Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
feat(core): add lookupFields attribute in LDAP source
This field allows for looking up attributes not returned with the
default query, such as operational attributes.

Fixes #568

Co-authored-by: Skrupellos <skruppy@onmars.eu>
  • Loading branch information
2 people authored and cgx committed Jun 18, 2020
1 parent 7c2783a commit 882085c
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 34 deletions.
7 changes: 6 additions & 1 deletion Documentation/SOGoInstallationGuide.asciidoc
Expand Up @@ -1028,6 +1028,11 @@ _bindDN_ and _bindPassword_ will still be required to find the proper DN
|bindFields (optional)
|An array of fields to use when doing indirect binds.
|lookupFields (optional)
|Lookup fields for LDAP queries. Default is `(*)`. This can be utilized
to lookup operational fields (which are per default not part of the result)
such as `memberOf`: `lookupFields = ("*", "memberOf");`
|hostname
|A space-delimited list of LDAP URLs or LDAP hostnames.
Expand Down Expand Up @@ -1106,7 +1111,7 @@ not work for entries in this source and thus, freebusy lookups.
repository
|listRequiresDot (optional)
|If set to `YES`, listing of this LDAP source is only possible when performing a search (respecting the SOGoSearchMinimumWordLength parameter) or when explicitely typing a single dot.
|If set to `YES`, listing of this LDAP source is only possible when performing a search (respecting the SOGoSearchMinimumWordLength parameter) or when explicitly typing a single dot.
Defaults to `YES` when unset.
|ModulesConstraints (optional)
Expand Down
2 changes: 2 additions & 0 deletions SoObjects/SOGo/LDAPSource.h
Expand Up @@ -75,6 +75,7 @@
NSMutableDictionary *_members;

NSDictionary *_modulesConstraints;
NSArray *_lookupFields;

BOOL _passwordPolicy;
BOOL _updateSambaNTLMPasswords;
Expand Down Expand Up @@ -110,6 +111,7 @@ groupObjectClasses: (NSArray *) newGroupObjectClasses
IMAPLoginField: (NSString *) newIMAPLoginField
SieveHostField: (NSString *) newSieveHostField
bindFields: (id) newBindFields
lookupFields: (NSArray *) newLookupFields
kindField: (NSString *) newKindField
andMultipleBookingsField: (NSString *) newMultipleBookingsField;

Expand Down
70 changes: 37 additions & 33 deletions SoObjects/SOGo/LDAPSource.m
Expand Up @@ -110,6 +110,8 @@ - (id) init

_passwordPolicy = NO;
_updateSambaNTLMPasswords = NO;
_lookupFields = [NSArray arrayWithObject: @"*"];
[_lookupFields retain];

_kindField = nil;
_multipleBookingsField = nil;
Expand Down Expand Up @@ -159,6 +161,7 @@ - (void) dealloc
[_MSExchangeHostname release];
[_modifiers release];
[_displayName release];
[_lookupFields release];
[super dealloc];
}

Expand Down Expand Up @@ -194,6 +197,7 @@ - (id) initFromUDSource: (NSDictionary *) udSource
IMAPLoginField: [udSource objectForKey: @"IMAPLoginFieldName"]
SieveHostField: [udSource objectForKey: @"SieveHostFieldName"]
bindFields: [udSource objectForKey: @"bindFields"]
lookupFields: [udSource objectForKey: @"lookupFields"]
kindField: [udSource objectForKey: @"KindFieldName"]
andMultipleBookingsField: [udSource objectForKey: @"MultipleBookingsFieldName"]];

Expand Down Expand Up @@ -229,7 +233,7 @@ - (id) initFromUDSource: (NSDictionary *) udSource
if (!_contactInfoAttribute)
_contactInfoAttribute = [dd ldapContactInfoAttribute];
[_contactInfoAttribute retain];

udQueryLimit = [udSource objectForKey: @"SOGoLDAPQueryLimit"];
if (udQueryLimit)
_queryLimit = [udQueryLimit intValue];
Expand Down Expand Up @@ -265,7 +269,7 @@ - (id) initFromUDSource: (NSDictionary *) udSource

if ([udSource objectForKey: @"updateSambaNTLMPasswords"])
_updateSambaNTLMPasswords = [[udSource objectForKey: @"updateSambaNTLMPasswords"] boolValue];

