Changeset View
Changeset View
Standalone View
Standalone View
src/app/Backends/LDAP.php
| Show First 20 Lines • Show All 163 Lines • ▼ Show 20 Lines | class LDAP | ||||
| * | * | ||||
| * @return bool|void | * @return bool|void | ||||
| */ | */ | ||||
| public static function createUser(User $user) | public static function createUser(User $user) | ||||
| { | { | ||||
| $config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
| $ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
| list($_local, $_domain) = explode('@', $user->email, 2); | |||||
| $domain = $ldap->find_domain($_domain); | |||||
| if (!$domain) { | |||||
| return false; | |||||
| } | |||||
| $entry = [ | $entry = [ | ||||
| 'objectclass' => [ | 'objectclass' => [ | ||||
| 'top', | 'top', | ||||
| 'inetorgperson', | 'inetorgperson', | ||||
| 'inetuser', | 'inetuser', | ||||
| 'kolabinetorgperson', | 'kolabinetorgperson', | ||||
| 'mailrecipient', | 'mailrecipient', | ||||
| 'person' | 'person' | ||||
| ], | ], | ||||
| 'mail' => $user->email, | 'mail' => $user->email, | ||||
| 'uid' => $user->email, | 'uid' => $user->email, | ||||
| 'nsroledn' => [] | 'nsroledn' => [] | ||||
| ]; | ]; | ||||
| if (!self::getUserEntry($ldap, $user->email, $dn) && $dn) { | |||||
| self::setUserAttributes($user, $entry); | self::setUserAttributes($user, $entry); | ||||
| $base_dn = $ldap->domain_root_dn($_domain); | |||||
| $dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
| if (!$ldap->get_entry($dn)) { | |||||
| $ldap->add_entry($dn, $entry); | $ldap->add_entry($dn, $entry); | ||||
| } | } | ||||
| $ldap->close(); | $ldap->close(); | ||||
| } | } | ||||
| /** | /** | ||||
| * Update a domain in LDAP. | * Update a domain in LDAP. | ||||
| * | * | ||||
| * @param \App\Domain $domain The domain to update. | * @param \App\Domain $domain The domain to update. | ||||
| * | * | ||||
| * @return void | * @return void | ||||
| */ | */ | ||||
| public static function updateDomain($domain) | public static function updateDomain(Domain $domain) | ||||
| { | { | ||||
| $config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
| $ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
| $ldapDomain = $ldap->find_domain($domain->namespace); | $ldapDomain = $ldap->find_domain($domain->namespace); | ||||
| $oldEntry = $ldap->get_entry($ldapDomain['dn']); | $oldEntry = $ldap->get_entry($ldapDomain['dn']); | ||||
| $newEntry = $oldEntry; | $newEntry = $oldEntry; | ||||
| self::setDomainAttributes($domain, $newEntry); | self::setDomainAttributes($domain, $newEntry); | ||||
| $ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry); | $ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry); | ||||
| $ldap->close(); | $ldap->close(); | ||||
| } | } | ||||
| public static function deleteDomain($domain) | /** | ||||
| * Delete a domain from LDAP. | |||||
| * | |||||
| * @param \App\Domain $domain The domain to update. | |||||
| * | |||||
| * @return void | |||||
| */ | |||||
| public static function deleteDomain(Domain $domain) | |||||
| { | { | ||||
| $config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
| $ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
| $hostedRootDN = \config('ldap.hosted.root_dn'); | $hostedRootDN = \config('ldap.hosted.root_dn'); | ||||
| $mgmtRootDN = \config('ldap.admin.root_dn'); | $mgmtRootDN = \config('ldap.admin.root_dn'); | ||||
| $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | ||||
| if ($ldap->get_entry($domainBaseDN)) { | if ($ldap->get_entry($domainBaseDN)) { | ||||
