<?php

/*
 * postLDAPadmin
 *
 * Copyright (C) 2006,2007 DesigNET, INC.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.

 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

/***********************************************************
 * LDAP饤֥
 *
 * $RCSfile$
 * $Revision$
 * $Date$
 **********************************************************/

/* ޥ */
define ("LDAP_OK",		 0);	    /*  */
define ("LDAP_ERR_FILE",	-1);	    /* եIO顼 */
define ("LDAP_ERR_BIND",	-2);	    /* LDAPХɥ顼 */
define ("LDAP_ERR_SEARCH",	-3);	    /* LDAP顼 */
define ("LDAP_ERR_ADD",		-4);	    /* LDAPϿ顼 */
define ("LDAP_ERR_MOD",		-5);	    /* LDAPѹ顼 */
define ("LDAP_ERR_PARAM",	-6);	    /* ʰϤ줿 */
define ("LDAP_ERR_DATA",	-7);	    /* ʥǡ¸ߤ */
define ("LDAP_ERR_NODATA",	-8);	    /* 륨ȥ꤬¸ߤʤ */
define ("LDAP_ERR_DUPLICATE",	-9);	    /* ʣΥȥ꤬¸ */
define ("LDAP_ERR_DEL",		-10);	    /* LDAP顼 */
define ("LDAP_ERR_NOATTR",	-11);	    /* LDAP°ͤʤ顼 */
define ("LDAP_ERR_OTHER",	-127);	    /* ¾Υ顼 */

/* μ */
define("TYPE_ONELEVEL",		0);
define("TYPE_ONEENTRY",		1);
define("TYPE_SUBTREE",		2);

/* μ */
define("TYPE_ADD",		0);
define("TYPE_MODIFY",		1);
define("TYPE_DELETE",		2);
define("TYPE_ADD_ATTRIBUTE",	3);
define("TYPE_REPLACE_ATTRIBUTE",	4);
define("TYPE_MODIFY_DELETE",	5);

define ("LDAP_SUCCESS",		0);  /* LDAPΥ */
define ("LDAP_NO_SUCH_OBJECT",	32); /* ꤷDNΥȥ꤬Ĥʤ */
define ("LDAP_ALREADY_EXISTS",	68); /* ꤷDNΥȥ꤬ˤ */
define ("LDAP_DECODING_ERROR",	84); /* ꤷ°ͤĤʤ */
define ("LDAP_NO_SUCH_VALUE",	16); /* ꤷ°ͤ¸ߤʤ */
define ("LDAP_NO_SUCH_ATTR",	17); /* ꤷ°ͤ¸ߤʤ */
define ("LDAP_EXISTS_VALUE",	20); /* ꤷ°ͤ¸ߤƤ */
define ("LDAP_INVALID_CREDENTIALS",	49); /* bindn,bindpwְäƤ */
define ("LDAP_SERVER_DOWN",	-1); /* LDAPӥ */

define("PG_ENCODING",		"EUC-JP");
define("LDAP_ENCODING",		"UTF-8");
define("LDAP_VERSION",		3);

define("OPERATION_LDAP_CONNECTION", "NULL LDAP CONNECTION");




/***************************************************************************
 * LDAP_connect_server()
 * 
 * $web_confͿ줿ФФƥͥȡХɤԤ  
 *
 * []
 *	ʤ
 * [֤]
 *	$ds		LDAPID()
 *	LDAP_ERR_BIND	Хɥ顼
 **************************************************************************/
function LDAP_connect_server()
{
    global $web_conf;
    global $msgarr;
    global $err_msg;
    global $log_msg;
    global $env;
    global $url_data;

    /* ɹѤξ */
    $lservers = explode(",", $web_conf[$url_data["script"]]["ldapserver"]);
    $lports = explode(",", $web_conf[$url_data["script"]]["ldapport"]);
    $max = 1;

    /* 桼ȤǥХɤ */
    if (isset($env["user_self"]) && $env["user_self"] === TRUE) {
        $ldapbinddn = $env["user_selfdn"];
        $ldapbindpw = $env["user_selfpw"];
    } else {
        $ldapbinddn = $web_conf[$url_data["script"]]["ldapbinddn"];
        $ldapbindpw = $web_conf[$url_data["script"]]["ldapbindpw"];
    }

    $ldap_err = "";
    $ldap_log = "";
    
    for ($i = 0; $i < $max; $i++) {

        $lserver = trim($lservers[$i]);
        if ($lserver == "") {
            continue;
        }

        $lport = trim($lports[$i]);
        if ($lport == "") {
            $lport = 389;
        }

        /* LDAPФ³ */
        $ds = @ldap_connect($lserver, $lport);
        if ($ds === FALSE) {
            $ldap_err .= sprintf($msgarr['03019'][SCREEN_MSG], $lserver, $lport);
            $ldap_log .= sprintf($msgarr['03019'][LOG_MSG], $lserver, $lport);
            continue;
        }

        /* LDAPΥС3 */
        if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, LDAP_VERSION)) {
            $ldap_err .= sprintf($msgarr['03020'][SCREEN_MSG], $lserver, $lport);
            $ldap_log .= sprintf($msgarr['03020'][LOG_MSG], $lserver, $lport);
	    ldap_unbind($ds);
            continue;
        }

        /* LDAPǥ쥯ȥ˥Хɤ */
        $r = @ldap_bind($ds, $ldapbinddn, $ldapbindpw);
        if ($r === FALSE) {
            $errno = ldap_errno($ds);
            if ($errno == LDAP_SUCCESS) {
                $ldap_err .= sprintf($msgarr['03021'][SCREEN_MSG], $lserver, $lport);
                $ldap_log .= sprintf($msgarr['03021'][LOG_MSG], $lserver, $lport);
            } else {
                $error = ldap_error($ds);
                $ldap_err .= sprintf($msgarr['03022'][SCREEN_MSG], $error, $lserver, $lport);
                $ldap_log .= sprintf($msgarr['03022'][LOG_MSG], $error, $lserver, $lport);
                if ($errno === LDAP_SERVER_DOWN) {
                    $env["ldap_server_down"] = TRUE;
                }
            }
	    ldap_unbind($ds);
            continue;
        }

        /* ³Ǥ 顼ȯƤ */
        if ($ldap_err != "") {
            $ldap_err = preg_replace("/<br>$/i", "", $ldap_err);
            $ldap_log = preg_replace("/<br>$/i", "", $ldap_log);
            result_log(OPERATION_LDAP_CONNECTION . ":NG:" . $ldap_log);
        }
        return $ds;
    }

    $err_msg = preg_replace("/<br>$/i", "", $ldap_err);
    $log_msg = preg_replace("/<br>$/i", "", $ldap_log);
    return (LDAP_ERR_BIND);
}

/****************************************************************************
 * main_get_entry()
 * 
 * ꤵ줿פηȤ򤷤̡륨ȥɬ
 * Ϣ(&$data)˳Ǽ롣
 *
 * []
 *	ʸ 		$basedn 	١DN
 *	ʸ 		$filter		ե륿 
 *	 		$attrs		ɬפǤΥơ֥ 
 *   	ʸ 		$type		פη
 *	Ϣ	&$data 		Ϥ줿ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_SEARCH	顼 
 *	LDAP_ERR_PARAM	ʰ
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 *    	LDAP_ERR_OTHER	¾Υ顼	
 ***************************************************************************/
function main_get_entry($basedn, $filter, $attrs, $type, &$data)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    $s_attrs = array();

    /* å */
    if (!$basedn) {
        $err_msg = $msgarr['03001'][SCREEN_MSG];
        $log_msg = $msgarr['03001'][LOG_MSG];
	return (LDAP_ERR_PARAM);
    }
    if (!$filter){
        $err_msg = $msgarr['03002'][SCREEN_MSG];
        $log_msg = $msgarr['03002'][LOG_MSG];
	return (LDAP_ERR_PARAM);
    }
    if (!is_array($attrs)) {
        $err_msg = $msgarr['03003'][SCREEN_MSG];
        $log_msg = $msgarr['03003'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }

    /* °̾ʸѴ */
    for ($i = 0, $max = count($attrs); $i < $max; $i++) {
        $tmp = strtolower($attrs[$i]);

        /* ȥӥ塼ȤDNȤϼ */
        if ($tmp == "dn") {
            continue;
	}
        $s_attrs[$i] = $tmp;
    }

    /* Х */
    $ds = LDAP_connect_server();
    if ($ds == LDAP_ERR_BIND) {
	return (LDAP_ERR_BIND);
    }

    /*  */
    $sr = ldap_scope_search($ds, $basedn, $s_attrs, $filter, $type);
    if ($sr === FALSE){
	$errno = ldap_errno($ds);
	if ($errno == LDAP_NO_SUCH_OBJECT) {
            $err_msg = sprintf($msgarr['03004'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03004'][LOG_MSG], $basedn);
	    ldap_unbind($ds);
	    return (LDAP_ERR_NODATA);

	} elseif ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03005'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03005'][LOG_MSG], $basedn);
	    ldap_unbind($ds);
	    return (LDAP_ERR_SEARCH);

	} else {
	    $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03006'][SCREEN_MSG], $error, $basedn);
            $log_msg = sprintf($msgarr['03006'][LOG_MSG], $error, $basedn);
	    ldap_unbind($ds);
	    return (LDAP_ERR_SEARCH);
	}
    }

    /* ǡǼ */
    $ret = set_data($ds, $sr, $attrs, $s_attrs, $type, $data, $basedn);
	
    ldap_unbind($ds);
    return $ret;
}

/****************************************************************************
 * main_get_entry_connect()
 * 
 * ꤵ줿פηȤ򤷤̡륨ȥɬ
 * Ϣ(&$data)˳Ǽ롣
 *
 * []
 *	ʸ 		$basedn 	١DN
 *      ʸ          $ds             LDAPID
 *	ʸ 		$filter		ե륿 
 *	 		$attrs		ɬפǤΥơ֥ 
 *   	ʸ 		$type		פη
 *	Ϣ	&$data 		Ϥ줿ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_SEARCH	顼 
 *	LDAP_ERR_PARAM	ʰ
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 *    	LDAP_ERR_OTHER	¾Υ顼	
 ***************************************************************************/
function main_get_entry_connect($basedn, $ds, $filter, $attrs, $type, &$data)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    $s_attrs = array();

    /* å */
    if (!$basedn) {
        $err_msg = $msgarr['03001'][SCREEN_MSG];
        $log_msg = $msgarr['03001'][LOG_MSG];
	return (LDAP_ERR_PARAM);
    }
    if (!$filter){
        $err_msg = $msgarr['03002'][SCREEN_MSG];
        $log_msg = $msgarr['03002'][LOG_MSG];
	return (LDAP_ERR_PARAM);
    }
    if (!is_array($attrs)) {
        $err_msg = $msgarr['03003'][SCREEN_MSG];
        $log_msg = $msgarr['03003'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }

    /* °̾ʸѴ */
    for ($i = 0, $max = count($attrs); $i < $max; $i++) {
        $tmp = strtolower($attrs[$i]);

        /* ȥӥ塼ȤDNȤϼ */
        if ($tmp == "dn") {
            continue;
	}
        $s_attrs[$i] = $tmp;
    }

    /*  */
    $sr = ldap_scope_search($ds, $basedn, $s_attrs, $filter, $type);
    if ($sr === FALSE){
	$errno = ldap_errno($ds);
	if ($errno == LDAP_NO_SUCH_OBJECT) {
            $err_msg = sprintf($msgarr['03004'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03004'][LOG_MSG], $basedn);
	    return (LDAP_ERR_NODATA);

	} elseif ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03005'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03005'][LOG_MSG], $basedn);
	    return (LDAP_ERR_SEARCH);

	} else {
	    $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03006'][SCREEN_MSG], $error, $basedn);
            $log_msg = sprintf($msgarr['03006'][LOG_MSG], $error, $basedn);
	    return (LDAP_ERR_SEARCH);
	}
    }

    /* ǡǼ */
    $ret = set_data($ds, $sr, $attrs, $s_attrs, $type, $data, $basedn);
	
    return $ret;
}

/****************************************************************************
 * LDAP_add_entry()
 * 
 * Ϣ($data)˳Ǽ줿ǡLDAPϿ롣
 *
 * []
 *	ʸ 		$dn	 	ϿDN
 *	Ϣ	$data 		ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK			 
 *	LDAP_ERR_BIND		Хɥ顼 
 *	LDAP_ERR_ADD		LDAPؤϿ˼
 *	LDAP_ERR_DUPLICATE	ȥ꤬¸ߤ
 ***************************************************************************/
function LDAP_add_entry($dn, $data)
{

    $ret = entry_operate($dn, $data, TYPE_ADD);
    return $ret;
}

/****************************************************************************
 * LDAP_add_entry_connect()
 * 
 * Ϣ($data)˳Ǽ줿ǡLDAPϿ롣
 *
 * []
 *	ʸ 		$dn	 	ϿDN
 *      ʸ          $ds             LDAPID
 *	Ϣ	$data 		ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK			 
 *	LDAP_ERR_BIND		Хɥ顼 
 *	LDAP_ERR_ADD		LDAPؤϿ˼
 *	LDAP_ERR_DUPLICATE	ȥ꤬¸ߤ
 ***************************************************************************/
function LDAP_add_entry_connect($dn, $ds, $data)
{

    $ret = entry_operate_connect($dn, $ds, $data, TYPE_ADD);
    return $ret;
}

/****************************************************************************
 * LDAP_mod_entry()
 * 
 * LDAPϿ줿ǡϢ($data)˳Ǽ줿ǡѹ롣
 *
 * []
 *	ʸ 		$dn	 	ѹDN
 *   	Ϣ	$data 		ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_MOD	LDAPξѹ˼
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 ***************************************************************************/
function LDAP_mod_entry($dn, $data)
{

