tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

LdapUserGroupBackend: Base ambiguity decision based on isDN

Browse Source 
Problem was: When a DN did not contain the same base DN, the check failed

This happens when you have an entry referencing a DN of another domain.
(And this value is tested as a sample)
This commit is contained in:
Markus Frosch 2017-08-18 13:14:34 +02:00 committed by Eric Lippmann
parent 28b1a00d4a
commit f65759ace8
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
View File

@ -10,6 +10,7 @@ use Icinga\Data\ConfigObject;
use Icinga\Exception\ConfigurationError;
use Icinga\Exception\ProgrammingError;
use Icinga\Protocol\Ldap\LdapException;
use Icinga\Protocol\Ldap\LdapUtils;
use Icinga\Repository\LdapRepository;
use Icinga\Repository\RepositoryQuery;
use Icinga\User;
@ -438,6 +439,11 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
/**
* Return whether the attribute name where to find a group's member holds ambiguous values
*
* This tries to detect if the member attribute of groups contain:
*
* full DN -> distinguished name of another object
* other -> ambiguous field referencing the member by userNameAttribute
*
* @return bool
*
* @throws ProgrammingError In case either $this->groupClass or $this->groupMemberAttribute
@ -463,7 +469,8 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
->setUnfoldAttribute($this->groupMemberAttribute)
->setBase($this->groupBaseDn)
->fetchOne();
$this->ambiguousMemberAttribute = !$this->isRelatedDn($sampleValue);
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue);
}
return $this->ambiguousMemberAttribute;

3
library/Icinga/Repository/LdapRepository.php
View File

@ -74,6 +74,9 @@ abstract class LdapRepository extends Repository
*
* Will use the current connection's root DN if $baseDn is not given.
*
* @deprecated This was only used by LdapUserGroupBackend::isMemberAttributeAmbiguous
* It will be removed with 2.6.0!
*
* @param string $dn The object DN to check
* @param string $baseDn The base DN to compare the object DN with
*