Merge branch 'pu/2013.10-ldap' into 2013.10
authorPhilipp Schüle <p.schuele@metaways.de>
Thu, 17 Jul 2014 16:09:23 +0000 (18:09 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Thu, 17 Jul 2014 16:09:23 +0000 (18:09 +0200)
12 files changed:
tine20/Setup/Frontend/Cli.php
tine20/Setup/Server/Cli.php
tine20/Tinebase/Config.php
tine20/Tinebase/Group.php
tine20/Tinebase/Group/ActiveDirectory.php
tine20/Tinebase/Group/Interface/SyncAble.php
tine20/Tinebase/Group/Ldap.php
tine20/Tinebase/Group/Sql.php
tine20/Tinebase/Ldap.php
tine20/Tinebase/Setup/Initialize.php
tine20/Tinebase/User.php
tine20/Tinebase/User/Ldap.php

index 18c4821..dd98feb 100644 (file)
@@ -297,7 +297,9 @@ class Setup_Frontend_Cli
         Setup_Core::setExecutionLifeTime(0);
         
         // import groups
-        Tinebase_Group::syncGroups();
+        if (! $_opts->onlyusers) {
+            Tinebase_Group::syncGroups();
+        }
         
         // import users
         $options = array('syncContactData' => TRUE);
index 6dbeb44..c02f455 100644 (file)
@@ -46,13 +46,12 @@ class Setup_Server_Cli implements Tinebase_Server_Interface
                 'uninstall-s'               => 'Uninstall application [All] or comma separated list',
                 'list-s'                    => 'List installed applications',
                 'sync_accounts_from_ldap'   => 'Import user and groups from ldap',
-                'dbmailldap'                => 'Only usable with sync_accounts_from_ldap. Fetches dbmail email user data from LDAP.',
+                    'dbmailldap'            => 'Only usable with sync_accounts_from_ldap. Fetches dbmail email user data from LDAP.',
+                    'onlyusers'             => 'Only usable with sync_accounts_from_ldap. Fetches only users and no groups from LDAP.',
                 'sync_passwords_from_ldap'  => 'Synchronize user passwords from ldap',
                 'egw14import'               => 'Import user and groups from egw14
                          Examples: 
                           setup.php --egw14import /path/to/config.ini'
-                #'username'             => 'Username [required]',
-                #'password'             => 'Password [required]',
             ));
             $opts->parse();
         } catch (Zend_Console_Getopt_Exception $e) {
index bd2d0d5..c26447a 100644 (file)
@@ -129,6 +129,13 @@ class Tinebase_Config extends Tinebase_Config_Abstract
      * @var string
      */
     const MAPPANEL = 'mapPanel';
+
+    /**
+     * disable ldap certificate check
+     *
+     * @var string
+     */
+    const LDAP_DISABLE_TLSREQCERT = 'ldapDisableTlsReqCert';
     
     /**
      * Config key for session ip validation -> if this is set to FALSE no Zend_Session_Validator_IpAddress is registered
@@ -432,6 +439,17 @@ class Tinebase_Config extends Tinebase_Config_Abstract
             'setByAdminModule'      => FALSE,
             'setBySetupModule'      => TRUE,
         ),
+        self::LDAP_DISABLE_TLSREQCERT => array(
+                                   //_('Disable LDAP TLS Certificate Check')
+            'label'                 => 'Disable LDAP TLS Certificate Check',
+                                   //_('LDAP TLS Certificate should not be checked')
+            'description'           => 'LDAP TLS Certificate should not be checked',
+            'type'                  => 'bool',
+            'clientRegistryInclude' => false,
+            'setByAdminModule'      => false,
+            'setBySetupModule'      => true,
+            'default'               => false
+        ),
         self::SESSIONIPVALIDATION => array(
                                    //_('IP Session Validator')
             'label'                 => 'IP Session Validator',
index 25c1bf5..2ec52a7 100644 (file)
@@ -245,8 +245,26 @@ class Tinebase_Group
     {
         $groupBackend = Tinebase_Group::getInstance();
         
