diff --git a/application/forms/Config/Authentication/LdapBackendForm.php b/application/forms/Config/Authentication/LdapBackendForm.php index 32fcfad26..a6c1b92a8 100644 --- a/application/forms/Config/Authentication/LdapBackendForm.php +++ b/application/forms/Config/Authentication/LdapBackendForm.php @@ -70,6 +70,15 @@ class LdapBackendForm extends Form : array() ) ); + $this->addElement( + 'text', + 'base_dn', + array( + 'required' => true, + 'label' => t('Bind DN'), + 'description' => t('The path where users can be found on the ldap server') + ) + ); $this->addElement( 'text', 'user_class', @@ -127,7 +136,8 @@ class LdapBackendForm extends Form $ldapUserBackend = new LdapUserBackend( ResourceFactory::createResource($form->getResourceConfig()), $form->getElement('user_class')->getValue(), - $form->getElement('user_name_attribute')->getValue() + $form->getElement('user_name_attribute')->getValue(), + $form->getElement('base_dn')->getValue() ); $ldapUserBackend->assertAuthenticationPossible(); } catch (AuthenticationException $e) { diff --git a/application/forms/Setup/AdminAccountPage.php b/application/forms/Setup/AdminAccountPage.php index fc3a18fa8..6734ab766 100644 --- a/application/forms/Setup/AdminAccountPage.php +++ b/application/forms/Setup/AdminAccountPage.php @@ -244,7 +244,8 @@ class AdminAccountPage extends Form $backend = new LdapUserBackend( ResourceFactory::createResource(new Zend_Config($this->resourceConfig)), $this->backendConfig['user_class'], - $this->backendConfig['user_name_attribute'] + $this->backendConfig['user_name_attribute'], + $this->backendConfig['base_dn'] ); } else { throw new LogicException( diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php index 0bf503dee..7c60a4a41 100644 --- a/library/Icinga/Authentication/Backend/LdapUserBackend.php +++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php @@ -4,7 +4,6 @@ namespace Icinga\Authentication\Backend; -use Icinga\Logger\Logger; use Icinga\User; use Icinga\Authentication\UserBackend; use Icinga\Protocol\Ldap\Connection; @@ -20,15 +19,18 @@ class LdapUserBackend extends UserBackend **/ protected $conn; + protected $baseDn; + protected $userClass; protected $userNameAttribute; protected $groupOptions; - public function __construct(Connection $conn, $userClass, $userNameAttribute, $groupOptions = null) + public function __construct(Connection $conn, $userClass, $userNameAttribute, $baseDn, $groupOptions = null) { $this->conn = $conn; + $this->baseDn = $baseDn; $this->userClass = $userClass; $this->userNameAttribute = $userNameAttribute; $this->groupOptions = $groupOptions; @@ -74,7 +76,7 @@ class LdapUserBackend extends UserBackend throw new AuthenticationException( 'No objects with objectClass="%s" in DN="%s" found.', $this->userClass, - $this->conn->getDN() + $this->baseDn ); } diff --git a/library/Icinga/Authentication/UserBackend.php b/library/Icinga/Authentication/UserBackend.php index 7829210fd..6914dd2de 100644 --- a/library/Icinga/Authentication/UserBackend.php +++ b/library/Icinga/Authentication/UserBackend.php @@ -103,6 +103,7 @@ abstract class UserBackend implements Countable $resource, $backendConfig->get('user_class', 'user'), $backendConfig->get('user_name_attribute', 'sAMAccountName'), + $backendConfig->get('base_dn', $resource->getDN()), $groupOptions ); break; @@ -129,6 +130,7 @@ abstract class UserBackend implements Countable $resource, $backendConfig->user_class, $backendConfig->user_name_attribute, + $backendConfig->get('base_dn', $resource->getDN()), $groupOptions ); break;