From 0b7b63dd35159e881b09b3f7e3ecea7dff63cd1c Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Sun, 17 Dec 2017 18:07:40 +0100 Subject: [PATCH] Retrieve dn with getBaseDN static method --- htdocs/auth.php | 2 +- htdocs/lib/auth.php | 2 +- htdocs/lib/class.ldapaccount.php | 17 +++---- htdocs/lib/class.ldapalias.php | 15 +++--- htdocs/lib/class.ldapdomain.php | 57 ++++++++------------- htdocs/lib/class.ldapserver.php | 87 +++++++++++++++++++------------- 6 files changed, 87 insertions(+), 93 deletions(-) diff --git a/htdocs/auth.php b/htdocs/auth.php index dde4891..9dc96a2 100644 --- a/htdocs/auth.php +++ b/htdocs/auth.php @@ -16,7 +16,7 @@ if (isset($_SESSION['login'])) { } if (!empty($_POST['login'])) { - if ($server = new LdapServer(Html::clean($_POST['login']))) { + if ($server = new LdapServer(Html::clean($_POST['login']), LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI)) { if ($server->login(Html::clean($_POST['password']))) { $_SESSION['login'] = $server->getLogin(); $_SESSION['dn'] = $server->getDn(); diff --git a/htdocs/lib/auth.php b/htdocs/lib/auth.php index 86a55b6..c9aefd2 100644 --- a/htdocs/lib/auth.php +++ b/htdocs/lib/auth.php @@ -8,7 +8,7 @@ if (empty($_SESSION['login'])) { exit(0); } else { try { - $server = new LdapServer($_SESSION['login']); + $server = new LdapServer($_SESSION['login'], LDAP_BASE, LDAP_ADMIN_DN, LDAP_ADMIN_PASS, LDAP_URI); if (!empty($_GET['domain'])) { $domain = new LdapDomain($server, Html::clean($_GET['domain'])); if (!empty($_GET['account'])) { diff --git a/htdocs/lib/class.ldapaccount.php b/htdocs/lib/class.ldapaccount.php index 8d70436..a78a990 100644 --- a/htdocs/lib/class.ldapaccount.php +++ b/htdocs/lib/class.ldapaccount.php @@ -2,20 +2,17 @@ class LdapAccount extends LdapDomain { static $objectClass = array('mailAccount', 'posixAccount', 'organizationalRole'); - - static public function getClassFilter() { - return '(ObjectClass='.self::$objectClass[0].')'; - } + static $dn='uid'; protected $domain,$uid,$name,$active=false,$admin=false,$courier=false,$authsmtp=false; private $aliases=array(),$redirections=array(); public function __construct(LdapDomain $domain, $uid) { - $this->conn = $domain->conn; - $this->domain = $domain->getName(); + $this->domain = $domain; + $this->conn = $this->domain->server->getConn(); $this->uid = $uid; - if ($sr = @ldap_search($this->conn, "uid=".$uid.",cn=".$this->domain.",".LDAP_BASE, self::getClassFilter())) { + if ($sr = @ldap_search($this->conn, self::getBaseDN($this->domain, $uid), self::getClassFilter())) { $objects = ldap_get_entries($this->conn, $sr); $object = $objects[0]; $this->name = $object['cn'][0]; @@ -23,7 +20,7 @@ class LdapAccount extends LdapDomain { $this->admin = ($object['isadmin'][0] == 'TRUE') ? true : false; $this->courier = ($object['courieractive'][0] == 'TRUE') ? true : false; $this->authsmtp = ($object['authsmtpactive'][0] == 'TRUE') ? true : false; - //$this->quota = getquota($this->domain,'user'); + //$this->quota = getquota($this->domain->getName(),'user'); $this->aliases = array_filter($object['mailacceptinggeneralid'], "is_string"); $this->redirections = array_filter($object['maildrop'], "is_string"); } else { @@ -43,7 +40,7 @@ class LdapAccount extends LdapDomain { $info["webmailActive"] = ($webmailactive) ? 'TRUE' : 'FALSE'; $info["authsmtpActive"] = ($authsmtpactive) ? 'TRUE' : 'FALSE'; #$info["amavisBypassSpamChecks"] = ($amavisBypassSpamChecks) ? 'TRUE' : 'FALSE'; - if (!ldap_mod_replace($this->conn, "uid=".$this->uid.",cn=".$this->domain.",".LDAP_BASE, $info)) { + if (!ldap_mod_replace($this->conn, self::getBaseDN(), $info)) { $error = ldap_error($this->conn); throw new Exception("Erreur pendant la modification du compte : $error"); } @@ -66,7 +63,7 @@ class LdapAccount extends LdapDomain { } public function getAliases() { - return preg_replace('/@'.$this->domain.'/', '', $this->aliases); + return preg_replace('/@'.$this->domain->getName().'/', '', $this->aliases); } public function getRedirections() { diff --git a/htdocs/lib/class.ldapalias.php b/htdocs/lib/class.ldapalias.php index b7fdae5..884a195 100644 --- a/htdocs/lib/class.ldapalias.php +++ b/htdocs/lib/class.ldapalias.php @@ -2,20 +2,17 @@ class LdapAlias extends LdapDomain { static $objectClass = array('mailAlias'); - - static public function getClassFilter() { - return '(ObjectClass='.self::$objectClass[0].')'; - } + static $dn='cn'; protected $domain,$name,$active=false; private $aliases=array(),$redirections=array(); public function __construct(LdapDomain $domain, $name) { - $this->conn = $domain->conn; - $this->domain = $domain->getName(); + $this->domain = $domain; + $this->conn = $this->conn = $this->domain->server->getConn(); $this->name = $name; - if ($sr = @ldap_search($this->conn, "cn=".$name.",cn=".$this->domain.",".LDAP_BASE, self::getClassFilter())) { + if ($sr = @ldap_search($this->conn, self::getBaseDN($this->domain, $name), self::getClassFilter())) { $objects = ldap_get_entries($this->conn, $sr); $object = $objects[0]; $this->active = ($object['isactive'][0] == 'TRUE') ? true : false; @@ -37,7 +34,7 @@ class LdapAlias extends LdapDomain { return filter_var($value, FILTER_VALIDATE_EMAIL); }); - if (!@ldap_mod_replace($this->conn, "cn=".$this->getName().",cn=".$this->domain.",".LDAP_BASE, $info)) { + if (!@ldap_mod_replace($this->conn, self::getBaseDN($this), $info)) { $error = ldap_error($this->conn); throw new Exception("Erreur pendant la modification de l'alias : $error"); } @@ -48,7 +45,7 @@ class LdapAlias extends LdapDomain { } public function getAliases() { - return preg_replace('/@'.$this->domain.'/', '', $this->aliases); + return preg_replace('/@'.$this->domain->getName().'/', '', $this->aliases); } public function getRedirections() { diff --git a/htdocs/lib/class.ldapdomain.php b/htdocs/lib/class.ldapdomain.php index 9eee20d..2761742 100644 --- a/htdocs/lib/class.ldapdomain.php +++ b/htdocs/lib/class.ldapdomain.php @@ -2,22 +2,17 @@ class LdapDomain extends LdapServer { static $objectClass = array('postfixDomain', 'posixGroup'); + static $dn='cn'; - static public function getClassFilter() { - return '(ObjectClass='.self::$objectClass[0].')'; - } - - protected $domain,$active=false; + protected $domain,$active=false,$server; private $quota="0M/0M",$mail_accounts=array(),$mail_alias=array(),$posix_accounts=array(),$smb_accounts=array(),$accounts=array(),$alias=array(); public function __construct(LdapServer $server, $name) { - $this->conn = $server->conn; - $this->login = $server->login; - $this->superadmin = $server->superadmin; - $this->dn = $server->dn; + $this->server = $server; + $this->conn = $server->getConn(); $this->domain = $name; - if ($sr = @ldap_search($this->conn, "cn=".