comanage-dev - [comanage-dev] r541 - in registry/trunk/app/Plugin/LdapProvisioner: Config/Schema Lib Model View/CoLdapProvisionerTargets
Subject: COmanage Developers List
List archive
[comanage-dev] r541 - in registry/trunk/app/Plugin/LdapProvisioner: Config/Schema Lib Model View/CoLdapProvisionerTargets
Chronological Thread
- From:
- To:
- Subject: [comanage-dev] r541 - in registry/trunk/app/Plugin/LdapProvisioner: Config/Schema Lib Model View/CoLdapProvisionerTargets
- Date: Sun, 16 Jun 2013 20:26:41 -0400
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
Author: benno
Date: 2013-06-16 20:26:41 -0400 (Sun, 16 Jun 2013)
New Revision: 541
Modified:
registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerDn.php
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
Log:
LDAP Provisioner DN Customization (CO-550)
Modified: registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
2013-06-17 00:25:07 UTC (rev 540)
+++ registry/trunk/app/Plugin/LdapProvisioner/Config/Schema/schema.xml
2013-06-17 00:26:41 UTC (rev 541)
@@ -34,6 +34,9 @@
<field name="binddn" type="C" size="128" />
<field name="password" type="C" size="64" />
<field name="basedn" type="C" size="128" />
+<!-- document these -->
+ <field name="dn_attribute_name" type="C" size="32" />
+ <field name="dn_identifier_type" type="C" size="32" />
<field name="opt_lang" type="L" />
<field name="opt_role" type="L" />
<field name="oc_eduperson" type="L" />
Modified: registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php 2013-06-17
00:25:07 UTC (rev 540)
+++ registry/trunk/app/Plugin/LdapProvisioner/Lib/lang.php 2013-06-17
00:26:41 UTC (rev 541)
@@ -37,6 +37,7 @@
'er.ldapprovisioner.basedn' => 'Base DN not found',
'er.ldapprovisioner.connect' => 'Failed to connect to LDAP server',
'er.ldapprovisioner.dn.component' => 'DN component %1$s not available',
+ 'er.ldapprovisioner.dn.config' => 'DN configuration invalid',
'er.ldapprovisioner.dn.noattr' => 'DN attributes not found for CO
Person %1$s',
'er.ldapprovisioner.dn.none' => 'DN not found for CO Person %1$s',
@@ -47,6 +48,10 @@
'pl.ldapprovisioner.basedn.desc' => 'Base DN to provision entries
under',
'pl.ldapprovisioner.binddn' => 'Bind DN',
'pl.ldapprovisioner.binddn.desc' => 'DN to authenticate as to manage
entries',
+ 'pl.ldapprovisioner.dnattr' => 'DN Attribute Name',
+ 'pl.ldapprovisioner.dnattr.desc' => 'When constructing DNs, use this
attribute name for the unique component',
+ 'pl.ldapprovisioner.dntype' => 'DN Identifier Type',
+ 'pl.ldapprovisioner.dntype.desc' => 'When constructing DNs, use the
value associated with this identifier type as the value for the unique
component',
'pl.ldapprovisioner.fd.useorgval' => 'Use value from Organizational
Identity',
'pl.ldapprovisioner.info' => 'The LDAP server must be available
and the specified credentials must be valid before this configuration can be
saved.',
'pl.ldapprovisioner.password' => 'Password',
Modified:
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerDn.php
===================================================================
--- registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerDn.php
2013-06-17 00:25:07 UTC (rev 540)
+++ registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerDn.php
2013-06-17 00:26:41 UTC (rev 541)
@@ -66,14 +66,42 @@
*/
public function assignDn($coProvisioningTargetData, $coPersonData) {
- // XXX make this configurable (CO-550)
+ // Start by checking the DN configuration
- if(!isset($coPersonData['CoPerson']['id'])) {
- throw new RuntimeException(_txt('er.ldapprovisioner.dn.component',
array("co_person_id")));
+
if(empty($coProvisioningTargetData['CoLdapProvisionerTarget']['dn_attribute_name'])
+ ||
empty($coProvisioningTargetData['CoLdapProvisionerTarget']['dn_identifier_type']))
{
+ // Throw an exception... these should be defined
+ throw new RuntimeException(_txt('er.ldapprovisioner.dn.config'));
}
- $dn = "uid=" . $coPersonData['CoPerson']['id'] . "," .
$coProvisioningTargetData['CoLdapProvisionerTarget']['basedn'];
+ // Walk through available identifiers looking for a match
+ $dn = "";
+
+ foreach($coPersonData['Identifier'] as $identifier) {
+ if(!empty($identifier['type'])
+ && $identifier['type'] ==
$coProvisioningTargetData['CoLdapProvisionerTarget']['dn_identifier_type']
+ && !empty($identifier['identifier'])
+ && $identifier['status'] == StatusEnum::Active) {
+ // Match. We'll use the first active row found... it's undefined how
to behave
+ // if multiple active identifiers of a given type are found. (We
don't actually
+ // need to check for Status=Active since ProvisionerBehavior will
filter out
+ // non-Active status.)
+
+ $dn =
$coProvisioningTargetData['CoLdapProvisionerTarget']['dn_attribute_name']
+ . "=" . $identifier['identifier']
+ . "," .