    $ret = entry_operate($dn, $data, TYPE_MODIFY);
    return $ret;
}

/****************************************************************************
 * LDAP_mod_entry_connect()
 * 
 * LDAPϿ줿ǡϢ($data)˳Ǽ줿ǡѹ롣
 *
 * []
 *	ʸ 		$dn	 	ѹDN
 *	ʸ 		$ds	 	LDAPID
 *   	Ϣ	$data 		ɬפǥǡγǼ
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_MOD	LDAPξѹ˼
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 ***************************************************************************/
function LDAP_mod_entry_connect($dn, $ds, $data)
{

    $ret = entry_operate_connect($dn, $ds, $data, TYPE_MODIFY);
    return $ret;
}

/****************************************************************************
 * LDAP_del_entry()
 * 
 * LDAPϿ줿ǡ򡢾õ롣
 *
 * []
 *	ʸ 		$basedn	 	õDN
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 *	LDAP_ERR_DEL	LDAPΥȥκ˼
 ***************************************************************************/
function LDAP_del_entry($basedn)
{
    $data = "";
    $ret = entry_operate($basedn, $data, TYPE_DELETE);
    return $ret;
}

/****************************************************************************
 * LDAP_del_entry_connect()
 * 
 * LDAPϿ줿ǡ򡢾õ롣
 *
 * []
 *	ʸ 		$basedn	 	õDN
 *      ʸ          $ds            LDAPID
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_BIND	Хɥ顼 
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 *	LDAP_ERR_DEL	LDAPΥȥκ˼
 ***************************************************************************/
function LDAP_del_entry_connect($basedn, $ds)
{
    $data = "";
    $ret = entry_operate_connect($basedn, $ds, $data, TYPE_DELETE);
    return $ret;
}

/****************************************************************************
 * LDAP_add_attribute()
 *
 * LDAPϿ줿ȥ°ɲä
 *
 * []
 *      ʸ          $basedn         õDN
 *      Ϣ        $data           ɬפǥǡγǼ
 * [֤]
 *      LDAP_OK         
 *      LDAP_ERR_BIND   Хɥ顼
 *      LDAP_ERR_ADD    LDAPξɲä˼
 *      LDAP_ERR_NODATA ȥ꤬¸ߤʤ
 *      LDAP_ERR_DUPLICATE      °ͤ¸ߤ
 ***************************************************************************/
function LDAP_add_attribute($basedn, $data)
{

    $ret = entry_operate($basedn, $data, TYPE_ADD_ATTRIBUTE);
    return $ret;
}

/****************************************************************************
 * LDAP_del_attribute()
 *
 * LDAPϿ줿1ĤΥǡ°
 *
 * []
 *      ʸ          $dn             оݤ°DN
 *                  $attrs          °̾
 * [֤]
 *      LDAP_OK         
 *      LDAP_ERR_PARAM  ʰ
 *      LDAP_ERR_DEL    °κ˼
 *      LDAP_ERR_NODATA ȥʤ
 *      LDAP_ERR_NOATTR °ޤ°ͤʤ
 ***************************************************************************/
function LDAP_del_attribute($dn, $attrs)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    /* å */
    if (!$dn) {
        $err_msg = $msgarr['03001'][SCREEN_MSG];
        $log_msg = $msgarr['03001'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }
    if (!is_array($attrs)) {
        $err_msg = $msgarr['03003'][SCREEN_MSG];
        $log_msg = $msgarr['03003'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }

    /* Х */
    $ds = LDAP_connect_server();
    if ($ds == LDAP_ERR_BIND) {
        return (LDAP_ERR_BIND);
    }

    /* °κ */
    return del_attribute($ds, $dn, $attrs);
}

/****************************************************************************
 * del_attribute()
 *
 * LDAPϿ줿1ĤΥǡ°
 *
 * []
 *      ʸ          $dn             оݤ°DN
 *                  $attrs          °̾
 * [֤]
 *      LDAP_OK         
 *      LDAP_ERR_PARAM  ʰ
 *      LDAP_ERR_DEL    °κ˼
 *      LDAP_ERR_NODATA ȥʤ
 *      LDAP_ERR_NOATTR °ޤ°ͤʤ
 ***************************************************************************/
function del_attribute($ds, $dn, $attrs)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    $enc_dn = mb_convert_encoding($dn, LDAP_ENCODING, PG_ENCODING);
    $r = @ldap_mod_del($ds, $enc_dn, $attrs);
    if ($r === FALSE) {
        $errno = ldap_errno($ds);
        if ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03007'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03007'][LOG_MSG], $dn);
            $ret = LDAP_ERR_DEL;
        } else {
            $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03008'][SCREEN_MSG], $error, $dn);
            $log_msg = sprintf($msgarr['03008'][LOG_MSG], $error, $dn);

