lib/Auth

Daniel Hoffend hoffend at kolabsys.com
Thu Feb 26 23:17:24 CET 2015


 lib/Auth/LDAP.php |   18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

New commits:
commit 4d06bf5dd18f1d21213b9e7b958cbc967fb03dd1
Author: Daniel Hoffend <dh at dotlan.net>
Date:   Thu Feb 26 23:17:21 2015 +0100

    adding default acl for domainrelated object. finally fixes #4731

diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b0027be..a2d0ba3 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -176,12 +176,6 @@ class LDAP extends Net_LDAP3 {
 
         $domain_dn = $domain_name_attribute . '=' . $domain . ',' . $domain_base_dn;
 
-        $result = $this->add_entry($domain_dn, $attributes);
-
-        if (!$result) {
-            return false;
-        }
-
         if (!empty($attributes['inetdomainbasedn'])) {
             $inetdomainbasedn = $attributes['inetdomainbasedn'];
         }
@@ -189,6 +183,18 @@ class LDAP extends Net_LDAP3 {
             $inetdomainbasedn = $this->_standard_root_dn($domain);
         }
 
+        if (empty($attributes['aci'])) {
+            $attributes['aci'] = array(
+                "(targetattr = \"*\") (version 3.0;acl \"Read Access for {$domain} Users\";allow (read,compare,search)(userdn = \"ldap:///{$inetdomainbasedn}??sub?(objectclass=*)\");)"
+            );
+        }
+
+        $result = $this->add_entry($domain_dn, $attributes);
+
+        if (!$result) {
+            return false;
+        }
+
         // Query the ACI for the primary domain
         if ($domain_entry = $this->_find_domain($primary_domain)) {
             $domain_entry = array_shift($domain_entry);




More information about the commits mailing list