3 commits - lib/api lib/Auth lib/Auth.php
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Mon Apr 2 16:53:01 CEST 2012
lib/Auth.php | 32 +++++++
lib/Auth/LDAP.php | 166 ++++++++++++++++++++++++++++++++++---
lib/api/kolab_api_service_user.php | 1
3 files changed, 187 insertions(+), 12 deletions(-)
New commits:
commit c7bef6fe127c35b88ee2c5e567a1970c2a51a408
Merge: 22a9edc 589b9d6
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 2 16:52:53 2012 +0200
Merge branch 'master' of ssh://git.kolab.org/git/kolab-wap
Conflicts:
lib/kolab_client_task.php
commit 22a9edcba8bb0debf4df99e8be94c5b9bf5823b7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 2 16:46:22 2012 +0200
Provide functions to interface users;
- allowed_attributes($objectclasses = array())
Provides a list of may/must attributeTypes, and super objectclasses,
and may/must attributeTypes for those, recursively.
- attribute_details($attributes = array())
Returns schema-based metadata for the interface to use.
diff --git a/lib/Auth.php b/lib/Auth.php
index 2347fb4..70d67e6 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -166,18 +166,18 @@ class Auth {
}
}
- // Dummy function to be removed
+ // TODO: Dummy function to be removed
public function attr_details($attribute)
{
$conf = Conf::get_instance();
- return $this->_auth[$conf->get('kolab', 'primary_domain']->attr_details($attribute);
+ return $this->_auth[$conf->get('kolab', 'primary_domain']->attribute_details((array)($attribute));
}
- // Dummy function to be removed
+ // TODO: Dummy function to be removed
public function attrs_allowed($objectclasses = array())
{
$conf = Conf::get_instance();
- return $this->_auth[$conf->get('kolab', 'primary_domain']->attrs_allowed($objectclasses);
+ return $this->_auth[$conf->get('kolab', 'primary_domain']->allowed_attributes($objectclasses);
}
public function allowed_attributes($objectclasses = array())
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index e748347..f633054 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -163,6 +163,92 @@ class LDAP
}
}
+ public function attribute_details($attributes = array())
+ {
+ $_schema = $this->init_schema();
+
+ $attribs = $_schema->getAll('attributes');
+
+ $attributes_details = array();
+
+ foreach ($attributes as $attribute) {
+ if (array_key_exists($attribute, $attribs)) {
+ $attrib_details = $attribs[$attribute];
+
+ if (!empty($attrib_details['sup'])) {
+ foreach ($attrib_details['sup'] as $super_attrib) {
+ $_attrib_details = $attribs[$super_attrib];
+ if (is_array($_attrib_details)) {
+ $attrib_details = array_merge($_attrib_details, $attrib_details);
+ }
+ }
+ }
+ } elseif (array_key_exists(strtolower($attribute), $attribs)) {
+ $attrib_details = $attribs[strtolower($attribute)];
+
+ if (!empty($attrib_details['sup'])) {
+ foreach ($attrib_details['sup'] as $super_attrib) {
+ $_attrib_details = $attribs[$super_attrib];
+ if (is_array($_attrib_details)) {
+ $attrib_details = array_merge($_attrib_details, $attrib_details);
+ }
+ }
+ }
+ } else {
+ error_log("No schema details exist for attribute $attribute (which is strange)");
+ }
+
+ // The relevant parts only, please
+ $attributes_details[$attribute] = Array(
+ 'type' => (array_key_exists('single-value', $attrib_details) && $attrib_details['single-value']) ? "text" : "list",
+ 'description' => $attrib_details['desc'],
+ 'syntax' => $attrib_details['syntax'],
+ 'max-length' => (array_key_exists('max_length', $attrib_details)) ? $attrib_details['max-length'] : false,
+ );
+ }
+
+ return $attributes_details;
+ }
+
+ public function allowed_attributes($objectclasses = Array())
+ {
+ $_schema = $this->init_schema();
+
+ if (!is_array($objectclasses)) {
+ return false;
+ }
+
+ if (empty($objectclasses)) {
+ return false;
+ }
+
+ $may = Array();
+ $must = Array();
+ $superclasses = Array();
+
+ foreach ($objectclasses as $objectclass) {
+ $superclass = $_schema->superclass($objectclass);
+ if (!empty($superclass)) {
+ $superclasses = array_merge($superclass, $superclasses);
+ }
+
+ $_may = $_schema->may($objectclass);
+ if (is_array($_may)) {
+ $may = array_merge($may, $_may);
+ } /* else {
+ } */
+ $_must = $_schema->must($objectclass);
+ if (is_array($_must)) {
+ $must = array_merge($must, $_must);
+ } /* else {
+ var_dump($_must);
+ } */
+ }
+
+ return Array('may' => $may, 'must' => $must, 'super' => $superclasses);
+
+ }
+
public function domain_add($domain, $domain_alias = false, $prepopulate = true)
{
// Apply some routines for access control to this function here.
@@ -535,23 +621,24 @@ class LDAP
return $this->_add($dn, $attrs);
}
- public function user_delete($user)
+ public function user_delete($subject)
{
- $is_dn = ldap_explode_dn($user, 1);
+ $is_dn = ldap_explode_dn($subject, 1);
if (!$is_dn) {
- list($this->userid, $this->domain) = $this->_qualify_id($user);
- $root_dn = $this->domain_root_dn($this->domain);
- $user_dn = $this->_get_user_dn($root_dn, '(mail=' . $user . ')');
- }
- else {
- $user_dn = $user;
- }
+ $conf = Conf::get_instance();
+ $unique_attr = $conf->get('unique_attr');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
- if (!$user_dn) {
- return false;
+ $user = $this->user_find_by_attribute(Array($unique_attr => $subject));
+ $user_dn = key($user);
+ $result = $this->_delete($user_dn);
+ } else {
+ $result = $this->_delete($subject);
}
- return $this->_delete($user_dn);
+ return $result;
}
public function user_find_by_attribute($attribute)
@@ -657,6 +744,25 @@ class LDAP
return $this->_add($dn, $attrs);
}
+ public function group_delete($subject)
+ {
+ $is_dn = ldap_explode_dn($subject, 1);
+ if (!$is_dn) {
+ $conf = Conf::get_instance();
+ $unique_attr = $conf->get('unique_attr');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+
+ $group = $this->group_find_by_attribute(Array($unique_attr => $subject));
+ $group_dn = key($group);
+ $result = $this->_delete($group_dn);
+ } else {
+ $result = $this->_delete($subject);
+ }
+
+ return $result;
+ }
public function group_info($group)
{
@@ -743,6 +849,42 @@ class LDAP
return $domain_rootdn;
}
+ private function init_schema()
+ {
+ $conf = Conf::get_instance();
+
+ $this->_ldap_uri = $this->conf->get('ldap_uri');
+ $this->_ldap_server = parse_url($this->_ldap_uri, PHP_URL_HOST);
+ $this->_ldap_port = parse_url($this->_ldap_uri, PHP_URL_PORT);
+ $this->_ldap_scheme = parse_url($this->_ldap_uri, PHP_URL_SCHEME);
+
+ require_once("Net/LDAP2.php");
+
+ $_ldap_cfg = Array(
+ 'host' => $this->_ldap_server,
+ 'port' => $this->_ldap_port,
+ 'tls' => false,
+ 'version' => 3,
+ 'binddn' => $conf->get('bind_dn'),
+ 'bindpw' => $conf->get('bind_pw')
+ );
+
+ $_ldap_schema_cache_cfg = Array(
+ 'path' => "/tmp/Net_LDAP2_Schema.cache",
+ 'max_age' => 86400,
+ );
+
+ $_ldap_schema_cache = new Net_LDAP2_SimpleFileSchemaCache($_ldap_schema_cache_cfg);
+
+ $_ldap = Net_LDAP2::connect($_ldap_cfg);
+
+ $result = $_ldap->registerSchemaCache($_ldap_schema_cache);
+
+ $_schema = $_ldap->schema('cn=schema');
+
+ return $_schema;
+ }
+
private function search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
{
return $this->_search($base_dn, $search_filter, $attributes);
diff --git a/lib/api/kolab_api_service_user.php b/lib/api/kolab_api_service_user.php
index 847646d..6a3c047 100644
--- a/lib/api/kolab_api_service_user.php
+++ b/lib/api/kolab_api_service_user.php
@@ -128,6 +128,7 @@ class kolab_api_service_user extends kolab_api_service
*/
public function user_delete($getdata, $postdata)
{
+ console("user_delete()", $getdata, $postdata);
if (!isset($postdata['user'])) {
return false;
}
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 14fe71f..5041577 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -961,8 +961,13 @@ class kolab_client_task
'onclick' => $add_mode ? "kadm.{$name}_add()" : "kadm.{$name}_edit()",
));
- if (!empty($data['entrydn'])) {
- $id = $data[$name];
+ $unique_attr = $this->config->get('unique_attribute');
+ if (!$unique_attr) {
+ $unique_attr = 'nsuniqueid';
+ }
+
+ if (!empty($data[$unique_attr])) {
+ $id = $data[$unique_attr];
$form->add_button(array(
'value' => kolab_html::escape($this->translate('delete.button')),
'onclick' => "kadm.{$name}_delete('{$id}')",
commit da33b37fb0452ff3937b035419b42bc4f2e647b7
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon Apr 2 16:26:47 2012 +0200
Provide Auth functions to get to attributes per objectclass, and syntax parameters per attributetype
diff --git a/lib/Auth.php b/lib/Auth.php
index 75e78e1..2347fb4 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -166,6 +166,38 @@ class Auth {
}
}
+ // Dummy function to be removed
+ public function attr_details($attribute)
+ {
+ $conf = Conf::get_instance();
+ return $this->_auth[$conf->get('kolab', 'primary_domain']->attr_details($attribute);
+ }
+
+ // Dummy function to be removed
+ public function attrs_allowed($objectclasses = array())
+ {
+ $conf = Conf::get_instance();
+ return $this->_auth[$conf->get('kolab', 'primary_domain']->attrs_allowed($objectclasses);
+ }
+
+ public function allowed_attributes($objectclasses = array())
+ {
+ if (!is_array($objectclasses)) {
+ $objectclasses = (array)($objectclasses);
+ }
+
+ return $this->_auth[$_SESSION['user']->get_domain()]->allowed_attributes($objectclasses);
+ }
+
+ public function attribute_details($attributes = array())
+ {
+ if (!is_array($attributes)) {
+ $attributes = (array)($attributes);
+ }
+
+ return $this->_auth[$_SESSION['user']->get_domain()]->attribute_details($attributes);
+ }
+
public function find_user_groups($member_dn)
{
return $this->_auth[$_SESSION['user']->get_domain()]->find_user_groups($member_dn);
More information about the commits
mailing list