![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 30c7f2778b7a3e52888ddd764d6baa5fa544fe3c..9b735693646d6ac239757b0fac8b3cbb4f2867e2 100644 (file)
define ("HELP_BASEDIR", "/var/www/doc/");
/* Define get_list flags */
-define("GL_NONE", 0);
-define("GL_SUBSEARCH", 1);
-define("GL_SIZELIMIT", 2);
-define("GL_CONVERT" , 4);
+define("GL_NONE", 0);
+define("GL_SUBSEARCH", 1);
+define("GL_SIZELIMIT", 2);
+define("GL_CONVERT", 4);
+define("GL_NO_ACL_CHECK", 8);
/* Heimdal stuff */
define('UNIVERSAL',0x00);
/* Look for entry or realm */
$ldap= $config->get_ldap_link();
if (!preg_match("/Success/i", $ldap->error)){
- msg_dialog::display(_("LDAP error"), sprintf(_('User login failed.').'<br><br>'._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
+ msg_dialog::display(_("LDAP error"), sprintf(_('User login failed.').'<br><br>'._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), FATAL_ERROR_DIALOG);
$smarty= get_smarty();
$smarty->display(get_template_path('headers.tpl'));
echo "<body>".session::get('errors')."</body></html>";
$ldap->search("(&(objectClass=gosaAccount)(uid=$username))", array("uid"));
/* Found no uniq match? Strange, because we did above... */
if ($ldap->count() != 1) {
- msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), ERROR_DIALOG);
+ msg_dialog::display(_("LDAP error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG);
return (NULL);
}
$attrs= $ldap->fetch();
/* look through the entire ldap */
$ldap = $config->get_ldap_link();
if (!preg_match("/Success/i", $ldap->error)){
- msg_dialog::display(_("LDAP error"), sprintf(_("User login failed.")."<br><br>"._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), ERROR_DIALOG);
+ msg_dialog::display(_("LDAP error"), sprintf(_("User login failed.")."<br><br>"._('LDAP server returned: %s'), "<br><br><i>".$ldap->get_error()."</i>"), FATAL_ERROR_DIALOG);
$smarty= get_smarty();
$smarty->display(get_template_path('headers.tpl'));
echo "<body>".session::get('errors')."</body></html>";
/* found more than one matching id */
default:
- msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), ERROR_DIALOG);
+ msg_dialog::display(_("Internal error"), _("Username / UID is not unique inside the LDAP tree. Please contact your Administrator."), FATAL_ERROR_DIALOG);
return (NULL);
}
/* \!brief This function searches the ldap database.
- It search in $sub_base,*,$base for all objects matching the $filter.
+ It search in $sub_bases,*,$base for all objects matching the $filter.
@param $filter String The ldap search filter
@param $category String The ACL category the result objects belongs
- @param $sub_base String The sub base we want to search for e.g. "ou=apps"
+ @param $sub_bases String The sub base we want to search for e.g. "ou=apps"
@param $base String The ldap base from which we start the search
@param $attributes Array The attributes we search for.
@param $flags Long A set of Flags
*/
-function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
+function get_sub_list($filter, $category,$sub_deps, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
global $config, $ui;
+ $departments = array();
+
+# $start = microtime(TRUE);
/* Get LDAP link */
$ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
/* Set search base to configured base if $base is empty */
if ($base == ""){
- $ldap->cd ($config->current['BASE']);
- } else {
- $ldap->cd ($base);
+ $base = $config->current['BASE'];
+ }
+ $ldap->cd ($base);
+
+ /* Ensure we have an array as department list */
+ if(is_string($sub_deps)){
+ $sub_deps = array($sub_deps);
}
- /* Remove , ("ou=1,ou=2.." => "ou=1") */
- $sub_base = preg_replace("/,.*$/","",$sub_base);
+ /* Remove ,.*$ ("ou=1,ou=2.." => "ou=1") */
+ $sub_bases = array();
+ foreach($sub_deps as $key => $sub_base){
+ if(empty($sub_base)){
- /* Check if we have enabled the sub_dir search support AND
- * if there is a sub department specified.
- * If not, fall back to old method, get_list().
+ /* Subsearch is activated and we got an empty sub_base.
+ * (This may be the case if you have empty people/group ous).
+ * Fall back to old get_list().
+ * A log entry will be written.
+ */
+ if($flags & GL_SUBSEARCH){
+ $sub_bases = array();
+ break;
+ }else{
+
+ /* Do NOT search within subtrees is requeste and the sub base is empty.
+ * Append all known departments that matches the base.
+ */
+ $departments[$base] = $base;
+ }
+ }else{
+ $sub_bases[$key] = preg_replace("/,.*$/","",$sub_base);
+ }
+ }
+
+ /* If there is no sub_department specified, fall back to old method, get_list().
*/
- $sub_enabled = isset($config->current['SUB_LIST_SUPPORT']) && preg_match("/true/i",$config->current['SUB_LIST_SUPPORT']);
- if($sub_base == "" || !$sub_enabled){
- return(get_list($filter, $category,$base,$attributes,$flags));
+ if(!count($sub_bases) && !count($departments)){
+
+ /* Log this fall back, it may be an unpredicted behaviour.
+ */
+ if(!count($sub_bases) && !count($departments)){
+ // log($action,$objecttype,$object,$changes_array = array(),$result = "")
+ new log("debug","all",__FILE__,$attributes,
+ sprintf("get_sub_list(): Falling back to get_list(), due to empty sub_bases parameter.".
+ " This may slow down GOsa. Search was: '%s'",$filter));
+ }
+ $tmp = get_list($filter, $category,$base,$attributes,$flags);
+ return($tmp);
}
- /* Get all deparments matching the given sub_base */
- $departments = array();
- $ldap->search($sub_base,array("dn"));
+ /* Get all deparments matching the given sub_bases */
+ $base_filter= "";
+ foreach($sub_bases as $sub_base){
+ $base_filter .= "(".$sub_base.")";
+ }
+ $base_filter = "(&(objectClass=organizationalUnit)(|".$base_filter."))";
+ $ldap->search($base_filter,array("dn"));
while($attrs = $ldap->fetch()){
- $departments[$attrs['dn']] = $attrs['dn'];
+ foreach($sub_deps as $sub_dep){
+
+ /* Only add those departments that match the reuested list of departments.
+ *
+ * e.g. sub_deps = array("ou=servers,ou=systems,");
+ *
+ * In this case we have search for "ou=servers" and we may have also fetched
+ * departments like this "ou=servers,ou=blafasel,..."
+ * Here we filter out those blafasel departments.
+ */
+ if(preg_match("/".normalizePreg($sub_dep)."/",$attrs['dn'])){
+ $departments[$attrs['dn']] = $attrs['dn'];
+ break;
+ }
+ }
}
$result= array();
@@ -804,7 +859,7 @@ function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= arra
if ($flags & GL_SUBSEARCH) {
$ldap->search ($filter, $attributes);
} else {
- $ldap->ls ($filter,$base,$attributes);
+ $ldap->ls ($filter,$dep,$attributes);
}
/* Check for size limit exceeded messages for GUI feedback */
@@ -825,21 +880,30 @@ function get_sub_list($filter, $category,$sub_base, $base= "", $attributes= arra
$attrs["dn"]= $dn;
}
- /* Sort in every value that fits the permissions */
- if (is_array($category)){
- foreach ($category as $o){
- if ($ui->get_category_permissions($dn, $o) != ""){
+ /* Skip ACL checks if we are forced to skip those checks */
+ if($flags & GL_NO_ACL_CHECK){
+ $result[]= $attrs;
+ }else{
+
+ /* Sort in every value that fits the permissions */
+ if (is_array($category)){
+ foreach ($category as $o){
+ if ($ui->get_category_permissions($dn, $o) != ""){
+ $result[]= $attrs;
+ break;
+ }
+ }
+ } else {
+ if ( $ui->get_category_permissions($dn, $category) != ""){
$result[]= $attrs;
- break;
}
}
- } else {
- if ($ui->get_category_permissions($dn, $category) != ""){
- $result[]= $attrs;
- }
}
}
}
+# if(microtime(TRUE) - $start > 0.1){
+# echo sprintf("<pre>GET_SUB_LIST %s .| %f --- $base -----$filter ---- $flags</pre>",__LINE__,microtime(TRUE) - $start);
+# }
return($result);
}
@@ -848,6 +912,8 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G
{
global $config, $ui;
+# $start = microtime(TRUE);
+
/* Get LDAP link */
$ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
@@ -875,36 +941,42 @@ function get_list($filter, $category, $base= "", $attributes= array(), $flags= G
$result= array();
while($attrs = $ldap->fetch()) {
+
$dn= $ldap->getDN();
- /* Sort in every value that fits the permissions */
- if (is_array($category)){
- foreach ($category as $o){
- if ($ui->get_category_permissions($dn, $o) != ""){
- if ($flags & GL_CONVERT){
- $attrs["dn"]= convert_department_dn($dn);
- } else {
- $attrs["dn"]= $dn;
+ /* Convert dn into a printable format */
+ if ($flags & GL_CONVERT){
+ $attrs["dn"]= convert_department_dn($dn);
+ } else {
+ $attrs["dn"]= $dn;
+ }
+
+ if($flags & GL_NO_ACL_CHECK){
+ $result[]= $attrs;
+ }else{
+
+ /* Sort in every value that fits the permissions */
+ if (is_array($category)){
+ foreach ($category as $o){
+ if ($ui->get_category_permissions($dn, $o) != ""){
+
+ /* We found what we were looking for, break speeds things up */
+ $result[]= $attrs;
}
+ }
+ } else {
+ if ($ui->get_category_permissions($dn, $category) != ""){
/* We found what we were looking for, break speeds things up */
$result[]= $attrs;
}
}
- } else {
- if ($ui->get_category_permissions($dn, $category) != ""){
- if ($flags & GL_CONVERT){
- $attrs["dn"]= convert_department_dn($dn);
- } else {
- $attrs["dn"]= $dn;
- }
-
- /* We found what we were looking for, break speeds things up */
- $result[]= $attrs;
- }
}
}
-
+
+# if(microtime(TRUE) - $start > 0.1){
+# echo sprintf("<pre>GET_LIST %s .| %f --- $base -----$filter ---- $flags</pre>",__LINE__,microtime(TRUE) - $start);
+# }
return ($result);
}
/* Assemble the message array to a plain string */
foreach ($message as $error){
- if ($complete == ""){
- $complete= $error;
- } else {
- $complete= "$error<br>$complete";
- }
+ msg_dialog::display(_("Error"), $error, ERROR_DIALOG);
}
-
- /* Fill ERROR variable with nice error dialog */
- msg_dialog::display(_("Error"), $complete, ERROR_DIALOG);
}
}
if(!$rfc2307bis && !isset($tmp['posixGroup']['STRUCTURAL'])){
$checks['posixGroup']['STATUS'] = FALSE;
- $checks['posixGroup']['MSG'] = _("You have disabled the rfc2307bis option on the 'ldap setup' step, but your schema configuration do not support this option.");
+ $checks['posixGroup']['MSG'] = _("Your schema is configured to support the rfc2307bis group, but you have disabled this option on the 'ldap setup' step.");
$checks['posixGroup']['INFO'] = _("The objectClass 'posixGroup' must be STRUCTURAL");
}
}