[sysconfig] Allow remapping of attributes for AD too

author: Simon Rettberg 2017-12-14 12:55:30 +0100
committer: Simon Rettberg 2017-12-14 12:55:30 +0100
commit: c66fbba36646f51ee0c696ffdfa18e5c820c29bc (patch)
tree: 7277275890125b1413bd5719b59027dcd92bf049 /modules-available/sysconfig
parent: [vmstore] Fix uninitialized variable access (diff)
download: slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.tar.gz
slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.tar.xz
slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.zip
8 files changed, 86 insertions, 57 deletions
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php
index 6e4463ae..07806061 100644
--- a/modules-available/sysconfig/addmodule_adauth.inc.php
+++ b/modules-available/sysconfig/addmodule_adauth.inc.php
@@ -13,7 +13,7 @@ class AdAuth_Start extends AddModule_Base
 
 	protected function renderInternal()
 	{
-		$ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate');
+		$ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate', 'mapping');
 		$data = array();
 		if ($this->edit !== false) {
 			moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS);
@@ -31,7 +31,12 @@ class AdAuth_Start extends AddModule_Base
 		if (isset($data['server']) && preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) {
 			$data['server'] = $out[1];
 		}
+		if (isset($data['homeattr']) && !isset($data['mapping']['homemount'])) {
+			$data['mapping']['homemount'] = $data['homeattr'];
+		}
 		$data['step'] = 'AdAuth_CheckConnection';
+		$data['map_empty'] = true;
+		$data['mapping'] = ConfigModuleBaseLdap::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']);
 		Render::addDialog(Dictionary::translateFile('config-module', 'adAuth_title'), false, 'ad-start', $data);
 	}
 
@@ -67,10 +72,11 @@ class AdAuth_CheckConnection extends AddModule_Base
 		if (preg_match('/^([^\:]+)\:(\d+)$/', $this->server, $out)) {
 			$ports = array($out[2]);
 			$this->server = $out[1];
+			// Test the default ports twice since the other one might not return all required data (home directory)
 		} elseif ($ssl) {
-			$ports = array(636, 3269);
+			$ports = array(636, 3269, 636);
 		} else {
-			$ports = array(389, 3268);
+			$ports = array(389, 3268, 389);
 		}
 		$this->scanTask = Taskmanager::submit('PortScan', array(
 			'host' => $this->server,
@@ -97,7 +103,8 @@ class AdAuth_CheckConnection extends AddModule_Base
 			'ssl' => Request::post('ssl'),
 			'fixnumeric' => Request::post('fixnumeric'),
 			'certificate' => Request::post('certificate', ''),
-			'taskid' => $this->scanTask['id']
+			'taskid' => $this->scanTask['id'],
+			'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 		);
 		$data['prev'] = 'AdAuth_Start';
 		if ((preg_match(AD_BOTH_REGEX, $this->bindDn) > 0) || (strlen($this->searchBase) < 2)) {
@@ -157,8 +164,8 @@ class AdAuth_SelfSearch extends AddModule_Base
 			$taskData['filter'] = 'sAMAccountName=' . $out[2];
 		} elseif (preg_match(AD_AT_REGEX, $binddn, $out) && !empty($out[1])) {
 			$this->originalBindDn = $binddn;
-			$taskData['filter'] = 'sAMAccountName=' . $out[1];
-		} elseif (preg_match('/^cn\=([^\=]+),.*?,dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) {
+			$taskData['filter'] = 'userPrincipalName=' . $binddn;
+		} elseif (preg_match('/^cn\=([^\=]+),.*?dc\=([^\=]+),/i', Ldap::normalizeDn($binddn), $out)) {
 			if (empty($selfSearchBase)) {
 				$this->originalBindDn = $out[2] . '\\' . $out[1];
 				$taskData['filter'] = 'sAMAccountName=' . $out[1];
@@ -198,6 +205,7 @@ class AdAuth_SelfSearch extends AddModule_Base
 			'fingerprint' => Request::post('fingerprint'),
 			'certificate' => Request::post('certificate', ''),
 			'originalbinddn' => $this->originalBindDn,
+			'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 			'prev' => 'AdAuth_Start'
 		);
 		if (empty($data['homeattr'])) {
@@ -275,6 +283,7 @@ class AdAuth_HomeAttrCheck extends AddModule_Base
 				'certificate' => Request::post('certificate', ''),
 				'originalbinddn' => Request::post('originalbinddn'),
 				'tryHomeAttr' => true,
+				'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 				'prev' => 'AdAuth_Start',
 				'next' => 'AdAuth_CheckCredentials'
 			))
@@ -316,7 +325,8 @@ class AdAuth_CheckCredentials extends AddModule_Base
 			'server' => $uri,
 			'searchbase' => $searchbase,
 			'binddn' => $binddn,
-			'bindpw' => $bindpw
+			'bindpw' => $bindpw,
+			'mapping' => Request::post('mapping', false, 'array'),
 		));
 		if (!isset($ldapSearch['id'])) {
 			AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
@@ -325,8 +335,6 @@ class AdAuth_CheckCredentials extends AddModule_Base
 		$this->taskIds = array(
 			'tm-search' => $ldapSearch['id']
 		);
-		if (isset($selfSearch['id']))
-			$this->taskIds['self-search'] = $selfSearch['id'];
 	}
 
