WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

support to read user name from uid and better password retrieval (patch by Pavel Pozdnyak)

This commit is contained in:
Roland Gruber 2011-02-19 13:53:14 +00:00
parent d630e1f9b0
commit d2a1c713c0
2 changed files with 72 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lam/HISTORY
View File

@ -1,4 +1,5 @@
April 2011 3.4.0 April 2011 3.4.0
- IMAP mailboxes: support to read user name from uid attribute
- Mail aliases: sort receipients (RFE 3170336) - Mail aliases: sort receipients (RFE 3170336)
- LAM Pro: - LAM Pro:
-> support automount entries -> support automount entries

97
lam/lib/modules/imapAccess.inc
View File

@ -3,8 +3,8 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2010 Pavel Pozdniak Copyright (C) 2010 - 2011 Pavel Pozdniak
2010 Roland Gruber 2010 - 2011 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -34,6 +34,7 @@ $Id$
* *
* @package modules * @package modules
* @author Pavel Pozdniak * @author Pavel Pozdniak
* @author Roland Gruber
*/ */
class imapAccess extends baseModule { class imapAccess extends baseModule {
@ -86,6 +87,9 @@ class imapAccess extends baseModule {
'ImapMailDomain' => array( 'ImapMailDomain' => array(
"Headline" => _("Mail domain(s)"), "Headline" => _("Mail domain(s)"),
"Text" => _("Please enter a comma separated list of domain names (e.g. \"company.com,example.com\"). LAM will only manage mailboxes from these domains.")), "Text" => _("Please enter a comma separated list of domain names (e.g. \"company.com,example.com\"). LAM will only manage mailboxes from these domains.")),
'ImapUserNameAttr' => array(
"Headline" => _("User name attribute"),
"Text" => _("Please choose the attribute to get the IMAP user name. The default is mail but you can also use uid.")),
'MailAddress' => array( 'MailAddress' => array(
"Headline" => _("Mailbox"), "Headline" => _("Mailbox"),
"Text" => _("This mailbox will be created/deleted.")) "Text" => _("This mailbox will be created/deleted."))
@ -109,6 +113,8 @@ class imapAccess extends baseModule {
$mailDomainsInput = new htmlTableExtendedInputField(_('Mail domain(s)'), 'ImapAccess_ImapDomain', '', 'ImapMailDomain'); $mailDomainsInput = new htmlTableExtendedInputField(_('Mail domain(s)'), 'ImapAccess_ImapDomain', '', 'ImapMailDomain');
$mailDomainsInput->setRequired(true); $mailDomainsInput->setRequired(true);
$configContainer->addElement($mailDomainsInput, true); $configContainer->addElement($mailDomainsInput, true);
$configUserName = new htmlTableExtendedSelect('ImapAccess_UserNameAttribute', array(_('mail') => 'mail', _('uid') => 'uid'), array('mail'), _("User name attribute"), 'ImapUserNameAttr');
$configContainer->addElement($configUserName);
$return['config_options']['all'] = $configContainer; $return['config_options']['all'] = $configContainer;
// configuration checks // configuration checks
$return['config_checks']['all']['ImapAccess_ImapServerAddress'] = array ( $return['config_checks']['all']['ImapAccess_ImapServerAddress'] = array (
@ -119,7 +125,7 @@ class imapAccess extends baseModule {
'error_message' => $this->messages['config'][0]); 'error_message' => $this->messages['config'][0]);
$return['config_checks']['all']['ImapAccess_ImapDomain'] = array ( $return['config_checks']['all']['ImapAccess_ImapDomain'] = array (
'type' => 'regex_i', 'type' => 'regex_i',
'regex' => '[a-z0-9\\._-]+(,[a-z0-9\\._-]+)*', 'regex' => '[\\*a-z0-9\\._-]+(,[a-z0-9\\._-]+)*',
'required' => true, 'required' => true,
'required_message' => $this->messages['config'][1], 'required_message' => $this->messages['config'][1],
'error_message' => $this->messages['config'][1]); 'error_message' => $this->messages['config'][1]);
@ -138,6 +144,7 @@ class imapAccess extends baseModule {
