diff options
-rw-r--r-- | lang/de/templates/sysconfig/ad-selfsearch.json | 7 | ||||
-rw-r--r-- | lang/en/templates/sysconfig/ad-selfsearch.json | 7 | ||||
-rw-r--r-- | lang/pt/templates/sysconfig/ad-selfsearch.json | 3 | ||||
-rw-r--r-- | modules/sysconfig/addmodule_adauth.inc.php | 105 | ||||
-rw-r--r-- | templates/sysconfig/ad-selfsearch.html | 79 | ||||
-rw-r--r-- | templates/sysconfig/ad_ldap-checkconnection.html | 2 | ||||
-rw-r--r-- | templates/sysconfig/ad_ldap-checkcredentials.html | 13 |
7 files changed, 182 insertions, 34 deletions
diff --git a/lang/de/templates/sysconfig/ad-selfsearch.json b/lang/de/templates/sysconfig/ad-selfsearch.json new file mode 100644 index 00000000..b93a4198 --- /dev/null +++ b/lang/de/templates/sysconfig/ad-selfsearch.json @@ -0,0 +1,7 @@ +{ + "lang_back": "Zur\u00fcck", + "lang_continueAnyway": "Trotzdem weiter", + "lang_dnLookup": "Ermitteln der Bind-DN", + "lang_onProblemSearchBase": "Bei Problemen versuchen Sie, die Bind-DN und Suchbasis manuell anzugeben", + "lang_skip": "\u00dcberspringen" +}
\ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad-selfsearch.json b/lang/en/templates/sysconfig/ad-selfsearch.json new file mode 100644 index 00000000..02fe507d --- /dev/null +++ b/lang/en/templates/sysconfig/ad-selfsearch.json @@ -0,0 +1,7 @@ +{ + "lang_back": "Back", + "lang_continueAnyway": "Continue anyway", + "lang_dnLookup": "Looking up bind dn", + "lang_onProblemSearchBase": "On failure, try to pass the bind dn and search base manually", + "lang_skip": "Skip" +}
\ No newline at end of file diff --git a/lang/pt/templates/sysconfig/ad-selfsearch.json b/lang/pt/templates/sysconfig/ad-selfsearch.json new file mode 100644 index 00000000..c44dc44f --- /dev/null +++ b/lang/pt/templates/sysconfig/ad-selfsearch.json @@ -0,0 +1,3 @@ +[ + +]
\ No newline at end of file diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php index 89d822c9..a4878a81 100644 --- a/modules/sysconfig/addmodule_adauth.inc.php +++ b/modules/sysconfig/addmodule_adauth.inc.php @@ -17,6 +17,10 @@ class AdAuth_Start extends AddModule_Base $data['edit'] = $this->edit->id(); } postToArray($data, $ADAUTH_COMMON_FIELDS, true); + $obdn = Request::post('originalbinddn'); + if (!empty($obdn)) { + $data['binddn'] = $obdn; + } if (preg_match('/^(.*)\:(636|3269|389|3268)$/', $data['server'], $out)) { $data['server'] = $out[1]; } @@ -76,13 +80,17 @@ class AdAuth_CheckConnection extends AddModule_Base 'taskid' => $this->scanTask['id'] ); $data['prev'] = 'AdAuth_Start'; - $data['next'] = 'AdAuth_CheckCredentials'; + if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) { + $data['next'] = 'AdAuth_SelfSearch'; + } else { + $data['next'] = 'AdAuth_CheckCredentials'; + } Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad_ldap-checkconnection', $data); } } -class AdAuth_CheckCredentials extends AddModule_Base +class AdAuth_SelfSearch extends AddModule_Base { private $taskIds; @@ -108,27 +116,82 @@ class AdAuth_CheckCredentials extends AddModule_Base } $parent = null; $this->originalBindDn = ''; - $server .= ':' . $port; + // Fix bindDN if short name given + // if ($ssl) { - $uri = "ldaps://$server/"; + $uri = "ldaps://$server:3269/"; } else { - $uri = "ldap://$server/"; + $uri = "ldap://$server:3268/"; } - if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out)) { - $user = $out[1]; - $this->originalBindDn = str_replace('/', '\\', $binddn); - $selfSearch = Taskmanager::submit('LdapSearch', array( - 'server' => $uri, - 'searchbase' => $searchbase, - 'binddn' => $this->originalBindDn, - 'bindpw' => $bindpw, - 'username' => $user - )); - if (!isset($selfSearch['id'])) { - AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() - return; - } - $parent = $selfSearch['id']; + preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out); + $user = $out[1]; + $this->originalBindDn = str_replace('/', '\\', $binddn); + $selfSearch = Taskmanager::submit('LdapSearch', array( + 'server' => $uri, + 'searchbase' => $searchbase, + 'binddn' => $this->originalBindDn, + 'bindpw' => $bindpw, + 'username' => $user + )); + if (!isset($selfSearch['id'])) { + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + $this->taskIds['self-search'] = $selfSearch['id']; + } + + protected function renderInternal() + { + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-selfsearch', array_merge($this->taskIds, array( + 'edit' => Request::post('edit'), + 'title' => Request::post('title'), + 'server' => Request::post('server'), + 'port' => Request::post('port'), + 'searchbase' => Request::post('searchbase'), + 'binddn' => Request::post('binddn'), + 'bindpw' => Request::post('bindpw'), + 'home' => Request::post('home'), + 'ssl' => Request::post('ssl') === 'on', + 'fingerprint' => Request::post('fingerprint'), + 'certificate' => Request::post('certificate', ''), + 'originalbinddn' => $this->originalBindDn, + 'prev' => 'AdAuth_Start', + 'next' => 'AdAuth_CheckCredentials' + )) + ); + } + +} + +class AdAuth_CheckCredentials extends AddModule_Base +{ + + private $taskIds; + + protected function preprocessInternal() + { + $server = Request::post('server'); + $port = Request::post('port'); + $searchbase = Request::post('searchbase', ''); + $binddn = Request::post('binddn'); + $bindpw = Request::post('bindpw'); + $ssl = Request::post('ssl', 'off') === 'on'; + if ($ssl && !Request::post('fingerprint')) { + Message::addError('error-read', 'fingerprint'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + if (empty($server) || empty($binddn) || empty($port)) { + Message::addError('empty-field'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + $parent = null; + // Test query 4 users + if ($ssl) { + $uri = "ldaps://$server:$port/"; + } else { + $uri = "ldap://$server:$port/"; } $ldapSearch = Taskmanager::submit('LdapSearch', array( 'parentTask' => $parent, @@ -161,7 +224,7 @@ class AdAuth_CheckCredentials extends AddModule_Base 'ssl' => Request::post('ssl') === 'on', 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), - 'originalbinddn' => $this->originalBindDn, + 'originalbinddn' => Request::post('originalbinddn'), 'prev' => 'AdAuth_Start', 'next' => 'AdAuth_Finish' )) diff --git a/templates/sysconfig/ad-selfsearch.html b/templates/sysconfig/ad-selfsearch.html new file mode 100644 index 00000000..f77bd5fb --- /dev/null +++ b/templates/sysconfig/ad-selfsearch.html @@ -0,0 +1,79 @@ +<p> + {{lang_dnLookup}} +</p> + +<div id="zeug"> + <div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div> + <pre style="display:none" id="result"></pre> +</div> +<i>{{lang_onProblemSearchBase}}</i> +<br><br> +<div class="pull-left"> + <form role="form" method="post" action="?do=SysConfig&action=addmodule&step={{prev}}"> + <input type="hidden" name="token" value="{{token}}"> + <input type="hidden" name="edit" value="{{edit}}"> + <input name="title" value="{{title}}" type="hidden"> + <input name="server" value="{{server}}" type="hidden"> + <input name="searchbase" value="{{searchbase}}" type="hidden"> + <input name="binddn" value="{{binddn}}" type="hidden"> + <input name="bindpw" value="{{bindpw}}" type="hidden"> + <input name="home" value="{{home}}" type="hidden"> + {{#ssl}} + <input name="ssl" value="on" type="hidden"> + <input type="hidden" name="certificate" value="{{certificate}}"> + {{/ssl}} + <button type="submit" class="btn btn-primary">« {{lang_back}}</button> + </form> +</div> +<div class="pull-right"> + <form id="nextform" role="form" method="post" action="?do=SysConfig&action=addmodule&step={{next}}"> + <input type="hidden" name="token" value="{{token}}"> + <input type="hidden" name="edit" value="{{edit}}"> + <input name="title" value="{{title}}" type="hidden"> + <input