[adauth] Add intermediate step to determine binddn if windows style domain is given

7 files changed, 182 insertions, 34 deletions

diff --git a/lang/de/templates/sysconfig/ad-selfsearch.json b/lang/de/templates/sysconfig/ad-selfsearch.json
new file mode 100644
index 00000000..b93a4198
--- /dev/null
+++ b/lang/de/templates/sysconfig/ad-selfsearch.json
@@ -0,0 +1,7 @@
+{
+    "lang_back": "Zur\u00fcck",
+    "lang_continueAnyway": "Trotzdem weiter",
+    "lang_dnLookup": "Ermitteln der Bind-DN",
+    "lang_onProblemSearchBase": "Bei Problemen versuchen Sie, die Bind-DN und Suchbasis manuell anzugeben",
+    "lang_skip": "\u00dcberspringen"
+}
\ No newline at end of file
diff --git a/lang/en/templates/sysconfig/ad-selfsearch.json b/lang/en/templates/sysconfig/ad-selfsearch.json
new file mode 100644
index 00000000..02fe507d
--- /dev/null
+++ b/lang/en/templates/sysconfig/ad-selfsearch.json
@@ -0,0 +1,7 @@
+{
+    "lang_back": "Back",
+    "lang_continueAnyway": "Continue anyway",
+    "lang_dnLookup": "Looking up bind dn",
+    "lang_onProblemSearchBase": "On failure, try to pass the bind dn and search base manually",
+    "lang_skip": "Skip"
+}
\ No newline at end of file
diff --git a/lang/pt/templates/sysconfig/ad-selfsearch.json b/lang/pt/templates/sysconfig/ad-selfsearch.json
new file mode 100644
index 00000000..c44dc44f
--- /dev/null
+++ b/lang/pt/templates/sysconfig/ad-selfsearch.json
@@ -0,0 +1,3 @@
+[
+
+]
\ No newline at end of file
diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php
index 89d822c9..a4878a81 100644
--- a/modules/sysconfig/addmodule_adauth.inc.php
+++ b/modules/sysconfig/addmodule_adauth.inc.php
@@ -17,6 +17,10 @@ class AdAuth_Start extends AddModule_Base
 			$data['edit'] = $this->edit->id();
 		}
 		postToArray($data, $ADAUTH_COMMON_FIELDS, true);
+		$obdn = Request::post('originalbinddn');
+		if (!empty($obdn)) {
+			$data['binddn'] = $obdn;
+		}
 		if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) {
 			$data['server'] = $out[1];
 		}
@@ -76,13 +80,17 @@ class AdAuth_CheckConnection extends AddModule_Base
 			'taskid' => $this->scanTask['id']
 		);
 		$data['prev'] = 'AdAuth_Start';
-		$data['next'] = 'AdAuth_CheckCredentials';
+		if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) {
+			$data['next'] = 'AdAuth_SelfSearch';
+		} else {
+			$data['next'] = 'AdAuth_CheckCredentials';
+		}
 		Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad_ldap-checkconnection', $data);
 	}
 
 }
 
-class AdAuth_CheckCredentials extends AddModule_Base
+class AdAuth_SelfSearch extends AddModule_Base
 {
 
