diff --git a/lib/api/kolab_api_service_domain.php b/lib/api/kolab_api_service_domain.php --- a/lib/api/kolab_api_service_domain.php +++ b/lib/api/kolab_api_service_domain.php @@ -95,6 +95,8 @@ $attributes[$dna] = (array) $attributes[$dna]; $domain = array_shift($attributes[$dna]); + $this->_mod_domain_attrs($domain, $attributes, $postdata['type_id']); + $result = $auth->domain_add($domain, $attributes); if ($result) { @@ -102,6 +104,9 @@ $attributes['id'] = $id; } + + $this->_after_domain_created($attributes, $domain); + return $attributes; } @@ -167,8 +172,11 @@ } } - $attributes = $this->parse_input_attributes('domain', $postdata); - $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']); + $attributes = $this->parse_input_attributes('domain', $postdata, $postdata['type_id']); + + $this->_mod_domain_attrs(null, $attributes); + + $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']); if ($result) { return $result; @@ -266,4 +274,149 @@ return false; } + + /** + * Modify hosted domain attributes + */ + protected function _mod_domain_attrs($domain, &$attributes, $type_id) + { + // Generate attributes (aci, inetdomainbasedn) for hosted domains + $conf = Conf::get_instance(); + if ($conf->get('kolab_wap', 'hosted_root_dn')) { + + $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute'); + $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn'); + $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn'); + + if (empty($mgmt_root_dn)) { + $mgmt_root_dn = $conf->get('root_dn'); + } + + if (empty($domain_name_attribute)) { + $domain_name_attribute = 'associateddomain'; + } + + if (!is_array($attributes[$domain_name_attribute])) { + $attributes[$domain_name_attribute] = (array) $attributes[$domain_name_attribute]; + } + + if (empty($domain)) { + $domain = $attributes[$domain_name_attribute][0]; + } + + if (!in_array($domain, $attributes[$domain_name_attribute])) { + array_unshift($attributes[$domain_name_attribute], $domain); + } + + $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; + + $aci = array( + '(targetattr = "*")' + . '(version 3.0; acl "Deny Unauthorized"; deny (all)' + . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' + . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' + . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', + + '(targetattr != "userPassword")' + . '(version 3.0;acl "Search Access";allow (read,compare,search)' + . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' + . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', + + '(targetattr = "*")' + . '(version 3.0;acl "Kolab Administrators";allow (all)' + . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' + . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)' + ); + + $attributes['aci'] = $aci; + $attributes['inetdomainbasedn'] = $domain_root_dn; + + $this->is_hosted = true; + } + } + + /** + * Create LDAP object related to the new hosted domain + */ + protected function _after_domain_created($attributes, $domain) + { + if (!$this->is_hosted) { + return; + } + + $conf = Conf::get_instance(); + $ou_service = $this->controller->get_service('ou'); + $role_service = $this->controller->get_service('role'); + + $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn'); + $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn'); + $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; + + if (empty($mgmt_root_dn)) { + $mgmt_root_dn = $conf->get('root_dn'); + } + + $ou_domain = array( + 'ou' => $domain, + 'base_dn' => $hosted_root_dn, + 'description' => $domain, + 'type_id' => 1, + ); + + $ou_domain['aci'] = array( + '(targetattr = "*")' + . '(version 3.0;acl "Deny Unauthorized"; deny (all)' + . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' + . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' + . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)', + + '(targetattr != "userPassword")' + . '(version 3.0;acl "Search Access";allow (read,compare,search,write)' + . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' + . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', + + '(targetattr = "*")' + . '(version 3.0;acl "Kolab Administrators";allow (all)' + . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' || ' + . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)', + + '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' + . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' + . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', + + '(target = "ldap:///uid=*,ou=People,' . $domain_root_dn . '")(targetattr="*")' + . '(version 3.0;acl "Allow Domain First User Registration"; allow (add)' + . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', + + '(target = "ldap:///cn=*,' . $domain_root_dn . '")(targetattr="objectclass || cn")' + . '(version 3.0;acl "Allow Domain Role Registration"; allow (add)' + . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', + ); + + $ou_service->ou_add(null, $ou_domain); + + // Add OU trees + + foreach (array('Groups', 'People', 'Resources', 'Shared Folders') as $item) { + $ou = array( + 'ou' => $item, + 'base_dn' => $domain_root_dn, + 'type_id' => 1, + 'description' => $item, + ); + + $ou_service->ou_add(null, $ou); + } + + // Add an admin role + + $role = array( + 'cn' => 'kolab-admin', + 'description' => 'Domain Administrator', + 'type_id' => 1, + 'base_dn' => $domain_root_dn, + ); + + $role_service->role_add(null, $role); + } } diff --git a/lib/api/kolab_api_service_domain_types.php b/lib/api/kolab_api_service_domain_types.php --- a/lib/api/kolab_api_service_domain_types.php +++ b/lib/api/kolab_api_service_domain_types.php @@ -57,6 +57,33 @@ ), ); + public static $HOSTED_TYPE_ATTRS = array( + 'auto_form_fields' => array(), + 'form_fields' => array( + 'associateddomain' => array( + 'type' => 'list' + ), +// 'inetdomainbasedn' => array( +// 'optional' => true, +// ), + 'inetdomainstatus' => array( + 'optional' => true, + 'type' => 'select', + 'values' => array( + '', 'active', 'suspended', 'deleted', + ), + ), + ), + 'fields' => array( + 'domainrelatedobject_only' => 1, + 'objectclass' => array( + 'top', + 'domainrelatedobject', + 'inetdomain', + ), + ), + ); + /** * Returns service capabilities. @@ -83,14 +110,23 @@ public function domain_types_list($get, $post) { // @TODO: move to database - $types = array( - 1 => array( + $types = array(); + + if ($this->conf->get('kolab_wap', 'hosted_root_dn')) { + $types[1] = array( + 'key' => 'hosted', + 'name' => 'Hosted domain', + 'description' => 'A hosted domain name space', + 'attributes' => self::$HOSTED_TYPE_ATTRS, + ); + } else { + $types[1] = array( 'key' => 'standard', 'name' => 'Standard domain', 'description' => 'A standard domain name space', 'attributes' => self::$DEFAULT_TYPE_ATTRS, - ), - ); + ); + } return array( 'list' => $types, diff --git a/lib/kolab_api_service.php b/lib/kolab_api_service.php --- a/lib/kolab_api_service.php +++ b/lib/kolab_api_service.php @@ -266,12 +266,20 @@ // get list of object types if ($object_name == 'domain') { - $object_types = array( - '1' => array( + $object_types = array(); + + if ($this->conf->get('kolab_wap', 'hosted_root_dn')) { + $object_types['2'] = array( + 'key' => 'hosted', + 'attributes' => kolab_api_service_domain_types::$HOSTED_TYPE_ATTRS, + ); + } else { + $object_types['1'] = array( 'key' => 'default', 'attributes' => kolab_api_service_domain_types::$DEFAULT_TYPE_ATTRS, - ), - ); + ); + } + $object_types['1']['attributes']['form_fields']['aci'] = array( 'type' => 'list', 'optional' => true, diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php --- a/lib/locale/en_US.php +++ b/lib/locale/en_US.php @@ -142,7 +142,7 @@ $LANG['domain.o'] = 'Organization'; $LANG['domain.other'] = 'Other'; $LANG['domain.system'] = 'System'; -$LANG['domain.type_id'] = 'Standard Domain'; +$LANG['domain.type_id'] = 'Domain type'; $LANG['edit'] = 'Edit'; $LANG['error'] = 'Error';