class LDAPGateway (View source)

Class LDAPGateway

Works within the LDAP domain model to provide basic operations. These are exclusively used in LDAPService for constructing more complex operations.

Traits

A class that can be instantiated or replaced via DI

Allows an object to have extensions applied to it.

Provides extensions to this object to integrate it with standard config API methods.

Allows an object to declare a set of custom methods

Config options

extensions array

An array of extension names and parameters to be applied to this object upon construction.

from  Extensible
unextendable_classes array

Classes that cannot be extended

from  Extensible
options array

Properties

protected static array $extra_methods

Custom method sources

from  CustomMethods
protected array $extra_method_registers

Name of methods to invoke by defineMethods for this instance

from  CustomMethods
protected static array $built_in_methods

Non-custom public methods.

from  CustomMethods
protected Extension[] $extension_instances from  Extensible
protected callable[][] $beforeExtendCallbacks

List of callbacks to call prior to extensions having extend called on them, each grouped by methodName.

from  Extensible
protected callable[][] $afterExtendCallbacks

List of callbacks to call after extensions having extend called on them, each grouped by methodName.

from  Extensible

Methods

public static 
create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

public static 
singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

public
mixed
__call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

protected
defineMethods()

Adds any methods from Extension instances attached to this object.

protected
registerExtraMethodCallback(string $name, callable $callback)

Register an callback to invoke that defines extra methods

public
bool
hasMethod(string $method)

Return TRUE if a method exists on this object

protected
bool
hasCustomMethod($method)

Determines if a custom method with this name is defined.

protected
array
getExtraMethodConfig(string $method)

Get meta-data details on a named method

public
array
allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

protected static 
array
findBuiltInMethods(string|object $class = null)

Get all public built in methods for this class

protected
array
findMethodsFrom(object $object)

Find all methods on the given object.

protected
addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property.

protected
removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

protected
addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

protected
addCallbackMethod(string $method, callable $callback)

Add callback as a method.

protected
beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

protected
afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

protected
defineExtensionMethods()

Adds any methods from Extension instances attached to this object.

public static 
bool
add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

public static 
remove_extension(string $extension)

Remove an extension from a class.

public static 
array
get_extensions(string $class = null, bool $includeArgumentString = false)

No description

public static 
array|null
get_extra_config_sources(string $class = null)

Get extra config sources for this class

public static 
bool
has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

public
array
invokeWithExtensions(string $method, mixed ...$arguments)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

public
array
extend(string $method, mixed ...$arguments)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

public
Extension|null
getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

public
bool
hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

public
getExtensionInstances()

Get all extension instances for this specific object instance.

public static 
config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

public
mixed
uninherited(string $name)

Gets the uninherited value for the given config option

public
__construct()

No description

public
Ldap
getLdap()

No description

protected
searchWithIterator($filter, $baseDn = null, $attributes = [])

No description

protected
array
search(string $filter, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query the LDAP directory with the given filter.

protected
array
processSearchResults(Iterator $records)

Processes results from either LDAPGateway::search() or LDAPGateway::searchAll(), expecting eitheran array of records

public
Result
authenticate(string $username, string $password)

Authenticate the given username and password with LDAP.

public
array
getNodes(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP nodes (organizational units, containers, and domains).

public
array
getGroups(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP groups.

public
array
getNestedGroups(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return all nested AD groups underneath a specific DN

public
array
getGroupByGUID(string $guid, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP group by objectGUID value.

public
array
getGroupByDN(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP group by DN value.

public
array
getUsers(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP users, but don't include built-in user accounts.

public
array
getUsersWithIterator(string|null $baseDn = null, array $attributes = [])

Query for LDAP users, but don't include built-in user accounts. Iterate over all users, regardless of the paging size control built into the LDAP server.

public
array
getUserByGUID(string $guid, $baseDn = null, $scope = Ldap::SEARCH_SCOPE_SUB, $attributes = [])

Return a particular LDAP user by objectGUID value.

public
array
getUserByDN(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP user by DN value.

public
array
getUserByEmail(string $email, $baseDn = null, $scope = Ldap::SEARCH_SCOPE_SUB, $attributes = [])

Return a particular LDAP user by mail value.

public
array
getUserByUsername(string $username, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Get a specific user's data from LDAP

public
string
getCanonicalUsername(array $data)

Get a canonical username from the record based on the connection settings.

public
changePassword(string $dn, string $password, string $oldPassword)

Changes user password via LDAP.

public
resetPassword(string $dn, string $password)

Administrative password reset.

public
update(string $dn, array $attributes)

Updates an LDAP object.

public
delete(string $dn, bool $recursively = false)

Deletes an LDAP object.

public
move(string $fromDn, string $toDn, bool $recursively = false)

Move an LDAP object from it's original DN location to another.

public
add(string $dn, array $attributes)

Add an LDAP object.

