Changeset View
Changeset View
Standalone View
Standalone View
src/app/Backends/LDAP.php
Show First 20 Lines • Show All 163 Lines • ▼ Show 20 Lines | class LDAP | ||||
* | * | ||||
* @return bool|void | * @return bool|void | ||||
*/ | */ | ||||
public static function createUser(User $user) | public static function createUser(User $user) | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
list($_local, $_domain) = explode('@', $user->email, 2); | |||||
$domain = $ldap->find_domain($_domain); | |||||
if (!$domain) { | |||||
return false; | |||||
} | |||||
$entry = [ | $entry = [ | ||||
'objectclass' => [ | 'objectclass' => [ | ||||
'top', | 'top', | ||||
'inetorgperson', | 'inetorgperson', | ||||
'inetuser', | 'inetuser', | ||||
'kolabinetorgperson', | 'kolabinetorgperson', | ||||
'mailrecipient', | 'mailrecipient', | ||||
'person' | 'person' | ||||
], | ], | ||||
'mail' => $user->email, | 'mail' => $user->email, | ||||
'uid' => $user->email, | 'uid' => $user->email, | ||||
'nsroledn' => [] | 'nsroledn' => [] | ||||
]; | ]; | ||||
if (!self::getUserEntry($ldap, $user->email, $dn) && $dn) { | |||||
self::setUserAttributes($user, $entry); | self::setUserAttributes($user, $entry); | ||||
$base_dn = $ldap->domain_root_dn($_domain); | |||||
$dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
if (!$ldap->get_entry($dn)) { | |||||
$ldap->add_entry($dn, $entry); | $ldap->add_entry($dn, $entry); | ||||
} | } | ||||
$ldap->close(); | $ldap->close(); | ||||
} | } | ||||
/** | /** | ||||
* Update a domain in LDAP. | * Update a domain in LDAP. | ||||
* | * | ||||
* @param \App\Domain $domain The domain to update. | * @param \App\Domain $domain The domain to update. | ||||
* | * | ||||
* @return void | * @return void | ||||
*/ | */ | ||||
public static function updateDomain($domain) | public static function updateDomain(Domain $domain) | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
$ldapDomain = $ldap->find_domain($domain->namespace); | $ldapDomain = $ldap->find_domain($domain->namespace); | ||||
$oldEntry = $ldap->get_entry($ldapDomain['dn']); | $oldEntry = $ldap->get_entry($ldapDomain['dn']); | ||||
$newEntry = $oldEntry; | $newEntry = $oldEntry; | ||||
self::setDomainAttributes($domain, $newEntry); | self::setDomainAttributes($domain, $newEntry); | ||||
$ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry); | $ldap->modify_entry($ldapDomain['dn'], $oldEntry, $newEntry); | ||||
$ldap->close(); | $ldap->close(); | ||||
} | } | ||||
public static function deleteDomain($domain) | /** | ||||
* Delete a domain from LDAP. | |||||
* | |||||
* @param \App\Domain $domain The domain to update. | |||||
* | |||||
* @return void | |||||
*/ | |||||
public static function deleteDomain(Domain $domain) | |||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
$hostedRootDN = \config('ldap.hosted.root_dn'); | $hostedRootDN = \config('ldap.hosted.root_dn'); | ||||
$mgmtRootDN = \config('ldap.admin.root_dn'); | $mgmtRootDN = \config('ldap.admin.root_dn'); | ||||
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | ||||
if ($ldap->get_entry($domainBaseDN)) { | if ($ldap->get_entry($domainBaseDN)) { | ||||
$ldap->delete_entry_recursive($domainBaseDN); | $ldap->delete_entry_recursive($domainBaseDN); | ||||
} | } | ||||
if ($ldap_domain = $ldap->find_domain($domain->namespace)) { | if ($ldap_domain = $ldap->find_domain($domain->namespace)) { | ||||
if ($ldap->get_entry($ldap_domain['dn'])) { | if ($ldap->get_entry($ldap_domain['dn'])) { | ||||
$ldap->delete_entry($ldap_domain['dn']); | $ldap->delete_entry($ldap_domain['dn']); | ||||
} | } | ||||
} | } | ||||
$ldap->close(); | $ldap->close(); | ||||
} | } | ||||
public static function deleteUser($user) | /** | ||||
* Delete a user from LDAP. | |||||
* | |||||
* @param \App\User $user The user account to update. | |||||
* | |||||
* @return void | |||||
*/ | |||||
public static function deleteUser(User $user) | |||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
list($_local, $_domain) = explode('@', $user->email, 2); | if (self::getUserEntry($ldap, $user->email, $dn)) { | ||||
$ldap->delete_entry($dn); | |||||
$domain = $ldap->find_domain($_domain); | |||||
if (!$domain) { | |||||
$ldap->close(); | |||||
return false; | |||||
} | } | ||||
$base_dn = $ldap->domain_root_dn($_domain); | |||||
$dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
if (!$ldap->get_entry($dn)) { | |||||
$ldap->close(); | $ldap->close(); | ||||
return false; | |||||
} | } | ||||
$ldap->delete_entry($dn); | /** | ||||
* Get a user data from LDAP. | |||||
* | |||||
* @param string $email The user email. | |||||
* | |||||
* @return array|false|null | |||||
*/ | |||||
public static function getUser(string $email) | |||||
{ | |||||
$config = self::getConfig('admin'); | |||||
$ldap = self::initLDAP($config); | |||||
$user = self::getUserEntry($ldap, $email, $dn, true); | |||||
$ldap->close(); | $ldap->close(); | ||||
return $user; | |||||
} | } | ||||
/** | /** | ||||
* Update a user in LDAP. | * Update a user in LDAP. | ||||
* | * | ||||
* @param \App\User $user The user account to update. | * @param \App\User $user The user account to update. | ||||
* | * | ||||
* @return bool|void | * @return false|void | ||||
*/ | */ | ||||
public static function updateUser(User $user) | public static function updateUser(User $user) | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
list($_local, $_domain) = explode('@', $user->email, 2); | $newEntry = $oldEntry = self::getUserEntry($ldap, $user->email, $dn, true); | ||||
$domain = $ldap->find_domain($_domain); | if ($oldEntry) { | ||||
self::setUserAttributes($user, $newEntry); | |||||
if (!$domain) { | $ldap->modify_entry($dn, $oldEntry, $newEntry); | ||||
$ldap->close(); | $ldap->close(); | ||||
return false; | } else { | ||||
} | |||||
$base_dn = $ldap->domain_root_dn($_domain); | |||||
$dn = "uid={$user->email},ou=People,{$base_dn}"; | |||||
$oldEntry = $ldap->get_entry($dn); | |||||
if (!$oldEntry) { | |||||
$ldap->close(); | $ldap->close(); | ||||
return false; | return false; | ||||
} | } | ||||
if (!array_key_exists('nsroledn', $oldEntry)) { | |||||
$roles = $ldap->get_entry_attributes($dn, ['nsroledn']); | |||||
if (!empty($roles)) { | |||||
$oldEntry['nsroledn'] = (array)$roles['nsroledn']; | |||||
} | |||||
} | |||||
$newEntry = $oldEntry; | |||||
self::setUserAttributes($user, $newEntry); | |||||
$ldap->modify_entry($dn, $oldEntry, $newEntry); | |||||
$ldap->close(); | |||||
} | } | ||||
/** | /** | ||||
* Initialize connection to LDAP | * Initialize connection to LDAP | ||||
*/ | */ | ||||
private static function initLDAP(array $config, string $privilege = 'admin') | private static function initLDAP(array $config, string $privilege = 'admin') | ||||
{ | { | ||||
$ldap = new \Net_LDAP3($config); | $ldap = new \Net_LDAP3($config); | ||||
▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | private static function setUserAttributes(User $user, array &$entry) | ||||
$entry['givenname'] = $firstName; | $entry['givenname'] = $firstName; | ||||
$entry['sn'] = $lastName; | $entry['sn'] = $lastName; | ||||
$entry['userpassword'] = $user->password_ldap; | $entry['userpassword'] = $user->password_ldap; | ||||
$entry['inetuserstatus'] = $user->status; | $entry['inetuserstatus'] = $user->status; | ||||
$entry['mailquota'] = 0; | $entry['mailquota'] = 0; | ||||
$entry['alias'] = $user->aliases->pluck('alias')->toArray(); | |||||
$roles = []; | $roles = []; | ||||
foreach ($user->entitlements as $entitlement) { | foreach ($user->entitlements as $entitlement) { | ||||
\Log::debug("Examining {$entitlement->sku->title}"); | \Log::debug("Examining {$entitlement->sku->title}"); | ||||
switch ($entitlement->sku->title) { | switch ($entitlement->sku->title) { | ||||
case "mailbox": | case "mailbox": | ||||
break; | break; | ||||
▲ Show 20 Lines • Show All 51 Lines • ▼ Show 20 Lines | private static function getConfig(string $privilege) | ||||
'vlv' => false, | 'vlv' => false, | ||||
'log_hook' => 'App\Backends\LDAP::logHook', | 'log_hook' => 'App\Backends\LDAP::logHook', | ||||
]; | ]; | ||||
return $config; | return $config; | ||||
} | } | ||||
/** | /** | ||||
* Get user entry from LDAP. | |||||
* | |||||
* @param \Net_LDAP3 $ldap Ldap connection | |||||
* @param string $email User email (uid) | |||||
* @param string $dn Reference to user DN | |||||
* @param bool $full Get extra attributes, e.g. nsroledn | |||||
* | |||||
* @return false|null|array User entry, False on error, NULL if not found | |||||
*/ | |||||
protected static function getUserEntry($ldap, $email, &$dn = null, $full = false) | |||||
{ | |||||
list($_local, $_domain) = explode('@', $email, 2); | |||||
$domain = $ldap->find_domain($_domain); | |||||
if (!$domain) { | |||||
return false; | |||||
} | |||||
$base_dn = $ldap->domain_root_dn($_domain); | |||||
$dn = "uid={$email},ou=People,{$base_dn}"; | |||||
$entry = $ldap->get_entry($dn); | |||||
if ($entry && $full) { | |||||
if (!array_key_exists('nsroledn', $entry)) { | |||||
$roles = $ldap->get_entry_attributes($dn, ['nsroledn']); | |||||
if (!empty($roles)) { | |||||
$entry['nsroledn'] = (array) $roles['nsroledn']; | |||||
} | |||||
} | |||||
} | |||||
return $entry ?: null; | |||||
} | |||||
/** | |||||
* Logging callback | * Logging callback | ||||
*/ | */ | ||||
public static function logHook($level, $msg): void | public static function logHook($level, $msg): void | ||||
{ | { | ||||
if ( | if ( | ||||
( | ( | ||||
$level == LOG_INFO | $level == LOG_INFO | ||||
|| $level == LOG_DEBUG | || $level == LOG_DEBUG | ||||
▲ Show 20 Lines • Show All 45 Lines • Show Last 20 Lines |