D809.1774855723.diff
No OneTemporary
Actions

Authored By

Unknown

Size

10 KB

Referenced Files

None

Subscribers

None

D809.1774855723.diff
View Options

	diff --git a/lib/api/kolab_api_service_domain.php b/lib/api/kolab_api_service_domain.php
	--- a/lib/api/kolab_api_service_domain.php
	+++ b/lib/api/kolab_api_service_domain.php
	@@ -95,6 +95,8 @@
	$attributes[$dna] = (array) $attributes[$dna];
	$domain = array_shift($attributes[$dna]);

	+ $this->_mod_domain_attrs($domain, $attributes, $postdata['type_id']);
	+
	$result = $auth->domain_add($domain, $attributes);

	if ($result) {
	@@ -102,6 +104,9 @@
	$attributes['id'] = $id;
	}

	+
	+ $this->_after_domain_created($attributes, $domain);
	+
	return $attributes;
	}

	@@ -167,8 +172,11 @@
	}
	}

	- $attributes = $this->parse_input_attributes('domain', $postdata);
	- $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']);
	+ $attributes = $this->parse_input_attributes('domain', $postdata, $postdata['type_id']);
	+
	+ $this->_mod_domain_attrs(null, $attributes);
	+
	+ $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']);

	if ($result) {
	return $result;
	@@ -266,4 +274,151 @@

	return false;
	}
	+
	+ /**
	+ * Modify hosted domain attributes
	+ */
	+ protected function _mod_domain_attrs($domain, &$attributes, $type_id)
	+ {
	+ // Generate attributes (aci, inetdomainbasedn) for hosted domains
	+ if ($type_id == 2) {
	+ $conf = Conf::get_instance();
	+
	+ $domain_name_attribute = $conf->get('ldap', 'domain_name_attribute');
	+ $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn');
	+ $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn');
	+ $root_dn = $conf->get('kolab_wap', 'root_dn');
	+
	+ if (empty($mgmt_root_dn)) {
	+ $mgmt_root_dn = $conf->get('root_dn');
	+ }
	+
	+ if (empty($domain_name_attribute)) {
	+ $domain_name_attribute = 'associateddomain';
	+ }
	+
	+ if (!is_array($attributes[$domain_name_attribute])) {
	+ $attributes[$domain_name_attribute] = (array) $attributes[$domain_name_attribute];
	+ }
	+
	+ if (empty($domain)) {
	+ $domain = $attributes[$domain_name_attribute][0];
	+ }
	+
	+ if (!in_array($domain, $attributes[$domain_name_attribute])) {
	+ array_unshift($attributes[$domain_name_attribute], $domain);
	+ }
	+
	+ $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn;
	+
	+ $aci = array(
	+ '(targetattr = "*")'
	+ . '(version 3.0; acl "Deny Unauthorized"; deny (all)'
	+ . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' \|\| '
	+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT '
	+ . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)',
	+
	+ '(targetattr != "userPassword")'
	+ . '(version 3.0;acl "Search Access";allow (read,compare,search)'
	+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' \|\| '
	+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)',
	+
	+ '(targetattr = "*")'
	+ . '(version 3.0;acl "Kolab Administrators";allow (all)'
	+ . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' \|\| '
	+ . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)'
	+ );
	+
	+ $attributes['aci'] = $aci;
	+ $attributes['inetdomainbasedn'] = $domain_root_dn;
	+
	+ $this->is_hosted = true;
	+ }
	+ }
	+
	+ /**
	+ * Create LDAP object related to the new hosted domain
	+ */
	+ protected function _after_domain_created($attributes, $domain)
	+ {
	+ if (!$this->is_hosted) {
	+ return;
	+ }
	+
	+ $conf = Conf::get_instance();
	+ $ou_service = $this->controller->get_service('ou');
	+ $role_service = $this->controller->get_service('role');
	+
	+ $hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn');
	+ $mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn');
	+ $root_dn = $conf->get('kolab_wap', 'root_dn');
	+ $domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn;
	+
	+ if (empty($mgmt_root_dn)) {
	+ $mgmt_root_dn = $conf->get('root_dn');
	+ }
	+
	+ $ou_domain = array(
	+ 'ou' => $domain,
	+ 'base_dn' => $hosted_root_dn,
	+ 'description' => $domain,
	+ 'type_id' => 1,
	+ );
	+
	+ $ou_domain['aci'] = array(
	+ '(targetattr = "*")'
	+ . '(version 3.0;acl "Deny Unauthorized"; deny (all)'
	+ . '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' \|\| '
	+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT '
	+ . 'roledn = "ldap:///cn=kolab-admin,' . $mgmt_root_dn . '";)',
	+
	+ '(targetattr != "userPassword")'
	+ . '(version 3.0;acl "Search Access";allow (read,compare,search,write)'
	+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' \|\| '
	+ . 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)',
	+
	+ '(targetattr = "*")'
	+ . '(version 3.0;acl "Kolab Administrators";allow (all)'
	+ . '(roledn = "ldap:///cn=kolab-admin,' . $domain_root_dn . ' \|\| '
	+ . 'ldap:///cn=kolab-admin,' . $mgmt_root_dn . '");)',
	+
	+ '(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass \|\| aci \|\| ou")'
	+ . '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)'
	+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
	+
	+ '(target = "ldap:///uid=,ou=People,' . $domain_root_dn . '")(targetattr="")'
	+ . '(version 3.0;acl "Allow Domain First User Registration"; allow (add)'
	+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
	+
	+ '(target = "ldap:///cn=*,' . $domain_root_dn . '")(targetattr="objectclass \|\| cn")'
	+ . '(version 3.0;acl "Allow Domain Role Registration"; allow (add)'
	+ . '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)',
	+ );
	+
	+ $ou_service->ou_add(null, $ou_domain);
	+
	+ // Add OU trees
	+
	+ foreach (array('Groups', 'People', 'Resources', 'Shared Folders') as $item) {
	+ $ou = array(
	+ 'ou' => $item,
	+ 'base_dn' => $domain_root_dn,
	+ 'type_id' => 1,
	+ 'description' => $item,
	+ );
	+
	+ $ou_service->ou_add(null, $ou);
	+ }
	+
	+ // Add an admin role
	+
	+ $role = array(
	+ 'cn' => 'kolab-admin',
	+ 'description' => 'Domain Administrator',
	+ 'type_id' => 1,
	+ 'base_dn' => $domain_root_dn,
	+ );
	+
	+ $role_service->role_add(null, $role);
	+ }
	}
	diff --git a/lib/api/kolab_api_service_domain_types.php b/lib/api/kolab_api_service_domain_types.php
	--- a/lib/api/kolab_api_service_domain_types.php
	+++ b/lib/api/kolab_api_service_domain_types.php
	@@ -57,6 +57,33 @@
	),
	);