-        $groups = $groupBackend->getGroupsFromSyncBackend(NULL, NULL, 'ASC', NULL, NULL, 'Tinebase_Model_FullUser');
-        
+        if (!$groupBackend->isDisabledBackend()) {
+            $groups = $groupBackend->getGroupsFromSyncBackend(NULL, NULL, 'ASC', NULL, NULL);
+        } else {
+            // fake groups by reading all gidnumber's of the accounts
+            $accountProperties = Tinebase_User::getInstance()->getUserAttributes(array('gidnumber'));
+            
+            $groupIds = array();
+            foreach ($accountProperties as $accountProperty) {
+                $groupIds[$accountProperty['gidnumber']] = $accountProperty['gidnumber'];
+            }
+            
+            $groups = new Tinebase_Record_RecordSet('Tinebase_Model_Group');
+            foreach ($groupIds as $groupId) {
+                $groups->addRecord(new Tinebase_Model_Group(array(
+                    'id'            => $groupId,
+                    'name'          => 'Group ' . $groupId
+                ), TRUE));
+            }
+        }
+            
         foreach ($groups as $group) {
             if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ .
                 ' Sync group: ' . $group->name . ' - update or create group in local sql backend');
index bdd848b..551d678 100644 (file)
@@ -111,9 +111,9 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         parent::__construct($_options);
         
         // get domain sid
-        $this->_domainConfig = $this->_ldap->search(
+        $this->_domainConfig = $this->getLdap()->search(
             'objectClass=domain',
-            $this->_ldap->getFirstNamingContext(),
+            $this->getLdap()->getFirstNamingContext(),
             Zend_Ldap::SEARCH_SCOPE_BASE
         )->getFirst();
         
@@ -163,9 +163,9 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) 
             Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
-        $this->_ldap->add($dn, $ldapData);
+        $this->getLdap()->add($dn, $ldapData);
         
-        $groupId = $this->_ldap->getEntry($dn, array($this->_groupUUIDAttribute));
+        $groupId = $this->getLdap()->getEntry($dn, array($this->_groupUUIDAttribute));
         
         $groupId = $this->_decodeGroupId($groupId[$this->_groupUUIDAttribute][0]);
         
@@ -207,7 +207,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             'member' => $accountMetaData['dn']
         );
         
-        $this->_ldap->addProperty($groupDn, $ldapData);
+        $this->getLdap()->addProperty($groupDn, $ldapData);
     }
     
     /**
@@ -229,7 +229,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
             Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' ldap search filter: ' . $filter);
         
-        $memberOfs = $this->_ldap->search(
+        $memberOfs = $this->getLdap()->search(
             $filter, 
             $this->_options['userDn'], 
             $this->_userSearchScope, 
@@ -246,7 +246,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Zend_Ldap_Filter::equals('objectsid', Zend_Ldap::filterEscape($this->_domainSidPlain . '-' . $memberOfs['primarygroupid'][0]))
         );
         
-        $group = $this->_ldap->search(
+        $group = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -267,7 +267,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
                 Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' ldap search filter: ' . $filter);
             
-            $groups = $this->_ldap->search(
+            $groups = $this->getLdap()->search(
                 $filter, 
                 $this->_options['groupsDn'], 
                 $this->_groupSearchScope, 
@@ -340,7 +340,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
         try {
-            $this->_ldap->deleteProperty($groupDn, $ldapData);
+            $this->getLdap()->deleteProperty($groupDn, $ldapData);
         } catch (Zend_Ldap_Exception $zle) {
             if (Tinebase_Core::isLogLevel(Zend_Log::CRIT)) 
                 Tinebase_Core::getLogger()->crit(__METHOD__ . '::' . __LINE__ . " Failed to remove groupmember {$accountMetaData['dn']} from group $groupDn: " . $zle->getMessage());
@@ -364,7 +364,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Zend_Ldap_Filter::equals('objectsid', $groupSid)
         );
         
-        $groupId = $this->_ldap->search(
+        $groupId = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -391,7 +391,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
-        $groupData = $this->_ldap->search(
+        $groupData = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -416,7 +416,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
-        $groupData = $this->_ldap->search(
+        $groupData = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -478,7 +478,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
             Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
-        $this->_ldap->update($groupMetaData['dn'], $ldapData);
+        $this->getLdap()->update($groupMetaData['dn'], $ldapData);
         
         return $_groupMembers;
     }
@@ -565,7 +565,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $filter: ' . $filter . ' count: ' . count($filterArray));
         
         // fetch all dns at once
-        $accounts = $this->_ldap->search(
+        $accounts = $this->getLdap()->search(
             $filter, 
             $this->_options['userDn'], 
             $this->_userSearchScope, 
@@ -621,7 +621,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
             $this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)
         );
         
-        $result = $this->_ldap->search(
+        $result = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
index 048b051..03c968b 100644 (file)
@@ -67,6 +67,16 @@ interface Tinebase_Group_Interface_SyncAble
     public function getGroupsFromSyncBackend($_filter = NULL, $_sort = 'name', $_dir = 'ASC', $_start = NULL, $_limit = NULL);
     
     /**
+     * return whether backend is read only
+     */
+    public function isReadOnlyBackend();
+    
+    /**
+     * return whether backend is disabled
+     */
+    public function isDisabledBackend();
+    
+    /**
      * replace all current groupmembers with the new groupmembers list in sync backend
      *
      * @param  string  $_groupId
index 6fc3b10..c8dc5cf 100644 (file)
@@ -84,6 +84,8 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
     
     protected $_isReadOnlyBackend    = false;
     
+    protected $_isDisabledBackend    = false;
+    
     /**
      * the constructor
      *
@@ -111,19 +113,22 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if(empty($_options['groupFilter'])) {
             $_options['groupFilter'] = 'objectclass=posixgroup';
         }
-
-        if (isset($_options['requiredObjectClass'])) {
-            $this->_requiredObjectClass = (array)$_options['requiredObjectClass'];
-        }
+        
+        $this->_options = $_options;
+        
         if ((isset($_options['readonly']) || array_key_exists('readonly', $_options))) {
             $this->_isReadOnlyBackend = (bool)$_options['readonly'];
         }
         if ((isset($_options['ldap']) || array_key_exists('ldap', $_options))) {
             $this->_ldap = $_options['ldap'];
         }
+        if (isset($this->_options['requiredObjectClass'])) {
+            $this->_requiredObjectClass = (array)$this->_options['requiredObjectClass'];
+        }
+        if (! array_key_exists('groupsDn', $this->_options) || empty($this->_options['groupsDn'])) {
+            $this->_isDisabledBackend = true;
+        }
         
-        $this->_options = $_options;
-
         $this->_userUUIDAttribute  = strtolower($this->_options['userUUIDAttribute']);
         $this->_groupUUIDAttribute = strtolower($this->_options['groupUUIDAttribute']);
         $this->_baseDn             = $this->_options['baseDn'];
@@ -131,23 +136,13 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         $this->_userSearchScope    = $this->_options['userSearchScope'];
         $this->_groupBaseFilter    = $this->_options['groupFilter'];
         
-        if (! $this->_ldap instanceof Tinebase_Ldap) {
-            $this->_ldap = new Tinebase_Ldap($this->_options);
-            try {
-                $this->_ldap->bind();
-            } catch (Zend_Ldap_Exception $zle) {
-                // @todo move this to Tinebase_Ldap?
-                throw new Tinebase_Exception_Backend_Ldap('Could not bind to LDAP: ' . $zle->getMessage());
-            }
-        }
-        
         if (isset($_options['plugins']) && is_array($_options['plugins'])) {
             foreach ($_options['plugins'] as $className) {
-                $this->_plugins[$className] = new $className($this->_ldap, $this->_options);
+                $this->_plugins[$className] = new $className($this->getLdap(), $this->_options);
             }
         }
     }
-        
+    
     /**
      * get syncable group by id from sync backend
      * 
@@ -157,6 +152,10 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function getGroupByIdFromSyncBackend($_groupId)
     {
+        if ($this->isDisabledBackend()) {
+            throw new Tinebase_Exception_UnexpectedValue('backend is disabled');
+        }
+        
         $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
         
         $filter = Zend_Ldap_Filter::andFilter(
@@ -164,9 +163,10 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId))
         );
         
