From 3df3e3e067be59e2a98c624287db71694b811254 Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 24 Jan 2007 05:06:35 +0000 Subject: [PATCH] Added commit from 2.5. >Author: careworks >Date: 2007-01-23 15:35:33 +0100 (Tue, 23 Jan 2007) >New Revision: 5801 > >Modified: > branches/2.5/Changelog > branches/2.5/FAQ > branches/2.5/html/index.php > branches/2.5/include/functions.inc > branches/2.5/include/functions_setup.inc > branches/2.5/plugins/personal/password/main.inc >Log: >- Fix TLS ldap connections when schema checking is being used >- Prepare setup to allow for TLS ldap servers somewhere in the future >- Fix incorrect FAQ entry about TLS git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5603 594d385d-05f5-0310-b6e9-bd551577e9d8 --- Changelog | 2 ++ FAQ | 4 ++-- html/index.php | 8 +++++-- include/functions.inc | 3 ++- include/functions_setup.inc | 36 +++++++++++++++++++++++------- plugins/personal/password/main.inc | 3 +-- 6 files changed, 41 insertions(+), 15 deletions(-) diff --git a/Changelog b/Changelog index 9e9894f47..cf1ac23a8 100644 --- a/Changelog +++ b/Changelog @@ -1,5 +1,7 @@ GOsa2 changelog =============== +* gosa 2.5.9 + - Fixed ldap tls connections when schema check was being used * gosa 2.5.7 - Fixed login.tpl to display error msgs in the middle of the screen diff --git a/FAQ b/FAQ index 37138071f..30b4c8e34 100644 --- a/FAQ +++ b/FAQ @@ -269,12 +269,12 @@ Q: I'd like to have TLS based LDAP connections from within GOsa. Is this possibl A: Yes, add -
+ ... tls="true" ... \> - to the main section of GOsa. This switch affects all LDAP connections. + to the location section of GOsa. This switch affects LDAP connections for a single location only. Q: Cyrus folder get created in the style user.username. I prefer the unix hirachy diff --git a/html/index.php b/html/index.php index 583f78f88..14a8b3005 100644 --- a/html/index.php +++ b/html/index.php @@ -219,12 +219,16 @@ if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])){ } if(isset($config->data['MAIN']['SCHEMA_CHECK'])&&preg_match("/true/i",$config->data['MAIN']['SCHEMA_CHECK'])){ require_once("functions_setup.inc"); - if(!is_schema_readable($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'])){ + $recursive = (isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true"); + $tls = (isset($config->current['TLS']) && $config->current['TLS'] == "true"); + + if(!is_schema_readable($config->current['SERVER'], $config->current['ADMIN'], $config->current['PASSWORD'], $recursive, $tls)){ + print_red(_("GOsa cannot retrieve information about the installed schema files. Please make sure, that this is possible.")); displayLogin(); exit() ; }else{ - $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'],0,TRUE)); + $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'], $recursive, $tls, 0, TRUE)); $checkarr = array(); foreach($str as $tr){ if(isset($tr['needonstartup'])){ diff --git a/include/functions.inc b/include/functions.inc index b1deb986e..9f0aef9e4 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -291,7 +291,8 @@ function ldap_init ($server, $base, $binddn='', $pass='') { global $config; - $ldap = new LDAP ($binddn, $pass, $server, isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", + $ldap = new LDAP ($binddn, $pass, $server, + isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", isset($config->current['TLS']) && $config->current['TLS'] == "true"); /* Sadly we've no proper return values here. Use the error message instead. */ diff --git a/include/functions_setup.inc b/include/functions_setup.inc index faac360b2..7d41ffd95 100644 --- a/include/functions_setup.inc +++ b/include/functions_setup.inc @@ -30,9 +30,9 @@ function view_schema_check($table) } -function is_schema_readable($server, $admin, $password) +function is_schema_readable($server, $admin, $password, $follow_referrals=FALSE, $tls=FALSE) { - $ldap = new