#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach...

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen After discussing with EV it's not necessary to permut the serach, instead just repeat the whole search with every token. Quite simple and effective.

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach...
#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen After discussing with EV it's not necessary to permut the serach, instead just repeat the whole search with every token. Quite simple and effective.
6e6eb42e · Carsten Rose · fe68e253 · 6e6eb42e · 6e6eb42e
Commit 6e6eb42e authored Apr 12, 2017 by Carsten Rose
--- a/extension/Documentation/Manual.rst
+++ b/extension/Documentation/Manual.rst
@@ -914,26 +914,25 @@ To identify the exact *id*, an additional search filter is necessary.
 PerToken
 ^^^^^^^^

-In the rare cases, where a user types more than token, e.g. firstname and lastname, **and** the LDAP server do not provide
-an attribute with the combination of both: This mode will
-
-* split the search string in individuell user tokens,
-* split the ldap search string in individuell search tokens,
-* create tuple permutations of all search tokens,
-
-and fill all search token with the first user token and the second user token (only two user tokens are supported at the
-moment).
+Sometimes a LDAP server only provides attributes like 'sn' and 'givenName', but not 'displayName' or a practial combination of
+multiple attributes - than it is difficult to search for 'firstname' and (=boolean AND) 'lastname'. E.g. 'John Doe', results to search like
+`(|(sn=*John Doe*)(givenName=*John Doe*))` which will be probably always be empty.
+Instead, the user input has to be splitted in token and the search string has to repeated for every token.

 * *Form.parameter* or *FormElement.parameter*:

  * *typeAheadLdapSearchPerToken* - no value needed.

+This will repeat the search string per token.
+
 E.g.::

   User search string: X Y
-   Ldap search string: (|(a=*?*)(b=*?*)(c=*?*))
+   Ldap search string: (|(a=*?*)(b=*?*))
+
+   Result: (& (|(a=*X*)(b=*X*)) (|(a=*Y*)(b=*Y*))

-   Result: (| (&(a=*X*)(b=*Y*)) (&(a=*Y*)(b=*X*)) (&(a=*X*)(c=*Y*)) (&(a=*Y*)(c=*X*)) (&(b=*X*)(c=*Y*)) (&(=*Y*)(c=*X*)) )
+Attention: this option is only usefull in specific environments.


 .. _Fill_LDAP_STORE:

--- a/extension/qfq/qfq/helper/Ldap.php
+++ b/extension/qfq/qfq/helper/Ldap.php
@@ -112,6 +112,37 @@ class Ldap {
        return $searchString;
    }

+    /**
+     * Explode $ldapValue by ' '. If more than one entry is found, append the search, replaced by word 1, word 2, ...
+     *
+     * (|(a=*?*)(b=*?*)(c=*?*)), ?=X Y Z:    (& (|(a=*X*)(b=*X*)(c=*X*))  (|(a=*Y*)(b=*Y*)(c=*Y*)) (|(a=*Z*)(b=*Z*)(c=*Z*)) )
+     *
+     * @param string $ldapSearch
+     * @param string $searchValue
+     * @return string
+     */
+    private function explodeSearchPerToken($ldapSearch, $searchValue) {
+
+        $searchValue = trim($searchValue);
+        if ($ldapSearch == '' || $searchValue == '') {
+            return '';
+        }
+
+        $tokenArr = OnArray::removeEmptyElementsFromArray(explode(' ', $searchValue));
+        if (count($tokenArr) == 1) {
+            // If there is only one token : replace and return.
+            return str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $ldapSearch);
+        }
+
+        $searchString = '';
+        foreach ($tokenArr AS $word) {
+            $searchString .= str_replace(TYPEAHEAD_PLACEHOLDER, $word, $ldapSearch);
+        }
+
+        return '(&' . $searchString . ')';
+
+    }
+
    /**
     * @param array $config
     * @param string $searchValue
@@ -124,15 +155,16 @@ class Ldap {
        $config[FE_LDAP_ATTRIBUTES] = Support::setIfNotSet($config, FE_LDAP_ATTRIBUTES, '');
        $config[FE_LDAP_TIME_LIMIT] = Support::setIfNotSet($config, FE_LDAP_TIME_LIMIT, DEFAULT_LDAP_TIME_LIMIT);

-        if ($mode == MODE_LDAP_MULTI && isset($config[F_TYPEAHEAD_LDAP_SEARCH_PER_TOKEN])) {
-            $config[FE_LDAP_SEARCH] = $this->explodePermutSearch($config[FE_LDAP_SEARCH], $searchValue);
-        } else {
-            $config[FE_LDAP_SEARCH] = str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $config[FE_LDAP_SEARCH]);
-        }
-
        $config[FE_TYPEAHEAD_LIMIT] = ($mode == MODE_LDAP_MULTI) ? $config[FE_TYPEAHEAD_LIMIT] : 1;

        if ($mode == MODE_LDAP_MULTI) {
+
+            if (isset($config[F_TYPEAHEAD_LDAP_SEARCH_PER_TOKEN])) {
+                $config[FE_LDAP_SEARCH] = $this->explodeSearchPerToken($config[FE_LDAP_SEARCH], $searchValue);
+            } else {
+                $config[FE_LDAP_SEARCH] = str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $config[FE_LDAP_SEARCH]);
+            }
+
            $config[FE_TYPEAHEAD_LDAP_KEY_PRINTF] = Support::setIfNotSet($config, FE_TYPEAHEAD_LDAP_KEY_PRINTF, '');
            $config[FE_TYPEAHEAD_LDAP_VALUE_PRINTF] = Support::setIfNotSet($config, FE_TYPEAHEAD_LDAP_VALUE_PRINTF, '');