improved Active Directory support
authorLars Kneschke <l.kneschke@metaways.de>
Mon, 28 Apr 2014 15:02:45 +0000 (17:02 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Tue, 29 Apr 2014 07:33:42 +0000 (09:33 +0200)
* adds encode account id helper functions

Change-Id: I833cca77b82baf1d5a98968721a0aee65a5b4caa
Reviewed-on: http://gerrit.tine20.com/customers/570
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Tinebase/Group/ActiveDirectoryTest.php
tine20/Tinebase/Group/ActiveDirectory.php
tine20/Tinebase/Group/Ldap.php
tine20/Tinebase/User/ActiveDirectory.php
tine20/Tinebase/User/Ldap.php

index cd9db53..950a4ac 100644 (file)
@@ -29,8 +29,8 @@ class Tinebase_Group_ActiveDirectoryTest extends PHPUnit_Framework_TestCase
     protected $domainSid  = 'S-1-5-21-2127521184-1604012920-1887927527';
     protected $userSid    = 'S-1-5-21-2127521184-1604012920-1887927527-72713';
     protected $groupSid   = 'S-1-5-21-2127521184-1604012920-1887927527-62713';
-    protected $groupObjectGUID = '2127521184-1604012920-1787927527';
-    protected $userObjectGUID  = '2127521184-1604012920-1887927527';
+    protected $groupObjectGUID = '0cbadcc5-72f7-4a2d-8858-7ba6c80e6c15';
+    protected $userObjectGUID  = '0cbadcc5-72f7-4a2d-8858-7ba6c80e6c16';
     protected $groupBaseFilter = 'objectclass=group';
     
     /**
@@ -93,13 +93,15 @@ class Tinebase_Group_ActiveDirectoryTest extends PHPUnit_Framework_TestCase
     
     public function _stubSearchCallback($filter, $basedn = null, $scope = self::SEARCH_SCOPE_SUB, array $attributes = array(), $sort = null, $collectionClass = null)
     {
-        switch ((string) $filter) {
-            case 'objectClass=domain':
+        switch (base64_encode((string) $filter)) {
+            #case 'objectClass=domain':
+            case 'b2JqZWN0Q2xhc3M9ZG9tYWlu':
                 return $this->_getZendLdapCollectionStub(array('objectsid' => array($this->domainSid), 'distinguishedname' => array('DC=tine20,DC=org')));
                 
                 break;
                 
-            case "(&(objectclass=group)(objectguid=$this->groupObjectGUID))":
+            #case "(&(objectclass=group)(objectguid=$this->groupObjectGUID))":
+            case 'KCYob2JqZWN0Y2xhc3M9Z3JvdXApKG9iamVjdGd1aWQ9xdy6XDBj93ItSohYe6bIXDBlbFwxNSkp':
                 return $this->_getZendLdapCollectionStub(array('objectsid' => array($this->groupSid)));
                 
                 break;
index 36cc930..bdd848b 100644 (file)
@@ -223,7 +223,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         // find user in AD and retrieve memberOf attribute
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_userBaseFilter),
-            Zend_Ldap_Filter::equals($this->_userUUIDAttribute, Zend_Ldap::filterEscape($userId))
+            Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($userId))
         );
         
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) 
@@ -388,7 +388,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
     {
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($_uuid))
+            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
         $groupData = $this->_ldap->search(
@@ -413,7 +413,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
     {
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($_uuid))
+            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
         $groupData = $this->_ldap->search(
@@ -507,6 +507,45 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
     }
     
     /**
+     * convert plain text id to binary id
+     * 
+     * @param  string  $accountId
+     * @return string
+     */
+    protected function _encodeAccountId($accountId)
+    {
+        switch ($this->_userUUIDAttribute) {
+            case 'objectguid':
+                return Tinebase_Ldap::encodeGuid($accountId);
+                break;
+                
+            default:
+                return $accountId;
+                break;
+        }
+        
+    }
+    
+    /**
+     * convert plain text id to binary id
+     * 
+     * @param  string  $groupId
+     * @return string
+     */
+    protected function _encodeGroupId($groupId)
+    {
+        switch ($this->_groupUUIDAttribute) {
+            case 'objectguid':
+                return Tinebase_Ldap::encodeGuid($groupId);
+                break;
+                
+            default:
+                return $groupId;
+                break;
+        }
+    }
+    
+    /**
      * returns arrays of metainfo from given accountIds
      *
      * @param array $_accountIds
@@ -518,7 +557,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         $filterArray = array();
         foreach ($_accountIds as $accountId) {
             $accountId = Tinebase_Model_User::convertUserIdToInt($accountId);
-            $filterArray[] = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, Zend_Ldap::filterEscape($accountId));
+            $filterArray[] = Zend_Ldap_Filter::equals($this->_userUUIDAttribute, $this->_encodeAccountId($accountId));
         }
         $filter = new Zend_Ldap_Filter_Or($filterArray);
         
@@ -579,7 +618,7 @@ class Tinebase_Group_ActiveDirectory extends Tinebase_Group_Ldap
         $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
         
         $filter = Zend_Ldap_Filter::equals(
-            $this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId)
+            $this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)
         );
         
         $result = $this->_ldap->search(
index 60ef612..6fc3b10 100644 (file)
@@ -161,7 +161,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId))
+            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId))
         );
         
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . " ldap filter: " . $filter);
@@ -363,7 +363,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . " account meta data: " . print_r($accountMetaData, true));
         
         $filter = Zend_Ldap_Filter::andFilter(
-            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId)),
+            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)),
             Zend_Ldap_Filter::equals('memberuid', Zend_Ldap::filterEscape($accountMetaData['uid']))
         );
         
