LdapUserBackend: Fetch and interpret the correct attributes (OpenLDAP)

refs #8826
2015-06-01 14:05:44 +02:00 · 2015-06-01 14:05:44 +02:00 · 601b720a03
parent d1a5321d02
commit 601b720a03
1 changed files with 30 additions and 8 deletions
--- a/library/Icinga/Authentication/User/LdapUserBackend.php
+++ b/library/Icinga/Authentication/User/LdapUserBackend.php
@ -262,9 +262,11 @@ class LdapUserBackend extends Repository implements UserBackendInterface
            $createdAtAttribute = 'whenCreated';
            $lastModifiedAttribute = 'whenChanged';
        } else {
-            $isActiveAttribute = 'unknown';
-            $createdAtAttribute = 'unknown';
-            $lastModifiedAttribute = 'unknown';
+            // TODO(jom): Elaborate whether it is possible to add dynamic support for the ppolicy
+            $isActiveAttribute = 'shadowExpire';
+
+            $createdAtAttribute = 'createTimestamp';
+            $lastModifiedAttribute = 'modifyTimestamp';
        }

        return array(
@ -293,17 +295,15 @@ class LdapUserBackend extends Repository implements UserBackendInterface

        if ($this->ds->getCapabilities()->hasAdOid()) {
            $stateConverter = 'user_account_control';
-            $timeConverter = 'generalized_time';
        } else {
-            $timeConverter = null;
-            $stateConverter = null;
+            $stateConverter = 'shadow_expire';
        }

        return array(
            $this->userClass => array(
                'is_active'     => $stateConverter,
-                'created_at'    => $timeConverter,
-                'last_modified' => $timeConverter
+                'created_at'    => 'generalized_time',
+                'last_modified' => 'generalized_time'
            )
        );
    }
@ -342,6 +342,9 @@ class LdapUserBackend extends Repository implements UserBackendInterface
            ($dateTime = DateTime::createFromFormat('YmdHis.uO', $value)) !== false
            || ($dateTime = DateTime::createFromFormat('YmdHis.uZ', $value)) !== false
            || ($dateTime = DateTime::createFromFormat('YmdHis.u', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdHis', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdHi', $value)) !== false
+            || ($dateTime = DateTime::createFromFormat('YmdH', $value)) !== false
        ) {
            return $dateTime->getTimeStamp();
        } else {
@ -353,6 +356,25 @@ class LdapUserBackend extends Repository implements UserBackendInterface
        }
    }

+    /**
+     * Return whether the given shadowExpire value defines that a user is permitted to login
+     *
+     * @param   string|null     $value
+     *
+     * @return  bool
+     */
+    protected function retrieveShadowExpire($value)
+    {
+        if ($value === null) {
+            return $value;
+        }
+
+        $now = new DateTime();
+        $bigBang = clone $now;
+        $bigBang->setTimestamp(0);
+        return ((int) $value) >= $bigBang->diff($now)->days;
+    }
+
    /**
     * Probe the backend to test if authentication is possible
     *