modules/ldap_integration/ldapgroups.inc

<?php
// $Id: ldapgroups.inc,v 1.1 2009/08/25 13:23:37 miglius Exp $

/**
 * @file
 * ldapgroups include file.
 */

//////////////////////////////////////////////////////////////////////////////
// hook_user() functions

/**
 * Implements hook_user() login operation.
 */
function ldapgroups_user_login(&$account) {
  $authmap = user_get_authmaps($account->name);
  if (!isset($authmap['ldapauth'])) {
    // This user is not authenticated via lapauth.
    return;
  }

  // Setup the global $_ldapgroups_ldap object.
  if (!_ldapgroups_ldap_init($account))
    return;

  // First, we figure out the appropriate groups.
  $groups = _ldapgroups_detect_groups($account);

  // Apply groups restrictions.
  if (count($groups_allow = _ldapgroups_ldap_info($account, 'ldapgroups_groups')) > 0 && count(array_intersect($groups, $groups_allow)) == 0) {
    $account = user_load(0);
    return;
  }

  // Then, we take every mapped role from the user, later below
  // we'll grant back those deserved.
  $account->ldap_drupal_roles = isset($account->ldap_drupal_roles) ? $account->ldap_drupal_roles : array();
  foreach ($account->ldap_drupal_roles as $role) {
    _ldapgroups_deny_role($account, $role);
  }

  // Are there LDAP groups for the user?
  if ($groups === FALSE)
    return TRUE;

  // Next, we apply site-specific rules.
  $groups = _ldapgroups_filter($account, $groups);

  // At this point, the roles are in the full DN format.
  $roles = array();
  if (!empty($groups)) {
    $ldapgroups_mappings = _ldapgroups_ldap_info($account, 'ldapgroups_mappings');
    foreach ($groups as $group) {
      $role = _ldapgroups_mapping($account, $group);
      _ldapgroups_create_role($role);
      _ldapgroups_grant_role($account, $role);
      $roles[] = $role;
    }
  }

  // Store roles in the user object so we know which ones
  // were granted here.
  user_save($account, array('ldap_drupal_roles' => $roles));
}

//////////////////////////////////////////////////////////////////////////////
// Auxiliary functions

/**
 * Detect user groups from the LDAP.
 *
 * @param $user
 *   A user object.
 *
 * @return
 *   An array of user groups.
 */
function _ldapgroups_detect_groups($user) {
  global $_ldapgroups_ldap;

  // Nothing to do if the user is not LDAP authentified
  // or there are no groups configured.
  if (!(_ldapgroups_ldap_info($user, 'ldapgroups_in_dn') || _ldapgroups_ldap_info($user, 'ldapgroups_in_attr') || _ldapgroups_ldap_info($user, 'ldapgroups_as_entries')))
    return FALSE;

  // First try to connect with the stored user's DN and password.
  // If unsuccessful, connect with the BINDDN and BINDPW stored in the database for this config.
  $dn = isset($_SESSION['ldap_login']['dn']) ? $_SESSION['ldap_login']['dn'] : '';
  $pass = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : '';

  // If I try to connect using a blank dn and pass, I dont get an error until ldap_read,
  // so I just check to see if they would be blank, based on ldap_forget_passwords, and
  // make it read from the database.
  if (LDAPAUTH_FORGET_PASSWORDS || !$_ldapgroups_ldap->connect($dn, $pass)) {
    $row2 = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE sid = %d", $_ldapgroups_ldap->getOption('sid')));
    $dn = $row2->binddn;
    $pass = $row2->bindpw;
    if (!$_ldapgroups_ldap->connect($dn, $pass)) {
      watchdog('ldapgroups', "User login: user %name data could not be read in the LDAP directory", array('%name' => $user->name), WATCHDOG_WARNING);
      return FALSE;
    }
  }

  // Strategy 1: group extracted from user's DN.
  $dn_groups = array();
  if (_ldapgroups_ldap_info($user, 'ldapgroups_in_dn')) {
    $pairs = explode(',', $user->ldap_dn);
    foreach ($pairs as $p) {
      $pair = explode('=', $p);
      if (drupal_strtolower(trim($pair[0])) == drupal_strtolower(_ldapgroups_ldap_info($user, 'ldapgroups_dn_attribute')))
        $dn_groups[] = trim($pair[1]);
    }
  }