$this->domain.",".LDAP_BASE, "(ObjectClass=*)")) { + if ($sr = @ldap_search($this->conn, self::getBaseDN($this), "(ObjectClass=*)")) { $objects = ldap_get_entries($this->conn, $sr); foreach($objects as $object) { @@ -29,10 +24,10 @@ class LdapDomain extends LdapServer { array_push($this->posix_accounts,$object['uid'][0]); } if (in_array(LdapAccount::$objectClass[0], $object['objectclass'])) { - array_push($this->mail_accounts,$object['uid'][0]); + array_push($this->mail_accounts,$object[LdapAccount::$dn][0]); } if (in_array(LdapAlias::$objectClass[0], $object['objectclass'])) { - array_push($this->mail_alias,$object['cn'][0]); + array_push($this->mail_alias,$object[LdapAlias::$dn][0]); } if (in_array("sambaSamAccount",$object['objectclass'])) { array_push($this->smb_accounts,$object['uid'][0]); @@ -46,18 +41,12 @@ class LdapDomain extends LdapServer { } public function getAccounts() { - global $conf; if (count($this->accounts) == 0) { - if (! $conf['domaines']['onlyone']) { - $rdn = ($conf['evoadmin']['version'] > 2) ? "cn=" .$this->domain. "," .LDAP_BASE : "domain=" .$this->domain. "," .LDAP_BASE; - } else { - $rdn = "ou=people," .LDAP_BASE; - } - $sr = ldap_search($this->conn, $rdn, LdapAccount::getClassfilter()); + $sr = ldap_search($this->conn, self::getBaseDN($this), LdapAccount::getClassfilter()); $objects = ldap_get_entries($this->conn, $sr); foreach($objects as $object) { - if(!empty($object["uid"][0])) { - $account = new LdapAccount($this, $object["uid"][0]); + if(!empty($object[LdapAccount::$dn][0])) { + $account = new LdapAccount($this, $object[LdapAccount::$dn][0]); array_push($this->accounts, $account); } } @@ -66,18 +55,12 @@ class LdapDomain extends LdapServer { } public function getAlias() { - global $conf; if (count($this->alias) == 0) { - if (! $conf['domaines']['onlyone']) { - $rdn = ($conf['evoadmin']['version'] > 2) ? "cn=" .$this->domain. "," .LDAP_BASE : "domain=" .$this->domain. "," .LDAP_BASE; - } else { - $rdn = "ou=people," .LDAP_BASE; - } - $sr = ldap_search($this->conn, $rdn, LdapAlias::getClassFilter()); + $sr = ldap_search($this->conn, self::getBaseDN($this), LdapAlias::getClassFilter()); $objects = ldap_get_entries($this->conn, $sr); foreach($objects as $object) { - if(!empty($object["cn"][0])) { - $alias = new LdapAlias($this, $object["cn"][0]); + if(!empty($object[LdapAlias::$dn][0])) { + $alias = new LdapAlias($this, $object[LdapAlias::$dn][0]); array_push($this->alias, $alias); } } @@ -95,7 +78,7 @@ class LdapDomain extends LdapServer { } $mail = $uid.'@'.$this->getName(); $password = "{SSHA}".Ldap::ssha($password); - $info["uid"] = $mail; + $info[LdapAccount::$dn] = $mail; $info["cn"] = $name; $info["homeDirectory"] = "/home/vmail/" .$this->getName(). "/" .$uid. "/"; $info["uidNumber"]= $conf['unix']['uid']; @@ -112,7 +95,7 @@ class LdapDomain extends LdapServer { #$info["amavisBypassSpamChecks"] = ($amavisBypassSpamChecks) ? 'TRUE' : 'FALSE'; $info["userPassword"] = $password; - if (@ldap_add($this->conn, "uid=".$mail.",cn=".$this->domain.",".LDAP_BASE, $info)) { + if (@ldap_add($this->conn, LdapAccount::getBaseDN($this, $mail), $info)) { mail($name, 'Premier message',"Mail d'initialisation du compte."); mailnotify($info,$this->getname(),$password); } else { @@ -122,7 +105,7 @@ class LdapDomain extends LdapServer { } public function addAlias($name,$active=false,$mailaccept=array(),$maildrop=array()) { - $info["cn"] = $name; + $info[LdapAlias::$dn] = $name; $info["isActive"] = ($active) ? 'TRUE' : 'FALSE'; $info["objectclass"] = LdapAlias::$objectClass; $info["mailacceptinggeneralid"] = $mailaccept; @@ -130,14 +113,14 @@ class LdapDomain extends LdapServer { return filter_var($value, FILTER_VALIDATE_EMAIL); }); - if (!@ldap_add($this->conn, "cn=".$name.",cn=".$this->domain.",".LDAP_BASE, $info)) { + if (!@ldap_add($this->conn, LdapAlias::getBaseDN($this, $name), $info)) { $error = ldap_error($this->conn); throw new Exception("Erreur dans l'ajout de l'alias : $error"); } } public function delAccount($uid) { - $dn = "uid=".$uid.",cn=".$this->domain.",".LDAP_BASE; + $dn = LdapAccount::getBaseDN($this, $uid); if ($sr = @ldap_search($this->conn, $dn, LdapAccount::getClassFilter())) { // Delete account if (!ldap_delete($this->conn, $dn)) { @@ -150,7 +133,7 @@ class LdapDomain extends LdapServer { } public function delAlias($name) { - $dn = "cn=".$name.",cn=".$this->domain.",".LDAP_BASE; + $dn = LdapAlias::getBaseDN($this, $name); if ($sr = @ldap_search($this->conn, $dn, LdapAlias::getClassFilter())) { // Delete alias if (!ldap_delete($this->conn, $dn)) { @@ -164,7 +147,7 @@ class LdapDomain extends LdapServer { public function update($active=false) { $info["isActive"] = ($active) ? 'TRUE' : 'FALSE'; - if (!ldap_mod_replace($this->conn, "cn=".$this->getName().",".LDAP_BASE, $info)) { + if (!ldap_mod_replace($this->conn, self::getBaseDN($this), $info)) { $error = ldap_error($this->conn); throw new Exception("Erreur pendant la modification du domaine : $error"); } diff --git a/htdocs/lib/class.ldapserver.php b/htdocs/lib/class.ldapserver.php index 7b8543d..bfac5eb 100644 --- a/htdocs/lib/class.ldapserver.php +++ b/htdocs/lib/class.ldapserver.php @@ -1,19 +1,48 @@ getName().','.LdapServer::getBaseDN($object->server); + } else { + return static::$dn.'='.$name.','.LdapServer::getBaseDN($object); + } + } elseif ($class == "LdapAccount") { + if (empty($name)) { + return static::$dn.'='.$object->getUid().','.LdapDomain::getBaseDN($object->domain); + } else { + return static::$dn.'='.$name.','.LdapDomain::getBaseDN($object); + } + } elseif ($class == "LdapAlias") { + if (empty($name)) { + return static::$dn.'='.$object->getName().','.LdapDomain::getBaseDN($object->domain); + } else { + return static::$dn.'='.$name.','.LdapDomain::getBaseDN($object); + } + } else { + return $object->base; + } + } + + public function __construct($login, $base, $adminDN, $adminPass, $uri='ldap://127.0.0.1') { global $conf; $this->login = $login; - if (!$this->conn = ldap_connect(LDAP_URI)) { - throw new Exception("Impossible de se connecter au serveur LDPA ".LDAP_URI); + $this->base = $base; + if (!$this->conn = ldap_connect($uri)) { + throw new Exception("Impossible de se connecter au serveur LDAP $uri"); } if (!ldap_set_option($this->conn, LDAP_OPT_PROTOCOL_VERSION, 3)) { throw new Exception("Impossible de modifier la version du protocole LDAP à 3"); } - if (!ldap_bind($this->conn, LDAP_ADMIN_DN, LDAP_ADMIN_PASS)) { + if (!ldap_bind($this->conn, $adminDN, $adminPass)) { throw new Exception("Authentification LDAP échoué !"); } if (in_array($this->login, $conf['admin']['logins'])) { @@ -23,13 +52,12 @@ class LdapServer { } public function login($password) { - global $conf; - $sr=ldap_search($this->conn, LDAP_BASE, "(&(uid=".