From f7b2aa8e3bb66f9c1c0dd3489152cc71bd1e7da8 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 27 Oct 2016 18:57:05 +0200
Subject: [sysconfig] Improve binddn parsing for AD wizard
---
inc/util.inc.php | 4 ---
.../sysconfig/addmodule_adauth.inc.php | 35 +++++++++++++++-------
.../sysconfig/addmodule_ldapauth.inc.php | 4 +--
modules-available/sysconfig/inc/ldap.inc.php | 11 +++++++
.../sysconfig/templates/ad-selfsearch.html | 19 ++++++++----
5 files changed, 51 insertions(+), 22 deletions(-)
create mode 100644 modules-available/sysconfig/inc/ldap.inc.php
diff --git a/inc/util.inc.php b/inc/util.inc.php
index e6f4ca8f..671028ed 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -364,9 +364,5 @@ SADFACE;
@unlink($file);
exit(0);
}
-
- public static function normalizeDn($dn) {
- return preg_replace('/[,;]\s*/', ',', $dn);
- }
}
diff --git a/modules-available/sysconfig/addmodule_adauth.inc.php b/modules-available/sysconfig/addmodule_adauth.inc.php
index 2949928b..4c65f7f9 100644
--- a/modules-available/sysconfig/addmodule_adauth.inc.php
+++ b/modules-available/sysconfig/addmodule_adauth.inc.php
@@ -67,12 +67,14 @@ class AdAuth_CheckConnection extends AddModule_Base
protected function renderInternal()
{
+ $searchBase = Ldap::normalizeDn(Request::post('searchbase', '', 'string'));
+ $bindDn = Ldap::normalizeDn(Request::post('binddn', '', 'string'));
$data = array(
'edit' => Request::post('edit'),
'title' => Request::post('title'),
'server' => $this->server,
- 'searchbase' => Util::normalizeDn(Request::post('searchbase')),
- 'binddn' => Util::normalizeDn(Request::post('binddn')),
+ 'searchbase' => $searchBase,
+ 'binddn' => $bindDn,
'bindpw' => Request::post('bindpw'),
'home' => Request::post('home'),
'homeattr' => Request::post('homeattr'),
@@ -81,7 +83,7 @@ class AdAuth_CheckConnection extends AddModule_Base
'taskid' => $this->scanTask['id']
);
$data['prev'] = 'AdAuth_Start';
- if (preg_match('#^\w+[/\\\\]\w+$#', Request::post('binddn')) || strlen(Request::post('searchbase')) < 2) {
+ if ((preg_match('#^\w+[/\\\\]\w+$#', $bindDn) > 0) || (strlen($searchBase) < 2)) {
$data['next'] = 'AdAuth_SelfSearch';
} elseif (empty($data['homeattr'])) {
$data['next'] = 'AdAuth_HomeAttrCheck';
@@ -125,16 +127,29 @@ class AdAuth_SelfSearch extends AddModule_Base
} else {
$uri = "ldap://$server:3268/";
}
- preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out);
- $user = $out[1];
- $this->originalBindDn = str_replace('/', '\\', $binddn);
- $selfSearch = Taskmanager::submit('LdapSearch', array(
+ // Set up selfSearch task
+ $taskData = array(
'server' => $uri,
'searchbase' => $searchbase,
- 'binddn' => $this->originalBindDn,
'bindpw' => $bindpw,
- 'filter' => "sAMAccountName=$user"
- ));
+ );
+ if (preg_match('#^\w+[/\\\\](\w+)$#', $binddn, $out) && !empty($out[1])) {
+ $this->originalBindDn = str_replace('/', '\\', $binddn);
+ $taskData['filter'] = 'sAMAccountName=' . $out[1];
+ } elseif (preg_match('/^cn=([^=]+),.*?,dc=([^=]+),/i', Ldap::normalizeDn($binddn), $out)) {
+ if (empty($searchbase)) {
+ $this->originalBindDn = $out[2] . '\\' . $out[1];
+ $taskData['filter'] = 'sAMAccountName=' . $out[1];
+ } else {
+ $this->originalBindDn = $binddn;
+ $taskData['filter'] = "distinguishedName=$binddn";
+ }
+ } else {
+ Message::addError('could-not-determine-binddn', $binddn);
+ $this->originalBindDn = $binddn;
+ }
+ $taskData['binddn'] = $this->originalBindDn;
+ $selfSearch = Taskmanager::submit('LdapSearch', $taskData);
if (!isset($selfSearch['id'])) {
AddModule_Base::setStep('AdAuth_Start'); // Continues with AdAuth_Start for render()
return;
diff --git a/modules-available/sysconfig/addmodule_ldapauth.inc.php b/modules-available/sysconfig/addmodule_ldapauth.inc.php
index d7122001..4a204407 100644
--- a/modules-available/sysconfig/addmodule_ldapauth.inc.php
+++ b/modules-available/sysconfig/addmodule_ldapauth.inc.php
@@ -67,8 +67,8 @@ class LdapAuth_CheckConnection extends AddModule_Base
'edit' => Request::post('edit'),
'title' => Request::post('title'),
'server' => $this->server,
- 'searchbase' => Util::normalizeDn(Request::post('searchbase')),
- 'binddn' => Util::normalizeDn(Request::post('binddn')),
+ 'searchbase' => Ldap::normalizeDn(Request::post('searchbase')),
+ 'binddn' => Ldap::normalizeDn(Request::post('binddn')),
'bindpw' => Request::post('bindpw'),
'home' => Request::post('home'),
'ssl' => Request::post('ssl'),
diff --git a/modules-available/sysconfig/inc/ldap.inc.php b/modules-available/sysconfig/inc/ldap.inc.php
new file mode 100644
index 00000000..ed471f31
--- /dev/null
+++ b/modules-available/sysconfig/inc/ldap.inc.php
@@ -0,0 +1,11 @@
+
-
+
@@ -64,11 +64,18 @@
var domain = "-";
var search = $('#searchbase').val();
if ($('#searchbase').val().length < 2) {
- domain = $('#givendn').val().replace(/[\/\\]\S+$/i, '');
- var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i"));
- console.log(idx);
- if (idx !== -1) {
- search = fulldn.substring(idx);
+ var givenDn = $('#givendn').val();
+ if (new RegExp('^\\w+[\\/\\\\]\\w+$').test(givenDn)) {
+ domain = givenDn.replace(/[\/\\]\S+$/i, '');
+ var idx = fulldn.search(new RegExp('\\w+=' + domain + ',', "i"));
+ if (idx !== -1) {
+ search = fulldn.substring(idx);
+ }
+ } else {
+ var idx = givenDn.toLowerCase().indexOf(',dc=');
+ if (idx !== -1) {
+ search = givenDn.substring(idx + 1);
+ }
}
$('#searchbase').val(search);
}
--
cgit v1.2.3-55-g7522