diff options
Diffstat (limited to 'modules-available')
4 files changed, 51 insertions, 18 deletions
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php index 2949928b..4c65f7f9 100644 --- a/modules-available/sysconfig/addmodule_adauth.inc.php +++ b/modules-available/sysconfig/addmodule_adauth.inc.php @@ -67,12 +67,14 @@ class AdAuth_CheckConnection extends AddModule_Base protected function renderInternal() { + $searchBase = Ldap::normalizeDn(Request::post('searchbase', '', 'string')); + $bindDn = Ldap::normalizeDn(Request::post('binddn', '', 'string')); $data = array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => $this->server, - 'searchbase' => Util::normalizeDn(Request::post('searchbase')), - 'binddn' => Util::normalizeDn(Request::post('binddn')), + 'searchbase' => $searchBase, + 'binddn' => $bindDn, 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), 'homeattr' => Request::post('homeattr'), @@ -81,7 +83,7 @@ class AdAuth_CheckConnection extends AddModule_Base 'taskid' => $this->scanTask['id'] ); $data['prev'] = 'AdAuth_Start'; - if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) { + if ((preg_match('#^\w+[/\\\\]\w+$#', $bindDn) > 0) || (strlen($searchBase) < 2)) { $data['next'] = 'AdAuth_SelfSearch'; } elseif (empty($data['homeattr'])) { $data['next'] = 'AdAuth_HomeAttrCheck'; @@ -125,16 +127,29 @@ class AdAuth_SelfSearch extends AddModule_Base } else { $uri = "ldap://$server:3268/"; } - preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out); - $user = $out[1]; - $this->originalBindDn = str_replace('/', '\\', $binddn); - $selfSearch = Taskmanager::submit('LdapSearch', array( + // Set up selfSearch task + $taskData = array( 'server' => $uri, 'searchbase' => $searchbase, - 'binddn' => $this->originalBindDn, 'bindpw' => $bindpw, - 'filter' => "sAMAccountName=$user" - )); + ); + if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out) && !empty($out[1])) { + $this->originalBindDn = str_replace('/', '\\', $binddn); + $taskData['filter'] = 'sAMAccountName=' . $out[1]; + } elseif (preg_match('/^cn=([^=]+),.*?,dc=([^=]+),/i', Ldap::normalizeDn($binddn), $out)) { + if (empty($searchbase)) { + $this->originalBindDn = $out[2] . '\\' . $out[1]; + $taskData['filter'] = 'sAMAccountName=' . $out[1]; + } else { + $this->originalBindDn = $binddn; + $taskData['filter'] = "distinguishedName=$binddn"; + } + } else { + Message::addError('could-not-determine-binddn', $binddn); + $this->originalBindDn = $binddn; + } + $taskData['binddn'] = $this->originalBindDn; + $selfSearch = Taskmanager::submit('LdapSearch', $taskData); if (!isset($selfSearch['id'])) { AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() return; diff --git a/modules-available/sysconfig/addmodule_ldapauth.inc.php b/modules-available/sysconfig/addmodule_ldapauth.inc.php index d7122001..4a204407 100644 --- a/modules-available/sysconfig/addmodule_ldapauth.inc.php +++ b/modules-available/sysconfig/addmodule_ldapauth.inc.php @@ -67,8 +67,8 @@ class LdapAuth_CheckConnection extends AddModule_Base 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => $this->server, - 'searchbase' => Util::normalizeDn(Request::post('searchbase')), - 'binddn' => Util::normalizeDn(Request::post('binddn')), + 'searchbase' => Ldap::normalizeDn(Request::post('searchbase')), + 'binddn' => Ldap::normalizeDn(Request::post('binddn')), 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), 'ssl' => Request::post('ssl'), diff --git a/modules-available/sysconfig/inc/ldap.inc.php b/modules-available/sysconfig/inc/ldap.inc.php new file mode 100644 index 00000000..ed471f31 --- /dev/null +++ b/modules-available/sysconfig/inc/ldap.inc.php @@ -0,0 +1,11 @@ +<?php + +class Ldap +{ + + public static function normalizeDn($dn) + { + return trim(preg_replace('/[,;]\s*/', ',', $dn)); + } + +} diff --git a/modules-available/sysconfig/templates/ad-selfsearch.html b/modules-available/sysconfig/templates/ad-selfsearch.html index dad5a24f..5fadd92e 100644 --- a/modules-available/sysconfig/templates/ad-selfsearch.html +++ b/modules-available/sysconfig/templates/ad-selfsearch.html @@ -42,7 +42,7 @@ <input name="port" value="{{port}}" type="hidden"> <input id="searchbase" name="searchbase" value="{{searchbase}}" type="hidden"> <input id="fulldn" name="binddn" value="" type="hidden"> - <input id="givendn" name="originalbinddn" value="{{binddn}}" type="hidden"> + <input id="givendn" name="originalbinddn" value="{{originalbinddn}}" type="hidden"> <input name="bindpw" value="{{bindpw}}" type="hidden"> <input id="home" name="home" value="{{home}}" type="hidden"> <input id="homeattr" name="homeattr" value="{{homeattr}}" type="hidden"> @@ -64,11 +64,18 @@ var domain = "-"; var search = $('#searchbase').val(); if ($('#searchbase').val().length < 2) { - domain = $('#givendn').val().replace(/[\/\\]\S+$/i, ''); - var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i")); - console.log(idx); - if (idx !== -1) { - search = fulldn.substring(idx); + var givenDn = $('#givendn').val(); + if (new RegExp('^\\w+[\\/\\\\]\\w+$').test(givenDn)) { + domain = givenDn.replace(/[\/\\]\S+$/i, ''); + var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i")); + if (idx !== -1) { + search = fulldn.substring(idx); + } + } else { + var idx = givenDn.toLowerCase().indexOf(',dc='); + if (idx !== -1) { + search = givenDn.substring(idx + 1); + } } $('#searchbase').val(search); } |