$this->login.")(isAdmin=TRUE))"); + $sr=ldap_search($this->conn, self::getBaseDN($this), "(&(uid=".$this->login.")(isAdmin=TRUE))"); $info = ldap_get_entries($this->conn, $sr); if ($info['count']) { if (@ldap_bind($this->conn, $info[0]['dn'], $password)) { unset($password); - $this->dn = $info[0]['dn']; + $this->base = $info[0]['dn']; # EvoLog::log("Login success for " . $this->login); return true; } else { @@ -45,14 +73,13 @@ class LdapServer { } public function getDomains() { - global $conf; if (count($this->domains) == 0) { if ($this->superadmin) { - $sr = ldap_search($this->conn, LDAP_BASE, LdapDomain::getClassFilter()); + $sr = ldap_search($this->conn, self::getBaseDN($this), LdapDomain::getClassFilter()); $objects = ldap_get_entries($this->conn, $sr); foreach($objects as $object) { - if(!empty($object["cn"][0])) { - $domain = new LdapDomain($this, $object["cn"][0]); + if(!empty($object[LdapDomain::$dn][0])) { + $domain = new LdapDomain($this, $object[LdapDomain::$dn][0]); array_push($this->domains, $domain); } } @@ -67,43 +94,29 @@ class LdapServer { } public function addDomain($name,$active=false) { - global $conf; - $info["cn"]=$name; + $info[LdapDomain::$dn]=$name; $info["objectclass"] = LdapDomain::$objectClass; $info["isActive"] = ($active) ? 'TRUE' : 'FALSE'; $info["gidNumber"]= getfreegid(); - if (!@ldap_add($this->conn, "cn=".$name.",".LDAP_BASE, $info)) { + if (!@ldap_add($this->conn, LdapDomain::getBaseDN($this, $name), $info)) { $error = ldap_error($this->conn); throw new Exception("Erreur dans l'ajout du domaine : $error"); } } public function delDomain($name) { - if ($sr = @ldap_search($this->conn, "cn=".$name.",".LDAP_BASE, "(ObjectClass=*)")) { - $objects = ldap_get_entries($this->conn, $sr); + if ($domain = new LdapDomain($this, $name)) { // Delete aliases - foreach($objects as $object) { - if (!empty($object['objectclass']) && !in_array(LdapDomain::$objectClass[0], $object['objectclass']) && in_array(LdapAlias::$objectClass[0], $object['objectclass'])) { - $dn = "cn=".$object['cn'][0]. ",cn=".$name.",".LDAP_BASE; - if (!ldap_delete($this->conn, $dn)) { - $error = ldap_error($this->conn); - throw new Exception("Erreur dans la suppression de l'alias $dn : $error"); - } - } + foreach($domain->getAlias() as $alias) { + $domain->delAlias($alias->getName()); } // Delete accounts - foreach($objects as $object) { - if (!empty($object['objectclass']) && !in_array(LdapDomain::$objectClass[0], $object['objectclass']) && !in_array(LdapAlias::$objectClass[0], $object['objectclass'])) { - $dn = "uid=".$object['cn'][0]. ",cn=".$name.",".LDAP_BASE; - if (!ldap_delete($this->conn, $dn)) { - $error = ldap_error($this->conn); - throw new Exception("Erreur dans la suppression du compte $dn : $error"); - } - } + foreach($domain->getAccounts() as $account) { + $domain->delAccount($account->getUid()); } // Delete domain - $dn = "cn=".$name.",".LDAP_BASE; + $dn = LdapDomain::getBaseDN($this, $name); if (!ldap_delete($this->conn, $dn)) { $error = ldap_error($this->conn); throw new Exception("Erreur dans la suppression du domaine $dn : $error"); @@ -125,6 +138,10 @@ class LdapServer { return $this->dn; } + public function getConn() { + return $this->conn; + } + public function __destruct() { ldap_unbind($this->conn); }