summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-30 12:54:47 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-30 12:54:47 +0100
commiteb96292fffa8d3161e4be710ebe014a3e40f8b97 (patch)
treeae389729354806ba01a7e6508f3c5cf5220d2e49
parent7906fe64d5b76d6abec033ade2d3e9fa56d9abd8 (diff)
parentdf76f949cbc592a3b58079ace738b3d16e0f323d (diff)
downloadwebadmin-eb96292fffa8d3161e4be710ebe014a3e40f8b97.tar.gz
Merge branch 'dev/configuration-handling'
Conflicts: lib/Auth/LDAP.php
-rw-r--r--lib/Auth/LDAP.php52
-rw-r--r--lib/Conf.php45
-rw-r--r--lib/kolab_client_task.php10
3 files changed, 80 insertions, 27 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index fd537d2..4339c71 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -64,6 +64,20 @@ class LDAP
{
$this->conf = Conf::get_instance();
+ // See if we are to connect to any domain explicitly defined.
+ if (!isset($domain) || empty($domain)) {
+ // If not, attempt to get the domain from the session.
+ if (isset($_SESSION['user'])) {
+ try {
+ $domain = $_SESSION['user']->get_domain();
+ } catch (Exception $e) {
+ // TODO: Debug logging
+ error_log("Warning, user not authenticated yet");
+ }
+ }
+ }
+
+ // Continue and default to the primary domain.
$this->domain = $domain ? $domain : $this->conf->get('primary_domain');
$this->_ldap_uri = $this->conf->get('ldap_uri');
$this->_ldap_server = parse_url($this->_ldap_uri, PHP_URL_HOST);
@@ -172,11 +186,11 @@ class LDAP
'/usr/lib64/mozldap/ldapsearch',
'-x',
'-h',
- // TODO: Get from conf
- 'ldap.klab.cc',
+ $this->_ldap_server,
+ '-p',
+ $this->_ldap_port,
'-b',
- // TODO: Get from conf
- 'dc=klab,dc=cc',
+ $conf->get('base_dn'),
'-D',
'"' . $_SESSION['user']->user_bind_dn . '"',
'-w',
@@ -549,8 +563,12 @@ class LDAP
{
$conf = Conf::get_instance();
- $base_dn = $conf->get('ldap', 'user_base_dn');
- $filter = $conf->get('ldap', 'user_filter');
+ $base_dn = $conf->get('user_base_dn');
+
+ if (!$base_dn)
+ $base_dn = $conf->get('base_dn');
+
+ $filter = $conf->get('user_filter');
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -568,8 +586,7 @@ class LDAP
{
$conf = Conf::get_instance();
- // TODO: From config
- $base_dn = "dc=klab,dc=cc";
+ $base_dn = $conf->get('base_dn');
// TODO: From config
$filter = "(&(objectclass=ldapsubentry)(objectclass=nsroledefinition))";
@@ -587,14 +604,12 @@ class LDAP
private function groups_list($attributes = array(), $search = array())
{
- // TODO: From config
- $base_dn = "ou=Groups,dc=klab,dc=cc";
- // TODO: From config
- $filter = "(|"
- ."(objectClass=kolabgroupofnames)"
- ."(objectclass=kolabgroupofuniquenames)"
- ."(objectclass=kolabgroupofurls)"
- .")";
+ $base_dn = $conf->get('group_base_dn');
+
+ if (!$base_dn)
+ $base_dn = $conf->get('base_dn');
+
+ $filter = $conf->get('group_filter');
if (empty($attributes) || !is_array($attributes)) {
$attributes = array('*');
@@ -630,6 +645,7 @@ class LDAP
else {
$result[$dn][$attr] = array();
for ($z = 0; $z < $__result[$x][$attr]["count"]; $z++) {
+ // The first result in the array is the primary domain.
if ($z == 0 && $attr == $dn_attr) {
$result[$dn]['primary_domain'] = $__result[$x][$attr][$z];
}
@@ -955,7 +971,7 @@ class LDAP
if (empty($search) || !is_array($search) || empty($search['params'])) {
return null;
}
-
+
$filter = '';
foreach ((array) $search['params'] as $field => $param) {
$value = self::_quote_string($param['value']);
@@ -1091,6 +1107,7 @@ class LDAP
private function _get_group_dn($root_dn, $search_filter)
{
+ // TODO: Why does this use privileged credentials?
if (($this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'))) == false) {
$this->_bind($this->conf->get('manager_bind_dn'), $this->conf->get('manager_bind_pw'));
}
@@ -1113,6 +1130,7 @@ class LDAP
private function _get_user_dn($root_dn, $search_filter)
{
+ // TODO: Why does this use privileged credentials?
if (($this->_bind($this->conf->get('bind_dn'), $this->conf->get('bind_pw'))) == false) {
//message("WARNING: Invalid Service bind credentials supplied");
$this->_bind($this->conf->get('manager_bind_dn'), $this->conf->get('manager_bind_pw'));
diff --git a/lib/Conf.php b/lib/Conf.php
index 704c3c4..d333e42 100644
--- a/lib/Conf.php
+++ b/lib/Conf.php
@@ -99,19 +99,46 @@ class Conf {
}
}
- // Simple (global) settings may be obtained by calling the key and omitting
- // the section. This goes for sections 'kolab', and whatever is the equivalent
- // of 'kolab', 'auth_mechanism'.
-// echo "<pre>";
-// print_r($this->_conf);
-// echo "</pre>";
+ // Simple (global) settings may be obtained by calling the key and
+ // omitting the section. This goes for sections 'kolab', and whatever
+ // is the equivalent of 'kolab', 'auth_mechanism', such as getting
+ // 'ldap_uri', which is in the [$domain] section, or in section 'ldap',
+ // and we can try and iterate over it.
+
+ // First, try the most exotic.
+ if (isset($_SESSION['user']) && method_exists($_SESSION['user'], 'get_domain')) {
+ try {
+ $domain_section_name = $_SESSION['user']->get_domain();
+ if (isset($this->_conf[$domain_section_name][$key1])) {
+ return $this->_conf[$domain_section_name][$key1];
+ }
+ } catch (Exception $e) {
+ $domain_section_name = $this->get('kolab', 'primary_domain');
+ if (isset($this->_conf[$domain_section_name][$key1])) {
+ return $this->_conf[$domain_section_name][$key1];
+ }
+ }
+ }
+
+ // Fall back to whatever is the equivalent of auth_mechanism as the
+ // section (i.e. 'ldap', or 'sql')
+ $auth_mech = $this->_conf['kolab']['auth_mechanism'];
+ if (isset($this->_conf[$auth_mech])) {
+ if (isset($this->_conf[$auth_mech][$key1])) {
+ return $this->_conf[$auth_mech][$key1];
+ }
+ }
+ // Fall back to global settings in the 'kolab' section.
if (isset($this->_conf['kolab'][$key1])) {
return $this->_conf['kolab'][$key1];
}
- else if (isset($this->_conf[$this->_conf['kolab']['auth_mechanism']][$key1])) {
- return $this->_conf[$this->_conf['kolab']['auth_mechanism']][$key1];
- }
+
+ error_log("Could not find setting for \$key1: " . $key1 .
+ " with \$key2: " . $key2
+ );
+
+ return false;
}
public function expand($str, $custom = FALSE)
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index c6115e7..91039f1 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -104,7 +104,10 @@ class kolab_client_task
*/
private function api_init()
{
- $url = $this->config_get('api_url', '');
+ $url = $this->config_get('api_url', '');
+
+ // TODO: Debug logging
+ //console($url);
if (!$url) {
$url = kolab_utils::https_check() ? 'https://' : 'http://';
@@ -113,6 +116,9 @@ class kolab_client_task
$url .= '/api';
}
+ // TODO: Debug logging
+ //console($url);
+
$this->api = new kolab_client_api($url);
}
@@ -167,6 +173,8 @@ class kolab_client_task
if ($login['username']) {
$result = $this->api->login($login['username'], $login['password']);
+ //console($result);
+
if ($token = $result->get('session_token')) {
$user = array('token' => $token, 'domain' => $result->get('domain'));