From: Jan Schneider <jan@horde.org>
Date: Mon, 20 Sep 2010 16:29:05 +0000 (+0200)
Subject: Configure bind type, binddn and scope in configldap, but only put the bind type into... 
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=310c445adf04d72192dc754e634061ecaa7fbbf1;p=horde.git

Configure bind type, binddn and scope in configldap, but only put the bind type into the global LDAP configuration.
---

diff --git a/framework/Auth/lib/Horde/Auth/Ldap.php b/framework/Auth/lib/Horde/Auth/Ldap.php
index 67e0a1c6d..96b206606 100644
--- a/framework/Auth/lib/Horde/Auth/Ldap.php
+++ b/framework/Auth/lib/Horde/Auth/Ldap.php
@@ -389,7 +389,7 @@ class Horde_Auth_Ldap extends Horde_Auth_Base
         try {
             $search = $this->_ldap->search(
                 $this->_params['basedn'],
-                Horde_Ldap_Filter::build($this->_params),
+                Horde_Ldap_Filter::build(array('filter' => $this->_params['filter'])),
                 $params)
                 ->asArray();
             $uid = Horde_String::lower($this->_params['uid']);
diff --git a/framework/Core/lib/Horde/Config.php b/framework/Core/lib/Horde/Config.php
index 699500815..5863781ed 100644
--- a/framework/Core/lib/Horde/Config.php
+++ b/framework/Core/lib/Horde/Config.php
@@ -677,25 +677,18 @@ class Horde_Config
                 'default' => $this->_default($ctx . '|hostspec', '')
             ),
 
-            'searchdn' => array(
-                '_type' => 'text',
+            'port' => array(
+                '_type' => 'int',
                 'required' => false,
-                'desc' => 'DN used to bind to LDAP for searches (blank for anonymous)',
-                'default' => $this->_default($ctx . '|searchdn', '')
+                'desc' => 'Port on which LDAP is listening, if non-standard',
+                'default' => $this->_default($ctx . '|port', null)
             ),
 
-            'searchpw' => array(
-                '_type' => 'text',
+            'tls' => array(
+                '_type' => 'boolean',
                 'required' => false,
-                'desc' => 'Password for search bind DN (blank for anonymous)',
-                'default' => $this->_default($ctx . '|searchpw', '')
-            ),
-
-            'basedn' => array(
-                '_type' => 'text',
-                'required' => true,
-                'desc' => 'Base DN',
-                'default' => $this->_default($ctx . '|basedn', '')
+                'desc' => 'Use TLS to connect to the server?',
+                'default' => $this->_default($ctx . '|tls', false)
             ),
 
             'version' => array(
@@ -716,20 +709,55 @@ class Horde_Config
                 'default' => $this->_default($ctx . '|version', 3)
             ),
 
-            'port' => array(
-                '_type' => 'int',
-                'required' => false,
-                'desc' => 'Port on which LDAP is listening, if non-standard',
-                'default' => $this->_default($ctx . '|port', null)
-            ),
-
-            'writeas' => array(
-                'desc' => 'Bind to LDAP as which user when performing writes?',
-                'default' => $this->_default($ctx . '|writeas', 'search'),
+            'bindas' => array(
+                'desc' => 'Bind to LDAP as which user?',
+                'default' => $this->_default($ctx . '|bindas', 'admin'),
                 'switch' => array(
+                    'anon' => array(
+                        'desc' => 'Bind anonymously',
+                        'fields' => array()
+                    ),
                     'user' => array(
                         'desc' => 'Bind as the currently logged-in user',
-                        'fields' => array()
+                        'fields' => array(
+                            'user' => array(
+                                'uid' => array(
+                                    '_type' => 'text',
+                                    'required' => true,
+                                    'desc' => 'The username search key (set to samaccountname for AD).',
+                                    'default' => $this->_default($ctx . '|user|uid', 'uid')
+                                ),
+                                'filter_type' => array(
+                                    'required' => false,
+                                    'desc' => 'How to specify a filter for the user lists.',
+                                    'default' => $this->_default($ctx . '|user|filter_type', 'objectclass'),
+                                    'switch' => array(
+                                        'filter' => array(
+                                            'desc' => 'LDAP filter string',
+                                            'fields' => array(
+                                                'filter' => array(
+                                                    '_type' => 'text',
+                                                    'required' => true,
+                                                    'desc' => 'The LDAP filter string used to search for users.',
+                                                    'default' => $this->_default($ctx . '|user|filter', '(objectClass=*)')
+                                                ),
+                                            ),
+                                        ),
+                                        'objectclass' => array(
+                                            'desc' => 'List of objectClasses',
+                                            'fields' => array(
+                                                'objectclass' => array(
+                                                    '_type' => 'stringlist',
+                                                    'required' => true,
+                                                    'desc' => 'The objectclass filter used to search for users. Can be a single objectclass or a comma-separated list.',
+                                                    'default' => implode(', ', $this->_default($ctx . '|user|objectclass', array('*')))
+                                                ),
+                                            ),
+                                        ),
+                                    ),
+                                ),
+                            ),
+                        ),
                     ),
                     'admin' => array(
                         'desc' => 'Bind with administrative/system credentials',
@@ -737,39 +765,28 @@ class Horde_Config
                             'binddn' => array(
                                 '_type' => 'text',
                                 'required' => true,
-                                'desc' => 'DN used to bind to LDAP for writes',
-                                'default' => $this->_default($ctx . '|writeas', '')
+                                'desc' => 'DN used to bind to LDAP',
+                                'default' => $this->_default($ctx . '|binddn', '')
                             ),
                             'bindpw' => array(
                                 '_type' => 'text',
                                 'required' => true,
-                                'desc' => 'Password for write bind DN',
-                                'default' => $this->_default($ctx . '|writepw', '')
+                                'desc' => 'Password for bind DN',
+                                'default' => $this->_default($ctx . '|bindpw', '')
                             )
                         )
                     ),
-                    'search' => array(
-                        'desc' => 'Use same credentials as used for LDAP searches',
-                        'fields' => array()
-                    )
                 )
             ),
-
-            'tls' => array(
-                '_type' => 'boolean',
-                'required' => false,
-                'desc' => 'Use TLS to connect to the server?',
-                'default' => $this->_default($ctx . '|tls', false)
-            ),
-
-            'ca' => array(
-                '_type' => 'text',
-                'required' => false,
-                'desc' => 'Certification Authority to use for SSL connections',
-                'default' => $this->_default($ctx . '|ca', '')
-            )
         );
 
+        if (isset($node) && $node->getAttribute('excludebind')) {
+            $excludes = explode(',', $node->getAttribute('excludebind'));
+            foreach ($excludes as $exclude) {
+                unset($fields['bindas']['switch'][$exclude]);
+            }
+        }
+
         if (isset($node) && $node->getAttribute('baseconfig') == 'true') {
             return array(
                 'desc' => 'Use LDAP?',
@@ -787,6 +804,24 @@ class Horde_Config
             );
         }
 
+        $standardFields = array(
+            'basedn' => array(
+                '_type' => 'text',
+                'required' => true,
+                'desc' => 'Base DN',
+                'default' => $this->_default($ctx . '|basedn', '')
+            ),
+            'scope' => array(
+                '_type' => 'enum',
+                'required' => true,
+                'desc' => 'Search scope',
+                'default' => $this->_default($ctx . '|scope', ''),
+                'values' => array(
+                    'sub' => 'Subtree search',
+                    'one' => 'One level'),
+            ),
+        );
+
         list($default, $isDefault) = $this->__default($ctx . '|' . (isset($node) ? $node->getAttribute('switchname') : $switchname), 'horde');
         $config = array(
             'desc' => 'Driver configuration',
@@ -795,11 +830,11 @@ class Horde_Config
             'switch' => array(
                 'horde' => array(
                     'desc' => 'Horde defaults',
-                    'fields' => array()
+                    'fields' => $standardFields,
                 ),
                 'custom' => array(
                     'desc' => 'Custom parameters',
-                    'fields' => $fields
+                    'fields' => $fields + $standardFields,
                 )
             )
         );
diff --git a/framework/Group/lib/Horde/Group/Ldap.php b/framework/Group/lib/Horde/Group/Ldap.php
index 0fc28871b..66a62d784 100644
--- a/framework/Group/lib/Horde/Group/Ldap.php
+++ b/framework/Group/lib/Horde/Group/Ldap.php
@@ -86,7 +86,7 @@ class Horde_Group_Ldap extends Horde_Group
         }
 
         /* Generate LDAP search filter. */
-        $this->_filter = Horde_Ldap_Filter::build($this->_params);
+        $this->_filter = Horde_Ldap_Filter::build($this->_params['search']);
 
         /* Connect to server. */
         $this->_ldap = new Horde_Ldap($this->_params);
diff --git a/framework/Ldap/lib/Horde/Ldap.php b/framework/Ldap/lib/Horde/Ldap.php
index 8580d67e8..e02b94b6c 100644
--- a/framework/Ldap/lib/Horde/Ldap.php
+++ b/framework/Ldap/lib/Horde/Ldap.php
@@ -23,7 +23,7 @@ class Horde_Ldap
      *                   several hosts to try).
      * - port:           the server port.
      * - version:        LDAP version (defaults to 3).
-     * - starttls:       when set, ldap_start_tls() is run after connecting.
+     * - tls:            when set, ldap_start_tls() is run after connecting.
      * - binddn:         the DN to bind as when searching.
      * - bindpw:         password to use when searching LDAP.
      * - basedn:         LDAP base.
@@ -49,7 +49,7 @@ class Horde_Ldap
         'hostspec'        => 'localhost',
         'port'            => 389,
         'version'         => 3,
-        'starttls'        => false,
+        'tls'             => false,
         'binddn'          => '',
         'bindpw'          => '',
         'basedn'          => '',
@@ -311,7 +311,7 @@ class Horde_Ldap
             /* If we're supposed to use TLS, do so before we try to bind, as
              * some strict servers only allow binding via secure
              * connections. */
-            if ($this->_config['starttls']) {
+            if ($this->_config['tls']) {
                 try {
                     $this->startTLS();
                 } catch (Horde_Ldap_Exception $e) {
diff --git a/horde/config/conf.xml b/horde/config/conf.xml
index 2c8119ce9..2861b7d7c 100644
--- a/horde/config/conf.xml
+++ b/horde/config/conf.xml
@@ -313,13 +313,7 @@
 
     <case name="ldap" desc="LDAP authentication">
      <configsection name="params">
-      <configldap switchname="driverconfig">
-       <configenum name="scope" desc="Search scope">sub
-        <values>
-         <value desc="Subtree search">sub</value>
-         <value desc="One level">one</value>
-        </values>
-       </configenum>
+      <configldap switchname="driverconfig" excludebind="user">
        <configstring name="sizelimit" required="false" desc="Size limit for
        listing users on large directories"/>
        <configboolean name="ad" desc="Is this an AD server?">
@@ -343,16 +337,13 @@
          <value>ssha</value>
         </values>
        </configenum>
-
        <configlist name="newuser_objectclass" desc="What objectclasses should a
        new user account be member of? These objectclasses should cover the
        cn,sn,userPassword attributes as well as the username search key">
        shadowAccount,inetOrgPerson</configlist>
-
        <configstring name="filter" desc="The LDAP RFC formatted filter used
-         to search for users.">(objectclass=*)
+         to search for users.">(objectclass=shadowAccount)
        </configstring>
-
        <configswitch name="password_expiration" desc="Enable the creating of
        accounts with expiring passwords? (Note: New users should have the
        shadowAccount objectclass)">no
@@ -826,7 +817,8 @@
      <case name="Ldap" desc="LDAP">
       <configsection name="params">
        <configldap switchname="driverconfig">
-        <configstring name="uid" desc="The username search key"/>
+        <configstring name="uid" desc="The username search key for finding
+        preferences">uid</configstring>
        </configldap>
       </configsection>
      </case>
@@ -903,18 +895,20 @@
        a new group be member of? These objectclasses should cover the mail and
        gidnumber attributes as well as the group search key">
        posixGroup,hordeGroup</configlist>
-       <configswitch name="filter_type" desc="How to specify a filter for the
-       group lists">objectclass
-        <case name="objectclass" desc="One or more objectclass filters">
-         <configlist name="objectclass" desc="The objectclass filter used to
-         search for groups. Can be a single objectclass or a list.">
-         posixGroup</configlist>
-        </case>
-        <case name="free" desc="A complete LDAP filter expression">
-         <configstring name="filter" desc="The LDAP RFC formatted filter used
-         to search for groups."/>
-        </case>
-       </configswitch>
+       <configsection name="search">
+        <configswitch name="filter_type" desc="How to specify a filter for the
+        group lists">objectclass
+         <case name="objectclass" desc="One or more objectclass filters">
+          <configlist name="objectclass" desc="The objectclass filter used to
+          search for groups. Can be a single objectclass or a list.">
+          posixGroup</configlist>
+         </case>
+         <case name="filter" desc="A complete LDAP filter expression">
+          <configstring name="filter" desc="The LDAP RFC formatted filter used
+          to search for groups."/>
+         </case>
+        </configswitch>
+       </configsection>
       </configldap>
      </configsection>
     </case>