 	protected function renderInternal()
@@ -345,6 +353,7 @@ class AdAuth_CheckCredentials extends AddModule_Base
 				'fingerprint' => Request::post('fingerprint'),
 				'certificate' => Request::post('certificate', ''),
 				'originalbinddn' => Request::post('originalbinddn'),
+				'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 				'prev' => 'AdAuth_Start',
 				'next' => 'AdAuth_HomeDir'
 			))
@@ -408,6 +417,7 @@ class AdAuth_HomeDir extends AddModule_Base
 			'fingerprint' => Request::post('fingerprint'),
 			'certificate' => Request::post('certificate', ''),
 			'originalbinddn' => Request::post('originalbinddn'),
+			'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 			'prev' => 'AdAuth_Start',
 			'next' => 'AdAuth_Finish'
 		);
@@ -466,6 +476,7 @@ class AdAuth_Finish extends AddModule_Base
 		$module->setData('homeattr', Request::post('homeattr'));
 		$module->setData('certificate', Request::post('certificate'));
 		$module->setData('ssl', $ssl);
+		$module->setData('mapping', Request::post('mapping', false, 'array'));
 		$module->setData('fixnumeric', Request::post('fixnumeric', '', 'string'));
 		foreach (AdAuth_HomeDir::getAttributes() as $key) {
 			$value = Request::post($key);
diff --git a/modules-available/sysconfig/addmodule_ldapauth.inc.php b/modules-available/sysconfig/addmodule_ldapauth.inc.php
index 310be063..a193f779 100644
--- a/modules-available/sysconfig/addmodule_ldapauth.inc.php
+++ b/modules-available/sysconfig/addmodule_ldapauth.inc.php
@@ -7,33 +7,9 @@
 class LdapAuth_Start extends AddModule_Base
 {
 
-	public static function getMapping($config = false, &$empty = true)
-	{
-		$list = array(
-			['name' => 'uid', 'field' => 'uid'],
-			['name' => 'uidnumber', 'field' => 'uidnumber'],
-			['name' => 'uncHomePath', 'field' => 'homemount'],
-			['name' => 'homeDirectory', 'field' => 'localhome'],
-			['name' => 'posixAccount', 'field' => 'posixAccount'],
-			['name' => 'shadowAccount', 'field' => 'shadowAccount'],
-		);
-		if (is_array($config)) {
-			foreach ($list as &$item) {
-				if (!empty($config[$item['field']])) {
-					$item['value'] = $config[$item['field']];
-					$empty = false;
-				}
-				if ($item['field'] === 'homemount' && !empty($config['homeattr']) && empty($config['value'])) {
-					$item['value'] = $config['homeattr'];
-				}
-			}
-		}
-		return $list;
-	}
-
 	protected function renderInternal()
 	{
-		$LDAPAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'ssl', 'fixnumeric', 'certificate', 'mapping');
+		$LDAPAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'fixnumeric', 'certificate', 'mapping');
 		$data = array();
 		if ($this->edit !== false) {
 			moduleToArray($this->edit, $data, $LDAPAUTH_COMMON_FIELDS);
@@ -47,9 +23,12 @@ class LdapAuth_Start extends AddModule_Base
 		if (isset($data['server']) && preg_match('/^(.*)\:(636|389)$/', $data['server'], $out)) {
 			$data['server'] = $out[1];
 		}
+		if (isset($data['homeattr']) && !isset($data['mapping']['homemount'])) {
+			$data['mapping']['homemount'] = $data['homeattr'];
+		}
 		$data['step'] = 'LdapAuth_CheckConnection';
 		$data['map_empty'] = true;
-		$data['mapping'] = self::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']);
+		$data['mapping'] = ConfigModuleBaseLdap::getMapping(isset($data['mapping']) ? $data['mapping'] : false, $data['map_empty']);
 		Render::addDialog(Dictionary::translateFile('config-module', 'ldapAuth_title'), false, 'ldap-start', $data);
 	}
 
@@ -104,7 +83,7 @@ class LdapAuth_CheckConnection extends AddModule_Base
 			'fixnumeric' => Request::post('fixnumeric'),
 			'certificate' => Request::post('certificate', ''),
 			'taskid' => $this->scanTask['id'],
-			'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')),
+			'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 		);
 		$data['prev'] = 'LdapAuth_Start';
 		$data['next'] = 'LdapAuth_CheckCredentials';
@@ -159,8 +138,6 @@ class LdapAuth_CheckCredentials extends AddModule_Base
 		$this->taskIds = array(
 			'tm-search' => $ldapSearch['id']
 		);
-		if (isset($selfSearch['id']))
-			$this->taskIds['self-search'] = $selfSearch['id'];
 	}
 
 	protected function renderInternal()
@@ -177,7 +154,7 @@ class LdapAuth_CheckCredentials extends AddModule_Base
 				'fixnumeric' => Request::post('fixnumeric'),
 				'fingerprint' => Request::post('fingerprint'),
 				'certificate' => Request::post('certificate', ''),
-				'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')),
+				'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 				'prev' => 'LdapAuth_Start',
 				'next' => 'LdapAuth_HomeDir',
 			))
@@ -218,7 +195,7 @@ class LdapAuth_HomeDir extends AddModule_Base
 			'fingerprint' => Request::post('fingerprint'),
 			'certificate' => Request::post('certificate', ''),
 			'originalbinddn' => Request::post('originalbinddn'),
-			'mapping' => LdapAuth_Start::getMapping(Request::post('mapping', false, 'array')),
+			'mapping' => ConfigModuleBaseLdap::getMapping(Request::post('mapping', false, 'array')),
 			'prev' => 'LdapAuth_Start',
 			'next' => 'LdapAuth_Finish',
 		);
@@ -278,6 +255,7 @@ class LdapAuth_Finish extends AddModule_Base
 		$module->setData('home', Request::post('home'));
 		$module->setData('certificate', Request::post('certificate'));
 		$module->setData('ssl', $ssl);
+		$module->setData('mapping', Request::post('mapping', false, 'array'));
 		$module->setData('fixnumeric', Request::post('fixnumeric', '', 'string'));
 		foreach (LdapAuth_HomeDir::getAttributes() as $key) {
 			$value = Request::post($key);
diff --git a/modules-available/sysconfig/inc/configmodule.inc.php b/modules-available/sysconfig/inc/configmodule.inc.php
index ca40094a..54d06afe 100644
--- a/modules-available/sysconfig/inc/configmodule.inc.php
+++ b/modules-available/sysconfig/inc/configmodule.inc.php
@@ -16,6 +16,9 @@ abstract class ConfigModule
 	private $moduleTitle = false;
 	private $moduleStatus = false;
 	private $currentVersion = 0;
+	/**
+	 * @var false|array Data of module, false if not initialized
+	 */
 	protected $moduleData = false;
 	
 	/**
@@ -86,7 +89,7 @@ abstract class ConfigModule
 	 * Get fresh instance of ConfigModule subclass for given module type.
 	 *
 	 * @param string $moduleType name of module type
-	 * @return \ConfigModule module instance
+	 * @return false|\ConfigModule module instance
 	 */
 	public static function getInstance($moduleType)
 	{
@@ -117,7 +120,7 @@ abstract class ConfigModule
 	 * Get module instance from id.
 	 *
 	 * @param int $moduleId module id to get
-	 * @return ConfigModule The requested module from DB, or false on error
+	 * @return false|\ConfigModule The requested module from DB, or false on error
 	 */
 	public static function get($moduleId)
 	{
diff --git a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
index 55104005..d8a41a8b 100644
--- a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
+++ b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
@@ -10,6 +10,27 @@ abstract class ConfigModuleBaseLdap extends ConfigModule
 		'shareRemapMode', 'shareRemapCreate', 'shareDocuments', 'shareDownloads', 'shareDesktop', 'shareMedia',
 		'shareOther', 'shareHomeDrive', 'shareDomain', 'credentialPassthrough', 'mapping');
 
