Skip to content

Commit

Permalink
LdapUserGroupBackend: Let the backend decide which defaults to use
Browse files Browse the repository at this point in the history 
refs #7343
  • Loading branch information
Johannes Meyer committed Jun 5, 2015
1 parent 3fd0d99 commit ee2462a
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 18 deletions.
62 changes: 62 additions & 0 deletions library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
View file
Expand Up @@ -3,6 +3,7 @@

namespace Icinga\Authentication\UserGroup;

use Icinga\Data\ConfigObject;
use Icinga\Exception\ProgrammingError;
use Icinga\Protocol\Ldap\Expression;
use Icinga\Repository\LdapRepository;
Expand Down Expand Up @@ -532,4 +533,65 @@ public function getMemberships(User $user)

return $groups;
}

/**
* Apply the given configuration on this backend
*
* @param ConfigObject $config
*
* @return $this
*/
public function setConfig(ConfigObject $config)
{
if ($config->backend === 'ldap') {
$defaults = $this->getOpenLdapDefaults();
} elseif ($config->backend === 'msldap') {
$defaults = $this->getActiveDirectoryDefaults();
} else {
$defaults = new ConfigObject();
}

return $this
->setGroupBaseDn($config->base_dn)
->setUserBaseDn($config->get('user_base_dn', $this->getGroupBaseDn()))
->setGroupClass($config->get('group_class', $defaults->group_class))
->setUserClass($config->get('user_class', $defaults->user_class))
->setGroupNameAttribute($config->get('group_name_attribute', $defaults->group_name_attribute))
->setUserNameAttribute($config->get('user_name_attribute', $defaults->user_name_attribute))
->setGroupMemberAttribute($config->get('group_member_attribute', $defaults->group_member_attribute))
->setGroupFilter($config->filter)
->setUserFilter($config->user_filter);
}

/**
* Return the configuration defaults for an OpenLDAP environment
*
* @return ConfigObject
*/
protected function getOpenLdapDefaults()
{
return new ConfigObject(array(
'group_class' => 'group',
'user_class' => 'inetOrgPerson',
'group_name_attribute' => 'gid',
'user_name_attribute' => 'uid',
'group_member_attribute' => 'member'
));
}

/**
* Return the configuration defaults for an ActiveDirectory environment
*
* @return ConfigObject
*/
protected function getActiveDirectoryDefaults()
{
return new ConfigObject(array(
'group_class' => 'group',
'user_class' => 'user',
'group_name_attribute' => 'sAMAccountName',
'user_name_attribute' => 'sAMAccountName',
'group_member_attribute' => 'member'
));
}
}
19 changes: 1 addition & 18 deletions library/Icinga/Authentication/UserGroup/UserGroupBackend.php
View file
Expand Up @@ -159,26 +159,9 @@ public static function create($name, ConfigObject $backendConfig)
$backend = new IniUserGroupBackend($resource);
break;
case 'ldap':
$backend = new LdapUserGroupBackend($resource);
$backend
->setGroupBaseDn($backendConfig->base_dn)
->setUserBaseDn($backendConfig->get('user_base_dn', $backend->getGroupBaseDn()))
->setGroupClass($backendConfig->get('group_class', 'group'))
->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'))
->setGroupNameAttribute($backendConfig->get('group_name_attribute', 'gid'))
->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'))
->setGroupMemberAttribute($backendConfig->get('group_member_attribute', 'member'));
break;
case 'msldap':
$backend = new LdapUserGroupBackend($resource);
$backend
->setGroupBaseDn($backendConfig->base_dn)
->setUserBaseDn($backendConfig->get('user_base_dn', $backend->getGroupBaseDn()))
->setGroupClass($backendConfig->get('group_class', 'group'))
->setUserClass($backendConfig->get('user_class', 'user'))
->setGroupNameAttribute($backendConfig->get('group_name_attribute', 'sAMAccountName'))
->setUserNameAttribute($backendConfig->get('user_name_attribute', $backend->getGroupNameAttribute()))
->setGroupMemberAttribute($backendConfig->get('group_member_attribute', 'member'));
$backend->setConfig($backendConfig);
break;
}

Expand Down

0 comments on commit ee2462a

Please sign in to comment.