Details

static Injectable create(mixed ...$args)

An implementation of the factory method, allows you to create an instance of a class

This method will defer class substitution to the Injector API, which can be customised via the Config API to declare substitution classes.

This can be called in one of two ways - either calling via the class directly, or calling on Object and passing the class name as the first parameter. The following are equivalent: $list = DataList::create(SiteTree::class); $list = SiteTree::get();

Parameters

mixed ...$args

Return Value

Injectable

static Injectable singleton(string $class = null)

Creates a class instance by the "singleton" design pattern.

It will always return the same instance for this class, which can be used for performance reasons and as a simple way to access instance methods which don't rely on instance data (e.g. the custom SilverStripe static handling).

Parameters

string $class

Optional classname to create, if the called class should not be used

Return Value

Injectable

The singleton instance

mixed __call(string $method, array $arguments)

Attempts to locate and call a method dynamically added to a class at runtime if a default cannot be located

You can add extra methods to a class using Extensions}, {@link Object::createMethod() or Object::addWrapperMethod()

Parameters

string $method
array $arguments

Return Value

mixed

Exceptions

BadMethodCallException

protected defineMethods()

Adds any methods from Extension instances attached to this object.

All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().

protected registerExtraMethodCallback(string $name, callable $callback)

Register an callback to invoke that defines extra methods

Parameters

string $name
callable $callback

bool hasMethod(string $method)

Return TRUE if a method exists on this object

This should be used rather than PHP's inbuild method_exists() as it takes into account methods added via extensions

Parameters

string $method

Return Value

bool

protected bool hasCustomMethod($method)

Determines if a custom method with this name is defined.

Parameters

$method

Return Value

bool

protected array getExtraMethodConfig(string $method)

Get meta-data details on a named method

Parameters

string $method

Return Value

array

List of custom method details, if defined for this method

array allMethodNames(bool $custom = false)

Return the names of all the methods available on this object

Parameters

bool $custom

include methods added dynamically at runtime

Return Value

array

Map of method names with lowercase keys

static protected array findBuiltInMethods(string|object $class = null)

Get all public built in methods for this class

Parameters

string|object $class

Class or instance to query methods from (defaults to static::class)

Return Value

array

Map of methods with lowercase key name

protected array findMethodsFrom(object $object)

Find all methods on the given object.

Parameters

object $object

Return Value

array

protected addMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

Exceptions

InvalidArgumentException

protected removeMethodsFrom(string $property, string|int $index = null)

Add all the methods from an object property (which is an Extension) to this object.

Parameters

string $property

the property name

string|int $index

an index to use if the property is an array

protected addWrapperMethod(string $method, string $wrap)

Add a wrapper method - a method which points to another method with a different name. For example, Thumbnail(x) can be wrapped to generateThumbnail(x)

Parameters

string $method

the method name to wrap

string $wrap

the method name to wrap to

protected addCallbackMethod(string $method, callable $callback)

Add callback as a method.

Parameters

string $method

Name of method

callable $callback

Callback to invoke. Note: $this is passed as first parameter to this callback and then $args as array

protected beforeExtending(string $method, callable $callback)

Allows user code to hook into Object::extend prior to control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

protected afterExtending(string $method, callable $callback)

Allows user code to hook into Object::extend after control being delegated to extensions. Each callback will be reset once called.

Parameters

string $method

The name of the method to hook into

callable $callback

The callback to execute

protected defineExtensionMethods()

Adds any methods from Extension instances attached to this object.

All these methods can then be called directly on the instance (transparently mapped through __call()}), or called explicitly through {@link extend().

static bool add_extension(string $classOrExtension, string $extension = null)

Add an extension to a specific class.

The preferred method for adding extensions is through YAML config, since it avoids autoloading the class, and is easier to override in more specific configurations.

As an alternative, extensions can be added to a specific class directly in the Object::$extensions array. See SiteTree::$extensions for examples. Keep in mind that the extension will only be applied to new instances, not existing ones (including all instances created through singleton()).

Parameters

string $classOrExtension

Class that should be extended - has to be a subclass of Object

string $extension

Subclass of Extension with optional parameters as a string, e.g. "Versioned"

Return Value

bool

Flag if the extension was added

See also

http://doc.silverstripe.org/framework/en/trunk/reference/dataextension

static remove_extension(string $extension)

Remove an extension from a class.