$this->messages['managemailbox'][3] = array('ERROR', _('Unable to locate mailbox on IMAP.')); $this->messages['managemailbox'][3] = array('ERROR', _('Unable to locate mailbox on IMAP.'));
$this->messages['managemailbox'][4] = array('ERROR', _('Your IMAP domain(s) and email address domain do not match.')); $this->messages['managemailbox'][4] = array('ERROR', _('Your IMAP domain(s) and email address domain do not match.'));
$this->messages['managemailbox'][5] = array('ERROR', _('Invalid password for IMAP admin or other problem occured.')); $this->messages['managemailbox'][5] = array('ERROR', _('Invalid password for IMAP admin or other problem occured.'));
$this->messages['managemailbox'][6] = array('WARN', _('Your LAM login password was not accepted by the IMAP server.'));
} }
/** /**
@ -150,15 +157,31 @@ class imapAccess extends baseModule {
$prefix = $this->getMailboxPrefix(); $prefix = $this->getMailboxPrefix();
$email = ''; $email = '';
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes(); $attrsPersonal = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
$email = $attrs['mail'][0]; $email = $attrsPersonal['mail'][0];
if ($email == '') { if ($email == '') {
$return->addElement(new htmlStatusMessage('INFO', _("Please enter an email address on this page: %s"), '', array($this->getAccountContainer()->getAccountModule('inetOrgPerson')->get_alias()))); $return->addElement(new htmlStatusMessage('INFO', _("Please enter an email address on this page: %s"), '', array($this->getAccountContainer()->getAccountModule('inetOrgPerson')->get_alias())));
return $return; return $return;
} }
$imap_admin_password = $this->getAdminPassword(); //Check for password for fall back mechanism $email_domain = substr(strstr($email, '@'), 1);
if ((strcasecmp($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0], "ask_pass") == 0 && !isset($_SESSION['imapAdmPass'])) || (!$imap_admin_password)) { // extract user name from email address
if (!isset($this->moduleSettings['ImapAccess_UserNameAttribute'][0]) || $this->moduleSettings['ImapAccess_UserNameAttribute'][0] == 'mail') {
$email_parts = explode('@', $email, 2);
$email_username = array_shift($email_parts);
}
// extract user name from Unix user name (might be in inetOrgPerson or posixAccount module)
else {
if ($this->getAccountContainer()->getAccountModule('posixAccount') != null) {
$attrsUnix = $this->getAccountContainer()->getAccountModule('posixAccount')->getAttributes();
$email_username = $attrsUnix['uid'][0];
}
else {
$email_username = $attrsPersonal['uid'][0];
}
}
$imap_admin_password = $this->getAdminPassword(); // check for password for fall back mechanism
if (!isset($_SESSION['imapAdmPass']) && !isset($imap_admin_password)) {
return $this->display_html_password(); return $this->display_html_password();
} }
@ -168,12 +191,11 @@ class imapAccess extends baseModule {
$imap_server_address = $this->getServerAddress(); $imap_server_address = $this->getServerAddress();
$imap_admin_user = $this->moduleSettings['ImapAccess_ImapAdmin'][0]; $imap_admin_user = $this->moduleSettings['ImapAccess_ImapAdmin'][0];
$imap_admin_password = $this->getAdminPassword(); $imap_admin_password = $this->getAdminPassword();
$mbox = imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN) or die("can't connect: " . imap_last_error()); $mbox = @imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN, 1);
if (!$mbox) {
return $this->display_html_password();
}
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
$email_domain = substr(strstr($email, '@'), 1);
$email_parts = explode('@', $email, 2);
$email_username = array_shift($email_parts);
$return->addElement(new htmlOutputText(_('Mailbox'))); $return->addElement(new htmlOutputText(_('Mailbox')));