  // Strategy 2: groups in user attributes.
  $attrib_groups = array();
  if (_ldapgroups_ldap_info($user, 'ldapgroups_in_attr')) {
    foreach (_ldapgroups_ldap_info($user, 'ldapgroups_attr') as $attribute)
      $attrib_groups = array_merge($attrib_groups, $_ldapgroups_ldap->retrieveMultiAttribute($user->ldap_dn, $attribute));
  }

  // Strategy 3: groups as entries.
  $entries_groups = array();
  $ldapgroups_entries_attribute = _ldapgroups_ldap_info($user, 'ldapgroups_entries_attribute');
  if (_ldapgroups_ldap_info($user, 'ldapgroups_as_entries')) {
    foreach (_ldapgroups_ldap_info($user, 'ldapgroups_entries') as $branch) {
      $entries = $_ldapgroups_ldap->search($branch, $ldapgroups_entries_attribute .'='. $user->ldap_dn, array($ldapgroups_entries_attribute));
      if (empty($entries) || $entries['count'] == 0)
        $entries = $_ldapgroups_ldap->search($branch, $ldapgroups_entries_attribute .'='. $user->name, array($ldapgroups_entries_attribute));
      foreach ($entries as $entry) {
        if (isset($entry['dn']))
          $entries_groups[] = $entry['dn'];
      }
    }
  }

  $_ldapgroups_ldap->disconnect();
  return array_unique(array_merge($dn_groups, $attrib_groups, $entries_groups));
}

/**
 * Grant a user with a role.
 *
 * @param $user
 *   A user object.
 * @param $rolename
 *   A name of the role.
 *
 * @return
 */
function _ldapgroups_grant_role($user, $rolename) {
  $result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
  if ($row = db_fetch_object($result)) {
    $result = db_query("SELECT * FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
    if (!db_fetch_object($result)) {
      db_query("INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)", $user->uid, $row->rid);
    }
  }
}

/**
 * Deny a user with a role.
 *
 * @param $user
 *   A user object.
 * @param $rolename
 *   A name of the role.
 *
 * @return
 */
function _ldapgroups_deny_role($user, $rolename) {
  $result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
  if ($row = db_fetch_object($result)) {
    $result = db_query("SELECT * FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
    if (db_fetch_object($result)) {
      db_query("DELETE FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
    }
  }
}

/**
 * Create a new role.
 *
 * @param $rolename
 *   A name of the role.
 *
 * @return
 */
function _ldapgroups_create_role($rolename) {
  $result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
  if (!($row = db_fetch_object($result)))
    db_query("INSERT INTO {role} (name) VALUES ('%s')", $rolename);
}

/**
 * Filters groups only to a explicitely defined groups.
 *
 * @param $groups
 *   An array of the LDAP groups.
 *
 * @return
 *   An array of the filtered groups.
 */
function _ldapgroups_filter($account, $groups) {
  if (_ldapgroups_ldap_info($account, 'ldapgroups_mappings_filter') && count(_ldapgroups_ldap_info($account, 'ldapgroups_mappings') > 0)) {
    $groups_new = array();
    foreach ($groups as $group) {
      foreach (_ldapgroups_ldap_info($account, 'ldapgroups_mappings') as $group_approved => $role) {
        if (strcasecmp($group_approved, $group) == 0)
          $groups_new[] = $role;
      }
    }
    $groups = $groups_new;
  }

  if ($code = _ldapgroups_ldap_info($account, 'ldapgroups_filter_php'))
    $groups = drupal_eval($code);

  return $groups;
}

/**
 * Maps LDAP group name to a Drupal role.
 *
 * @param $user
 *   A user object.
 * @param $group
 *   A LDAP group name.
 *
 * @return
 *   An Drupal role.
 */
function _ldapgroups_mapping($user, $group) {
  $ldapgroups_mappings = _ldapgroups_ldap_info($user, 'ldapgroups_mappings');
  if (isset($ldapgroups_mappings[$group]))
    return $ldapgroups_mappings[$group];
  else if (preg_match('/^[^=]+=([^,]+),.*$/', $group, $matches))
    return $matches[1];
  else
    return $group;
}

