From: careworks Date: Tue, 23 Jan 2007 14:35:33 +0000 (+0000) Subject: - Fix TLS ldap connections when schema checking is being used X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=5709c65a8fab96a850023dbf6d6c2a9c31344a69;p=gosa.git - Fix TLS ldap connections when schema checking is being used - Prepare setup to allow for TLS ldap servers somewhere in the future - Fix incorrect FAQ entry about TLS git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@5601 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/Changelog b/Changelog index ea6c36dcf..bd112be9e 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,7 @@ GOsa2 changelog =============== +* gosa 2.5.9 + - Fixed ldap tls connections when schema check was being used * gosa 2.5.8 - Fixed date of birth and shadow expire in template adaption diff --git a/FAQ b/FAQ index 89cdfd27a..3df30238b 100644 --- a/FAQ +++ b/FAQ @@ -269,12 +269,12 @@ Q: I'd like to have TLS based LDAP connections from within GOsa. Is this possibl A: Yes, add -
+ ... tls="true" ... \> - to the main section of GOsa. This switch affects all LDAP connections. + to the location section of GOsa. This switch affects LDAP connections for a single location only. Q: Cyrus folder get created in the style user.username. I prefer the unix hirachy diff --git a/html/index.php b/html/index.php index 160fd7b5f..b920dd7e4 100644 --- a/html/index.php +++ b/html/index.php @@ -215,12 +215,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])){ } if(isset($config->data['MAIN']['SCHEMA_CHECK'])&&preg_match("/true/i",$config->data['MAIN']['SCHEMA_CHECK'])){ require_once("functions_setup.inc"); - if(!is_schema_readable($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'])){ + $recursive = (isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true"); + $tls = (isset($config->current['TLS']) && $config->current['TLS'] == "true"); + + if(!is_schema_readable($config->current['SERVER'], $config->current['ADMIN'], $config->current['PASSWORD'], $recursive, $tls)){ + print_red(_("GOsa cannot retrieve information about the installed schema files. Please make sure, that this is possible.")); displayLogin(); exit(); }else{ - $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'],0,TRUE)); + $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'], $recursive, $tls, 0, TRUE)); $checkarr = array(); foreach($str as $tr){ if(isset($tr['needonstartup'])){ diff --git a/include/functions.inc b/include/functions.inc index c4edb994e..a07ae3a7e 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -290,7 +290,8 @@ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; - $ldap = new LDAP ($binddn, $pass, $server, isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", + $ldap = new LDAP ($binddn, $pass, $server, + isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", isset($config->current['TLS']) && $config->current['TLS'] == "true"); /* Sadly we've no proper return values here. Use the error message instead. */ diff --git a/include/functions_setup.inc b/include/functions_setup.inc index faac360b2..7d41ffd95 100644 --- a/include/functions_setup.inc +++ b/include/functions_setup.inc @@ -30,9 +30,9 @@ function view_schema_check($table) } -function is_schema_readable($server, $admin, $password) +function is_schema_readable($server, $admin, $password, $follow_referrals=FALSE, $tls=FALSE) { - $ldap = new LDAP($admin,$password,$server); + $ldap = new LDAP($admin, $password, $server, $follow_referrals, $tls); $tmp = $ldap->get_objectclasses(); if(count($tmp)){ @@ -41,7 +41,7 @@ function is_schema_readable($server, $admin, $password) return(false); } -function schema_check($server, $admin, $password, $aff=0,$CalledByIndexPhP=false) +function schema_check($server, $admin, $password, $follow_referrals=FALSE, $tls=FALSE, $aff=0, $CalledByIndexPhP=false) { global $config; @@ -78,7 +78,7 @@ function schema_check($server, $admin, $password, $aff=0,$CalledByIndexPhP=false ); /* Get objectclasses */ - $ldap = new LDAP($admin,$password, $server); + $ldap = new LDAP($admin,$password, $server, $follow_referrals, $tls); $objectclasses = $ldap->get_objectclasses(); if(count($objectclasses) == 0){ return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE))); @@ -882,6 +882,13 @@ function show_setup_page4($withoutput = true) if(!isset($_SESSION['ldapconf']['mail'])){ $_SESSION['ldapconf']['mail']= 0; } + if(!isset($_SESSION['ldapconf']['follow_referrals'])){ + $_SESSION['ldapconf']['follow_referrals']= FALSE; + } + if(!isset($_SESSION['ldapconf']['tls'])){ + $_SESSION['ldapconf']['tls']= FALSE; + } + $tmp= array_flip($_SESSION['ldapconf']['arr_cryptkeys']); if(!isset($_SESSION['ldapconf']['arr_crypts'])){ $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5']; @@ -897,14 +904,22 @@ function show_setup_page4($withoutput = true) if(isset($_POST['check']) || (isset($_POST['admin'])) && isset($_POST['password'])) { $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], - $_SESSION['ldapconf']['uri']); + $_SESSION['ldapconf']['uri'], + $_SESSION['ldapconf']['follow_referrals'], + $_SESSION['ldapconf']['tls']); $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], - $_SESSION['ldapconf']['password']); + $_SESSION['ldapconf']['password'], + $_SESSION['ldapconf']['follow_referrals'], + $_SESSION['ldapconf']['tls']); + $_SESSION['classes']= $m; - if(!is_schema_readable($ldapconf['uri'],$ldapconf['admin'],$ldapconf['password'])){ + //TODO: Ask user for referrals and TLS config options during setup. They are initialized to false at the moment: + $ldapconf['follow_referrals'] = false; + $ldapconf['tls'] = false; + if(!is_schema_readable($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'], $ldapconf['follow_referrals'], $ldapconf['tls'])){ if($withoutput){ print_red(_("Can't read schema informations, GOsa needs to know your schema setup. Please verify that it is readable for GOsa")); } @@ -954,7 +969,12 @@ function show_setup_page5($withoutput=true) $smarty->assign("webgroup", $info['name']); $smarty->assign("path", CONFIG_DIR); $message= ""; - $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1); + + //TODO:Ask user for referral and TLS config options during setup. They are initialized to false at the moment: + $ldapconf['follow_referrals'] = false; + $ldapconf['tls'] = false; + + $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'], $ldapconf['follow_referrals'], $ldapconf['tls'], 1); if($withoutput) { $smarty->assign ("schemas", view_schema_check($m)); diff --git a/plugins/personal/password/main.inc b/plugins/personal/password/main.inc index 22624f6d7..dd83a1937 100644 --- a/plugins/personal/password/main.inc +++ b/plugins/personal/password/main.inc @@ -32,8 +32,7 @@ if (!$remove_lock){ $tldap = new LDAP($ui->dn, $_POST['current_password'], $config->current['SERVER'], isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", - isset($config->current['TLS']) - && $config->current['TLS'] == "true"); + isset($config->current['TLS']) && $config->current['TLS'] == "true"); if ($tldap->error != "Success"){ $message[]= _("The password you've entered as your current password doesn't match the real one."); }