From 421263af0076523ea003a8296b6e9695e676f263 Mon Sep 17 00:00:00 2001 From: Alexander Fuhr Date: Mon, 6 Oct 2014 13:35:17 +0200 Subject: [PATCH] Make LDAP Groups optional refs #7343 --- .../Backend/LdapUserBackend.php | 4 +- library/Icinga/Authentication/UserBackend.php | 62 ++++--------------- 2 files changed, 15 insertions(+), 51 deletions(-) diff --git a/library/Icinga/Authentication/Backend/LdapUserBackend.php b/library/Icinga/Authentication/Backend/LdapUserBackend.php index 247f63853..8ef6c89de 100644 --- a/library/Icinga/Authentication/Backend/LdapUserBackend.php +++ b/library/Icinga/Authentication/Backend/LdapUserBackend.php @@ -90,13 +90,15 @@ class LdapUserBackend extends UserBackend /** * Retrieve the user groups * + * @TODO: Subject to change, see #7343 + * * @param string $dn * * @return array|null */ public function getGroups($dn) { - if (empty($this->groupOptions)) { + if (empty($this->groupOptions) || ! isset($this->groupOptions['group_base_dn'])) { return null; } diff --git a/library/Icinga/Authentication/UserBackend.php b/library/Icinga/Authentication/UserBackend.php index b475e9135..7829210fd 100644 --- a/library/Icinga/Authentication/UserBackend.php +++ b/library/Icinga/Authentication/UserBackend.php @@ -93,7 +93,6 @@ abstract class UserBackend implements Countable $backend = new DbUserBackend($resource); break; case 'msldap': - self::checkLdapConfiguration($name, $backendConfig); $groupOptions = array( 'group_base_dn' => $backendConfig->group_base_dn, 'group_attribute' => $backendConfig->group_attribute, @@ -108,7 +107,18 @@ abstract class UserBackend implements Countable ); break; case 'ldap': - self::checkLdapConfiguration($name, $backendConfig); + if ($backendConfig->user_class === null) { + throw new ConfigurationError( + 'Authentication configuration for backend "%s" is missing the user_class directive', + $name + ); + } + if ($backendConfig->user_name_attribute === null) { + throw new ConfigurationError( + 'Authentication configuration for backend "%s" is missing the user_name_attribute directive', + $name + ); + } $groupOptions = array( 'group_base_dn' => $backendConfig->group_base_dn, 'group_attribute' => $backendConfig->group_attribute, @@ -152,52 +162,4 @@ abstract class UserBackend implements Countable * @return bool */ abstract public function authenticate(User $user, $password); - - /** - * Checks the ldap configuration - * - * @param $name - * @param Zend_Config $backendConfig - * - * @throws \Icinga\Exception\ConfigurationError - */ - protected static function checkLdapConfiguration($name, Zend_Config $backendConfig) - { - if ($backendConfig->user_class === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the user_class directive', - $name - ); - } - if ($backendConfig->user_name_attribute === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the user_name_attribute directive', - $name - ); - } - if ($backendConfig->group_base_dn === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the group_base_dn directive', - $name - ); - } - if ($backendConfig->group_attribute === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the group_attribute directive', - $name - ); - } - if ($backendConfig->group_member_attribute === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the group_member_attribute directive', - $name - ); - } - if ($backendConfig->group_class === null) { - throw new ConfigurationError( - 'Authentication configuration for backend "%s" is missing the group_class directive', - $name - ); - } - } }