Page MenuHomePhorge
Differential D10

Compare the configured base DNs of domains that are visible as to be able to associate child domain name spaces with parent domain name spaces.
ClosedPublic
Actions

Authored by vanmeeuwen on Jun 5 2015, 12:45 PM.
Tags
None
Referenced Files
F11813742: D10.id41.diff
Fri, Apr 19, 6:11 PM
F11813730: D10.id38.diff
Fri, Apr 19, 6:11 PM
F11813724: D10.id15.diff
Fri, Apr 19, 6:11 PM
F11813652: D10.id.diff
Fri, Apr 19, 6:10 PM
Unknown Object (File)
Sat, Apr 6, 4:53 AM
Unknown Object (File)
Wed, Apr 3, 12:58 PM
Unknown Object (File)
Sat, Mar 30, 9:31 AM
Unknown Object (File)
Tue, Mar 26, 4:42 PM
View All Files
Subscribers
dhoffend
machniak
pokorra

Details

Reviewers
machniak
Group Reviewers
Web Administration Panel Developers
Maniphest Tasks
T435: Domain validation: Consider child domains by comparing base DNs
Commits
rWAP2719b480959d: Compare the configured base DNs of domains that are visible as to be able to…
Summary

Domain validation: Consider child domains by comparing base DNs

Test Plan

No particular test plan in particular

Diff Detail

Repository
rWAP webadmin
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

vanmeeuwen updated this revision to Diff 15.Jun 5 2015, 12:45 PM
vanmeeuwen retitled this revision from to Compare the configured base DNs of domains that are visible as to be able to associate child domain name spaces with parent domain name spaces..
vanmeeuwen updated this object.
vanmeeuwen edited the test plan for this revision. (Show Details)
vanmeeuwen added a reviewer: Web Administration Panel Developers.
vanmeeuwen added subscribers: pokorra, machniak.
vanmeeuwen added a task: T435: Domain validation: Consider child domains by comparing base DNs.Jun 5 2015, 12:45 PM
dhoffend subscribed.Jun 5 2015, 11:41 PM

There's a problem; The code will only consider other domains to be child if both domain entrys have a inetdomainrootbasedn attribute. If the main one is missing the attribute, the list is not gonna get compiled correctly

lib/api/kolab_api_service_form_value.php
1644

$result is not used afterwords.

dhoffend added a comment.Jun 6 2015, 12:04 AM

I tested the code and can confirm that it works. Apart from the $result which is not used (in return or log statement).

The only edge case is when the main entry is missing the inetdomainbasedn attribute.

Example1:

  • associateddomain=example.org,cn=kolab,cn=config
    • associateddomain=example.org
    • associateddomain=example.com
  • associateddomain=domain.org,cn=kolab,cn=config
    • associateddomain=domain.org
    • associateddomain=domain.com
    • inetdomainbasedn=dc=example,dc=org

list of valid domains (when primary_domain = example.org):

  • example.org
  • example.com

Example 2:

  • associateddomain=example.org,cn=kolab,cn=config
    • associateddomain=example.org
    • associateddomain=example.com
    • inetdomainbasedn=dc=example,dc=org
  • associateddomain=domain.org,cn=kolab,cn=config
    • associateddomain=domain.org
    • associateddomain=domain.com
    • inetdomainbasedn=dc=example,dc=org

list of valid domains (when primary_domain = example.org):

  • example.org
  • example.com
  • domain.org
  • domain.com

Possible Workround

There could be a workaround to strip the primary domain from the inetdoman object and construct the calculated basedn. But tbh. This is a edge case. You can also enforce/say/request/define: If you merge multiple inetdomain objects into the same basedn, all related inetdomain objects must have the inetdomainbasedn attribute set.

vanmeeuwen added a comment.Jun 6 2015, 2:43 PM
In D10#212, @dhoffend wrote:

The only edge case is when the main entry is missing the inetdomainbasedn attribute.

Example1:

  • associateddomain=example.org,cn=kolab,cn=config
    • associateddomain=example.org
    • associateddomain=example.com

In this case, the example.com domain is considered an alias domain name space of the parent domain name space example.org, and without a inetdomainbasedn attribute value, will cause both to result in dc=example,dc=org.

  • associateddomain=domain.org,cn=kolab,cn=config
    • associateddomain=domain.org
    • associateddomain=domain.com
    • inetdomainbasedn=dc=example,dc=org

This case could occur in combination with the former entry, but is not a real-life scenario -- the former entry would already result in dc=example,dc=org, it already holds alias domain name spaces, so this "child" domain name space (not to mention it having its own "alias" domain name space).

The intention is to facilitate either alias domain name spaces or child domain name spaces. Child domain name spaces are separate LDAP entries specifically, so that they may be confirmed ownership for separately from any parent domain name space.

Please also note that the "parent" domain name space becomes ubiquitous since there is no routine to resolve any domain name space back to it's original parent domain name space unless a dc=example,dc=org base dn is also directly correlated with the domain name space example.org.

lib/api/kolab_api_service_form_value.php
1644

Ah, yes, the line below should be using $result, as should the return statement.

vanmeeuwen updated this revision to Diff 38.Jun 14 2015, 1:29 PM
  • Use $result as already available
machniak accepted this revision.Jun 14 2015, 5:51 PM
machniak added a reviewer: machniak.

Looks good to me. There's redundant array_unique() call, but may be fixed later.

This revision is now accepted and ready to land.Jun 14 2015, 5:51 PM
Closed by commit rWAP2719b480959d: Compare the configured base DNs of domains that are visible as to be able to… (authored by vanmeeuwen, committed by vanmeeuwen). · Explain WhyJun 18 2015, 12:45 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
lib/
api/
31 lines

Diff 41

View Options

lib/api/kolab_api_service_form_value.php

Loading...