Permalink
Browse files

Fix bug ldap out-of-sync with core

  • Loading branch information...
1 parent b920b73 commit e63e94912904842889a3f01086c52018d629c937 @c12simple c12simple committed Oct 5, 2016
Showing with 21 additions and 17 deletions.
  1. +20 −16 core/src/plugins/auth.ldap/LdapAuthDriver.php
  2. +1 −1 core/src/plugins/auth.ldap/manifest.xml
@@ -686,6 +686,10 @@ public function buildGroupBranch($groupAttrValue, &$branch = array())
}
+ /**
+ * User user object with mapping rules with attributes from LDAP
+ * @param \Pydio\Core\Model\UserInterface $userObject
+ */
public function updateUserObject(&$userObject)
{
@@ -785,7 +789,7 @@ public function updateUserObject(&$userObject)
if (is_array($userroles)) {
foreach ($userroles as $rkey => $role) {
- if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
//$userObject->removeRole($key);
@@ -800,11 +804,11 @@ public function updateUserObject(&$userObject)
$uniqValueWithPrefix = $rolePrefix . $uniqValue;
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValueWithPrefix)) continue;
if (isSet($valueFilters) && !in_array($uniqValueWithPrefix, $valueFilters)) continue;
- $roleToAdd = AuthService::getRole($uniqValueWithPrefix);
+ $roleToAdd = RolesService::getRole($uniqValueWithPrefix);
if($roleToAdd === false){
- $roleToAdd = AuthService::getRole($uniqValueWithPrefix, true);
+ $roleToAdd = RolesService::getOrCreateRole($uniqValueWithPrefix);
$roleToAdd->setLabel($uniqValue);
- AuthService::updateRole($roleToAdd);
+ RolesService::updateRole($roleToAdd);
}
$newRoles[$roleToAdd->getId()] = $roleToAdd;
//$userObject->addRole($roleToAdd);
@@ -815,14 +819,14 @@ public function updateUserObject(&$userObject)
{
// remove old roles
foreach ($oldRoles as $rkey => $role) {
- if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($rkey);
}
}
//Add new roles;
foreach($newRoles as $rkey => $role){
- if ((AuthService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && !(strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->addRole($role);
}
}
@@ -838,10 +842,9 @@ public function updateUserObject(&$userObject)
// Get old roles
if (is_array($userroles)) {
foreach ($userroles as $rkey => $role) {
- if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
if (isSet($matchFilter) && !preg_match($matchFilter, $rkey)) continue;
if (isSet($valueFilters) && !in_array($rkey, $valueFilters)) continue;
- //$userObject->removeRole($key);
$oldRoles[$rkey] = $rkey;
}
}
@@ -852,14 +855,12 @@ public function updateUserObject(&$userObject)
if (isSet($matchFilter) && !preg_match($matchFilter, $uniqValue)) continue;
if (isSet($valueFilters) && !in_array($uniqValue, $valueFilters)) continue;
if (!empty($uniqValue)) {
- $roleToAdd = AuthService::getRole($uniqValue);
+ $roleToAdd = RolesService::getRole($uniqValue);
if($roleToAdd === false){
- $roleToAdd = AuthService::getRole($uniqValue, true);
+ $roleToAdd = RolesService::getOrCreateRole($uniqValue);
$roleToAdd->setLabel($uniqValue);
- AuthService::updateRole($roleToAdd);
+ RolesService::updateRole($roleToAdd);
}
- //$userObject->addRole(AuthService::getRole($uniqValue, true));
- //$changes = true;
$newRoles[$uniqValue] = $roleToAdd;
}
}
@@ -869,13 +870,13 @@ public function updateUserObject(&$userObject)
(count(array_diff(array_keys($newRoles), array_keys($oldRoles))) > 0)){
// remove old roles
foreach ($oldRoles as $rkey => $role) {
- if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->removeRole($rkey);
}
}
//Add new roles;
foreach($newRoles as $rkey => $role){
- if ((AuthService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
+ if ((RolesService::getRole($rkey)) && (strpos($rkey, $this->mappedRolePrefix) === false)) {
$userObject->addRole($role);
}
}
@@ -906,7 +907,10 @@ public function updateUserObject(&$userObject)
$parent = "/" . implode("/", array_reverse($branch));
}
if (!ConfService::getConfStorageImpl()->groupExists(rtrim($userObject->getRealGroupPath($parent), "/") . "/" . $fullDN)) {
- UsersService::createGroup($parent, $fullDN, $humanName);
+ try{
+ UsersService::createGroup($parent, $fullDN, $humanName);
+ }
+ catch(\Exception $e){}
}
$userObject->setGroupPath(rtrim($parent, "/") . "/" . $fullDN, true);
// Update Roles from groupPath
@@ -31,7 +31,7 @@
<param name="LDAP_GDN" group="CONF_MESSAGE[Groups Schema]" type="string" replicationGroup="LDAPGDN" label="CONF_MESSAGE[Groups DN]" description="CONF_MESSAGE[DN where the groups are stored. Must be used in cunjonction with a group parameter mapping, generally using the memberOf feature.]" mandatory="false"/>
<param name="LDAP_GROUP_FILTER" group="CONF_MESSAGE[Groups Schema]" type="string" label="CONF_MESSAGE[LDAP Groups Filter]" description="CONF_MESSAGE[Filter which groups to fetch.]" mandatory="false" default="objectClass=group"/>
<param name="LDAP_GROUPATTR" group="CONF_MESSAGE[Groups Schema]" type="string" label="CONF_MESSAGE[Group attribute]" description="CONF_MESSAGE[Group main attribute to be used as a label]" mandatory="false"/>
- <param name="LDAP_GROUP_PREFIX" group="CONF_MESSAGE[Groups Schema]" type="string" label="CONF_MESSAGE[Role Prefix (for memberof)]" description="CONF_MESSAGE[Role prefix when you mapping memberof => roleID]" default="" mandatory="false" />
+ <param name="LDAP_GROUP_PREFIX" group="CONF_MESSAGE[Groups Schema]" type="string" label="CONF_MESSAGE[Role Prefix (for memberof)]" description="CONF_MESSAGE[Role prefix when you mapping memberof => roleID]" default="ldap_" mandatory="false" />
<!-- Attributes Mapping -->
<param name="LDAP_MAPPING_LEGEND" group="CONF_MESSAGE[Attributes Mapping]" type="legend" label="" description="CONF_MESSAGE[Use this section to automatically map some LDAP attributes to Pydio plugins parameters values.]"/>

0 comments on commit e63e949

Please sign in to comment.