summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-31 13:56:06 +0200
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-31 13:56:06 +0200
commitf5a58c5eaa14f741cb582e9a1b2b60bcb9811c99 (patch)
tree264c6f69ca995223042fd4559100cd3c59e55ece
parentb8bba11531399482b2c24ab273649e3156e66859 (diff)
downloadwebadmin-f5a58c5eaa14f741cb582e9a1b2b60bcb9811c99.tar.gz
Move to use configuration value 'unique_attribute' and 'user_name_attribute' and 'group_name_attribute' instead of it's short equivalents (write once read many times)
Move some of the LDAP logic in modifying entries back to where it belongs in Auth::LDAP instead of the lib/api/ files
-rw-r--r--lib/Auth/LDAP.php83
-rw-r--r--lib/api/kolab_api_service_group.php61
-rw-r--r--lib/api/kolab_api_service_user.php2
-rw-r--r--lib/kolab_client_task.php2
4 files changed, 109 insertions, 39 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index bd5f6a2..abf328b 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -371,11 +371,92 @@ class LDAP
return $roles;
}
+ public function modify_entry($subject_dn, $old_attrs, $new_attrs)
+ {
+ // TODO: Get $rdn_attr - we have type_id in $new_attrs
+ $rdn_attr = 'cn';
+
+ $mod_array = Array(
+ "add" => Array(), // For use with ldap_mod_add()
+ "del" => Array(), // For use with ldap_mod_del()
+ "replace" => Array(), // For use with ldap_mod_replace()
+ "rename" => Array(), // For use with ldap_rename()
+ );
+
+ // Compare each attribute value of the old attrs with the corresponding value
+ // in the new attrs, if any.
+ foreach ($old_attrs as $attr => $old_attr_value) {
+ if (array_key_exists($attr, $new_attrs)) {
+ if (!($new_attrs[$attr] === $old_attr_value)) {
+ console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
+ if ($attr === $rdn_attr) {
+ $mod_array['rename'][$subject_dn] = $rdn_attr . '=' . $new_attrs[$attr];
+ } else {
+ console("Adding to replace: $attr");
+ $mod_array['replace'][$attr] = (array)($new_attrs[$attr]);
+ }
+ } else {
+ console("Attribute $attr unchanged");
+ }
+ } else {
+ // TODO: Since we're not shipping the entire object back and forth, and only post
+ // part of the data... we don't know what is actually removed (think modifiedtimestamp, etc.)
+ console("Group attribute $attr not mentioned in \$new_attrs..., but not explicitly removed... by assumption");
+ }
+ }
+
+ foreach ($new_attrs as $attr => $value) {
+ if (array_key_exists($attr, $old_attrs)) {
+ if (!($old_attrs[$attr] === $value) && !($attr === $rdn_attr)) {
+ if (!array_key_exists($attr, $mod_array['replace'])) {
+ console("Adding to replace(2): $attr");
+ $mod_array['replace'][$attr] = $value;
+ }
+ }
+ } else {
+ $mod_array['add'][$attr] = $value;
+ }
+ }
+
+ console($mod_array);
+
+ $result = $this->modify_entry_attributes($subject_dn, $mod_array);
+
+ if ($result) {
+ return $mod_array;
+ }
+
+ }
+
public function modify_entry_attributes($subject_dn, $attributes)
{
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- $result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
+ // Opportunities to set false include failed ldap commands.
+ $result = true;
+
+ if (is_array($attributes['replace']) && !empty($attributes['replace'])) {
+ $result = ldap_mod_replace($this->conn, $subject_dn, $attributes['replace']);
+ }
+
+ if (!$result)
+ return false;
+
+ if (is_array($attributes['add']) && !empty($attributes['add'])) {
+ $result = ldap_mod_add($this->conn, $subject_dn, $attributes['add']);
+ }
+
+ if (!$result)
+ return false;
+
+ if (is_array($attributes['rename']) && !empty($attributes['rename'])) {
+ $olddn = key($attributes['rename']);
+ $newrdn = $attributes['rename'][$olddn];
+ $result = ldap_rename($this->conn, $olddn, $newrdn, NULL, true);
+ }
+
+ if (!$result)
+ return false;
if ($result)
return true;
diff --git a/lib/api/kolab_api_service_group.php b/lib/api/kolab_api_service_group.php
index d2103fa..76e8cfd 100644
--- a/lib/api/kolab_api_service_group.php
+++ b/lib/api/kolab_api_service_group.php
@@ -132,13 +132,32 @@ class kolab_api_service_group extends kolab_api_service
$gta = $this->object_type_attributes('group', $postdata['type_id']);
$form_service = $this->controller->get_service('form_value');
$group_attributes = array();
-
+
+ // Get the type "key" string for the next few settings.
