Multiple fixes, changes and enhancements
* mass edit selection, * child search during edit, * attr login with bind_id, * performance fix broke ldapservers that dont have havesubordinate attrs), * enable "login,class", * enable "login,base".
This commit is contained in:
parent
95aedef718
commit
6e6a7a6e4e
@ -72,6 +72,13 @@
|
|||||||
30 seconds or the setting of max_exection_time if this is null. */
|
30 seconds or the setting of max_exection_time if this is null. */
|
||||||
// $config->custom->session['timelimit'] = 30;
|
// $config->custom->session['timelimit'] = 30;
|
||||||
|
|
||||||
|
/* Our local timezone
|
||||||
|
This is to make sure that when we ask the system for the current time, we
|
||||||
|
get the right local time. If this is not set, all time() calculations will
|
||||||
|
assume UTC if you have not set PHP date.timezone. */
|
||||||
|
// $config->custom->appearance['timezone'] = null;
|
||||||
|
# $config->custom->appearance['timezone'] = 'Australia/Melbourne';
|
||||||
|
|
||||||
/*********************************************/
|
/*********************************************/
|
||||||
/* Commands */
|
/* Commands */
|
||||||
/*********************************************/
|
/*********************************************/
|
||||||
@ -290,12 +297,12 @@ $servers->setValue('server','name','My LDAP Server');
|
|||||||
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
|
/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
|
||||||
'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
|
'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
|
||||||
you specify a login_attr in conjunction with a cookie or session auth_type,
|
you specify a login_attr in conjunction with a cookie or session auth_type,
|
||||||
then you can also specify the login_dn/login_pass here for searching the
|
then you can also specify the bind_dn/bind_pass here for searching the
|
||||||
directory for users (ie, if your LDAP server does not allow anonymous binds. */
|
directory for users (ie, if your LDAP server does not allow anonymous binds. */
|
||||||
// $servers->setValue('login','bind_id','');
|
// $servers->setValue('login','bind_id','');
|
||||||
# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
|
# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
|
||||||
|
|
||||||
/* Your LDAP password. If you specified an empty login_dn above, this MUST also
|
/* Your LDAP password. If you specified an empty bind_dn above, this MUST also
|
||||||
be blank. */
|
be blank. */
|
||||||
// $servers->setValue('login','bind_pass','');
|
// $servers->setValue('login','bind_pass','');
|
||||||
# $servers->setValue('login','bind_pass','secret');
|
# $servers->setValue('login','bind_pass','secret');
|
||||||
@ -343,8 +350,7 @@ $servers->setValue('server','name','My LDAP Server');
|
|||||||
# $servers->setValue('server','sasl_authz_id_replacement','$1');
|
# $servers->setValue('server','sasl_authz_id_replacement','$1');
|
||||||
|
|
||||||
/* SASL auth security props.
|
/* SASL auth security props.
|
||||||
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation.
|
See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
|
||||||
*/
|
|
||||||
// $servers->setValue('server','sasl_props',null);
|
// $servers->setValue('server','sasl_props',null);
|
||||||
|
|
||||||
/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
|
/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
|
||||||
@ -357,11 +363,19 @@ $servers->setValue('server','name','My LDAP Server');
|
|||||||
and log in as that user.
|
and log in as that user.
|
||||||
Leave blank or specify 'dn' to use full DN for logging in. Note also that if
|
Leave blank or specify 'dn' to use full DN for logging in. Note also that if
|
||||||
your LDAP server requires you to login to perform searches, you can enter the
|
your LDAP server requires you to login to perform searches, you can enter the
|
||||||
DN to use when searching in 'login_dn' and 'login_pass' above. You may also
|
DN to use when searching in 'bind_dn' and 'bind_pass' above.
|
||||||
specify 'string', in which case you can provide a string to use for logging
|
|
||||||
users in. See 'login_string' directly below. */
|
|
||||||
// $servers->setValue('login','attr','dn');
|
// $servers->setValue('login','attr','dn');
|
||||||
|
|
||||||
|
/* Base DNs to used for logins. If this value is not set, then the LDAP server
|
||||||
|
Base DNs are used. */
|
||||||
|
// $servers->setValue('login','base',array());
|
||||||
|
|
||||||
|
/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
|
||||||
|
at login, you may restrict the search to a specific objectClasses. EG, set this
|
||||||
|
to array('posixAccount') or array('inetOrgPerson',..), depending upon your
|
||||||
|
setup. */
|
||||||
|
// $servers->setValue('login','class',array());
|
||||||
|
|
||||||
/* If you specified something different from 'dn', for example 'uid', as the
|
/* If you specified something different from 'dn', for example 'uid', as the
|
||||||
login_attr above, you can optionally specify here to fall back to
|
login_attr above, you can optionally specify here to fall back to
|
||||||
authentication with dn.
|
authentication with dn.
|
||||||
@ -371,19 +385,6 @@ $servers->setValue('server','name','My LDAP Server');
|
|||||||
When using this feature, login_class is ignored. */
|
When using this feature, login_class is ignored. */
|
||||||
// $servers->setValue('login','fallback_dn',false);
|
// $servers->setValue('login','fallback_dn',false);
|
||||||
|
|
||||||
/* If you specified 'cookie' or 'session' as the auth_type above, and you
|
|
||||||
specified 'string' for 'login_attr' above, you must provide a string here for
|
|
||||||
logging users in. If, for example, I have a lot of user entries with DNs like
|
|
||||||
"uid=dsmith,ou=People,dc=example,dc=com", then I can specify a string
|
|
||||||
"uid=<username>,ou=People,dc=example,dc=com" and my users can login with
|
|
||||||
their user names alone, ie: "dsmith" in this case. */
|
|
||||||
# $servers->setValue('login','string','uid=<username>,ou=People,dc=example,dc=com');
|
|
||||||
|
|
||||||
/* If 'login_attr' is used above such that phpLDAPadmin will search for your DN
|
|
||||||
at login, you may restrict the search to a specific objectClass. EG, set this
|
|
||||||
to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */
|
|
||||||
// $servers->setValue('login','class',null);
|
|
||||||
|
|
||||||
/* Specify true If you want phpLDAPadmin to not display or permit any
|
/* Specify true If you want phpLDAPadmin to not display or permit any
|
||||||
modification to the LDAP server. */
|
modification to the LDAP server. */
|
||||||
// $servers->setValue('server','read_only',false);
|
// $servers->setValue('server','read_only',false);
|
||||||
@ -516,7 +517,6 @@ $servers->setValue('server','sasl_props',null);
|
|||||||
$servers->setValue('appearance','password_hash','md5');
|
$servers->setValue('appearance','password_hash','md5');
|
||||||
$servers->setValue('login','attr','dn');
|
$servers->setValue('login','attr','dn');
|
||||||
$servers->setValue('login','fallback_dn',false);
|
$servers->setValue('login','fallback_dn',false);
|
||||||
$servers->setValue('login','string',null);
|
|
||||||
$servers->setValue('login','class',null);
|
$servers->setValue('login','class',null);
|
||||||
$servers->setValue('server','read_only',false);
|
$servers->setValue('server','read_only',false);
|
||||||
$servers->setValue('appearance','show_create',true);
|
$servers->setValue('appearance','show_create',true);
|
||||||
|
@ -1,76 +0,0 @@
|
|||||||
// File: search_util.js
|
|
||||||
// Purpose:
|
|
||||||
// This JavaScript file defines some functions used by the two search forms for
|
|
||||||
// auto-populating the base DN dynamically when a server is selected from the
|
|
||||||
// drop-down.
|
|
||||||
// $Header$
|
|
||||||
|
|
||||||
//the array to store the server
|
|
||||||
var servers = new Array();
|
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------
|
|
||||||
// Definition of the object server
|
|
||||||
//---------------------------------------------------------------------
|
|
||||||
|
|
||||||
//constructor of the server
|
|
||||||
//param id the id of the server
|
|
||||||
//param name the name of the server
|
|
||||||
//param base_dn the base dn of the server
|
|
||||||
|
|
||||||
function server(id,name,base_dn){
|
|
||||||
|
|
||||||
//the properties of the object
|
|
||||||
this.id =id;
|
|
||||||
this.name = name;
|
|
||||||
this.base_dn = base_dn;
|
|
||||||
|
|
||||||
// the method of the server
|
|
||||||
this.getId=getId;
|
|
||||||
this.setId=setId;
|
|
||||||
this.getName = getName;
|
|
||||||
this.setName = setName;
|
|
||||||
this.setBaseDn = setBaseDn;
|
|
||||||
this.getBaseDn = getBaseDn;
|
|
||||||
}
|
|
||||||
// set the id of the server
|
|
||||||
function setId(id){
|
|
||||||
this.id = id;
|
|
||||||
}
|
|
||||||
|
|
||||||
//return the id of the server
|
|
||||||
function getId(){
|
|
||||||
return this.id;
|
|
||||||
}
|
|
||||||
|
|
||||||
// set the name of the server
|
|
||||||
function setName(name){
|
|
||||||
this.name = name;
|
|
||||||
}
|
|
||||||
|
|
||||||
// return the name of the server
|
|
||||||
function getName(){
|
|
||||||
return this.name;
|
|
||||||
}
|
|
||||||
|
|
||||||
// return the base dn of the server
|
|
||||||
function getBaseDn(){
|
|
||||||
return this.base_dn;
|
|
||||||
}
|
|
||||||
|
|
||||||
// set the base dn of the server
|
|
||||||
function setBaseDn(base_dn){
|
|
||||||
this.base_dn = base_dn;
|
|
||||||
}
|
|
||||||
|
|
||||||
//-----------------------------------------------------------------------
|
|
||||||
// End of the definition of the server
|
|
||||||
//-----------------------------------------------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
// add a server object to the array of server
|
|
||||||
function addToServersList(obj_server){
|
|
||||||
servers[servers.length] = obj_server;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
@ -271,6 +271,7 @@ function hideall(key,except) {
|
|||||||
$this->drawBaseTabs();
|
$this->drawBaseTabs();
|
||||||
$ado = $this->template->getAttrDisplayOrder();
|
$ado = $this->template->getAttrDisplayOrder();
|
||||||
$counter = 0;
|
$counter = 0;
|
||||||
|
$j = 0;
|
||||||
|
|
||||||
foreach ($this->template->results as $base => $results) {
|
foreach ($this->template->results as $base => $results) {
|
||||||
$counter++;
|
$counter++;
|
||||||
@ -279,7 +280,7 @@ function hideall(key,except) {
|
|||||||
$show = ($counter === 1 ? $this->getAjaxRef($base) : null);
|
$show = ($counter === 1 ? $this->getAjaxRef($base) : null);
|
||||||
|
|
||||||
printf('<div id="DN%s" style="display: %s">',
|
printf('<div id="DN%s" style="display: %s">',
|
||||||
$this->getAjaxRef($base), ($show == $this->getAjaxRef($base) ? '' : 'none'));
|
$this->getAjaxRef($base), ($show == $this->getAjaxRef($base) ? 'block' : 'none'));
|
||||||
|
|
||||||
echo '<table class="result_box" border=0 width=100%>';
|
echo '<table class="result_box" border=0 width=100%>';
|
||||||
echo '<tr><td>';
|
echo '<tr><td>';
|
||||||
@ -378,7 +379,6 @@ function hideall(key,except) {
|
|||||||
echo '</thead>';
|
echo '</thead>';
|
||||||
|
|
||||||
echo '<tbody class="scroll">';
|
echo '<tbody class="scroll">';
|
||||||
$j = 0;
|
|
||||||
foreach ($results as $dndetails) {
|
foreach ($results as $dndetails) {
|
||||||
$j++;
|
$j++;
|
||||||
$dndetails = array_change_key_case($dndetails);
|
$dndetails = array_change_key_case($dndetails);
|
||||||
@ -386,12 +386,12 @@ function hideall(key,except) {
|
|||||||
# Temporarily set our DN, for rendering that leverages our DN (eg: JpegPhoto)
|
# Temporarily set our DN, for rendering that leverages our DN (eg: JpegPhoto)
|
||||||
$this->template->setDN($dndetails['dn']);
|
$this->template->setDN($dndetails['dn']);
|
||||||
|
|
||||||
printf('<tr class="%s" id="tr_ma_%s_%s" onClick="var cb=document.getElementById(\'ma_%s_%s\'); cb.checked=!cb.checked;">',
|
printf('<tr class="%s" id="tr_ma_%s" onClick="var cb=document.getElementById(\'ma_%s\'); cb.checked=!cb.checked;">',
|
||||||
$j%2 ? 'even' : 'odd',$j,$counter,$j,$counter);
|
$j%2 ? 'even' : 'odd',$j,$j);
