Changeset View
Changeset View
Standalone View
Standalone View
src/app/Backends/LDAP.php
Show First 20 Lines • Show All 225 Lines • ▼ Show 20 Lines | class LDAP | ||||
* | * | ||||
* @throws \Exception | * @throws \Exception | ||||
*/ | */ | ||||
public static function createGroup(Group $group): void | public static function createGroup(Group $group): void | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
list($cn, $domainName) = explode('@', $group->email); | list(, $domainName) = explode('@', $group->email); | ||||
/* | |||||
$domain = $group->domain(); | $domain = $group->domain(); | ||||
if (empty($domain)) { | if (empty($domain)) { | ||||
self::throwException( | self::throwException( | ||||
$ldap, | $ldap, | ||||
"Failed to create group {$group->email} in LDAP (" . __LINE__ . ")" | "Failed to create group {$group->email} in LDAP (" . __LINE__ . ")" | ||||
); | ); | ||||
} | } | ||||
*/ | |||||
$hostedRootDN = \config('ldap.hosted.root_dn'); | $hostedRootDN = \config('ldap.hosted.root_dn'); | ||||
$domainBaseDN = "ou={$domainName},{$hostedRootDN}"; | |||||
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | |||||
$groupBaseDN = "ou=Groups,{$domainBaseDN}"; | $groupBaseDN = "ou=Groups,{$domainBaseDN}"; | ||||
$cn = $ldap->quote_string($group->name); | |||||
$dn = "cn={$cn},{$groupBaseDN}"; | $dn = "cn={$cn},{$groupBaseDN}"; | ||||
$entry = [ | $entry = [ | ||||
'cn' => $cn, | |||||
'mail' => $group->email, | 'mail' => $group->email, | ||||
'objectclass' => [ | 'objectclass' => [ | ||||
'top', | 'top', | ||||
'groupofuniquenames', | 'groupofuniquenames', | ||||
'kolabgroupofuniquenames' | 'kolabgroupofuniquenames' | ||||
], | ], | ||||
'uniquemember' => [] | |||||
]; | ]; | ||||
self::setGroupAttributes($ldap, $group, $entry); | self::setGroupAttributes($ldap, $group, $entry); | ||||
$result = $ldap->add_entry($dn, $entry); | $result = $ldap->add_entry($dn, $entry); | ||||
if (!$result) { | if (!$result) { | ||||
self::throwException( | self::throwException( | ||||
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | */ | ||||
* @throws \Exception | * @throws \Exception | ||||
*/ | */ | ||||
public static function deleteDomain(Domain $domain): void | public static function deleteDomain(Domain $domain): void | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
$hostedRootDN = \config('ldap.hosted.root_dn'); | $hostedRootDN = \config('ldap.hosted.root_dn'); | ||||
$mgmtRootDN = \config('ldap.admin.root_dn'); | |||||
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | ||||
if ($ldap->get_entry($domainBaseDN)) { | if ($ldap->get_entry($domainBaseDN)) { | ||||
$result = $ldap->delete_entry_recursive($domainBaseDN); | $result = $ldap->delete_entry_recursive($domainBaseDN); | ||||
if (!$result) { | if (!$result) { | ||||
self::throwException( | self::throwException( | ||||
$ldap, | $ldap, | ||||
▲ Show 20 Lines • Show All 197 Lines • ▼ Show 20 Lines | */ | ||||
* | * | ||||
* @throws \Exception | * @throws \Exception | ||||
*/ | */ | ||||
public static function updateGroup(Group $group): void | public static function updateGroup(Group $group): void | ||||
{ | { | ||||
$config = self::getConfig('admin'); | $config = self::getConfig('admin'); | ||||
$ldap = self::initLDAP($config); | $ldap = self::initLDAP($config); | ||||
list($cn, $domainName) = explode('@', $group->email); | $newEntry = $oldEntry = self::getGroupEntry($ldap, $group->email, $dn); | ||||
$domain = $group->domain(); | |||||
if (empty($domain)) { | if (empty($oldEntry)) { | ||||
self::throwException( | self::throwException( | ||||
$ldap, | $ldap, | ||||
"Failed to update group {$group->email} in LDAP (group not found)" | "Failed to update group {$group->email} in LDAP (group not found)" | ||||
); | ); | ||||
} | } | ||||
$hostedRootDN = \config('ldap.hosted.root_dn'); | self::setGroupAttributes($ldap, $group, $newEntry); | ||||
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | |||||
$groupBaseDN = "ou=Groups,{$domainBaseDN}"; | |||||
$dn = "cn={$cn},{$groupBaseDN}"; | |||||
$entry = [ | $result = $ldap->modify_entry($dn, $oldEntry, $newEntry); | ||||
'cn' => $cn, | |||||
'mail' => $group->email, | |||||
'objectclass' => [ | |||||
'top', | |||||
'groupofuniquenames', | |||||
'kolabgroupofuniquenames' | |||||
], | |||||
'uniquemember' => [] | |||||
]; | |||||
$oldEntry = $ldap->get_entry($dn); | |||||
self::setGroupAttributes($ldap, $group, $entry); | |||||
$result = $ldap->modify_entry($dn, $oldEntry, $entry); | |||||
if (!is_array($result)) { | if (!is_array($result)) { | ||||
self::throwException( | self::throwException( | ||||
$ldap, | $ldap, | ||||
"Failed to update group {$group->email} in LDAP (" . __LINE__ . ")" | "Failed to update group {$group->email} in LDAP (" . __LINE__ . ")" | ||||
); | ); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 93 Lines • ▼ Show 20 Lines | */ | ||||
/** | /** | ||||
* Convert group member addresses in to valid entries. | * Convert group member addresses in to valid entries. | ||||
*/ | */ | ||||
private static function setGroupAttributes($ldap, Group $group, &$entry) | private static function setGroupAttributes($ldap, Group $group, &$entry) | ||||
{ | { | ||||
$settings = $group->getSettings(['sender_policy']); | $settings = $group->getSettings(['sender_policy']); | ||||
$entry['kolaballowsmtpsender'] = json_decode($settings['sender_policy'] ?: '[]', true); | $entry['kolaballowsmtpsender'] = json_decode($settings['sender_policy'] ?: '[]', true); | ||||
$entry['cn'] = $group->name; | |||||
$entry['uniquemember'] = []; | |||||
$validMembers = []; | $validMembers = []; | ||||
$domain = $group->domain(); | $domain = $group->domain(); | ||||
$hostedRootDN = \config('ldap.hosted.root_dn'); | $hostedRootDN = \config('ldap.hosted.root_dn'); | ||||
$domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | $domainBaseDN = "ou={$domain->namespace},{$hostedRootDN}"; | ||||
▲ Show 20 Lines • Show All 140 Lines • ▼ Show 20 Lines | */ | ||||
* @param \Net_LDAP3 $ldap Ldap connection | * @param \Net_LDAP3 $ldap Ldap connection | ||||
* @param string $email Group email (mail) | * @param string $email Group email (mail) | ||||
* @param string $dn Reference to group DN | * @param string $dn Reference to group DN | ||||
* | * | ||||
* @return false|null|array Group entry, False on error, NULL if not found | * @return false|null|array Group entry, False on error, NULL if not found | ||||
*/ | */ | ||||
private static function getGroupEntry($ldap, $email, &$dn = null) | private static function getGroupEntry($ldap, $email, &$dn = null) | ||||
{ | { | ||||
list($_local, $_domain) = explode('@', $email, 2); | list(, $domainName) = explode('@', $email, 2); | ||||
$domain = $ldap->find_domain($_domain); | $domain = $ldap->find_domain($domainName); | ||||
if (!$domain) { | if (!$domain) { | ||||
return $domain; | return $domain; | ||||
} | } | ||||
$base_dn = $ldap->domain_root_dn($_domain); | $base_dn = $ldap->domain_root_dn($domainName); | ||||
$dn = "cn={$_local},ou=Groups,{$base_dn}"; | |||||
$entry = $ldap->get_entry($dn); | $attrs = ['dn', 'cn', 'mail', 'uniquemember', 'objectclass', 'kolaballowsmtpsender']; | ||||
return $entry ?: null; | // For groups we're using search() instead of get_entry() because | ||||
// a group name is not constant, so e.g. on update we might have | |||||
// the new name, but not the old one. Email address is constant. | |||||
$result = $ldap->search("ou=Groups,{$base_dn}", "(mail=$email)", "sub", $attrs); | |||||
if ($result && $result->count() == 1) { | |||||
$entries = $result->entries(true); | |||||
$dn = key($entries); | |||||
$entry = $entries[$dn]; | |||||
$entry['dn'] = $dn; | |||||
return $entry; | |||||
} | |||||
return null; | |||||
} | } | ||||
/** | /** | ||||
* Get user entry from LDAP. | * Get user entry from LDAP. | ||||
* | * | ||||
* @param \Net_LDAP3 $ldap Ldap connection | * @param \Net_LDAP3 $ldap Ldap connection | ||||
* @param string $email User email (uid) | * @param string $email User email (uid) | ||||
* @param string $dn Reference to user DN | * @param string $dn Reference to user DN | ||||
▲ Show 20 Lines • Show All 102 Lines • Show Last 20 Lines |