summaryrefslogtreecommitdiffstats
path: root/lib/Auth
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-01-17 11:02:18 +0100
committerAleksander Machniak <alec@alec.pl>2014-01-17 11:02:18 +0100
commitf434be6ad70510471bf1ccada311c869a5bc6f62 (patch)
tree2db03286b4e4c77d6038f3a9ff4915b753212f94 /lib/Auth
parent955f4186c5e3681226d01e5f4e77ff0af99f09d6 (diff)
downloadwebadmin-f434be6ad70510471bf1ccada311c869a5bc6f62.tar.gz
Delete domains by status change and related improvements e.g.
check if domain is empty and warn the user before setting status to deleted TODO: shell script for real domains deletion
Diffstat (limited to 'lib/Auth')
-rw-r--r--lib/Auth/LDAP.php63
1 files changed, 54 insertions, 9 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 0075166..5958166 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -483,9 +483,18 @@ class LDAP extends Net_LDAP3 {
public function domain_delete($domain)
{
- $base_dn = $this->conf->get('ldap', 'domain_base_dn');
+ $domain = $this->domain_info($domain);
+
+ if (empty($domain)) {
+ return false;
+ }
+
+ $domain_dn = key($domain);
+ $attributes = array_merge($domain[$domain_dn], array('inetdomainstatus' => 'deleted'));
- return $this->entry_delete($domain, array(), $base_dn);
+ // for performance reasons we set only domain status,
+ // cronjob script should delete such domain later
+ return $this->modify_entry($domain_dn, $domain[$domain_dn], $attributes);
}
public function domain_find_by_attribute($attribute)
@@ -521,6 +530,38 @@ class LDAP extends Net_LDAP3 {
}
/**
+ * Checkes if specified domain is empty (no users assigned)
+ *
+ * @param string $domain Domain name
+ *
+ * @return bool True if domain is empty, False otherwise
+ */
+ public function domain_is_empty($domain)
+ {
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_is_empty($domain)");
+
+ $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
+
+ if (empty($domain_name_attribute)) {
+ $domain_name_attribute = 'associateddomain';
+ }
+
+ $domain = $this->domain_info($domain);
+
+ if (!empty($domain)) {
+ $domain_dn = key($domain);
+ $domain_name = $domain[$domain_dn][$domain_name_attribute];
+ }
+ else {
+ return false;
+ }
+
+ $result = $this->list_users(array('entrydn'), null, array('page_size' => 1), $domain_name);
+
+ return is_array($result) && $result['count'] == 0;
+ }
+
+ /**
* Proxy to parent function in order to enable us to insert our
* configuration.
*/
@@ -746,11 +787,11 @@ class LDAP extends Net_LDAP3 {
return $this->_list($base_dn, $filter, 'sub', $attributes, $search, $params);
}
- public function list_users($attributes = array(), $search = array(), $params = array())
+ public function list_users($attributes = array(), $search = array(), $params = array(), $domain = null)
{
- $this->_log(LOG_DEBUG, "Auth::LDAP::list_users(" . var_export($attributes, true) . ", " . var_export($search, true) . ", " . var_export($params, true));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::list_users(" . var_export($attributes, true) . ", " . var_export($search, true) . ", " . var_export($params, true) . ", " . $domain . ")");
- $base_dn = $this->_subject_base_dn('user');
+ $base_dn = $this->_subject_base_dn('user', false, $domain);
$filter = $this->conf->get('user_filter');
if (empty($filter)) {
@@ -1189,9 +1230,13 @@ class LDAP extends Net_LDAP3 {
}
}
- private function _subject_base_dn($subject, $strict = false)
+ private function _subject_base_dn($subject, $strict = false, $domain = null)
{
- $subject_base_dn = $this->conf->get_raw($this->domain, $subject . "_base_dn");
+ if (empty($domain)) {
+ $domain = $this->domain;
+ }
+
+ $subject_base_dn = $this->conf->get_raw($domain, $subject . "_base_dn");
if (empty($subject_base_dn)) {
$subject_base_dn = $this->conf->get_raw("ldap", $subject . "_base_dn");
@@ -1203,10 +1248,10 @@ class LDAP extends Net_LDAP3 {
}
// Attempt to get a configured base_dn
- $base_dn = $this->conf->get($this->domain, "base_dn");
+ $base_dn = $this->conf->get($domain, "base_dn");
if (empty($base_dn)) {
- $base_dn = $this->domain_root_dn($this->domain);
+ $base_dn = $this->domain_root_dn($domain);
}
if (!empty($subject_base_dn)) {