ASSIGN(_MSExchangeHostname, [udSource objectForKey: @"MSExchangeHostname"]);
}

Expand Down Expand Up @@ -333,6 +337,7 @@ - (void) setBaseDN: (NSString *) newBaseDN
IMAPLoginField: (NSString *) newIMAPLoginField
SieveHostField: (NSString *) newSieveHostField
bindFields: (id) newBindFields
lookupFields: (NSArray *) newLookupFields
kindField: (NSString *) newKindField
andMultipleBookingsField: (NSString *) newMultipleBookingsField
{
Expand Down Expand Up @@ -379,6 +384,8 @@ - (void) setBaseDN: (NSString *) newBaseDN
ASSIGN(_bindFields, [newBindFields componentsSeparatedByString: @","]);
}
}
if (newLookupFields)
ASSIGN(_lookupFields, newLookupFields);
if (newKindField)
ASSIGN(_kindField, [newKindField lowercaseString]);
if (newMultipleBookingsField)
Expand Down Expand Up @@ -587,7 +594,7 @@ - (BOOL) checkLogin: (NSString *) _login
didBind = [bindConnection bindWithMethod: @"simple"
binddn: userDN
credentials: _pwd];
else
else
didBind = [bindConnection bindWithMethod: @"simple"
binddn: userDN
credentials: _pwd
Expand Down Expand Up @@ -644,14 +651,14 @@ - (BOOL) _ldapModifyAttribute: (NSString *) theAttribute
NSArray *changes;

BOOL didChange;

attr = [[NGLdapAttribute alloc] initWithAttributeName: theAttribute];
[attr addStringValue: theValue];

mod = [NGLdapModification replaceModification: attr];

changes = [NSArray arrayWithObject: mod];

if ([bindConnection bindWithMethod: @"simple"
binddn: theUserDN
credentials: theUserPassword])
Expand All @@ -661,7 +668,7 @@ - (BOOL) _ldapModifyAttribute: (NSString *) theAttribute
}
else
didChange = NO;

RELEASE(attr);

return didChange;
Expand All @@ -674,7 +681,7 @@ - (BOOL) changePasswordForLogin: (NSString *) login
oldPassword: (NSString *) oldPassword
newPassword: (NSString *) newPassword
perr: (SOGoPasswordPolicyError *) perr

{
NGLdapConnection *bindConnection;
NSString *userDN;
Expand Down Expand Up @@ -723,7 +730,7 @@ - (BOOL) changePasswordForLogin: (NSString *) login
// We don't use a password policy - we simply use
// a modify-op to change the password
NSString* encryptedPass;

if ([_userPasswordAlgorithm isEqualToString: @"none"])
{
encryptedPass = newPassword;
Expand All @@ -732,7 +739,7 @@ - (BOOL) changePasswordForLogin: (NSString *) login
{
encryptedPass = [self _encryptPassword: newPassword];
}

if (encryptedPass != nil)
{
*perr = PolicyNoError;
Expand All @@ -752,7 +759,7 @@ - (BOOL) changePasswordForLogin: (NSString *) login
userDN: userDN
password: newPassword
connection: bindConnection];

[self _ldapModifyAttribute: @"sambaLMPassword"
withValue: [newPassword asLMHash]
userDN: userDN
Expand All @@ -775,7 +782,7 @@ - (BOOL) changePasswordForLogin: (NSString *) login
}
}
NS_ENDHANDLER ;

[bindConnection release];
return didChange;
}
Expand Down Expand Up @@ -919,11 +926,11 @@ - (NSArray *) allEntryIDs
[qs appendFormat: @" AND %@", _filter];
qualifier = [EOQualifier qualifierWithQualifierFormat: qs];

if ([_scope caseInsensitiveCompare: @"BASE"] == NSOrderedSame)
if ([_scope caseInsensitiveCompare: @"BASE"] == NSOrderedSame)
entries = [ldapConnection baseSearchAtBaseDN: _baseDN
qualifier: qualifier
attributes: attributes];
else if ([_scope caseInsensitiveCompare: @"ONE"] == NSOrderedSame)
else if ([_scope caseInsensitiveCompare: @"ONE"] == NSOrderedSame)
entries = [ldapConnection flatSearchAtBaseDN: _baseDN
qualifier: qualifier
attributes: attributes];
Expand Down Expand Up @@ -1127,7 +1134,7 @@ - (NSDictionary *) _convertLDAPEntryToContact: (NGLdapEntry *) ldapEntry
ldifRecord = [ldapEntry asDictionary];
[ldifRecord setObject: self forKey: @"source"];
[ldifRecord setObject: [ldapEntry dn] forKey: @"dn"];

