LDAP Wizard: add detection, load and save of LDAP groups for filter purposes
This commit is contained in:
parent
5425511259
commit
3cafcc2d47
|
@ -47,6 +47,7 @@ switch($action) {
|
||||||
case 'guessPortAndTLS':
|
case 'guessPortAndTLS':
|
||||||
case 'guessBaseDN':
|
case 'guessBaseDN':
|
||||||
case 'determineObjectClasses':
|
case 'determineObjectClasses':
|
||||||
|
case 'determineGroups':
|
||||||
try {
|
try {
|
||||||
$result = $wizard->$action();
|
$result = $wizard->$action();
|
||||||
if($result !== false) {
|
if($result !== false) {
|
||||||
|
|
|
@ -202,6 +202,27 @@ var LdapWizard = {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
findAvailableGroups: function() {
|
||||||
|
param = 'action=determineGroups'+
|
||||||
|
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
|
||||||
|
|
||||||
|
LdapWizard.ajax(param,
|
||||||
|
function(result) {
|
||||||
|
$('#ldap_userfilter_groups').find('option').remove();
|
||||||
|
for (i in result.options['ldap_userfilter_groups']) {
|
||||||
|
//FIXME: move HTML into template
|
||||||
|
objc = result.options['ldap_userfilter_groups'][i];
|
||||||
|
$('#ldap_userfilter_groups').append("<option value='"+objc+"'>"+objc+"</option>");
|
||||||
|
}
|
||||||
|
LdapWizard.applyChanges(result);
|
||||||
|
$('#ldap_userfilter_groups').multiselect('refresh');
|
||||||
|
},
|
||||||
|
function (result) {
|
||||||
|
//TODO: error handling
|
||||||
|
}
|
||||||
|
);
|
||||||
|
},
|
||||||
|
|
||||||
findObjectClasses: function() {
|
findObjectClasses: function() {
|
||||||
param = 'action=determineObjectClasses'+
|
param = 'action=determineObjectClasses'+
|
||||||
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
|
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
|
||||||
|
@ -236,8 +257,21 @@ var LdapWizard = {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
initMultiSelect: function(object, id, caption) {
|
||||||
|
object.multiselect({
|
||||||
|
header: false,
|
||||||
|
selectedList: 9,
|
||||||
|
noneSelectedText: caption,
|
||||||
|
click: function(event, ui) {
|
||||||
|
LdapWizard.saveMultiSelect(id,
|
||||||
|
$('#'+id).multiselect("getChecked"));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
initUserFilter: function() {
|
initUserFilter: function() {
|
||||||
LdapWizard.findObjectClasses();
|
LdapWizard.findObjectClasses();
|
||||||
|
LdapWizard.findAvailableGroups();
|
||||||
},
|
},
|
||||||
|
|
||||||
onTabChange: function(event, ui) {
|
onTabChange: function(event, ui) {
|
||||||
|
@ -304,17 +338,12 @@ $(document).ready(function() {
|
||||||
$('#ldap_submit').button();
|
$('#ldap_submit').button();
|
||||||
$('#ldap_action_test_connection').button();
|
$('#ldap_action_test_connection').button();
|
||||||
$('#ldap_action_delete_configuration').button();
|
$('#ldap_action_delete_configuration').button();
|
||||||
$('#ldap_userfilter_groups').multiselect();
|
LdapWizard.initMultiSelect($('#ldap_userfilter_groups'),
|
||||||
$('#ldap_userfilter_objectclass').multiselect({
|
'ldap_userfilter_groups',
|
||||||
header: false,
|
t('user_ldap', 'Select groups'));
|
||||||
selectedList: 9,
|
LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
|
||||||
noneSelectedText: t('user_ldap', 'Select object classes'),
|
'ldap_userfilter_objectclass',
|
||||||
click: function(event, ui) {
|
t('user_ldap', 'Select object classes'));
|
||||||
LdapWizard.saveMultiSelect('ldap_userfilter_objectclass',
|
|
||||||
$('#ldap_userfilter_objectclass').multiselect("getChecked")
|
|
||||||
);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
$('.lwautosave').change(function() { LdapWizard.save(this); });
|
$('.lwautosave').change(function() { LdapWizard.save(this); });
|
||||||
LdapConfiguration.refreshConfig();
|
LdapConfiguration.refreshConfig();
|
||||||
$('#ldap_action_test_connection').click(function(event){
|
$('#ldap_action_test_connection').click(function(event){
|
||||||
|
|
|
@ -45,6 +45,7 @@ class Configuration {
|
||||||
'ldapIgnoreNamingRules' => null,
|
'ldapIgnoreNamingRules' => null,
|
||||||
'ldapUserDisplayName' => null,
|
'ldapUserDisplayName' => null,
|
||||||
'ldapUserFilterObjectclass' => null,
|
'ldapUserFilterObjectclass' => null,
|
||||||
|
'ldapUserFilterGroups' => null,
|
||||||
'ldapUserFilter' => null,
|
'ldapUserFilter' => null,
|
||||||
'ldapGroupFilter' => null,
|
'ldapGroupFilter' => null,
|
||||||
'ldapGroupDisplayName' => null,
|
'ldapGroupDisplayName' => null,
|
||||||
|
@ -123,6 +124,7 @@ class Configuration {
|
||||||
case 'ldapAttributesForUserSearch':
|
case 'ldapAttributesForUserSearch':
|
||||||
case 'ldapAttributesForGroupSearch':
|
case 'ldapAttributesForGroupSearch':
|
||||||
case 'ldapUserFilterObjectclass':
|
case 'ldapUserFilterObjectclass':
|
||||||
|
case 'ldapUserFilterGroups':
|
||||||
$setMethod = 'setMultiLine';
|
$setMethod = 'setMultiLine';
|
||||||
default:
|
default:
|
||||||
$this->$setMethod($key, $val);
|
$this->$setMethod($key, $val);
|
||||||
|
@ -150,6 +152,7 @@ class Configuration {
|
||||||
case 'ldapAttributesForUserSearch':
|
case 'ldapAttributesForUserSearch':
|
||||||
case 'ldapAttributesForGroupSearch':
|
case 'ldapAttributesForGroupSearch':
|
||||||
case 'ldapUserFilterObjectclass':
|
case 'ldapUserFilterObjectclass':
|
||||||
|
case 'ldapUserFilterGroups':
|
||||||
$readMethod = 'getMultiLine';
|
$readMethod = 'getMultiLine';
|
||||||
break;
|
break;
|
||||||
case 'ldapIgnoreNamingRules':
|
case 'ldapIgnoreNamingRules':
|
||||||
|
@ -189,6 +192,7 @@ class Configuration {
|
||||||
case 'ldapAttributesForUserSearch':
|
case 'ldapAttributesForUserSearch':
|
||||||
case 'ldapAttributesForGroupSearch':
|
case 'ldapAttributesForGroupSearch':
|
||||||
case 'ldapUserFilterObjectclass':
|
case 'ldapUserFilterObjectclass':
|
||||||
|
case 'ldapUserFilterGroups':
|
||||||
if(is_array($value)) {
|
if(is_array($value)) {
|
||||||
$value = implode("\n", $value);
|
$value = implode("\n", $value);
|
||||||
}
|
}
|
||||||
|
@ -279,6 +283,7 @@ class Configuration {
|
||||||
'ldap_base_groups' => '',
|
'ldap_base_groups' => '',
|
||||||
'ldap_userlist_filter' => 'objectClass=person',
|
'ldap_userlist_filter' => 'objectClass=person',
|
||||||
'ldap_userfilter_objectclass' => '',
|
'ldap_userfilter_objectclass' => '',
|
||||||
|
'ldap_userfilter_groups' => '',
|
||||||
'ldap_login_filter' => 'uid=%uid',
|
'ldap_login_filter' => 'uid=%uid',
|
||||||
'ldap_group_filter' => 'objectClass=posixGroup',
|
'ldap_group_filter' => 'objectClass=posixGroup',
|
||||||
'ldap_display_name' => 'cn',
|
'ldap_display_name' => 'cn',
|
||||||
|
@ -319,6 +324,7 @@ class Configuration {
|
||||||
'ldap_base_users' => 'ldapBaseUsers',
|
'ldap_base_users' => 'ldapBaseUsers',
|
||||||
'ldap_base_groups' => 'ldapBaseGroups',
|
'ldap_base_groups' => 'ldapBaseGroups',
|
||||||
'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
|
'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
|
||||||
|
'ldap_userfilter_groups' => 'ldapUserFilterGroups',
|
||||||
'ldap_userlist_filter' => 'ldapUserFilter',
|
'ldap_userlist_filter' => 'ldapUserFilter',
|
||||||
'ldap_login_filter' => 'ldapLoginFilter',
|
'ldap_login_filter' => 'ldapLoginFilter',
|
||||||
'ldap_group_filter' => 'ldapGroupFilter',
|
'ldap_group_filter' => 'ldapGroupFilter',
|
||||||
|
|
|
@ -52,6 +52,27 @@ class Wizard extends LDAPUtility {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function determineGroups() {
|
||||||
|
if(!$this->checkRequirements(array('ldapHost',
|
||||||
|
'ldapPort',
|
||||||
|
'ldapAgentName',
|
||||||
|
'ldapAgentPassword',
|
||||||
|
'ldapBase',
|
||||||
|
))) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$cr = $this->getConnection();
|
||||||
|
if(!$cr) {
|
||||||
|
throw new \Excpetion('Could not connect to LDAP');
|
||||||
|
}
|
||||||
|
|
||||||
|
$obclasses = array('posixGroup', 'group', '*');
|
||||||
|
return $this->determineFeature($obclasses,
|
||||||
|
'cn',
|
||||||
|
'ldap_userfilter_groups',
|
||||||
|
'ldapUserFilterGroups');
|
||||||
|
}
|
||||||
|
|
||||||
public function determineObjectClasses() {
|
public function determineObjectClasses() {
|
||||||
if(!$this->checkRequirements(array('ldapHost',
|
if(!$this->checkRequirements(array('ldapHost',
|
||||||
'ldapPort',
|
'ldapPort',
|
||||||
|
@ -66,31 +87,44 @@ class Wizard extends LDAPUtility {
|
||||||
throw new \Excpetion('Could not connect to LDAP');
|
throw new \Excpetion('Could not connect to LDAP');
|
||||||
}
|
}
|
||||||
|
|
||||||
$p = 'objectclass=';
|
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
|
||||||
$obclasses = array($p.'inetOrgPerson', $p.'person',
|
'user', 'posixAccount', '*');
|
||||||
$p.'organizationalPerson', $p.'user',
|
return $this->determineFeature($obclasses,
|
||||||
$p.'posixAccount', $p.'*');
|
'objectclass',
|
||||||
|
'ldap_userfilter_objectclass',
|
||||||
$maxEntryObjC = '';
|
'ldapUserFilterObjectclass');
|
||||||
$availableObjectClasses =
|
|
||||||
$this->cumulativeSearchOnAttribute($obclasses, 'objectclass',
|
|
||||||
true, $maxEntryObjC);
|
|
||||||
if(is_array($availableObjectClasses)
|
|
||||||
&& count($availableObjectClasses) > 0) {
|
|
||||||
$this->result->addOptions('ldap_userfilter_objectclass',
|
|
||||||
$availableObjectClasses);
|
|
||||||
} else {
|
|
||||||
throw new \Exception(self::$l->t('Could not find any objectClass'));
|
|
||||||
}
|
}
|
||||||
$setOCs = $this->configuration->ldapUserFilterObjectclass;
|
|
||||||
if(is_array($setOCs) && !empty($setOCs)) {
|
private function determineFeature($objectclasses, $attr, $dbkey, $confkey) {
|
||||||
|
$cr = $this->getConnection();
|
||||||
|
if(!$cr) {
|
||||||
|
throw new \Excpetion('Could not connect to LDAP');
|
||||||
|
}
|
||||||
|
$p = 'objectclass=';
|
||||||
|
foreach($objectclasses as $key => $value) {
|
||||||
|
$objectclasses[$key] = $p.$value;
|
||||||
|
}
|
||||||
|
$maxEntryObjC = '';
|
||||||
|
$availableFeatures =
|
||||||
|
$this->cumulativeSearchOnAttribute($objectclasses, $attr,
|
||||||
|
true, $maxEntryObjC);
|
||||||
|
if(is_array($availableFeatures)
|
||||||
|
&& count($availableFeatures) > 0) {
|
||||||
|
$this->result->addOptions($dbkey, $availableFeatures);
|
||||||
|
} else {
|
||||||
|
throw new \Exception(self::$l->t('Could not find the desired feature'));
|
||||||
|
}
|
||||||
|
|
||||||
|
$setFeatures = $this->configuration->$confkey;
|
||||||
|
if(is_array($setFeatures) && !empty($setFeatures)) {
|
||||||
//something is already configured? pre-select it.
|
//something is already configured? pre-select it.
|
||||||
$this->result->addChange('ldap_userfilter_objectclass', $setOCs);
|
$this->result->addChange($dbkey, $setFeatures);
|
||||||
} else if(!empty($maxEntryObjC)) {
|
} else if(!empty($maxEntryObjC)) {
|
||||||
|
//TODO / FIXME: this is great for objectclasses, but wrong for groups
|
||||||
|
//isolate it in another method and call it from this method's callee
|
||||||
//new? pre-select something hopefully sane
|
//new? pre-select something hopefully sane
|
||||||
$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
|
$maxEntryObjC = str_replace($p, '', $maxEntryObjC);
|
||||||
$this->result->addChange('ldap_userfilter_objectclass',
|
$this->result->addChange($dbkey, $maxEntryObjC);
|
||||||
$maxEntryObjC);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->result;
|
return $this->result;
|
||||||
|
|
|
@ -13,7 +13,6 @@
|
||||||
<select id="ldap_userfilter_objectclass" multiple="multiple"
|
<select id="ldap_userfilter_objectclass" multiple="multiple"
|
||||||
name="ldap_userfilter_objectclass"
|
name="ldap_userfilter_objectclass"
|
||||||
data-default="<?php p($_['ldap_userfilter_objectclass_default']); ?>">
|
data-default="<?php p($_['ldap_userfilter_objectclass_default']); ?>">
|
||||||
<!-- <option><?php p($l->t('Any'));?></option> -->
|
|
||||||
</select>
|
</select>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
@ -23,10 +22,8 @@
|
||||||
</label>
|
</label>
|
||||||
|
|
||||||
<select id="ldap_userfilter_groups" multiple="multiple"
|
<select id="ldap_userfilter_groups" multiple="multiple"
|
||||||
name="ldap_userfilter_groups" class="lwautosave"
|
name="ldap_userfilter_groups"
|
||||||
data-default="<?php p($_['ldap_userfilter_groups_default']); ?>">
|
data-default="<?php p($_['ldap_userfilter_groups_default']); ?>">
|
||||||
<!-- <option value="TODOfillIn">TODO: fill in object classes via Ajax</option> -->
|
|
||||||
<!-- <option value="TODOfillIn2">22222</option> -->
|
|
||||||
</select>
|
</select>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue