diff options
| author | Simon Rettberg | 2016-12-01 18:08:06 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2016-12-01 18:08:06 +0100 |
| commit | c485b29eb853c5a4a7e5b021de39269b1c00d4e2 (patch) | |
| tree | 2be43cabb747308de42ae460cf26850d55232b26 | |
| parent | [Taskmanager] Add support for compressed replies (diff) | |
| download | slx-admin-c485b29eb853c5a4a7e5b021de39269b1c00d4e2.tar.gz slx-admin-c485b29eb853c5a4a7e5b021de39269b1c00d4e2.tar.xz slx-admin-c485b29eb853c5a4a7e5b021de39269b1c00d4e2.zip | |
[sysconfig] AD/LDAP: Fix handling of user@domain.foo; fix SSL portscan; add homeattr scan info
3 files changed, 17 insertions, 7 deletions
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php index 238b7490..5f93e04b 100644 --- a/modules-available/sysconfig/addmodule_adauth.inc.php +++ b/modules-available/sysconfig/addmodule_adauth.inc.php @@ -25,7 +25,7 @@ class AdAuth_Start extends AddModule_Base if (!empty($obdn)) { $data['binddn'] = $obdn; } - if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { + if (isset($data['server']) && preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { $data['server'] = $out[1]; } $data['step'] = 'AdAuth_CheckConnection'; @@ -146,13 +146,11 @@ class AdAuth_SelfSearch extends AddModule_Base 'searchbase' => $searchbase, 'bindpw' => $bindpw, ); - error_log("'$binddn'"); - error_log(preg_match(AD_SHORT_REGEX, $binddn, $out)); - error_log(print_r($out, true)); if (preg_match(AD_SHORT_REGEX, $binddn, $out) && !empty($out[2])) { $this->originalBindDn = str_replace('/', '\\', $binddn); $taskData['filter'] = 'sAMAccountName=' . $out[2]; } elseif (preg_match(AD_AT_REGEX, $binddn, $out) && !empty($out[1])) { + $this->originalBindDn = $binddn; $taskData['filter'] = 'sAMAccountName=' . $out[1]; } elseif (preg_match('/^cn\=([^\=]+),.*?,dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) { if (empty($searchbase)) { diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html index b60cc3af..39ef3e59 100644 --- a/modules-available/sysconfig/templates/ad-selfsearch.html +++ b/modules-available/sysconfig/templates/ad-selfsearch.html @@ -1,5 +1,10 @@ <p> + {{#tryHomeAttr}} + {{lang_determiningHomeDirectory}} + {{/tryHomeAttr}} + {{^tryHomeAttr}} {{lang_dnLookup}} + {{/tryHomeAttr}} </p> <p> {{binddn}} @ {{server}}<br> @@ -14,7 +19,11 @@ </div> </div> <i>{{lang_onProblemSearchBase}}</i> -<br><br> +<br> +<div class="alert alert-warning" id="nohome" style="display:none"> + {{lang_noHomeAttrFound}} +</div> +<br> <div class="pull-left"> <form role="form" method="post" action="?do=SysConfig&action=addmodule&step={{prev}}"> <input type="hidden" name="token" value="{{token}}"> @@ -87,9 +96,11 @@ tryHomeAttr = true; if (task.data.home && task.data.home.length) attrlist = task.data.home; {{/tryHomeAttr}} - if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length - || (tryHomeAttr && $('#home').val().length === 0 && $('#homeattr').val().length === 0 && attrlist.length === 0)) { + if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length) { + $('#nextbutton').html('{{lang_continueAnyway}}'); + } else if (tryHomeAttr && $('#home').val().length === 0 && $('#homeattr').val().length === 0 && attrlist.length === 0) { $('#nextbutton').html('{{lang_continueAnyway}}'); + $('#nohome').show(); } else if (attrlist.length > 1 && $('#homeattr').val().length === 0) { var sel = $('<select>').attr('onchange', 'slxSetHomeAttr(this)').addClass('form-control'); var best = 0; diff --git a/modules-available/sysconfig/templates/ad_ldap-checkconnection.html b/modules-available/sysconfig/templates/ad_ldap-checkconnection.html index 5925829a..2c2d31a4 100644 --- a/modules-available/sysconfig/templates/ad_ldap-checkconnection.html +++ b/modules-available/sysconfig/templates/ad_ldap-checkconnection.html @@ -68,6 +68,7 @@ if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports over the specific AD ports if (ssl) { if (verRes === -1) verRes = ports[i].verifyResult; + if (typeof ports[i].certFingerprint !== 'string' || typeof ports[i].certificateChain !== 'string') continue; if (ports[i].certFingerprint.length < 10 || ports[i].certificateChain.length < 10) continue; if (ports[i].verifyResult != 0 && (cert || !isSelfSigned(ports[i].verifyResult))) continue; verRes = ports[i].verifyResult; |