diff --git a/application/forms/Config/UserBackend/LdapBackendForm.php b/application/forms/Config/UserBackend/LdapBackendForm.php index 7e6f12a89..e7804cc52 100644 --- a/application/forms/Config/UserBackend/LdapBackendForm.php +++ b/application/forms/Config/UserBackend/LdapBackendForm.php @@ -29,6 +29,13 @@ class LdapBackendForm extends Form */ protected $suggestions = array(); + /** + * Cache for {@link getLdapCapabilities()} + * + * @var LdapCapabilities + */ + protected $ldapCapabilities; + /** * Initialize this form */ @@ -87,7 +94,6 @@ class LdapBackendForm extends Form ) ); - $hasAdOid = false; if (! $isAd && !empty($this->resources)) { $this->addElement( 'button', @@ -108,26 +114,9 @@ class LdapBackendForm extends Form 'formnovalidate' => 'formnovalidate' ) ); - - if ($this->getElement('discovery_btn')->isChecked()) { - $connection = ResourceFactory::create( - isset($formData['resource']) ? $formData['resource'] : reset($this->resources) - ); - - try { - $capabilities = $connection->bind()->getCapabilities(); - $baseDn = $capabilities->getDefaultNamingContext(); - $hasAdOid = $capabilities->isActiveDirectory(); - } catch (Exception $e) { - $this->warning(sprintf( - $this->translate('Failed to discover the chosen LDAP connection: %s'), - $e->getMessage() - )); - } - } } - if ($isAd || $hasAdOid) { + if ($isAd) { // ActiveDirectory defaults $userClass = 'user'; $filter = '!(objectClass=computer)'; @@ -223,7 +212,7 @@ class LdapBackendForm extends Form 'The path where users can be found on the LDAP server. Leave ' . 'empty to select all users available using the specified connection.' ), - 'value' => isset($baseDn) ? $baseDn : $this->getSuggestion('base_dn') + 'value' => $this->getSuggestion('base_dn') ) ); @@ -265,38 +254,96 @@ class LdapBackendForm extends Form 'formnovalidate' => 'formnovalidate' ) ); + } - if ($this->getElement('btn_discover_domain')->isChecked() && isset($formData['resource'])) { - $this->populateDomain(ResourceFactory::create($formData['resource'])); + public function isValidPartial(array $formData) + { + $isAd = isset($formData['type']) && $formData['type'] === 'msldap'; + $baseDn = null; + $hasAdOid = false; + $discoverySuccessful = false; + + if (! $isAd && ! empty($this->resources) && isset($formData['discovery_btn']) + && $formData['discovery_btn'] === 'discovery_btn') { + $discoverySuccessful = true; + try { + $capabilities = $this->getLdapCapabilities($formData); + $baseDn = $capabilities->getDefaultNamingContext(); + $hasAdOid = $capabilities->isActiveDirectory(); + } catch (Exception $e) { + $this->warning(sprintf( + $this->translate('Failed to discover the chosen LDAP connection: %s'), + $e->getMessage() + )); + $discoverySuccessful = false; + } } + + if ($discoverySuccessful) { + if ($isAd || $hasAdOid) { + // ActiveDirectory defaults + $userClass = 'user'; + $filter = '!(objectClass=computer)'; + $userNameAttribute = 'sAMAccountName'; + } else { + // OpenLDAP defaults + $userClass = 'inetOrgPerson'; + $filter = null; + $userNameAttribute = 'uid'; + } + + $formData['user_class'] = $userClass; + + if (! isset($formData['filter']) || $formData['filter'] === '') { + $formData['filter'] = $filter; + } + + $formData['user_name_attribute'] = $userNameAttribute; + + if ($baseDn !== null && (! isset($formData['base_dn']) || $formData['base_dn'] === '')) { + $formData['base_dn'] = $baseDn; + } + } + + if (isset($formData['btn_discover_domain']) && $formData['btn_discover_domain'] === 'discovery_btn') { + try { + $formData['domain'] = $this->discoverDomain($formData); + } catch (LdapException $e) { + $this->error($e->getMessage()); + } + } + + return parent::isValidPartial($formData); } /** - * Discover the domain the LDAP server is responsible for and fill it in the form + * Get the LDAP capabilities of either the resource specified by the user or the default one * - * @param LdapConnection $connection + * @param string[] $formData + * + * @return LdapCapabilities */ - public function populateDomain(LdapConnection $connection) + protected function getLdapCapabilities(array $formData) { - try { - $domain = $this->discoverDomain($connection); - } catch (LdapException $e) { - $this->_elements['btn_discover_domain']->addError($e->getMessage()); + if ($this->ldapCapabilities === null) { + $this->ldapCapabilities = ResourceFactory::create( + isset($formData['resource']) ? $formData['resource'] : reset($this->resources) + )->bind()->getCapabilities(); } - $this->_elements['domain']->setValue($domain); + return $this->ldapCapabilities; } /** * Discover the domain the LDAP server is responsible for * - * @param LdapConnection $connection + * @param string[] $formData * * @return string */ - protected function discoverDomain(LdapConnection $connection) + protected function discoverDomain(array $formData) { - $cap = LdapCapabilities::discoverCapabilities($connection); + $cap = $this->getLdapCapabilities($formData); if ($cap->isActiveDirectory()) { $netBiosName = $cap->getNetBiosName(); diff --git a/modules/setup/application/forms/AuthBackendPage.php b/modules/setup/application/forms/AuthBackendPage.php index 91fdc0183..778ab349d 100644 --- a/modules/setup/application/forms/AuthBackendPage.php +++ b/modules/setup/application/forms/AuthBackendPage.php @@ -212,7 +212,7 @@ class AuthBackendPage extends Form } $this->info($this->translate('The configuration has been successfully validated.')); - } elseif (isset($formData['btn_discover_domain'])) { + } elseif (isset($formData['discovery_btn']) || isset($formData['btn_discover_domain'])) { return parent::isValidPartial($formData); } elseif (! isset($formData['backend_validation'])) { // This is usually done by isValid(Partial), but as we're not calling any of these...