 	private $taskIds;
@@ -108,27 +116,82 @@ class AdAuth_CheckCredentials extends AddModule_Base
 		}
 		$parent = null;
 		$this->originalBindDn = '';
-		$server .= ':' . $port;
+		// Fix bindDN if short name given
+		//
 		if ($ssl) {
-			$uri = "ldaps://$server/";
+			$uri = "ldaps://$server:3269/";
 		} else {
-			$uri = "ldap://$server/";
+			$uri = "ldap://$server:3268/";
 		}
-		if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out)) {
-			$user = $out[1];
-			$this->originalBindDn = str_replace('/', '\\', $binddn);
-			$selfSearch = Taskmanager::submit('LdapSearch', array(
-					'server' => $uri,
-					'searchbase' => $searchbase,
-					'binddn' => $this->originalBindDn,
-					'bindpw' => $bindpw,
-					'username' => $user
-			));
-			if (!isset($selfSearch['id'])) {
-				AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
-				return;
-			}
-			$parent = $selfSearch['id'];
+		preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out);
+		$user = $out[1];
+		$this->originalBindDn = str_replace('/', '\\', $binddn);
+		$selfSearch = Taskmanager::submit('LdapSearch', array(
+				'server' => $uri,
+				'searchbase' => $searchbase,
+				'binddn' => $this->originalBindDn,
+				'bindpw' => $bindpw,
+				'username' => $user
+		));
+		if (!isset($selfSearch['id'])) {
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		$this->taskIds['self-search'] = $selfSearch['id'];
+	}
+
+	protected function renderInternal()
+	{
+		Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-selfsearch', array_merge($this->taskIds, array(
+			'edit' => Request::post('edit'),
+			'title' => Request::post('title'),
+			'server' => Request::post('server'),
+			'port' => Request::post('port'),
+			'searchbase' => Request::post('searchbase'),
+			'binddn' => Request::post('binddn'),
+			'bindpw' => Request::post('bindpw'),
+			'home' => Request::post('home'),
+			'ssl' => Request::post('ssl') === 'on',
+			'fingerprint' => Request::post('fingerprint'),
+			'certificate' => Request::post('certificate', ''),
+			'originalbinddn' => $this->originalBindDn,
+			'prev' => 'AdAuth_Start',
+			'next' => 'AdAuth_CheckCredentials'
+			))
+		);
+	}
+
+}
+
+class AdAuth_CheckCredentials extends AddModule_Base
+{
+
+	private $taskIds;
+
+	protected function preprocessInternal()
+	{
+		$server = Request::post('server');
+		$port = Request::post('port');
+		$searchbase = Request::post('searchbase', '');
+		$binddn = Request::post('binddn');
+		$bindpw = Request::post('bindpw');
+		$ssl = Request::post('ssl', 'off') === 'on';
+		if ($ssl && !Request::post('fingerprint')) {
+			Message::addError('error-read', 'fingerprint');
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		if (empty($server) || empty($binddn) || empty($port)) {
+			Message::addError('empty-field');
+			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
+			return;
+		}
+		$parent = null;
+		// Test query 4 users
+		if ($ssl) {
+			$uri = "ldaps://$server:$port/";
+		} else {
+			$uri = "ldap://$server:$port/";
 		}
 		$ldapSearch = Taskmanager::submit('LdapSearch', array(
 				'parentTask' => $parent,
@@ -161,7 +224,7 @@ class AdAuth_CheckCredentials extends AddModule_Base
 			'ssl' => Request::post('ssl') === 'on',
 			'fingerprint' => Request::post('fingerprint'),
 			'certificate' => Request::post('certificate', ''),
-			'originalbinddn' => $this->originalBindDn,
+			'originalbinddn' => Request::post('originalbinddn'),
 			'prev' => 'AdAuth_Start',
 			'next' => 'AdAuth_Finish'
 			))
diff --git a/templates/sysconfig/ad-selfsearch.html b/templates/sysconfig/ad-selfsearch.html
new file mode 100644
index 00000000..f77bd5fb
--- /dev/null
+++ b/templates/sysconfig/ad-selfsearch.html
@@ -0,0 +1,79 @@
+<p>
+	{{lang_dnLookup}}
+</p>
+
+<div id="zeug">
+	<div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div>
+	<pre style="display:none" id="result"></pre>
+</div>
+<i>{{lang_onProblemSearchBase}}</i>
+<br><br>
+<div class="pull-left">
+	<form role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{prev}}">
+		<input type="hidden" name="token" value="{{token}}">
+		<input type="hidden" name="edit" value="{{edit}}">
+		<input name="title" value="{{title}}" type="hidden">
+		<input name="server" value="{{server}}" type="hidden">
+		<input name="searchbase" value="{{searchbase}}" type="hidden">
+		<input name="binddn" value="{{binddn}}" type="hidden">
+		<input name="bindpw" value="{{bindpw}}" type="hidden">
