mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-24 22:34:24 +02:00
LdapUserGroupBackend: Base ambiguity decision based on isDN
Problem was: When a DN did not contain the same base DN, the check failed This happens when you have an entry referencing a DN of another domain. (And this value is tested as a sample)
This commit is contained in:
parent
28b1a00d4a
commit
f65759ace8
@ -10,6 +10,7 @@ use Icinga\Data\ConfigObject;
|
|||||||
use Icinga\Exception\ConfigurationError;
|
use Icinga\Exception\ConfigurationError;
|
||||||
use Icinga\Exception\ProgrammingError;
|
use Icinga\Exception\ProgrammingError;
|
||||||
use Icinga\Protocol\Ldap\LdapException;
|
use Icinga\Protocol\Ldap\LdapException;
|
||||||
|
use Icinga\Protocol\Ldap\LdapUtils;
|
||||||
use Icinga\Repository\LdapRepository;
|
use Icinga\Repository\LdapRepository;
|
||||||
use Icinga\Repository\RepositoryQuery;
|
use Icinga\Repository\RepositoryQuery;
|
||||||
use Icinga\User;
|
use Icinga\User;
|
||||||
@ -438,6 +439,11 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
|
|||||||
/**
|
/**
|
||||||
* Return whether the attribute name where to find a group's member holds ambiguous values
|
* Return whether the attribute name where to find a group's member holds ambiguous values
|
||||||
*
|
*
|
||||||
|
* This tries to detect if the member attribute of groups contain:
|
||||||
|
*
|
||||||
|
* full DN -> distinguished name of another object
|
||||||
|
* other -> ambiguous field referencing the member by userNameAttribute
|
||||||
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*
|
*
|
||||||
* @throws ProgrammingError In case either $this->groupClass or $this->groupMemberAttribute
|
* @throws ProgrammingError In case either $this->groupClass or $this->groupMemberAttribute
|
||||||
@ -463,7 +469,8 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
|
|||||||
->setUnfoldAttribute($this->groupMemberAttribute)
|
->setUnfoldAttribute($this->groupMemberAttribute)
|
||||||
->setBase($this->groupBaseDn)
|
->setBase($this->groupBaseDn)
|
||||||
->fetchOne();
|
->fetchOne();
|
||||||
$this->ambiguousMemberAttribute = !$this->isRelatedDn($sampleValue);
|
|
||||||
|
$this->ambiguousMemberAttribute = ! LdapUtils::isDn($sampleValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->ambiguousMemberAttribute;
|
return $this->ambiguousMemberAttribute;
|
||||||
|
@ -74,6 +74,9 @@ abstract class LdapRepository extends Repository
|
|||||||
*
|
*
|
||||||
* Will use the current connection's root DN if $baseDn is not given.
|
* Will use the current connection's root DN if $baseDn is not given.
|
||||||
*
|
*
|
||||||
|
* @deprecated This was only used by LdapUserGroupBackend::isMemberAttributeAmbiguous
|
||||||
|
* It will be removed with 2.6.0!
|
||||||
|
*
|
||||||
* @param string $dn The object DN to check
|
* @param string $dn The object DN to check
|
||||||
* @param string $baseDn The base DN to compare the object DN with
|
* @param string $baseDn The base DN to compare the object DN with
|
||||||
*
|
*
|
||||||
|
Loading…
x
Reference in New Issue
Block a user