Differential D3014 Diff 8591 src/app/Backends/LDAP.php

Changeset View

Standalone View

src/app/Backends/LDAP.php

Show First 20 Lines • Show All 225 Lines • ▼ Show 20 Lines	class LDAP
*		*
* @throws \Exception		* @throws \Exception
*/		*/
public static function createGroup(Group $group): void		public static function createGroup(Group $group): void
{		{
$config = self::getConfig('admin');		$config = self::getConfig('admin');
$ldap = self::initLDAP($config);		$ldap = self::initLDAP($config);

list($cn, $domainName) = explode('@', $group->email);		list(, $domainName) = explode('@', $group->email);
		/*
$domain = $group->domain();		$domain = $group->domain();

if (empty($domain)) {		if (empty($domain)) {
self::throwException(		self::throwException(
$ldap,		$ldap,
"Failed to create group {$group->email} in LDAP (" . __LINE__ . ")"		"Failed to create group {$group->email} in LDAP (" . __LINE__ . ")"
);		);
}		}
		*/
$hostedRootDN = \config('ldap.hosted.root_dn');		$hostedRootDN = \config('ldap.hosted.root_dn');
		$domainBaseDN = "ou={$domainName},{$hostedRootDN}";
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";

$groupBaseDN = "ou=Groups,{$domainBaseDN}";		$groupBaseDN = "ou=Groups,{$domainBaseDN}";
		$cn = $ldap->quote_string($group->name);
$dn = "cn={$cn},{$groupBaseDN}";		$dn = "cn={$cn},{$groupBaseDN}";

$entry = [		$entry = [
'cn' => $cn,
'mail' => $group->email,		'mail' => $group->email,
'objectclass' => [		'objectclass' => [
'top',		'top',
'groupofuniquenames',		'groupofuniquenames',
'kolabgroupofuniquenames'		'kolabgroupofuniquenames'
],		],
'uniquemember' => []
];		];

self::setGroupAttributes($ldap, $group, $entry);		self::setGroupAttributes($ldap, $group, $entry);

$result = $ldap->add_entry($dn, $entry);		$result = $ldap->add_entry($dn, $entry);

if (!$result) {		if (!$result) {
self::throwException(		self::throwException(
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines	*/
* @throws \Exception		* @throws \Exception
*/		*/
public static function deleteDomain(Domain $domain): void		public static function deleteDomain(Domain $domain): void
{		{
$config = self::getConfig('admin');		$config = self::getConfig('admin');
$ldap = self::initLDAP($config);		$ldap = self::initLDAP($config);

$hostedRootDN = \config('ldap.hosted.root_dn');		$hostedRootDN = \config('ldap.hosted.root_dn');
$mgmtRootDN = \config('ldap.admin.root_dn');

$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";		$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";

if ($ldap->get_entry($domainBaseDN)) {		if ($ldap->get_entry($domainBaseDN)) {
$result = $ldap->delete_entry_recursive($domainBaseDN);		$result = $ldap->delete_entry_recursive($domainBaseDN);

if (!$result) {		if (!$result) {
self::throwException(		self::throwException(
$ldap,		$ldap,
▲ Show 20 Lines • Show All 197 Lines • ▼ Show 20 Lines	*/
*		*
* @throws \Exception		* @throws \Exception
*/		*/
public static function updateGroup(Group $group): void		public static function updateGroup(Group $group): void
{		{
$config = self::getConfig('admin');		$config = self::getConfig('admin');
$ldap = self::initLDAP($config);		$ldap = self::initLDAP($config);

list($cn, $domainName) = explode('@', $group->email);		$newEntry = $oldEntry = self::getGroupEntry($ldap, $group->email, $dn);

$domain = $group->domain();

if (empty($domain)) {		if (empty($oldEntry)) {
self::throwException(		self::throwException(
$ldap,		$ldap,
"Failed to update group {$group->email} in LDAP (group not found)"		"Failed to update group {$group->email} in LDAP (group not found)"
);		);
}		}

$hostedRootDN = \config('ldap.hosted.root_dn');		self::setGroupAttributes($ldap, $group, $newEntry);

$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";

$groupBaseDN = "ou=Groups,{$domainBaseDN}";

$dn = "cn={$cn},{$groupBaseDN}";

$entry = [		$result = $ldap->modify_entry($dn, $oldEntry, $newEntry);
'cn' => $cn,
'mail' => $group->email,
'objectclass' => [
'top',
'groupofuniquenames',
'kolabgroupofuniquenames'
],
'uniquemember' => []
];

$oldEntry = $ldap->get_entry($dn);

self::setGroupAttributes($ldap, $group, $entry);

$result = $ldap->modify_entry($dn, $oldEntry, $entry);

if (!is_array($result)) {		if (!is_array($result)) {
self::throwException(		self::throwException(
$ldap,		$ldap,
"Failed to update group {$group->email} in LDAP (" . __LINE__ . ")"		"Failed to update group {$group->email} in LDAP (" . __LINE__ . ")"
);		);
}		}

▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines	*/
/**		/**
* Convert group member addresses in to valid entries.		* Convert group member addresses in to valid entries.
*/		*/
private static function setGroupAttributes($ldap, Group $group, &$entry)		private static function setGroupAttributes($ldap, Group $group, &$entry)
{		{
$settings = $group->getSettings(['sender_policy']);		$settings = $group->getSettings(['sender_policy']);

$entry['kolaballowsmtpsender'] = json_decode($settings['sender_policy'] ?: '[]', true);		$entry['kolaballowsmtpsender'] = json_decode($settings['sender_policy'] ?: '[]', true);
		$entry['cn'] = $group->name;
		$entry['uniquemember'] = [];

$validMembers = [];		$validMembers = [];

$domain = $group->domain();		$domain = $group->domain();

$hostedRootDN = \config('ldap.hosted.root_dn');		$hostedRootDN = \config('ldap.hosted.root_dn');

$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";		$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}";
▲ Show 20 Lines • Show All 140 Lines • ▼ Show 20 Lines	*/
* @param \Net_LDAP3 $ldap Ldap connection		* @param \Net_LDAP3 $ldap Ldap connection
* @param string $email Group email (mail)		* @param string $email Group email (mail)
* @param string $dn Reference to group DN		* @param string $dn Reference to group DN
*		*
* @return false\|null\|array Group entry, False on error, NULL if not found		* @return false\|null\|array Group entry, False on error, NULL if not found
*/		*/
private static function getGroupEntry($ldap, $email, &$dn = null)		private static function getGroupEntry($ldap, $email, &$dn = null)
{		{
list($_local, $_domain) = explode('@', $email, 2);		list(, $domainName) = explode('@', $email, 2);

$domain = $ldap->find_domain($_domain);		$domain = $ldap->find_domain($domainName);

if (!$domain) {		if (!$domain) {
return $domain;		return $domain;
}		}

$base_dn = $ldap->domain_root_dn($_domain);		$base_dn = $ldap->domain_root_dn($domainName);
$dn = "cn={$_local},ou=Groups,{$base_dn}";

$entry = $ldap->get_entry($dn);		$attrs = ['dn', 'cn', 'mail', 'uniquemember', 'objectclass', 'kolaballowsmtpsender'];

return $entry ?: null;		// For groups we're using search() instead of get_entry() because
		// a group name is not constant, so e.g. on update we might have
		// the new name, but not the old one. Email address is constant.
		$result = $ldap->search("ou=Groups,{$base_dn}", "(mail=$email)", "sub", $attrs);

		if ($result && $result->count() == 1) {
		$entries = $result->entries(true);
		$dn = key($entries);
		$entry = $entries[$dn];
		$entry['dn'] = $dn;

		return $entry;
		}

		return null;
}		}

/**		/**
* Get user entry from LDAP.		* Get user entry from LDAP.
*		*
* @param \Net_LDAP3 $ldap Ldap connection		* @param \Net_LDAP3 $ldap Ldap connection
* @param string $email User email (uid)		* @param string $email User email (uid)
* @param string $dn Reference to user DN		* @param string $dn Reference to user DN
▲ Show 20 Lines • Show All 102 Lines • Show Last 20 Lines