+		<input name="home" value="{{home}}" type="hidden">
+		{{#ssl}}
+		<input name="ssl" value="on" type="hidden">
+		<input type="hidden" name="certificate" value="{{certificate}}">
+		{{/ssl}}
+		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
+	</form>
+</div>
+<div class="pull-right">
+	<form id="nextform" role="form" method="post" action="?do=SysConfig&amp;action=addmodule&amp;step={{next}}">
+		<input type="hidden" name="token" value="{{token}}">
+		<input type="hidden" name="edit" value="{{edit}}">
+		<input name="title" value="{{title}}" type="hidden">
+		<input name="server" value="{{server}}" type="hidden">
+		<input name="port" value="{{port}}" type="hidden">
+		<input id="searchbase" name="searchbase" value="{{searchbase}}" type="hidden">
+		<input id="fulldn" name="binddn" value="" type="hidden">
+		<input id="givendn" name="originalbinddn" value="{{binddn}}" type="hidden">
+		<input name="bindpw" value="{{bindpw}}" type="hidden">
+		<input name="home" value="{{home}}" type="hidden">
+		{{#ssl}}
+		<input name="ssl" value="on" type="hidden">
+		<input type="hidden" name="certificate" value="{{certificate}}">
+		{{/ssl}}
+		<input name="fingerprint" value="{{fingerprint}}" type="hidden">
+		<input name="originalbinddn" value="{{binddn}}" type="hidden">
+		<button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_skip}} &raquo;</button>
+	</form>
+</div>
+<script type="text/javascript">
+	function selfCb(task)
+	{
+		if (!task || !task.statusCode || task.statusCode === 'TASK_WAITING' || task.statusCode === 'TASK_PROCESSING')
+			return;
+		if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.dn) {
+			var fulldn = task.data.dn;
+			var domain = "-";
+			var search = $('#searchbase').val();
+			if ($('#searchbase').val().length < 2) {
+				domain = $('#givendn').val().replace(/[\/\\]\S+$/i, '');
+				var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i"));
+				console.log(idx);
+				if (idx !== -1) {
+					search = fulldn.substring(idx);
+				}
+				$('#searchbase').val(search);
+			}
+			$('#fulldn').val(fulldn);
+			$('#result').text("BindDN: " + fulldn + "\nWinDomain: " + domain + "\nSearchBase: " + search).show();
+			if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length) {
+				$('#nextbutton').html('{{lang_continueAnyway}}');
+			} else {
+				$('#nextform').submit();
+			}
+		} else {
+			$('#nextbutton').html('{{lang_continueAnyway}}');
+		}
+		$('#nextbutton').show();
+	}
+</script>
diff --git a/templates/sysconfig/ad_ldap-checkconnection.html b/templates/sysconfig/ad_ldap-checkconnection.html
index 58196958..788978f2 100644
--- a/templates/sysconfig/ad_ldap-checkconnection.html
+++ b/templates/sysconfig/ad_ldap-checkconnection.html
@@ -60,7 +60,7 @@
 			var ssl = $('#ssl').length > 0;
 			var ports = task.data.ports;
 			var verRes = -1;
-			var cert = $('#certificate').val().length > 10;
+			var cert = ssl && $('#certificate').val().length > 10;
 			for (var i = 0; i < ports.length; ++i) {
 				if (!ports[i].open || !ports[i].port) continue;
 				if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports over the specific AD ports
diff --git a/templates/sysconfig/ad_ldap-checkcredentials.html b/templates/sysconfig/ad_ldap-checkcredentials.html
index 5a9d6b38..9f5ccf01 100644
--- a/templates/sysconfig/ad_ldap-checkcredentials.html
+++ b/templates/sysconfig/ad_ldap-checkcredentials.html
@@ -3,7 +3,6 @@
 </p>
 
 <div id="zeug">
-	{{#self-search}}<div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div>{{/self-search}}
 	<div data-tm-id="{{tm-search}}" data-tm-log="messages" data-tm-callback="ldapCb">LDAP Test-Query</div>
 </div>
 <i>{{lang_onProblemSearchBase}}</i>
@@ -33,7 +32,7 @@
 		<input name="server" value="{{server}}" type="hidden">
 		<input name="searchbase" value="{{searchbase}}" type="hidden">
 		<input id="setbase" name="somedn" value="" type="hidden">
-		<input id="setdn" name="binddn" value="{{binddn}}" type="hidden">
+		<input name="binddn" value="{{binddn}}" type="hidden">
 		<input name="bindpw" value="{{bindpw}}" type="hidden">
 		<input name="home" value="{{home}}" type="hidden">
 		{{#ssl}}
@@ -63,14 +62,4 @@
 			$('#nextbutton').show();
 		}
 	}
-	function selfCb(task)
-	{
-		if (!task || !task.statusCode)
-			return;
-		if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.dn) {
-			$('#setdn').val(task.data.dn);
-		} else {
-			$('#nextbutton').html('Trotzdem weiter &raquo;');
-		}
-	}
 </script>