LDAP Wizard: add detection, load and save of LDAP groups for filter purposes
This commit is contained in:
Arthur Schiwon
parent
5425511259
commit
3cafcc2d47
|
|
@ -47,6 +47,7 @@ switch($action) {
|
|||
case 'guessPortAndTLS':
|
||||
case 'guessBaseDN':
|
||||
case 'determineObjectClasses':
|
||||
case 'determineGroups':
|
||||
try {
|
||||
$result = $wizard->$action();
|
||||
if($result !== false) {
|
||||
|
|
|
|||
|
|
@ -202,6 +202,27 @@ var LdapWizard = {
|
|||
}
|
||||
},
|
||||
|
||||
findAvailableGroups: function() {
|
||||
param = 'action=determineGroups'+
|
||||
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
|
||||
|
||||
LdapWizard.ajax(param,
|
||||
function(result) {
|
||||
$('#ldap_userfilter_groups').find('option').remove();
|
||||
for (i in result.options['ldap_userfilter_groups']) {
|
||||
//FIXME: move HTML into template
|
||||
objc = result.options['ldap_userfilter_groups'][i];
|
||||
$('#ldap_userfilter_groups').append("<option value='"+objc+"'>"+objc+"</option>");
|
||||
}
|
||||
LdapWizard.applyChanges(result);
|
||||
$('#ldap_userfilter_groups').multiselect('refresh');
|
||||
},
|
||||
function (result) {
|
||||
//TODO: error handling
|
||||
}
|
||||
);
|
||||
},
|
||||
|
||||
findObjectClasses: function() {
|
||||
param = 'action=determineObjectClasses'+
|
||||
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
|
||||
|
|
@ -236,8 +257,21 @@ var LdapWizard = {
|
|||
}
|
||||
},
|
||||
|
||||
initMultiSelect: function(object, id, caption) {
|
||||
object.multiselect({
|
||||
header: false,
|
||||
selectedList: 9,
|
||||
noneSelectedText: caption,
|
||||
click: function(event, ui) {
|
||||
LdapWizard.saveMultiSelect(id,
|
||||
$('#'+id).multiselect("getChecked"));
|
||||
}
|
||||
});
|
||||
},
|
||||
|
||||
initUserFilter: function() {
|
||||
LdapWizard.findObjectClasses();
|
||||
LdapWizard.findAvailableGroups();
|
||||
},
|
||||
|
||||
onTabChange: function(event, ui) {
|
||||
|
|
@ -304,17 +338,12 @@ $(document).ready(function() {
|
|||
$('#ldap_submit').button();
|
||||
$('#ldap_action_test_connection').button();
|
||||
$('#ldap_action_delete_configuration').button();
|
||||
$('#ldap_userfilter_groups').multiselect();
|
||||
$('#ldap_userfilter_objectclass').multiselect({
|
||||
header: false,
|
||||
selectedList: 9,
|
||||
noneSelectedText: t('user_ldap', 'Select object classes'),
|
||||
click: function(event, ui) {
|
||||
LdapWizard.saveMultiSelect('ldap_userfilter_objectclass',
|
||||
$('#ldap_userfilter_objectclass').multiselect("getChecked")
|
||||
);
|
||||
}
|
||||
});
|
||||
LdapWizard.initMultiSelect($('#ldap_userfilter_groups'),
|
||||
'ldap_userfilter_groups',
|
||||
t('user_ldap', 'Select groups'));
|
||||
LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
|
||||
'ldap_userfilter_objectclass',
|
||||
t('user_ldap', 'Select object classes'));
|
||||
$('.lwautosave').change(function() { LdapWizard.save(this); });
|
||||
LdapConfiguration.refreshConfig();
|
||||
$('#ldap_action_test_connection').click(function(event){
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ class Configuration {
|
|||
'ldapIgnoreNamingRules' => null,
|
||||
'ldapUserDisplayName' => null,
|
||||
'ldapUserFilterObjectclass' => null,
|
||||
'ldapUserFilterGroups' => null,
|
||||
'ldapUserFilter' => null,
|
||||
'ldapGroupFilter' => null,
|
||||
'ldapGroupDisplayName' => null,
|
||||
|
|
@ -123,6 +124,7 @@ class Configuration {
|
|||
case 'ldapAttributesForUserSearch':
|
||||
case 'ldapAttributesForGroupSearch':
|
||||
case 'ldapUserFilterObjectclass':
|
||||
case 'ldapUserFilterGroups':
|
||||
$setMethod = 'setMultiLine';
|
||||
default:
|
||||
$this->$setMethod($key, $val);
|
||||
|
|
@ -150,6 +152,7 @@ class Configuration {
|
|||
case 'ldapAttributesForUserSearch':
|
||||
case 'ldapAttributesForGroupSearch':
|
||||
case 'ldapUserFilterObjectclass':
|
||||
case 'ldapUserFilterGroups':
|
||||
$readMethod = 'getMultiLine';
|
||||
break;
|
||||
case 'ldapIgnoreNamingRules':
|
||||
|
|
@ -189,6 +192,7 @@ class Configuration {
|
|||
case 'ldapAttributesForUserSearch':
|
||||
case 'ldapAttributesForGroupSearch':
|
||||
case 'ldapUserFilterObjectclass':
|
||||
case 'ldapUserFilterGroups':
|
||||
if(is_array($value)) {
|
||||
$value = implode("\n", $value);
|
||||
}
|
||||
|
|
@ -279,6 +283,7 @@ class Configuration {
|
|||
'ldap_base_groups' => '',
|
||||
'ldap_userlist_filter' => 'objectClass=person',
|
||||
'ldap_userfilter_objectclass' => '',
|
||||
'ldap_userfilter_groups' => '',
|
||||
'ldap_login_filter' => 'uid=%uid',
|
||||
'ldap_group_filter' => 'objectClass=posixGroup',
|
||||
'ldap_display_name' => 'cn',
|
||||
|
|
@ -319,6 +324,7 @@ class Configuration {
|
|||
'ldap_base_users' => 'ldapBaseUsers',
|
||||
'ldap_base_groups' => 'ldapBaseGroups',
|
||||
'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
|
||||
'ldap_userfilter_groups' => 'ldapUserFilterGroups',
|
||||
'ldap_userlist_filter' => 'ldapUserFilter',
|
||||
'ldap_login_filter' => 'ldapLoginFilter',
|
||||
'ldap_group_filter' => 'ldapGroupFilter',
|
||||
|
|
|
|||
|
|
@ -52,6 +52,27 @@ class Wizard extends LDAPUtility {
|
|||
}
|
||||
}
|
||||
|
||||
public function determineGroups() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
'ldapAgentName',
|
||||
'ldapAgentPassword',
|
||||
'ldapBase',
|
||||
))) {
|
||||
return false;
|
||||
}
|
||||
$cr = $this->getConnection();
|
||||
if(!$cr) {
|
||||
throw new \Excpetion('Could not connect to LDAP');
|
||||
}
|
||||
|
||||
$obclasses = array('posixGroup', 'group', '*');
|
||||
return $this->determineFeature($obclasses,
|
||||
'cn',
|
||||
'ldap_userfilter_groups',
|
||||
'ldapUserFilterGroups');
|
||||
}
|
||||
|
||||
public function determineObjectClasses() {
|
||||
if(!$this->checkRequirements(array('ldapHost',
|
||||
'ldapPort',
|
||||
|
|
@ -66,31 +87,44 @@ class Wizard extends LDAPUtility {
|
|||
throw new \Excpetion('Could not connect to LDAP');
|
||||
}
|
||||
|
||||
$p = 'objectclass=';
|
||||
$obclasses = array($p.'inetOrgPerson', $p.'person',
|
||||
$p.'organizationalPerson', $p.'user',
|
||||
$p.'posixAccount', $p.'*');
|
||||
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
|
||||
'user', 'posixAccount', '*');
|
||||
return $this->determineFeature($obclasses,
|
||||
'objectclass',
|
||||
'ldap_userfilter_objectclass',
|
||||
'ldapUserFilterObjectclass');
|
||||
}
|
||||
|
||||
$maxEntryObjC = '';
|
||||
$availableObjectClasses =
|
||||
$this->cumulativeSearchOnAttribute($obclasses, 'objectclass',
|
||||
true, $maxEntryObjC);
|
||||
if(is_array($availableObjectClasses)
|
||||
&& count($availableObjectClasses) > 0) {
|
||||
$this->result->addOptions('ldap_userfilter_objectclass',
|
||||
$availableObjectClasses);
|
||||
} else {
|
||||
throw new \Exception(self::$l->t('Could not find any objectClass'));
|
||||
private function determineFeature($objectclasses, $attr, $dbkey, $confkey) {
|
||||
$cr = $this->getConnection();
|
||||
if(!$cr) {
|
||||
throw new \Excpetion('Could not connect to LDAP');
|
||||
}
|
||||
$setOCs = $this->configuration->ldapUserFilterObjectclass;
|
||||
if(is_array($setOCs) && !empty($setOCs)) {
|
||||
$p = 'objectclass=';
|
||||
foreach($objectclasses as $key => $value) {
|
||||
$objectclasses[$key] = $p.$value;
|
||||
}
|
||||
$maxEntryObjC = '';
|
||||
$availableFeatures =
|
||||
$this->cumulativeSearchOnAttribute($objectclasses, $attr,
|
||||
true, $maxEntryObjC);
|
||||
if(is_array($availableFeatures)
|
||||
&& count($availableFeatures) > 0) {
|
||||
$this->result->addOptions($dbkey, $availableFeatures);
|
||||
} else {
|
||||
throw new \Exception(self::$l->t('Could not find the desired feature'));
|
||||
}
|
||||
|
||||
$setFeatures = $this->configuration->$confkey;
|
||||
if(is_array($setFeatures) && !empty($setFeatures)) {
|
||||
//something is already configured? pre-select it.
|
||||
$this->result->addChange('ldap_userfilter_objectclass', $setOCs);
|
||||
$this->result->addChange($dbkey, $setFeatures);
|
||||
} else if(!empty($maxEntryObjC)) {
|
||||
//TODO / FIXME: this is great for objectclasses, but wrong for groups
|
||||
//isolate it in another method and call it from this method's callee
|
||||
//new? pre-select something hopefully sane
|
||||
$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
|
||||
$this->result->addChange('ldap_userfilter_objectclass',
|
||||
$maxEntryObjC);
|
||||
$this->result->addChange($dbkey, $maxEntryObjC);
|
||||
}
|
||||
|
||||
return $this->result;
|
||||
|
|
|
|||
|
|
@ -13,7 +13,6 @@
|
|||
<select id="ldap_userfilter_objectclass" multiple="multiple"
|
||||
name="ldap_userfilter_objectclass"
|
||||
data-default="<?php p($_['ldap_userfilter_objectclass_default']); ?>">
|
||||
<!-- <option><?php p($l->t('Any'));?></option> -->
|
||||
</select>
|
||||
</p>
|
||||
|
||||
|
|
@ -23,10 +22,8 @@
|
|||
</label>
|
||||
|
||||
<select id="ldap_userfilter_groups" multiple="multiple"
|
||||
name="ldap_userfilter_groups" class="lwautosave"
|
||||
name="ldap_userfilter_groups"
|
||||
data-default="<?php p($_['ldap_userfilter_groups_default']); ?>">
|
||||
<!-- <option value="TODOfillIn">TODO: fill in object classes via Ajax</option> -->
|
||||
<!-- <option value="TODOfillIn2">22222</option> -->
|
||||
</select>
|
||||
</p>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue