From 4ea13ba83c760f6c2baff4d25c54f08fdb4a82ec Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 18 Feb 2016 17:56:58 +0100 Subject: [adauth] Add field for homeDirectory attribute --- inc/configmodule/adauth.inc.php | 3 +- lang/de/templates/sysconfig/ad-selfsearch.json | 3 + lang/de/templates/sysconfig/ad-start.json | 3 + lang/en/templates/sysconfig/ad-selfsearch.json | 3 + lang/en/templates/sysconfig/ad-start.json | 3 + modules/sysconfig/addmodule_adauth.inc.php | 92 +++++++++++++++++++++-- templates/sysconfig/ad-selfsearch.html | 39 +++++++++- templates/sysconfig/ad-start.html | 21 ++++++ templates/sysconfig/ad_ldap-checkconnection.html | 2 + templates/sysconfig/ad_ldap-checkcredentials.html | 2 + 10 files changed, 159 insertions(+), 12 deletions(-) diff --git a/inc/configmodule/adauth.inc.php b/inc/configmodule/adauth.inc.php index daca3fb0..efc8afd7 100644 --- a/inc/configmodule/adauth.inc.php +++ b/inc/configmodule/adauth.inc.php @@ -14,7 +14,7 @@ class ConfigModule_AdAuth extends ConfigModule const VERSION = 1; private static $REQUIRED_FIELDS = array('server', 'searchbase', 'binddn'); - private static $OPTIONAL_FIELDS = array('bindpw', 'home', 'ssl', 'fingerprint', 'certificate'); + private static $OPTIONAL_FIELDS = array('bindpw', 'home', 'ssl', 'fingerprint', 'certificate', 'homeattr'); protected function generateInternal($tgz, $parent) { @@ -68,7 +68,6 @@ class ConfigModule_AdAuth extends ConfigModule */ public function event_serverIpChanged() { - error_log('Calling generate on ' . $this->title()); $this->generate(false); } diff --git a/lang/de/templates/sysconfig/ad-selfsearch.json b/lang/de/templates/sysconfig/ad-selfsearch.json index b93a4198..89a957ee 100644 --- a/lang/de/templates/sysconfig/ad-selfsearch.json +++ b/lang/de/templates/sysconfig/ad-selfsearch.json @@ -2,6 +2,9 @@ "lang_back": "Zur\u00fcck", "lang_continueAnyway": "Trotzdem weiter", "lang_dnLookup": "Ermitteln der Bind-DN", + "lang_homeAttributeExplanation": "Bitte w\u00e4hlen Sie das Attribut, welches das Home-Verzeichnis der User enth\u00e4lt.", + "lang_next": "Weiter", "lang_onProblemSearchBase": "Bei Problemen versuchen Sie, die Bind-DN und Suchbasis manuell anzugeben", + "lang_selectHomeAttribute": "Home-Attribut", "lang_skip": "\u00dcberspringen" } \ No newline at end of file diff --git a/lang/de/templates/sysconfig/ad-start.json b/lang/de/templates/sysconfig/ad-start.json index 74300789..a85e133f 100644 --- a/lang/de/templates/sysconfig/ad-start.json +++ b/lang/de/templates/sysconfig/ad-start.json @@ -7,6 +7,9 @@ "lang_bindDN": "Bind DN", "lang_close": "Schlie\u00dfen", "lang_customCertificate": "Zur Validierung zus\u00e4tzlich erforderliche (Intermediate-)Zertifikate", + "lang_helpHomeAttrHead": "Name des Home-Verzeichnis-Attributs", + "lang_helpHomeAttrText": "Hier k\u00f6nnen Sie alternativ zum fest vorgegebenem Template des Home-Verzeichnis Servers den Attributsnamen im Active Directory angeben, der diesen Pfad bereitstellt. Normalerweise ist dies \"homeDirectory\". Wird das Feld leer gelassen, versucht der Assistent, das Attribut selbstst\u00e4ndig zu ermitteln. Falls das Einbinden der Home-Verzeichnisse anschlie\u00dfend nicht funktioniert, \u00fcberpr\u00fcfen Sie bitte den Client-Log (Status->Client Log) und den LDAP-Proxy-Log (Status->Server Status).", + "lang_homeAttr": "Home-Attribut", "lang_moduleTitle": "Titel", "lang_next": "Weiter", "lang_password": "Passwort", diff --git a/lang/en/templates/sysconfig/ad-selfsearch.json b/lang/en/templates/sysconfig/ad-selfsearch.json index 02fe507d..70db0620 100644 --- a/lang/en/templates/sysconfig/ad-selfsearch.json +++ b/lang/en/templates/sysconfig/ad-selfsearch.json @@ -2,6 +2,9 @@ "lang_back": "Back", "lang_continueAnyway": "Continue anyway", "lang_dnLookup": "Looking up bind dn", + "lang_homeAttributeExplanation": "Please select the attribute which holds the user's home directory.", + "lang_next": "Next", "lang_onProblemSearchBase": "On failure, try to pass the bind dn and search base manually", + "lang_selectHomeAttribute": "Home attribute", "lang_skip": "Skip" } \ No newline at end of file diff --git a/lang/en/templates/sysconfig/ad-start.json b/lang/en/templates/sysconfig/ad-start.json index 1f398213..ff35fc03 100644 --- a/lang/en/templates/sysconfig/ad-start.json +++ b/lang/en/templates/sysconfig/ad-start.json @@ -7,6 +7,9 @@ "lang_bindDN": "Bind DN", "lang_close": "Close", "lang_customCertificate": "Additional (intermediate) certificates required for certificate validation", + "lang_helpHomeAttrHead": "Name of the home directory attribute", + "lang_helpHomeAttrText": "Here you can specify the name of the attribute on the Active Directory that contains the path of the home directory server. Usually this is \"homeDirectory\". If you leave this blank, the wiszard will try to determine the attribute name automatically. If home directories don't work, check the client log (Status->Client log) and the LDAP proxy log (Status->Server status).", + "lang_homeAttr": "Home attribute", "lang_moduleTitle": "Title", "lang_next": "Next", "lang_password": "Password", diff --git a/modules/sysconfig/addmodule_adauth.inc.php b/modules/sysconfig/addmodule_adauth.inc.php index a4878a81..ed8a17ea 100644 --- a/modules/sysconfig/addmodule_adauth.inc.php +++ b/modules/sysconfig/addmodule_adauth.inc.php @@ -9,7 +9,7 @@ class AdAuth_Start extends AddModule_Base protected function renderInternal() { - $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'ssl', 'certificate'); + $ADAUTH_COMMON_FIELDS = array('title', 'server', 'searchbase', 'binddn', 'bindpw', 'home', 'homeattr', 'ssl', 'certificate'); $data = array(); if ($this->edit !== false) { moduleToArray($this->edit, $data, $ADAUTH_COMMON_FIELDS); @@ -75,6 +75,7 @@ class AdAuth_CheckConnection extends AddModule_Base 'binddn' => Util::normalizeDn(Request::post('binddn')), 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), + 'homeattr' => Request::post('homeattr'), 'ssl' => Request::post('ssl'), 'certificate' => Request::post('certificate', ''), 'taskid' => $this->scanTask['id'] @@ -82,6 +83,8 @@ class AdAuth_CheckConnection extends AddModule_Base $data['prev'] = 'AdAuth_Start'; if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) { $data['next'] = 'AdAuth_SelfSearch'; + } elseif (empty($data['homeattr'])) { + $data['next'] = 'AdAuth_HomeAttrCheck'; } else { $data['next'] = 'AdAuth_CheckCredentials'; } @@ -114,11 +117,10 @@ class AdAuth_SelfSearch extends AddModule_Base AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() return; } - $parent = null; $this->originalBindDn = ''; // Fix bindDN if short name given // - if ($ssl) { + if ($ssl) { // Use the specific AD ports so the domain\username bind works $uri = "ldaps://$server:3269/"; } else { $uri = "ldap://$server:3268/"; @@ -131,7 +133,7 @@ class AdAuth_SelfSearch extends AddModule_Base 'searchbase' => $searchbase, 'binddn' => $this->originalBindDn, 'bindpw' => $bindpw, - 'username' => $user + 'filter' => "sAMAccountName=$user" )); if (!isset($selfSearch['id'])) { AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() @@ -142,7 +144,7 @@ class AdAuth_SelfSearch extends AddModule_Base protected function renderInternal() { - Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-selfsearch', array_merge($this->taskIds, array( + $data = array( 'edit' => Request::post('edit'), 'title' => Request::post('title'), 'server' => Request::post('server'), @@ -151,10 +153,86 @@ class AdAuth_SelfSearch extends AddModule_Base 'binddn' => Request::post('binddn'), 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), + 'homeattr' => Request::post('homeattr'), 'ssl' => Request::post('ssl') === 'on', 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), 'originalbinddn' => $this->originalBindDn, + 'prev' => 'AdAuth_Start' + ); + if (empty($data['homeattr'])) { + $data['next'] = 'AdAuth_HomeAttrCheck'; + } else { + $data['next'] = 'AdAuth_CheckCredentials'; + } + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-selfsearch', + array_merge($this->taskIds, $data)); + } + +} + +class AdAuth_HomeAttrCheck extends AddModule_Base +{ + + private $taskIds; + + protected function preprocessInternal() + { + $server = Request::post('server'); + $port = Request::post('port'); + $searchbase = Request::post('searchbase', ''); + $binddn = Request::post('binddn'); + $bindpw = Request::post('bindpw'); + $ssl = Request::post('ssl', 'off') === 'on'; + if ($ssl && !Request::post('fingerprint')) { + Message::addError('error-read', 'fingerprint'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + if (empty($server) || empty($binddn) || empty($port)) { + Message::addError('empty-field'); + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + if ($ssl) { + $uri = "ldaps://$server:$port/"; + } else { + $uri = "ldap://$server:$port/"; + } + preg_match('#^(\w+=[^,]+),#', $binddn, $out); + $filter = $out[1]; + $data = array( + 'server' => $uri, + 'searchbase' => $searchbase, + 'binddn' => $binddn, + 'bindpw' => $bindpw, + 'filter' => $filter + ); + $selfSearch = Taskmanager::submit('LdapSearch', $data); + if (!isset($selfSearch['id'])) { + AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() + return; + } + $this->taskIds['self-search'] = $selfSearch['id']; + } + + protected function renderInternal() + { + Render::addDialog(Dictionary::translate('config-module', 'adAuth_title'), false, 'sysconfig/ad-selfsearch', array_merge($this->taskIds, array( + 'edit' => Request::post('edit'), + 'title' => Request::post('title'), + 'server' => Request::post('server'), + 'port' => Request::post('port'), + 'searchbase' => Request::post('searchbase'), + 'binddn' => Request::post('binddn'), + 'bindpw' => Request::post('bindpw'), + 'home' => Request::post('home'), + 'homeattr' => Request::post('homeattr'), + 'ssl' => Request::post('ssl') === 'on', + 'fingerprint' => Request::post('fingerprint'), + 'certificate' => Request::post('certificate', ''), + 'originalbinddn' => Request::post('originalbinddn'), + 'tryHomeAttr' => true, 'prev' => 'AdAuth_Start', 'next' => 'AdAuth_CheckCredentials' )) @@ -186,7 +264,6 @@ class AdAuth_CheckCredentials extends AddModule_Base AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render() return; } - $parent = null; // Test query 4 users if ($ssl) { $uri = "ldaps://$server:$port/"; @@ -194,7 +271,6 @@ class AdAuth_CheckCredentials extends AddModule_Base $uri = "ldap://$server:$port/"; } $ldapSearch = Taskmanager::submit('LdapSearch', array( - 'parentTask' => $parent, 'server' => $uri, 'searchbase' => $searchbase, 'binddn' => $binddn, @@ -221,6 +297,7 @@ class AdAuth_CheckCredentials extends AddModule_Base 'binddn' => Request::post('binddn'), 'bindpw' => Request::post('bindpw'), 'home' => Request::post('home'), + 'homeattr' => Request::post('homeattr'), 'ssl' => Request::post('ssl') === 'on', 'fingerprint' => Request::post('fingerprint'), 'certificate' => Request::post('certificate', ''), @@ -282,6 +359,7 @@ class AdAuth_Finish extends AddModule_Base $module->setData('binddn', $binddn); $module->setData('bindpw', Request::post('bindpw')); $module->setData('home', Request::post('home')); + $module->setData('homeattr', Request::post('homeattr')); $module->setData('certificate', Request::post('certificate')); $module->setData('ssl', $ssl); if ($ssl) { diff --git a/templates/sysconfig/ad-selfsearch.html b/templates/sysconfig/ad-selfsearch.html index f77bd5fb..76952dc3 100644 --- a/templates/sysconfig/ad-selfsearch.html +++ b/templates/sysconfig/ad-selfsearch.html @@ -5,6 +5,10 @@
LDAP Self-Query
+
{{lang_onProblemSearchBase}}

@@ -18,6 +22,7 @@ + {{#ssl}} @@ -36,13 +41,13 @@ - + + {{#ssl}} {{/ssl}} - @@ -66,9 +71,33 @@ } $('#fulldn').val(fulldn); $('#result').text("BindDN: " + fulldn + "\nWinDomain: " + domain + "\nSearchBase: " + search).show(); - if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length) { + var attrlist = []; + var tryHomeAttr = false; + {{#tryHomeAttr}} + tryHomeAttr = true; + if (task.data.home && task.data.home.length) attrlist = task.data.home; + {{/tryHomeAttr}} + if (typeof search !== 'string' || search.length === 0 || search.length + 2 >= fulldn.length + || (tryHomeAttr && $('#home').val().length === 0 && $('#homeattr').val().length === 0 && attrlist.length === 0)) { $('#nextbutton').html('{{lang_continueAnyway}}'); + } else if (attrlist.length > 1 && $('#homeattr').val().length === 0) { + var sel = $(' + + + +
+ + diff --git a/templates/sysconfig/ad_ldap-checkconnection.html b/templates/sysconfig/ad_ldap-checkconnection.html index 788978f2..5925829a 100644 --- a/templates/sysconfig/ad_ldap-checkconnection.html +++ b/templates/sysconfig/ad_ldap-checkconnection.html @@ -19,6 +19,7 @@ + {{#ssl}} @@ -37,6 +38,7 @@ + {{#ssl}} diff --git a/templates/sysconfig/ad_ldap-checkcredentials.html b/templates/sysconfig/ad_ldap-checkcredentials.html index 9f5ccf01..0586209b 100644 --- a/templates/sysconfig/ad_ldap-checkcredentials.html +++ b/templates/sysconfig/ad_ldap-checkcredentials.html @@ -17,6 +17,7 @@ + {{#ssl}} @@ -35,6 +36,7 @@ + {{#ssl}} -- cgit v1.2.3-55-g7522