From 601b720a03543fd24cedb763585e64c3457e9f35 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@netways.de>
Date: Mon, 1 Jun 2015 14:05:44 +0200
Subject: [PATCH] LdapUserBackend: Fetch and interpret the correct attributes
 (OpenLDAP)

refs #8826
---
 .../Authentication/User/LdapUserBackend.php   | 38 +++++++++++++++----
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/library/Icinga/Authentication/User/LdapUserBackend.php b/library/Icinga/Authentication/User/LdapUserBackend.php
index dc6fe04b5..154a33a44 100644
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@@ -262,9 +262,11 @@ class LdapUserBackend extends Repository implements UserBackendInterface
             $createdAtAttribute = 'whenCreated';
             $lastModifiedAttribute = 'whenChanged';
         } else {
-            $isActiveAttribute = 'unknown';
-            $createdAtAttribute = 'unknown';
-            $lastModifiedAttribute = 'unknown';
+            // TODO(jom): Elaborate whether it is possible to add dynamic support for the ppolicy
+            $isActiveAttribute = 'shadowExpire';
+
+            $createdAtAttribute = 'createTimestamp';
+            $lastModifiedAttribute = 'modifyTimestamp';
         }
 
         return array(
@@ -293,17 +295,15 @@ class LdapUserBackend extends Repository implements UserBackendInterface
 
         if ($this->ds->getCapabilities()->hasAdOid()) {
             $stateConverter = 'user_account_control';
-            $timeConverter = 'generalized_time';
         } else {
-            $timeConverter = null;
-            $stateConverter = null;
+            $stateConverter = 'shadow_expire';
         }
 
         return array(
             $this->userClass => array(
                 'is_active'     => $stateConverter,
-                'created_at'    => $timeConverter,
-                'last_modified' => $timeConverter
+                'created_at'    => 'generalized_time',
+                'last_modified' => 'generalized_time'
             )
         );
     }
@@ -342,6 +342,9 @@ class LdapUserBackend extends Repository implements UserBackendInterface
             ($dateTime = DateTime::createFromFormat('YmdHis.uO', $value)) !== false
             || ($dateTime = DateTime::createFromFormat('YmdHis.uZ', $value)) !== false
             || ($dateTime = DateTime::createFromFormat('YmdHis.u', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdHis', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdHi', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdH', $value)) !== false
         ) {
             return $dateTime->getTimeStamp();
         } else {
@@ -353,6 +356,25 @@ class LdapUserBackend extends Repository implements UserBackendInterface
         }
     }
 
+    /**
+     * Return whether the given shadowExpire value defines that a user is permitted to login
+     *
+     * @param   string|null     $value
+     *
+     * @return  bool
+     */
+    protected function retrieveShadowExpire($value)
+    {
+        if ($value === null) {
+            return $value;
+        }
+
+        $now = new DateTime();
+        $bigBang = clone $now;
+        $bigBang->setTimestamp(0);
+        return ((int) $value) >= $bigBang->diff($now)->days;
+    }
+
     /**
      * Probe the backend to test if authentication is possible
      *