Merge branch 'bugfix/wizard-authn-backend-discover-doesn-t-overwrite-base-dn-2997'

fixes #2997
2017-10-09 12:17:22 +02:00 · 2017-10-09 12:17:22 +02:00 · 6f37485c8d
parent 9bc64d931e 9084ce2174
commit 6f37485c8d
2 changed files with 81 additions and 34 deletions
--- a/application/forms/Config/UserBackend/LdapBackendForm.php
+++ b/application/forms/Config/UserBackend/LdapBackendForm.php
@ -29,6 +29,13 @@ class LdapBackendForm extends Form
     */
    protected $suggestions = array();

+    /**
+     * Cache for {@link getLdapCapabilities()}
+     *
+     * @var LdapCapabilities
+     */
+    protected $ldapCapabilities;
+
    /**
     * Initialize this form
     */
@ -87,7 +94,6 @@ class LdapBackendForm extends Form
            )
        );

-        $hasAdOid = false;
        if (! $isAd && !empty($this->resources)) {
            $this->addElement(
                'button',
@ -108,26 +114,9 @@ class LdapBackendForm extends Form
                    'formnovalidate'    => 'formnovalidate'
                )
            );
-
-            if ($this->getElement('discovery_btn')->isChecked()) {
-                $connection = ResourceFactory::create(
-                    isset($formData['resource']) ? $formData['resource'] : reset($this->resources)
-                );
-
-                try {
-                    $capabilities = $connection->bind()->getCapabilities();
-                    $baseDn = $capabilities->getDefaultNamingContext();
-                    $hasAdOid = $capabilities->isActiveDirectory();
-                } catch (Exception $e) {
-                    $this->warning(sprintf(
-                        $this->translate('Failed to discover the chosen LDAP connection: %s'),
-                        $e->getMessage()
-                    ));
-                }
-            }
        }

-        if ($isAd || $hasAdOid) {
+        if ($isAd) {
            // ActiveDirectory defaults
            $userClass = 'user';
            $filter = '!(objectClass=computer)';
@ -223,7 +212,7 @@ class LdapBackendForm extends Form
                    'The path where users can be found on the LDAP server. Leave ' .
                    'empty to select all users available using the specified connection.'
                ),
-                'value'             => isset($baseDn) ? $baseDn : $this->getSuggestion('base_dn')
+                'value'             => $this->getSuggestion('base_dn')
            )
        );

@ -265,38 +254,96 @@ class LdapBackendForm extends Form
                'formnovalidate'    => 'formnovalidate'
            )
        );
+    }

-        if ($this->getElement('btn_discover_domain')->isChecked() && isset($formData['resource'])) {
-            $this->populateDomain(ResourceFactory::create($formData['resource']));
+    public function isValidPartial(array $formData)
+    {
+        $isAd = isset($formData['type']) && $formData['type'] === 'msldap';
+        $baseDn = null;
+        $hasAdOid = false;
+        $discoverySuccessful = false;
+
+        if (! $isAd && ! empty($this->resources) && isset($formData['discovery_btn'])
+            && $formData['discovery_btn'] === 'discovery_btn') {
+            $discoverySuccessful = true;
+            try {
+                $capabilities = $this->getLdapCapabilities($formData);
+                $baseDn = $capabilities->getDefaultNamingContext();
+                $hasAdOid = $capabilities->isActiveDirectory();
+            } catch (Exception $e) {
+                $this->warning(sprintf(
+                    $this->translate('Failed to discover the chosen LDAP connection: %s'),
+                    $e->getMessage()
+                ));
+                $discoverySuccessful = false;
+            }
        }
+
+        if ($discoverySuccessful) {
+            if ($isAd || $hasAdOid) {
+                // ActiveDirectory defaults
+                $userClass = 'user';
+                $filter = '!(objectClass=computer)';
+                $userNameAttribute = 'sAMAccountName';
+            } else {
+                // OpenLDAP defaults
+                $userClass = 'inetOrgPerson';
+                $filter = null;
+                $userNameAttribute = 'uid';
+            }
+
+            $formData['user_class'] = $userClass;
+
+            if (! isset($formData['filter']) || $formData['filter'] === '') {
+                $formData['filter'] = $filter;
+            }
+
+            $formData['user_name_attribute'] = $userNameAttribute;
+
+            if ($baseDn !== null && (! isset($formData['base_dn']) || $formData['base_dn'] === '')) {
+                $formData['base_dn'] = $baseDn;
+            }
+        }
+
+        if (isset($formData['btn_discover_domain']) && $formData['btn_discover_domain'] === 'discovery_btn') {
+            try {
+                $formData['domain'] = $this->discoverDomain($formData);
+            } catch (LdapException $e) {
+                $this->error($e->getMessage());
+            }
+        }
+
+        return parent::isValidPartial($formData);
    }

    /**
-     * Discover the domain the LDAP server is responsible for and fill it in the form
+     * Get the LDAP capabilities of either the resource specified by the user or the default one
     *
-     * @param   LdapConnection  $connection
+     * @param   string[]    $formData
+     *
+     * @return  LdapCapabilities
     */
-    public function populateDomain(LdapConnection $connection)
+    protected function getLdapCapabilities(array $formData)
    {
-        try {
-            $domain = $this->discoverDomain($connection);
-        } catch (LdapException $e) {
-            $this->_elements['btn_discover_domain']->addError($e->getMessage());
+        if ($this->ldapCapabilities === null) {
+            $this->ldapCapabilities = ResourceFactory::create(
+                isset($formData['resource']) ? $formData['resource'] : reset($this->resources)
+            )->bind()->getCapabilities();
        }

-        $this->_elements['domain']->setValue($domain);
+        return $this->ldapCapabilities;
    }

    /**
     * Discover the domain the LDAP server is responsible for
     *
-     * @param   LdapConnection  $connection
+     * @param   string[]    $formData
     *
     * @return  string
     */
-    protected function discoverDomain(LdapConnection $connection)
+    protected function discoverDomain(array $formData)
    {
-        $cap = LdapCapabilities::discoverCapabilities($connection);
+        $cap = $this->getLdapCapabilities($formData);

        if ($cap->isActiveDirectory()) {
            $netBiosName = $cap->getNetBiosName();
--- a/modules/setup/application/forms/AuthBackendPage.php
+++ b/modules/setup/application/forms/AuthBackendPage.php
@ -212,7 +212,7 @@ class AuthBackendPage extends Form
            }

            $this->info($this->translate('The configuration has been successfully validated.'));
-        } elseif (isset($formData['btn_discover_domain'])) {
+        } elseif (isset($formData['discovery_btn']) || isset($formData['btn_discover_domain'])) {
            return parent::isValidPartial($formData);
        } elseif (! isset($formData['backend_validation'])) {
            // This is usually done by isValid(Partial), but as we're not calling any of these...