Commit 6e6eb42e authored by Carsten  Rose's avatar Carsten Rose
Browse files

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach...

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen
After discussing with EV it's not necessary  to permut the serach, instead just repeat the whole search with every token. Quite simple and effective.
parent fe68e253
......@@ -914,26 +914,25 @@ To identify the exact *id*, an additional search filter is necessary.
PerToken
^^^^^^^^
In the rare cases, where a user types more than token, e.g. firstname and lastname, **and** the LDAP server do not provide
an attribute with the combination of both: This mode will
* split the search string in individuell user tokens,
* split the ldap search string in individuell search tokens,
* create tuple permutations of all search tokens,
and fill all search token with the first user token and the second user token (only two user tokens are supported at the
moment).
Sometimes a LDAP server only provides attributes like 'sn' and 'givenName', but not 'displayName' or a practial combination of
multiple attributes - than it is difficult to search for 'firstname' and (=boolean AND) 'lastname'. E.g. 'John Doe', results to search like
`(|(sn=*John Doe*)(givenName=*John Doe*))` which will be probably always be empty.
Instead, the user input has to be splitted in token and the search string has to repeated for every token.
* *Form.parameter* or *FormElement.parameter*:
* *typeAheadLdapSearchPerToken* - no value needed.
This will repeat the search string per token.
E.g.::
User search string: X Y
Ldap search string: (|(a=*?*)(b=*?*)(c=*?*))
Ldap search string: (|(a=*?*)(b=*?*))
Result: (& (|(a=*X*)(b=*X*)) (|(a=*Y*)(b=*Y*))
Result: (| (&(a=*X*)(b=*Y*)) (&(a=*Y*)(b=*X*)) (&(a=*X*)(c=*Y*)) (&(a=*Y*)(c=*X*)) (&(b=*X*)(c=*Y*)) (&(=*Y*)(c=*X*)) )
Attention: this option is only usefull in specific environments.
.. _Fill_LDAP_STORE:
......
......@@ -112,6 +112,37 @@ class Ldap {
return $searchString;
}
/**
* Explode $ldapValue by ' '. If more than one entry is found, append the search, replaced by word 1, word 2, ...
*
* (|(a=*?*)(b=*?*)(c=*?*)), ?=X Y Z: (& (|(a=*X*)(b=*X*)(c=*X*)) (|(a=*Y*)(b=*Y*)(c=*Y*)) (|(a=*Z*)(b=*Z*)(c=*Z*)) )
*
* @param string $ldapSearch
* @param string $searchValue
* @return string
*/
private function explodeSearchPerToken($ldapSearch, $searchValue) {
$searchValue = trim($searchValue);
if ($ldapSearch == '' || $searchValue == '') {
return '';
}
$tokenArr = OnArray::removeEmptyElementsFromArray(explode(' ', $searchValue));
if (count($tokenArr) == 1) {
// If there is only one token : replace and return.
return str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $ldapSearch);
}
$searchString = '';
foreach ($tokenArr AS $word) {
$searchString .= str_replace(TYPEAHEAD_PLACEHOLDER, $word, $ldapSearch);
}
return '(&' . $searchString . ')';
}
/**
* @param array $config
* @param string $searchValue
......@@ -124,15 +155,16 @@ class Ldap {
$config[FE_LDAP_ATTRIBUTES] = Support::setIfNotSet($config, FE_LDAP_ATTRIBUTES, '');
$config[FE_LDAP_TIME_LIMIT] = Support::setIfNotSet($config, FE_LDAP_TIME_LIMIT, DEFAULT_LDAP_TIME_LIMIT);
if ($mode == MODE_LDAP_MULTI && isset($config[F_TYPEAHEAD_LDAP_SEARCH_PER_TOKEN])) {
$config[FE_LDAP_SEARCH] = $this->explodePermutSearch($config[FE_LDAP_SEARCH], $searchValue);
} else {
$config[FE_LDAP_SEARCH] = str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $config[FE_LDAP_SEARCH]);
}
$config[FE_TYPEAHEAD_LIMIT] = ($mode == MODE_LDAP_MULTI) ? $config[FE_TYPEAHEAD_LIMIT] : 1;
if ($mode == MODE_LDAP_MULTI) {
if (isset($config[F_TYPEAHEAD_LDAP_SEARCH_PER_TOKEN])) {
$config[FE_LDAP_SEARCH] = $this->explodeSearchPerToken($config[FE_LDAP_SEARCH], $searchValue);
} else {
$config[FE_LDAP_SEARCH] = str_replace(TYPEAHEAD_PLACEHOLDER, $searchValue, $config[FE_LDAP_SEARCH]);
}
$config[FE_TYPEAHEAD_LDAP_KEY_PRINTF] = Support::setIfNotSet($config, FE_TYPEAHEAD_LDAP_KEY_PRINTF, '');
$config[FE_TYPEAHEAD_LDAP_VALUE_PRINTF] = Support::setIfNotSet($config, FE_TYPEAHEAD_LDAP_VALUE_PRINTF, '');
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment