3 commits - lib/api lib/Auth lib/Auth.php lib/kolab_api_controller.php
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Mon May 14 12:51:42 CEST 2012
lib/Auth.php | 5 ++
lib/Auth/LDAP.php | 69 ++++++++++++++++++++++++++++++-----
lib/api/kolab_api_service_domain.php | 59 +++++++++++++++++++++++++++++
lib/kolab_api_controller.php | 5 +-
4 files changed, 127 insertions(+), 11 deletions(-)
New commits:
commit dd606a640db335660fe5ebc6748aac0ecf9bdf10
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon May 14 12:51:29 2012 +0200
Add domain API service
diff --git a/lib/api/kolab_api_service_domain.php b/lib/api/kolab_api_service_domain.php
new file mode 100644
index 0000000..f690b4a
--- /dev/null
+++ b/lib/api/kolab_api_service_domain.php
@@ -0,0 +1,59 @@
+<?php
+/*
+ +--------------------------------------------------------------------------+
+ | This file is part of the Kolab Web Admin Panel |
+ | |
+ | Copyright (C) 2011-2012, Kolab Systems AG |
+ | |
+ | This program is free software: you can redistribute it and/or modify |
+ | it under the terms of the GNU Affero General Public License as published |
+ | by the Free Software Foundation, either version 3 of the License, or |
+ | (at your option) any later version. |
+ | |
+ | This program is distributed in the hope that it will be useful, |
+ | but WITHOUT ANY WARRANTY; without even the implied warranty of |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
+ | GNU Affero General Public License for more details. |
+ | |
+ | You should have received a copy of the GNU Affero General Public License |
+ | along with this program. If not, see <http://www.gnu.org/licenses/> |
+ +--------------------------------------------------------------------------+
+ | Author: Aleksander Machniak <machniak at kolabsys.com> |
+ | Author: Jeroen van Meeuwen <vanmeeuwen at kolabsys.com> |
+ +--------------------------------------------------------------------------+
+*/
+
+/**
+ * Service providing domain mutations
+ */
+class kolab_api_service_domain extends kolab_api_service
+{
+
+ /**
+ * Returns service capabilities.
+ *
+ * @param string $domain Domain name
+ *
+ * @return array Capabilities list
+ */
+ public function capabilities($domain)
+ {
+ return array(
+ 'add' => 'w',
+ );
+ }
+
+ public function domain_add($getdata, $postdata)
+ {
+ if (empty($postdata['domain'])) {
+ return;
+ }
+
+ if (empty($postdata['parent'])) {
+ return;
+ }
+
+ $auth = Auth::get_instance();
+ $auth->domain_add($postdata['domain'], $postdata['parent']);
+ }
+}
diff --git a/lib/kolab_api_controller.php b/lib/kolab_api_controller.php
index cfd984a..23556c8 100644
--- a/lib/kolab_api_controller.php
+++ b/lib/kolab_api_controller.php
@@ -56,15 +56,16 @@ class kolab_api_controller
}
// TODO: register services based on config or whatsoever
+ $this->add_service('domain', 'kolab_api_service_domain');
+ $this->add_service('domains', 'kolab_api_service_domains');
$this->add_service('form_value', 'kolab_api_service_form_value');
$this->add_service('group_types', 'kolab_api_service_group_types');
$this->add_service('group', 'kolab_api_service_group');
$this->add_service('groups', 'kolab_api_service_groups');
+ $this->add_service('roles', 'kolab_api_service_roles');
$this->add_service('user_types', 'kolab_api_service_user_types');
$this->add_service('user', 'kolab_api_service_user');
$this->add_service('users', 'kolab_api_service_users');
- $this->add_service('domains', 'kolab_api_service_domains');
- $this->add_service('roles', 'kolab_api_service_roles');
}
/**
commit 02662488e36ddebc7e501e834dfa2afbfb8833cd
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon May 14 12:50:46 2012 +0200
Add function Auth::LDAP::domain_add(). Currently only supports adding a domain alias.
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index a788c09..02045af 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -292,11 +292,11 @@ class LDAP
}
- public function domain_add($domain, $domain_alias = false, $prepopulate = true)
+ public function domain_add($domain, $parent_domain = false, $prepopulate = true)
{
// Apply some routines for access control to this function here.
- if ($domain_alias) {
- return $this->_domain_add_alias($domain, $domain_alias);
+ if (!empty($parent_domain)) {
+ return $this->_domain_add_alias($domain, $parent_domain);
}
else {
return $this->_domain_add_new($domain, $prepopulate);
@@ -809,11 +809,6 @@ class LDAP
return $result;
}
- private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
- {
- return $this->__search($base_dn, $search_filter, $attributes);
- }
-
private function domains_list()
{
$section = $this->conf->get('kolab', 'auth_mechanism');
@@ -1036,6 +1031,30 @@ class LDAP
if (!($new_attrs[$attr] === $old_attr_value) && !($_sort1 === $_sort2)) {
//console("Attribute $attr changed from", $old_attr_value, "to", $new_attrs[$attr]);
if ($attr === $rdn_attr) {
+ //console("This attribute is the RDN attribute. Let's see if it is multi-valued, and if the original still exists in the new value.");
+ if (is_array($old_attrs[$attr])) {
+ if (!is_array($new_attrs[$attr])) {
+ if (in_array($new_attrs[$attr], $old_attrs[$attr])) {
+ // TODO: Need to remove all $old_attrs[$attr] values not equal to $new_attrs[$attr]
+ if ($new_attrs[$attr] !== $old_attrs[$attr][0]) {
+ // TODO: Also need to rename the entry
+ }
+ } else {
+ // TODO: Both replace attribute value and rename.
+ }
+ } else {
+ // TODO: See if the rdn attr. value is still in $new_attrs[$attr]
+ }
+ } else {
+ if (!is_array($new_attrs[$attr])) {
+ // TODO: Do something here
+ } else {
+ // An additional attribute value is being supplied. Just replace and continue.
+ $mod_array['replace'][$attr] = $new_attrs[$attr];
+ continue;
+ }
+ }
+
$mod_array['rename']['dn'] = $subject_dn;
$mod_array['rename']['new_rdn'] = $rdn_attr . '=' . $new_attrs[$attr];
} else {
@@ -1457,6 +1476,33 @@ class LDAP
return true;
}
+ private function _domain_add_alias($domain, $parent)
+ {
+ $conf = Conf::get_instance();
+ $domain_base_dn = $conf->get('ldap', 'domain_base_dn');
+ $domain_filter = $conf->get('ldap', 'domain_filter');
+
+ $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
+
+ $domain_filter = '(&(' . $domain_name_attribute . '=' . $parent . ')' . $domain_filter . ')';
+
+ $domain_entry = self::normalize_result($this->_search($domain_base_dn, $domain_filter));
+
+ // TODO: Catch not having found any such parent domain
+
+ $domain_dn = key($domain_entry);
+
+ // private function modify_entry($subject_dn, $old_attrs, $new_attrs)
+
+ $_old_attr = array($domain_name_attribute => $domain_entry[$domain_dn][$domain_name_attribute]);
+ $_new_attr = array($domain_name_attribute => array($domain_entry[$domain_dn][$domain_name_attribute], $domain));
+
+ return $this->modify_entry($domain_dn, $_old_attr, $_new_attr);
+
+
+
+ }
+
/**
* Shortcut to ldap_bind()
*/
@@ -1595,6 +1641,11 @@ class LDAP
return $ldap_entries;
}
+ private function _search($base_dn, $search_filter = '(objectClass=*)', $attributes = array('*'))
+ {
+ return $this->__search($base_dn, $search_filter, $attributes);
+ }
+
/**
* Shortcut to ldap_search()
*/
@@ -1615,7 +1666,7 @@ class LDAP
}
if (($search_results = @ldap_search($this->conn, $base_dn, $search_filter, $attributes)) == false) {
- //message("Could not search in " . __METHOD__ . " in " . __FILE__ . " on line " . __LINE__ . ": " . $this->_errstr());
+ //console("Could not search in " . __METHOD__ . " in " . __FILE__ . " on line " . __LINE__ . ": " . $this->_errstr());
return false;
}
commit ff52febdc663feac76338d1429c9ce19d6bb09ab
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date: Mon May 14 12:49:22 2012 +0200
Add Auth::domain_add()
diff --git a/lib/Auth.php b/lib/Auth.php
index fd34e97..d77b6a8 100644
--- a/lib/Auth.php
+++ b/lib/Auth.php
@@ -205,6 +205,11 @@ class Auth {
return $this->_auth[$_SESSION['user']->get_domain()]->attribute_details($attributes);
}
+ public function domain_add($domain, $parent_domain=null)
+ {
+ return $this->_auth[$_SESSION['user']->get_domain()]->domain_add($domain, $parent_domain);
+ }
+
public function find_user_groups($member_dn)
{
return $this->_auth[$_SESSION['user']->get_domain()]->find_user_groups($member_dn);
More information about the commits
mailing list