summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/api/kolab_api_service_domain.php157
-rw-r--r--lib/api/kolab_api_service_domain_types.php44
-rw-r--r--lib/kolab_api_service.php16
-rw-r--r--lib/locale/en_US.php2
4 files changed, 208 insertions, 11 deletions
diff --git a/lib/api/kolab_api_service_domain.php b/lib/api/kolab_api_service_domain.php
index f9910df..9190e62 100644
--- a/lib/api/kolab_api_service_domain.php
+++ b/lib/api/kolab_api_service_domain.php
@@ -95,6 +95,8 @@ class kolab_api_service_domain extends kolab_api_service
$attributes[$dna] = (array) $attributes[$dna];
$domain = array_shift($attributes[$dna]);
+ $this->_mod_domain_attrs($domain, $attributes);
+
$result = $auth->domain_add($domain, $attributes);
if ($result) {
@@ -102,6 +104,9 @@ class kolab_api_service_domain extends kolab_api_service
$attributes['id'] = $id;
}
+
+ $this->_after_domain_created($attributes, $domain);
+
return $attributes;
}
@@ -167,8 +172,11 @@ class kolab_api_service_domain extends kolab_api_service
}
}
- $attributes = $this->parse_input_attributes('domain', $postdata);
- $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']);
+ $attributes = $this->parse_input_attributes('domain', $postdata, $postdata['type_id']);
+
+ $this->_mod_domain_attrs(null, $attributes);
+
+ $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']);
if ($result) {
return $result;
@@ -266,4 +274,149 @@ class kolab_api_service_domain extends kolab_api_service
return false;
}
+
+ /**
+ * Modify hosted domain attributes
+ */
+ protected function _mod_domain_attrs($domain, &$attributes)
+ {
+ // Generate attributes (aci, inetdomainbasedn) for hosted domains
+ $conf = Conf::get_instance();
+ if ($conf->get('kolab_wap', 'hosted_root_dn')) {
+
+ $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
+ $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn');
+ $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn');
+
+ if (empty($mgmt_root_dn)) {
+ $mgmt_root_dn = $conf->get('root_dn');
+ }
+
+ if (empty($domain_name_attribute)) {
+ $domain_name_attribute = 'associateddomain';
+ }
+
+ if (!is_array($attributes[$domain_name_attribute])) {
+ $attributes[$domain_name_attribute] = (array) $attributes[$domain_name_attribute];
+ }
+
+ if (empty($domain)) {
+ $domain = $attributes[$domain_name_attribute][0];
+ }
+
+ if (!in_array($domain, $attributes[$domain_name_attribute])) {
+ array_unshift($attributes[$domain_name_attribute], $domain);
+ }
+
+ $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn;
+
+ $aci = array(
+ '(targetattr = "*")'
+ . '(version 3.0; acl "Deny Unauthorized"; deny (all)'
+ . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || '
+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT '
+ . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)',
+
+ '(targetattr != "userPassword")'
+ . '(version 3.0;acl "Search Access";allow (read,compare,search)'
+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || '
+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)',
+
+ '(targetattr = "*")'
+ . '(version 3.0;acl "Kolab Administrators";allow (all)'
+ . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || '
+ . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)'
+ );
+
+ $attributes['aci'] = $aci;
+ $attributes['inetdomainbasedn'] = $domain_root_dn;
+
+ $this->is_hosted = true;
+ }
+ }
+
+ /**
+ * Create LDAP object related to the new hosted domain
+ */
+ protected function _after_domain_created($attributes, $domain)
+ {
+ if (!$this->is_hosted) {
+ return;
+ }
+
+ $conf = Conf::get_instance();
+ $ou_service = $this->controller->get_service('ou');
+ $role_service = $this->controller->get_service('role');
+
+ $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn');
+ $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn');
+ $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn;
+
+ if (empty($mgmt_root_dn)) {
+ $mgmt_root_dn = $conf->get('root_dn');
+ }
+
+ $ou_domain = array(
+ 'ou' => $domain,
+ 'base_dn' => $hosted_root_dn,
+ 'description' => $domain,
+ 'type_id' => 1,
+ );
+
+ $ou_domain['aci'] = array(
+ '(targetattr = "*")'
+ . '(version 3.0;acl "Deny Unauthorized"; deny (all)'
+ . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || '
+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT '
+ . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)',
