David Härdeman 8e9cef4f78 [ldap-contacts-suggestions] Use LDAP URI for connecting
ldap_connect(<host>, <port>) is deprecated and ldap_connect(<uri>) is
more expressive (for example, by allowing the use of SSL to be
mandatory using a ldaps:// URL).
2021-08-22 12:32:02 +02:00

347 lines
7.3 KiB

class LdapContactsSuggestions implements \RainLoop\Providers\Suggestions\ISuggestions
* @var string
private $sLdapUri = 'ldap://';
* @var bool
private $bUseStartTLS = True;
* @var string
private $sBindDn = null;
* @var string
private $sBindPassword = null;
* @var string
private $sBaseDn = '';
* @var string
private $sObjectClass = 'inetOrgPerson';
* @var string
private $sUidField = 'uid';
* @var string
private $sNameField = 'givenName';
* @var string
private $sEmailField = 'mail';
* @var \MailSo\Log\Logger
private $oLogger = null;
* @var string
private $sAllowedEmails = '';
* @param string $sLdapUri
* @param bool $bUseStartTLS
* @param string $sBindDn
* @param string $sBindPassword
* @param string $sBaseDn
* @param string $sObjectClass
* @param string $sNameField
* @param string $sEmailField
* @param string $sAllowedEmails
* @return \LdapContactsSuggestions
public function SetConfig($sLdapUri, $bUseStartTLS, $sBindDn, $sBindPassword, $sBaseDn, $sObjectClass, $sUidField, $sNameField, $sEmailField, $sAllowedEmails)
$this->sLdapUri = $sLdapUri;
$this->bUseStartTLS = $bUseStartTLS;
if (0 < \strlen($sBindDn))
$this->sBindDn = $sBindDn;
$this->sBindPassword = $sBindPassword;
$this->sBaseDn = $sBaseDn;
$this->sObjectClass = $sObjectClass;
$this->sUidField = $sUidField;
$this->sNameField = $sNameField;
$this->sEmailField = $sEmailField;
$this->sAllowedEmails = $sAllowedEmails;
return $this;
* @param \RainLoop\Model\Account $oAccount
* @param string $sQuery
* @param int $iLimit = 20
* @return array
public function Process(RainLoop\Model\Account $oAccount, string $sQuery, int $iLimit = 20): array
$sQuery = \trim($sQuery);
if (2 > \strlen($sQuery))
return array();
else if (!$oAccount || !\RainLoop\Plugins\Helper::ValidateWildcardValues($oAccount->Email(), $this->sAllowedEmails))
return array();
$aResult = $this->ldapSearch($oAccount, $sQuery);
$aResult = \RainLoop\Utils::RemoveSuggestionDuplicates($aResult);
if ($iLimit < \count($aResult))
$aResult = \array_slice($aResult, 0, $iLimit);
return $aResult;
* @param array $aLdapItem
* @param array $aEmailFields
* @param array $aNameFields
* @return array
private function findNameAndEmail($aLdapItem, $aEmailFields, $aNameFields, $aUidFields)
$sEmail = $sName = $sUid = '';
if ($aLdapItem)
foreach ($aEmailFields as $sField)
$sField = \strtolower($sField);
if (!empty($aLdapItem[$sField][0]))
$sEmail = \trim($aLdapItem[$sField][0]);
if (!empty($sEmail))
foreach ($aNameFields as $sField)
$sField = \strtolower($sField);
if (!empty($aLdapItem[$sField][0]))
$sName = \trim($aLdapItem[$sField][0]);
if (!empty($sName))
foreach ($aUidFields as $sField)
$sField = \strtolower($sField);
if (!empty($aLdapItem[$sField][0]))
$sUid = \trim($aLdapItem[$sField][0]);
if (!empty($sUid))
return array($sEmail, $sName, $sUid);
* @param \RainLoop\Model\Account $oAccount
* @param string $sQuery
* @return array
private function ldapSearch($oAccount, $sQuery)
$sSearchEscaped = $this->escape($sQuery);