// We get our objectClass attribute values. We lowercase
// everything for ease of search after.
o = [ldapEntry objectClasses];
Expand Down Expand Up @@ -1255,28 +1262,26 @@ - (NSArray *) fetchContactsMatching: (NSString *) match
NSEnumerator *entries;
NSMutableArray *contacts;
EOQualifier *qualifier;
NSArray *attributes;

contacts = [NSMutableArray array];

if ([match length] > 0 || !_listRequiresDot)
{
ldapConnection = [self _ldapConnection];
qualifier = [self _qualifierForFilter: match onCriteria: criteria];
attributes = [NSArray arrayWithObject: @"*"];

if ([_scope caseInsensitiveCompare: @"BASE"] == NSOrderedSame)
entries = [ldapConnection baseSearchAtBaseDN: _baseDN
qualifier: qualifier
attributes: attributes];
attributes: _lookupFields];
else if ([_scope caseInsensitiveCompare: @"ONE"] == NSOrderedSame)
entries = [ldapConnection flatSearchAtBaseDN: _baseDN
qualifier: qualifier
attributes: attributes];
else /* we do it like before */
attributes: _lookupFields];
else /* we do it like before */
entries = [ldapConnection deepSearchAtBaseDN: _baseDN
qualifier: qualifier
attributes: attributes];
attributes: _lookupFields];
while ((currentEntry = [entries nextObject]))
[contacts addObject:
[self _convertLDAPEntryToContact: currentEntry]];
Expand All @@ -1289,23 +1294,21 @@ - (NGLdapEntry *) _lookupLDAPEntry: (EOQualifier *) theQualifier
{
NGLdapConnection *ldapConnection;
NSEnumerator *entries;
NSArray *attributes;

ldapConnection = [self _ldapConnection];
attributes = [NSArray arrayWithObject: @"*"];

if ([_scope caseInsensitiveCompare: @"BASE"] == NSOrderedSame)
entries = [ldapConnection baseSearchAtBaseDN: _baseDN
qualifier: theQualifier
attributes: attributes];
attributes: _lookupFields];
else if ([_scope caseInsensitiveCompare: @"ONE"] == NSOrderedSame)
entries = [ldapConnection flatSearchAtBaseDN: _baseDN
qualifier: theQualifier
attributes: attributes];
attributes: _lookupFields];
else
entries = [ldapConnection deepSearchAtBaseDN: _baseDN
qualifier: theQualifier
attributes: attributes];
attributes: _lookupFields];

return [entries nextObject];
}
Expand Down Expand Up @@ -1359,7 +1362,7 @@ - (NSString *) lookupLoginByDN: (NSString *) theDN
NGLdapEntry *entry;
EOQualifier *qualifier;
NSString *login;

login = nil;
qualifier = nil;

Expand Down Expand Up @@ -1412,24 +1415,24 @@ - (NGLdapEntry *) _lookupGroupEntryByAttributes: (NSArray *) theAttributes
EOQualifier *qualifier;
NGLdapEntry *ldapEntry;
NSString *s;

if ([theValue length] > 0 && [theAttributes count] > 0)
{
if ([theAttributes count] == 1)
{
s = [NSString stringWithFormat: @"(%@='%@')",
[theAttributes lastObject], SafeLDAPCriteria(theValue)];

}
else
{
NSString *fieldFormat;

fieldFormat = [NSString stringWithFormat: @"(%%@='%@')", SafeLDAPCriteria(theValue)];
s = [[theAttributes stringsWithFormat: fieldFormat]
componentsJoinedByString: @" OR "];
}

qualifier = [EOQualifier qualifierWithQualifierFormat: s];
ldapEntry = [self _lookupLDAPEntry: qualifier];
}
Expand Down Expand Up @@ -1826,6 +1829,7 @@ - (NSArray *) addressBookSourcesForUser: (NSString *) theUser
IMAPLoginField: nil
SieveHostField: nil
bindFields: nil
lookupFields: nil
kindField: nil
andMultipleBookingsField: nil];
[ab setListRequiresDot: NO];
Expand Down Expand Up @@ -1956,7 +1960,7 @@ - (NSException *) renameAddressBookSource: (NSString *) newId
reason: @"user addressbooks"
@" are not supported"
userInfo: nil];

return result;
}

Expand Down

0 comments on commit 882085c

Please sign in to comment.