9e40f5f2c7
Remove option to skip certificate validation to prevent insecure configurations
...
Skipping certificate validation will allow MITM on every single request and not give any real security over just running unencrypted queries. On top of that, there is no way to configure this behavior from within PHP except of setting environment variables, which is really hacky and has side effects on other requests.
fixes #9607
2015-08-19 16:20:33 +02:00
f06be5c9bc
LdapConnection: Let self::bind() return $this
2015-07-23 17:34:09 +02:00
c55ba6dff4
fix coding guideline violations
2015-07-16 13:51:35 +02:00
cf8b760ade
Use Inspection API in LdapResourceForm
...
refs #9630
2015-07-15 19:33:47 +02:00
276aa43aa2
Upgrdae Inspection API again
...
Do not use InspectionException any more to reduce complexity of nested inspections, but keep error states
in the Inspection object itself.
refs #9630
2015-07-15 18:39:09 +02:00
6762ef053e
Upgrade Inspection API
...
Reduce code duplication and stateffullnes by using InspectionException to indicate that an error was thrown, and only using one inspect function.
refs #9630
2015-07-15 17:51:18 +02:00
774d6ce94a
Fix invalid function call in getCapabilities caused by refactoring
2015-07-15 15:36:32 +02:00
af58d6964b
Fix isEncrypted function broken by refactaring
...
refs #9608
2015-07-15 12:23:30 +02:00
7daa97a166
Clean up unneded code
...
Remove the now useless error handling cases in case encryption wasn't successful.
refs #9608
2015-07-15 11:31:56 +02:00
3b8b5b0022
Revert accidentally commited unneded changes
2015-07-15 11:16:06 +02:00
212111511a
Fix violations of coding guidelines
2015-07-15 10:32:54 +02:00
84899e3e56
Revert some unneeded changes
...
refs #9605
2015-07-15 09:56:18 +02:00
f4d8bfc309
Display connection test info when inspecting LdapConnections
...
refs #9605
2015-07-14 18:36:26 +02:00
3ddb8ca1bd
Add abillity to discover AD version and vendor name to discovery
...
refs #9605
2015-07-14 18:32:44 +02:00
40d432100b
Add a function to test the connection health
...
refs #9605
2015-07-14 18:29:58 +02:00
6599940e6c
Introduce Interface for inspecting ldap connections
...
refs #9605
2015-07-14 12:30:16 +02:00
23f7570ce0
LdapConnection: Don't run a discovery when preparing a new connection
...
fixes #9179
2015-07-10 10:45:10 +02:00
a8ac420897
LdapConnection: Establish a connection lazily
2015-07-10 09:51:39 +02:00
f956d09597
LdapConnection: Fetch attributes required for sorting the results
2015-06-25 15:51:19 +02:00
6ff15acc1b
LdapConnection: Fix that fetchColumn() returns results unordered
2015-06-25 15:50:15 +02:00
3c47ef6826
Ldap\Exception: Rename to LdapException
...
refs #8954
2015-06-24 09:19:41 +02:00
5dea14f04b
Ldap\Query: Rename to LdapQuery
...
refs #8954
2015-06-24 09:14:25 +02:00
c3ad7b211a
Ldap\Connection: Rename to LdapConnection
...
refs #8954
2015-06-24 09:05:29 +02:00
7921e62a0c
Ldap\Connection: Fix existing documentation
...
Part #2
refs #8954
2015-06-23 17:38:19 +02:00
f234b3b768
Ldap\Connection: Re-organize some methods..
...
..and add some missing documentation.
refs #8954
2015-06-23 17:37:10 +02:00
372ca8859e
Ldap\Connection: Some coding style fixes
...
refs #8954
2015-06-23 17:27:30 +02:00
7640284564
Ldap\Connection: Add missing documentation
...
Part #2
refs #8954
2015-06-23 17:23:47 +02:00
b25bf4838b
Ldap\Connection: Re-organize some properties
...
lowerCamelCase, initialisation in __construct, and stuff..
refs #8954
2015-06-23 17:22:26 +02:00
9b0ac3000a
Ldap\Connection: Drop unused property $count
...
refs #8954
2015-06-23 17:17:53 +02:00
02ee460c08
Ldap\Connection: Fix existing documentation
...
