PHP Class LdapTools\Query\Builder\ADFilterBuilder

Author: Chad Sikorra ([email protected])
Inheritance: extends FilterBuilder
Show file Open project: ldaptools/ldaptools Class Usage Examples

Public Methods

Method Description
accountExpires ( ) : bAnd Checks for accounts that are set to expire at a certain date.
accountIsDisabled ( ) : MatchingRule Checks for disabled accounts via a bitwise AND comparison on userAccountControl.
accountIsLocked ( ) : Comparison Checks for locked accounts via a comparison on the lockoutTime attribute.
accountNeverExpires ( ) : bOr Checks for accounts that never expire.
groupIsDistribution ( ) : bNot Check for groups that are distribution lists.
groupIsDomainLocal ( ) : MatchingRule Checks for groups that are domain local in scope.
groupIsGlobal ( ) : MatchingRule Checks for groups that are global in scope.
groupIsSecurityEnabled ( ) : MatchingRule Checks for groups that are security enabled.
groupIsType ( integer $flag ) : MatchingRule Check for a specific AD group type by its flag.
groupIsUniversal ( ) : MatchingRule Checks for groups that are universal in scope.
hasMemberRecursively ( string $value, string $attribute = 'members' ) : MatchingRule Performs a recursive search of members in a group to see if the account is one of them.
isRecursivelyMemberOf ( string $group, string $attribute = 'groups' ) : MatchingRule Performs a recursive search of group membership to determine if the account belongs to it. If you are not using a schema and want to use this function you should pass 'memberOf' as the second argument.
mailEnabled ( ) : Wildcard Checks for the existence of an attribute that should only be set on mail-enabled objects.
passwordMustChange ( ) : Comparison Check for accounts where they must change their password on the next logon.
passwordNeverExpires ( ) : MatchingRule Checks for accounts where the password never expires via a bitwise AND comparison on userAccountControl.

Method Details

accountExpires() public method

Checks for accounts that are set to expire at a certain date.
Deprecation: Use the accountExpirationDate schema attribute instead (bool true)
public accountExpires ( ) : bAnd
return LdapTools\Query\Operator\bAnd

accountIsDisabled() public method

Checks for disabled accounts via a bitwise AND comparison on userAccountControl.
Deprecation: Use the disabled schema attribute instead.
public accountIsDisabled ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule

accountIsLocked() public method

Checks for locked accounts via a comparison on the lockoutTime attribute.
Deprecation: Use the 'locked' schema attribute instead.
public accountIsLocked ( ) : Comparison
return LdapTools\Query\Operator\Comparison

accountNeverExpires() public method

Checks for accounts that never expire.
Deprecation: Use the accountExpirationDate schema attribute instead (bool false)
public accountNeverExpires ( ) : bOr
return LdapTools\Query\Operator\bOr

groupIsDistribution() public method

Check for groups that are distribution lists.
Deprecation: Use the typeDistribution schema attribute instead.
public groupIsDistribution ( ) : bNot
return LdapTools\Query\Operator\bNot

groupIsDomainLocal() public method

Checks for groups that are domain local in scope.
Deprecation: Use the scopeDomainLocal schema attribute instead.
public groupIsDomainLocal ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule

groupIsGlobal() public method

Checks for groups that are global in scope.
Deprecation: Use the scopeGlobal schema attribute instead.
public groupIsGlobal ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule

groupIsSecurityEnabled() public method

Checks for groups that are security enabled.
Deprecation: Use the typeSecurity schema attribute instead.
public groupIsSecurityEnabled ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule

groupIsType() public method

Check for a specific AD group type by its flag.
See also: LdapTools\Query\GroupTypeFlags
Deprecation: Use the group type schema attributes instead.
public groupIsType ( integer $flag ) : MatchingRule
$flag integer A constant from GroupTypeFlags
return LdapTools\Query\Operator\MatchingRule

groupIsUniversal() public method

Checks for groups that are universal in scope.
Deprecation: Use the scopeUniversal schema attribute instead.
public groupIsUniversal ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule

hasMemberRecursively() public method

Performs a recursive search of members in a group to see if the account is one of them.
public hasMemberRecursively ( string $value, string $attribute = 'members' ) : MatchingRule
$value string A username, SID, GUID, DN or LdapObject.
$attribute string The attribute to query against. Defaults to 'members'.
return LdapTools\Query\Operator\MatchingRule

isRecursivelyMemberOf() public method

Performs a recursive search of group membership to determine if the account belongs to it. If you are not using a schema and want to use this function you should pass 'memberOf' as the second argument.
public isRecursivelyMemberOf ( string $group, string $attribute = 'groups' ) : MatchingRule
$group string The name, GUID, SID, LdapObject or DN of a group
$attribute string The attribute to query against. Defaults to 'groups'.
return LdapTools\Query\Operator\MatchingRule

mailEnabled() public method

Checks for the existence of an attribute that should only be set on mail-enabled objects.
public mailEnabled ( ) : Wildcard
return LdapTools\Query\Operator\Wildcard

passwordMustChange() public method

Check for accounts where they must change their password on the next logon.
Deprecation: Use the passwordMustChange schema attribute instead (bool false)
public passwordMustChange ( ) : Comparison
return LdapTools\Query\Operator\Comparison

passwordNeverExpires() public method

Checks for accounts where the password never expires via a bitwise AND comparison on userAccountControl.
Deprecation: Use the passwordNeverExpires schema attribute instead.
public passwordNeverExpires ( ) : MatchingRule
return LdapTools\Query\Operator\MatchingRule