Note: This will not remove extensions from parent classes, and must be called directly on the class assigned the extension.

Keep in mind that this won't revert any datamodel additions of the extension at runtime, unless its used before the schema building kicks in (in your _config.php). Doesn't remove the extension from any Object instances which are already created, but will have an effect on new extensions. Clears any previously created singletons through singleton() to avoid side-effects from stale extension information.

Parameters

string $extension

class name of an Extension subclass, without parameters

static array get_extensions(string $class = null, bool $includeArgumentString = false)

No description

Parameters

string $class

If omitted, will get extensions for the current class

bool $includeArgumentString

Include the argument string in the return array, FALSE would return array("Versioned"), TRUE returns array("Versioned('Stage','Live')").

Return Value

array

Numeric array of either DataExtension class names, or eval'ed class name strings with constructor arguments.

static array|null get_extra_config_sources(string $class = null)

Get extra config sources for this class

Parameters

string $class

Name of class. If left null will return for the current class

Return Value

array|null

static bool has_extension(string $classOrExtension, string $requiredExtension = null, bool $strict = false)

Return TRUE if a class has a specified extension.

This supports backwards-compatible format (static Object::has_extension($requiredExtension)) and new format ($object->has_extension($class, $requiredExtension))

Parameters

string $classOrExtension

Class to check extension for, or the extension name to check if the second argument is null.

string $requiredExtension

If the first argument is the parent class, this is the extension to check. If left null, the first parameter will be treated as the extension.

bool $strict

if the extension has to match the required extension and not be a subclass

Return Value

bool

Flag if the extension exists

array invokeWithExtensions(string $method, mixed ...$arguments)

Calls a method if available on both this object and all applied Extensions, and then attempts to merge all results into an array

Parameters

string $method

the method name to call

mixed ...$arguments

List of arguments

Return Value

array

List of results with nulls filtered out

array extend(string $method, mixed ...$arguments)

Run the given function on all of this object's extensions. Note that this method originally returned void, so if you wanted to return results, you're hosed

Currently returns an array, with an index resulting every time the function is called. Only adds returns if they're not NULL, to avoid bogus results from methods just defined on the parent extension. This is important for permission-checks through extend, as they use min() to determine if any of the returns is FALSE. As min() doesn't do type checking, an included NULL return would fail the permission checks.

The extension methods are defined during __construct()} in {@link defineMethods().

Parameters

string $method

the name of the method to call on each extension

mixed ...$arguments

Return Value

array

Extension|null getExtensionInstance(string $extension)

Get an extension instance attached to this object by name.

Parameters

string $extension

Return Value

Extension|null

bool hasExtension(string $extension)

Returns TRUE if this object instance has a specific extension applied in $extension_instances. Extension instances are initialized at constructor time, meaning if you use add_extension() afterwards, the added extension will just be added to new instances of the extended class. Use the static method has_extension() to check if a class (not an instance) has a specific extension.

Caution: Don't use singleton()->hasExtension() as it will give you inconsistent results based on when the singleton was first accessed.

Parameters

string $extension

Classname of an Extension subclass without parameters

Return Value

bool

Extension[] getExtensionInstances()

Get all extension instances for this specific object instance.

See get_extensions() to get all applied extension classes for this class (not the instance).

This method also provides lazy-population of the extension_instances property.

Return Value

Extension[]

Map of DataExtension instances, keyed by classname.

static Config_ForClass config()

Get a configuration accessor for this class. Short hand for Config::inst()->get($this->class, .....).

Return Value

Config_ForClass

mixed uninherited(string $name)

Gets the uninherited value for the given config option

Parameters

string $name

Return Value

mixed

__construct()

No description

Ldap getLdap()

No description

Return Value

Ldap

The underlying Laminas\Ldap\Ldap class, so that methods can be called directly

protected searchWithIterator($filter, $baseDn = null, $attributes = [])

No description

Parameters

$filter
$baseDn
$attributes

Query the LDAP directory with the given filter.

Parameters

string $filter

The string to filter by, e.g. (objectClass=user)

null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

string $sort

Sort results by this attribute if given

Return Value

array

protected array processSearchResults(Iterator $records)

Processes results from either LDAPGateway::search() or LDAPGateway::searchAll(), expecting eitheran array of records

Parameters

Iterator $records

Return Value

array

Result authenticate(string $username, string $password)

Authenticate the given username and password with LDAP.

