lib/Auth
Aleksander Machniak
machniak at kolabsys.com
Sat Oct 20 13:54:57 CEST 2012
lib/Auth/LDAP.php | 181 ++++++++++++++----------------------------------------
1 file changed, 47 insertions(+), 134 deletions(-)
New commits:
commit 63224aa501391467987714c8e4d79cb14e65819c
Author: Aleksander Machniak <alec at alec.pl>
Date: Sat Oct 20 13:54:22 2012 +0200
Code unification/simplification
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index f4fd89c..2609e74 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -148,35 +148,16 @@ class LDAP extends Net_LDAP3 {
}
public function domain_edit($domain, $attributes, $typeid = null) {
- // Domain identifier
- $unique_attr = $this->unique_attribute();
-
- // Now that values have been re-generated where necessary, compare
- // the new domain attributes to the original domain attributes.
- $_domain = $this->domain_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
-
- if (empty($_domain)) {
- $_domain = $this->entry_dn($domain);
-
- if (empty($_domain)) {
- return false;
- }
-
- $_domain_dn = $domain;
- }
- else {
- $_domain_dn = key($_domain);
- }
+ $domain = $this->domain_info($domain, array_keys($attributes));
- if (!$_domain) {
- console("Could not find domain");
+ if (empty($domain)) {
return false;
}
- $_domain = $this->domain_info($_domain_dn, array_keys($attributes));
+ $domain_dn = key($domain);
// We should start throwing stuff over the fence here.
- return $this->modify_entry($_domain_dn, $_domain[$_domain_dn], $attributes);
+ return $this->modify_entry($domain_dn, $domain[$domain_dn], $attributes);
}
public function domain_delete($domain) {
@@ -250,21 +231,7 @@ class LDAP extends Net_LDAP3 {
}
public function group_add($attrs, $typeid = null) {
- if ($typeid == null) {
- $type_str = 'group';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM group_types WHERE id = ?", $typeid));
- $type_str = $_key['key'];
- }
-
- // Check if the group_type has a specific base DN specified.
- $base_dn = $this->conf->get($type_str . "_group_base_dn");
- // If not, take the regular user_base_dn
- if (!$base_dn) {
- $base_dn = $this->conf->get("group_base_dn");
- }
+ $base_dn = $this->entry_base_dn('group', $typeid);
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
@@ -278,24 +245,16 @@ class LDAP extends Net_LDAP3 {
}
public function group_edit($group, $attributes, $typeid = null) {
- // Group identifier
- $unique_attr = $this->unique_attribute();
- $attributes[$unique_attr] = $group;
+ $group = $this->group_info($group, array_keys($attributes));
- // Now that values have been re-generated where necessary, compare
- // the new group attributes to the original group attributes.
- $_group = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
-
- if (!$_group) {
- console("Could not find group");
+ if (empty($group)) {
return false;
}
- $_group_dn = key($_group);
- $_group = $this->group_info($_group_dn, array_keys($attributes));
+ $group_dn = key($group);
// We should start throwing stuff over the fence here.
- return $this->modify_entry($_group_dn, $_group[$_group_dn], $attributes);
+ return $this->modify_entry($group_dn, $group[$group_dn], $attributes);
}
public function group_find_by_attribute($attribute) {
@@ -306,7 +265,7 @@ class LDAP extends Net_LDAP3 {
$this->_log(LOG_DEBUG, "Auth::LDAP::group_info() for group " . var_export($group, TRUE));
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- $unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
+ $unique_attr = $this->unique_attribute();
if (!in_array($unique_attr, $attributes)) {
$attributes[] = $unique_attr;
}
@@ -580,21 +539,7 @@ class LDAP extends Net_LDAP3 {
}
public function resource_add($attrs, $typeid = null) {
- if ($typeid == null) {
- $type_str = 'resource';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM resource_types WHERE id = ?", $typeid));
- $type_str = $_key['key'];
- }
-
- // Check if the resource_type has a specific base DN specified.
- $base_dn = $this->conf->get($type_str . "_resource_base_dn");
- // If not, take the regular user_base_dn
- if (!$base_dn) {
- $base_dn = $this->conf->get("resource_base_dn");
- }
+ $base_dn = $this->entry_base_dn('resource', $typeid);
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
@@ -608,25 +553,16 @@ class LDAP extends Net_LDAP3 {
}
public function resource_edit($resource, $attributes, $typeid = null) {
- // Resource identifier
- $unique_attr = $this->unique_attribute();
- $attributes[$unique_attr] = $resource;
+ $resource = $this->resource_info($resource, array_keys($attributes));
- console("\$this->domain: " . $this->domain);
- // Now that values have been re-generated where necessary, compare
- // the new resource attributes to the original resource attributes.
- $_resource = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
-
- if (!$_resource) {
- console("Could not find resource");
+ if (empty($resource)) {
return false;
}
- $_resource_dn = key($_resource);
- $_resource = $this->resource_info($_resource_dn, array_keys($attributes));
+ $resource_dn = key($resource);
// We should start throwing stuff over the fence here.
- return $this->modify_entry($_resource_dn, $_resource[$_resource_dn], $attributes);
+ return $this->modify_entry($resource_dn, $resource[$resource_dn], $attributes);
}
public function resource_find_by_attribute($attribute) {
@@ -654,16 +590,7 @@ class LDAP extends Net_LDAP3 {
}
public function role_add($attrs) {
- if ($typeid == null) {
- $type_str = 'role';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM role_types WHERE id = ?", $typeid));
- $type_str = $_key['key'];
- }
-
- $base_dn = $this->_subject_base_dn('role');
+ $base_dn = $this->entry_base_dn('role', $typeid);
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
@@ -673,24 +600,16 @@ class LDAP extends Net_LDAP3 {
}
public function role_edit($role, $attributes, $typeid = null) {
- // Resource identifier
- $unique_attr = $this->unique_attribute();
- $attributes[$unique_attr] = $role;
-
- // Now that values have been re-generated where necessary, compare
- // the new role attributes to the original role attributes.
- $_role = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr], 'objectclass' => 'ldapsubentry'));
+ $role = $this->role_info($role, array_keys($attributes));
- if (!$_role) {
- Log::error("Could not find role identified with $role.");
+ if (empty($role)) {
return false;
}
- $_role_dn = key($_role);
- $_role = $this->role_info($_role_dn, array_keys($attributes));
+ $role_dn = key($role);
// We should start throwing stuff over the fence here.
- return $this->modify_entry($_role_dn, $_role[$_role_dn], $attributes);
+ return $this->modify_entry($role_dn, $role[$role_dn], $attributes);
}
public function role_delete($role) {
@@ -711,7 +630,7 @@ class LDAP extends Net_LDAP3 {
}
public function role_info($role, $attributes = array('*')) {
- $role_dn = $this->entry_dn($role);
+ $role_dn = $this->entry_dn($role, array('objectclass' => 'ldapsubentry'));
if (!$role_dn) {
return false;
@@ -737,27 +656,12 @@ class LDAP extends Net_LDAP3 {
}
public function user_add($attrs, $typeid = null) {
- if ($typeid == null) {
- $type_str = 'user';
- }
- else {
- $db = SQL::get_instance();
- $_key = $db->fetch_assoc($db->query("SELECT `key` FROM user_types WHERE id = ?", $typeid));
- $type_str = $_key['key'];
- }
-
- // Check if the user_type has a specific base DN specified.
- $base_dn = $this->_subject_base_dn($type_str . "_user");
- if (empty($base_dn)) {
- $base_dn = $this->_subject_base_dn("user");
- }
+ $base_dn = $this->entry_base_dn('user', $typeid);
if (!empty($attrs['ou'])) {
$base_dn = $attrs['ou'];
}
- //console("Base DN now: $base_dn");
-
// TODO: The rdn is configurable as well.
// Use [$type_str . "_"]user_rdn_attr
$dn = "uid=" . $attrs['uid'] . "," . $base_dn;
@@ -766,27 +670,16 @@ class LDAP extends Net_LDAP3 {
}
public function user_edit($user, $attributes, $typeid = null) {
- $this->_log(LOG_DEBUG, "user.edit() called for $user, attributes", $attributes);
-
- $unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
-
- $attributes[$unique_attr] = $user;
-
- // Now that values have been re-generated where necessary, compare
- // the new group attributes to the original group attributes.
- $_user = $this->entry_find_by_attribute(array($unique_attr => $attributes[$unique_attr]));
+ $user = $this->user_info($user, array_keys($attributes));
- if (!$_user) {
- console("Could not find user");
+ if (empty($user)) {
return false;
}
- $_user_dn = key($_user);
- $_user = $this->user_info($_user_dn, array_keys($attributes));
- console("Auth::LDAP::user_edit() existing \$_user info", $_user);
+ $user_dn = key($user);
// We should start throwing stuff over the fence here.
- return $this->modify_entry($_user_dn, $_user[$_user_dn], $attributes);
+ return $this->modify_entry($user_dn, $user[$user_dn], $attributes);
}
public function user_delete($user) {
@@ -797,7 +690,7 @@ class LDAP extends Net_LDAP3 {
$this->_log(LOG_DEBUG, "Auth::LDAP::user_info() for user " . var_export($user, TRUE));
$this->bind($_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw);
- $unique_attr = $this->config_get('unique_attribute', 'nsuniqueid');
+ $unique_attr = $this->unique_attribute();
if (!in_array($unique_attr, $attributes)) {
$attributes[] = $unique_attr;
}
@@ -842,6 +735,26 @@ class LDAP extends Net_LDAP3 {
return $this->add_entry($entry_dn, $attrs);
}
+ /**
+ * Return base DN for specified object type
+ */
+ protected function entry_base_dn($type, $typeid = null)
+ {
+ if ($typeid) {
+ $db = SQL::get_instance();
+ $sql = $db->fetch_assoc($db->query("SELECT `key` FROM {$type}_types WHERE id = ?", $typeid));
+
+ // Check if the type has a specific base DN specified.
+ $base_dn = $this->_subject_base_dn($sql['key'] . '_' . $type . '_base_dn');
+ }
+
+ if (empty($base_dn)) {
+ $base_dn = $this->_subject_base_dn($type . '_base_dn');
+ }
+
+ return $base_dn;
+ }
+
public function _config_get($key, $default = NULL) {
$key_parts = explode("_", $key);
$this->_log(LOG_DEBUG, var_export($key_parts));
More information about the commits
mailing list