            if ($errno == LDAP_NO_SUCH_VALUE || $errno == LDAP_NO_SUCH_ATTR) {
                $ret = LDAP_ERR_NOATTR;
            } else if ($errno == LDAP_NO_SUCH_OBJECT) {
                $ret = LDAP_ERR_NODATA;
            } else {
                $ret =  LDAP_ERR_DEL;
            }
        }
        ldap_unbind($ds);
        return $ret;
    }

    ldap_unbind($ds);

    return (LDAP_OK);
}

/****************************************************************************
 * entry_operate()
 * 
 * ꤵ줿ǡ($type)ɲáѹִȤä
 * Ԥ
 *
 * []
 *	ʸ 		$dn	 	ϿorѹorDN
 *	Ϣ 	$data	 	Ͽorѹǡ
 *	ʸ 		$type	 	ꤵ줿ǡ	
 * [֤]
 *	LDAP_OK			 
 *	LDAP_ERR_BIND		Хɥ顼 
 *	LDAP_ERR_ADD		LDAPؤϿ˼
 *	LDAP_ERR_MOD		LDAPξѹ˼
 *	LDAP_ERR_NODATA		ȥ꤬¸ߤʤ
 *	LDAP_ERR_DUPLICATE	ȥ꤬¸ߤ
 *	LDAP_ERR_DEL		LDAPΥȥκ˼
 ***************************************************************************/
function entry_operate($dn, $data, $type)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    /* å */
    if (!$dn) {
        $err_msg = $msgarr['03001'][SCREEN_MSG];
        $log_msg = $msgarr['03001'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }
    if ((!is_array($data)) && ($type != TYPE_DELETE)) {
        $err_msg = $msgarr['03003'][SCREEN_MSG];
        $log_msg = $msgarr['03003'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }

    /* Х */
    $ds = LDAP_connect_server();
    if ($ds == LDAP_ERR_BIND) {
        return (LDAP_ERR_BIND);
    }

    $conv_dn = mb_convert_encoding($dn, LDAP_ENCODING, PG_ENCODING);

    /* ȥɲáѹִ */
    if ($type == TYPE_ADD) {
        $log_str = "ȥɲ";
        $log_str_eng = "Add entry";
        $r = @ldap_add($ds, $conv_dn, $data);
    } elseif ($type == TYPE_MODIFY) {
        $log_str = "ȥѹ";
        $log_str_eng = "Modify entry";
        $r = @ldap_modify($ds, $conv_dn, $data);
    } elseif ($type == TYPE_DELETE) {
        $log_str = "ȥκ";
        $log_str_eng = "Delete entry";
        $r = @ldap_delete($ds, $conv_dn);
    } elseif ($type == TYPE_ADD_ATTRIBUTE) {
        $log_str = "°ɲ";
        $log_str_eng = "Add attribution";
        $r = @ldap_mod_add($ds, $conv_dn, $data);
    } elseif ($type == TYPE_REPLACE_ATTRIBUTE) {
        $log_str = "°ɲ";
        $log_str_eng = "Add attribution";
        $r = @ldap_mod_add($ds, $conv_dn, array($data[0] => $data[2]));
    } elseif ($type == TYPE_MODIFY_DELETE) {
        $log_str = "ȥѹ";
        $log_str_eng = "Modify entry";
        $r = @ldap_modify($ds, $conv_dn, $data[0]);
    }

    if ($r === FALSE) {
        $errno = ldap_errno($ds);

        /* Ǥ¸ߤƤ */
	if ($errno == LDAP_ALREADY_EXISTS) {
            $err_msg = sprintf($msgarr['03009'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03009'][LOG_MSG], $dn);
	    ldap_unbind($ds);
            return (LDAP_ERR_DUPLICATE);
        }
        /* Ĥʤ */
	if ($errno == LDAP_NO_SUCH_OBJECT) {
            $err_msg = sprintf($msgarr['03004'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03004'][LOG_MSG], $dn);
	    ldap_unbind($ds);
            return (LDAP_ERR_NODATA);
        }
        /* Ǥ¸ߤƤ(°) */
	if ($errno == LDAP_EXISTS_VALUE) {
            $err_msg = sprintf($msgarr['03010'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03010'][LOG_MSG], $dn);
	    ldap_unbind($ds);
            return (LDAP_ERR_DUPLICATE);
        }

        if ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03011'][SCREEN_MSG], $log_str, $dn);
            $log_msg = sprintf($msgarr['03011'][LOG_MSG], $log_str_eng, $dn);
        } else {
            $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03012'][SCREEN_MSG], $log_str, $error, $dn);
            $log_msg = sprintf($msgarr['03012'][LOG_MSG], $log_str_eng, $error, $dn);
	}

	ldap_unbind($ds);
	if ($type == TYPE_ADD || $type == TYPE_ADD_ATTRIBUTE ||
            $type == TYPE_REPLACE_ATTRIBUTE) {
            return (LDAP_ERR_ADD);
	} elseif ($type == TYPE_MODIFY || $type == TYPE_MODIFY_DELETE){
            return (LDAP_ERR_MOD);
	} elseif ($type == TYPE_DELETE){
            return (LDAP_ERR_DEL);
	}
    }
    /* ִξϺ */
    if ($type == TYPE_REPLACE_ATTRIBUTE) {
        return del_attribute($ds, $dn, array($data[0] => $data[1]));
    /* ξϺ */
    } else if ($type == TYPE_MODIFY_DELETE) {
        return del_attribute($ds, $dn, $data[1]);
    }
    ldap_unbind($ds);

    return (LDAP_OK);
}

/****************************************************************************
 * entry_operate_connect()
 * 
 * ꤵ줿ǡ($type)ɲáѹִȤä
 * Ԥ
 *
 * []
 *	ʸ 		$dn	 	ϿorѹorDN
 *      ʸ          $ds             LDAPID
 *	Ϣ 	$data	 	Ͽorѹǡ
 *	ʸ 		$type	 	ꤵ줿ǡ	
 * [֤]
 *	LDAP_OK			 
 *	LDAP_ERR_BIND		Хɥ顼 
 *	LDAP_ERR_ADD		LDAPؤϿ˼
 *	LDAP_ERR_MOD		LDAPξѹ˼
 *	LDAP_ERR_NODATA		ȥ꤬¸ߤʤ
 *	LDAP_ERR_DUPLICATE	ȥ꤬¸ߤ
 *	LDAP_ERR_DEL		LDAPΥȥκ˼
 ***************************************************************************/
function entry_operate_connect($dn, $ds, $data, $type)
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    /* å */
    if (!$dn) {
        $err_msg = $msgarr['03001'][SCREEN_MSG];
        $log_msg = $msgarr['03001'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }
    if ((!is_array($data)) && ($type != TYPE_DELETE)) {
        $err_msg = $msgarr['03003'][SCREEN_MSG];
        $log_msg = $msgarr['03003'][LOG_MSG];
        return (LDAP_ERR_PARAM);
    }

    $conv_dn = mb_convert_encoding($dn, LDAP_ENCODING, PG_ENCODING);

    /* ȥɲáѹִ */
    if ($type == TYPE_ADD) {
        $log_str = "ȥɲ";
        $log_str_eng = "Add entry";
        $r = @ldap_add($ds, $conv_dn, $data);
    } elseif ($type == TYPE_MODIFY) {
        $log_str = "ȥѹ";
        $log_str_eng = "Modify entry";
        $r = @ldap_modify($ds, $conv_dn, $data);
    } elseif ($type == TYPE_DELETE) {
        $log_str = "ȥκ";
        $log_str_eng = "Delete entry";
        $r = @ldap_delete($ds, $conv_dn);
    } elseif ($type == TYPE_ADD_ATTRIBUTE) {
        $log_str = "°ɲ";
        $log_str_eng = "Add attribution";
        $r = @ldap_mod_add($ds, $conv_dn, $data);
    } elseif ($type == TYPE_REPLACE_ATTRIBUTE) {
        $log_str = "°ɲ";
        $log_str_eng = "Add attribution";
        $r = @ldap_mod_add($ds, $conv_dn, array($data[0] => $data[2]));
    } elseif ($type == TYPE_MODIFY_DELETE) {
        $log_str = "ȥѹ";
        $log_str_eng = "Modify entry";
        $r = @ldap_modify($ds, $conv_dn, $data[0]);
    }

    if ($r === FALSE) {
        $errno = ldap_errno($ds);

        /* Ǥ¸ߤƤ */
	if ($errno == LDAP_ALREADY_EXISTS) {
            $err_msg = sprintf($msgarr['03009'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03009'][LOG_MSG], $dn);
            return (LDAP_ERR_DUPLICATE);
        }
        /* Ĥʤ */
	if ($errno == LDAP_NO_SUCH_OBJECT) {
            $err_msg = sprintf($msgarr['03004'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03004'][LOG_MSG], $dn);
            return (LDAP_ERR_NODATA);
        }
        /* Ǥ¸ߤƤ(°) */
	if ($errno == LDAP_EXISTS_VALUE) {
            $err_msg = sprintf($msgarr['03010'][SCREEN_MSG], $dn);
            $log_msg = sprintf($msgarr['03010'][LOG_MSG], $dn);
            return (LDAP_ERR_DUPLICATE);
        }

        if ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03011'][SCREEN_MSG], $log_str, $dn);
            $log_msg = sprintf($msgarr['03011'][LOG_MSG], $log_str_eng, $dn);
        } else {
            $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03012'][SCREEN_MSG], $log_str, $error, $dn);
            $log_msg = sprintf($msgarr['03012'][LOG_MSG], $log_str_eng, $error, $dn);
	}

	if ($type == TYPE_ADD || $type == TYPE_ADD_ATTRIBUTE ||
            $type == TYPE_REPLACE_ATTRIBUTE) {
            return (LDAP_ERR_ADD);
	} elseif ($type == TYPE_MODIFY || $type == TYPE_MODIFY_DELETE){
            return (LDAP_ERR_MOD);
	} elseif ($type == TYPE_DELETE){
            return (LDAP_ERR_DEL);
	}
    }
    /* ִξϺ */
    if ($type == TYPE_REPLACE_ATTRIBUTE) {
        return del_attribute($ds, $dn, array($data[0] => $data[1]));
    /* ξϺ */
    } else if ($type == TYPE_MODIFY_DELETE) {
        return del_attribute($ds, $dn, $data[1]);
    }

    return (LDAP_OK);
}
/***************************************************************************
 * ldap_scope_search()
 * 
 * $typeǻꤵ줿פǥ򤹤롣
 *
 * []
 *	ʸ 		$ds		LDAPID	
 *	ʸ 		$basedn		ȥDN
 *	 		$attrs		ɬפǤΥơ֥ 
 *	ʸ 		$filter		ե륿	
 *   	ʸ 		$type	 	פη	
 * [֤]
 *	FALSE	顼 
 *	$sr	ID 
 ***************************************************************************/
function ldap_scope_search($ds, $basedn, $attrs, $filter, $type)
{
    $basedn = mb_convert_encoding($basedn, LDAP_ENCODING, PG_ENCODING);

    if (count($attrs) == 0) {
	switch ($type) {
	    case TYPE_ONELEVEL:
	        $sr = @ldap_list($ds, $basedn, $filter, array());
		break;	
	    case TYPE_ONEENTRY:
	        $sr = @ldap_read($ds, $basedn, $filter);
		break;
	    case TYPE_SUBTREE:
	        $sr = @ldap_search($ds, $basedn, $filter);
		break;
	}
    } else {
	switch ($type) {
	    case TYPE_ONELEVEL:
	        $sr = @ldap_list($ds, $basedn, $filter, $attrs);
	        break;
	    case TYPE_ONEENTRY:
	        $sr = @ldap_read($ds, $basedn, $filter, $attrs);
		break;
	    case TYPE_SUBTREE:
	        $sr = @ldap_search($ds, $basedn, $filter, $attrs);
		break;
	}
    }
    return ($sr);
}

/***************************************************************************
 * set_data()
 * 
 * ̤ɬǤϢ(&$data)˳Ǽ롣
 *
 * []
 *	ʸ 		$ds		LDAPID	
 *	ʸ 		$sr		ID	
 *	 		$attrs		ɬפǤΥơ֥ 
 *                  $s_attrs        ʸΥơ֥
 *	ʸ 		$type	 	פη	
 *	Ϣ	&$data 		ɬפǥǡγǼ
 *	ʸ		$basedn		١DN 
 * [֤]
 *	LDAP_OK		 
 *	LDAP_ERR_SEARCH	顼 
 *	LDAP_ERR_NODATA	ȥ꤬¸ߤʤ
 *	LDAP_ERR_OTHER	¾Υ顼	
 ***************************************************************************/
function set_data($ds, $sr, $attrs, $s_attrs, $type, &$data, $basedn) 
{
    global $msgarr;
    global $err_msg;
    global $log_msg;

    if (count($attrs) == 0) {
        $attr_assign = TRUE;
    } else {
        $attr_assign = FALSE;
    }

    /* ȥ */
    $entry_cnt = @ldap_count_entries($ds, $sr);
    if ($entry_cnt === FALSE) {
	$errno = ldap_errno($ds);
	if ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03013'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03013'][LOG_MSG], $basedn);
	} else {
            $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03014'][SCREEN_MSG], $error, $basedn);
            $log_msg = sprintf($msgarr['03014'][LOG_MSG], $error, $basedn);
	}
        return (LDAP_ERR_NODATA);