name="server" value="{{server}}" type="hidden"> + <input name="port" value="{{port}}" type="hidden"> + <input id="searchbase" name="searchbase" value="{{searchbase}}" type="hidden"> + <input id="fulldn" name="binddn" value="" type="hidden"> + <input id="givendn" name="originalbinddn" value="{{binddn}}" type="hidden"> + <input name="bindpw" value="{{bindpw}}" type="hidden"> + <input name="home" value="{{home}}" type="hidden"> + {{#ssl}} + <input name="ssl" value="on" type="hidden"> + <input type="hidden" name="certificate" value="{{certificate}}"> + {{/ssl}} + <input name="fingerprint" value="{{fingerprint}}" type="hidden"> + <input name="originalbinddn" value="{{binddn}}" type="hidden"> + <button id="nextbutton" type="submit" class="btn btn-primary" style="display:none">{{lang_skip}} »</button> + </form> +</div> +<script type="text/javascript"> + function selfCb(task) + { + if (!task || !task.statusCode || task.statusCode === 'TASK_WAITING' || task.statusCode === 'TASK_PROCESSING') + return; + if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.dn) { + var fulldn = task.data.dn; + var domain = "-"; + var search = $('#searchbase').val(); + if ($('#searchbase').val().length < 2) { + domain = $('#givendn').val().replace(/[\/\\]\S+$/i, ''); + var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i")); + console.log(idx); + if (idx !== -1) { + search = fulldn.substring(idx); + } + $('#searchbase').val(search); + } + $('#fulldn').val(fulldn); + $('#result').text("BindDN: " + fulldn + "\nWinDomain: " + domain + "\nSearchBase: " + search).show(); + if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length) { + $('#nextbutton').html('{{lang_continueAnyway}}'); + } else { + $('#nextform').submit(); + } + } else { + $('#nextbutton').html('{{lang_continueAnyway}}'); + } + $('#nextbutton').show(); + } +</script> diff --git a/templates/sysconfig/ad_ldap-checkconnection.html b/templates/sysconfig/ad_ldap-checkconnection.html index 58196958..788978f2 100644 --- a/templates/sysconfig/ad_ldap-checkconnection.html +++ b/templates/sysconfig/ad_ldap-checkconnection.html @@ -60,7 +60,7 @@ var ssl = $('#ssl').length > 0; var ports = task.data.ports; var verRes = -1; - var cert = $('#certificate').val().length > 10; + var cert = ssl && $('#certificate').val().length > 10; for (var i = 0; i < ports.length; ++i) { if (!ports[i].open || !ports[i].port) continue; if ($.isNumeric($('#port').val()) && $('#port').val() < ports[i].port) continue; // Prefer the global LDAP ports over the specific AD ports diff --git a/templates/sysconfig/ad_ldap-checkcredentials.html b/templates/sysconfig/ad_ldap-checkcredentials.html index 5a9d6b38..9f5ccf01 100644 --- a/templates/sysconfig/ad_ldap-checkcredentials.html +++ b/templates/sysconfig/ad_ldap-checkcredentials.html @@ -3,7 +3,6 @@ </p> <div id="zeug"> - {{#self-search}}<div data-tm-id="{{self-search}}" data-tm-log="messages" data-tm-callback="selfCb">LDAP Self-Query</div>{{/self-search}} <div data-tm-id="{{tm-search}}" data-tm-log="messages" data-tm-callback="ldapCb">LDAP Test-Query</div> </div> <i>{{lang_onProblemSearchBase}}</i> @@ -33,7 +32,7 @@ <input name="server" value="{{server}}" type="hidden"> <input name="searchbase" value="{{searchbase}}" type="hidden"> <input id="setbase" name="somedn" value="" type="hidden"> - <input id="setdn" name="binddn" value="{{binddn}}" type="hidden"> + <input name="binddn" value="{{binddn}}" type="hidden"> <input name="bindpw" value="{{bindpw}}" type="hidden"> <input name="home" value="{{home}}" type="hidden"> {{#ssl}} @@ -63,14 +62,4 @@ $('#nextbutton').show(); } } - function selfCb(task) - { - if (!task || !task.statusCode) - return; - if (task.statusCode === 'TASK_FINISHED' && task.data && task.data.dn) { - $('#setdn').val(task.data.dn); - } else { - $('#nextbutton').html('Trotzdem weiter »'); - } - } </script> |