Changeset View
Changeset View
Standalone View
Standalone View
lib/api/kolab_api_service_domain.php
Show First 20 Lines • Show All 89 Lines • ▼ Show 20 Lines | public function domain_add($getdata, $postdata) | ||||
$auth = Auth::get_instance($conf->get('kolab', 'primary_domain')); | $auth = Auth::get_instance($conf->get('kolab', 'primary_domain')); | ||||
// parse input attributes | // parse input attributes | ||||
$attributes = $this->parse_input_attributes('domain', $postdata); | $attributes = $this->parse_input_attributes('domain', $postdata); | ||||
$attributes[$dna] = (array) $attributes[$dna]; | $attributes[$dna] = (array) $attributes[$dna]; | ||||
$domain = array_shift($attributes[$dna]); | $domain = array_shift($attributes[$dna]); | ||||
$this->_mod_domain_attrs($domain, $attributes, $postdata['type_id']); | |||||
$result = $auth->domain_add($domain, $attributes); | $result = $auth->domain_add($domain, $attributes); | ||||
if ($result) { | if ($result) { | ||||
if ($id = $this->unique_attribute_value($result)) { | if ($id = $this->unique_attribute_value($result)) { | ||||
$attributes['id'] = $id; | $attributes['id'] = $id; | ||||
} | } | ||||
$this->_after_domain_created($attributes, $domain); | |||||
return $attributes; | return $attributes; | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
/** | /** | ||||
* Domain delete. | * Domain delete. | ||||
▲ Show 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | public function domain_edit($getdata, $postdata) | ||||
$domain = $auth->domain_info($postdata['id']); | $domain = $auth->domain_info($postdata['id']); | ||||
if (!empty($domain) && $domain[key($domain)]['inetdomainstatus'] != 'deleted' | if (!empty($domain) && $domain[key($domain)]['inetdomainstatus'] != 'deleted' | ||||
&& !$auth->domain_is_empty($domain) | && !$auth->domain_is_empty($domain) | ||||
) { | ) { | ||||
throw new kolab_api_exception(kolab_api_exception::DOMAIN_NOT_EMPTY); | throw new kolab_api_exception(kolab_api_exception::DOMAIN_NOT_EMPTY); | ||||
} | } | ||||
} | } | ||||
$attributes = $this->parse_input_attributes('domain', $postdata); | $attributes = $this->parse_input_attributes('domain', $postdata, $postdata['type_id']); | ||||
$this->_mod_domain_attrs(null, $attributes); | |||||
$result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']); | $result = $auth->domain_edit($postdata['id'], $attributes, $postdata['type_id']); | ||||
if ($result) { | if ($result) { | ||||
return $result; | return $result; | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 81 Lines • ▼ Show 20 Lines | public function domain_info($getdata, $postdata) | ||||
} | } | ||||
if ($result) { | if ($result) { | ||||
return $result; | return $result; | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
/** | |||||
* Modify hosted domain attributes | |||||
*/ | |||||
protected function _mod_domain_attrs($domain, &$attributes, $type_id) | |||||
{ | |||||
// Generate attributes (aci, inetdomainbasedn) for hosted domains | |||||
if ($type_id == 2) { | |||||
$conf = Conf::get_instance(); | |||||
$domain_name_attribute = $conf->get('ldap', 'domain_name_attribute'); | |||||
$hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn'); | |||||
$mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn'); | |||||
$root_dn = $conf->get('kolab_wap', 'root_dn'); | |||||
if (empty($mgmt_root_dn)) { | |||||
$mgmt_root_dn = $conf->get('root_dn'); | |||||
} | |||||
if (empty($domain_name_attribute)) { | |||||
$domain_name_attribute = 'associateddomain'; | |||||
} | |||||
if (!is_array($attributes[$domain_name_attribute])) { | |||||
$attributes[$domain_name_attribute] = (array) $attributes[$domain_name_attribute]; | |||||
} | |||||
if (empty($domain)) { | |||||
$domain = $attributes[$domain_name_attribute][0]; | |||||
} | |||||
if (!in_array($domain, $attributes[$domain_name_attribute])) { | |||||
array_unshift($attributes[$domain_name_attribute], $domain); | |||||
} | |||||
$domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | |||||
$aci = array( | |||||
/* | |||||
'(targetattr = "*")' | |||||
. '(version 3.0; acl "Deny Unauthorized"; deny (all)' | |||||
. '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | |||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | |||||
. 'roledn = "ldap:///cn=admin-user,' . $mgmt_root_dn . '";)', | |||||
'(targetattr != "userPassword")' | |||||
. '(version 3.0;acl "Search Access";allow (read,compare,search)' | |||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | |||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | |||||
'(targetattr = "*")' | |||||
. '(version 3.0;acl "Kolab Administrators";allow (all)' | |||||
. '(roledn = "ldap:///cn=admin-user,' . $domain_root_dn . ' || ' | |||||
. 'ldap:///cn=admin-user,' . $mgmt_root_dn . '");)' | |||||
*/ | |||||
); | |||||
$attributes['aci'] = $aci; | |||||
$attributes['inetdomainbasedn'] = $domain_root_dn; | |||||
$this->is_hosted = true; | |||||
} | |||||
} | |||||
/** | |||||
* Create LDAP object related to the new hosted domain | |||||
*/ | |||||
protected function _after_domain_created($attributes, $domain) | |||||
{ | |||||
if (!$this->is_hosted) { | |||||
return; | |||||
} | |||||
$conf = Conf::get_instance(); | |||||
$ou_service = $this->controller->get_service('ou'); | |||||
$role_service = $this->controller->get_service('role'); | |||||
$hosted_root_dn = $conf->get('kolab_wap', 'hosted_root_dn'); | |||||
$mgmt_root_dn = $conf->get('kolab_wap', 'mgmt_root_dn'); | |||||
$root_dn = $conf->get('kolab_wap', 'root_dn'); | |||||
$domain_root_dn = 'ou=' . $domain . ',' . $hosted_root_dn; | |||||
if (empty($mgmt_root_dn)) { | |||||
$mgmt_root_dn = $conf->get('root_dn'); | |||||
} | |||||
$ou_domain = array( | |||||
'ou' => $domain, | |||||
'base_dn' => $hosted_root_dn, | |||||
'description' => $domain, | |||||
'type_id' => 1, | |||||
); | |||||
$ou_domain['aci'] = array( | |||||
'(targetattr = "*")' | |||||
. '(version 3.0;acl "Deny Unauthorized"; deny (all)' | |||||
. '(userdn != "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | |||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)") AND NOT ' | |||||
. 'roledn = "ldap:///cn=admin-user,' . $mgmt_root_dn . '";)', | |||||
'(targetattr != "userPassword")' | |||||
. '(version 3.0;acl "Search Access";allow (read,compare,search,write)' | |||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . ' || ' | |||||
. 'ldap:///ou=People,' . $domain_root_dn . '??sub?(objectclass=inetorgperson)");)', | |||||
'(targetattr = "*")' | |||||
. '(version 3.0;acl "Kolab Administrators";allow (all)' | |||||
. '(roledn = "ldap:///cn=admin-user,' . $domain_root_dn . ' || ' | |||||
. 'ldap:///cn=admin-user,' . $mgmt_root_dn . '");)', | |||||
'(target = "ldap:///ou=*,' . $domain_root_dn . '")(targetattr="objectclass || aci || ou")' | |||||
. '(version 3.0;acl "Allow Domain sub-OU Registration"; allow (add)' | |||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', | |||||
'(target = "ldap:///uid=*,ou=People,' . $domain_root_dn . '")(targetattr="*")' | |||||
. '(version 3.0;acl "Allow Domain First User Registration"; allow (add)' | |||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', | |||||
'(target = "ldap:///cn=*,' . $domain_root_dn . '")(targetattr="objectclass || cn")' | |||||
. '(version 3.0;acl "Allow Domain Role Registration"; allow (add)' | |||||
. '(userdn = "ldap:///uid=kolab-service,ou=Special Users,' . $mgmt_root_dn . '");)', | |||||
); | |||||
$ou_service->ou_add(null, $ou_domain); | |||||
// Add OU trees | |||||
foreach (array('Groups', 'People', 'Resources', 'Shared Folders') as $item) { | |||||
$ou = array( | |||||
'ou' => $item, | |||||
'base_dn' => $domain_root_dn, | |||||
'type_id' => 1, | |||||
'description' => $item, | |||||
); | |||||
$ou_service->ou_add(null, $ou); | |||||
} | |||||
// Add an admin role | |||||
$role = array( | |||||
'cn' => 'kolab-admin', | |||||
'description' => 'Domain admin', | |||||
'type_id' => 1, | |||||
'base_dn' => $domain_root_dn, | |||||
); | |||||
$role_service->role_add(null, $role); | |||||
} | |||||
} | } |