| $ldap->delete_entry_recursive($domainBaseDN); | $ldap->delete_entry_recursive($domainBaseDN); | ||||
| } | } | ||||
| if ($ldap_domain = $ldap->find_domain($domain->namespace)) { | if ($ldap_domain = $ldap->find_domain($domain->namespace)) { | ||||
| if ($ldap->get_entry($ldap_domain['dn'])) { | if ($ldap->get_entry($ldap_domain['dn'])) { | ||||
| $ldap->delete_entry($ldap_domain['dn']); | $ldap->delete_entry($ldap_domain['dn']); | ||||
| } | } | ||||
| } | } | ||||
| $ldap->close(); | $ldap->close(); | ||||
| } | } | ||||
| public static function deleteUser($user) | /** | ||||
| * Delete a user from LDAP. | |||||
| * | |||||
| * @param \App\User $user The user account to update. | |||||
| * | |||||
| * @return void | |||||
| */ | |||||
| public static function deleteUser(User $user) | |||||
| { | { | ||||
| $config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
| $ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
| list($_local, $_domain) = explode('@', $user->email, 2); | if (self::getUserEntry($ldap, $user->email, $dn)) { | ||||
| $ldap->delete_entry($dn); | |||||
| $domain = $ldap->find_domain($_domain); | |||||
| if (!$domain) { | |||||
| $ldap->close(); | |||||
| return false; | |||||
| } | } | ||||
| $base_dn = $ldap->domain_root_dn($_domain); | |||||
| $dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
| if (!$ldap->get_entry($dn)) { | |||||
| $ldap->close(); | $ldap->close(); | ||||
| return false; | |||||
| } | } | ||||
| $ldap->delete_entry($dn); | /** | ||||
| * Get a user data from LDAP. | |||||
| * | |||||
| * @param string $email The user email. | |||||
| * | |||||
| * @return array|false|null | |||||
| */ | |||||
| public static function getUser(string $email) | |||||
| { | |||||
| $config = self::getConfig('admin'); | |||||
| $ldap = self::initLDAP($config); | |||||
| $user = self::getUserEntry($ldap, $email, $dn, true); | |||||
| $ldap->close(); | $ldap->close(); | ||||
| return $user; | |||||
| } | } | ||||
| /** | /** | ||||
| * Update a user in LDAP. | * Update a user in LDAP. | ||||
| * | * | ||||
| * @param \App\User $user The user account to update. | * @param \App\User $user The user account to update. | ||||
| * | * | ||||
| * @return bool|void | * @return false|void | ||||
| */ | */ | ||||
| public static function updateUser(User $user) | public static function updateUser(User $user) | ||||
| { | { | ||||
| $config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
| $ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
| list($_local, $_domain) = explode('@', $user->email, 2); | $newEntry = $oldEntry = self::getUserEntry($ldap, $user->email, $dn, true); | ||||
| $domain = $ldap->find_domain($_domain); | if ($oldEntry) { | ||||
| self::setUserAttributes($user, $newEntry); | |||||
| if (!$domain) { | $ldap->modify_entry($dn, $oldEntry, $newEntry); | ||||
| $ldap->close(); | $ldap->close(); | ||||
| return false; | } else { | ||||
| } | |||||
| $base_dn = $ldap->domain_root_dn($_domain); | |||||
| $dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
| $oldEntry = $ldap->get_entry($dn); | |||||
| if (!$oldEntry) { | |||||
| $ldap->close(); | $ldap->close(); | ||||
| return false; | return false; | ||||
| } | } | ||||
| if (!array_key_exists('nsroledn', $oldEntry)) { | |||||
| $roles = $ldap->get_entry_attributes($dn, ['nsroledn']); | |||||
| if (!empty($roles)) { | |||||
| $oldEntry['nsroledn'] = (array)$roles['nsroledn']; | |||||
| } | |||||
| } | |||||
| $newEntry = $oldEntry; | |||||
| self::setUserAttributes($user, $newEntry); | |||||
| $ldap->modify_entry($dn, $oldEntry, $newEntry); | |||||
| $ldap->close(); | |||||
| } | } | ||||
| /** | /** | ||||
| * Initialize connection to LDAP | * Initialize connection to LDAP | ||||
| */ | */ | ||||
| private static function initLDAP(array $config, string $privilege = 'admin') | private static function initLDAP(array $config, string $privilege = 'admin') | ||||
| { | { | ||||
| $ldap = new \Net_LDAP3($config); | $ldap = new \Net_LDAP3($config); | ||||
| ▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | private static function setUserAttributes(User $user, array &$entry) | ||||
| $entry['givenname'] = $firstName; | $entry['givenname'] = $firstName; | ||||
| $entry['sn'] = $lastName; | $entry['sn'] = $lastName; | ||||
| $entry['userpassword'] = $user->password_ldap; | $entry['userpassword'] = $user->password_ldap; | ||||
| $entry['inetuserstatus'] = $user->status; | $entry['inetuserstatus'] = $user->status; | ||||
| $entry['mailquota'] = 0; | $entry['mailquota'] = 0; | ||||
| $entry['alias'] = $user->aliases->pluck('alias')->toArray(); | |||||
| $roles = []; | $roles = []; | ||||
| foreach ($user->entitlements as $entitlement) { | foreach ($user->entitlements as $entitlement) { | ||||
| \Log::debug("Examining {$entitlement->sku->title}"); | \Log::debug("Examining {$entitlement->sku->title}"); | ||||
| switch ($entitlement->sku->title) { | switch ($entitlement->sku->title) { | ||||
| case "mailbox": | case "mailbox": | ||||
| break; | break; | ||||
| ▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | private static function getConfig(string $privilege) | ||||
| 'vlv' => false, | 'vlv' => false, | ||||
| 'log_hook' => 'App\Backends\LDAP::logHook', | 'log_hook' => 'App\Backends\LDAP::logHook', | ||||
| ]; | ]; | ||||
| return $config; | return $config; | ||||
| } | } | ||||
| /** | /** | ||||
| * Get user entry from LDAP. | |||||
| * | |||||
| * @param \Net_LDAP3 $ldap Ldap connection | |||||
| * @param string $email User email (uid) | |||||
| * @param string $dn Reference to user DN | |||||
| * @param bool $full Get extra attributes, e.g. nsroledn | |||||
| * | |||||
| * @return false|null|array User entry, False on error, NULL if not found | |||||
| */ | |||||
| protected static function getUserEntry($ldap, $email, &$dn = null, $full = false) | |||||
| { | |||||
| list($_local, $_domain) = explode('@', $email, 2); | |||||
| $domain = $ldap->find_domain($_domain); | |||||
| if (!$domain) { | |||||
| return false; | |||||
| } | |||||
| $base_dn = $ldap->domain_root_dn($_domain); | |||||
| $dn = "uid={$email},ou=People,{$base_dn}"; | |||||
| $entry = $ldap->get_entry($dn); | |||||
| if ($entry && $full) { | |||||
| if (!array_key_exists('nsroledn', $entry)) { | |||||
| $roles = $ldap->get_entry_attributes($dn, ['nsroledn']); | |||||
| if (!empty($roles)) { | |||||
| $entry['nsroledn'] = (array) $roles['nsroledn']; | |||||
| } | |||||
| } | |||||
| } | |||||
| return $entry ?: null; | |||||
| } | |||||
| /** | |||||
| * Logging callback | * Logging callback | ||||
| */ | */ | ||||
| public static function logHook($level, $msg): void | public static function logHook($level, $msg): void | ||||
| { | { | ||||
| if ( | if ( | ||||
| ( | ( | ||||
| $level == LOG_INFO | $level == LOG_INFO | ||||
| || $level == LOG_DEBUG | || $level == LOG_DEBUG | ||||
| ▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines | |||||