From d1e08fc9058188f4a6f2580d304592e2c92aae85 Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 15 Apr 2011 15:55:38 +0000 Subject: [PATCH] Replace LDAP vars in group queries (#1487837) --- CHANGELOG | 1 + config/main.inc.php.dist | 11 +++++--- program/include/rcube_ldap.php | 46 +++++++++++++++++++++++----------- 3 files changed, 41 insertions(+), 17 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index d2d394655..4f3e717b9 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Replace LDAP vars in group queries (#1487837) - Fix vcard folding with uncode characters (#1487868) - Keep all submitted data if contact form validation fails (#1487865) - Handle uncode strings in rcube_addressbook::normalize_string() (#1487866) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index cdec12715..9db039d9b 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -512,14 +512,19 @@ $rcmail_config['ldap_public']['Verisign'] = array( ), 'sort' => 'cn', // The field to sort the listing by. 'scope' => 'sub', // search mode: sub|base|list - 'filter' => '', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act 'fuzzy_search' => true, // server allows wildcard search 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. - // definition for groups, set to false if no groups are supported + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in thist case, assure that groups and contacts are seperated due to the concernig filters! 'groups' => array( - 'base_dn' => 'ou=groups,ou=rcabook,dc=localhost', + 'base_dn' => '', 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), ), ); */ diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index a20d12318..91e013915 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -49,6 +49,8 @@ class rcube_ldap extends rcube_addressbook protected $mail_domain = ''; protected $debug = false; + private $base_dn = ''; + private $groups_base_dn = ''; private $group_cache = array(); private $group_members = array(); @@ -66,7 +68,7 @@ class rcube_ldap extends rcube_addressbook $this->prop = $p; // check if groups are configured - if (is_array($p['groups'])) + if (is_array($p['groups']) and count($p['groups'])) $this->groups = true; // fieldmap property is given @@ -202,7 +204,7 @@ class rcube_ldap extends rcube_addressbook } // Replace the bind_dn and base_dn variables. $bind_dn = strtr($bind_dn, $replaces); - $base_dn = strtr($base_dn, $replaces); + $this->base_dn = strtr($base_dn, $replaces); if (empty($bind_user)) { $bind_user = $u; @@ -644,7 +646,7 @@ class rcube_ldap extends rcube_addressbook } // Build the new entries DN. - $dn = $this->prop['LDAP_rdn'].'='.$this->_quote_string($newentry[$this->prop['LDAP_rdn']], true).','.$this->prop['base_dn']; + $dn = $this->prop['LDAP_rdn'].'='.$this->_quote_string($newentry[$this->prop['LDAP_rdn']], true).','.$this->base_dn; $this->_debug("C: Add [dn: $dn]: ".print_r($newentry, true)); @@ -728,7 +730,7 @@ class rcube_ldap extends rcube_addressbook if ($replacedata[$this->prop['LDAP_rdn']]) { $newdn = $this->prop['LDAP_rdn'].'=' .$this->_quote_string($replacedata[$this->prop['LDAP_rdn']], true) - .','.$this->prop['base_dn']; + .','.$this->base_dn; if ($dn != $newdn) { $newrdn = $this->prop['LDAP_rdn'].'=' .$this->_quote_string($replacedata[$this->prop['LDAP_rdn']], true); @@ -837,7 +839,7 @@ class rcube_ldap extends rcube_addressbook $this->_debug("C: Search [".$filter."]"); - if ($this->ldap_result = @$function($this->conn, $this->prop['base_dn'], $filter, + if ($this->ldap_result = @$function($this->conn, $this->base_dn, $filter, array_values($this->fieldmap), 0, (int) $this->prop['sizelimit'], (int) $this->prop['timelimit'])) { $this->_debug("S: ".ldap_count_entries($this->conn, $this->ldap_result)." record(s)"); @@ -972,11 +974,27 @@ class rcube_ldap extends rcube_addressbook */ function list_groups($search = null) { + global $RCMAIL; + if (!$this->groups) return array(); - $base_dn = $this->prop['groups']['base_dn']; - $filter = '(objectClass=groupOfNames)'; + $this->groups_base_dn = ($this->prop['groups']['base_dn']) ? + $this->prop['groups']['base_dn'] : $this->base_dn; + + // replace user specific dn + if ($this->prop['user_specific']) + { + $fu = $RCMAIL->user->get_username(); + list($u, $d) = explode('@', $fu); + $dc = 'dc='.strtr($d, array('.' => ',dc=')); + $replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); + + $this->groups_base_dn = strtr($this->groups_base_dn, $replaces);; + } + + $base_dn = $this->groups_base_dn; + $filter = $this->prop['groups']['filter']; $res = ldap_search($this->conn, $base_dn, $filter, array('cn','member')); if ($res === false) @@ -1015,12 +1033,12 @@ class rcube_ldap extends rcube_addressbook if (!$this->group_cache) $this->list_groups(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $new_dn = "cn=$group_name,$base_dn"; $new_gid = base64_encode($group_name); $new_entry = array( - 'objectClass' => array('top', 'groupOfNames'), + 'objectClass' => $this->prop['groups']['object_classes'], 'cn' => $group_name, 'member' => '', ); @@ -1046,7 +1064,7 @@ class rcube_ldap extends rcube_addressbook if (!$this->group_cache) $this->list_groups(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $group_name = $this->group_cache[$group_id]['name']; $del_dn = "cn=$group_name,$base_dn"; @@ -1073,7 +1091,7 @@ class rcube_ldap extends rcube_addressbook if (!$this->group_cache) $this->list_groups(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $group_name = $this->group_cache[$group_id]['name']; $old_dn = "cn=$group_name,$base_dn"; $new_rdn = "cn=$new_name"; @@ -1101,7 +1119,7 @@ class rcube_ldap extends rcube_addressbook if (!$this->group_cache) $this->list_groups(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $group_name = $this->group_cache[$group_id]['name']; $group_dn = "cn=$group_name,$base_dn"; @@ -1131,7 +1149,7 @@ class rcube_ldap extends rcube_addressbook if (!$this->group_cache) $this->list_groups(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $group_name = $this->group_cache[$group_id]['name']; $group_dn = "cn=$group_name,$base_dn"; @@ -1162,7 +1180,7 @@ class rcube_ldap extends rcube_addressbook if (!$this->groups) return array(); - $base_dn = $this->prop['groups']['base_dn']; + $base_dn = $this->groups_base_dn; $contact_dn = base64_decode($contact_id); $filter = "(member=$contact_dn)";