|
||||||
|
|
||||||
# Is mass action enabled.
|
# Is mass action enabled.
|
||||||
if ($_SESSION[APPCONFIG]->getValue('mass','enabled'))
|
if ($_SESSION[APPCONFIG]->getValue('mass','enabled'))
|
||||||
printf('<td><input type="checkbox" id="ma_%s_%s" name="dn[]" value="%s" onclick="this.checked=!this.checked;" /></td>',$j,$counter,$dndetails['dn']);
|
printf('<td><input type="checkbox" id="ma_%s" name="dn[]" value="%s" onclick="this.checked=!this.checked;" /></td>',$j,$dndetails['dn']);
|
||||||
|
|
||||||
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),rawurlencode($dndetails['dn']));
|
$href = sprintf('cmd=template_engine&server_id=%s&dn=%s',$server->getIndex(),rawurlencode($dndetails['dn']));
|
||||||
printf('<td class="icon"><a href="cmd.php?%s"><img src="%s/%s" alt="icon" /></a></td>',
|
printf('<td class="icon"><a href="cmd.php?%s"><img src="%s/%s" alt="icon" /></a></td>',
|
||||||
@ -478,8 +478,8 @@ function CheckAll(setbgcolor,form) {
|
|||||||
if (e.checked) {
|
if (e.checked) {
|
||||||
tr.style.backgroundColor='#DDDDFF';
|
tr.style.backgroundColor='#DDDDFF';
|
||||||
} else {
|
} else {
|
||||||
var id = e.id.substr(2);
|
var id = e.id.substr(3);
|
||||||
tr.style.backgroundColor= id%2 ? '#F0F0F0' : '#E0E0E0';
|
tr.style.backgroundColor= id%2 ? '#E0E0E0' : '#F0F0F0';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1325,7 +1325,7 @@ class TemplateRender extends PageRender {
|
|||||||
|
|
||||||
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
if (DEBUGTMP) printf('<font size=-2>%s</font><br />',__METHOD__);
|
||||||
|
|
||||||
$href = sprintf('cmd=query_engine&server_id=%s&filter=%s&base=%s&scope=one&query=none&size_limit=0',
|
$href = sprintf('cmd=query_engine&server_id=%s&filter=%s&base=%s&scope=one&query=none&size_limit=0&search=true',
|
||||||
$this->getServerID(),rawurlencode('objectClass=*'),rawurlencode($this->template->getDN()));
|
$this->getServerID(),rawurlencode('objectClass=*'),rawurlencode($this->template->getDN()));
|
||||||
|
|
||||||
if (isAjaxEnabled())
|
if (isAjaxEnabled())
|
||||||
|
@ -178,7 +178,7 @@ abstract class Tree {
|
|||||||
$tree_factory = new TreeItem($server->getIndex(),$dn);
|
$tree_factory = new TreeItem($server->getIndex(),$dn);
|
||||||
$tree_factory->setObjectClasses($server->getDNAttrValue($dn,'objectClass'));
|
$tree_factory->setObjectClasses($server->getDNAttrValue($dn,'objectClass'));
|
||||||
|
|
||||||
if ((($isleaf = $server->getDNAttrValue($dn,'hassubordinates')) && ! strcasecmp($isleaf[0],'false')) || ! $isleaf)
|
if ((($isleaf = $server->getDNAttrValue($dn,'hassubordinates')) && ! strcasecmp($isleaf[0],'false')))
|
||||||
$tree_factory->setLeaf();
|
$tree_factory->setLeaf();
|
||||||
|
|
||||||
$this->entries[$dnlower] = $tree_factory;
|
$this->entries[$dnlower] = $tree_factory;
|
||||||
|
@ -179,7 +179,8 @@ abstract class DS {
|
|||||||
case 'http':
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
if (! isset($_SESSION['USER'][$this->index][$method]['name']))
|
||||||
return null;
|
# If our bind_id is set, we'll pass that back for logins.
|
||||||
|
return (! is_null($this->getValue('login','bind_id')) && $method == 'login') ? $this->getValue('login','bind_id') : null;
|
||||||
else
|
else
|
||||||
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['name']);
|
||||||
|
|
||||||
@ -244,7 +245,8 @@ abstract class DS {
|
|||||||
case 'http':
|
case 'http':
|
||||||
case 'session':
|
case 'session':
|
||||||
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
if (! isset($_SESSION['USER'][$this->index][$method]['pass']))
|
||||||
return null;
|
# If our bind_pass is set, we'll pass that back for logins.
|
||||||
|
return (! is_null($this->getValue('login','bind_pass')) && $method == 'login') ? $this->getValue('login','bind_pass') : null;
|
||||||
else
|
else
|
||||||
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
return blowfish_decrypt($_SESSION['USER'][$this->index][$method]['pass']);
|
||||||
|
|
||||||
|
@ -56,17 +56,6 @@ class ldap extends DS {
|
|||||||
'desc'=>'Connect using TLS',
|
'desc'=>'Connect using TLS',
|
||||||
'default'=>false);
|
'default'=>false);
|
||||||
|
|
||||||
/*
|
|
||||||
* Not used by PLA
|
|
||||||
$this->default->login['dn'] = array(
|
|
||||||
'desc'=>'User Login DN',
|
|
||||||
'default'=>'');
|
|
||||||
|
|
||||||
$this->default->login['pass'] = array(
|
|
||||||
'desc'=>'User Login Password',
|
|
||||||
'default'=>'');
|
|
||||||
*/
|
|
||||||
|
|
||||||
# Login Details
|
# Login Details
|
||||||
$this->default->login['attr'] = array(
|
$this->default->login['attr'] = array(
|
||||||
'desc'=>'Attribute to use to find the users DN',
|
'desc'=>'Attribute to use to find the users DN',
|
||||||
@ -80,6 +69,14 @@ class ldap extends DS {
|
|||||||
'desc'=>'Limit logins to users who match any of the following LDAP filters',
|
'desc'=>'Limit logins to users who match any of the following LDAP filters',
|
||||||
'default'=>array());
|
'default'=>array());
|
||||||
|
|
||||||
|
$this->default->login['base'] = array(
|
||||||
|
'desc'=>'Limit logins to users who are in these base DNs',
|
||||||
|
'default'=>array());
|
||||||
|
|
||||||
|
$this->default->login['class'] = array(
|
||||||
|
'desc'=>'Strict login to users containing a specific objectClasses',
|
||||||
|
'default'=>array());
|
||||||
|
|
||||||
$this->default->proxy['attr'] = array(
|
$this->default->proxy['attr'] = array(
|
||||||
'desc'=>'Attribute to use to find the users DN for proxy based authentication',
|
'desc'=>'Attribute to use to find the users DN for proxy based authentication',
|
||||||
'default'=>array());
|
'default'=>array());
|
||||||
@ -146,7 +143,7 @@ class ldap extends DS {
|
|||||||
$bind['pass'] = is_null($this->getPassword($method)) && $method != 'anon' ? $this->getPassword('user') : $this->getPassword($method);
|
$bind['pass'] = is_null($this->getPassword($method)) && $method != 'anon' ? $this->getPassword('user') : $this->getPassword($method);
|
||||||
|
|
||||||
# If our bind id is still null, we are not logged in.
|
# If our bind id is still null, we are not logged in.
|
||||||
if (is_null($bind['id']) && $method != 'anon')
|
if (is_null($bind['id']) && ! in_array($method,array('anon','login')))
|
||||||
return null;
|
return null;
|
||||||
|
|
||||||
# If we bound to the LDAP server with these details for a different connection, return that resource
|
# If we bound to the LDAP server with these details for a different connection, return that resource
|
||||||
@ -260,7 +257,7 @@ class ldap extends DS {
|
|||||||
if (($this->getValue('login','attr') == 'dn') || $method != 'user')
|
if (($this->getValue('login','attr') == 'dn') || $method != 'user')
|
||||||
$userDN = $user;
|
$userDN = $user;
|
||||||
else
|
else
|
||||||
$userDN = $this->getLoginID($user,'anon');
|
$userDN = $this->getLoginID($user,'login');
|
||||||
|
|
||||||
if (! $userDN)
|
if (! $userDN)
|
||||||
return false;
|
return false;
|
||||||
@ -473,20 +470,54 @@ class ldap extends DS {
|
|||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||||
|
|
||||||
$query['filter'] = sprintf('(&(uid=%s))',$user);
|
$query['filter'] = sprintf('(&(%s=%s)%s)',
|
||||||
|
$this->getValue('login','attr'),$user,
|
||||||
|
$this->getLoginClass() ? sprintf('(objectclass=%s)',join(')(objectclass=',$this->getLoginClass())) : '');
|
||||||
$query['attrs'] = array('dn');
|
$query['attrs'] = array('dn');
|
||||||
|
|
||||||
|
foreach ($this->getLoginBaseDN() as $base) {
|
||||||
|
$query['base'] = $base;
|
||||||
$result = $this->query($query,$method);
|
$result = $this->query($query,$method);
|
||||||
|
|
||||||
if (count($result) > 1)
|
if (count($result) == 1)
|
||||||
die('ERROR: should only have 1 result');
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (count($result) != 1)
|
||||||
|
return null;
|
||||||
|
|
||||||
|
$detail = array_shift($result);
|
||||||
|
|
||||||
foreach ($result as $detail)
|
|
||||||
if (! isset($detail['dn']))
|
if (! isset($detail['dn']))
|
||||||
die('ERROR: DN missing?');
|
die('ERROR: DN missing?');
|
||||||
else
|
else
|
||||||
return $detail['dn'];
|
return $detail['dn'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the login base DNs
|
||||||
|
* If no login base DNs are defined, then the LDAP server Base DNs are used.
