Merge branch 'bugfix/wizard-authn-backend-discover-doesn-t-overwrite-base-dn-2997'
fixes #2997
This commit is contained in:
Alexander A. Klimov
commit
6f37485c8d
|
|
@ -29,6 +29,13 @@ class LdapBackendForm extends Form
|
||||||
*/
|
*/
|
||||||
protected $suggestions = array();
|
protected $suggestions = array();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Cache for {@link getLdapCapabilities()}
|
||||||
|
*
|
||||||
|
* @var LdapCapabilities
|
||||||
|
*/
|
||||||
|
protected $ldapCapabilities;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize this form
|
* Initialize this form
|
||||||
*/
|
*/
|
||||||
|
|
@ -87,7 +94,6 @@ class LdapBackendForm extends Form
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$hasAdOid = false;
|
|
||||||
if (! $isAd && !empty($this->resources)) {
|
if (! $isAd && !empty($this->resources)) {
|
||||||
$this->addElement(
|
$this->addElement(
|
||||||
'button',
|
'button',
|
||||||
|
|
@ -108,26 +114,9 @@ class LdapBackendForm extends Form
|
||||||
'formnovalidate' => 'formnovalidate'
|
'formnovalidate' => 'formnovalidate'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
if ($this->getElement('discovery_btn')->isChecked()) {
|
|
||||||
$connection = ResourceFactory::create(
|
|
||||||
isset($formData['resource']) ? $formData['resource'] : reset($this->resources)
|
|
||||||
);
|
|
||||||
|
|
||||||
try {
|
|
||||||
$capabilities = $connection->bind()->getCapabilities();
|
|
||||||
$baseDn = $capabilities->getDefaultNamingContext();
|
|
||||||
$hasAdOid = $capabilities->isActiveDirectory();
|
|
||||||
} catch (Exception $e) {
|
|
||||||
$this->warning(sprintf(
|
|
||||||
$this->translate('Failed to discover the chosen LDAP connection: %s'),
|
|
||||||
$e->getMessage()
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($isAd || $hasAdOid) {
|
if ($isAd) {
|
||||||
// ActiveDirectory defaults
|
// ActiveDirectory defaults
|
||||||
$userClass = 'user';
|
$userClass = 'user';
|
||||||
$filter = '!(objectClass=computer)';
|
$filter = '!(objectClass=computer)';
|
||||||
|
|
@ -223,7 +212,7 @@ class LdapBackendForm extends Form
|
||||||
'The path where users can be found on the LDAP server. Leave ' .
|
'The path where users can be found on the LDAP server. Leave ' .
|
||||||
'empty to select all users available using the specified connection.'
|
'empty to select all users available using the specified connection.'
|
||||||
),
|
),
|
||||||
'value' => isset($baseDn) ? $baseDn : $this->getSuggestion('base_dn')
|
'value' => $this->getSuggestion('base_dn')
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -265,38 +254,96 @@ class LdapBackendForm extends Form
|
||||||
'formnovalidate' => 'formnovalidate'
|
'formnovalidate' => 'formnovalidate'
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
}
|
||||||
|
|
||||||
if ($this->getElement('btn_discover_domain')->isChecked() && isset($formData['resource'])) {
|
public function isValidPartial(array $formData)
|
||||||
$this->populateDomain(ResourceFactory::create($formData['resource']));
|
{
|
||||||
|
$isAd = isset($formData['type']) && $formData['type'] === 'msldap';
|
||||||
|
$baseDn = null;
|
||||||
|
$hasAdOid = false;
|
||||||
|
$discoverySuccessful = false;
|
||||||
|
|
||||||
|
if (! $isAd && ! empty($this->resources) && isset($formData['discovery_btn'])
|
||||||
|
&& $formData['discovery_btn'] === 'discovery_btn') {
|
||||||
|
$discoverySuccessful = true;
|
||||||
|
try {
|
||||||
|
$capabilities = $this->getLdapCapabilities($formData);
|
||||||
|
$baseDn = $capabilities->getDefaultNamingContext();
|
||||||
|
$hasAdOid = $capabilities->isActiveDirectory();
|
||||||
|
} catch (Exception $e) {
|
||||||
|
$this->warning(sprintf(
|
||||||
|
$this->translate('Failed to discover the chosen LDAP connection: %s'),
|
||||||
|
$e->getMessage()
|
||||||
|
));
|
||||||
|
$discoverySuccessful = false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($discoverySuccessful) {
|
||||||
|
if ($isAd || $hasAdOid) {
|
||||||
|
// ActiveDirectory defaults
|
||||||
|
$userClass = 'user';
|
||||||
|
$filter = '!(objectClass=computer)';
|
||||||
|
$userNameAttribute = 'sAMAccountName';
|
||||||
|
} else {
|
||||||
|
// OpenLDAP defaults
|
||||||
|
$userClass = 'inetOrgPerson';
|
||||||
|
$filter = null;
|
||||||
|
$userNameAttribute = 'uid';
|
||||||
|
}
|
||||||
|
|
||||||
|
$formData['user_class'] = $userClass;
|
||||||
|
|
||||||
|
if (! isset($formData['filter']) || $formData['filter'] === '') {
|
||||||
|
$formData['filter'] = $filter;
|
||||||
|
}
|
||||||
|
|
||||||
|
$formData['user_name_attribute'] = $userNameAttribute;
|
||||||
|
|
||||||
|
if ($baseDn !== null && (! isset($formData['base_dn']) || $formData['base_dn'] === '')) {
|
||||||
|
$formData['base_dn'] = $baseDn;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($formData['btn_discover_domain']) && $formData['btn_discover_domain'] === 'discovery_btn') {
|
||||||
|
try {
|
||||||
|
$formData['domain'] = $this->discoverDomain($formData);
|
||||||
|
} catch (LdapException $e) {
|
||||||
|
$this->error($e->getMessage());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return parent::isValidPartial($formData);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Discover the domain the LDAP server is responsible for and fill it in the form
|
* Get the LDAP capabilities of either the resource specified by the user or the default one
|
||||||
*
|
*
|
||||||
* @param LdapConnection $connection
|
* @param string[] $formData
|
||||||
|
*
|
||||||
|
* @return LdapCapabilities
|
||||||
*/
|
*/
|
||||||
public function populateDomain(LdapConnection $connection)
|
protected function getLdapCapabilities(array $formData)
|
||||||
{
|
{
|
||||||
try {
|
if ($this->ldapCapabilities === null) {
|
||||||
$domain = $this->discoverDomain($connection);
|
$this->ldapCapabilities = ResourceFactory::create(
|
||||||
} catch (LdapException $e) {
|
isset($formData['resource']) ? $formData['resource'] : reset($this->resources)
|
||||||
$this->_elements['btn_discover_domain']->addError($e->getMessage());
|
)->bind()->getCapabilities();
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->_elements['domain']->setValue($domain);
|
return $this->ldapCapabilities;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Discover the domain the LDAP server is responsible for
|
* Discover the domain the LDAP server is responsible for
|
||||||
*
|
*
|
||||||
* @param LdapConnection $connection
|
* @param string[] $formData
|
||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
protected function discoverDomain(LdapConnection $connection)
|
protected function discoverDomain(array $formData)
|
||||||
{
|
{
|
||||||
$cap = LdapCapabilities::discoverCapabilities($connection);
|
$cap = $this->getLdapCapabilities($formData);
|
||||||
|
|
||||||
if ($cap->isActiveDirectory()) {
|
if ($cap->isActiveDirectory()) {
|
||||||
$netBiosName = $cap->getNetBiosName();
|
$netBiosName = $cap->getNetBiosName();
|
||||||
|
|
|
||||||
|
|
@ -212,7 +212,7 @@ class AuthBackendPage extends Form
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->info($this->translate('The configuration has been successfully validated.'));
|
$this->info($this->translate('The configuration has been successfully validated.'));
|
||||||
} elseif (isset($formData['btn_discover_domain'])) {
|
} elseif (isset($formData['discovery_btn']) || isset($formData['btn_discover_domain'])) {
|
||||||
return parent::isValidPartial($formData);
|
return parent::isValidPartial($formData);
|
||||||
} elseif (! isset($formData['backend_validation'])) {
|
} elseif (! isset($formData['backend_validation'])) {
|
||||||
// This is usually done by isValid(Partial), but as we're not calling any of these...
|
// This is usually done by isValid(Partial), but as we're not calling any of these...
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue