lib/Auth
Daniel Hoffend
hoffend at kolabsys.com
Thu Feb 26 23:17:24 CET 2015
lib/Auth/LDAP.php | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
New commits:
commit 4d06bf5dd18f1d21213b9e7b958cbc967fb03dd1
Author: Daniel Hoffend <dh at dotlan.net>
Date: Thu Feb 26 23:17:21 2015 +0100
adding default acl for domainrelated object. finally fixes #4731
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b0027be..a2d0ba3 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -176,12 +176,6 @@ class LDAP extends Net_LDAP3 {
$domain_dn = $domain_name_attribute . '=' . $domain . ',' . $domain_base_dn;
- $result = $this->add_entry($domain_dn, $attributes);
-
- if (!$result) {
- return false;
- }
-
if (!empty($attributes['inetdomainbasedn'])) {
$inetdomainbasedn = $attributes['inetdomainbasedn'];
}
@@ -189,6 +183,18 @@ class LDAP extends Net_LDAP3 {
$inetdomainbasedn = $this->_standard_root_dn($domain);
}
+ if (empty($attributes['aci'])) {
+ $attributes['aci'] = array(
+ "(targetattr = \"*\") (version 3.0;acl \"Read Access for {$domain} Users\";allow (read,compare,search)(userdn = \"ldap:///{$inetdomainbasedn}??sub?(objectclass=*)\");)"
+ );
+ }
+
+ $result = $this->add_entry($domain_dn, $attributes);
+
+ if (!$result) {
+ return false;
+ }
+
// Query the ACI for the primary domain
if ($domain_entry = $this->_find_domain($primary_domain)) {
$domain_entry = array_shift($domain_entry);
More information about the commits
mailing list