|
||||||
|
*/
|
||||||
|
private function getLoginBaseDN() {
|
||||||
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||||
|
debug_log('Entered (%%)',17,1,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||||
|
|
||||||
|
if ($this->getValue('login','base'))
|
||||||
|
return $this->getValue('login','base');
|
||||||
|
else
|
||||||
|
return $this->getBaseDN();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the login classes that a user must have to login
|
||||||
|
*/
|
||||||
|
private function getLoginClass() {
|
||||||
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||||
|
debug_log('Entered (%%)',17,1,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||||
|
|
||||||
|
return $this->getValue('login','class');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return if anonymous bind is allowed in the configuration
|
* Return if anonymous bind is allowed in the configuration
|
||||||
*/
|
*/
|
||||||
|
@ -119,7 +119,6 @@ class ldap_pla extends ldap {
|
|||||||
'default'=>null);
|
'default'=>null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** FUNCTIONS TO BE REWORKED BELOW HERE **/
|
|
||||||
/**
|
/**
|
||||||
* Gets whether the admin has configured phpLDAPadmin to show the "Create New" link in the tree viewer.
|
* Gets whether the admin has configured phpLDAPadmin to show the "Create New" link in the tree viewer.
|
||||||
* <code>
|
* <code>
|
||||||
@ -130,10 +129,10 @@ class ldap_pla extends ldap {
|
|||||||
*
|
*
|
||||||
* The entry creation command must be available.
|
* The entry creation command must be available.
|
||||||
* <code>
|
* <code>
|
||||||
* $config->custom->commands['all'] = array('entry_create' => true);
|
* $config->custom->commands['script'] = array('create' => true);
|
||||||
* </code>
|
* </code>
|
||||||
*
|
*
|
||||||
* @return boolean True if the feature is enabled and false otherwise.
|
* @return boolean true if the feature is enabled and false otherwise.
|
||||||
*/
|
*/
|
||||||
function isShowCreateEnabled() {
|
function isShowCreateEnabled() {
|
||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||||
@ -145,76 +144,6 @@ class ldap_pla extends ldap {
|
|||||||
return $this->getValue('appearance','show_create');
|
return $this->getValue('appearance','show_create');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Fetches whether the login_attr feature is enabled for a specified server.
|
|
||||||
*
|
|
||||||
* This is configured in config.php thus:
|
|
||||||
* <code>
|
|
||||||
* $servers->setValue('login','attr','<ldap attr>');
|
|
||||||
* </code>
|
|
||||||
*
|
|
||||||
* By virtue of the fact that the login_attr is not blank and not 'dn', the
|
|
||||||
* feature is configured to be enabled.
|
|
||||||
*
|
|
||||||
* @return boolean
|
|
||||||
*/
|
|
||||||
function isLoginAttrEnabled() {
|
|
||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
||||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
||||||
|
|
||||||
if ((strcasecmp($this->getLoginAttr(),'dn') != 0) && trim($this->getLoginAttr()))
|
|
||||||
$return = true;
|
|
||||||
else
|
|
||||||
$return = false;
|
|
||||||
|
|
||||||
if (DEBUG_ENABLED)
|
|
||||||
debug_log('Returning (%s)',17,0,__FILE__,__LINE__,__METHOD__,$return);
|
|
||||||
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Fetches whether the login_attr feature is enabled for a specified server.