+	public static function getMapping($config = false, &$empty = true)
+	{
+		$list = array(
+			['name' => 'uid', 'field' => 'uid', 'ad' => 'sAMAccountName'],
+			['name' => 'uidnumber', 'field' => 'uidnumber', 'ad' => false],
+			['name' => 'uncHomePath', 'field' => 'homemount', 'ad' => 'homeDirectory'],
+			['name' => 'homeDirectory', 'field' => 'localhome', 'ad' => false],
+			['name' => 'posixAccount', 'field' => 'posixAccount', 'ad' => 'user'],
+			//['name' => 'shadowAccount', 'field' => 'shadowAccount'],
+		);
+		if (is_array($config)) {
+			foreach ($list as &$item) {
+				if (!empty($config[$item['field']])) {
+					$item['value'] = $config[$item['field']];
+					$empty = false;
+				}
+			}
+		}
+		return $list;
+	}
+
 	protected function generateInternal($tgz, $parent)
 	{
 		Trigger::ldadp($this->id(), $parent);
diff --git a/modules-available/sysconfig/lang/de/messages.json b/modules-available/sysconfig/lang/de/messages.json
index 0a1f6de3..5bceb2f0 100644
--- a/modules-available/sysconfig/lang/de/messages.json
+++ b/modules-available/sysconfig/lang/de/messages.json
@@ -2,7 +2,7 @@
     "config-activated": "Konfiguration {{0}} wurde aktiviert",
     "config-deleted": "Konfiguration {{0}} wurde gel\u00f6scht",
     "config-invalid": "Konfiguration mit ID {{0}} existiert nicht",
-    "could-not-determine-binddn": "Konnte Bind-DN nicht ermitteln",
+    "could-not-determine-binddn": "Konnte Bind-DN nicht ermitteln ({{0}})",
     "invalid-action": "Ung\u00fcltige Aktion: {{0}}",
     "missing-file": "Es wurde keine Datei ausgew\u00e4hlt!",
     "missing-title": "Kein Titel eingegeben",
diff --git a/modules-available/sysconfig/lang/en/messages.json b/modules-available/sysconfig/lang/en/messages.json
index 83f47903..6e50b80c 100644
--- a/modules-available/sysconfig/lang/en/messages.json
+++ b/modules-available/sysconfig/lang/en/messages.json
@@ -2,7 +2,7 @@
     "config-activated": "Configuration {{0}} has been activated",
     "config-deleted": "Deleted configuration {{0}}",
     "config-invalid": "Configuration with id {{0}} does not exist",
-    "could-not-determine-binddn": "Could not determine bind dn",
+    "could-not-determine-binddn": "Could not determine bind dn ({{0}})",
     "invalid-action": "Invalid action: {{0}}",
     "missing-file": "There was no file selected!",
     "missing-title": "No title given",
diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html
index 6c5bcb8c..6b85b9ed 100644
--- a/modules-available/sysconfig/templates/ad-selfsearch.html
+++ b/modules-available/sysconfig/templates/ad-selfsearch.html
@@ -39,6 +39,9 @@
 		<input name="ssl" value="on" type="hidden">
 		<input type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
+		{{#mapping}}
+			<input type="hidden" name="mapping[{{field}}]" value="{{value}}">
+		{{/mapping}}
 		<input name="fixnumeric" value="{{fixnumeric}}" type="hidden">
 		<button type="submit" class="btn btn-primary">&laquo; {{lang_back}}</button>
 	</form>
@@ -60,6 +63,9 @@
 		<input name="ssl" value="on" type="hidden">
 		<input type="hidden" name="certificate" value="{{certificate}}">
 		{{/ssl}}
+		{{#mapping}}
+			<input type="hidden" name="mapping[{{field}}]" value="{{value}}">
+		{{/mapping}}
 		<input name="fixnumeric" value="{{fixnumeric}}" type="hidden">
 		<input name="fingerprint" value="{{fingerprint}}" type="hidden">
 		<button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_skip}} &raquo;</button>
diff --git a/modules-available/sysconfig/templates/ad-start.html b/modules-available/sysconfig/templates/ad-start.html
index 1559ad52..7f211343 100644
--- a/modules-available/sysconfig/templates/ad-start.html
