I am trying to do a LDAP Search on a multivalue attribute ACL using PHP. But when I try to set a filter on ACL $filter="(ACL=*$cn*)" where $cn = prnman03 there are no results returned.
ACL - 16#entry#cn=prnman03,ou=ipp,ou=services,o=uct#[Entry Rights]
3#entry#[Root]#iPrintPrinterIPPURI
8#entry#ou=backup,ou=ipp,ou=services,o=uct#iPrintPrinterUserRole
8#entry#ou=ippl,ou=ipp,ou=services,o=uct#iPrintPrinterUserRole
8#entry#ou=ipp,ou=services,o=uct#iPrintPrinterUserRole
cn - IPP00005
iPrintPrinterIPPURI- ipp://srvnbsidw001.uct.ac.za/ipp/IPP00005
If one of the attribute values matches the filter, then the entry will be considered to be returned (as long as permissions allow).
But remember that LDAP Filters are resolving in True, False, Undefined. Undefined means that there was no way to apply the filter and get a result. If there is no substring matching rule defined for the ACL attribute, then matching a substring filter will be undefined.
As you are doing this on an ACL for eDirectory, I do not think you will find and values that work for substrings. Even though their documentation say there are some conditions where matching will work, I have not be able to find or perform any such matches.
Related
Is that possible to make route that accept string parameter only for specific string? Example :
Route::get('{user_tipe}/event', 'admin\EventC#index');
That the route, I want to make the user_tipe param is only allow to two string like admin and author. Is that possible?
You can do that using regular expression constraits on your route:
Route::get('{user_tipe}/event', 'admin\EventC#index')->where('user_tipe', 'admin|author');
admin|author is a simple regular expression that will match either the string admin or author
UPDATE
Here you can find how to use the route param constraints when using Route::group
Im trying to compile a regular expression to match a URL in the following form:
http://www.example.com/param_1/param_2/.../param_n/?var_1=val_1&var2_=val_2&...val_n=var_n
In other words, the URL would have several subdirectories (param_1 - param_n) that need to be matched explicitly, and an unknown number of GET variables that need to be carried along with the URL without invalidating the match.
(Ive seen other topics for matching one, or two, or three GET variables but none for a general regex expression matching multiple variables who's total number is unknown)
I have the following Regex working for the following URL:
URL: http://www.example.com/users/john/
REGEX: "users\/john\/([a-z|A-Z|0-9|-]+)([\/]{0,1})\/([a-z|A-Z|0-9|-]+)([\/]{0,1})$/"
RESULT: MATCH!! :)
But the addition of "GET" variables (http://www.example.com/users/john/?car=blue) does not lead to a match (obviously).
I am not a regex guru and pretty sure what I have working probably isn't very elegant to begin with, but I have had no luck at all making it work with additional variables.
I am matching patterns in the following way:
$routes = array(~~ REGEX => controller script ~~);
foreach($routes as $pattern=>$ctrl){
if(preg_match($pattern, URI)) {
echo 'MATCH!!';
break;
}
}
First extract all params and all key-vals separately:
key-vals vvvv
^https?:\/\/[^\/]+((?:\/[^?]+)*)?(?:\?(.+))?$
^^^^^^^^^^^^^^^ params
For the example url, params = /param_1/param_2/.../param_n and key-vals = var_1=val_1&var2_=val_2&...val_n=var_n.
If params were extracted, get each individual param (use global to get every one):
\/([^\/]+)
^^^^^^^^ individual param
If key-vals were extracted, get each individual key and value (also use global):
vvvvvvv value
([^=]+)=([^&]+)
^^^^^^^ key
Sorry I can't help with the PHP, but this should point you in the right direction.
Thank you for your replies! The following regex ended up working for me:
/^\/param_1\/param_2\/...\/param_n\/?(\?.*)?$/
I know Laravel5 Resource method will work like this.
TestControler#index /aa
TestControler#edit /aa/{aa}/edit
..
It's good to work if integer have been inserted.
/aa/1/edit -> work
But it will broken if string is coming.
/aa/aa/edit -> SQLSTATE[22P02]: Invalid text representation ..
So I wanna ask you the question is how should I allow request url thats integer only?
where should I write, route.php or Controller?
and how to abort 404 if string is coming.
any idea?
Expanding on my comment:
When working with Laravel's router, for any parameter you add to a URI definition (such as {id}), you can add a regex constraint. The constraint will take the variable value and test to see if the regex matches the value. If the regex fails, then the route will not be selected.
