Merge pull request #5809 from owncloud/fix5753

LDAP Wizard: proper behaviour with anonymous bind, fixes #5753
This commit is contained in:
Morris Jobke 2013-11-13 06:52:07 -08:00
commit 5aae550b11
5 changed files with 35 additions and 53 deletions

View File

@ -3,13 +3,9 @@
width: 60%; width: 60%;
} }
.tablecell {
display: table-cell !important;
white-space: nowrap;
}
.tablerow { .tablerow {
display: table-row; display: table-row;
white-space: nowrap;
} }
.tablerow input, .tablerow textarea { .tablerow input, .tablerow textarea {
@ -78,6 +74,7 @@
.wizSpinner { .wizSpinner {
height: 15px; height: 15px;
margin: 0.3em;
} }
.ldapSettingControls { .ldapSettingControls {
@ -100,7 +97,6 @@
#ldap fieldset input, #ldap fieldset textarea { #ldap fieldset input, #ldap fieldset textarea {
width: 60%; width: 60%;
display: inline-block;
} }
#ldap fieldset p input[type=checkbox] { #ldap fieldset p input[type=checkbox] {

View File

@ -192,19 +192,20 @@ var LdapWizard = {
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val(); '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#ldap_base'); LdapWizard.showSpinner('#ldap_base');
$('#ldap_base').prop('disabled', 'disabled');
LdapWizard.ajax(param, LdapWizard.ajax(param,
function(result) { function(result) {
LdapWizard.applyChanges(result); LdapWizard.applyChanges(result);
LdapWizard.hideSpinner('#ldap_base'); LdapWizard.hideSpinner('#ldap_base');
if($('#ldap_base').val()) { if($('#ldap_base').val()) {
$('#ldap_base').removeClass('invisible');
LdapWizard.hideInfoBox(); LdapWizard.hideInfoBox();
} }
$('#ldap_base').prop('disabled', false);
}, },
function (result) { function (result) {
LdapWizard.hideSpinner('#ldap_base'); LdapWizard.hideSpinner('#ldap_base');
$('#ldap_base').removeClass('invisible'); LdapWizard.showInfoBox('Please specify a Base DN');
LdapWizard.showInfoBox('Please specify a port'); $('#ldap_base').prop('disabled', false);
} }
); );
} }
@ -212,28 +213,28 @@ var LdapWizard = {
checkPort: function() { checkPort: function() {
host = $('#ldap_host').val(); host = $('#ldap_host').val();
user = $('#ldap_dn').val(); port = $('#ldap_port').val();
pass = $('#ldap_agent_password').val();
if(host && user && pass) { if(host && !port) {
param = 'action=guessPortAndTLS'+ param = 'action=guessPortAndTLS'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val(); '&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#ldap_port'); LdapWizard.showSpinner('#ldap_port');
$('#ldap_port').prop('disabled', 'disabled');
LdapWizard.ajax(param, LdapWizard.ajax(param,
function(result) { function(result) {
LdapWizard.applyChanges(result); LdapWizard.applyChanges(result);
LdapWizard.hideSpinner('#ldap_port'); LdapWizard.hideSpinner('#ldap_port');
if($('#ldap_port').val()) { if($('#ldap_port').val()) {
LdapWizard.checkBaseDN(); LdapWizard.checkBaseDN();
$('#ldap_port').removeClass('invisible'); $('#ldap_port').prop('disabled', false);
LdapWizard.hideInfoBox(); LdapWizard.hideInfoBox();
} }
}, },
function (result) { function (result) {
LdapWizard.hideSpinner('#ldap_port'); LdapWizard.hideSpinner('#ldap_port');
$('#ldap_port').removeClass('invisible'); $('#ldap_port').prop('disabled', false);
LdapWizard.showInfoBox('Please specify the BaseDN'); LdapWizard.showInfoBox('Please specify the Port');
} }
); );
} }
@ -461,12 +462,6 @@ var LdapWizard = {
}, },
init: function() { init: function() {
if($('#ldap_port').val()) {
$('#ldap_port').removeClass('invisible');
}
if($('#ldap_base').val()) {
$('#ldap_base').removeClass('invisible');
}
LdapWizard.basicStatusCheck(); LdapWizard.basicStatusCheck();
}, },
@ -521,6 +516,8 @@ var LdapWizard = {
}, },
processChanges: function(triggerObj) { processChanges: function(triggerObj) {
LdapWizard.hideInfoBox();
if(triggerObj.id == 'ldap_host' if(triggerObj.id == 'ldap_host'
|| triggerObj.id == 'ldap_port' || triggerObj.id == 'ldap_port'
|| triggerObj.id == 'ldap_dn' || triggerObj.id == 'ldap_dn'

View File

@ -63,8 +63,6 @@ class Wizard extends LDAPUtility {
public function countGroups() { public function countGroups() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -98,8 +96,6 @@ class Wizard extends LDAPUtility {
public function countUsers() { public function countUsers() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
'ldapUserFilter', 'ldapUserFilter',
))) { ))) {
@ -130,8 +126,6 @@ class Wizard extends LDAPUtility {
public function determineAttributes() { public function determineAttributes() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
'ldapUserFilter', 'ldapUserFilter',
))) { ))) {
@ -160,8 +154,6 @@ class Wizard extends LDAPUtility {
private function getUserAttributes() { private function getUserAttributes() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
'ldapUserFilter', 'ldapUserFilter',
))) { ))) {
@ -214,8 +206,6 @@ class Wizard extends LDAPUtility {
private function determineGroups($dbkey, $confkey, $testMemberOf = true) { private function determineGroups($dbkey, $confkey, $testMemberOf = true) {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -242,8 +232,6 @@ class Wizard extends LDAPUtility {
public function determineGroupMemberAssoc() { public function determineGroupMemberAssoc() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapGroupFilter', 'ldapGroupFilter',
))) { ))) {
return false; return false;
@ -266,8 +254,6 @@ class Wizard extends LDAPUtility {
public function determineGroupObjectClasses() { public function determineGroupObjectClasses() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -294,8 +280,6 @@ class Wizard extends LDAPUtility {
public function determineUserObjectClasses() { public function determineUserObjectClasses() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -322,8 +306,6 @@ class Wizard extends LDAPUtility {
public function getGroupFilter() { public function getGroupFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -337,8 +319,6 @@ class Wizard extends LDAPUtility {
public function getUserListFilter() { public function getUserListFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
))) { ))) {
return false; return false;
@ -355,13 +335,12 @@ class Wizard extends LDAPUtility {
public function getUserLoginFilter() { public function getUserLoginFilter() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapPort', 'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase', 'ldapBase',
'ldapUserFilter', 'ldapUserFilter',
))) { ))) {
return false; return false;
} }
$filter = $this->composeLdapFilter(self::LFILTER_LOGIN); $filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
if(!$filter) { if(!$filter) {
throw new \Exception('Cannot create filter'); throw new \Exception('Cannot create filter');
@ -377,8 +356,6 @@ class Wizard extends LDAPUtility {
*/ */
public function guessPortAndTLS() { public function guessPortAndTLS() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapAgentName',
'ldapAgentPassword'
))) { ))) {
return false; return false;
} }
@ -418,8 +395,6 @@ class Wizard extends LDAPUtility {
*/ */
public function guessBaseDN() { public function guessBaseDN() {
if(!$this->checkRequirements(array('ldapHost', if(!$this->checkRequirements(array('ldapHost',
'ldapAgentName',
'ldapAgentPassword',
'ldapPort', 'ldapPort',
))) { ))) {
return false; return false;
@ -799,7 +774,22 @@ class Wizard extends LDAPUtility {
throw new \Exception($error); throw new \Exception($error);
} }
/**
* @brief checks whether a valid combination of agent and password has been
* provided (either two values or nothing for anonymous connect)
* @return boolean, true if everything is fine, false otherwise
*
*/
private function checkAgentRequirements() {
$agent = $this->configuration->ldapAgentName;
$pwd = $this->configuration->ldapAgentPassword;
return ( (!empty($agent) && !empty($pwd))
|| (empty($agent) && empty($pwd)));
}
private function checkRequirements($reqs) { private function checkRequirements($reqs) {
$this->checkAgentRequirements();
foreach($reqs as $option) { foreach($reqs as $option) {
$value = $this->configuration->$option; $value = $this->configuration->$option;
if(empty($value)) { if(empty($value)) {
@ -1005,9 +995,9 @@ class Wizard extends LDAPUtility {
//In case the port is already provided, we will check this first //In case the port is already provided, we will check this first
if($port > 0) { if($port > 0) {
$hostInfo = parse_url($host); $hostInfo = parse_url($host);
if(is_array($hostInfo) if(!(is_array($hostInfo)
&& isset($hostInfo['scheme']) && isset($hostInfo['scheme'])
&& stripos($hostInfo['scheme'], 'ldaps') === false) { && stripos($hostInfo['scheme'], 'ldaps') !== false)) {
$portSettings[] = array('port' => $port, 'tls' => true); $portSettings[] = array('port' => $port, 'tls' => true);
} }
$portSettings[] =array('port' => $port, 'tls' => false); $portSettings[] =array('port' => $port, 'tls' => false);

View File

@ -32,7 +32,7 @@
/> />
<span> <span>
<input type="number" id="ldap_port" name="ldap_port" <input type="number" id="ldap_port" name="ldap_port"
class="invisible lwautosave" class="lwautosave"
placeholder="<?php p($l->t('Port'));?>" /> placeholder="<?php p($l->t('Port'));?>" />
</span> </span>
</div> </div>
@ -56,7 +56,7 @@
<div class="tablerow"> <div class="tablerow">
<textarea id="ldap_base" name="ldap_base" <textarea id="ldap_base" name="ldap_base"
class="tablecell invisible lwautosave" class="tablecell lwautosave"
placeholder="<?php p($l->t('One Base DN per line'));?>" placeholder="<?php p($l->t('One Base DN per line'));?>"
title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>"> title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>">
</textarea> </textarea>

View File

@ -20,8 +20,7 @@
<h3><?php p($l->t('Connection Settings'));?></h3> <h3><?php p($l->t('Connection Settings'));?></h3>
<div> <div>
<p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p> <p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p>
<p><label for="ldap_login_filter"><?php p($l->t('User Login Filter'));?></label> <p><label for="ldap_login_filter"><?php p($l->t('User Login Filter'));?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter"
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
data-default="<?php p($_['ldap_login_filter_default']); ?>" data-default="<?php p($_['ldap_login_filter_default']); ?>"
title="<?php p($l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action. Example: "uid=%%uid"'));?>" /></p> title="<?php p($l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action. Example: "uid=%%uid"'));?>" /></p>
<p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p> <p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p>