Skip to content

Commit

Permalink
Allow to specify base DN for searching user DNs (Bug #12128).
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunosh
yunosh committed Jun 11, 2014
1 parent c5e77b4 commit f9058a1
Show file tree
Hide file tree
Showing 4 changed files with 114 additions and 79 deletions.
169 changes: 100 additions & 69 deletions framework/Core/lib/Horde/Config.php
View file
Expand Up @@ -746,8 +746,8 @@ protected function _parseLevel(&$conf, $children, $ctx)
* @param string $ctx The context of the <configldap> tag.
* @param DomNode $node The DomNode representation of the
* <configldap> tag.
* @param string $switchname If DomNode is not set, the value of the
* tag's switchname attribute.
* @param string $switchname If $node is not set, the value of the tag's
* switchname attribute.
*
* @return array An associative array with the LDAP configuration tree.
*/
Expand Down Expand Up @@ -823,73 +823,7 @@ protected function _configLDAP($ctx, $node = null,
),
'user' => array(
'desc' => 'Bind as the currently logged-in user',
'fields' => array(
'user' => array(
'binddn' => array(
'_type' => 'text',
'required' => false,
'desc' => 'DN used to bind for searching the user\'s DN (leave empty for anonymous bind)',
'default' => $this->_default(
$ctx . '|user|binddn',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="binddn"])', $node) ?: '') : ''
)
),
'bindpw' => array(
'_type' => 'text',
'required' => false,
'desc' => 'Password for bind DN',
'default' => $this->_default(
$ctx . '|user|bindpw',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="bindpw"])', $node) ?: '') : ''
)
),
'uid' => array(
'_type' => 'text',
'required' => true,
'desc' => 'The username search key (set to samaccountname for AD).',
'default' => $this->_default(
$ctx . '|user|uid',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="uid"])', $node) ?: 'uid') : 'uid'
)
),
'filter_type' => array(
'required' => false,
'desc' => 'How to specify a filter for the user lists.',
'default' => $this->_default(
$ctx . '|user|filter_type',
$node ? ($xpath->evaluate('normalize-space(configsection/configswitch[@name="filter_type"]/text())', $node) ?: 'objectclass') : 'objectclass'),
'switch' => array(
'filter' => array(
'desc' => 'LDAP filter string',
'fields' => array(
'filter' => array(
'_type' => 'text',
'required' => true,
'desc' => 'The LDAP filter string used to search for users.',
'default' => $this->_default(
$ctx . '|user|filter',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="filter"])', $node) ?: '(objectClass=*)') : '(objectClass=*)'
)
),
),
),
'objectclass' => array(
'desc' => 'List of objectClasses',
'fields' => array(
'objectclass' => array(
'_type' => 'stringlist',
'required' => true,
'desc' => 'The objectclass filter used to search for users. Can be a single objectclass or a comma-separated list.',
'default' => implode(', ', $this->_default(
$ctx . '|user|objectclass',
$node ? ($xpath->evaluate('string(configsection/configlist[@name="objectclass"])', $node) ?: array('*')) : array('*')))
),
),
),
),
),
),
),
'fields' => $this->_configLDAPUser($ctx, $node)
),
'admin' => array(
'desc' => 'Bind with administrative/system credentials',
Expand Down Expand Up @@ -994,6 +928,103 @@ protected function _configLDAP($ctx, $node = null,
return $config;
}

/**
* Returns the configuration tree for an LDAP configuration to search user
* DNs to replace a <configldapuser> tag.
*
* Subnodes will be parsed and added.
*
* @param string $ctx The context of the <configldapuser> tag.
* @param DomNode $node The DomNode representation of the
* <configldapuser> tag.
*
* @return array A list of associative arrays with the LDAP configuration
* tree.
*/
protected function _configLDAPUser($ctx, $node = null)
{
if ($node) {
$xpath = new DOMXPath($node->ownerDocument);
}

return array(
'user' => array(
'basedn' => array(
'_type' => 'text',
'required' => false,
'desc' => 'Base DN for searching the user\'s DN',
'default' => $this->_default(
$ctx . '|user|basedn',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="basedn"])', $node) ?: '') : ''
)
),
'binddn' => array(
'_type' => 'text',
'required' => false,
'desc' => 'DN used to bind for searching the user\'s DN (leave empty for anonymous bind)',
'default' => $this->_default(
$ctx . '|user|binddn',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="binddn"])', $node) ?: '') : ''
)
),
'bindpw' => array(
'_type' => 'text',
'required' => false,
'desc' => 'Password for bind DN',
'default' => $this->_default(
$ctx . '|user|bindpw',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="bindpw"])', $node) ?: '') : ''
)
),
'uid' => array(
'_type' => 'text',
'required' => true,
'desc' => 'The username search key (set to samaccountname for AD).',
'default' => $this->_default(
$ctx . '|user|uid',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="uid"])', $node) ?: 'uid') : 'uid'
)
),
'filter_type' => array(
'required' => false,
'desc' => 'How to specify a filter for the user lists.',
'default' => $this->_default(
$ctx . '|user|filter_type',
$node ? ($xpath->evaluate('normalize-space(configsection/configswitch[@name="filter_type"]/text())', $node) ?: 'objectclass') : 'objectclass'),
'switch' => array(
'filter' => array(
'desc' => 'LDAP filter string',
'fields' => array(
'filter' => array(
'_type' => 'text',
'required' => true,
'desc' => 'The LDAP filter string used to search for users.',
'default' => $this->_default(
$ctx . '|user|filter',
$node ? ($xpath->evaluate('string(configsection/configstring[@name="filter"])', $node) ?: '(objectClass=*)') : '(objectClass=*)'
)
),
),
),
'objectclass' => array(
'desc' => 'List of objectClasses',
'fields' => array(
'objectclass' => array(
'_type' => 'stringlist',
'required' => true,
'desc' => 'The objectclass filter used to search for users. Can be a single objectclass or a comma-separated list.',
'default' => implode(', ', $this->_default(
$ctx . '|user|objectclass',
$node ? ($xpath->evaluate('string(configsection/configlist[@name="objectclass"])', $node) ?: array('*')) : array('*')))
),
),
),
),
),
),
);
}

/**
* Returns the configuration tree for a NoSQL backend configuration to
* replace a <confignosql> tag.
Expand Down
2 changes: 2 additions & 0 deletions framework/Core/package.xml
View file
Expand Up @@ -39,6 +39,7 @@
</stability>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
* [jan] Add base DN to LDAP configuration for searching user DNs.
* [jan] Allow to specify port for PostgreSQL socket connections (Request #13250).
</notes>
<contents>
Expand Down Expand Up @@ -3433,6 +3434,7 @@
<date>2014-06-10</date>
<license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
<notes>
* [jan] Add base DN to LDAP configuration for searching user DNs.
* [jan] Allow to specify port for PostgreSQL socket connections (Request #13250).
</notes>
</release>
Expand Down
6 changes: 4 additions & 2 deletions framework/Ldap/lib/Horde/Ldap.php
View file
Expand Up @@ -32,7 +32,7 @@ class Horde_Ldap
* - filter: default search filter.
* - scope: default search scope.
* - user: configuration parameters for {@link findUserDN()},
* must contain 'uid', and 'filter' or 'objectclass'
* must contain 'uid', and may contain 'basedn'
* entries.
* - auto_reconnect: if true, the class will automatically
* attempt to reconnect to the LDAP server in certain
Expand Down Expand Up @@ -877,7 +877,9 @@ public function findUserDN($user)
array(Horde_Ldap_Filter::build($this->_config['user']),
Horde_Ldap_Filter::create($this->_config['user']['uid'], 'equals', $user)));
$search = $this->search(
null,
isset($this->_config['user']['basedn'])
? $this->_config['user']['basedn']
: null,
$filter,
array('attributes' => array($this->_config['user']['uid'])));
if (!$search->count()) {
Expand Down
16 changes: 8 additions & 8 deletions framework/Ldap/package.xml
View file
Expand Up @@ -17,18 +17,18 @@
<email>jan@horde.org</email>
<active>yes</active>
</lead>
<date>2014-06-10</date>
<date>2014-06-11</date>
<version>
<release>2.1.1</release>
<api>1.1.1</api>
<release>2.2.0</release>
<api>1.2.0</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://opensource.org/licenses/lgpl-3.0.html">LGPL-3.0</license>
<notes>
*
* [jan] Allow to specify base DN for searching user DNs.
</notes>
<contents>
<dir baseinstalldir="/" name="/">
Expand Down Expand Up @@ -448,15 +448,15 @@
</release>
<release>
<version>
<release>2.1.1</release>
<api>1.1.1</api></version>
<release>2.2.0</release>
<api>1.2.0</api></version>
<stability>
<release>stable</release>
<api>stable</api></stability>
<date>2014-06-10</date>
<date>2014-06-11</date>
<license uri="http://opensource.org/licenses/lgpl-3.0.html">LGPL-3.0</license>
<notes>
*
* [jan] Allow to specify base DN for searching user DNs.
</notes>
</release>
</changelog>
Expand Down

0 comments on commit f9058a1

Please sign in to comment.