LDAP($admin,$password,$server); + $ldap = new LDAP($admin, $password, $server, $follow_referrals, $tls); $tmp = $ldap->get_objectclasses(); if(count($tmp)){ @@ -41,7 +41,7 @@ function is_schema_readable($server, $admin, $password) return(false); } -function schema_check($server, $admin, $password, $aff=0,$CalledByIndexPhP=false) +function schema_check($server, $admin, $password, $follow_referrals=FALSE, $tls=FALSE, $aff=0, $CalledByIndexPhP=false) { global $config; @@ -78,7 +78,7 @@ function schema_check($server, $admin, $password, $aff=0,$CalledByIndexPhP=false ); /* Get objectclasses */ - $ldap = new LDAP($admin,$password, $server); + $ldap = new LDAP($admin,$password, $server, $follow_referrals, $tls); $objectclasses = $ldap->get_objectclasses(); if(count($objectclasses) == 0){ return (array(array("msg" => _("Can't get schema information from server. No schema check possible!"), "status" => FALSE))); @@ -882,6 +882,13 @@ function show_setup_page4($withoutput = true) if(!isset($_SESSION['ldapconf']['mail'])){ $_SESSION['ldapconf']['mail']= 0; } + if(!isset($_SESSION['ldapconf']['follow_referrals'])){ + $_SESSION['ldapconf']['follow_referrals']= FALSE; + } + if(!isset($_SESSION['ldapconf']['tls'])){ + $_SESSION['ldapconf']['tls']= FALSE; + } + $tmp= array_flip($_SESSION['ldapconf']['arr_cryptkeys']); if(!isset($_SESSION['ldapconf']['arr_crypts'])){ $_SESSION['ldapconf']['arr_crypts'] = $tmp['md5']; @@ -897,14 +904,22 @@ function show_setup_page4($withoutput = true) if(isset($_POST['check']) || (isset($_POST['admin'])) && isset($_POST['password'])) { $ldap= new LDAP($_SESSION['ldapconf']['admin'], $_SESSION['ldapconf']['password'], - $_SESSION['ldapconf']['uri']); + $_SESSION['ldapconf']['uri'], + $_SESSION['ldapconf']['follow_referrals'], + $_SESSION['ldapconf']['tls']); $m= schema_check($_SESSION['ldapconf']['uri'], $_SESSION['ldapconf']['admin'], - $_SESSION['ldapconf']['password']); + $_SESSION['ldapconf']['password'], + $_SESSION['ldapconf']['follow_referrals'], + $_SESSION['ldapconf']['tls']); + $_SESSION['classes']= $m; - if(!is_schema_readable($ldapconf['uri'],$ldapconf['admin'],$ldapconf['password'])){ + //TODO: Ask user for referrals and TLS config options during setup. They are initialized to false at the moment: + $ldapconf['follow_referrals'] = false; + $ldapconf['tls'] = false; + if(!is_schema_readable($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'], $ldapconf['follow_referrals'], $ldapconf['tls'])){ if($withoutput){ print_red(_("Can't read schema informations, GOsa needs to know your schema setup. Please verify that it is readable for GOsa")); } @@ -954,7 +969,12 @@ function show_setup_page5($withoutput=true) $smarty->assign("webgroup", $info['name']); $smarty->assign("path", CONFIG_DIR); $message= ""; - $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'],1); + + //TODO:Ask user for referral and TLS config options during setup. They are initialized to false at the moment: + $ldapconf['follow_referrals'] = false; + $ldapconf['tls'] = false; + + $m= schema_check($ldapconf['uri'], $ldapconf['admin'], $ldapconf['password'], $ldapconf['follow_referrals'], $ldapconf['tls'], 1); if($withoutput) { $smarty->assign ("schemas", view_schema_check($m)); diff --git a/plugins/personal/password/main.inc b/plugins/personal/password/main.inc index 0d21e6d13..a3a98640a 100644 --- a/plugins/personal/password/main.inc +++ b/plugins/personal/password/main.inc @@ -39,8 +39,7 @@ if (!$remove_lock){ $tldap = new LDAP($ui->dn, $_POST['current_password'], $config->current['SERVER'], isset($config->current['RECURSIVE']) && $config->current['RECURSIVE'] == "true", - isset($config->current['TLS']) - && $config->current['TLS'] == "true"); + isset($config->current['TLS']) && $config->current['TLS'] == "true"); if ($tldap->error != "Success"){ $message[]= _("The password you've entered as your current password doesn't match the real one."); } -- 2.30.2