[sysconfig] Improve binddn parsing for AD wizard

5 files changed, 51 insertions, 22 deletions

diff --git a/inc/util.inc.php b/inc/util.inc.php
index e6f4ca8f..671028ed 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -364,9 +364,5 @@ SADFACE;
 			@unlink($file);
 		exit(0);
 	}
-	
-	public static function normalizeDn($dn) {
-		return preg_replace('/[,;]\s*/', ',', $dn);
-	}
 
 }
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php
index 2949928b..4c65f7f9 100644
--- a/modules-available/sysconfig/addmodule_adauth.inc.php
+++ b/modules-available/sysconfig/addmodule_adauth.inc.php
@@ -67,12 +67,14 @@ class AdAuth_CheckConnection extends AddModule_Base
 
 	protected function renderInternal()
 	{
+		$searchBase = Ldap::normalizeDn(Request::post('searchbase', '', 'string'));
+		$bindDn = Ldap::normalizeDn(Request::post('binddn', '', 'string'));
 		$data = array(
 			'edit' => Request::post('edit'),
 			'title' => Request::post('title'),
 			'server' => $this->server,
-			'searchbase' => Util::normalizeDn(Request::post('searchbase')),
-			'binddn' => Util::normalizeDn(Request::post('binddn')),
+			'searchbase' => $searchBase,
+			'binddn' => $bindDn,
 			'bindpw' => Request::post('bindpw'),
 			'home' => Request::post('home'),
 			'homeattr' => Request::post('homeattr'),
@@ -81,7 +83,7 @@ class AdAuth_CheckConnection extends AddModule_Base
 			'taskid' => $this->scanTask['id']
 		);
 		$data['prev'] = 'AdAuth_Start';
-		if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) {
+		if ((preg_match('#^\w+[/\\\\]\w+$#', $bindDn) > 0) || (strlen($searchBase) < 2)) {
 			$data['next'] = 'AdAuth_SelfSearch';
 		} elseif (empty($data['homeattr'])) {
 			$data['next'] = 'AdAuth_HomeAttrCheck';
@@ -125,16 +127,29 @@ class AdAuth_SelfSearch extends AddModule_Base
 		} else {
 			$uri = "ldap://$server:3268/";
 		}
-		preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out);
-		$user = $out[1];
-		$this->originalBindDn = str_replace('/', '\\', $binddn);
-		$selfSearch = Taskmanager::submit('LdapSearch', array(
+		// Set up selfSearch task
+		$taskData = array(
 			'server' => $uri,
 			'searchbase' => $searchbase,
-			'binddn' => $this->originalBindDn,
 			'bindpw' => $bindpw,
-			'filter' => "sAMAccountName=$user"
-		));
+		);
+		if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out) && !empty($out[1])) {
+			$this->originalBindDn = str_replace('/', '\\', $binddn);
+			$taskData['filter'] = 'sAMAccountName=' . $out[1];
+		} elseif (preg_match('/^cn=([^=]+),.*?,dc=([^=]+),/i', Ldap::normalizeDn($binddn), $out)) {
+			if (empty($searchbase)) {
+				$this->originalBindDn = $out[2] . '\\' . $out[1];
+				$taskData['filter'] = 'sAMAccountName=' . $out[1];
+			} else {
+				$this->originalBindDn = $binddn;
+				$taskData['filter'] = "distinguishedName=$binddn";
+			}
+		} else {
+			Message::addError('could-not-determine-binddn', $binddn);
+			$this->originalBindDn = $binddn;
+		}
+		$taskData['binddn'] = $this->originalBindDn;
+		$selfSearch = Taskmanager::submit('LdapSearch', $taskData);
 		if (!isset($selfSearch['id'])) {
 			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
 			return;
diff --git a/modules-available/sysconfig/addmodule_ldapauth.inc.php b/modules-available/sysconfig/addmodule_ldapauth.inc.php
index d7122001..4a204407 100644
--- a/modules-available/sysconfig/addmodule_ldapauth.inc.php
+++ b/modules-available/sysconfig/addmodule_ldapauth.inc.php
@@ -67,8 +67,8 @@ class LdapAuth_CheckConnection extends AddModule_Base
 			'edit' => Request::post('edit'),
 			'title' => Request::post('title'),
 			'server' => $this->server,
-			'searchbase' => Util::normalizeDn(Request::post('searchbase')),
-			'binddn' => Util::normalizeDn(Request::post('binddn')),
+			'searchbase' => Ldap::normalizeDn(Request::post('searchbase')),
+			'binddn' => Ldap::normalizeDn(Request::post('binddn')),
 			'bindpw' => Request::post('bindpw'),
 			'home' => Request::post('home'),
 			'ssl' => Request::post('ssl'),
diff --git a/modules-available/sysconfig/inc/ldap.inc.php b/modules-available/sysconfig/inc/ldap.inc.php
new file mode 100644
index 00000000..ed471f31
--- /dev/null
+++ b/modules-available/sysconfig/inc/ldap.inc.php
@@ -0,0 +1,11 @@
+<?php
+
+class Ldap
+{
+
+	public static function normalizeDn($dn)
+	{
+		return trim(preg_replace('/[,;]\s*/', ',', $dn));
+	}
+
+}
diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html
index dad5a24f..5fadd92e 100644
--- a/modules-available/sysconfig/templates/ad-selfsearch.html
+++ b/modules-available/sysconfig/templates/ad-selfsearch.html
@@ -42,7 +42,7 @@
 		<input name="port" value="{{port}}" type="hidden">
 		<input id="searchbase" name="searchbase" value="{{searchbase}}" type="hidden">
 		<input id="fulldn" name="binddn" value="" type="hidden">
-		<input id="givendn" name="originalbinddn" value="{{binddn}}" type="hidden">
+		<input id="givendn" name="originalbinddn" value="{{originalbinddn}}" type="hidden">
 		<input name="bindpw" value="{{bindpw}}" type="hidden">
 		<input id="home" name="home" value="{{home}}" type="hidden">
 		<input id="homeattr" name="homeattr" value="{{homeattr}}" type="hidden">
@@ -64,11 +64,18 @@
 			var domain = "-";
 			var search = $('#searchbase').val();
 			if ($('#searchbase').val().length < 2) {
-				domain = $('#givendn').val().replace(/[\/\\]\S+$/i, '');
-				var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i"));
-				console.log(idx);
-				if (idx !== -1) {
-					search = fulldn.substring(idx);
+				var givenDn = $('#givendn').val();
+				if (new RegExp('^\\w+[\\/\\\\]\\w+$').test(givenDn)) {
+					domain = givenDn.replace(/[\/\\]\S+$/i, '');
+					var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i"));
+					if (idx !== -1) {
+						search = fulldn.substring(idx);
+					}
+				} else {
+					var idx = givenDn.toLowerCase().indexOf(',dc=');
+					if (idx !== -1) {
+						search = givenDn.substring(idx + 1);
+					}
 				}
 				$('#searchbase').val(search);
 			}