summaryrefslogtreecommitdiffstats
path: root/lib/Auth/LDAP.php
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-07-10 14:45:30 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2013-07-10 14:45:30 +0100
commit32e142b51291026c3a53ac3c916ee99d46e8976b (patch)
treed2c7ed1b3adefbbfb67f8168d31636be1e388439 /lib/Auth/LDAP.php
parent407be9aca23da4a2310d4379f46254531ae2bf0c (diff)
downloadwebadmin-32e142b51291026c3a53ac3c916ee99d46e8976b.tar.gz
Create the database entry and configuration on replica hosts, then trigger the replication agreement configuration
Diffstat (limited to 'lib/Auth/LDAP.php')
-rw-r--r--lib/Auth/LDAP.php53
1 files changed, 48 insertions, 5 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 666f5bd..36038c7 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -203,7 +203,20 @@ class LDAP extends Net_LDAP3 {
'nsslapd-backend' => $_domain,
);
- $this->add_entry($dn, $attrs);
+ $replica_hosts = $this->list_replicas();
+ if (!empty($replica_hosts)) {
+ foreach ($replica_hosts as $replica_host) {
+ $ldap = new Net_LDAP3($this->config);
+ $ldap->config_set('host', $replica_host);
+ $ldap->config_set('hosts', array($replica_host));
+ $ldap->connect();
+ $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->add_entry($dn, $attrs);
+ $ldap->close();
+ }
+ } else {
+ $this->add_entry($dn, $attrs);
+ }
$result = $this->_read("cn=" . $_primary_domain . ",cn=ldbm database,cn=plugins,cn=config", array('nsslapd-directory'));
if (!$result) {
@@ -245,10 +258,22 @@ class LDAP extends Net_LDAP3 {
'nsslapd-dncachememsize' => '10485760'
);
- $this->add_entry($dn, $attrs);
+ $replica_hosts = $this->list_replicas();
+ if (!empty($replica_hosts)) {
+ foreach ($replica_hosts as $replica_host) {
+ $ldap = new Net_LDAP3($this->config);
+ $ldap->config_set('host', $replica_host);
+ $ldap->config_set('hosts', array($replica_host));
+ $ldap->connect();
+ $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->add_entry($dn, $attrs);
+ $ldap->close();
+ }
+ } else {
+ $this->add_entry($dn, $attrs);
+ }
// Query the ACI for the primary domain
- // Query the ACI for the primary domain
$domain_filter = $this->conf->get('ldap', 'domain_filter');
$domain_filter = '(&(' . $domain_name_attribute . '=' . $primary_domain . ')' . $domain_filter . ')';
$results = $this->_search($domain_base_dn, $domain_filter);
@@ -266,6 +291,7 @@ class LDAP extends Net_LDAP3 {
$result = $result[key($result)];
$acis = $result['aci'];
+ // Skip one particular ACI
foreach ($acis as $aci) {
if (stristr($aci, "SIE Group") === false) {
continue;
@@ -303,14 +329,31 @@ class LDAP extends Net_LDAP3 {
$_aci,
// Search Access,
- "(targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///" . $inetdomainbasedn . "??sub?(objectclass=*)\");)",
+ "(targetattr != \"userPassword\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///" . $inetdomainbasedn . "??sub?(objectclass=*)\");)",
// Service Search Access
"(targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///" . $service_bind_dn . "\");)",
),
);
- $this->add_entry($dn, $attrs);
+ $replica_hosts = $this->list_replicas();
+ if (!empty($replica_hosts)) {
+ foreach ($replica_hosts as $replica_host) {
+ $ldap = new Net_LDAP3($this->config);
+ $ldap->config_set('host', $replica_host);
+ $ldap->config_set('hosts', array($replica_host));
+ $ldap->connect();
+ $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->add_entry($dn, $attrs);
+ $ldap->close();
+ }
+ } else {
+ $this->add_entry($dn, $attrs);
+ }
+
+ if (!empty($replica_hosts)) {
+ $this->add_replication_agreements($inetdomainbasedn);
+ }
$dn = "cn=Directory Administrators," . $inetdomainbasedn;
$attrs = array(