$sret =
@ldap_search($this->linkid, $this->basedn, $expression,
array('dn', 'o', 'ou', 'sn', 'givenname', 'cn', 'mail'),
/* Should get error from server using the ldap_error() function,
* but it only exist in the PHP LDAP documentation. */
return $this->set_error('ldap_search failed');
if(@ldap_count_entries($this->linkid, $sret) <=
0) {
$res =
@ldap_get_entries($this->linkid, $sret);
for($i =
0 ; $i <
$res['count'] ; $i++
) {
/* Extract data common for all e-mail addresses
* of an object. Use only the first name */
if(!empty($row['ou'][0])) {
else if(!empty($row['o'][0])) {
if(empty($row['givenname'][0])) {
if(empty($row['sn'][0])) {
/* Add one row to result for each e-mail address */
if(isset
($row['mail']['count'])) {
for($j =
0 ; $j <
$row['mail']['count'] ; $j++
) {
'firstname' =>
$firstname,
'email' =>
$row['mail'][$j],
'backend' =>
$this->bnum,
'source' =>
&$this->sname));
if(($returned_rows >=
$this->maxrows) &&
} // isset($row['mail']['count'])
* List all entries present in LDAP server
* If you run a small-sized LDAP server and you want the "List all"
* button (found on the address book search screen that is accessed
* via the "Addresses" button on the compose screen) to show all
* addresses in the directory, add the following to config/config_local.php
* $ldap_abook_allow_listing = TRUE;
* Remember that the "maxrows" configuration setting for the LDAP
* server backend might limit list of returned entries.
* NOTE: You should exercise caution enabling the listing of large
* or public LDAP address book backends.
* @return array all entries in ldap server
global $ldap_abook_allow_listing;
if ($ldap_abook_allow_listing)
Documentation generated on Mon, 13 Jan 2020 04:24:10 +0100 by phpDocumentor 1.4.3