+
+ '(targetattr != "userPassword")'
+ . '(version 3.0;acl "Search Access";allow (read,compare,search,write)'
+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || '
+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)',
+
+ '(targetattr = "*")'
+ . '(version 3.0;acl "Kolab Administrators";allow (all)'
+ . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || '
+ . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)',
+
+ '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")'
+ . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)'
+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
+
+ '(target = "ldap:///uid=*,ou=People,' . $domain_root_dn . '")(targetattr="*")'
+ . '(version 3.0;acl "Allow Domain First User Registration"; allow (add)'
+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
+
+ '(target = "ldap:///cn=*,' . $domain_root_dn . '")(targetattr="objectclass || cn")'
+ . '(version 3.0;acl "Allow Domain Role Registration"; allow (add)'
+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
+ );
+
+ $ou_service->ou_add(null, $ou_domain);
+
+ // Add OU trees
+
+ foreach (array('Groups', 'People', 'Resources', 'Shared Folders') as $item) {
+ $ou = array(
+ 'ou' => $item,
+ 'base_dn' => $domain_root_dn,
+ 'type_id' => 1,
+ 'description' => $item,
+ );
+
+ $ou_service->ou_add(null, $ou);
+ }
+
+ // Add an admin role
+
+ $role = array(
+ 'cn' => 'kolab-admin',
+ 'description' => 'Domain Administrator',
+ 'type_id' => 1,
+ 'base_dn' => $domain_root_dn,
+ );
+
+ $role_service->role_add(null, $role);
+ }
}
diff --git a/lib/api/kolab_api_service_domain_types.php b/lib/api/kolab_api_service_domain_types.php
index 487faeb..7ea999e 100644
--- a/lib/api/kolab_api_service_domain_types.php
+++ b/lib/api/kolab_api_service_domain_types.php
@@ -57,6 +57,33 @@ class kolab_api_service_domain_types extends kolab_api_service
),
);
+ public static $HOSTED_TYPE_ATTRS = array(
+ 'auto_form_fields' => array(),
+ 'form_fields' => array(
+ 'associateddomain' => array(
+ 'type' => 'list'
+ ),
+// 'inetdomainbasedn' => array(
+// 'optional' => true,
+// ),
+ 'inetdomainstatus' => array(
+ 'optional' => true,
+ 'type' => 'select',
+ 'values' => array(
+ '', 'active', 'suspended', 'deleted',
+ ),
+ ),
+ ),
+ 'fields' => array(
+ 'domainrelatedobject_only' => 1,
+ 'objectclass' => array(
+ 'top',
+ 'domainrelatedobject',
+ 'inetdomain',
+ ),
+ ),
+ );
+
/**
* Returns service capabilities.
@@ -83,14 +110,23 @@ class kolab_api_service_domain_types extends kolab_api_service
public function domain_types_list($get, $post)
{
// @TODO: move to database
- $types = array(
- 1 => array(
+ $types = array();
+
+ if ($this->conf->get('kolab_wap', 'hosted_root_dn')) {
+ $types[1] = array(
+ 'key' => 'hosted',
+ 'name' => 'Hosted domain',
+ 'description' => 'A hosted domain name space',
+ 'attributes' => self::$HOSTED_TYPE_ATTRS,
+ );
+ } else {
+ $types[1] = array(
'key' => 'standard',
'name' => 'Standard domain',
'description' => 'A standard domain name space',
'attributes' => self::$DEFAULT_TYPE_ATTRS,
- ),
- );
+ );
+ }
return array(
'list' => $types,
diff --git a/lib/kolab_api_service.php b/lib/kolab_api_service.php
index b552342..c098de1 100644
--- a/lib/kolab_api_service.php
+++ b/lib/kolab_api_service.php
@@ -266,12 +266,20 @@ abstract class kolab_api_service
// get list of object types
if ($object_name == 'domain') {
- $object_types = array(
- '1' => array(
+ $object_types = array();
+
+ if ($this->conf->get('kolab_wap', 'hosted_root_dn')) {
+ $object_types['1'] = array(
+ 'key' => 'hosted',
+ 'attributes' => kolab_api_service_domain_types::$HOSTED_TYPE_ATTRS,
+ );
+ } else {
+ $object_types['1'] = array(
'key' => 'default',
'attributes' => kolab_api_service_domain_types::$DEFAULT_TYPE_ATTRS,
- ),
- );
+ );
+ }
+
$object_types['1']['attributes']['form_fields']['aci'] = array(
'type' => 'list',
'optional' => true,
diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
index 4340cf1..43e2b76 100644
--- a/lib/locale/en_US.php
+++ b/lib/locale/en_US.php
@@ -142,7 +142,7 @@ $LANG['domain.norecords'] = 'No domain records found!';
$LANG['domain.o'] = 'Organization';
$LANG['domain.other'] = 'Other';
$LANG['domain.system'] = 'System';
-$LANG['domain.type_id'] = 'Standard Domain';
+$LANG['domain.type_id'] = 'Domain type';
$LANG['edit'] = 'Edit';
$LANG['error'] = 'Error';