|
|
||||||
*
|
|
||||||
* This is configured in config.php thus:
|
|
||||||
* <code>
|
|
||||||
* $servers->setValue('login','attr','string');
|
|
||||||
* </code>
|
|
||||||
*
|
|
||||||
* @return boolean
|
|
||||||
*/
|
|
||||||
function isLoginStringEnabled() {
|
|
||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
||||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
||||||
|
|
||||||
if (! strcasecmp($this->getLoginAttr(),'string'))
|
|
||||||
$return = true;
|
|
||||||
else
|
|
||||||
$return = false;
|
|
||||||
|
|
||||||
if (DEBUG_ENABLED)
|
|
||||||
debug_log('Returning (%s)',17,0,__FILE__,__LINE__,__METHOD__,$return);
|
|
||||||
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Fetches the login_attr string if enabled for a specified server.
|
|
||||||
*
|
|
||||||
* This is configured in config.php thus:
|
|
||||||
* <code>
|
|
||||||
* $servers->setValue('login','login_string','uid=<username>,ou=People,dc=example,dc=com');
|
|
||||||
* </code>
|
|
||||||
*
|
|
||||||
* @return string|false
|
|
||||||
*/
|
|
||||||
function getLoginString() {
|
|
||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
||||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
||||||
|
|
||||||
return $this->login_string;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fetch whether the user has configured a certain server login to be non anonymous
|
* Fetch whether the user has configured a certain server login to be non anonymous
|
||||||
*
|
*
|
||||||
@ -265,14 +194,13 @@ class ldap_pla extends ldap {
|
|||||||
* Usage example:
|
* Usage example:
|
||||||
* <code>
|
* <code>
|
||||||
* if ($ldapserver->isMultiLineAttr('postalAddress'))
|
* if ($ldapserver->isMultiLineAttr('postalAddress'))
|
||||||
* echo "<textarea name=\"postalAddress\"></textarea>";
|
* echo '<textarea name="postalAddress"></textarea>';
|
||||||
* else
|
* else
|
||||||
* echo "<input name=\"postalAddress\" type=\"text\">";
|
* echo '<input name="postalAddress" type="text">';
|
||||||
* </code>
|
* </code>
|
||||||
*
|
*
|
||||||
* @param string $attr_name The name of the attribute of interestd (case insensivite)
|
* @param string The name of the attribute of interested (case insensivite)
|
||||||
* @param string $val (optional) The current value of the attribute (speeds up the
|
* @param string (optional) The current value of the attribute (speeds up the process by searching for carriage returns already in the attribute value)
|
||||||
* process by searching for carriage returns already in the attribute value)
|
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
function isMultiLineAttr($attr_name,$val=null) {
|
function isMultiLineAttr($attr_name,$val=null) {
|
||||||
@ -317,23 +245,15 @@ class ldap_pla extends ldap {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if the specified attribute is configured as read only
|
* Returns true if the specified attribute is configured according to
|
||||||
* in config.php.
|
* the test enabled in config.php
|
||||||
* Attributes are configured as read-only in config.php thus:
|
|
||||||
* <code>
|
|
||||||
* $config->custom->appearance['readonly_attrs'] = array('objectClass');
|
|
||||||
* </code>
|
|
||||||
*
|
*
|
||||||
* @param string $attr The name of the attribute to test.
|
* @param string The name of the attribute to test.
|
||||||
|
* @param array The attributes to test against.
|
||||||
|
* @param dn A DN that is exempt from these tests.
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function isAttrReadOnly($attr) {
|
private function isAttrTest($attr,$attrs,$except_dn) {
|
||||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
|
||||||
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
|
||||||
|
|
||||||
$attrs = $_SESSION[APPCONFIG]->getValue('appearance','readonly_attrs');
|
|
||||||
$except_dn = $_SESSION[APPCONFIG]->getValue('appearance','readonly_attrs_exempt');
|
|
||||||
|
|
||||||
$attr = trim($attr);
|
$attr = trim($attr);
|
||||||
if (! trim($attr) || ! count($attrs))
|
if (! trim($attr) || ! count($attrs))
|
||||||
return false;
|
return false;
|
||||||
@ -349,6 +269,27 @@ class ldap_pla extends ldap {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns true if the specified attribute is configured as read only
|
||||||
|
* in config.php.
|
||||||
|
* Attributes are configured as read-only in config.php thus:
|
||||||
|
* <code>
|
||||||
|
* $config->custom->appearance['readonly_attrs'] = array('objectClass');
|
||||||
|
* </code>
|
||||||
|
*
|
||||||
|
* @param string The name of the attribute to test.