Part #1
refs #8954
2015-06-23 17:12:24 +02:00
778bf376b2
Ldap\Connection: Add missing documentation
...
Part #1
refs #8954
2015-06-23 17:06:35 +02:00
c32f9ae735
Ldap\Connection: Drop parameter $fields from method fetchDn()
2015-06-23 15:56:29 +02:00
87e31f497e
Ldap\Connection: Rename method deleteDN() to deleteDn()
2015-06-23 15:21:32 +02:00
3f5cd4b670
Ldap\Connection: Rename method getDN() to getDn()
2015-06-23 15:16:53 +02:00
56cb4c28c4
Ldap\Connection: Rename method hasDN() to hasDn()
2015-06-23 15:11:11 +02:00
759e243d90
Ldap\Connection: Add method fetchPairs()
2015-06-23 15:05:47 +02:00
ac7a7e6674
Ldap\Connection: Add method fetchColumn()
2015-06-23 15:05:03 +02:00
197861efda
Ldap\Connection: Do not suppress errors for failed credential tests
2015-06-23 14:12:01 +02:00
9d6d76a26d
Ldap\Connection: Return false if nothing is found for fetchOne()
...
This should behave like DbConnection::fetchOne().
refs #8954
2015-06-23 12:41:50 +02:00
6d8c56a12f
Ldap\Connection: Return false if nothing is found for fetchRow()
...
This should behave like DbConnection::fetchRow().
refs #8954
2015-06-23 10:49:51 +02:00
c069414b1b
LdapQuery: fix forgotten connection property rename
2015-06-18 11:31:32 +02:00
5dd3950594
Ldap\Connection: Disable server side sorting as it's not working
...
refs #9364
2015-06-03 14:24:48 +02:00
1a0d1702c9
Ldap\Connection: Do not sort *after* the result has been limited
...
fixes #9352
2015-06-03 14:22:38 +02:00
5d50eabb44
FileReader: Mimic cursor capability
2015-06-02 10:39:49 +02:00
7127d5eb39
Ldap\Connection: Connect automatically in case capabilities are not set yet
2015-06-01 12:20:36 +02:00
fb07f0b94c
Merge branch 'master' into feature/user-and-group-management-8826
...
Conflicts:
library/Icinga/Authentication/Backend/LdapUserBackend.php
library/Icinga/Protocol/Ldap/Query.php
2015-05-19 14:14:03 +02:00
73e8c51fd1
Ldap\Query: Remove method paginate()
2015-05-19 13:57:20 +02:00
0e0341f78a
It's the connection which provides a cursor, not the query
2015-05-18 16:01:58 +02:00
c91d3e52ac
Merge branch 'master' into feature/user-and-group-management-8826
2015-05-12 15:39:02 +02:00
25f397042b
Merge branch 'master' into feature/improve-multi-select-view-8565
...
Conflicts:
modules/monitoring/application/controllers/HostsController.php
modules/monitoring/application/controllers/ServicesController.php
modules/monitoring/application/views/scripts/hosts/show.phtml
modules/monitoring/application/views/scripts/list/hosts.phtml
modules/monitoring/application/views/scripts/partials/host/objects-header.phtml
modules/monitoring/application/views/scripts/partials/service/objects-header.phtml
modules/monitoring/application/views/scripts/services/show.phtml
modules/monitoring/public/css/module.less
public/js/icinga/behavior/tooltip.js
2015-05-11 13:28:43 +02:00
108f55128f
Ldap\Query: Fix access of a filter's expression
2015-05-06 10:24:50 +02:00
be696e5adf
LogFileIterator: Fix missing closing bracket
2015-05-05 12:50:35 +02:00
d0a353c3da
Ldap\Connection: Fix result counting
...
Missed to adjust this once I refactored the query execution..
refs #8826
2015-05-04 16:24:17 +02:00
3e8ef5cc0f
Ldap\Query: Quick fix for naive filter support
...
Since this will ignore any logical clauses and operators it must be
considered a quick fix and be dropped once real filter support exists.
refs #8826
2015-05-04 16:17:14 +02:00
7b7a7c9299
Ldap\Connection: Add proper order support
...
Will now utilize SimpleQuery::compare() to provide support for multiple
order columns.
refs #8826
refs #7693
2015-05-04 11:36:38 +02:00
664017573f
Ldap\Connection: Add query alias support
...
refs #8826
2015-05-04 11:32:03 +02:00
5baa0590b1
Ldap\Query: Extend SimpleQuery and add missing documentation
...
refs #8826
refs #8955
2015-05-04 11:26:27 +02:00
99213432f5
Ldap\Connection: Rename fetchDN() to fetchDn()
...
We're using CamelCase names for methods.
2015-05-04 11:16:16 +02:00
7178026b8b
Ldap\Connection: Implement interface Selectable
...
refs #8826
2015-05-04 11:15:20 +02:00
d09ea2845d
Merge branch 'master' into feature/user-and-group-management-8826
2015-04-30 15:20:40 +02:00
3da144f199
Revert "Sort LDAP user list"
...
This reverts commit d4dc0177c0
2015-04-28 15:57:33 +02:00
7c0be30def
Handle and display multiline log messages correctly
2015-04-24 17:36:49 +02:00
ec82b3bc09
Implement Icinga\Protocol\File\LogFileIterator
2015-04-24 17:36:48 +02:00
3d53e6f9b5
Icinga\Protocol\File\FileReader::count(): call iterator_count() only once per instance and cache the returned value
2015-04-24 11:10:40 +02:00
319ca3625c
LdapUserBackend: Drop redundant method hasUser
...
refs #8826
2015-04-21 13:15:40 +02:00
46da404452
Add docstrings to ObjectList and coding style
2015-04-07 16:34:20 +02:00
967a2e82dc
Use (only) "@return $this" in fluent interfaces' documentation
2015-04-07 14:24:11 +02:00
9ce9e0270c
Fix that LDAP encryption settings have no effect
...
I renamed the directive for the encryption setting from 'connection' to 'encryption' before releasing Beta3 but
I forgot to change the Connection class accordingly.
fixes #8953
2015-04-02 10:41:25 +02:00
316d926811
Ldap/Query: re-add __toString
...
We stopped using __toString as it is unable to handle exceptions - and
this makes sense. However, that's IMO not a good reason to completely
drop __toString. Especially when debugging, benchmarking and similar you
often need a quick way to "dump" an object.
In that case you are often not in a mood to figure out whether that
specific class prefers create(), dump(), render() or whatever. We should
not base our view scripts on __toString - at least unless we do not catch
Exceptions in __toString methods, eventually "forwarding" them as triggered
error where needed.
2015-03-13 08:58:25 +01:00
d8d0d88c95
Rename Capability::hasStartTLS to Capability::hasStartTls()
2015-03-13 00:29:00 +01:00
db08ccad4b
Fix encryption setting written to a LDAP reource's INI configuration
...
Use starttls for STARTTLS and ldaps for LDAPS.
2015-03-12 23:56:25 +01:00
86f3ce9133
Rename Ldap\Connetion::SSL to ::LDAPS
...
The SSL constant was used to denote LDAP over TLS/SSL. In fact both STARTTLS and LDAPS use encrypted TLS/SSL communication
w/ STARTTLS upgrading a plain text connection and LDAPS using a separate port. Thus speaking of SSL only for LDAPS and TLS only for STARTTLS
is not correct.
2015-03-12 23:56:08 +01:00
1b9ddaacac
Add PHPDoc to Ldap\Connection's encryption consts
2015-03-12 23:35:38 +01:00
17393a7b41
Remove unnecessary PHPDoc tags from Ldap\Connection
2015-03-12 23:30:04 +01:00
8295d6d9b0
Do not require the `connection' directive when creating a LDAP resource
2015-03-12 15:36:52 +01:00
5de5a65df0
Do not suppress errors when a LDAP capability query fails
2015-03-12 15:18:00 +01:00
1b440a4f1b
Make SSL/TLS configurable for LDAP resources
...
refs #7771
2015-03-12 15:17:19 +01:00
0758be4af1
Add support for dynamic ldap filter expressions
...
