From f9058a1289778209190afb7c7bee50065b8c583b Mon Sep 17 00:00:00 2001 From: Jan Schneider Date: Wed, 11 Jun 2014 16:13:14 +0200 Subject: [PATCH] Allow to specify base DN for searching user DNs (Bug #12128). --- framework/Core/lib/Horde/Config.php | 169 +++++++++++++++++++++--------------- framework/Core/package.xml | 2 + framework/Ldap/lib/Horde/Ldap.php | 6 +- framework/Ldap/package.xml | 16 ++-- 4 files changed, 114 insertions(+), 79 deletions(-) diff --git a/framework/Core/lib/Horde/Config.php b/framework/Core/lib/Horde/Config.php index 816d202..43aec96 100644 --- a/framework/Core/lib/Horde/Config.php +++ b/framework/Core/lib/Horde/Config.php @@ -746,8 +746,8 @@ protected function _parseLevel(&$conf, $children, $ctx) * @param string $ctx The context of the tag. * @param DomNode $node The DomNode representation of the * tag. - * @param string $switchname If DomNode is not set, the value of the - * tag's switchname attribute. + * @param string $switchname If $node is not set, the value of the tag's + * switchname attribute. * * @return array An associative array with the LDAP configuration tree. */ @@ -823,73 +823,7 @@ protected function _configLDAP($ctx, $node = null, ), 'user' => array( 'desc' => 'Bind as the currently logged-in user', - 'fields' => array( - 'user' => array( - 'binddn' => array( - '_type' => 'text', - 'required' => false, - 'desc' => 'DN used to bind for searching the user\'s DN (leave empty for anonymous bind)', - 'default' => $this->_default( - $ctx . '|user|binddn', - $node ? ($xpath->evaluate('string(configsection/configstring[@name="binddn"])', $node) ?: '') : '' - ) - ), - 'bindpw' => array( - '_type' => 'text', - 'required' => false, - 'desc' => 'Password for bind DN', - 'default' => $this->_default( - $ctx . '|user|bindpw', - $node ? ($xpath->evaluate('string(configsection/configstring[@name="bindpw"])', $node) ?: '') : '' - ) - ), - 'uid' => array( - '_type' => 'text', - 'required' => true, - 'desc' => 'The username search key (set to samaccountname for AD).', - 'default' => $this->_default( - $ctx . '|user|uid', - $node ? ($xpath->evaluate('string(configsection/configstring[@name="uid"])', $node) ?: 'uid') : 'uid' - ) - ), - 'filter_type' => array( - 'required' => false, - 'desc' => 'How to specify a filter for the user lists.', - 'default' => $this->_default( - $ctx . '|user|filter_type', - $node ? ($xpath->evaluate('normalize-space(configsection/configswitch[@name="filter_type"]/text())', $node) ?: 'objectclass') : 'objectclass'), - 'switch' => array( - 'filter' => array( - 'desc' => 'LDAP filter string', - 'fields' => array( - 'filter' => array( - '_type' => 'text', - 'required' => true, - 'desc' => 'The LDAP filter string used to search for users.', - 'default' => $this->_default( - $ctx . '|user|filter', - $node ? ($xpath->evaluate('string(configsection/configstring[@name="filter"])', $node) ?: '(objectClass=*)') : '(objectClass=*)' - ) - ), - ), - ), - 'objectclass' => array( - 'desc' => 'List of objectClasses', - 'fields' => array( - 'objectclass' => array( - '_type' => 'stringlist', - 'required' => true, - 'desc' => 'The objectclass filter used to search for users. Can be a single objectclass or a comma-separated list.', - 'default' => implode(', ', $this->_default( - $ctx . '|user|objectclass', - $node ? ($xpath->evaluate('string(configsection/configlist[@name="objectclass"])', $node) ?: array('*')) : array('*'))) - ), - ), - ), - ), - ), - ), - ), + 'fields' => $this->_configLDAPUser($ctx, $node) ), 'admin' => array( 'desc' => 'Bind with administrative/system credentials', @@ -995,6 +929,103 @@ protected function _configLDAP($ctx, $node = null, } /** + * Returns the configuration tree for an LDAP configuration to search user + * DNs to replace a tag. + * + * Subnodes will be parsed and added. + * + * @param string $ctx The context of the tag. + * @param DomNode $node The DomNode representation of the + * tag. + * + * @return array A list of associative arrays with the LDAP configuration + * tree. + */ + protected function _configLDAPUser($ctx, $node = null) + { + if ($node) { + $xpath = new DOMXPath($node->ownerDocument); + } + + return array( + 'user' => array( + 'basedn' => array( + '_type' => 'text', + 'required' => false, + 'desc' => 'Base DN for searching the user\'s DN', + 'default' => $this->_default( + $ctx . '|user|basedn', + $node ? ($xpath->evaluate('string(configsection/configstring[@name="basedn"])', $node) ?: '') : '' + ) + ), + 'binddn' => array( + '_type' => 'text', + 'required' => false, + 'desc' => 'DN used to bind for searching the user\'s DN (leave empty for anonymous bind)', + 'default' => $this->_default( + $ctx . '|user|binddn', + $node ? ($xpath->evaluate('string(configsection/configstring[@name="binddn"])', $node) ?: '') : '' + ) + ), + 'bindpw' => array( + '_type' => 'text', + 'required' => false, + 'desc' => 'Password for bind DN', + 'default' => $this->_default( + $ctx . '|user|bindpw', + $node ? ($xpath->evaluate('string(configsection/configstring[@name="bindpw"])', $node) ?: '') : '' + ) + ), + 'uid' => array( + '_type' => 'text', + 'required' => true, + 'desc' => 'The username search key (set to samaccountname for AD).', + 'default' => $this->_default( + $ctx . '|user|uid', + $node ? ($xpath->evaluate('string(configsection/configstring[@name="uid"])', $node) ?: 'uid') : 'uid' + ) + ), + 'filter_type' => array( + 'required' => false, + 'desc' => 'How to specify a filter for the user lists.', + 'default' => $this->_default( + $ctx . '|user|filter_type', + $node ? ($xpath->evaluate('normalize-space(configsection/configswitch[@name="filter_type"]/text())', $node) ?: 'objectclass') : 'objectclass'), + 'switch' => array( + 'filter' => array( + 'desc' => 'LDAP filter string', + 'fields' => array( + 'filter' => array( + '_type' => 'text', + 'required' => true, + 'desc' => 'The LDAP filter string used to search for users.', + 'default' => $this->_default( + $ctx . '|user|filter', + $node ? ($xpath->evaluate('string(configsection/configstring[@name="filter"])', $node) ?: '(objectClass=*)') : '(objectClass=*)' + ) + ), + ), + ), + 'objectclass' => array( + 'desc' => 'List of objectClasses', + 'fields' => array( + 'objectclass' => array( + '_type' => 'stringlist', + 'required' => true, + 'desc' => 'The objectclass filter used to search for users. Can be a single objectclass or a comma-separated list.', + 'default' => implode(', ', $this->_default( + $ctx . '|user|objectclass', + $node ? ($xpath->evaluate('string(configsection/configlist[@name="objectclass"])', $node) ?: array('*')) : array('*'))) + ), + ), + ), + ), + ), + ), + ); + } + + /** * Returns the configuration tree for a NoSQL backend configuration to * replace a tag. * Subnodes will be parsed and added to both the Horde defaults and the -- 1.9.3