You do this using the where() method on the route and passing an associative array where the keys correspond to the variables in the URI, and the values are regexes to match. You can add constraints to as many variables in a route's URI as you like.
For example, if you wanted to constrain the id value in your URI to just numbers, you could do something like this:
Route::get("users/{id}", "Users#getUser")->where(["id" => "[0-9]+"]);
The documentation for this feature states:
You may constrain the format of your route parameters using the where method on a route instance. The where method accepts the name of the parameter and a regular expression defining how the parameter should be constrained
See more examples in the documentation available here: https://laravel.com/docs/5.2/routing#parameters-regular-expression-constraints
Thanks to reply, Finally It works great.
But I wanna add this to my post.
Where method will work when I write 'standard' routing like this.
Route::get('/aa/{aa}/edit','TestsController#delete')->name('aa.edit')->where('aa','[0-9]+'); // works great!
But that's not work if I write 'RESTful' routing like this.
Route::resource('/aa', 'TestsController')->where('aa','[0-9]+'); // not work!
So I wrote this to app/route.php, It works very fine.
Route::pattern('aa', '\d+');
Route::get('/aa/{aa}/delete','TestsController#delete')->name('aa.delete')->where('aa','[0-9]+');
Route::resource('/aa', 'TestsController')->where('aa','[0-9]+');
I'm starting to wonder if this is possible at all, but I'm using Laravel and I need to check to see if the $errors object contains any keys containing a search string.
I know it contains the keys 'monitors.0.size' and 'monitors.1.size' but I need to be able to check using just 'monitors'.
$errors->has('monitors') returns false and the attempts I've made at inserting different wildcards have resulted in page errors.
Am I missing something simple? Is there a way to do this?
as $errors is an instance of \Illuminate\Support\MessageBag I think the only way would be to loop over the $errors and compare them.
According to these posts in the php.net manual it should be possible to supply multiple DNs for ldap_search().
However, I can't get the below implementation to work:
$dn[] = 'ou=Red,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Green,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Blue,ou=Teams,ou=Users,dc=example,dc=org';
$query = ldap_search($conn, $dn, $filter, $attrs);
Everything is fine when passing through any of the individual DN strings, but supplying an array will error with message: 'No such object'.
An obvious work around for this is to loop over my DN array to fire off separate queries and push everything in to one array. I'd like to avoid having to do that, since I'm bringing back 8000+ objects in one DN (Paginated - Example 2) and ~300 in each of the other two.
Is it actually possible to search multiple DNs?
Perhaps special syntax (symbol/character) within the single DN string?
Search requests must contain a minimum the following parameters:
the base object at which the search starts (no objects above the base objects are returned)
the scope of the search: base is the base object itself, one is the base object and
one level below the base object, sub is the base object and all entries below the base object.
a filter which limits the entries returned to those entries which match the assertion in the
filter
A list of attributes can also be supplied, though many, but not all, LDAP APIs will request all
user attributes if none are supplied in the search request.
In the case listed, set the base object to ou=users,dc=example,dc=com and use an appropriate
filter. If the LDAP client must restrict the returned entries to entries that are subordinate
to ou=red, ou=green, or ou=blue it may be possible to use a compound extensible match filter
like (&(objectClass=inetOrgPerson)(|(ou:dn:=red)(ou:dn:=green)(ou:dn:=blue))) - use the correct object
class if the data does not use inetOrgPerson. All LDAP-compliant servers support extensible
match filters, but non-compliant servers may not support this standard filter.
It is not possible to use multiple base objects, the scope parameter defines how many subordinate
levels, if any, are examined below the base object.
see also
LDAP: Mastering Search Filters
LDAP: Search best practices
LDAP: Programming practices
Did you see this in the manual?
Those arrays must be of the same size as the link identifier array since the first entries of the arrays are used for one search, the second entries are used for another, and so on.
Basically, your $conn variable needs to be an array of connections equal to the size of your $dn array.
If you have 3 elements in your $dn array, you need 3 elements in your $conn array:
$ds = ldap_connect($ldapserver);
$dn[] = 'ou=Red,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Green,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Blue,ou=Teams,ou=Users,dc=example,dc=org';
// Match connection elements to count of dn elements
for($x=0, $x < count($dn), $x++)
{
$conn[] = $ds;
}
$query = ldap_search($conn, $dn, $filter, $attrs);