+ if ($postdata['type_id'] == null) {
+ $type_str = 'group';
+ }
+ else {
+ $db = SQL::get_instance();
+ $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $postdata['type_id']));
+ $type_str = $_key['key'];
+ }
+
$conf = Conf::get_instance();
- $unique_attr = $conf->get('unique_attr');
+ $unique_attr = $conf->get('unique_attribute');
if (!$unique_attr) {
$unique_attr = 'nsuniqueid';
}
+ // TODO: "rdn" is somewhat LDAP specific, but not used as something
+ // LDAP specific...?
+ $rdn_attr = $conf->get($type_str . '_group_name_attribute');
+ if (!$rdn_attr) {
+ $rdn_attr = $conf->get('group_name_attribute');
+ }
+ if (!$rdn_attr) {
+ $rdn_attr = 'cn';
+ }
if (isset($gta['form_fields'])) {
foreach ($gta['form_fields'] as $key => $value) {
@@ -189,41 +208,11 @@ class kolab_api_service_group extends kolab_api_service
$_group_dn = key($_group);
$_group = $this->group_info(Array('group' => $_group_dn), Array());
- $mod_array = Array(
- "add" => Array(),
- "del" => Array(),
- "replace" => Array(),
- );
-
- foreach ($_group as $_group_attr => $_group_value) {
- if (array_key_exists($_group_attr, $group_attributes)) {
- if (!($group_attributes[$_group_attr] === $_group_value)) {
- console("Attribute $_group_attr changed from", $_group_value, "to", $group_attributes[$_group_attr]);
- $mod_array['replace'][$_group_attr] = (array)($_group_value);
- }
- } else {
- // TODO: Since we're not shipping the entire object back and forth, and only post
- // part of the data... we don't know what is actually removed (think modifiedtimestamp, etc.)
- console("Group attribute not mentioned, but not explicitly removed... by assumption");
- }
- }
-
- foreach ($group_attributes as $attr => $value) {
- if (array_key_exists($attr, $_group)) {
- if (!($_group[$attr] === $value)) {
- $mod_array['replace'][$attr] = $value;
- }
- } else {
- $mod_array['add'][$attr] = $value;
- }
- }
-
- console($mod_array);
-
- $result = $auth->modify_entry_attributes($_group_dn, $mod_array);
+ // We should start throwing stuff over the fence here.
+ $result = $auth->modify_entry($_group_dn, $_group, $group_attributes);
if ($result) {
- return $mod_array;
+ return true;
}
return false;
@@ -271,7 +260,7 @@ class kolab_api_service_group extends kolab_api_service
}
// Insert the persistent, unique attribute
- $unique_attr = $conf->get('unique_attr');
+ $unique_attr = $conf->get('unique_attribute');
if (!$unique_attr) {
$unique_attr = 'nsuniqueid';
}
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index 5810732..222d5a7 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -172,7 +172,7 @@ class kolab_api_service_user extends kolab_api_service
}
// Insert the persistent, unique attribute
- $unique_attr = $conf->get('unique_attr');
+ $unique_attr = $conf->get('unique_attribute');
if (!$unique_attr) {
$unique_attr = 'nsuniqueid';
}
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index b0ffba3..14fe71f 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -837,7 +837,7 @@ class kolab_client_task
);
if (!$add_mode) {
- $unique_attr = $this->config->get('unique_attr');
+ $unique_attr = $this->config->get('unique_attribute');
if (!$unique_attr) {
$unique_attr = 'nsuniqueid';
}