-        if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . " ldap filter: " . $filter);
+        if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
+            Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . " ldap filter: " . $filter);
         
-        $groups = $this->_ldap->search(
+        $groups = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -203,9 +203,13 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function getGroupsFromSyncBackend($_filter = NULL, $_sort = 'name', $_dir = 'ASC', $_start = NULL, $_limit = NULL)
     {
+        if ($this->isDisabledBackend()) {
+            throw new Tinebase_Exception_UnexpectedValue('backend is disabled');
+        }
+        
         $filter = Zend_Ldap_Filter::string($this->_groupBaseFilter);
         
-        $groups = $this->_ldap->search(
+        $groups = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -228,6 +232,45 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
     }
     
     /**
+     * get ldap connection handling class
+     * 
+     * @throws Tinebase_Exception_Backend_Ldap
+     * @return Tinebase_Ldap
+     */
+    public function getLdap()
+    {
+        if (! $this->_ldap instanceof Tinebase_Ldap) {
+            $this->_ldap = new Tinebase_Ldap($this->_options);
+            try {
+                $this->getLdap()->bind();
+            } catch (Zend_Ldap_Exception $zle) {
+                // @todo move this to Tinebase_Ldap?
+                throw new Tinebase_Exception_Backend_Ldap('Could not bind to LDAP: ' . $zle->getMessage());
+            }
+        }
+        
+        return $this->_ldap;
+    }
+    
+    /**
+     * (non-PHPdoc)
+     * @see Tinebase_Group_Interface_SyncAble::isReadOnlyBackend()
+     */
+    public function isReadOnlyBackend()
+    {
+        return $this->_isReadOnlyBackend;
+    }
+    
+    /**
+     * (non-PHPdoc)
+     * @see Tinebase_Group_Interface_SyncAble::isDisabledBackend()
+     */
+    public function isDisabledBackend()
+    {
+        return $this->_isDisabledBackend;
+    }
+    
+    /**
      * replace all current groupmembers with the new groupmembers list in sync backend
      *
      * @param  string  $_groupId
@@ -236,8 +279,8 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function setGroupMembersInSyncBackend($_groupId, $_groupMembers) 
     {
-        if ($this->_isReadOnlyBackend) {
-            return;
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
+            return $_groupMembers;
         }
         
         $metaData = $this->_getMetaData($_groupId);
@@ -285,7 +328,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
             Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
-        $this->_ldap->update($metaData['dn'], $ldapData);
+        $this->getLdap()->update($metaData['dn'], $ldapData);
         
         return $_groupMembers;
     }
@@ -300,8 +343,8 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function setGroupMembershipsInSyncBackend($_userId, $_groupIds)
     {
-        if ($this->_isReadOnlyBackend) {
-            return;
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
+            return $_groupIds;
         }
         
         if ($_groupIds instanceof Tinebase_Record_RecordSet) {
@@ -343,7 +386,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function addGroupMemberInSyncBackend($_groupId, $_accountId) 
     {
-        if ($this->_isReadOnlyBackend) {
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
             return;
         }
         
@@ -367,7 +410,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($accountMetaData['uid']))
         );
         
-        $groups = $this->_ldap->search(
+        $groups = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -386,7 +429,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
                 Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($accountMetaData['dn']))
             );
             
-            $groups = $this->_ldap->search(
+            $groups = $this->getLdap()->search(
                 $filter, 
                 $this->_options['groupsDn'], 
                 $this->_groupSearchScope, 
@@ -400,7 +443,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         }
                 
         if (!empty($ldapData)) {
-            $this->_ldap->addProperty($groupDn, $ldapData);
+            $this->getLdap()->addProperty($groupDn, $ldapData);
         }
         
         if ($this->_options['useRfc2307bis']) {
@@ -410,7 +453,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
                 Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($groupDn))
             );
             
-            $groups = $this->_ldap->search(
+            $groups = $this->getLdap()->search(
                 $filter, 
                 $this->_options['groupsDn'], 
                 $this->_groupSearchScope, 
@@ -421,7 +464,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
                 $ldapData = array (
                     'member' => $groupDn
                 );
-                $this->_ldap->deleteProperty($groupDn, $ldapData);
+                $this->getLdap()->deleteProperty($groupDn, $ldapData);
             }
         }
     }
@@ -434,7 +477,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function removeGroupMemberInSyncBackend($_groupId, $_accountId) 
     {
-        if ($this->_isReadOnlyBackend) {
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
             return;
         }
         
@@ -479,7 +522,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
                 $dataAdd = array(
                     'member' => $groupDn
                 );
-                $this->_ldap->addProperty($groupDn, $dataAdd);
+                $this->getLdap()->addProperty($groupDn, $dataAdd);
             } else {
                 $ldapData['member'] = $accountMetaData['dn'];
             }
@@ -489,7 +532,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
         try {
-            $this->_ldap->deleteProperty($groupDn, $ldapData);
+            $this->getLdap()->deleteProperty($groupDn, $ldapData);
         } catch (Zend_Ldap_Exception $zle) {
             if (Tinebase_Core::isLogLevel(Zend_Log::CRIT)) Tinebase_Core::getLogger()->crit(__METHOD__ . '::' . __LINE__ . 
                 " Failed to remove groupmember {$accountMetaData['dn']} from group $groupDn: " . $zle->getMessage()
@@ -507,8 +550,8 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function addGroupInSyncBackend(Tinebase_Model_Group $_group) 
     {
-        if ($this->_isReadOnlyBackend) {
-            return NULL;
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
+            return $_group;
         }
         
         $dn = $this->_generateDn($_group);
@@ -538,9 +581,9 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $dn: ' . $dn);
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
-        $this->_ldap->add($dn, $ldapData);
+        $this->getLdap()->add($dn, $ldapData);
         
-        $groupId = $this->_ldap->getEntry($dn, array($this->_groupUUIDAttribute));
+        $groupId = $this->getLdap()->getEntry($dn, array($this->_groupUUIDAttribute));
         
         $groupId = $this->_decodeGroupId($groupId[$this->_groupUUIDAttribute][0]);
         
@@ -558,8 +601,8 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function updateGroupInSyncBackend(Tinebase_Model_Group $_group) 
     {
-        if ($this->_isReadOnlyBackend) {
-            return;
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
+            return $_group;
         }
         
         $metaData = $this->_getMetaData($_group->getId());
@@ -580,7 +623,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
             Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . '  $ldapData: ' . print_r($ldapData, true));
         
-        $this->_ldap->update($dn, $ldapData);
+        $this->getLdap()->update($dn, $ldapData);
         
         $group = $this->getGroupByIdFromSyncBackend($_group);
 
@@ -594,7 +637,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function deleteGroupsInSyncBackend($_groupId) 
     {
-        if ($this->_isReadOnlyBackend) {
+        if ($this->isDisabledBackend() || $this->isReadOnlyBackend()) {
             return;
         }
         
@@ -608,12 +651,11 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             $groupIds[] = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
         }
         
-        
         foreach ($groupIds as $groupId) {
             $dn = $this->_getDn($groupId);
             if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__
                 . ' Deleting group ' . $dn . ' from LDAP');
-            $this->_ldap->delete($dn);
+            $this->getLdap()->delete($dn);
         }
     }
     
@@ -647,7 +689,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             $this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)
         );
         
-        $result = $this->_ldap->search(
+        $result = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -675,7 +717,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             $this->_userUUIDAttribute, $userId
         );
 
-        $result = $this->_ldap->search(
+        $result = $this->getLdap()->search(
             $filter,
             $this->_baseDn,
             $this->_userSearchScope
@@ -707,7 +749,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $filter: ' . $filter . ' count: ' . count($filterArray));
         
         // fetch all dns at once
-        $accounts = $this->_ldap->search(
+        $accounts = $this->getLdap()->search(
             $filter, 
             $this->_options['userDn'], 
             $this->_userSearchScope, 
@@ -820,7 +862,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             'objectclass', 'posixgroup'
         );
         
-        $groups = $this->_ldap->search(
+        $groups = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             Zend_Ldap::SEARCH_SCOPE_SUB, 
@@ -863,6 +905,10 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function resolveSyncAbleGidToUUid($_groupId)
     {
+        if ($this->isDisabledBackend()) {
+            throw new Tinebase_Exception_UnexpectedValue('backend is disabled');
+        }
+        
         return $this->resolveGIdNumberToUUId($_groupId);
     }
     
@@ -878,12 +924,16 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             return $_gidNumber;
         }
         
+        if ($this->isDisabledBackend()) {
+            throw new Tinebase_Exception_UnexpectedValue('backend is disabled');
+        }
+        
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
             Zend_Ldap_Filter::equals('gidnumber', $_gidNumber)
         );
         
-        $groupId = $this->_ldap->search(
+        $groupId = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -909,12 +959,16 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
             return $_uuid;
         }
         
+        if ($this->isDisabledBackend()) {
+            throw new Tinebase_Exception_UnexpectedValue('backend is disabled');
+        }
+        
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
             Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
-        $groupId = $this->_ldap->search(
+        $groupId = $this->getLdap()->search(
             $filter, 
             $this->_options['groupsDn'], 
             $this->_groupSearchScope, 
@@ -932,32 +986,42 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     public function getGroupMembershipsFromSyncBackend($_userId)
     {
-        $metaData = $this->_getUserMetaData($_userId);
-        
-        $filter = Zend_Ldap_Filter::andFilter(
-            Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::orFilter(
-                Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])),
-                Zend_Ldap_Filter::equals('member',    Zend_Ldap::filterEscape($metaData['dn']))
-            )
-        );
-        
-        if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' ldap search filter: ' . $filter);
-        
-        $groups = $this->_ldap->search(
-            $filter, 
-            $this->_options['groupsDn'], 
-            $this->_groupSearchScope, 
-            array('cn', 'description', $this->_groupUUIDAttribute)
-        );
-        
-        $memberships = array();
-        
-        foreach ($groups as $group) {
-            $memberships[] = $group[$this->_groupUUIDAttribute][0];
+        if (!$this->isDisabledBackend()) {
+            $metaData = $this->_getUserMetaData($_userId);
+            
+            $filter = Zend_Ldap_Filter::andFilter(
+                Zend_Ldap_Filter::string($this->_groupBaseFilter),
+                Zend_Ldap_Filter::orFilter(
+                    Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($metaData['uid'][0])),
+                    Zend_Ldap_Filter::equals('member',    Zend_Ldap::filterEscape($metaData['dn']))
+                )
+            );
+            
+            if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
+                Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' ldap search filter: ' . $filter);
+            
+            $groups = $this->getLdap()->search(
+                $filter, 
+                $this->_options['groupsDn'], 
+                $this->_groupSearchScope, 
+                array('cn', 'description', $this->_groupUUIDAttribute)
+            );
+            
+            $memberships = array();
+            
+            foreach ($groups as $group) {
+                $memberships[] = $group[$this->_groupUUIDAttribute][0];
+            }
+        } else {
+            $memberships = $this->getGroupMemberships($_userId);
+            
+            if (empty($memberships)) {
+                $memberships[] = Tinebase_Group::getInstance()->getDefaultGroup()->getId();
+            }
         }
         
-        if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' group memberships: ' . print_r($memberships, TRUE));
+        if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
+            Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ .' group memberships: ' . print_r($memberships, TRUE));
         
         return $memberships;
     }
index 3f12891..53b4f4c 100644 (file)
@@ -368,7 +368,8 @@ class Tinebase_Group_Sql extends Tinebase_Group_Abstract
     {
         if ($this instanceof Tinebase_Group_Interface_SyncAble) {
             $groupFromSyncBackend = $this->addGroupInSyncBackend($_group);
-            if ($groupFromSyncBackend !== NULL) {
+            
+            if (isset($groupFromSyncBackend->id)) {
                 $_group->setId($groupFromSyncBackend->getId());
             }
         }
index 3eaef4b..0c733a8 100644 (file)
@@ -5,7 +5,7 @@
  * @package     Tinebase
  * @subpackage  Ldap
  * @license     http://www.gnu.org/licenses/agpl.html AGPL3
- * @copyright   Copyright (c) 2008-2013 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2008-2014 Metaways Infosystems GmbH (http://www.metaways.de)
  * @author      Lars Kneschke <l.kneschke@metaways.de>
  */
 
@@ -24,6 +24,12 @@ class Tinebase_Ldap extends Zend_Ldap
      */
     public function __construct(array $_options)
     {
+        if (Tinebase_Config::getInstance()->get(Tinebase_Config::LDAP_DISABLE_TLSREQCERT)) {
+            if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__
+                . ' Disable TLS certificate check');
+            putenv('LDAPTLS_REQCERT=never');
+        }
+        
         // strip non Zend_Ldap options
         $options = array_intersect_key($_options, array(
             'host'                      => null,
@@ -133,7 +139,7 @@ class Tinebase_Ldap extends Zend_Ldap
                 unset($entry[$attr]);
             }
         }
-                
+        
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $dn: ' . $dn->toString());
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . '  $data: ' . print_r($entry, true));
         
index e452eab..8540847 100644 (file)
@@ -193,10 +193,12 @@ class Tinebase_Setup_Initialize extends Setup_Initialize
     
     /**
      * import groups(ldap)/create initial groups(sql)
+     * 
+     * @todo allow to configure if groups should be synced?
      */
     protected function _setupGroups()
     {
-        if (Tinebase_User::getInstance() instanceof Tinebase_User_Interface_SyncAble) {
+        if (Tinebase_Group::getInstance() instanceof Tinebase_Group_Interface_SyncAble && ! Tinebase_Group::getInstance()->isDisabledBackend()) {
             Tinebase_Group::syncGroups();
         } else {
             Tinebase_Group::createInitialGroups();
index 7253a8c..01727a6 100644 (file)
@@ -449,18 +449,24 @@ class Tinebase_User
         try {
             $group = $groupBackend->getGroupById($user->accountPrimaryGroup);
         } catch (Tinebase_Exception_Record_NotDefined $tern) {
-            try {
-                $group = $groupBackend->getGroupByIdFromSyncBackend($user->accountPrimaryGroup);
-            } catch (Tinebase_Exception_Record_NotDefined $ternd) {
-                throw new Tinebase_Exception('Primary group ' . $user->accountPrimaryGroup . ' not found in sync backend.');
-            }
-            try {
-                $sqlGgroup = $groupBackend->getGroupByName($group->name);
-                throw new Tinebase_Exception('Group already exists but it has a different ID: ' . $group->name);
-                
-            } catch (Tinebase_Exception_Record_NotDefined $tern) {
-                if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Adding group " . $group->name);
-                $group = $groupBackend->addGroupInSqlBackend($group);
+            if ($groupBackend->isDisabledBackend()) {
+                // groups are sql only
+                $group = $groupBackend->getDefaultGroup();
+                $user->accountPrimaryGroup = $group->getId();
+            } else {
+                try {
+                    $group = $groupBackend->getGroupByIdFromSyncBackend($user->accountPrimaryGroup);
+                } catch (Tinebase_Exception_Record_NotDefined $ternd) {
+                    throw new Tinebase_Exception('Primary group ' . $user->accountPrimaryGroup . ' not found in sync backend.');
+                }
+                try {
+                    $sqlGgroup = $groupBackend->getGroupByName($group->name);
+                    throw new Tinebase_Exception('Group already exists but it has a different ID: ' . $group->name);
+                    
+                } catch (Tinebase_Exception_Record_NotDefined $tern) {
+                    if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " Adding group " . $group->name);
+                    $group = $groupBackend->addGroupInSqlBackend($group);
+                }
             }
         }
         
index 1f4288c..34c11a2 100644 (file)
@@ -793,7 +793,7 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
     protected function _ldap2User(array $_userData, $_accountClass)
     {
         $errors = false;
-
+        
         foreach ($_userData as $key => $value) {
             if (is_int($key)) {
                 continue;
@@ -808,7 +808,7 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
                             // account does not expire
                             $accountArray[$keyMapping] = null;
                         } else {
-                            $accountArray[$keyMapping] = new Tinebase_DateTime($shadowExpire * 86400);
+                            $accountArray[$keyMapping] = new Tinebase_DateTime(($shadowExpire < 100000) ? $shadowExpire * 86400 : $shadowExpire);
                         }
                         break;