Matthias Jentsch
parent
cf8b760ade
commit
59c4f8d056
|
|
@ -4,6 +4,8 @@
|
|||
namespace Icinga\Forms\Config\UserBackend;
|
||||
|
||||
use Exception;
|
||||
use Icinga\Authentication\User\LdapUserBackend;
|
||||
use Icinga\Data\Inspection;
|
||||
use Icinga\Web\Form;
|
||||
use Icinga\Data\ConfigObject;
|
||||
use Icinga\Data\ResourceFactory;
|
||||
|
|
@ -184,22 +186,16 @@ class LdapBackendForm extends Form
|
|||
*/
|
||||
public static function isValidUserBackend(Form $form)
|
||||
{
|
||||
try {
|
||||
$ldapUserBackend = UserBackend::create(null, new ConfigObject($form->getValues()));
|
||||
$ldapUserBackend->assertAuthenticationPossible();
|
||||
} catch (AuthenticationException $e) {
|
||||
if (($previous = $e->getPrevious()) !== null) {
|
||||
$form->addError($previous->getMessage());
|
||||
} else {
|
||||
$form->addError($e->getMessage());
|
||||
/**
|
||||
* @var $result Inspection
|
||||
*/
|
||||
$result = UserBackend::create(null, new ConfigObject($form->getValues()))->inspect();
|
||||
if ($result->hasError()) {
|
||||
$form->addError($result->getError());
|
||||
}
|
||||
|
||||
return false;
|
||||
} catch (Exception $e) {
|
||||
$form->addError(sprintf($form->translate('Unable to validate authentication: %s'), $e->getMessage()));
|
||||
return false;
|
||||
}
|
||||
// TODO: display diagnostics in $result->toArray() to the user
|
||||
|
||||
return true;
|
||||
return ! $result->hasError();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ namespace Icinga\Authentication\User;
|
|||
|
||||
use DateTime;
|
||||
use Icinga\Data\ConfigObject;
|
||||
use Icinga\Data\Inspectable;
|
||||
use Icinga\Data\Inspection;
|
||||
use Icinga\Exception\AuthenticationException;
|
||||
use Icinga\Exception\ProgrammingError;
|
||||
use Icinga\Repository\LdapRepository;
|
||||
|
|
@ -13,7 +15,7 @@ use Icinga\Protocol\Ldap\LdapException;
|
|||
use Icinga\Protocol\Ldap\Expression;
|
||||
use Icinga\User;
|
||||
|
||||
class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
||||
class LdapUserBackend extends LdapRepository implements UserBackendInterface, Inspectable
|
||||
{
|
||||
/**
|
||||
* The base DN to use for a query
|
||||
|
|
@ -315,24 +317,32 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
|||
* <li>The specified userClass has the property specified by userNameAttribute</li>
|
||||
* </ul>
|
||||
*
|
||||
* @param Inspection $info Optional inspection to fill with diagnostic info
|
||||
*
|
||||
* @throws AuthenticationException When authentication is not possible
|
||||
*/
|
||||
public function assertAuthenticationPossible()
|
||||
public function assertAuthenticationPossible(Inspection $insp = null)
|
||||
{
|
||||
if (! isset($insp)) {
|
||||
$insp = new Inspection('');
|
||||
}
|
||||
try {
|
||||
$result = $this->select()->fetchRow();
|
||||
} catch (LdapException $e) {
|
||||
throw new AuthenticationException('Connection not possible.', $e);
|
||||
}
|
||||
$insp->write('Connection possible.');
|
||||
|
||||
if ($result === false) {
|
||||
throw new AuthenticationException(
|
||||
'No objects with objectClass "%s" in DN "%s" found. (Filter: %s)',
|
||||
$msg = sprintf(
|
||||
'objects with objectClass "%s" in DN "%s" (Filter: %s)',
|
||||
$this->userClass,
|
||||
$this->baseDn ?: $this->ds->getDn(),
|
||||
$this->filter ?: 'None'
|
||||
);
|
||||
if ($result === false) {
|
||||
throw new AuthenticationException('No ' . $msg . 'found');
|
||||
}
|
||||
$insp->write($msg . ' exist');
|
||||
|
||||
if (! isset($result->user_name)) {
|
||||
throw new AuthenticationException(
|
||||
|
|
@ -377,4 +387,31 @@ class LdapUserBackend extends LdapRepository implements UserBackendInterface
|
|||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Inspect if this LDAP User Backend is working as expected
|
||||
*
|
||||
* @return Inspection Inspection result
|
||||
*/
|
||||
public function inspect()
|
||||
{
|
||||
$result = new Inspection('Ldap User Backend');
|
||||
|
||||
// inspect the used connection to get more diagnostic info in case the connection is not working
|
||||
$result->write($this->ds->inspect());
|
||||
|
||||
try {
|
||||
$this->assertAuthenticationPossible($result);
|
||||
$result->write('User count: ' . $this->select()->count());
|
||||
} catch (AuthenticationException $e) {
|
||||
if (($previous = $e->getPrevious()) !== null) {
|
||||
$result->error($previous->getMessage());
|
||||
} else {
|
||||
$result->error($e->getMessage());
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$result->error(sprintf('Unable to validate authentication: %s', $e->getMessage()));
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue