allow to hide a part of the DN in display

This commit is contained in:
Roland Gruber 2020-07-26 21:28:28 +02:00
parent 09989ee804
commit bfa22c6aa3
6 changed files with 46 additions and 1 deletions

View File

@ -1,6 +1,7 @@
September 2020 September 2020
- PHP 7.4 compatibility - PHP 7.4 compatibility
- Configuration export and import - Configuration export and import
- Server profiles support to specify a part of the DN to hide
- Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2) - Show password prompt when a user with expired password logs into LAM admin interface (requires PHP 7.2)
- Better error messages on login when account is expired/deactivated/... - Better error messages on login when account is expired/deactivated/...
- Personal/Windows: photo can be uploaded via webcam - Personal/Windows: photo can be uploaded via webcam

View File

@ -245,6 +245,8 @@ $helpArray = array (
"Text" => _('This email address will be set as TO address for the mails.')), "Text" => _('This email address will be set as TO address for the mails.')),
"291" => array ("Headline" => _('Hide password prompt for expired password'), "291" => array ("Headline" => _('Hide password prompt for expired password'),
"Text" => _('Hides the password prompt when a user with expired password logs into LAM.')), "Text" => _('Hides the password prompt when a user with expired password logs into LAM.')),
"292" => array ("Headline" => _('DN part to hide'),
"Text" => _('Hides the given part of the DN when displaying a DN. E.g. if you set this to "dc=example,dc=com" then "ou=department,dc=example,dc=com" will be displayed as "ou=department". Use this if you have very long DNs.')),
// 300 - 399 // 300 - 399
// profile editor, file upload // profile editor, file upload
"301" => array ("Headline" => _("RDN identifier"), "301" => array ("Headline" => _("RDN identifier"),

View File

@ -1069,6 +1069,10 @@ function getAbstractDN($dn) {
return ''; return '';
} }
$dn = str_replace('\\,', '\\2C', $dn); $dn = str_replace('\\,', '\\2C', $dn);
if (!empty($_SESSION['config']) && !empty($_SESSION['config']->getHideDnPart())) {
$partToCut = ',' . $_SESSION['config']->getHideDnPart();
$dn = str_replace($partToCut, '', $dn);
}
$parts = explode(',', $dn); $parts = explode(',', $dn);
for ($i = 0; $i < sizeof($parts); $i++) { for ($i = 0; $i < sizeof($parts); $i++) {
$subparts = explode('=', $parts[$i]); $subparts = explode('=', $parts[$i]);

View File

@ -617,6 +617,8 @@ class LAMConfig {
private $twoFactorAuthenticationCaption = ''; private $twoFactorAuthenticationCaption = '';
private $twoFactorAuthenticationAttribute = ''; private $twoFactorAuthenticationAttribute = '';
private $hideDnPart = '';
/** List of all settings in config file */ /** List of all settings in config file */
private $settings = array("ServerURL", "useTLS", "followReferrals", 'pagedResults', "Passwd", "Admins", "treesuffix", private $settings = array("ServerURL", "useTLS", "followReferrals", 'pagedResults', "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", 'serverDisplayName', "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", 'serverDisplayName',
@ -630,7 +632,7 @@ class LAMConfig {
'twoFactorAuthenticationInsecure', 'twoFactorAuthenticationLabel', 'twoFactorAuthenticationOptional', 'twoFactorAuthenticationInsecure', 'twoFactorAuthenticationLabel', 'twoFactorAuthenticationOptional',
'twoFactorAuthenticationCaption', 'twoFactorAuthenticationClientId', 'twoFactorAuthenticationSecretKey', 'twoFactorAuthenticationCaption', 'twoFactorAuthenticationClientId', 'twoFactorAuthenticationSecretKey',
'twoFactorAuthenticationDomain', 'twoFactorAuthenticationAttribute', 'referentialIntegrityOverlay', 'twoFactorAuthenticationDomain', 'twoFactorAuthenticationAttribute', 'referentialIntegrityOverlay',
'hidePasswordPromptForExpiredPasswords' 'hidePasswordPromptForExpiredPasswords', 'hideDnPart'
); );
@ -1093,6 +1095,9 @@ class LAMConfig {
if (!in_array("twoFactorAuthenticationAttribute", $saved)) { if (!in_array("twoFactorAuthenticationAttribute", $saved)) {
array_push($file_array, "\n" . "twoFactorAuthenticationAttribute: " . $this->twoFactorAuthenticationAttribute . "\n"); array_push($file_array, "\n" . "twoFactorAuthenticationAttribute: " . $this->twoFactorAuthenticationAttribute . "\n");
} }
if (!in_array("hideDnPart", $saved)) {
array_push($file_array, "\n" . "hideDnPart: " . $this->hideDnPart . "\n");
}
// check if all module settings were added // check if all module settings were added
$m_settings = array_keys($this->moduleSettings); $m_settings = array_keys($this->moduleSettings);
for ($i = 0; $i < sizeof($m_settings); $i++) { for ($i = 0; $i < sizeof($m_settings); $i++) {
@ -2647,6 +2652,24 @@ class LAMConfig {
$this->twoFactorAuthenticationAttribute = $twoFactorAuthenticationAttribute; $this->twoFactorAuthenticationAttribute = $twoFactorAuthenticationAttribute;
} }
/**
* Returns the DN part to hide.
*
* @return string DN part
*/
public function getHideDnPart() {
return $this->hideDnPart;
}
/**
* Sets the DN part to hide.
*
* @param string $hideDnPart DN part
*/
public function setHideDnPart($hideDnPart) {
$this->hideDnPart = $hideDnPart;
}
} }

View File

@ -208,6 +208,9 @@ $searchLimitOptions = array(
$limitSelect = new htmlResponsiveSelect('searchLimit', $searchLimitOptions, array($conf->get_searchLimit()), _("LDAP search limit"), '222'); $limitSelect = new htmlResponsiveSelect('searchLimit', $searchLimitOptions, array($conf->get_searchLimit()), _("LDAP search limit"), '222');
$limitSelect->setHasDescriptiveElements(true); $limitSelect->setHasDescriptiveElements(true);
$row->add($limitSelect, 12); $row->add($limitSelect, 12);
// DN part to hide
$urlInput = new htmlResponsiveInputField(_("DN part to hide"), 'hideDnPart', $conf->getHideDnPart(), '292');
$row->add($urlInput, 12);
// access level is only visible in Pro version // access level is only visible in Pro version
if (isLAMProVersion()) { if (isLAMProVersion()) {
@ -602,6 +605,7 @@ function checkInput() {
$errors[] = array("ERROR", _("Cache timeout is invalid!")); $errors[] = array("ERROR", _("Cache timeout is invalid!"));
}*/ }*/
$conf->set_searchLimit($_POST['searchLimit']); $conf->set_searchLimit($_POST['searchLimit']);
$conf->setHideDnPart($_POST['hideDnPart']);
if (isLAMProVersion()) { if (isLAMProVersion()) {
$conf->setAccessLevel($_POST['accessLevel']); $conf->setAccessLevel($_POST['accessLevel']);
if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) { if (isset($_POST['pwdResetAllowSpecificPassword']) && ($_POST['pwdResetAllowSpecificPassword'] == 'on')) {

View File

@ -645,6 +645,17 @@ class LAMConfigTest extends TestCase {
$this->assertEquals($val, $this->lAMConfig->getTwoFactorAuthenticationAttribute()); $this->assertEquals($val, $this->lAMConfig->getTwoFactorAuthenticationAttribute());
} }
/**
* Tests LAMConfig->getHideDnPart() and LAMConfig->setHideDnPart()
*/
public function testHideDnPart() {
$val = 'dc=example,dc=com';
$this->lAMConfig->setHideDnPart($val);
$this->assertEquals($val, $this->lAMConfig->getHideDnPart());
$this->doSave();
$this->assertEquals($val, $this->lAMConfig->getHideDnPart());
}
/** /**
* Tests LAMConfig->getLamProMailFrom() and LAMConfig->setLamProMailFrom() * Tests LAMConfig->getLamProMailFrom() and LAMConfig->setLamProMailFrom()
*/ */