Parameters

string $username
string $password

Return Value

Result

array getNodes(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP nodes (organizational units, containers, and domains).

Parameters

null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

string $sort

Sort results by this attribute if given

Return Value

array

array getGroups(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP groups.

Parameters

null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

string $sort

Sort results by this attribute if given

Return Value

array

array getNestedGroups(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return all nested AD groups underneath a specific DN

Parameters

string $dn
null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

Return Value

array

array getGroupByGUID(string $guid, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP group by objectGUID value.

Parameters

string $guid
null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

Return Value

array

array getGroupByDN(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP group by DN value.

Parameters

string $dn
null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

Return Value

array

array getUsers(null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [], string $sort = '')

Query for LDAP users, but don't include built-in user accounts.

Parameters

null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

string $sort

Sort results by this attribute if given

Return Value

array

array getUsersWithIterator(string|null $baseDn = null, array $attributes = [])

Query for LDAP users, but don't include built-in user accounts. Iterate over all users, regardless of the paging size control built into the LDAP server.

Parameters

string|null $baseDn

The DN to search within. Defaults to the base DN applied to the connection.

array $attributes

Specify user attributes to be returned. Defaults to returning all attributes.

Return Value

array

array getUserByGUID(string $guid, $baseDn = null, $scope = Ldap::SEARCH_SCOPE_SUB, $attributes = [])

Return a particular LDAP user by objectGUID value.

Parameters

string $guid
$baseDn
$scope
$attributes

Return Value

array

array getUserByDN(string $dn, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Return a particular LDAP user by DN value.

Parameters

string $dn
null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

Return Value

array

array getUserByEmail(string $email, $baseDn = null, $scope = Ldap::SEARCH_SCOPE_SUB, $attributes = [])

Return a particular LDAP user by mail value.

Parameters

string $email
$baseDn
$scope
$attributes

Return Value

array

array getUserByUsername(string $username, null|string $baseDn = null, int $scope = Ldap::SEARCH_SCOPE_SUB, array $attributes = [])

Get a specific user's data from LDAP

Parameters

string $username
null|string $baseDn

The DN to search from. Default is the baseDn option in the connection if not given

int $scope

The scope to perform the search. Laminas_Ldap::SEARCH_SCOPE_ONE, Laminas_LDAP::SEARCH_SCOPE_BASE. Default is Laminas_Ldap::SEARCH_SCOPE_SUB

array $attributes

Restrict to specific AD attributes. An empty array will return all attributes

Return Value

array

Exceptions

Exception

string getCanonicalUsername(array $data)

Get a canonical username from the record based on the connection settings.

Parameters

array $data

Return Value

string

Exceptions

Exception

changePassword(string $dn, string $password, string $oldPassword)

Changes user password via LDAP.

Change password is different to administrative password reset in that it will respect the password history policy. This is achieved by sending a remove followed by an add in one batch (which is different to an ordinary attribute modification operation).

Parameters

string $dn

Location to update the entry at.

string $password

New password to set.

string $oldPassword

Old password is needed to trigger a password change.

Exceptions

LdapException
Exception

resetPassword(string $dn, string $password)

Administrative password reset.

This is different to password change - it does not require old password, but also it does not respect password history policy setting.

Parameters

string $dn

Location to update the entry at.

string $password

New password to set.

Exceptions

LdapException
Exception

update(string $dn, array $attributes)

Updates an LDAP object.

For this work you might need that LDAP connection is bind:ed with a user with enough permissions to change attributes and that the LDAP connection is using SSL/TLS. It depends on the server setup.

If there are some errors, the underlying LDAP library should throw an Exception

Parameters

string $dn

Location to update the entry at.

array $attributes

An associative array of attributes.

Exceptions

LdapException

delete(string $dn, bool $recursively = false)

Deletes an LDAP object.

Parameters

string $dn

Location of object to delete

bool $recursively

Recursively delete nested objects?

Exceptions

LdapException

move(string $fromDn, string $toDn, bool $recursively = false)

Move an LDAP object from it's original DN location to another.

This effectively copies the object then deletes the original one.

Parameters

string $fromDn
string $toDn
bool $recursively

Recursively move nested objects?

add(string $dn, array $attributes)

Add an LDAP object.

For this work you might need that LDAP connection is bind:ed with a user with enough permissions to change attributes and that the LDAP connection is using SSL/TLS. It depends on the server setup.

Parameters

string $dn

Location to add the entry at.

array $attributes

An associative array of attributes.

Exceptions

LdapException