tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/ldap-scope-11485' 

resolves #11485
This commit is contained in:
Eric Lippmann 2016-04-08 12:57:41 +02:00
parent 078a942c53 955a9482ad
commit 1f69189b14
2 changed files with 107 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
library/Icinga/Protocol/Ldap/LdapConnection.php
View File

@ -4,7 +4,9 @@
namespace Icinga\Protocol\Ldap;
use Exception;
use LogicException;
use ArrayIterator;
use stdClass;
use Icinga\Application\Config;
use Icinga\Application\Logger;
use Icinga\Data\ConfigObject;
@ -547,6 +549,23 @@ class LdapConnection implements Selectable, Inspectable
return $pairs;
}
/**
* Fetch an LDAP entry by its DN
*
* @param string $dn
* @param array|null $fields
*
* @return StdClass|bool
*/
public function fetchByDn($dn, array $fields = null)
{
return $this->select()
->from('*', $fields)
->setBase($dn)
->setScope('base')
->fetchRow();
}
/**
* Test the given LDAP credentials by establishing a connection and attempting a LDAP bind
*
@ -1178,6 +1197,8 @@ class LdapConnection implements Selectable, Inspectable
* @param int $deref
*
* @return resource|bool A search result identifier or false on error
*
* @throws LogicException If the LDAP query search scope is unsupported
*/
public function ldapSearch(
LdapQuery $query,
@ -1189,6 +1210,7 @@ class LdapConnection implements Selectable, Inspectable
) {
$queryString = (string) $query;
$baseDn = $query->getBase() ?: $this->getDn();
$scope = $query->getScope();
if (Logger::getInstance()->getLevel() === Logger::DEBUG) {
// We're checking the level by ourself to avoid rendering the ldapsearch commandline for nothing
@ -1212,11 +1234,12 @@ class LdapConnection implements Selectable, Inspectable
}
Logger::debug("Issueing LDAP search. Use '%s' to reproduce.", sprintf(
'ldapsearch -P 3%s -H "%s"%s -b "%s" -s "sub" -z %u -l %u -a "%s"%s%s%s',
'ldapsearch -P 3%s -H "%s"%s -b "%s" -s "%s" -z %u -l %u -a "%s"%s%s%s',
$starttlsParam,
$ldapUrl,
$bindParams,
$baseDn,
$scope,
$sizelimit,
$timelimit,
$derefName,
@ -1226,7 +1249,21 @@ class LdapConnection implements Selectable, Inspectable
));
}
return @ldap_search(
switch($scope) {
case LdapQuery::SCOPE_SUB:
$function = 'ldap_search';
break;
case LdapQuery::SCOPE_ONE:
$function = 'ldap_list';
break;
case LdapQuery::SCOPE_BASE:
$function = 'ldap_read';
break;
default:
throw new LogicException('LDAP scope %s not supported by ldapSearch', $scope);
}
return @$function(
$this->getConnection(),
$baseDn,
$queryString,

68
library/Icinga/Protocol/Ldap/LdapQuery.php
View File

@ -3,6 +3,7 @@
namespace Icinga\Protocol\Ldap;
use LogicException;
use Icinga\Data\SimpleQuery;
/**
@ -38,6 +39,39 @@ class LdapQuery extends SimpleQuery
*/
protected $nativeFilter;
/**
* Only fetch the entry at the base of the search
*/
const SCOPE_BASE = 'base';
/**
* Fetch entries one below the base DN
*/
const SCOPE_ONE = 'one';
/**
* Fetch all entries below the base DN
*/
const SCOPE_SUB = 'sub';
/**
* All available scopes
*
* @var array
*/
public static $scopes = array(
LdapQuery::SCOPE_BASE,
LdapQuery::SCOPE_ONE,
LdapQuery::SCOPE_SUB
);
/**
* LDAP search scope (default: SCOPE_SUB)
*
* @var string
*/
protected $scope = LdapQuery::SCOPE_SUB;
/**
* Initialize this query
*/
@ -223,4 +257,38 @@ class LdapQuery extends SimpleQuery
{
return $this->renderFilter();
}
/**
* Get LDAP search scope
*
* @return string
*/
public function getScope()
{
return $this->scope;
}
/**
* Set LDAP search scope
*
* Valid: sub one base (Default: sub)
*
* @param string $scope
*
* @return LdapQuery
*
* @throws LogicException If scope value is invalid
*/
public function setScope($scope)
{
if (! in_array($scope, static::$scopes)) {
throw new LogicException(
'Can\'t set scope %d, it is is invalid. Use one of %s or LdapQuery\'s constants.',
$scope, implode(', ', static::$scopes)
);
}
$this->scope = $scope;
return $this;
}
}