Changeset View
Changeset View
Standalone View
Standalone View
plugins/kolab_auth/kolab_auth_ldap.php
Show All 31 Lines | class kolab_auth_ldap extends rcube_ldap_generic | ||||
function __construct($p) | function __construct($p) | ||||
{ | { | ||||
$rcmail = rcube::get_instance(); | $rcmail = rcube::get_instance(); | ||||
$this->conf = $p; | $this->conf = $p; | ||||
$this->conf['kolab_auth_user_displayname'] = $rcmail->config->get('kolab_auth_user_displayname', '{name}'); | $this->conf['kolab_auth_user_displayname'] = $rcmail->config->get('kolab_auth_user_displayname', '{name}'); | ||||
$this->conf['kolab_domain_name_attribute'] = $rcmail->config->get('kolab_domain_name_attribute', 'associateddomain'); | |||||
$this->conf['kolab_domain_base_dn'] = $rcmail->config->get('kolab_domain_base_dn', 'cn=kolab,cn=config'); | |||||
$this->conf['debug_level'] = $rcmail->config->get('debug_level', 0); | |||||
$this->fieldmap = $p['fieldmap']; | $this->fieldmap = $p['fieldmap']; | ||||
$this->fieldmap['uid'] = 'uid'; | $this->fieldmap['uid'] = 'uid'; | ||||
$p['attributes'] = array_values($this->fieldmap); | $p['attributes'] = array_values($this->fieldmap); | ||||
$p['debug'] = (bool) $rcmail->config->get('ldap_debug'); | $p['debug'] = (bool) $rcmail->config->get('ldap_debug'); | ||||
// Connect to the server (with bind) | // Connect to the server (with bind) | ||||
▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | private function _connect() | ||||
$this->ready = false; | $this->ready = false; | ||||
} | } | ||||
return $this->ready; | return $this->ready; | ||||
} | } | ||||
/** | /** | ||||
* Get the mail address of the user uniquely identified with the UID, checking all domains available | |||||
*/ | |||||
function get_mail_of_user_across_domains($user, $filter) | |||||
{ | |||||
$count = 0; | |||||
$mail = ''; | |||||
if ($result = parent::search($this->conf['kolab_domain_base_dn'], '', '', array($this->conf['kolab_domain_name_attribute']))) { | |||||
if ($result->count() > 0) { | |||||
foreach ($result->entries(true) as $dn => $attrs) { | |||||
$domain = $attrs[$this->conf['kolab_domain_name_attribute']]; | |||||
if (is_array($domain)) { | |||||
$dc = $this->domain_root_dn($domain[0]); | |||||
} else { | |||||
$dc = $this->domain_root_dn($domain); | |||||
} | |||||
// check if the user lives in this domain | |||||
if ($result2 = parent::search('ou=people,'.$dc, $filter, '', array('mail'))) { | |||||
$count += $result2->count(); | |||||
if ($result2->count() == 1) { | |||||
$entries = $result2->entries(true); | |||||
$entry = array_pop($entries); | |||||
$mail = $entry['mail']; | |||||
} | |||||
} | |||||
} | |||||
} | |||||
} | |||||
if ($count == 1) { | |||||
if ($this->conf['debug_level'] > 0) { | |||||
rcube::console("Authentication: use mail address $mail for user with UID $user"); | |||||
} | |||||
return $mail; | |||||
} else if ($count > 0) { | |||||
rcube::write_log('errors', "Authentication: found multiple users with UID $user, therefore cancelling login"); | |||||
} | |||||
return False; | |||||
} | |||||
/** | |||||
* Fetches user data from LDAP addressbook | * Fetches user data from LDAP addressbook | ||||
*/ | */ | ||||
function get_user_record($user, $host) | function get_user_record($user, $host) | ||||
{ | { | ||||
$rcmail = rcube::get_instance(); | $rcmail = rcube::get_instance(); | ||||
$filter = $rcmail->config->get('kolab_auth_filter'); | $filter = $rcmail->config->get('kolab_auth_filter'); | ||||
$filter = $this->parse_vars($filter, $user, $host); | $filter = $this->parse_vars($filter, $user, $host); | ||||
$base_dn = $this->parse_vars($this->config['base_dn'], $user, $host); | $base_dn = $this->parse_vars($this->config['base_dn'], $user, $host); | ||||
$scope = $this->config['scope']; | $scope = $this->config['scope']; | ||||
// @TODO: print error if filter is empty | // @TODO: print error if filter is empty | ||||
// get record | // get record | ||||
if ($result = parent::search($base_dn, $filter, $scope, $this->attributes)) { | if ($result = parent::search($base_dn, $filter, $scope, $this->attributes)) { | ||||
if ($result->count() == 1) { | if ($result->count() == 1) { | ||||
$entries = $result->entries(true); | $entries = $result->entries(true); | ||||
$dn = key($entries); | $dn = key($entries); | ||||
$entry = array_pop($entries); | $entry = array_pop($entries); | ||||
$entry = $this->field_mapping($dn, $entry); | $entry = $this->field_mapping($dn, $entry); | ||||
return $entry; | return $entry; | ||||
} else { | |||||
if ($mail = $this->get_mail_of_user_across_domains($user, $filter)) { | |||||
return $this->get_user_record($mail, $host); | |||||
} | |||||
} | } | ||||
} | } | ||||
} | } | ||||
/** | /** | ||||
* Fetches user data from LDAP addressbook | * Fetches user data from LDAP addressbook | ||||
*/ | */ | ||||
function get_user_groups($dn, $user, $host) | function get_user_groups($dn, $user, $host) | ||||
▲ Show 20 Lines • Show All 346 Lines • Show Last 20 Lines |