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function isAttrReadOnly($attr) {
|
||||||
|
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||||
|
debug_log('Entered (%%)',17,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||||
|
|
||||||
|
$attrs = $_SESSION[APPCONFIG]->getValue('appearance','readonly_attrs');
|
||||||
|
$except_dn = $_SESSION[APPCONFIG]->getValue('appearance','readonly_attrs_exempt');
|
||||||
|
|
||||||
|
return $this->isAttrTest($attr,$attrs,$except_dn);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if the specified attribute is configured as hidden
|
* Returns true if the specified attribute is configured as hidden
|
||||||
* in config.php.
|
* in config.php.
|
||||||
@ -357,7 +298,7 @@ class ldap_pla extends ldap {
|
|||||||
* $config->custom->appearance['hide_attrs'] = array('objectClass');
|
* $config->custom->appearance['hide_attrs'] = array('objectClass');
|
||||||
* </code>
|
* </code>
|
||||||
*
|
*
|
||||||
* @param string $attr The name of the attribute to test.
|
* @param string The name of the attribute to test.
|
||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
public function isAttrHidden($attr) {
|
public function isAttrHidden($attr) {
|
||||||
@ -367,19 +308,7 @@ class ldap_pla extends ldap {
|
|||||||
$attrs = $_SESSION[APPCONFIG]->getValue('appearance','hide_attrs');
|
$attrs = $_SESSION[APPCONFIG]->getValue('appearance','hide_attrs');
|
||||||
$except_dn = $_SESSION[APPCONFIG]->getValue('appearance','hide_attrs_exempt');
|
$except_dn = $_SESSION[APPCONFIG]->getValue('appearance','hide_attrs_exempt');
|
||||||
|
|
||||||
$attr = trim($attr);
|
return $this->isAttrTest($attr,$attrs,$except_dn);
|
||||||
if (! trim($attr) || ! count($attrs))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
# Is the user excluded?
|
|
||||||
if ($except_dn && $this->userIsMember($this->getLogin(),$except_dn))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
foreach ($attrs as $attr_name)
|
|
||||||
if (strcasecmp($attr,trim($attr_name)) == 0)
|
|
||||||
return true;
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -208,19 +208,16 @@ function app_version() {
|
|||||||
$CACHE = 'UNKNOWN';
|
$CACHE = 'UNKNOWN';
|
||||||
|
|
||||||
else {
|
else {
|
||||||
$f = fopen($version_file,'r');
|
$version = rtrim(file_get_contents($version_file));
|
||||||
$version = trim(fread($f, filesize($version_file)));
|
|
||||||
fclose($f);
|
|
||||||
|
|
||||||
$CACHE = preg_replace('/^RELEASE-([0-9\.]+(-.*)*)$/','$1',$version);
|
$CACHE = preg_replace('/^RELEASE-([0-9\.]+(-.*)*)$/','$1',$version);
|
||||||
|
|
||||||
# Check if we are a CVS copy.
|
# Check if we are a CVS copy.
|
||||||
if (preg_match('/^$/',$CACHE))
|
if (preg_match('/^(DEVEL)?$/',$CACHE))
|
||||||
$CACHE = 'CVS';
|
$CACHE = 'DEVEL';
|
||||||
|
|
||||||
# Check if we are special CVS branch
|
# Check if we are special DEVEL version
|
||||||
elseif (preg_match('/^([a-zA-Z]+)?$/',$CACHE,$match))
|
elseif (preg_match('/^DEVEL-([0-9\.]+)+$/',$CACHE)) {}
|
||||||
$CACHE = $match[1];
|
|
||||||
|
|
||||||
# If return is still the same as version, then the tag is not one we expect.
|
# If return is still the same as version, then the tag is not one we expect.
|
||||||
elseif ($CACHE == $version)
|
elseif ($CACHE == $version)
|
||||||
|
Loading…
Reference in New Issue
Block a user