    } elseif ($entry_cnt == 0) { 
        $err_msg = sprintf($msgarr['03004'][SCREEN_MSG], $basedn);
        $log_msg = sprintf($msgarr['03004'][LOG_MSG], $basedn);
        return (LDAP_ERR_NODATA);
    }

    $entry_id = @ldap_first_entry($ds, $sr);
    if ($entry_id === FALSE) {
        $errno = ldap_errno($ds);
	if ($errno == LDAP_SUCCESS) {
            $err_msg = sprintf($msgarr['03013'][SCREEN_MSG], $basedn);
            $log_msg = sprintf($msgarr['03013'][LOG_MSG], $basedn);
	} else {
            $error = ldap_error($ds);
            $err_msg = sprintf($msgarr['03014'][SCREEN_MSG], $error, $basedn);
            $log_msg = sprintf($msgarr['03014'][LOG_MSG], $error, $basedn);
	}
        return (LDAP_ERR_NODATA);
    }

    for ($j = 0 ; $entry_id ; $j++) {
	$dn = @ldap_get_dn($ds, $entry_id);
	if ($dn === FALSE) {
	    $errno = ldap_errno($ds);
	    if ($errno == LDAP_SUCCESS) {
                $err_msg = sprintf($msgarr['03015'][SCREEN_MSG], $basedn);
                $log_msg = sprintf($msgarr['03015'][LOG_MSG], $basedn);
	    } else {
                $error = ldap_error($ds);
                $err_msg = sprintf($msgarr['03016'][SCREEN_MSG], $error, $basedn);
                $log_msg = sprintf($msgarr['03016'][LOG_MSG], $error, $basedn);
	    }
            return (LDAP_ERR_OTHER);
	}
	$data[$j]["dn"] = preg_replace("/, +/", ",", $dn);

	/* ȥӥ塼Ȥꤵʤäν */
	if ($attr_assign) {
            /* ȥ */
  	    $attri = @ldap_get_attributes($ds, $entry_id); 
	    if ($attri === FALSE) {
	        $errno = ldap_errno($ds);
	        if ($errno == LDAP_SUCCESS) {
                    $err_msg = sprintf($msgarr['03017'][SCREEN_MSG], $basedn);
                    $log_msg = sprintf($msgarr['03017'][LOG_MSG], $basedn);
	        } else {
                    $error = ldap_error($ds);
                    $err_msg = sprintf($msgarr['03018'][SCREEN_MSG], $error, $basedn);
                    $log_msg = sprintf($msgarr['03018'][LOG_MSG], $error, $basedn);
	        }
                return (LDAP_ERR_OTHER);
	    }


        /* ȥ */
        $attri = @ldap_get_attributes($ds, $entry_id);
        $s_attrs = $attri;
        $attrs = $attri;
        $attrs_cnt = $attri["count"];

	} else {
	    /* ȥӥ塼Ȥꤵ줿ν */
            /* ǿ */
	    $attrs_cnt = count($attrs);
	}

	    for ($i = 0; $i < $attrs_cnt; $i++) {
                /* ° */
	        $value = @ldap_get_values_len($ds, $entry_id, $s_attrs[$i]);
		if ($value === FALSE) {
                    $errno = ldap_errno($ds);
		    if ($errno == LDAP_DECODING_ERROR) {
		        $data[$j][$attrs[$i]][$k] = "";
		    } elseif($errno == LDAP_SUCCESS) {
                        $err_msg = sprintf($msgarr['03017'][SCREEN_MSG], $basedn);
                        $log_msg = sprintf($msgarr['03017'][LOG_MSG], $basedn);
	            } else {
                        $error = ldap_error($ds);
                        $err_msg = sprintf($msgarr['03018'][SCREEN_MSG], $error, $basedn);
                        $log_msg = sprintf($msgarr['03018'][LOG_MSG], $error, $basedn);
	            }
                    return (LDAP_ERR_OTHER);
		}

		for ($k = 0; $k < $value["count"]; $k++ ) {
		    $data[$j][$attrs[$i]][$k] = $value[$k];	
		}
	    }
        $entry_id = @ldap_next_entry($ds, $entry_id);
    }
    return (LDAP_OK);
}

/****************************************************************************
 * filter_escape()
 * 
 * ե륿Υ
 *
 * []
 *	ʸ 		$str
 * [֤]
 *	ʸ
 ***************************************************************************/
function filter_escape($str)
{
    $trans = array("*" => "\\*",
                   "(" => "\\(",
                   ")" => "\\)",
                   "\\" => "\\\\");

    return strtr($str, $trans);
}

?>
