lib/Auth lib/ext
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Wed Jul 10 16:40:16 CEST 2013
lib/Auth/LDAP.php | 45 +++++++++++++--
lib/ext/Net/LDAP3.php | 147 ++++++++++++++++++++++++++------------------------
2 files changed, 118 insertions(+), 74 deletions(-)
New commits:
commit c42e58d733a82528f11e199e44cc8a9c52148840
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Wed Jul 10 16:39:58 2013 +0200
Ensure replicas and replication agreements are added correctly
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 36038c7..ebafe1b 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -206,12 +206,19 @@ class LDAP extends Net_LDAP3 {
$replica_hosts = $this->list_replicas();
if (!empty($replica_hosts)) {
foreach ($replica_hosts as $replica_host) {
+ Log::trace("Iterating over replication partners (now: $replica_host)");
$ldap = new Net_LDAP3($this->config);
+ $ldap->config_set("log_hook", array($this, "_log"));
$ldap->config_set('host', $replica_host);
$ldap->config_set('hosts', array($replica_host));
$ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
- $ldap->add_entry($dn, $attrs);
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
+ $result = $ldap->add_entry($dn, $attrs);
+
+ if (!$result) {
+ Log::error("Error adding $dn to $replica_host");
+ }
+
$ldap->close();
}
} else {
@@ -254,7 +261,6 @@ class LDAP extends Net_LDAP3 {
'nsslapd-cachememsize' => '10485760',
'nsslapd-readonly' => 'off',
'nsslapd-require-index' => 'off',
- 'nsslapd-directory' => $directory,
'nsslapd-dncachememsize' => '10485760'
);
@@ -262,10 +268,38 @@ class LDAP extends Net_LDAP3 {
if (!empty($replica_hosts)) {
foreach ($replica_hosts as $replica_host) {
$ldap = new Net_LDAP3($this->config);
+ $ldap->config_set("log_hook", array($this, "_log"));
$ldap->config_set('host', $replica_host);
$ldap->config_set('hosts', array($replica_host));
$ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
+
+ $ldap->config_set('return_attributes', array('nsslapd-directory'));
+ $result = $ldap->get_entry("cn=" . $_primary_domain . ",cn=ldbm database,cn=plugins,cn=config");
+ if (!$result) {
+ $result = $ldap->get_entry("cn=" . $primary_domain . ",cn=ldbm database,cn=plugins,cn=config");
+ }
+
+ if (!$result) {
+ $result = $ldap->get_entry("cn=userRoot,cn=ldbm database,cn=plugins,cn=config");
+ }
+
+ $this->_log(LOG_DEBUG, "Primary domain ldbm database configuration entry: " . var_export($result, true));
+
+ $result = $result[key($result)];
+ $orig_directory = $result['nsslapd-directory'];
+ $directory = str_replace($_primary_domain, $_domain, $result['nsslapd-directory']);
+
+ if ($directory == $orig_directory) {
+ $directory = str_replace($primary_domain, $_domain, $result['nsslapd-directory']);
+ }
+
+ if ($directory == $orig_directory) {
+ $directory = str_replace("userRoot", $_domain, $result['nsslapd-directory']);
+ }
+
+ $attrs['nsslapd-directory'] = $directory;
+
$ldap->add_entry($dn, $attrs);
$ldap->close();
}
@@ -340,10 +374,11 @@ class LDAP extends Net_LDAP3 {
if (!empty($replica_hosts)) {
foreach ($replica_hosts as $replica_host) {
$ldap = new Net_LDAP3($this->config);
+ $ldap->config_set("log_hook", array($this, "_log"));
$ldap->config_set('host', $replica_host);
$ldap->config_set('hosts', array($replica_host));
$ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
$ldap->add_entry($dn, $attrs);
$ldap->close();
}
diff --git a/lib/ext/Net/LDAP3.php b/lib/ext/Net/LDAP3.php
index 8b46d85..1f04d1a 100644
--- a/lib/ext/Net/LDAP3.php
+++ b/lib/ext/Net/LDAP3.php
@@ -289,7 +289,7 @@ class Net_LDAP3
$ldap->config_set('host', $replica_host);
$ldap->config_set('hosts', array($replica_host));
$ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
$replica_attrs = Array(
'cn' => 'replica',
@@ -308,10 +308,15 @@ class Net_LDAP3
$new_replica_dn = 'cn=replica,cn="' . $domain_root_dn . '",cn=mapping tree,cn=config';
- $this->_debug("Would have added $new_replica_dn with attributes: " . var_export($replica_attrs, TRUE));
+ $this->_debug("Adding $new_replica_dn to $replica_host with attributes: " . var_export($replica_attrs, TRUE));
$result = $ldap->add_entry($new_replica_dn, $replica_attrs);
+ if (!$result) {
+ $this->_error("Could not add replication configuration to database for $domain_root_dn on $replica_host");
+ continue;
+ }
+
$result = $ldap->search($replica_dn, "(objectclass=nsDS5ReplicationAgreement)", "sub");
if (!$result) {
@@ -329,7 +334,7 @@ class Net_LDAP3
if ($replicate_to_host == $replica_host)
continue;
- $this->_debug("About to add a replication agreement for $domain_root_dn to $replicate_to_host on " . $ldap->config_get('host'));
+ $this->_debug("Adding a replication agreement for $domain_root_dn to $replicate_to_host on " . $ldap->config_get('host'));
$attrs = Array(
'objectclass',
@@ -346,10 +351,12 @@ class Net_LDAP3
$replica_agreement_attrs['nsDS5ReplicaRoot'] = $domain_root_dn;
$replica_agreement_dn = "cn=" . $replica_agreement_attrs['cn'] . "," . $new_replica_dn;
- $this->_debug("Would have added $replica_agreement_dn with attributes: " . var_export($replica_agreement_attrs, TRUE));
+ $this->_debug("Adding $replica_agreement_dn to $replica_host with attributes: " . var_export($replica_agreement_attrs, TRUE));
$result = $ldap->add_entry($replica_agreement_dn, $replica_agreement_attrs);
-
+ if (!$result) {
+ $this->_error("Failed adding $replica_agreement_dn");
+ }
}
}
@@ -962,6 +969,72 @@ class Net_LDAP3
return $this->result;
}
+ public function list_replicas()
+ {
+ $this->_debug("Finding replicas for this server.");
+
+ // Search any host that is a replica for the current host
+ $replica_hosts = $this->config_get('replica_hosts', Array());
+
+ if (!empty($replica_hosts)) {
+ return $replica_hosts;
+ }
+
+ $ldap = new Net_LDAP3($this->config);
+ $ldap->connect();
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
+
+ $ldap->config_set('return_attributes', array('nsds5replicahost'));
+
+ $result = $ldap->search($this->config_get('config_root_dn'), '(objectclass=nsds5replicationagreement)', 'sub');
+
+ if (!$result) {
+ $this->_debug("No replicas configured");
+ return $replica_hosts;
+ }
+
+ $this->_debug("Replication agreements found: " . var_export($result->entries(TRUE), TRUE));
+
+ foreach ($result->entries(TRUE) as $dn => $attrs) {
+ if (!in_array($attrs['nsds5replicahost'], $replica_hosts)) {
+ $replica_hosts[] = $attrs['nsds5replicahost'];
+ }
+ }
+
+ // $replica_hosts now holds the IDs of servers we are currently NOT
+ // connected to. We might need this later in order to set
+ $this->_server_id_not = $replica_hosts;
+
+ $this->_debug("So far, we have the following replicas: " . var_export($replica_hosts, TRUE));
+
+ $ldap->close();
+
+ foreach ($replica_hosts as $replica_host) {
+ $ldap->config_set('host', $replica_host);
+ $ldap->config_set('hosts', array($replica_host));
+ $ldap->connect();
+ $ldap->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
+
+ $ldap->config_set('return_attributes', array('nsds5replicahost'));
+ $result = $ldap->search($this->config_get('config_root_dn'), '(objectclass=nsds5replicationagreement)', 'sub');
+ if (!$result) {
+ $this->_debug("No replicas configured");
+ }
+
+ foreach ($result->entries(TRUE) as $dn => $attrs) {
+ if (!in_array($attrs['nsds5replicahost'], $replica_hosts)) {
+ $replica_hosts[] = $attrs['nsds5replicahost'];
+ }
+ }
+
+ $ldap->close();
+ }
+
+ $this->config_set('replica_hosts', $replica_hosts);
+
+ return $replica_hosts;
+ }
+
public function login($username, $password, $domain = null)
{
$this->_debug("Net_LDAP3::login(\$username = '" . $username . "', \$password = '****', \$domain = '" . $domain . "')");
@@ -2054,70 +2127,6 @@ class Net_LDAP3
return array_filter($group_members);
}
- private function list_replicas()
- {
- $this->_debug("Finding replicas for this server.");
-
- // Search any host that is a replica for the current host
- $replica_hosts = $this->config_get('replica_hosts', Array());
-
- if (!empty($replica_hosts)) {
- return $replica_hosts;
- }
-
- $ldap = new Net_LDAP3($this->config);
- $ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
-
- $ldap->config_set('return_attributes', array('nsds5replicahost'));
-
- $result = $ldap->search($this->config_get('config_root_dn'), '(objectclass=nsds5replicationagreement)', 'sub');
-
- if (!$result) {
- $this->_debug("No replicas configured");
- return $replica_hosts;
- }
-
- foreach ($result->entries(TRUE) as $dn => $attrs) {
- if (!in_array($attrs['nsds5replicahost'], $replica_hosts)) {
- $replica_hosts[] = $attrs['nsds5replicahost'];
- }
- }
-
- // $replica_hosts now holds the IDs of servers we are currently NOT
- // connected to. We might need this later in order to set
- $this->_server_id_not = $replica_hosts;
-
- $this->_debug("So far, we have the following replicas: " . var_export($replica_hosts, TRUE));
-
- $ldap->close();
-
- foreach ($replica_hosts as $replica_host) {
- $ldap->config_set('host', $replica_host);
- $ldap->config_set('hosts', array($replica_host));
- $ldap->connect();
- $ldap->bind($this->config_get('bind_dn'), $this->config_get('bind_pw'));
-
- $ldap->config_set('return_attributes', array('nsds5replicahost'));
- $result = $ldap->search($this->config_get('config_root_dn'), '(objectclass=nsds5replicationagreement)', 'sub');
- if (!$result) {
- $this->_debug("No replicas configured");
- }
-
- foreach ($result->entries(TRUE) as $dn => $attrs) {
- if (!in_array($attrs['nsds5replicahost'], $replica_hosts)) {
- $replica_hosts[] = $attrs['nsds5replicahost'];
- }
- }
-
- $ldap->close();
- }
-
- $this->config_set('replica_hosts', $replica_hosts);
-
- return $replica_hosts;
- }
-
/**
* memberUrl attribute parser
*
More information about the commits
mailing list