"Dynamic" is a more of a overstatement when describing this commit but
the current implementation is just the start. Once our ldap protocol stuff
supports our filter implementation this will be vastly improved.
refs #8365
2015-03-11 09:50:41 +01:00
2cf09ebc48
Revert "LdapResourceForm: Validate the host field and do not require a port"
...
This reverts commit a34d6026b3#7990
2015-03-11 08:00:20 +01:00
a34d6026b3
LdapResourceForm: Validate the host field and do not require a port
...
fixes #7990
2015-03-10 15:03:48 +01:00
36d2d31035
Do not use page control unless explicitly announced
...
refs #8490
2015-02-27 17:10:55 +01:00
65821863fa
Don't crash on single ldap capability entries
...
refs #8490
2015-02-27 17:10:21 +01:00
e93a5f16d9
Move capability-related code of the ldap connection into a separate class
...
Achieve a better separation between the different concerns, more readable code and get rid of unused dead code.
2015-02-27 17:10:21 +01:00
bc950a855d
Surpress warnings when ldap page control is not available
2015-02-25 18:39:03 +01:00
d4dc0177c0
Sort LDAP user list
...
fixes #7693
2015-02-24 12:50:57 +01:00
b70cda77d4
Fail gracefully if the page control is not available
...
Execute the runPagedQuery without pagination instead of throwing an exception.
fixes #8490
2015-02-24 12:22:29 +01:00
b828f8b13a
Fix ldap authentication when authenticating against ActiveDirectory
...
Unlike OpenLDAP, ActiveDirectory does not seem to react on the size limit
passed to ldap_search() in global manner causing it to not to respond with
LDAP_SIZELIMIT_EXCEEDED (4) in case a requested page contains more
entries than the requested maximum.
fixes #7993
2015-02-06 16:37:35 +01:00
3852feb069
Add defaults for limit and offset in Icinga\Protocol\Ldap\Query
2015-02-06 16:32:59 +01:00
c49f723f05
Let Icinga\Protocol\Ldap\Exception inherit from IcingaException
2015-02-06 16:31:03 +01:00
6bae2e0a53
Note that our license is GPL v2 or any later version in our license header instead of pointing to the license's URL
2015-02-04 10:52:27 +01:00
12497749fc
Do not log when using a limited query for a paged search operation
2015-02-04 10:51:49 +01:00
5f624e42fd
Fix minor mistakes in Ldap/Connection
...
Signed-off-by: Eric Lippmann <eric.lippmann@netways.de>
2015-02-04 09:44:17 +01:00
5b4fab0750
Add license header
...
This time without syntax errors hopefully :)
2015-02-03 16:27:59 +01:00
5fa2e3cfdc
Revert "Add license header"
...
This reverts commit 338d067aba
2015-02-03 16:16:26 +01:00
338d067aba
Add license header
...
fixes #7788
2015-02-03 15:51:04 +01:00
7989b48248
Fix ldap auth when the userNameAttribute holds multiple values
...
fixes #8246
2015-02-03 10:15:54 +01:00
3e128732b8
Apply a limit to results fetched via Ldap\Connection::fetchRow()
...
fixes #7993
2015-01-29 17:29:11 +01:00
6e533f223e
Log warnings emitted by ldap_control_paged_result_response() as debug
...
Such a warning is emitted as well in case it's not critical. That is passing
an alternative overall result limit using ldap_search() to the server causes
it being applied across pages so ldap_control_paged_result_response()
does not indicate the "end" of the resultset just by adjusting the cookie
but by emitting the warning as well.
2015-01-29 17:12:59 +01:00
9ff0bbcfc0
Fix that Icinga\Protocol\Ldap\Connection does not correctly apply limits
2015-01-29 17:07:58 +01:00
97cc37b99c
Move php version check from ...\Ldap\Query to ...\Ldap\Connection
...
refs #8261
refs #6176
2015-01-29 15:59:03 +01:00
Matthias Jentsch
Johannes Meyer
Thomas Gelf
Alexander Fuhr
Alexander A. Klimov
Eric Lippmann
Marcus Cobden