/**
 * Initiates the LDAPInterfase class.
 *
 * @param $sid
 *   A server ID or user object.
 *
 * @return
 */
function _ldapgroups_ldap_init($sid) {
  global $_ldapgroups_ldap;

  if (!($sid = is_object($sid) ? (isset($sid->ldap_config) ? $sid->ldap_config : NULL) : $sid))
    return;

  static $servers = array();
  if (!isset($servers[$sid]))
    $servers[$sid] = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE status = 1 AND sid = %d", $sid));

  if ($servers[$sid]) {
    $_ldapgroups_ldap = new LDAPInterface();
    $_ldapgroups_ldap->setOption('sid', $sid);
    $_ldapgroups_ldap->setOption('name', $servers[$sid]->name);
    $_ldapgroups_ldap->setOption('server', $servers[$sid]->server);
    $_ldapgroups_ldap->setOption('port', $servers[$sid]->port);
    $_ldapgroups_ldap->setOption('tls', $servers[$sid]->tls);
    $_ldapgroups_ldap->setOption('encrypted', $servers[$sid]->encrypted);
    $_ldapgroups_ldap->setOption('basedn', $servers[$sid]->basedn);
    $_ldapgroups_ldap->setOption('user_attr', $servers[$sid]->user_attr);
    return $_ldapgroups_ldap;
  }
}

/**
 * Retrieve the saved ldapgroups saved setting.
 *
 * @param $sid
 *   A server ID or user object.
 * @param $req
 *   An attribute name.
 *
 * @return
 *   The attribute value.
 */
function _ldapgroups_ldap_info($sid, $req) {
  if (!($sid = is_object($sid) ? (isset($sid->ldap_config) ? $sid->ldap_config : NULL) : $sid))
    return;

  static $servers = array();
  if (!isset($servers[$sid]))
    $servers[$sid] = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE sid = %d", $sid));

  switch ($req) {
    case 'ldapgroups_in_dn':
      return $servers[$sid]->ldapgroups_in_dn;
    case 'ldapgroups_dn_attribute':
      return !empty($servers[$sid]->ldapgroups_dn_attribute) ? $servers[$sid]->ldapgroups_dn_attribute : LDAPGROUPS_DEFAULT_DN_ATTRIBUTE;
    case 'ldapgroups_in_attr':
      return $servers[$sid]->ldapgroups_in_attr;
    case 'ldapgroups_attr':
      return !empty($servers[$sid]->ldapgroups_attr) ? unserialize($servers[$sid]->ldapgroups_attr) : array();
    case 'ldapgroups_as_entries':
      return $servers[$sid]->ldapgroups_as_entries;
    case 'ldapgroups_entries':
      return !empty($servers[$sid]->ldapgroups_entries) ? unserialize($servers[$sid]->ldapgroups_entries) : array();
    case 'ldapgroups_entries_attribute':
      return !empty($servers[$sid]->ldapgroups_entries_attribute) ? $servers[$sid]->ldapgroups_entries_attribute : LDAPGROUPS_DEFAULT_ENTRIES_ATTRIBUTE;
    case 'ldapgroups_mappings':
      return !empty($servers[$sid]->ldapgroups_mappings) ? unserialize($servers[$sid]->ldapgroups_mappings) : array();
    case 'ldapgroups_mappings_filter':
      return $servers[$sid]->ldapgroups_mappings_filter;
    case 'ldapgroups_filter_php':
      return $servers[$sid]->ldapgroups_filter_php;
    case 'ldapgroups_groups':
      return !empty($servers[$sid]->ldapgroups_groups) ? unserialize($servers[$sid]->ldapgroups_groups) : array();
  }
}

1	<?php
2	// $Id: ldapgroups.inc,v 1.1 2009/08/25 13:23:37 miglius Exp $
3
4	/**
5	* @file
6	* ldapgroups include file.
7	*/
8
9	//////////////////////////////////////////////////////////////////////////////
10	// hook_user() functions
11
12	/**
13	* Implements hook_user() login operation.
14	*/
15	function ldapgroups_user_login(&$account) {
16	$authmap = user_get_authmaps($account->name);
17	if (!isset($authmap['ldapauth'])) {
18	// This user is not authenticated via lapauth.
19	return;
20	}
21
22	// Setup the global $_ldapgroups_ldap object.
23	if (!_ldapgroups_ldap_init($account))
24	return;
25
26	// First, we figure out the appropriate groups.
27	$groups = _ldapgroups_detect_groups($account);
28
29	// Apply groups restrictions.
30	if (count($groups_allow = _ldapgroups_ldap_info($account, 'ldapgroups_groups')) > 0 && count(array_intersect($groups, $groups_allow)) == 0) {
31	$account = user_load(0);
32	return;
33	}
34
35	// Then, we take every mapped role from the user, later below
36	// we'll grant back those deserved.
37	$account->ldap_drupal_roles = isset($account->ldap_drupal_roles) ? $account->ldap_drupal_roles : array();
38	foreach ($account->ldap_drupal_roles as $role) {
39	_ldapgroups_deny_role($account, $role);
40	}
41
42	// Are there LDAP groups for the user?
43	if ($groups === FALSE)
44	return TRUE;
45
46	// Next, we apply site-specific rules.
47	$groups = _ldapgroups_filter($account, $groups);
48
49	// At this point, the roles are in the full DN format.
50	$roles = array();
51	if (!empty($groups)) {
52	$ldapgroups_mappings = _ldapgroups_ldap_info($account, 'ldapgroups_mappings');
53	foreach ($groups as $group) {
54	$role = _ldapgroups_mapping($account, $group);
55	_ldapgroups_create_role($role);
56	_ldapgroups_grant_role($account, $role);
57	$roles[] = $role;
58	}
59	}
60
61	// Store roles in the user object so we know which ones
62	// were granted here.
63	user_save($account, array('ldap_drupal_roles' => $roles));
64	}
65
66	//////////////////////////////////////////////////////////////////////////////
67	// Auxiliary functions
68
69	/**
70	* Detect user groups from the LDAP.
71	*
72	* @param $user
73	* A user object.
74	*
75	* @return
76	* An array of user groups.
77	*/
78	function _ldapgroups_detect_groups($user) {
79	global $_ldapgroups_ldap;
80
81	// Nothing to do if the user is not LDAP authentified
82	// or there are no groups configured.
83	if (!(_ldapgroups_ldap_info($user, 'ldapgroups_in_dn') \|\| _ldapgroups_ldap_info($user, 'ldapgroups_in_attr') \|\| _ldapgroups_ldap_info($user, 'ldapgroups_as_entries')))
84	return FALSE;
85
86	// First try to connect with the stored user's DN and password.
87	// If unsuccessful, connect with the BINDDN and BINDPW stored in the database for this config.
88	$dn = isset($_SESSION['ldap_login']['dn']) ? $_SESSION['ldap_login']['dn'] : '';
89	$pass = isset($_SESSION['ldap_login']['pass']) ? $_SESSION['ldap_login']['pass'] : '';
90
91	// If I try to connect using a blank dn and pass, I dont get an error until ldap_read,
92	// so I just check to see if they would be blank, based on ldap_forget_passwords, and
93	// make it read from the database.
94	if (LDAPAUTH_FORGET_PASSWORDS \|\| !$_ldapgroups_ldap->connect($dn, $pass)) {
95	$row2 = db_fetch_object(db_query("SELECT binddn, bindpw FROM {ldapauth} WHERE sid = %d", $_ldapgroups_ldap->getOption('sid')));
96	$dn = $row2->binddn;
97	$pass = $row2->bindpw;
98	if (!$_ldapgroups_ldap->connect($dn, $pass)) {
99	watchdog('ldapgroups', "User login: user %name data could not be read in the LDAP directory", array('%name' => $user->name), WATCHDOG_WARNING);
100	return FALSE;
101	}
102	}
103
104	// Strategy 1: group extracted from user's DN.
105	$dn_groups = array();
106	if (_ldapgroups_ldap_info($user, 'ldapgroups_in_dn')) {
107	$pairs = explode(',', $user->ldap_dn);
108	foreach ($pairs as $p) {
109	$pair = explode('=', $p);
110	if (drupal_strtolower(trim($pair[0])) == drupal_strtolower(_ldapgroups_ldap_info($user, 'ldapgroups_dn_attribute')))
111	$dn_groups[] = trim($pair[1]);
112	}
113	}
114
115	// Strategy 2: groups in user attributes.
116	$attrib_groups = array();
117	if (_ldapgroups_ldap_info($user, 'ldapgroups_in_attr')) {
118	foreach (_ldapgroups_ldap_info($user, 'ldapgroups_attr') as $attribute)
119	$attrib_groups = array_merge($attrib_groups, $_ldapgroups_ldap->retrieveMultiAttribute($user->ldap_dn, $attribute));
120	}
121
122	// Strategy 3: groups as entries.
123	$entries_groups = array();
124	$ldapgroups_entries_attribute = _ldapgroups_ldap_info($user, 'ldapgroups_entries_attribute');
125	if (_ldapgroups_ldap_info($user, 'ldapgroups_as_entries')) {
126	foreach (_ldapgroups_ldap_info($user, 'ldapgroups_entries') as $branch) {
127	$entries = $_ldapgroups_ldap->search($branch, $ldapgroups_entries_attribute .'='. $user->ldap_dn, array($ldapgroups_entries_attribute));
128	if (empty($entries) \|\| $entries['count'] == 0)
129	$entries = $_ldapgroups_ldap->search($branch, $ldapgroups_entries_attribute .'='. $user->name, array($ldapgroups_entries_attribute));
130	foreach ($entries as $entry) {
131	if (isset($entry['dn']))
132	$entries_groups[] = $entry['dn'];
133	}
134	}
135	}
136
137	$_ldapgroups_ldap->disconnect();
138	return array_unique(array_merge($dn_groups, $attrib_groups, $entries_groups));
139	}
140
141	/**
142	* Grant a user with a role.
143	*
144	* @param $user
145	* A user object.
146	* @param $rolename
147	* A name of the role.
148	*
149	* @return
150	*/
151	function _ldapgroups_grant_role($user, $rolename) {
152	$result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
153	if ($row = db_fetch_object($result)) {
154	$result = db_query("SELECT * FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
155	if (!db_fetch_object($result)) {
156	db_query("INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)", $user->uid, $row->rid);
157	}
158	}
159	}
160
161	/**
162	* Deny a user with a role.
163	*
164	* @param $user
165	* A user object.
166	* @param $rolename
167	* A name of the role.
168	*
169	* @return
170	*/
171	function _ldapgroups_deny_role($user, $rolename) {
172	$result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
173	if ($row = db_fetch_object($result)) {
174	$result = db_query("SELECT * FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
175	if (db_fetch_object($result)) {
176	db_query("DELETE FROM {users_roles} WHERE uid = %d AND rid = %d", $user->uid, $row->rid);
177	}
178	}
179	}
180
181	/**
182	* Create a new role.
183	*
184	* @param $rolename
185	* A name of the role.
186	*
187	* @return
188	*/
189	function _ldapgroups_create_role($rolename) {
190	$result = db_query("SELECT * FROM {role} WHERE name = '%s'", $rolename);
191	if (!($row = db_fetch_object($result)))
192	db_query("INSERT INTO {role} (name) VALUES ('%s')", $rolename);
193	}
194
195	/**
196	* Filters groups only to a explicitely defined groups.
197	*
198	* @param $groups
199	* An array of the LDAP groups.
200	*
201	* @return
202	* An array of the filtered groups.
203	*/
204	function _ldapgroups_filter($account, $groups) {
205	if (_ldapgroups_ldap_info($account, 'ldapgroups_mappings_filter') && count(_ldapgroups_ldap_info($account, 'ldapgroups_mappings') > 0)) {
206	$groups_new = array();
207	foreach ($groups as $group) {
208	foreach (_ldapgroups_ldap_info($account, 'ldapgroups_mappings') as $group_approved => $role) {
209	if (strcasecmp($group_approved, $group) == 0)
210	$groups_new[] = $role;
211	}
212	}
213	$groups = $groups_new;
214	}
215
216	if ($code = _ldapgroups_ldap_info($account, 'ldapgroups_filter_php'))
217	$groups = drupal_eval($code);
218
219	return $groups;
220	}
221
222	/**
223	* Maps LDAP group name to a Drupal role.
224	*
225	* @param $user
226	* A user object.
227	* @param $group
228	* A LDAP group name.
229	*
230	* @return
231	* An Drupal role.
232	*/
233	function _ldapgroups_mapping($user, $group) {
234	$ldapgroups_mappings = _ldapgroups_ldap_info($user, 'ldapgroups_mappings');
235	if (isset($ldapgroups_mappings[$group]))
236	return $ldapgroups_mappings[$group];
237	else if (preg_match('/^[^=]+=([^,]+),.*$/', $group, $matches))
238	return $matches[1];
239	else
240	return $group;
241	}
242
243	/**
244	* Initiates the LDAPInterfase class.
245	*
246	* @param $sid
247	* A server ID or user object.
248	*
249	* @return
250	*/
251	function _ldapgroups_ldap_init($sid) {
252	global $_ldapgroups_ldap;
253
254	if (!($sid = is_object($sid) ? (isset($sid->ldap_config) ? $sid->ldap_config : NULL) : $sid))
255	return;
256
257	static $servers = array();
258	if (!isset($servers[$sid]))
259	$servers[$sid] = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE status = 1 AND sid = %d", $sid));
260
261	if ($servers[$sid]) {
262	$_ldapgroups_ldap = new LDAPInterface();
263	$_ldapgroups_ldap->setOption('sid', $sid);
264	$_ldapgroups_ldap->setOption('name', $servers[$sid]->name);
265	$_ldapgroups_ldap->setOption('server', $servers[$sid]->server);
266	$_ldapgroups_ldap->setOption('port', $servers[$sid]->port);
267	$_ldapgroups_ldap->setOption('tls', $servers[$sid]->tls);
268	$_ldapgroups_ldap->setOption('encrypted', $servers[$sid]->encrypted);
269	$_ldapgroups_ldap->setOption('basedn', $servers[$sid]->basedn);
270	$_ldapgroups_ldap->setOption('user_attr', $servers[$sid]->user_attr);
271	return $_ldapgroups_ldap;
272	}
273	}
274
275	/**
276	* Retrieve the saved ldapgroups saved setting.
277	*
278	* @param $sid
279	* A server ID or user object.
280	* @param $req
281	* An attribute name.
282	*
283	* @return
284	* The attribute value.
285	*/
286	function _ldapgroups_ldap_info($sid, $req) {
287	if (!($sid = is_object($sid) ? (isset($sid->ldap_config) ? $sid->ldap_config : NULL) : $sid))
288	return;
289
290	static $servers = array();
291	if (!isset($servers[$sid]))
292	$servers[$sid] = db_fetch_object(db_query("SELECT * FROM {ldapauth} WHERE sid = %d", $sid));
293
294	switch ($req) {
295	case 'ldapgroups_in_dn':
296	return $servers[$sid]->ldapgroups_in_dn;
297	case 'ldapgroups_dn_attribute':
298	return !empty($servers[$sid]->ldapgroups_dn_attribute) ? $servers[$sid]->ldapgroups_dn_attribute : LDAPGROUPS_DEFAULT_DN_ATTRIBUTE;
299	case 'ldapgroups_in_attr':
300	return $servers[$sid]->ldapgroups_in_attr;
301	case 'ldapgroups_attr':
302	return !empty($servers[$sid]->ldapgroups_attr) ? unserialize($servers[$sid]->ldapgroups_attr) : array();
303	case 'ldapgroups_as_entries':
304	return $servers[$sid]->ldapgroups_as_entries;
305	case 'ldapgroups_entries':
306	return !empty($servers[$sid]->ldapgroups_entries) ? unserialize($servers[$sid]->ldapgroups_entries) : array();
307	case 'ldapgroups_entries_attribute':
308	return !empty($servers[$sid]->ldapgroups_entries_attribute) ? $servers[$sid]->ldapgroups_entries_attribute : LDAPGROUPS_DEFAULT_ENTRIES_ATTRIBUTE;
309	case 'ldapgroups_mappings':
310	return !empty($servers[$sid]->ldapgroups_mappings) ? unserialize($servers[$sid]->ldapgroups_mappings) : array();
311	case 'ldapgroups_mappings_filter':
312	return $servers[$sid]->ldapgroups_mappings_filter;
313	case 'ldapgroups_filter_php':
314	return $servers[$sid]->ldapgroups_filter_php;
315	case 'ldapgroups_groups':
316	return !empty($servers[$sid]->ldapgroups_groups) ? unserialize($servers[$sid]->ldapgroups_groups) : array();
317	}
318	}
319