878bd78587
LdapUserBackend: Unfold the user_name_attribute automatically
...
This is.. the currently easiest solution. As long as attribute unfolding
is not very performance intensive this solution suffices.
refs #10367
refs #10332
2015-10-16 17:25:42 +02:00
8ed489c637
LdapUserGroupBackend: Add method persistUserName()
...
refs #10367
refs #10370
2015-10-16 15:28:44 +02:00
58fc87b2e5
Repository: Ensure that we'll internally only work with virtual table names
...
refs #10367
2015-10-16 14:46:44 +02:00
1b7dc1098c
DbUserGroupBackend: Use LEFT JOIN to join the group_membership table
...
Fixes the issue that groups are not found if they do not have any members
even though they meet the where clause
2015-10-16 13:10:39 +02:00
7ef76932d4
DbRepository: Validate the table when inserting, updating and deleting
2015-10-16 12:36:47 +02:00
33037eebbb
Revert "Fix group base DN is erroneously used in place of user base DN"
...
This reverts commit ac7546d9f2
2015-10-16 10:08:14 +02:00
34bf0c3cb0
Add method getUserBackendName() to UserGroupBackendInterface
...
refs #10367
refs #10373
2015-10-15 15:28:03 +02:00
331822ad15
Merge pull request #47 from anenviousguest/master
2015-10-15 12:53:10 +02:00
ac7546d9f2
Fix group base DN is erroneously used in place of user base DN
...
refs #10340
refs #10367
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-10-15 12:52:17 +02:00
d6432cd881
LdapUserGroupBackend: Fix invalid query column initialization, again
...
I've mistakenly reverted a change from Aaron Collins that would have
prevented this issue from occuring.
fixes #10318
2015-10-09 03:53:22 +02:00
8358f82885
LdapUserGroupBackend: Do not consider every "member" as a "user"
...
Not all members of a group are actual user objects. I would have liked to
actually only show real users, but this is currently not possible.
refs #9772
2015-09-29 11:29:05 +02:00
d33b1954aa
LdapUserGroupBackend: Fetch the uid for a member's DN
...
refs #9772
2015-09-29 09:48:57 +02:00
ef1a81897b
LdapUserGroupBackend: Automatically unfold the user_name attribute
...
refs #9772
2015-09-29 09:48:22 +02:00
b7ddb6e4c2
LdapUserGroupBackend: Register the user backend for later use
...
refs #9772
2015-09-29 09:44:01 +02:00
e7e3520375
LdapUserGroupBackend: Fix method getMemberships()
...
refs #9950
2015-09-28 10:57:17 +02:00
e5f2174c1e
LdapUserGroupBackend: Restore method requireTable()
...
refs #9950
2015-09-25 16:24:16 +02:00
fe9ee48d65
LdapUserGroupBackend: Fix incorrect table name initialization
...
refs #9950
2015-09-25 16:23:13 +02:00
b19ecbfb43
LdapUserGroupBackend: Remove the remaining code duplicates
...
refs #9950
refs #9772
2015-09-25 16:21:33 +02:00
23631c8f39
changed order of posix check
...
refs #9950
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-09-25 14:35:08 +02:00
73715c94b1
Fixes for ldap group auth
...
The current LdapUserGroupBackend was incomplete and suffered from a little over zealous copy pasta. It had over written certain functions that where unnecessary such as the constructor and a table validator. This patch aims to clean those up. Additionally it also makes this group auth work with posixGroup that use the username as the member identifier and not just inetGroups that use the full dn
refs #9950
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-09-25 14:34:33 +02:00
b69311165c
Conform to coding guidelines
2015-09-22 14:53:29 +02:00
42fb1a174b
Do not crash when ldap_dn is defined in additional variables
...
refs #9950
2015-09-22 14:08:15 +02:00
46f2f71c57
Improve logging of membership queries
...
refs #9950
2015-09-22 13:02:08 +02:00
84554d245d
Conform to coding guidelines
...
refs #9950
2015-09-22 12:51:00 +02:00
f3df1f228d
Fix for support issue 9950, do lookups properly on posixGroup group classes
2015-09-18 13:37:04 -07:00
17e8f01d24
Use the DN to fetch group memberships from LDAP
...
fixes #9901
2015-09-18 15:34:12 +02:00
056ab0c96c
Fix that DbUserBackend::inspect() reports 0 users when only one exists
...
refs #9739
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-09-01 23:08:24 +02:00
d2a4b880b1
Revert "Accept DbUserBackends with only one single user"
...
This reverts commit c8d065b3e0#9739
2015-09-01 23:05:34 +02:00
1e6c394693
Controller: Create the filter editor in setupFilterControl() ...
...
...instead of demanding a concrete controller to do so.
We still have to decide how to handle parameter preservation
properly.
refs #9029
2015-08-13 17:05:13 +02:00
4b6849eea7
Repository: Introduce query column blacklists
...
We can no longer use $filterColumns to blacklist query columns so
there is now another set of column names required to achieve this.
refs #9029
2015-08-13 14:06:27 +02:00
316a4d8b82
Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609
2015-07-30 16:16:04 +02:00
a234852f32
Merge branch 'feature/basic-auth-9660'
...
resolves #9660
2015-07-30 15:05:07 +02:00
feed927fd2
Let external auth win over session auth and session auth over http auth
...
refs #9660
2015-07-30 14:50:05 +02:00
55ad2dd65f
Don't fail if password contains a colon on basic auth
...
refs #9660
2015-07-30 13:59:47 +02:00
c594d6db33
Challenge client on invalid basic access auth credentials
...
refs #9660
2015-07-30 13:59:18 +02:00
3aae37aff3
Don't redirect on external auth
...
refs #9660
2015-07-30 12:02:42 +02:00
36ff2d8914
lib: Set User::$isHttpUser in Auth
...
refs #9660
2015-07-30 09:32:24 +02:00
cf8c680482
lib: Add basic access authentication (WIP)
...
refs #9660
2015-07-29 17:22:55 +02:00
fb7666e6bd
LdapUserGroupBackend: Adjust usage of LdapCapabilities::hasAdOid()
...
Usage search ftw..
2015-07-29 16:26:39 +02:00
c3a057dbdb
lib: Add AuthChain::setSkipExternalBackends() in favor of setIteratorMode()
...
There's only one mode.
refs #9660
2015-07-29 16:18:30 +02:00
3ca85f9daa
lib: Add Auth::getRequest()
...
Basic auth will require the request.
refs #9660
2015-07-29 15:56:45 +02:00
96e3111f58
lib: Reorder functions in Auth
...
refs #9660
2015-07-29 15:52:56 +02:00
37ef87b9ab
lib: Fix PHPDoc in ExternalBackend
...
refs #9660
2015-07-29 15:46:40 +02:00
1b5c5deace
lib: Rename remote user to external user
...
We renamed our backend. Code now reflects this.
refs #9660
2015-07-29 15:44:32 +02:00
3f7081296b
Merge branch 'master' into bugfix/allow-to-configure-how-to-manage-groups-9609
2015-07-29 15:02:20 +02:00
ae4b7144cd
lib: Implement Auth::getAuthChain()
...
Saves one use statement for auth chain usages.
refs #9660
2015-07-29 14:14:19 +02:00
745e30259d
lib: Implement AuthChain::authenticate()
...
Right now the LoginController has all the authentication which is kind of a mess. Further, the upcoming basic access authentication has to reuse this code.
Thus AuthChain::authenticate() is introduced to handle both cases.
refs #9660
2015-07-29 14:11:54 +02:00
13edbf901d
UserBackend: Implement interface ConfigAwareFactory
...
refs #9609
2015-07-29 13:44:26 +02:00
83aafe8cda
Allow to discover LDAP connections in the wizard as well
...
...
2015-07-29 09:26:53 +02:00
4d44a0625c
lib: Move UserBackendInterface::authenticate() to new interface Authenticatable
...
refs #9660
2015-07-29 09:25:14 +02:00
2a4e614b5e
Fix code style in AuthChain
...
refs #9660
2015-07-28 19:55:26 +02:00
07849e0fea
lib: Rename Authentication/Manager to Authentication/Auth
...
refs #9660
2015-07-28 17:08:55 +02:00
c8d065b3e0
Accept DbUserBackends with only one single user
...
fixes #9739
2015-07-28 12:41:08 +02:00
5478027855
Bring back user count in ldap backend inspection
...
We already use count later in the wizard anyways.
refs #9630
2015-07-16 16:52:56 +02:00
e357960d1e
Add Inspection API to DB backend
...
refs #9641
2015-07-16 16:16:55 +02:00
ffe672c252
Improve message texts and scalabillity
...
Always start uppercase and don't use count() function until we've got a more scalable implementation in the LdapConnection.
refs #9630
2015-07-16 13:51:26 +02:00
6b8e5da76d
Move all assertion functions into the inspect functions
...
Reduce code duplication and add class Inspection
refs #9630
2015-07-16 12:21:11 +02:00
59c4f8d056
Use Inspection API in User Backend Form
...
refs #9630
2015-07-15 19:35:25 +02:00
3ddb8ca1bd
Add abillity to discover AD version and vendor name to discovery
...
refs #9605
2015-07-14 18:32:44 +02:00
f5089dab1a
DbUserGroupBackend: Use is_numeric() instead of is_int()
...
Using MySQL fetchColumn() returns integers for id fields, using MariaDB
though, fetchColumn() returns strings..
fixes #9572
2015-07-07 14:07:55 +02:00
066b3d9e28
ApplicationConfigForm: Make preference options be global options
...
refs #8709
2015-07-01 15:41:45 +02:00
3dddee8b7d
Setup: Fix authentication backend validation
...
This is a ridiculous dirty fix. We'll definitely need to
improve how we create authentication backends...
fixes #9509
2015-06-25 14:36:51 +02:00
3c47ef6826
Ldap\Exception: Rename to LdapException
...
refs #8954
2015-06-24 09:19:41 +02:00
6d8c56a12f
Ldap\Connection: Return false if nothing is found for fetchRow()
...
This should behave like DbConnection::fetchRow().
refs #8954
2015-06-23 10:49:51 +02:00
15220da645
Automatically strip unnecessary parentheses from custom ldap filters
...
fixes #9348
2015-06-23 10:32:45 +02:00
5688f0cb85
Allow to configure user group backends of type LDAP
...
refs #7343
2015-06-05 14:53:29 +02:00
cacd97fb46
LdapUserGroupBackend: Make default configuration providers public
...
I'd like to access these when preparing a config form.
refs #7343
2015-06-05 11:09:31 +02:00
02d2ea682e
LdapUserGroupBackend: Do not permit to link different directories
...
I cannot think of a valid usecase right now. In case someone got one,
revert this commit and make use of the backend itself and not only
its configuration.
refs #7343
2015-06-05 10:51:54 +02:00
0ab192cd1f
LdapUserGroupBackend: Allow to link a user backend
...
refs #7343
2015-06-05 10:41:47 +02:00
127489ca20
UserBackend: Allow to only pass a backend's name
2015-06-05 10:40:47 +02:00
ee2462a6b2
LdapUserGroupBackend: Let the backend decide which defaults to use
...
refs #7343
2015-06-05 10:19:28 +02:00
3fd0d99db2
LdapUserGroupBackend: Add support for custom query filters
...
refs #7343
2015-06-05 09:57:40 +02:00
90d946f149
LdapUserGroupBackend: We need a datasource, actually
...
Forgot to add this when disabling LdapRepository inheritance...
refs #7343
2015-06-03 16:40:14 +02:00
d9eb8f9e8d
LdapUserGroupBackend: Do not extend LdapRepository
...
Selecting groups works, but not memberships. Does not make sense
until both things work...
refs #7343
2015-06-03 16:33:22 +02:00
89d992278b
Introduce class LdapUserGroupBackend
...
refs #743
2015-06-03 16:27:50 +02:00
86c63ec913
Introduce class LdapRepository
...
refs #7343
2015-06-03 15:28:07 +02:00
96f5f8fd49
LdapUserBackend: Do not fetch a user's groups
...
refs #7343
2015-06-03 15:16:54 +02:00
e0c0e9c874
LdapUserBackend: Move function retrieveGeneralizedTime into its parent
...
refs #7343
2015-06-03 14:36:46 +02:00
cd0c418854
Merge branch 'master' into feature/user-and-group-management-8826
2015-06-02 10:44:13 +02:00
e936c76ca9
DbUserGroupBackend: Really clear memberships and parent relations...
...
...when removing a group.
refs #8826
2015-06-01 15:34:38 +02:00
1385295e4e
DbUserGroupBackend: Properly handle sequences of group names
...
refs #8826
2015-06-01 15:33:35 +02:00
62fff94808
DbUserGroupBackend: Do not try to fetch a group id for null
...
refs #8826
2015-06-01 15:16:03 +02:00
beb5bd7370
Repository: Clone a filter implicitly in self::requireFilter($clone = true)
...
refs #8826
2015-06-01 15:03:08 +02:00
601b720a03
LdapUserBackend: Fetch and interpret the correct attributes (OpenLDAP)
...
refs #8826
2015-06-01 14:05:44 +02:00
d1a5321d02
LdapUserBackend: Fetch and interpret the correct attributes (ActiveDirectory)
...
refs #8826
2015-06-01 12:23:16 +02:00
a88037f45d
DbUserGroupBackend: Fetch and persist a group's id when it's name is given
...
refs #8826
2015-05-29 11:33:35 +02:00
bb285db05b
Differentiate the source or destination of a column when converting values
...
refs #8826
2015-05-29 11:32:15 +02:00
60ce78c958
DbUserGroupBackend: Adjust how to load the name of a group's parent
...
refs #8826
2015-05-29 08:57:49 +02:00
c94e6a3292
Db/IniUserGroupBackend: Drop column parent_name, it's not a name anymore
...
refs #8826
2015-05-29 08:56:58 +02:00
32b99be8ab
DbUserGroupBackend: Adjust to fit the new database schema
...
refs #8826
2015-05-28 15:22:15 +02:00
cba36ec017
Ignore the preferences' loadability during authentication
...
fixes #8956
2015-05-27 15:13:53 +02:00
10b158a182
LdapUserBackend: Fix sorting when sorting by user_name
...
refs #8826
2015-05-21 13:53:27 +02:00
4d79731646
DbUserBackend: Fix sorting when sorting by user_name
...
refs #8826
2015-05-21 13:53:18 +02:00
9278d708d7
IniUserGroupBackend: Do not sort by parent when sorting by group_name
...
refs #8826
2015-05-21 13:51:24 +02:00
6369643145
DbUserGroupBackend: Do not sort by parent when sorting by group_name
...
refs #8826
2015-05-21 13:51:15 +02:00
0a387573f3
Logger: Fix substitution of exception messages
2015-05-13 10:46:34 +02:00
f93c2de6be
UserGroupBackend: Disable default backend type `ini'
...
We're not going to support this until a proper membership implementation
exists (or is required at all).
refs #8826
2015-05-13 10:45:54 +02:00
223ecab991
DbUserGroupBackend: Make it possible to handle memberships
...
refs #8826
2015-05-13 10:34:39 +02:00
47dfcf5e1d
DbUserGroupBackend: Do not use the repository abstraction internally
...
That's overhead which is not necessary.
refs #8826
2015-05-13 10:34:00 +02:00
104c1c6bba
DbUserBackend: Utilize Zend_Db_Select when fetching the password hash
2015-05-13 09:16:24 +02:00
Johannes Meyer
Eric Lippmann
Vladislav Ponomarev
Aaron Collins
Matthias Jentsch
Jo Rhett
Alexander A. Klimov
Russell Kubik