added option if referrals should be followed
This commit is contained in:
parent
fe3463b77a
commit
14a619989e
|
@ -1,6 +1,7 @@
|
|||
March 2014 4.5
|
||||
- IMAP: allow dynamic admin user names by replacing wildcards with LDAP attributes
|
||||
- Personal: allow to set fields read-only
|
||||
- Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD)
|
||||
|
||||
18.12.2013 4.4
|
||||
- PyKota support: users, groups, printers, billing codes
|
||||
|
|
|
@ -713,6 +713,15 @@ Have fun!
|
|||
<section id="a_versUpgrade">
|
||||
<title>Version specific upgrade instructions</title>
|
||||
|
||||
<section>
|
||||
<title>4.4 -> 4.5</title>
|
||||
|
||||
<para>LAM will no longer follow referrals by default. This is ok for
|
||||
most installations. If you use LDAP referrals please activate
|
||||
referral following for your server profile (tab General settings
|
||||
-> Server settings -> Advanced options).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>4.3 -> 4.4</title>
|
||||
|
||||
|
@ -1234,6 +1243,10 @@ Have fun!
|
|||
linkend="a_accessLevelPasswordReset">this page</link> for details on
|
||||
the different access levels.</para>
|
||||
|
||||
<para>By default LAM will not follow LDAP referrals. This is ok for
|
||||
most installations. If you use LDAP referrals please activate the
|
||||
referral option in advanced settings.</para>
|
||||
|
||||
<screenshot>
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 25 KiB After Width: | Height: | Size: 30 KiB |
|
@ -82,6 +82,8 @@ $helpArray = array (
|
|||
_("dc=yourcompany,dc=com")),
|
||||
"204" => array ("Headline" => _("SSL certificate"),
|
||||
"Text" => _("This is only needed for TLS/SSL connections. By default, LAM will use the certificate authorities installed on your system. If you have a private CA in your company you can upload your CA certificates here and override the system certificates.")),
|
||||
"205" => array ("Headline" => _("Follow referrals"),
|
||||
"Text" => _("Specifies if LAM should automatically follow referrals. Activate if you use referrals in your LDAP directory.")),
|
||||
"206" => array ("Headline" => _("List attributes"),
|
||||
"Text" => _("This is the list of attributes to show in the account list. The entries can either be predefined values, \"#attribute\", or individual ones, \"attribute:description\". Several entries are separated by semicolons.") .
|
||||
"<br><br><br><big><b>" .
|
||||
|
|
|
@ -258,6 +258,9 @@ class LAMConfig {
|
|||
/** enables/disables TLS encryption */
|
||||
private $useTLS;
|
||||
|
||||
/** automatically follow referrals */
|
||||
private $followReferrals = 'false';
|
||||
|
||||
/** Array of string: users with admin rights */
|
||||
private $Admins;
|
||||
|
||||
|
@ -349,7 +352,7 @@ class LAMConfig {
|
|||
private $lamProMailText = '';
|
||||
|
||||
/** List of all settings in config file */
|
||||
private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix",
|
||||
private $settings = array("ServerURL", "useTLS", "followReferrals", "Passwd", "Admins", "treesuffix",
|
||||
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
|
||||
"modules", "activeTypes", "types", "tools", "accessLevel", 'loginMethod', 'loginSearchSuffix',
|
||||
'loginSearchFilter', 'searchLimit', 'lamProMailFrom', 'lamProMailReplyTo', 'lamProMailSubject',
|
||||
|
@ -516,6 +519,7 @@ class LAMConfig {
|
|||
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
|
||||
if (!in_array("ServerURL", $saved)) array_push($file_array, "\n\n# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)\n" . "serverURL: " . $this->ServerURL . "\n");
|
||||
if (!in_array("useTLS", $saved)) array_push($file_array, "\n\n# enable TLS encryption\n" . "useTLS: " . $this->useTLS . "\n");
|
||||
if (!in_array("followReferrals", $saved)) array_push($file_array, "\n\n# follow referrals\n" . "followReferrals: " . $this->followReferrals . "\n");
|
||||
if (!in_array("Passwd", $saved)) array_push($file_array, "\n\n# password to change these preferences via webfrontend\n" . "passwd: " . $this->Passwd . "\n");
|
||||
if (!in_array("Admins", $saved)) array_push($file_array, "\n\n# list of users who are allowed to use LDAP Account Manager\n" .
|
||||
"# names have to be seperated by semicolons\n" .
|
||||
|
@ -638,7 +642,7 @@ class LAMConfig {
|
|||
/**
|
||||
* Sets if TLS is activated.
|
||||
*
|
||||
* @param String yes or no
|
||||
* @param String $useTLS yes or no
|
||||
* @return boolean true if $useTLS has correct format
|
||||
*/
|
||||
public function setUseTLS($useTLS) {
|
||||
|
@ -649,6 +653,23 @@ class LAMConfig {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns if referrals should be followed.
|
||||
*
|
||||
* @return String true or false
|
||||
*/
|
||||
public function getFollowReferrals() {
|
||||
return $this->followReferrals;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets if referrals should be followed.
|
||||
*
|
||||
* @param String $followReferrals true or false
|
||||
*/
|
||||
public function setFollowReferrals($followReferrals) {
|
||||
$this->followReferrals = $followReferrals;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an array of string with all admin names
|
||||
|
|
|
@ -100,6 +100,9 @@ class Ldap{
|
|||
if ($this->server) {
|
||||
// use LDAPv3
|
||||
ldap_set_option($this->server, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
// referral following
|
||||
$followReferrals = ($this->conf->getFollowReferrals() === 'true') ? 1 : 0;
|
||||
ldap_set_option($this->server,LDAP_OPT_REFERRALS, $followReferrals);
|
||||
// start TLS if specified
|
||||
$useTLS = $this->conf->getUseTLS();
|
||||
if (isset($useTLS) && ($useTLS == "yes")) {
|
||||
|
|
|
@ -186,7 +186,9 @@ class myldap extends DS {
|
|||
/* Disabling this makes it possible to browse the tree for Active Directory, and seems
|
||||
* to not affect other LDAP servers (tested with OpenLDAP) as phpLDAPadmin explicitly
|
||||
* specifies deref behavior for each ldap_search operation. */
|
||||
ldap_set_option($resource,LDAP_OPT_REFERRALS,1);
|
||||
// TODO provide upstream patch if PLA gets active again
|
||||
$followReferrals = ($_SESSION['config']->getFollowReferrals() === 'true') ? 1 : 0;
|
||||
ldap_set_option($resource,LDAP_OPT_REFERRALS, $followReferrals);
|
||||
|
||||
# Try to fire up TLS is specified in the config
|
||||
if ($this->isTLSEnabled())
|
||||
|
|
|
@ -253,6 +253,7 @@ $searchLimitOptions = array(
|
|||
$limitSelect = new htmlTableExtendedSelect('searchLimit', $searchLimitOptions, array($conf->get_searchLimit()), _("LDAP search limit"), '222');
|
||||
$limitSelect->setHasDescriptiveElements(true);
|
||||
$serverSettingsContent->addElement($limitSelect, true);
|
||||
|
||||
// access level is only visible in Pro version
|
||||
if (isLAMProVersion()) {
|
||||
$accessOptions = array(
|
||||
|
@ -265,6 +266,17 @@ if (isLAMProVersion()) {
|
|||
$serverSettingsContent->addElement($accessSelect, true);
|
||||
}
|
||||
|
||||
// advanced options
|
||||
$advancedOptionsContent = new htmlTable();
|
||||
// referrals
|
||||
$followReferrals = ($conf->getFollowReferrals() === 'true');
|
||||
$advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('followReferrals',$followReferrals , _('Follow referrals'), '205'), true);
|
||||
|
||||
// build advanced options box
|
||||
$advancedOptions = new htmlAccordion('advancedOptions_server', array(_('Advanced options') => $advancedOptionsContent), false);
|
||||
$advancedOptions->colspan = 15;
|
||||
$serverSettingsContent->addElement($advancedOptions, true);
|
||||
|
||||
$serverSettings = new htmlFieldset($serverSettingsContent, _("Server settings"), '../../graphics/profiles.png');
|
||||
$container->addElement($serverSettings, true);
|
||||
$container->addElement(new htmlSpacer(null, '10px'), true);
|
||||
|
@ -486,6 +498,12 @@ function checkInput() {
|
|||
if ((strpos($_POST['serverurl'], 'ldaps://') !== false) && ($_POST['useTLS'] == 'yes')) {
|
||||
$errors[] = array("ERROR", _('You cannot use SSL and TLS encryption at the same time. Please use either "ldaps://" or TLS.'));
|
||||
}
|
||||
if (isset($_POST['followReferrals']) && ($_POST['followReferrals'] == 'on')) {
|
||||
$conf->setFollowReferrals('true');
|
||||
}
|
||||
else {
|
||||
$conf->setFollowReferrals('false');
|
||||
}
|
||||
/* if (!$conf->set_cacheTimeout($_POST['cachetimeout'])) {
|
||||
$errors[] = array("ERROR", _("Cache timeout is invalid!"));
|
||||
}*/
|
||||
|
|
Loading…
Reference in New Issue