From bfa22c6aa334c3974a36e7afa8036f807a053fbb Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 26 Jul 2020 21:28:28 +0200 Subject: [PATCH] allow to hide a part of the DN in display --- lam/HISTORY | 1 + lam/help/help.inc | 2 ++ lam/lib/account.inc | 4 ++++ lam/lib/config.inc | 25 ++++++++++++++++++++++++- lam/templates/config/confmain.php | 4 ++++ lam/tests/lib/LAMConfigTest.php | 11 +++++++++++ 6 files changed, 46 insertions(+), 1 deletion(-) diff --git a/lam/HISTORY b/lam/HISTORY index ce5e0128..47dbd86a 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -1,6 +1,7 @@ September 2020 - PHP 7.4 compatibility - Configuration export and import + - Server profiles support to specify a part of the DN to hide - Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2) - Better error messages on login when account is expired/deactivated/... - Personal/Windows: photo can be uploaded via webcam diff --git a/lam/help/help.inc b/lam/help/help.inc index 955cad60..44b7efd0 100644 --- a/lam/help/help.inc +++ b/lam/help/help.inc @@ -245,6 +245,8 @@ $helpArray = array ( "Text" => _('This email address will be set as TO address for the mails.')), "291" => array ("Headline" => _('Hide password prompt for expired password'), "Text" => _('Hides the password prompt when a user with expired password logs into LAM.')), + "292" => array ("Headline" => _('DN part to hide'), + "Text" => _('Hides the given part of the DN when displaying a DN. E.g. if you set this to "dc=example,dc=com" then "ou=department,dc=example,dc=com" will be displayed as "ou=department". Use this if you have very long DNs.')), // 300 - 399 // profile editor, file upload "301" => array ("Headline" => _("RDN identifier"), diff --git a/lam/lib/account.inc b/lam/lib/account.inc index e5952431..0fba46b0 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -1069,6 +1069,10 @@ function getAbstractDN($dn) { return ''; } $dn = str_replace('\\,', '\\2C', $dn); + if (!empty($_SESSION['config']) && !empty($_SESSION['config']->getHideDnPart())) { + $partToCut = ',' . $_SESSION['config']->getHideDnPart(); + $dn = str_replace($partToCut, '', $dn); + } $parts = explode(',', $dn); for ($i = 0; $i < sizeof($parts); $i++) { $subparts = explode('=', $parts[$i]); diff --git a/lam/lib/config.inc b/lam/lib/config.inc index b674d828..3947b25f 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -617,6 +617,8 @@ class LAMConfig { private $twoFactorAuthenticationCaption = ''; private $twoFactorAuthenticationAttribute = ''; + private $hideDnPart = ''; + /** List of all settings in config file */ private $settings = array("ServerURL", "useTLS", "followReferrals", 'pagedResults', "Passwd", "Admins", "treesuffix", "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", 'serverDisplayName', @@ -630,7 +632,7 @@ class LAMConfig { 'twoFactorAuthenticationInsecure', 'twoFactorAuthenticationLabel', 'twoFactorAuthenticationOptional', 'twoFactorAuthenticationCaption', 'twoFactorAuthenticationClientId', 'twoFactorAuthenticationSecretKey', 'twoFactorAuthenticationDomain', 'twoFactorAuthenticationAttribute', 'referentialIntegrityOverlay', - 'hidePasswordPromptForExpiredPasswords' + 'hidePasswordPromptForExpiredPasswords', 'hideDnPart' ); @@ -1093,6 +1095,9 @@ class LAMConfig { if (!in_array("twoFactorAuthenticationAttribute", $saved)) { array_push($file_array, "\n" . "twoFactorAuthenticationAttribute: " . $this->twoFactorAuthenticationAttribute . "\n"); } + if (!in_array("hideDnPart", $saved)) { + array_push($file_array, "\n" . "hideDnPart: " . $this->hideDnPart . "\n"); + } // check if all module settings were added $m_settings = array_keys($this->moduleSettings); for ($i = 0; $i < sizeof($m_settings); $i++) { @@ -2647,6 +2652,24 @@ class LAMConfig { $this->twoFactorAuthenticationAttribute = $twoFactorAuthenticationAttribute; } + /** + * Returns the DN part to hide. + * + * @return string DN part + */ + public function getHideDnPart() { + return $this->hideDnPart; + } + + /** + * Sets the DN part to hide. + * + * @param string $hideDnPart DN part + */ + public function setHideDnPart($hideDnPart) { + $this->hideDnPart = $hideDnPart; + } + } diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index 42f87817..d6e4ee88 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -208,6 +208,9 @@ $searchLimitOptions = array( $limitSelect = new htmlResponsiveSelect('searchLimit', $searchLimitOptions, array($conf->get_searchLimit()), _("LDAP search limit"), '222'); $limitSelect->setHasDescriptiveElements(true); $row->add($limitSelect, 12); +// DN part to hide +$urlInput = new htmlResponsiveInputField(_("DN part to hide"), 'hideDnPart', $conf->getHideDnPart(), '292'); +$row->add($urlInput, 12); // access level is only visible in Pro version if (isLAMProVersion()) { @@ -602,6 +605,7 @@ function checkInput() { $errors[] = array("ERROR", _("Cache timeout is invalid!")); }*/ $conf->set_searchLimit($_POST['searchLimit']); + $conf->setHideDnPart($_POST['hideDnPart']); if (isLAMProVersion()) { $conf->setAccessLevel($_POST['accessLevel']); if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) { diff --git a/lam/tests/lib/LAMConfigTest.php b/lam/tests/lib/LAMConfigTest.php index 44bf6ae4..702c58b6 100644 --- a/lam/tests/lib/LAMConfigTest.php +++ b/lam/tests/lib/LAMConfigTest.php @@ -645,6 +645,17 @@ class LAMConfigTest extends TestCase { $this->assertEquals($val, $this->lAMConfig->getTwoFactorAuthenticationAttribute()); } + /** + * Tests LAMConfig->getHideDnPart() and LAMConfig->setHideDnPart() + */ + public function testHideDnPart() { + $val = 'dc=example,dc=com'; + $this->lAMConfig->setHideDnPart($val); + $this->assertEquals($val, $this->lAMConfig->getHideDnPart()); + $this->doSave(); + $this->assertEquals($val, $this->lAMConfig->getHideDnPart()); + } + /** * Tests LAMConfig->getLamProMailFrom() and LAMConfig->setLamProMailFrom() */