+++ b/modules-available/sysconfig/templates/ad-start.html
@@ -20,40 +20,50 @@
 	<input type="hidden" name="token" value="{{token}}">
 	<input type="hidden" name="edit" value="{{edit}}">
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">{{lang_moduleTitle}}</span>
+		<span class="input-group-addon slx-ga2">{{lang_moduleTitle}}</span>
 		<input tabindex="1" name="title" value="{{title}}" type="text" class="form-control" autofocus>
 	</div>
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">Server *</span>
+		<span class="input-group-addon slx-ga2">Server *</span>
 		<input tabindex="2" name="server" value="{{server}}" type="text" class="form-control" placeholder="dc0.institution.example.com">
 	</div>
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">{{lang_bindDN}} *</span>
+		<span class="input-group-addon slx-ga2">{{lang_bindDN}} *</span>
 		<input tabindex="3" name="binddn" value="{{binddn}}" type="text" class="form-control" placeholder="domain\bwlp *ODER* CN=bwlp,OU=Benutzer,DC=domain,DC=hs-beispiel,DC=de">
 	</div>
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">{{lang_password}} *</span>
+		<span class="input-group-addon slx-ga2">{{lang_password}} *</span>
 		<input tabindex="4" name="bindpw" value="{{bindpw}}" type="{{password_type}}" class="form-control" placeholder="{{lang_password}}">
 	</div>
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">{{lang_searchBase}}</span>
+		<span class="input-group-addon slx-ga2">{{lang_searchBase}}</span>
 		<input tabindex="5" name="searchbase" value="{{searchbase}}" type="text" class="form-control" placeholder="dc=windows,dc=hs-beispiel,dc=de">
 	</div>
-	<br>
 	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">Home</span>
+		<span class="input-group-addon slx-ga2">Home</span>
 		<input tabindex="6" name="home" value="{{home}}" type="text" class="form-control" placeholder="\\server.example.com\%s">
 		<span class="input-group-btn">
 			<a class="btn btn-default" data-toggle="modal" data-target="#help-home"><span class="glyphicon glyphicon-question-sign"></span></a>
 		</span>
 	</div>
-	<div class="input-group">
-		<span style="min-width:150px;" class="input-group-addon slx-ga">{{lang_homeAttr}}</span>
-		<input tabindex="6" name="homeattr" value="{{homeattr}}" type="text" class="form-control" placeholder="homeDirectory">
-		<span class="input-group-btn">
-			<a class="btn btn-default" data-toggle="modal" data-target="#help-homeattr"><span class="glyphicon glyphicon-question-sign"></span></a>
-		</span>
+	<br>
+	<div class="{{#map_empty}}collapse{{/map_empty}}" id="attrbox">
+		<p>{{lang_customizeAttrDescAd}}</p>
+		{{#mapping}}
+			{{#ad}}
+			<div class="input-group">
+				<span class="input-group-addon slx-ga2">{{name}}</span>
+				<input name="mapping[{{field}}]" value="{{value}}" type="text" class="form-control" placeholder="{{ad}}">
+			</div>
+			{{/ad}}
+		{{/mapping}}
 	</div>
+	{{#map_empty}}
+		<div class="btn btn-default center-block" onclick="$('#attrbox').show();$(this).hide()">
+			{{lang_customizeAttributes}}
+			<span class="glyphicon glyphicon-menu-down"></span>
+		</div>
+	{{/map_empty}}
 	<br>
 	<div>
 		<div class="checkbox">
author	Simon Rettberg	2017-12-14 12:55:30 +0100
committer	Simon Rettberg	2017-12-14 12:55:30 +0100
commit	c66fbba36646f51ee0c696ffdfa18e5c820c29bc (patch)
tree	7277275890125b1413bd5719b59027dcd92bf049 /modules-available/sysconfig
parent	[vmstore] Fix uninitialized variable access (diff)
download	slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.tar.gz slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.tar.xz slx-admin-c66fbba36646f51ee0c696ffdfa18e5c820c29bc.zip