Use the correct name for malformed LDAP attributes automatically

...or more purposefully: Guard lazy users from themselves. I hope I don't have to explain why _this_ is not part of Icinga\Protocol\Ldap\Query... resolves #8608
2015-03-13 11:17:35 +01:00 · 2015-03-13 11:17:35 +01:00 · 0bc1416b10
parent edf55728cb
commit 0bc1416b10
1 changed files with 31 additions and 2 deletions
--- a/library/Icinga/Authentication/Backend/LdapUserBackend.php
+++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php
@ -30,6 +30,18 @@ class LdapUserBackend extends UserBackend

    protected $groupOptions;

+    /**
+     * Normed attribute names based on known LDAP environments
+     *
+     * @var array
+     */
+    protected $normedAttributes = array(
+        'uid'               => 'uid',
+        'user'              => 'user',
+        'inetorgperson'     => 'inetOrgPerson',
+        'samaccountname'    => 'sAMAccountName'
+    );
+
    public function __construct(
        Connection $conn,
        $userClass,
@ -40,12 +52,29 @@ class LdapUserBackend extends UserBackend
    ) {
        $this->conn = $conn;
        $this->baseDn = trim($baseDn) ?: $conn->getDN();
-        $this->userClass = $userClass;
-        $this->userNameAttribute = $userNameAttribute;
+        $this->userClass = $this->getNormedAttribute($userClass);
+        $this->userNameAttribute = $this->getNormedAttribute($userNameAttribute);
        $this->customFilter = trim($cutomFilter);
        $this->groupOptions = $groupOptions;
    }

+    /**
+     * Return the given attribute name normed to known LDAP enviroments, if possible
+     *
+     * @param   string  $name
+     *
+     * @return  string
+     */
+    protected function getNormedAttribute($name)
+    {
+        $loweredName = strtolower($name);
+        if (array_key_exists($loweredName, $this->normedAttributes)) {
+            return $this->normedAttributes[$loweredName];
+        }
+
+        return $name;
+    }
+
    /**
     * Create a query to select all usernames
     *