6 commits - lib/api lib/Auth lib/Auth.php lib/client lib/kolab_client_task.php lib/locale
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Thu Apr 5 14:24:38 CEST 2012
lib/Auth.php | 12 +++
lib/Auth/LDAP.php | 108 ++++++++++++++++++++++++-------
lib/api/kolab_api_service_form_value.php | 52 ++++++++++++++
lib/client/kolab_client_task_user.php | 3
lib/kolab_client_task.php | 4 -
lib/locale/en_US.php | 2
6 files changed, 153 insertions(+), 28 deletions(-)
New commits:
commit de8fdf8864781c8e01b7f038a0dd1b73944c1aa4
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 13:34:31 2012 +0200
Set a default preferredlanguage
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php
index 46a1bc5..33850e3 100644
--- a/lib/api/kolab_api_service_form_value.php
+++ b/lib/api/kolab_api_service_form_value.php
@@ -673,7 +673,17 @@ class kolab_api_service_form_value extends kolab_api_service
private function select_options_preferredlanguage($postdata, $attribs = array())
{
- return $this->_select_options_from_db('preferredlanguage');
+ $options = $this->_select_options_from_db('preferredlanguage');
+
+ $conf = Conf::get_instance();
+ $default = $conf->get('default_locale');
+ if (!$default) {
+ $default = 'en_US';
+ }
+
+ $options['default'] = $default;
+
+ return $options;
}
private function _select_options_from_db($attribute)
commit 17049d58d048da0aaf9b2bfb4d2e3540ac674171
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 13:24:57 2012 +0200
Submit the data for an entry to the API calls for select options, so that the options can be limited based on entry metadata (object_type, type_id, ...)
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 8dc2f34..2bb819b 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -762,7 +762,7 @@ class kolab_client_task
}
$field['name'] = $idx;
- $fields[$idx] = $this->form_element_type($field);
+ $fields[$idx] = $this->form_element_type($field, $data);
$fields[$idx]['readonly'] = true;
$fields[$idx]['disabled'] = true;
@@ -794,7 +794,7 @@ class kolab_client_task
foreach ($form_fields as $idx => $field) {
if (!isset($fields[$idx])) {
$field['name'] = $idx;
- $fields[$idx] = $this->form_element_type($field);
+ $fields[$idx] = $this->form_element_type($field, $data);
}
else {
unset($extra_fields[$idx]);
commit 91607590b3584223882fbcdb4ec11fc5f491e520
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 13:24:37 2012 +0200
Add select_options_ou
diff --git a/lib/api/kolab_api_service_form_value.php b/lib/api/kolab_api_service_form_value.php
index 7d4647f..46a1bc5 100644
--- a/lib/api/kolab_api_service_form_value.php
+++ b/lib/api/kolab_api_service_form_value.php
@@ -133,6 +133,8 @@ class kolab_api_service_form_value extends kolab_api_service
*/
public function select_options($getdata, $postdata)
{
+ //console("form_value.select_options postdata", $postdata);
+
$attribs = $this->object_type_attributes($postdata['object_type'], $postdata['type_id']);
$attributes = (array) $postdata['attributes'];
$result = array();
@@ -631,6 +633,44 @@ class kolab_api_service_form_value extends kolab_api_service
return $this->_select_options_from_db('c');
}
+ private function select_options_ou($postdata, $attribs = array())
+ {
+ $auth = Auth::get_instance();
+ $conf = Conf::get_instance();
+
+ $unique_attr = $conf->get('unique_attribute');
+
+ $base_dn = $conf->get('user_base_dn');
+ if (!$base_dn) {
+ $base_dn = $conf->get('base_dn');
+ }
+
+ $subject = $auth->search($base_dn, '(' . $unique_attr . '=' . $postdata['id'] . ')');
+
+ $subject_dn = $subject[0];
+
+ $subject_dn_components = ldap_explode_dn($subject_dn, 0);
+ unset($subject_dn_components['count']);
+
+ array_shift($subject_dn_components);
+
+ $subject_parent_ou = strtolower(implode(',', $subject_dn_components));
+
+ $ous = $auth->search($base_dn, '(objectclass=organizationalunit)');
+
+ $_ous = array();
+
+ foreach ($ous as $ou) {
+ $_ous[] = strtolower($ou);
+ }
+
+ sort($_ous);
+
+ $_ous['default'] = $subject_parent_ou;
+
+ return $_ous;
+ }
+
private function select_options_preferredlanguage($postdata, $attribs = array())
{
return $this->_select_options_from_db('preferredlanguage');
commit b5be6a237565ddf1e9d6660f6cd23231289f3254
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 13:22:16 2012 +0200
Add a public search function, moving the internal (private) search functions to _search and __search
Take into account a supplied 'ou' attribute value when adding a user, and a changed parent ou when editing a user
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 2f805fd..7699a33 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -355,7 +355,7 @@ class LDAP
public function get_attribute($subject_dn, $attribute)
{
- $result = $this->search($subject_dn, '(objectclass=*)', (array)($attribute));
+ $result = $this->_search($subject_dn, '(objectclass=*)', (array)($attribute));
$result = self::normalize_result($result);
$dn = key($result);
$attr = key($result[$dn]);
@@ -364,7 +364,7 @@ class LDAP
public function get_attributes($subject_dn, $attributes)
{
- $result = $this->search($subject_dn, '(objectclass=*)', $attributes);
+ $result = $this->_search($subject_dn, '(objectclass=*)', $attributes);
$result = self::normalize_result($result);
if (!empty($result)) {
@@ -482,6 +482,10 @@ class LDAP
if (!$base_dn)
$base_dn = $this->conf->get('ldap', $type_str . "_user_base_dn");
+ if (!empty($attrs['ou'])) {
+ $base_dn = $attrs['ou'];
+ }
+
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
$dn = "uid=" . $attrs['uid'] . "," . $base_dn;
@@ -544,7 +548,7 @@ class LDAP
if (!$user_dn)
return false;
- return self::normalize_result($this->search($user_dn));
+ return self::normalize_result($this->_search($user_dn));
}
public function user_find_by_attribute($attribute)
@@ -561,7 +565,7 @@ class LDAP
$root_dn = $this->domain_root_dn($this->domain);
// TODO: Do not query for both, it's either one or the other
- $entries = $this->search($root_dn, "(|" .
+ $entries = $this->_search($root_dn, "(|" .
"(&(objectclass=groupofnames)(member=$member_dn))" .
"(&(objectclass=groupofuniquenames)(uniquemember=$member_dn))" .
")");
@@ -651,7 +655,7 @@ class LDAP
return false;
}
- return self::normalize_result($this->search($group_dn));
+ return self::normalize_result($this->_search($group_dn));
}
public function group_members_list($group)
@@ -758,9 +762,39 @@ class LDAP
return $_schema;
}
- private function search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
+ public function search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
+ {
+ //console("Auth::LDAP::search", $base_dn);
+
+ // We may have been passed on func_get_arg()
+ if (is_array($base_dn)) {
+ $_base_dn = array_shift($base_dn);
+
+ if (count($base_dn) > 0) {
+ $search_filter = array_shift($base_dn);
+ } else {
+ $search_filter = '(objectclass=*)';
+ }
+
+ if (count($base_dn) > 0) {
+ $attributes = array_shift($base_dn);
+ } else {
+ $attributes = array('*');
+ }
+ } else {
+ $_base_dn = $base_dn;
+ }
+
+ $result = self::normalize_result($this->__search($_base_dn, $search_filter, $attributes));
+ $result = array_keys($result);
+ //console($result);
+
+ return $result;
+ }
+
+ private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
{
- return $this->_search($base_dn, $search_filter, $attributes);
+ return $this->__search($base_dn, $search_filter, $attributes);
}
private function domains_list()
@@ -769,7 +803,7 @@ class LDAP
$base_dn = $this->conf->get($section, 'domain_base_dn');
$filter = $this->conf->get($section, 'kolab_domain_filter');
- return $this->search($base_dn, $filter);
+ return $this->_search($base_dn, $filter);
}
private function users_list($attributes = array(), $search = array())
@@ -792,7 +826,7 @@ class LDAP
$filter = '(&' . $filter . $s_filter . ')';
}
- return $this->search($base_dn, $filter, $attributes);
+ return $this->_search($base_dn, $filter, $attributes);
}
private function roles_list($attributes = array(), $search = array())
@@ -812,7 +846,7 @@ class LDAP
$filter = '(&' . $filter . $s_filter . ')';
}
- return $this->search($base_dn, $filter, $attributes);
+ return $this->_search($base_dn, $filter, $attributes);
}
private function groups_list($attributes = array(), $search = array())
@@ -835,7 +869,7 @@ class LDAP
$filter = '(&' . $filter . $s_filter . ')';
}
- return $this->search($base_dn, $filter, $attributes);
+ return $this->_search($base_dn, $filter, $attributes);
}
public static function normalize_result($__result)
@@ -908,7 +942,7 @@ class LDAP
$base_dn = $this->domain_root_dn($this->domain);
- $result = self::normalize_result($this->search($base_dn, $filter, array_keys($attribute)));
+ $result = self::normalize_result($this->_search($base_dn, $filter, array_keys($attribute)));
if (count($result) > 0) {
error_log("Results found: " . implode(', ', array_keys($result)));
@@ -997,9 +1031,16 @@ class LDAP
"rename" => Array(), // For use with ldap_rename()
);
+ // This is me cheating. Remove this special attribute.
+ $old_ou = $old_attrs['ou'];
+ $new_ou = $new_attrs['ou'];
+ unset($old_attrs['ou']);
+ unset($new_attrs['ou']);
+
// Compare each attribute value of the old attrs with the corresponding value
// in the new attrs, if any.
foreach ($old_attrs as $attr => $old_attr_value) {
+
if (array_key_exists($attr, $new_attrs)) {
$_sort1 = false;
$_sort2 = false;
@@ -1015,7 +1056,8 @@ class LDAP
if (!($new_attrs[$attr] === $old_attr_value) && !($_sort1 === $_sort2)) {
console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
if ($attr === $rdn_attr) {
- $mod_array['rename'][$subject_dn] = $rdn_attr . '=' . $new_attrs[$attr];
+ $mod_array['rename']['dn'] = $subject_dn;
+ $mod_array['rename']['new_rdn'] = $rdn_attr . '=' . $new_attrs[$attr];
} else {
if (empty($new_attrs[$attr])) {
switch ($attr) {
@@ -1069,7 +1111,15 @@ class LDAP
}
}
- console($mod_array);
+ if (!($old_ou === $new_ou)) {
+ $mod_array['rename']['new_parent'] = $new_ou;
+ if (empty($mod_array['rename']['dn']) || empty($mod_array['rename']['new_rdn'])) {
+ $mod_array['rename']['dn'] = $subject_dn;
+ $mod_array['rename']['new_rdn'] = $rdn_attr . '=' . $new_attrs[$rdn_attr];
+ }
+ }
+
+ //console($mod_array);
$result = $this->modify_entry_attributes($subject_dn, $mod_array);
@@ -1115,12 +1165,21 @@ class LDAP
}
if (is_array($attributes['rename']) && !empty($attributes['rename'])) {
- $olddn = key($attributes['rename']);
- $newrdn = $attributes['rename'][$olddn];
- $result = ldap_rename($this->conn, $olddn, $newrdn, NULL, true);
+ $olddn = $attributes['rename']['dn'];
+ $newrdn = $attributes['rename']['new_rdn'];
+ if (!empty($attributes['rename']['new_parent'])) {
+ $new_parent = $attributes['rename']['new_parent'];
+ } else {
+ $new_parent = null;
+ }
+
+ console("Attempt to rename $olddn to $newrdn,$new_parent");
+
+ $result = ldap_rename($this->conn, $olddn, $newrdn, $new_parent, true);
}
if (!$result) {
+ error_log("LDAP Error: " . $this->_errstr());
return false;
}
@@ -1235,8 +1294,8 @@ class LDAP
// Always bind with the session credentials
$this->_bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- console("Entry DN", $entry_dn);
- console("Attributes", $attributes);
+ //console("Entry DN", $entry_dn);
+ //console("Attributes", $attributes);
foreach ($attributes as $attr_name => $attr_value) {
if (empty($attr_value)) {
@@ -1303,6 +1362,9 @@ class LDAP
}
$this->conn = $connection;
+
+ ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3);
+
// TODO: Debug logging
error_log("Connected!");
@@ -1390,12 +1452,14 @@ class LDAP
/**
* Shortcut to ldap_search()
*/
- private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
+ private function __search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
{
if (!$this->_connect()) {
return false;
}
+ $attributes = (array)($attributes);
+
error_log("Searching $base_dn with filter: $search_filter");
// error_log("Searching with user: " . $_SESSION['user']->user_bind_dn);
@@ -1623,7 +1687,7 @@ class LDAP
}
}
- $entries = self::normalize_result($this->search($dn));
+ $entries = self::normalize_result($this->_search($dn));
//console("ENTRIES for \$dn $dn", $entries);
@@ -1728,7 +1792,7 @@ class LDAP
foreach ((array)$entry['memberurl'] as $url) {
$ldap_uri_components = $this->_parse_memberurl($url);
- $entries = self::normalize_result($this->search($ldap_uri_components[3], $ldap_uri_components[6]));
+ $entries = self::normalize_result($this->_search($ldap_uri_components[3], $ldap_uri_components[6]));
foreach ($entries as $entry_dn => $_entry) {
$group_members[$entry_dn] = $_entry;
error_log("Found " . $entry_dn);
commit f9383d555f1e5e5e2900d403dfa25a76d9b584b7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 13:20:33 2012 +0200
Abstract searching from the authn/authz backend as well
diff --git a/lib/Auth.php b/lib/Auth.php
index 92901e3..544b066 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -320,6 +320,18 @@ class Auth {
}
}
+ public function search()
+ {
+ $this->connect($domain);
+ if ($domain === NULL) {
+ $domain = $this->conf->get('primary_domain');
+ }
+
+ $result = $this->_auth[$domain]->search(func_get_args());
+
+ return $result;
+ }
+
public function user_add($attributes, $typeid = null)
{
return $this->_auth[$_SESSION['user']->get_domain()]->user_add($attributes, $typeid);
commit b59b7abb194c87bc789556aa7ddf8685a43300c4
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Thu Apr 5 10:32:40 2012 +0200
'title' is supposed to refer to job title or title in an organizational context.
See http://tools.ietf.org/html/rfc4519#section-2.38
diff --git a/lib/client/kolab_client_task_user.php b/lib/client/kolab_client_task_user.php
index c66cb8b..fa94be7 100644
--- a/lib/client/kolab_client_task_user.php
+++ b/lib/client/kolab_client_task_user.php
@@ -205,14 +205,13 @@ class kolab_client_task_user extends kolab_client_task
'type_id' => 'personal',
'type_id_name' => 'personal',
- /* Sensibly first */
- 'title' => 'personal',
/* Probably input */
'givenname' => 'personal',
'sn' => 'personal',
/* Possibly input */
'initials' => 'personal',
'o' => 'personal',
+ 'title' => 'personal',
/* Probably generated */
'cn' => 'personal',
'displayname' => 'personal',
diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
index 44ee0f0..82fdac4 100644
--- a/lib/locale/en_US.php
+++ b/lib/locale/en_US.php
@@ -68,13 +68,13 @@ $LANG['user.postalcode'] = 'Postal Code';
$LANG['user.sn'] = 'Surname';
$LANG['user.system'] = 'System';
$LANG['user.telephonenumber'] = 'Phone Number';
+$LANG['user.title'] = 'Job Title';
$LANG['user.givenname'] = 'Given name';
$LANG['user.displayname'] = 'Display name';
$LANG['user.mail'] = 'Primary Email Address';
$LANG['user.mailhost'] = 'Email Server';
$LANG['user.kolabhomeserver'] = 'Email Server';
$LANG['user.initials'] = 'Middle name';
-$LANG['user.title'] = 'Title';
$LANG['user.country'] = 'Country';
$LANG['user.country.desc'] = '2 letter code from ISO 3166-1';
$LANG['user.phone'] = 'Phone number';
More information about the commits
mailing list