3 commits - lib/Auth lib/Auth.php lib/ext lib/kolab_client_task.php
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Tue Sep 4 15:46:51 CEST 2012
lib/Auth.php | 8 +++-
lib/Auth/LDAP.php | 74 +++++++++++++++++++++++++---------------------
lib/ext/Net/LDAP3.php | 23 ++++++++------
lib/kolab_client_task.php | 4 +-
4 files changed, 64 insertions(+), 45 deletions(-)
New commits:
commit 11c9a15e0fd6bc00259b7d2fdc9868d450a34cf7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Sep 4 14:43:36 2012 +0100
Increase verbosity on user_types being returned,
Avoid using cached user_types if there is none stored in the $_SESSION['user_types']
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index da97fe4..8807589 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -525,7 +525,7 @@ class kolab_client_task
*/
protected function user_types($used_for = NULL)
{
- if (isset($_SESSION['user_types']) && !$this->config_get('devel_mode')) {
+ if (isset($_SESSION['user_types']) && !empty($_SESSION['user_types']) && !$this->config_get('devel_mode')) {
return $_SESSION['user_types'];
}
@@ -548,6 +548,8 @@ class kolab_client_task
$_SESSION['user_types'] = $list;
}
+ Log::trace("kolab_client_task::user_types() returns: " . var_export($list, TRUE));
+
return $list;
}
commit 0a7b32758a8cb2014e08b053855b1dac2eb8841f
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Sep 4 14:42:39 2012 +0100
Set the default folder to include a domain name for some parts of the search, and only set the localpart / domain if any is actually specified
diff --git a/lib/ext/Net/LDAP3.php b/lib/ext/Net/LDAP3.php
index f917dec..a69e283 100644
--- a/lib/ext/Net/LDAP3.php
+++ b/lib/ext/Net/LDAP3.php
@@ -748,7 +748,8 @@ class Net_LDAP3
return $this->result;
}
- public function login($username, $password) {
+ public function login($username, $password, $domain = null) {
+ $this->_debug("Net_LDAP3::login(\$username = '" . $username . "', \$password = '****', \$domain = '" . $domain . "')");
$_bind_dn = $this->config_get('service_bind_dn');
$_bind_pw = $this->config_get('service_bind_pw');
@@ -793,13 +794,17 @@ class Net_LDAP3
return NULL;
}
- if (count(explode('@', $username)) > 1) {
- $__parts = explode('@', $username);
- $localpart = $__parts[0];
- $domain = $__parts[1];
- } else {
- $localpart = $username;
- $domain = '';
+ $localpart = $username;
+
+ if (empty($domain) ) {
+ if (count(explode('@', $username)) > 1) {
+ $__parts = explode('@', $username);
+ $localpart = $__parts[0];
+ $domain = $__parts[1];
+ } else {
+ $localpart = $username;
+ $domain = '';
+ }
}
$realm = $domain;
@@ -809,7 +814,7 @@ class Net_LDAP3
$filter = $this->config_get("filter", NULL);
}
if (empty($filter)) {
- $filter = "(&(|(mail=%s)(alias=%s)(uid=%s))(objectclass=inetorgperson))";
+ $filter = "(&(|(mail=%s)(mail=%U@%d)(alias=%s)(alias=%U@%d)(uid=%s))(objectclass=inetorgperson))";
}
$this->_debug("Net::LDAP3::login() original filter: " . $filter);
commit faef45587db295a49fa0802b71dd0127724ad65c
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Tue Sep 4 14:42:03 2012 +0100
Preserve the domain name specified as part of the login for all intents and purposes
diff --git a/lib/Auth.php b/lib/Auth.php
index 3240da5..94ba753 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -106,13 +106,17 @@ class Auth {
*
* @return bool|string User ID or False on failure
*/
- public function authenticate($username, $password)
+ public function authenticate($username, $password, $domain = null)
{
Log::info("Authentication request for $username against " . $this->domain);
+ if ($domain == NULL) {
+ $domain = $this->domain;
+ }
+
// TODO: Debug logging for the use of a current or the creation of
// a new authentication class instance.
- $result = $this->_auth[$this->domain]->authenticate($username, $password);
+ $result = $this->_auth[$this->domain]->authenticate($username, $password, $domain);
return $result;
}
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index c2940df..14059c6 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -110,14 +110,18 @@ class LDAP extends Net_LDAP3 {
*
* @return bool|string User ID or False on failure
*/
- public function authenticate($username, $password) {
- Log::debug("Auth::LDAP: authentication request for $username");
+ public function authenticate($username, $password, $domain = NULL) {
+ Log::debug("Auth::LDAP: authentication request for $username against domain $domain");
if (!$this->connect()) {
return false;
}
- $result = $this->login($username, $password);
+ if ($domain == NULL) {
+ $domain = $this->domain;
+ }
+
+ $result = $this->login($username, $password, $domain);
if (!$result) {
return FALSE;
@@ -184,7 +188,7 @@ class LDAP extends Net_LDAP3 {
public function domain_info($domain, $attributes = array('*')) {
$domain_dn = $this->entry_dn($domain);
- Log::trace("Auth::LDAP::domain_info() \$domain_dn: " . $domain_dn . " and attributes: " . var_export($attributes, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() \$domain_dn: " . $domain_dn . " and attributes: " . var_export($attributes, TRUE));
if (!$domain_dn) {
$domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
@@ -192,10 +196,10 @@ class LDAP extends Net_LDAP3 {
$domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
$domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
- Log::trace("Auth::LDAP::domain_info() uses _search()");
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _search()");
$result = $this->_search($domain_base_dn, $domain_filter, $attributes);
} else {
- Log::trace("Auth::LDAP::domain_info() uses _read()");
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _read()");
$result = $this->_read($domain_dn, $attributes);
}
@@ -203,7 +207,7 @@ class LDAP extends Net_LDAP3 {
return false;
}
- Log::trace("Auth::LDAP::domain_info() result: " . var_export($result, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() result: " . var_export($result, TRUE));
return $result;
}
@@ -216,7 +220,7 @@ class LDAP extends Net_LDAP3 {
// Ensure we are bound with the user's credentials
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- Log::trace("Auth::LDAP::effective_rights(\$subject = '" . $subject . "')");
+ $this->_log(LOG_DEBUG, "Auth::LDAP::effective_rights(\$subject = '" . $subject . "')");
switch ($subject) {
case "domain":
@@ -301,7 +305,7 @@ class LDAP extends Net_LDAP3 {
}
public function group_info($group, $attributes = array('*')) {
- Log::trace("Auth::LDAP::group_info() for group " . var_export($group, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::group_info() for group " . var_export($group, TRUE));
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
$unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
@@ -313,14 +317,14 @@ class LDAP extends Net_LDAP3 {
$group_dn = $this->entry_dn($group);
- Log::trace("group_info() group_dn " . var_export($group_dn, TRUE));
+ $this->_log(LOG_DEBUG, "group_info() group_dn " . var_export($group_dn, TRUE));
if (!$group_dn) {
return false;
}
$group_info = $this->_read($group_dn, $attributes);
- Log::trace("Auth::LDAP::group_info() result: " . var_export($group_info, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::group_info() result: " . var_export($group_info, TRUE));
return $group_info;
}
@@ -527,7 +531,7 @@ class LDAP extends Net_LDAP3 {
}
public function list_users($attributes = array(), $search = array(), $params = array()) {
- Log::trace("Auth::LDAP::list_users(" . var_export($attributes, TRUE) . ", " . var_export($search, TRUE) . ", " . var_export($params, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::list_users(" . var_export($attributes, TRUE) . ", " . var_export($search, TRUE) . ", " . var_export($params, TRUE));
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
@@ -566,7 +570,7 @@ class LDAP extends Net_LDAP3 {
$base_dn = $this->_subject_base_dn("user");
$filter = $this->conf->get('user_filter');
- Log::trace("Auth::LDAP::list_users() searching entries in $base_dn with $filter, 'sub', NULL, " . var_export($search, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::list_users() searching entries in $base_dn with $filter, 'sub', NULL, " . var_export($search, TRUE));
$result = $this->search_entries($base_dn, $filter, 'sub', NULL, $search);
@@ -701,7 +705,7 @@ class LDAP extends Net_LDAP3 {
}
public function role_find_by_attribute($attribute) {
- Log::trace("Finding role by attribute: " . var_export($attribute, TRUE));
+ $this->_log(LOG_DEBUG, "Finding role by attribute: " . var_export($attribute, TRUE));
$attribute['objectclass'] = 'ldapsubentry';
$result = $this->entry_find_by_attribute($attribute);
@@ -726,7 +730,7 @@ class LDAP extends Net_LDAP3 {
}
$result = $this->_search($role_dn, '(objectclass=ldapsubentry)', $attributes);
- Log::trace("Auth::LDAP::role_info() result: " . var_export($result, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::role_info() result: " . var_export($result, TRUE));
return $result->entries(TRUE);
}
@@ -735,7 +739,7 @@ class LDAP extends Net_LDAP3 {
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
}
- Log::trace("Relaying search to parent:" . var_export(func_get_args(), TRUE));
+ $this->_log(LOG_DEBUG, "Relaying search to parent:" . var_export(func_get_args(), TRUE));
return parent::search($base_dn, $filter, $scope, $sort, $search);
}
@@ -770,7 +774,7 @@ class LDAP extends Net_LDAP3 {
}
public function user_edit($user, $attributes, $typeid = null) {
- Log::trace("user.edit() called for $user, attributes", $attributes);
+ $this->_log(LOG_DEBUG, "user.edit() called for $user, attributes", $attributes);
$unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
@@ -804,7 +808,7 @@ class LDAP extends Net_LDAP3 {
}
public function user_info($user, $attributes = array('*')) {
- Log::trace("Auth::LDAP::user_info() for user " . var_export($user, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::user_info() for user " . var_export($user, TRUE));
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
$unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
@@ -816,7 +820,7 @@ class LDAP extends Net_LDAP3 {
$user_dn = $this->entry_dn($user);
- Log::trace("user_info() user_dn " . var_export($user_dn, TRUE));
+ $this->_log(LOG_DEBUG, "user_info() user_dn " . var_export($user_dn, TRUE));
if (!$user_dn) {
return false;
}
@@ -830,7 +834,7 @@ class LDAP extends Net_LDAP3 {
public function _config_get($key, $default = NULL) {
$key_parts = explode("_", $key);
- Log::trace(var_export($key_parts));
+ $this->_log(LOG_DEBUG, var_export($key_parts));
while (!empty($key_parts)) {
$value = $this->conf->get(implode("_", $key_parts));
@@ -856,25 +860,29 @@ class LDAP extends Net_LDAP3 {
$str = "";
}
+ if (is_array($msg)) {
+ $msg = implode("\n", $msg);
+ }
+
switch ($level) {
case LOG_DEBUG:
- Log::debug($str . implode("\n", $msg));
+ Log::debug($str . $msg);
break;
case LOG_ERR:
- Log::error($str . implode("\n", $msg));
+ Log::error($str . $msg);
break;
case LOG_INFO:
- Log::info($str . implode("\n", $msg));
+ Log::info($str . $msg);
break;
case LOG_WARNING:
- Log::warning($str . implode("\n", $msg));
+ Log::warning($str . $msg);
break;
case LOG_ALERT:
case LOG_CRIT:
case LOG_EMERG:
case LOG_NOTICE:
default:
- Log::trace($str . implode("\n", $msg));
+ Log::trace($str . $msg);
break;
}
}
@@ -887,7 +895,7 @@ class LDAP extends Net_LDAP3 {
$base_dn = $this->domain_root_dn($this->domain);
}
- Log::trace(__FILE__ . "::" . __FUNCTION__ . " using base_dn $base_dn");
+ $this->_log(LOG_DEBUG, __FILE__ . "::" . __FUNCTION__ . " using base_dn $base_dn");
if (empty($subject)) {
return $base_dn;
@@ -899,7 +907,7 @@ class LDAP extends Net_LDAP3 {
$base_dn = $this->conf->expand($subject_base_dn, array("base_dn" => $base_dn));
}
- Log::trace("subject_base_dn for subject $subject results in $base_dn");
+ $this->_log(LOG_DEBUG, "subject_base_dn for subject $subject results in $base_dn");
return $base_dn;
}
@@ -1118,7 +1126,7 @@ class LDAP extends Net_LDAP3 {
$result = $this->_read("cn=" . str_replace('.', '_', $this->conf->get('kolab', 'primary_domain') . ",cn=ldbm database,cn=plugins,cn=config"), array('nsslapd-directory'));
- Log::trace("Primary domain ldbm database configuration entry: " . var_export($result, TRUE));
+ $this->_log(LOG_DEBUG, "Primary domain ldbm database configuration entry: " . var_export($result, TRUE));
$result = $result[key($result)];
$directory = str_replace(str_replace('.', '_', $this->conf->get('kolab', 'primary_domain')), str_replace('.','_',$domain_name), $result['nsslapd-directory']);
@@ -1286,7 +1294,7 @@ class LDAP extends Net_LDAP3 {
}
if (!$this->connect()) {
- Log::trace("Could not connect");
+ $this->_log(LOG_DEBUG, "Could not connect");
return false;
}
@@ -1294,11 +1302,11 @@ class LDAP extends Net_LDAP3 {
$bind_pw = $this->config_get("service_bind_pw", $this->conf->get("service_bind_pw"));
if (!$this->bind($bind_dn, $bind_pw)) {
- Log::trace("Could not connect");
+ $this->_log(LOG_DEBUG, "Could not connect");
return false;
}
- Log::trace("Auth::LDAP::domain_root_dn(\$domain = $domain) called");
+ $this->_log(LOG_DEBUG, "Auth::LDAP::domain_root_dn(\$domain = $domain) called");
if (empty($domain)) {
return false;
}
@@ -1376,7 +1384,7 @@ class LDAP extends Net_LDAP3 {
$result = $this->search($entry_dn, '(objectclass=*)', 'base');
- Log::trace("Auth::LDAP::_read() result: " . var_export($result->entries(TRUE), TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::_read() result: " . var_export($result->entries(TRUE), TRUE));
return $result ? $result->entries(TRUE) : FALSE;
}
@@ -1384,7 +1392,7 @@ class LDAP extends Net_LDAP3 {
private function _search($base_dn, $filter = '(objectclass=*)', $attributes = Array('*')) {
$this->config_set('return_attributes', $attributes);
$result = $this->search($base_dn, $filter);
- Log::trace("Auth::LDAP::_search on $base_dn with $filter for attributes: " . var_export($attributes, TRUE) . " with result: " . var_export($result, TRUE));
+ $this->_log(LOG_DEBUG, "Auth::LDAP::_search on $base_dn with $filter for attributes: " . var_export($attributes, TRUE) . " with result: " . var_export($result, TRUE));
return $result;
}
More information about the commits
mailing list