allow to hide a part of the DN in display

3 years ago · bfa22c6aa3
parent 09989ee804
commit bfa22c6aa3
6 changed files with 46 additions and 1 deletions
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -1,6 +1,7 @@
 September 2020
  - PHP 7.4 compatibility
  - Configuration export and import
+  - Server profiles support to specify a part of the DN to hide
  - Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
  - Better error messages on login when account is expired/deactivated/...
  - Personal/Windows: photo can be uploaded via webcam
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@ -245,6 +245,8 @@ $helpArray = array (
 					"Text" => _('This email address will be set as TO address for the mails.')),
 				"291" => array ("Headline" => _('Hide password prompt for expired password'),
 					"Text" => _('Hides the password prompt when a user with expired password logs into LAM.')),
+				"292" => array ("Headline" => _('DN part to hide'),
+					"Text" => _('Hides the given part of the DN when displaying a DN. E.g. if you set this to "dc=example,dc=com" then "ou=department,dc=example,dc=com" will be displayed as "ou=department". Use this if you have very long DNs.')),
 				// 300 - 399
 				// profile editor, file upload
 				"301" => array ("Headline" => _("RDN identifier"),
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@ -1069,6 +1069,10 @@ function getAbstractDN($dn) {
 		return '';
 	}
 	$dn = str_replace('\\,', '\\2C', $dn);
+	if (!empty($_SESSION['config']) && !empty($_SESSION['config']->getHideDnPart())) {
+		$partToCut = ',' . $_SESSION['config']->getHideDnPart();
+		$dn = str_replace($partToCut, '', $dn);
+	}
 	$parts = explode(',', $dn);
 	for ($i = 0; $i < sizeof($parts); $i++) {
 		$subparts = explode('=', $parts[$i]);
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@ -617,6 +617,8 @@ class LAMConfig {
 	private $twoFactorAuthenticationCaption = '';
 	private $twoFactorAuthenticationAttribute = '';

+	private $hideDnPart = '';
+
 	/** List of all settings in config file */
 	private $settings = array("ServerURL", "useTLS", "followReferrals", 'pagedResults', "Passwd", "Admins", "treesuffix",
 		"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", 'serverDisplayName',
@ -630,7 +632,7 @@ class LAMConfig {
 		'twoFactorAuthenticationInsecure', 'twoFactorAuthenticationLabel', 'twoFactorAuthenticationOptional',
 		'twoFactorAuthenticationCaption', 'twoFactorAuthenticationClientId', 'twoFactorAuthenticationSecretKey',
 		'twoFactorAuthenticationDomain', 'twoFactorAuthenticationAttribute', 'referentialIntegrityOverlay',
-		'hidePasswordPromptForExpiredPasswords'
+		'hidePasswordPromptForExpiredPasswords', 'hideDnPart'
 	);


@ -1093,6 +1095,9 @@ class LAMConfig {
 			if (!in_array("twoFactorAuthenticationAttribute", $saved)) {
 				array_push($file_array, "\n" . "twoFactorAuthenticationAttribute: " . $this->twoFactorAuthenticationAttribute . "\n");
 			}
+			if (!in_array("hideDnPart", $saved)) {
+				array_push($file_array, "\n" . "hideDnPart: " . $this->hideDnPart . "\n");
+			}
 			// check if all module settings were added
 			$m_settings = array_keys($this->moduleSettings);
 			for ($i = 0; $i < sizeof($m_settings); $i++) {
@ -2647,6 +2652,24 @@ class LAMConfig {
 		$this->twoFactorAuthenticationAttribute = $twoFactorAuthenticationAttribute;
 	}

+	/**
+	 * Returns the DN part to hide.
+	 *
+	 * @return string DN part
+	 */
+	public function getHideDnPart() {
+		return $this->hideDnPart;
+	}
+
+	/**
+	 * Sets the DN part to hide.
+	 *
+	 * @param string $hideDnPart DN part
+	 */
+	public function setHideDnPart($hideDnPart) {
+		$this->hideDnPart = $hideDnPart;
+	}
+
 }


--- a/lam/templates/config/confmain.php
+++ b/lam/templates/config/confmain.php
@ -208,6 +208,9 @@ $searchLimitOptions = array(
 $limitSelect = new htmlResponsiveSelect('searchLimit', $searchLimitOptions, array($conf->get_searchLimit()), _("LDAP search limit"), '222');
 $limitSelect->setHasDescriptiveElements(true);
 $row->add($limitSelect, 12);
+// DN part to hide
+$urlInput = new htmlResponsiveInputField(_("DN part to hide"), 'hideDnPart', $conf->getHideDnPart(), '292');
+$row->add($urlInput, 12);

 // access level is only visible in Pro version
 if (isLAMProVersion()) {
@ -602,6 +605,7 @@ function checkInput() {
 			$errors[] = array("ERROR", _("Cache timeout is invalid!"));
 		}*/
 	$conf->set_searchLimit($_POST['searchLimit']);
+	$conf->setHideDnPart($_POST['hideDnPart']);
 	if (isLAMProVersion()) {
 		$conf->setAccessLevel($_POST['accessLevel']);
 		if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) {
--- a/lam/tests/lib/LAMConfigTest.php
+++ b/lam/tests/lib/LAMConfigTest.php
@ -645,6 +645,17 @@ class LAMConfigTest extends TestCase {
 		$this->assertEquals($val, $this->lAMConfig->getTwoFactorAuthenticationAttribute());
 	}

+	/**
+	 * Tests LAMConfig->getHideDnPart() and LAMConfig->setHideDnPart()
+	 */
+	public function testHideDnPart() {
+		$val = 'dc=example,dc=com';
+		$this->lAMConfig->setHideDnPart($val);
+		$this->assertEquals($val, $this->lAMConfig->getHideDnPart());
+		$this->doSave();
+		$this->assertEquals($val, $this->lAMConfig->getHideDnPart());
+	}
+
 	/**
 	 * Tests LAMConfig->getLamProMailFrom() and LAMConfig->setLamProMailFrom()
 	 */