$aResult = array();
$oCon = @\ldap_connect($this->sLdapUri);
if ($oCon)
$this->oLogger->Write('ldap_connect: connected', \MailSo\Log\Enumerations\Type::INFO, 'LDAP');
@\ldap_set_option($oCon, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($this->bUseStartTLS && !@\ldap_start_tls($oCon))
$this->logLdapError($oCon, 'ldap_start_tls');
return $aResult;
if (!@\ldap_bind($oCon, $this->sBindDn, $this->sBindPassword))
if (is_null($this->sBindDn))
$this->logLdapError($oCon, 'ldap_bind (anonymous)');
$this->logLdapError($oCon, 'ldap_bind');
return $aResult;
$sDomain = \MailSo\Base\Utils::GetDomainFromEmail($oAccount->Email());
$sBaseDn = \strtr($this->sBaseDn, array(
'{domain}' => $sDomain,
'{domain:dc}' => 'dc='.\strtr($sDomain, array('.' => ',dc=')),
'{email}' => $oAccount->Email(),
'{email:user}' => \MailSo\Base\Utils::GetAccountNameFromEmail($oAccount->Email()),
'{email:domain}' => $sDomain,
'{login}' => $oAccount->Login(),
'{imap:login}' => $oAccount->Login(),
'{imap:host}' => $oAccount->DomainIncHost(),
'{imap:port}' => $oAccount->DomainIncPort()
$aEmails = empty($this->sEmailField) ? array() : \explode(',', $this->sEmailField);
$aNames = empty($this->sNameField) ? array() : \explode(',', $this->sNameField);
$aUIDs = empty($this->sUidField) ? array() : \explode(',', $this->sUidField);
$aEmails = \array_map('trim', $aEmails);
$aNames = \array_map('trim', $aNames);
$aUIDs = \array_map('trim', $aUIDs);
$aFields = \array_merge($aEmails, $aNames, $aUIDs);
$aItems = array();
$sSubFilter = '';
foreach ($aFields as $sItem)
if (!empty($sItem))
$aItems[] = $sItem;
$sSubFilter .= '('.$sItem.'=*'.$sSearchEscaped.'*)';
$sFilter = '(&(objectclass='.$this->sObjectClass.')';
$sFilter .= (1 < count($aItems) ? '(|' : '').$sSubFilter.(1 < count($aItems) ? ')' : '');
$sFilter .= ')';
$this->oLogger->Write('ldap_search: start: '.$sBaseDn.' / '.$sFilter, \MailSo\Log\Enumerations\Type::INFO, 'LDAP');
$oS = @\ldap_search($oCon, $sBaseDn, $sFilter, $aItems, 0, 30, 30);
if ($oS)
$aEntries = @\ldap_get_entries($oCon, $oS);
if (is_array($aEntries))
if (isset($aEntries['count']))
foreach ($aEntries as $aItem)
if ($aItem)
$sName = $sEmail = '';
list ($sEmail, $sName) = $this->findNameAndEmail($aItem, $aEmails, $aNames, $aUIDs);
if (!empty($sEmail))
$aResult[] = array($sEmail, $sName);
$this->logLdapError($oCon, 'ldap_get_entries');
$this->logLdapError($oCon, 'ldap_search');
return $aResult;
return $aResult;
* @param string $sStr
* @return string
public function escape($sStr)
$aNewChars = array();
$aChars = array('\\', '*', '(', ')', \chr(0));
foreach ($aChars as $iIndex => $sValue)
$aNewChars[$iIndex] = '\\'.\str_pad(\dechex(\ord($sValue)), 2, '0');
return \str_replace($aChars, $aNewChars, $sStr);
* @param mixed $oCon
* @param string $sCmd
* @return string
public function logLdapError($oCon, $sCmd)
if ($this->oLogger)
$sError = $oCon ? @\ldap_error($oCon) : '';
$iErrno = $oCon ? @\ldap_errno($oCon) : 0;
$this->oLogger->Write($sCmd.' error: '.$sError.' ('.$iErrno.')',
\MailSo\Log\Enumerations\Type::WARNING, 'LDAP');
* @param \MailSo\Log\Logger $oLogger
* @return \LdapContactsSuggestions
public function SetLogger($oLogger)
if ($oLogger instanceof \MailSo\Log\Logger)
$this->oLogger = $oLogger;
return $this;