Matthias Jentsch
parent
cf8b760ade
commit
59c4f8d056
|
|
@ -4,6 +4,8 @@
|
||||||
namespace Icinga\Forms\Config\UserBackend;
|
namespace Icinga\Forms\Config\UserBackend;
|
||||||
|
|
||||||
use Exception;
|
use Exception;
|
||||||
|
use Icinga\Authentication\User\LdapUserBackend;
|
||||||
|
use Icinga\Data\Inspection;
|
||||||
use Icinga\Web\Form;
|
use Icinga\Web\Form;
|
||||||
use Icinga\Data\ConfigObject;
|
use Icinga\Data\ConfigObject;
|
||||||
use Icinga\Data\ResourceFactory;
|
use Icinga\Data\ResourceFactory;
|
||||||
|
|
@ -184,22 +186,16 @@ class LdapBackendForm extends Form
|
||||||
*/
|
*/
|
||||||
public static function isValidUserBackend(Form $form)
|
public static function isValidUserBackend(Form $form)
|
||||||
{
|
{
|
||||||
try {
|
/**
|
||||||
$ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
|
* @var $result Inspection
|
||||||
$ldapUserBackend->assertAuthenticationPossible();
|
*/
|
||||||
} catch (AuthenticationException $e) {
|
$result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect();
|
||||||
if (($previous = $e->getPrevious()) !== null) {
|
if ($result->hasError()) {
|
||||||
$form->addError($previous->getMessage());
|
$form->addError($result->getError());
|
||||||
} else {
|
|
||||||
$form->addError($e->getMessage());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
// TODO: display diagnostics in $result->toArray() to the user
|
||||||
} catch (Exception $e) {
|
|
||||||
$form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
return ! $result->hasError();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ namespace Icinga\Authentication\User;
|
||||||
|
|
||||||
use DateTime;
|
use DateTime;
|
||||||
use Icinga\Data\ConfigObject;
|
use Icinga\Data\ConfigObject;
|
||||||
|
use Icinga\Data\Inspectable;
|
||||||
|
use Icinga\Data\Inspection;
|
||||||
use Icinga\Exception\AuthenticationException;
|
use Icinga\Exception\AuthenticationException;
|
||||||
use Icinga\Exception\ProgrammingError;
|
use Icinga\Exception\ProgrammingError;
|
||||||
use Icinga\Repository\LdapRepository;
|
use Icinga\Repository\LdapRepository;
|
||||||
|
|
@ -13,7 +15,7 @@ use Icinga\Protocol\Ldap\LdapException;
|
||||||
use Icinga\Protocol\Ldap\Expression;
|
use Icinga\Protocol\Ldap\Expression;
|
||||||
use Icinga\User;
|
use Icinga\User;
|
||||||
|
|
||||||
class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* The base DN to use for a query
|
* The base DN to use for a query
|
||||||
|
|
@ -315,24 +317,32 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
||||||
* <li>The specified userClass has the property specified by userNameAttribute</li>
|
* <li>The specified userClass has the property specified by userNameAttribute</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
|
* @param Inspection $info Optional inspection to fill with diagnostic info
|
||||||
|
*
|
||||||
* @throws AuthenticationException When authentication is not possible
|
* @throws AuthenticationException When authentication is not possible
|
||||||
*/
|
*/
|
||||||
public function assertAuthenticationPossible()
|
public function assertAuthenticationPossible(Inspection $insp = null)
|
||||||
{
|
{
|
||||||
|
if (! isset($insp)) {
|
||||||
|
$insp = new Inspection('');
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
$result = $this->select()->fetchRow();
|
$result = $this->select()->fetchRow();
|
||||||
} catch (LdapException $e) {
|
} catch (LdapException $e) {
|
||||||
throw new AuthenticationException('Connection not possible.', $e);
|
throw new AuthenticationException('Connection not possible.', $e);
|
||||||
}
|
}
|
||||||
|
$insp->write('Connection possible.');
|
||||||
|
|
||||||
if ($result === false) {
|
$msg = sprintf(
|
||||||
throw new AuthenticationException(
|
'objects with objectClass "%s" in DN "%s" (Filter: %s)',
|
||||||
'No objects with objectClass "%s" in DN "%s" found. (Filter: %s)',
|
|
||||||
$this->userClass,
|
$this->userClass,
|
||||||
$this->baseDn ?: $this->ds->getDn(),
|
$this->baseDn ?: $this->ds->getDn(),
|
||||||
$this->filter ?: 'None'
|
$this->filter ?: 'None'
|
||||||
);
|
);
|
||||||
|
if ($result === false) {
|
||||||
|
throw new AuthenticationException('No ' . $msg . 'found');
|
||||||
}
|
}
|
||||||
|
$insp->write($msg . ' exist');
|
||||||
|
|
||||||
if (! isset($result->user_name)) {
|
if (! isset($result->user_name)) {
|
||||||
throw new AuthenticationException(
|
throw new AuthenticationException(
|
||||||
|
|
@ -377,4 +387,31 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Inspect if this LDAP User Backend is working as expected
|
||||||
|
*
|
||||||
|
* @return Inspection Inspection result
|
||||||
|
*/
|
||||||
|
public function inspect()
|
||||||
|
{
|
||||||
|
$result = new Inspection('Ldap User Backend');
|
||||||
|
|
||||||
|
// inspect the used connection to get more diagnostic info in case the connection is not working
|
||||||
|
$result->write($this->ds->inspect());
|
||||||
|
|
||||||
|
try {
|
||||||
|
$this->assertAuthenticationPossible($result);
|
||||||
|
$result->write('User count: ' . $this->select()->count());
|
||||||
|
} catch (AuthenticationException $e) {
|
||||||
|
if (($previous = $e->getPrevious()) !== null) {
|
||||||
|
$result->error($previous->getMessage());
|
||||||
|
} else {
|
||||||
|
$result->error($e->getMessage());
|
||||||
|
}
|
||||||
|
} catch (Exception $e) {
|
||||||
|
$result->error(sprintf('Unable to validate authentication: %s', $e->getMessage()));
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue