Changeset View
Changeset View
Standalone View
Standalone View
plugins/kolab_auth/kolab_auth_ldap.php
| Show All 31 Lines | class kolab_auth_ldap extends rcube_ldap_generic | ||||
| function __construct($p) | function __construct($p) | ||||
| { | { | ||||
| $rcmail = rcube::get_instance(); | $rcmail = rcube::get_instance(); | ||||
| $this->conf = $p; | $this->conf = $p; | ||||
| $this->conf['kolab_auth_user_displayname'] = $rcmail->config->get('kolab_auth_user_displayname', '{name}'); | $this->conf['kolab_auth_user_displayname'] = $rcmail->config->get('kolab_auth_user_displayname', '{name}'); | ||||
| $this->conf['kolab_domain_name_attribute'] = $rcmail->config->get('kolab_domain_name_attribute', 'associateddomain'); | |||||
| $this->conf['kolab_domain_base_dn'] = $rcmail->config->get('kolab_domain_base_dn', 'cn=kolab,cn=config'); | |||||
| $this->conf['debug_level'] = $rcmail->config->get('debug_level', 0); | |||||
| $this->fieldmap = $p['fieldmap']; | $this->fieldmap = $p['fieldmap']; | ||||
| $this->fieldmap['uid'] = 'uid'; | $this->fieldmap['uid'] = 'uid'; | ||||
| $p['attributes'] = array_values($this->fieldmap); | $p['attributes'] = array_values($this->fieldmap); | ||||
| $p['debug'] = (bool) $rcmail->config->get('ldap_debug'); | $p['debug'] = (bool) $rcmail->config->get('ldap_debug'); | ||||
| // Connect to the server (with bind) | // Connect to the server (with bind) | ||||
| ▲ Show 20 Lines • Show All 50 Lines • ▼ Show 20 Lines | private function _connect() | ||||
| $this->ready = false; | $this->ready = false; | ||||
| } | } | ||||
| return $this->ready; | return $this->ready; | ||||
| } | } | ||||
| /** | /** | ||||
| * Get the mail address of the user uniquely identified with the UID, checking all domains available | |||||
| */ | |||||
| function get_mail_of_user_across_domains($user, $filter) | |||||
| { | |||||
| $count = 0; | |||||
| $mail = ''; | |||||
| if ($result = parent::search($this->conf['kolab_domain_base_dn'], '', '', array($this->conf['kolab_domain_name_attribute']))) { | |||||
| if ($result->count() > 0) { | |||||
| foreach ($result->entries(true) as $dn => $attrs) { | |||||
| $domain = $attrs[$this->conf['kolab_domain_name_attribute']]; | |||||
| if (is_array($domain)) { | |||||
| $dc = $this->domain_root_dn($domain[0]); | |||||
| } else { | |||||
| $dc = $this->domain_root_dn($domain); | |||||
| } | |||||
| // check if the user lives in this domain | |||||
| if ($result2 = parent::search('ou=people,'.$dc, $filter, '', array('mail'))) { | |||||
| $count += $result2->count(); | |||||
| if ($result2->count() == 1) { | |||||
| $entries = $result2->entries(true); | |||||
| $entry = array_pop($entries); | |||||
| $mail = $entry['mail']; | |||||
| } | |||||
| } | |||||
| } | |||||
| } | |||||
| } | |||||
| if ($count == 1) { | |||||
| if ($this->conf['debug_level'] > 0) { | |||||
| rcube::console("Authentication: use mail address $mail for user with UID $user"); | |||||
| } | |||||
| return $mail; | |||||
| } else if ($count > 0) { | |||||
| rcube::write_log('errors', "Authentication: found multiple users with UID $user, therefore cancelling login"); | |||||
| } | |||||
| return False; | |||||
| } | |||||
| /** | |||||
| * Fetches user data from LDAP addressbook | * Fetches user data from LDAP addressbook | ||||
| */ | */ | ||||
| function get_user_record($user, $host) | function get_user_record($user, $host) | ||||
| { | { | ||||
| $rcmail = rcube::get_instance(); | $rcmail = rcube::get_instance(); | ||||
| $filter = $rcmail->config->get('kolab_auth_filter'); | $filter = $rcmail->config->get('kolab_auth_filter'); | ||||
| $filter = $this->parse_vars($filter, $user, $host); | $filter = $this->parse_vars($filter, $user, $host); | ||||
| $base_dn = $this->parse_vars($this->config['base_dn'], $user, $host); | $base_dn = $this->parse_vars($this->config['base_dn'], $user, $host); | ||||
| $scope = $this->config['scope']; | $scope = $this->config['scope']; | ||||
| // @TODO: print error if filter is empty | // @TODO: print error if filter is empty | ||||
| // get record | // get record | ||||
| if ($result = parent::search($base_dn, $filter, $scope, $this->attributes)) { | if ($result = parent::search($base_dn, $filter, $scope, $this->attributes)) { | ||||
| if ($result->count() == 1) { | if ($result->count() == 1) { | ||||
| $entries = $result->entries(true); | $entries = $result->entries(true); | ||||
| $dn = key($entries); | $dn = key($entries); | ||||
| $entry = array_pop($entries); | $entry = array_pop($entries); | ||||
| $entry = $this->field_mapping($dn, $entry); | $entry = $this->field_mapping($dn, $entry); | ||||
| return $entry; | return $entry; | ||||
| } else { | |||||
| if ($mail = $this->get_mail_of_user_across_domains($user, $filter)) { | |||||
| return $this->get_user_record($mail, $host); | |||||
| } | |||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| /** | /** | ||||
| * Fetches user data from LDAP addressbook | * Fetches user data from LDAP addressbook | ||||
| */ | */ | ||||
| function get_user_groups($dn, $user, $host) | function get_user_groups($dn, $user, $host) | ||||
| ▲ Show 20 Lines • Show All 346 Lines • Show Last 20 Lines | |||||