@@ -382,7 +382,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         
         if ($this->_options['useRfc2307bis']) {
             $filter = Zend_Ldap_Filter::andFilter(
-                Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId)),
+                Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)),
                 Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($accountMetaData['dn']))
             );
             
@@ -406,7 +406,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         if ($this->_options['useRfc2307bis']) {
             // remove groupdn if no longer needed
             $filter = Zend_Ldap_Filter::andFilter(
-                Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId)),
+                Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)),
                 Zend_Ldap_Filter::equals('member', Zend_Ldap::filterEscape($groupDn))
             );
             
@@ -644,7 +644,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         $groupId = Tinebase_Model_Group::convertGroupIdToInt($_groupId);
         
         $filter = Zend_Ldap_Filter::equals(
-            $this->_groupUUIDAttribute, Zend_Ldap::filterEscape($groupId)
+            $this->_groupUUIDAttribute, $this->_encodeGroupId($groupId)
         );
         
         $result = $this->_ldap->search(
@@ -669,10 +669,10 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
      */
     protected function _getUserMetaData($_userId)
     {
-        $userId = Tinebase_Model_User::convertUserIdToInt($_userId);
+        $userId = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId));
 
         $filter = Zend_Ldap_Filter::equals(
-            $this->_userUUIDAttribute, Zend_Ldap::filterEscape($userId)
+            $this->_userUUIDAttribute, $userId
         );
 
         $result = $this->_ldap->search(
@@ -758,6 +758,28 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
     }
     
     /**
+     * helper function to be overwriten in subclasses
+     * 
+     * @param  string  $accountId
+     * @return string
+     */
+    protected function _encodeAccountId($accountId)
+    {
+        return $accountId;
+    }
+    
+    /**
+     * convert binary id to plain text id
+     * 
+     * @param  string  $groupId
+     * @return string
+     */
+    protected function _encodeGroupId($groupId)
+    {
+        return $groupId;
+    }
+    
+    /**
      * returns a single account dn
      *
      * @param string $_accountId
@@ -858,7 +880,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::equals('gidnumber', Zend_Ldap::filterEscape($_gidNumber))
+            Zend_Ldap_Filter::equals('gidnumber', $_gidNumber)
         );
         
         $groupId = $this->_ldap->search(
@@ -889,7 +911,7 @@ class Tinebase_Group_Ldap extends Tinebase_Group_Sql implements Tinebase_Group_I
         
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_groupBaseFilter),
-            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, Zend_Ldap::filterEscape($_uuid))
+            Zend_Ldap_Filter::equals($this->_groupUUIDAttribute, $this->_encodeGroupId($_uuid))
         );
         
         $groupId = $this->_ldap->search(
index 29ec7f4..0f43494 100644 (file)
@@ -389,6 +389,26 @@ class Tinebase_User_ActiveDirectory extends Tinebase_User_Ldap
     }
     
     /**
+     * convert plain text id to binary id
+     * 
+     * @param  string  $accountId
+     * @return string
+     */
+    protected function _encodeAccountId($accountId)
+    {
+        switch ($this->_userUUIDAttribute) {
+            case 'objectguid':
+                return Tinebase_Ldap::encodeGuid($accountId);
+                break;
+                
+            default:
+                return $accountId;
+                break;
+        }
+        
+    }
+    
+    /**
      * generates dn for new user
      *
      * @param  Tinebase_Model_FullUser $_account
index 20a89bb..51a88c5 100644 (file)
@@ -601,16 +601,16 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
     {
         switch($_property) {
             case 'accountId':
-                $value = Tinebase_Model_User::convertUserIdToInt($_userId);
+                $value = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId));
                 break;
             default:
-                $value = $_userId;
+                $value = Zend_Ldap::filterEscape($_userId);
                 break;
         }
-
+        
         $filter = Zend_Ldap_Filter::andFilter(
             Zend_Ldap_Filter::string($this->_userBaseFilter),
-            Zend_Ldap_Filter::equals($this->_rowNameMapping[$_property], Zend_Ldap::filterEscape($value))
+            Zend_Ldap_Filter::equals($this->_rowNameMapping[$_property], $value)
         );
         
         $attributes = array_values($this->_rowNameMapping);
@@ -651,10 +651,10 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
      */
     protected function _getMetaData($_userId)
     {
-        $userId = Tinebase_Model_User::convertUserIdToInt($_userId);
+        $userId = $this->_encodeAccountId(Tinebase_Model_User::convertUserIdToInt($_userId));
 
         $filter = Zend_Ldap_Filter::equals(
-            $this->_rowNameMapping['accountId'], Zend_Ldap::filterEscape($userId)
+            $this->_rowNameMapping['accountId'], $userId
         );
 
         $result = $this->_ldap->search(
@@ -856,6 +856,17 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
     }
 
     /**
+     * helper function to be overwriten in subclasses
+     * 
+     * @param  string  $accountId
+     * @return string
+     */
+    protected function _encodeAccountId($accountId)
+    {
+        return $accountId;
+    }
+
+    /**
      * parse ldap result set and update Addressbook_Model_Contact
      *
      * @param array                      $_userData
@@ -993,12 +1004,12 @@ class Tinebase_User_Ldap extends Tinebase_User_Sql implements Tinebase_User_Inte
      */
     public function resolveUUIdToUIdNumber($_uuid)
     {
-        if ($this->_groupUUIDAttribute == 'uidnumber') {
+        if ($this->_userUUIDAttribute == 'uidnumber') {
             return $_uuid;
         }
 
         $filter = Zend_Ldap_Filter::equals(
-            $this->_userUUIDAttribute, Zend_Ldap::filterEscape($_uuid)
+            $this->_userUUIDAttribute, $this->_encodeAccountId($_uuid)
         );
 
         $groupId = $this->_ldap->search(