Commit Graph

322 Commits

Author SHA1 Message Date
Eric Lippmann 1d1a4b4be3 Optimize imports in LdapConnection 2016-04-08 12:58:30 +02:00
Eric Lippmann 1f69189b14 Merge branch 'feature/ldap-scope-11485'
resolves 
2016-04-08 12:57:41 +02:00
Markus Frosch 955a9482ad lib/LDAP: Add fetchByDn for a base scope retrieval on an entry
refs 
2016-04-07 17:16:51 +02:00
Markus Frosch 202d61dd4e lib/LDAP: Add support for LDAP search scope
Configurable on the LdapQuery, handled by LdapConnection::ldapSearch

refs 
2016-04-07 17:16:38 +02:00
Markus Frosch adeaf60aed lib/LDAP: Do not explicitly set the fields list when ordering
refs 
2016-04-07 17:13:07 +02:00
Markus Frosch 0f538e7f06 lib/LDAP: LdapUtils::explodeDN replace deprecated use of eval in preg_replace
fixes 
2016-04-04 09:25:59 +02:00
Johannes Meyer cdb873cbdb ResourceFactory: Validate a resource's configuration
Probably only a quickfix, but feels still more proper than the
previous solution, on a second thought..
2016-02-12 14:19:44 +01:00
Alexander A. Klimov 34afcc07b3 LdapConnection: disallow an empty root DN
fixes 
2016-02-09 10:29:08 +01:00
Alexander A. Klimov 474803fee4 Change all license headers to only reflect a file's year of creation
refs 
2016-02-08 15:41:00 +01:00
Johannes Meyer 9587c363f6 LdapConnection: Do not explicitly emit the bind password in the log 2015-11-27 08:13:35 +01:00
Johannes Meyer 31b584b338 LdapConnection: Fix method fetchOne()
The method suffered from multiple issues:
* Actual NULL values were interpreted as if the row does not have any cols
* Which attribute's value got returned was dependent on the result set instead of the desired columns

refs 
2015-11-11 12:44:08 +01:00
Johannes Meyer 2917f352b5 Merge branch 'master' into bugfix/unreliable-attribute-ambiguity-check-10567
Conflicts:
	library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
	library/Icinga/Protocol/Ldap/LdapConnection.php
2015-11-11 11:53:19 +01:00
Johannes Meyer c85bce7211 LdapConnection: Add method ldapSearch()
This will now emit a debug message for each issued search operation.

refs 
2015-11-11 10:01:00 +01:00
Johannes Meyer cee639d689 LdapConnection: Re-apply a query's filter on unfolded rows
refs 
2015-11-10 14:03:08 +01:00
Johannes Meyer e408630e34 LdapConnection: Do not require calling array_flip for method cleanupAttributes()
Seems to be a relict of an earlier implementation..

refs 
2015-11-10 13:41:08 +01:00
Johannes Meyer 666e67b405 LdapConnection: Prefer strict checks when utilizing in_array() 2015-11-10 13:17:30 +01:00
Johannes Meyer 4341eef4b1 LdapQuery: Add support for Icinga\Data\Filter
refs 
2015-11-09 15:59:48 +01:00
Johannes Meyer 9b826e6e5f Drop class Ldap\Expression and introduce LdapQuery::$nativeFilter
I'm about to add support for our Data\Filter implementation, since it cannot
parse native LDAP filters and a user may have configured such, we need to
differentiate the two types of filter.

refs 
2015-11-09 13:04:02 +01:00
Johannes Meyer 57f30b1f92 Do not apply server side sorting for paged search requests
Revert this prior start working on 

refs 
2015-10-01 15:47:11 +02:00
Johannes Meyer e5f035c537 LdapConnection: Do not apply any custom vodoo on a ldap resource object
refs 
2015-09-29 12:08:17 +02:00
Johannes Meyer d720180348 LdapConnection: Properly apply limit and offset for unfolded queries
refs 
2015-09-29 11:41:21 +02:00
Johannes Meyer b0559206af LdapConnection: Do not substract 1 from a given offset,
refs 
2015-09-29 11:39:36 +02:00
Johannes Meyer 624f5050b7 LdapConnection: Count properly in case the result may get unfolded
refs 
2015-09-29 11:33:21 +02:00
Johannes Meyer 575875481a LdapConnection: Do not substract 1 from a given offset
refs 
2015-09-29 11:31:36 +02:00
Johannes Meyer 33c6f2e06b LdapConnection: Support unfolding multi value attributes
refs 
2015-09-29 09:47:30 +02:00
Eric Lippmann eff9249863 lib: Don't provide LDAP server-side sort request if the query has no order
refs 
2015-09-17 13:01:58 +02:00
Eric Lippmann a4fec6f42e lib: Fix LdapConnection::encodeSortRules()
- Fix reverseOrder encoding
- Support PHP < 5.4
2015-09-08 14:29:31 +02:00
Eric Lippmann 39c68dd5ce LDAP Auth: Fix Fatal error: Call to a member function hasOid() on a non-object 2015-09-04 15:01:05 +02:00
Eric Lippmann 297a4333cd lib/ldap: Use the indefinite form of the length octets for encoded sort rules where appropriate
I guess we may never need this, but hey :)

refs 
2015-09-04 11:58:11 +02:00
Eric Lippmann 9b22b24561 lib/ldap: Use ldap_count_entries for counting the result set 2015-09-04 09:57:04 +02:00
Eric Lippmann fa25ce7f2f lib/ldap: Set server side sorting after calling ldap_control_paged_result()
ldap_control_paged_result() seems to override already set server controls.

refs 
2015-09-03 17:50:24 +02:00
Eric Lippmann 9e11d539fd lib/ldap: Enable server side sorting if supported by the server
refs 
2015-09-03 17:48:53 +02:00
Eric Lippmann 00e5bbe91c lib/ldap: Fix LdapConnection::encodeSortRules()
refs 
2015-09-03 17:47:54 +02:00
Eric Lippmann 70a6157631 lib/ldap: Call getConnection before bind
Looks more natural
2015-09-03 17:11:56 +02:00
Matthias Jentsch 9e40f5f2c7 Remove option to skip certificate validation to prevent insecure configurations
Skipping certificate validation will allow MITM on every single request and not give any real security over just running unencrypted queries. On top of that, there is no way to configure this behavior from within PHP except of setting environment variables, which is really hacky and has side effects on other requests.

fixes 
2015-08-19 16:20:33 +02:00
Johannes Meyer f06be5c9bc LdapConnection: Let self::bind() return $this 2015-07-23 17:34:09 +02:00
Matthias Jentsch c55ba6dff4 fix coding guideline violations 2015-07-16 13:51:35 +02:00
Matthias Jentsch cf8b760ade Use Inspection API in LdapResourceForm
refs 
2015-07-15 19:33:47 +02:00
Matthias Jentsch 276aa43aa2 Upgrdae Inspection API again
Do not use InspectionException any more to reduce complexity of nested inspections, but keep error states
in the Inspection object itself.

refs 
2015-07-15 18:39:09 +02:00
Matthias Jentsch 6762ef053e Upgrade Inspection API
Reduce code duplication and stateffullnes by using InspectionException to indicate that an error was thrown, and only using one inspect function.

refs 
2015-07-15 17:51:18 +02:00
Matthias Jentsch 774d6ce94a Fix invalid function call in getCapabilities caused by refactoring 2015-07-15 15:36:32 +02:00
Matthias Jentsch af58d6964b Fix isEncrypted function broken by refactaring
refs 
2015-07-15 12:23:30 +02:00
Matthias Jentsch 7daa97a166 Clean up unneded code
Remove the now useless error handling cases in case encryption wasn't successful.

refs 
2015-07-15 11:31:56 +02:00
Matthias Jentsch 3b8b5b0022 Revert accidentally commited unneded changes 2015-07-15 11:16:06 +02:00
Matthias Jentsch 212111511a Fix violations of coding guidelines 2015-07-15 10:32:54 +02:00
Matthias Jentsch 84899e3e56 Revert some unneeded changes
refs 
2015-07-15 09:56:18 +02:00
Matthias Jentsch f4d8bfc309 Display connection test info when inspecting LdapConnections
refs 
2015-07-14 18:36:26 +02:00
Matthias Jentsch 3ddb8ca1bd Add abillity to discover AD version and vendor name to discovery
refs 
2015-07-14 18:32:44 +02:00
Matthias Jentsch 40d432100b Add a function to test the connection health
refs 
2015-07-14 18:29:58 +02:00
Matthias Jentsch 6599940e6c Introduce Interface for inspecting ldap connections
refs 
2015-07-14 12:30:16 +02:00