$coProvisioningTargetData['CoLdapProvisionerTarget']['basedn'];
+
+ break;
+ }
+ }
+
+ if($dn == "") {
+ // We can't proceed without a DN
+ throw new RuntimeException(_txt('er.ldapprovisioner.dn.component',
+
array($coProvisioningTargetData['CoLdapProvisionerTarget']['dn_identifier_type'])));
+ }
+
$dnRecord = array();
$dnRecord['CoLdapProvisionerDn']['co_ldap_provisioner_target_id'] =
$coProvisioningTargetData['CoLdapProvisionerTarget']['id'];
$dnRecord['CoLdapProvisionerDn']['co_person_id'] =
$coPersonData['CoPerson']['id'];
Modified:
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
===================================================================
---
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
2013-06-17 00:25:07 UTC (rev 540)
+++
registry/trunk/app/Plugin/LdapProvisioner/Model/CoLdapProvisionerTarget.php
2013-06-17 00:26:41 UTC (rev 541)
@@ -71,6 +71,9 @@
'password' => array(
'rule' => 'notEmpty'
),
+ 'dnattr' => array(
+ 'rule' => 'notEmpty'
+ ),
'basedn' => array(
'rule' => 'notEmpty'
),
@@ -380,10 +383,33 @@
}
}
- // Make sure the DN values are in the list
+ // Make sure the DN values are in the list (check case insensitively, in
case
+ // the user-entered case used to build the DN doesn't match). First, map
the
+ // outbound attributes to lowercase.
+ $lcattributes = array();
+
+ foreach(array_keys($attributes) as $a) {
+ $lcattributes[strtolower($a)] = $a;
+ }
+
+ // Now walk through each DN attribute
+
foreach(array_keys($dnAttributes) as $a) {
- if(empty($attributes[$a]) || !in_array($dnAttributes[$a],
$attributes[$a])) {
+ // Lowercase the attribute for comparison purposes
+ $lca = strtolower($a);
+
+ if(isset($lcattributes[$lca])) {
+ // Map back to the mixed case version
+ $mca = $lcattributes[$lca];
+
+ if(empty($attributes[$mca])
+ || !in_array($dnAttributes[$a], $attributes[$mca])) {
+ // Key isn't set, so store the value
+ $attributes[$a][] = $dnAttributes[$a];
+ }
+ } else {
+ // Key isn't set, so store the value
$attributes[$a][] = $dnAttributes[$a];
}
}
Modified:
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
===================================================================
---
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
2013-06-17 00:25:07 UTC (rev 540)
+++
registry/trunk/app/Plugin/LdapProvisioner/View/CoLdapProvisionerTargets/fields.inc
2013-06-17 00:26:41 UTC (rev 541)
@@ -37,9 +37,21 @@
}
}
}
+
+ // And set the DN attribute name if empty (we have to do it this way
since
+ // we're referencing an extended type and we won't know what the
default value is)
+
+
if(empty($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['dn_attribute_name']))
{
+ print "set_dn_attribute_name()";
+ }
?>
}
+ function set_dn_attribute_name() {
+ // Populate the DN attribute name field based on the current value of
the DN identifier type
+ document.getElementById('dnIdentifierName').value =
document.getElementById('dnIdentifierType').value;
+ }
+
function toggle_div(div) {
$("#" + div).toggle("slide", { "direction" : "up" });
}
@@ -147,6 +159,39 @@
</tr>
<tr class="line2">
<td>
+ <?php print _txt('pl.ldapprovisioner.dntype'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.dntype.desc'); ?></font>
+ </td>
+ <td>
+ <?php
+ $xval = "";
+
+
if(isset($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['dn_identifier_type']))
{
+ $xval =
$co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['dn_identifier_type'];
+ }
+
+ print ($e ? $this->Form->select('dn_identifier_type',
+ $identifier_types,
+ array('id' => 'dnIdentifierType',
+ 'value' => $xval,
+ 'empty' => false,
+ 'onchange' =>
'set_dn_attribute_name()'))
+ :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['dn_identifier_type']));
?>
+ </td>
+ </tr>
+ <tr class="line1">
+ <td>
+ <?php print _txt('pl.ldapprovisioner.dnattr'); ?><font
class="required">*</font><br />
+ <font class="desc"><?php print
_txt('pl.ldapprovisioner.dnattr.desc'); ?></font>
+ </td>
+ <td>
+ <?php print ($e ? $this->Form->input('dn_attribute_name',
+ array('id' =>
'dnIdentifierName'))
+ :
Sanitize::html($co_ldap_provisioner_targets[0]['CoLdapProvisionerTarget']['dn_attribute_name']));
?>
+ </td>
+ </tr>
+ <tr class="line2">
+ <td>
<?php print _txt('pl.ldapprovisioner.basedn'); ?><font
class="required">*</font><br />
<font class="desc"><?php print
_txt('pl.ldapprovisioner.basedn.desc'); ?></font>
</td>
- [comanage-dev] r541 - in registry/trunk/app/Plugin/LdapProvisioner: Config/Schema Lib Model View/CoLdapProvisionerTargets, svnlog, 06/16/2013
Archive powered by MHonArc 2.6.16.