	+ public static $HOSTED_TYPE_ATTRS = array(
	+ 'auto_form_fields' => array(),
	+ 'form_fields' => array(
	+ 'associateddomain' => array(
	+ 'type' => 'list'
	+ ),
	+// 'inetdomainbasedn' => array(
	+// 'optional' => true,
	+// ),
	+ 'inetdomainstatus' => array(
	+ 'optional' => true,
	+ 'type' => 'select',
	+ 'values' => array(
	+ '', 'active', 'suspended', 'deleted',
	+ ),
	+ ),
	+ ),
	+ 'fields' => array(
	+ 'domainrelatedobject_only' => 1,
	+ 'objectclass' => array(
	+ 'top',
	+ 'domainrelatedobject',
	+ 'inetdomain',
	+ ),
	+ ),
	+ );
	+

	/**
	* Returns service capabilities.
	@@ -90,6 +117,12 @@
	'description' => 'A standard domain name space',
	'attributes' => self::$DEFAULT_TYPE_ATTRS,
	),
	+ 2 => array(
	+ 'key' => 'hosted',
	+ 'name' => 'Hosted domain',
	+ 'description' => 'A hosted domain name space',
	+ 'attributes' => self::$HOSTED_TYPE_ATTRS,
	+ ),
	);

	return array(
	diff --git a/lib/kolab_api_service.php b/lib/kolab_api_service.php
	--- a/lib/kolab_api_service.php
	+++ b/lib/kolab_api_service.php
	@@ -97,7 +97,10 @@
	*/
	protected function object_type_id($object_name, $attributes)
	{
	- if ($object_name == 'domain') return 1;
	+ if ($object_name == 'domain') {
	+ $root_dn = $this->conf->get('kolab_wap', 'hosted_root_dn');
	+ return $root_dn && strpos((string) $attributes['inetdomainbasedn'], ",$root_dn") ? 2 : 1;
	+ }

	$object_class = $attributes['objectclass'];

	@@ -271,6 +274,10 @@
	'key' => 'default',
	'attributes' => kolab_api_service_domain_types::$DEFAULT_TYPE_ATTRS,
	),
	+ '2' => array(
	+ 'key' => 'hosted',
	+ 'attributes' => kolab_api_service_domain_types::$HOSTED_TYPE_ATTRS,
	+ ),
	);
	$object_types['1']['attributes']['form_fields']['aci'] = array(
	'type' => 'list',
	diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
	--- a/lib/locale/en_US.php
	+++ b/lib/locale/en_US.php
	@@ -142,7 +142,7 @@
	$LANG['domain.o'] = 'Organization';
	$LANG['domain.other'] = 'Other';
	$LANG['domain.system'] = 'System';
	-$LANG['domain.type_id'] = 'Standard Domain';
	+$LANG['domain.type_id'] = 'Domain type';

	$LANG['edit'] = 'Edit';
	$LANG['error'] = 'Error';

File Metadata

Mime Type: text/plain
Expires: Mon, Mar 30, 7:28 AM (6 d, 10 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18796674
Default Alt Text: D809.1774855723.diff (10 KB)

D809.1774855723.diffNo OneTemporaryActions

D809.1774855723.diffView Options

File Metadata

Event Timeline

D809.1774855723.diff
No OneTemporary
Actions

D809.1774855723.diff
View Options