$return->addElement(new htmlOutputText($prefix . "." . $email_username)); $return->addElement(new htmlOutputText($prefix . "." . $email_username));
$return->addElement(new htmlHelpLink('MailAddress'), true); $return->addElement(new htmlHelpLink('MailAddress'), true);
@ -213,6 +235,13 @@ class imapAccess extends baseModule {
*/ */
function display_html_password() { function display_html_password() {
$return = new htmlTable(); $return = new htmlTable();
if($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass"){
$message = $this->messages['managemailbox'][6];
$messageElement = new htmlStatusMessage($message[0], $message[1]);
$messageElement->colspan = 3;
$return->addElement($messageElement);
$return->addElement(new htmlSpacer(null, '10px'), true);
}
$passwordInput = new htmlTableExtendedInputField(_("Password of IMAP admin user"), 'ImapAdminPassword', '', 'ImapAdminPassword_Sess'); $passwordInput = new htmlTableExtendedInputField(_("Password of IMAP admin user"), 'ImapAdminPassword', '', 'ImapAdminPassword_Sess');
$passwordInput->setIsPassword(true); $passwordInput->setIsPassword(true);
$passwordInput->setRequired(true); $passwordInput->setRequired(true);
@ -241,15 +270,27 @@ class imapAccess extends baseModule {
$imap_admin_password = $this->getAdminPassword(); $imap_admin_password = $this->getAdminPassword();
if ($imap_admin_password) { if ($imap_admin_password) {
$mbox = @imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN); $mbox = @imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN, 1);
} }
if ($mbox) { if ($mbox) {
$attrs = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes(); $attrsPersonal = $this->getAccountContainer()->getAccountModule('inetOrgPerson')->getAttributes();
$email = $attrs['mail'][0]; $email = $attrsPersonal['mail'][0];
$email_domain = substr(strstr($email, '@'), 1); $email_domain = substr(strstr($email, '@'), 1);
// extract user name from email address
if (!isset($this->moduleSettings['ImapAccess_UserNameAttribute'][0]) || $this->moduleSettings['ImapAccess_UserNameAttribute'][0] == 'mail') {
$email_parts = explode('@', $email, 2); $email_parts = explode('@', $email, 2);
$email_username = array_shift($email_parts); $email_username = array_shift($email_parts);
}
// extract user name from Unix user name (might be in inetOrgPerson or posixAccount module)
else {
if ($this->getAccountContainer()->getAccountModule('posixAccount') != null) {
$attrsUnix = $this->getAccountContainer()->getAccountModule('posixAccount')->getAttributes();
$email_username = $attrsUnix['uid'][0];
}
else {
$email_username = $attrsPersonal['uid'][0];
}
}
if (isset($_POST['deleteMailbox'])) { if (isset($_POST['deleteMailbox'])) {
if ($this->isWrongDomain($email_domain)) { if ($this->isWrongDomain($email_domain)) {
@ -299,17 +340,15 @@ class imapAccess extends baseModule {
* @return String password * @return String password
*/ */
function getAdminPassword() { function getAdminPassword() {
$imap_admin_user = $this->moduleSettings['ImapAccess_ImapAdmin'][0];
//perform admin password //perform admin password
$imap_admin_password = null; //default value is null, it can be changed during the work $imap_admin_password = null; //default value is null, it can be changed during the work
if (isset($_SESSION['imapAdmPass'])) {
if (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) { $imap_admin_password = $_SESSION['ldap']->decrypt($_SESSION['imapAdmPass']);
}
elseif (isset($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0]) && ($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0] == "lam_user_pass")) {
$credentials = $_SESSION['ldap']->decrypt_login(); $credentials = $_SESSION['ldap']->decrypt_login();
$imap_admin_password = $credentials[1]; $imap_admin_password = $credentials[1];
} }
elseif (strcasecmp($this->moduleSettings['ImapAccess_ImapAdminPasswordSelect'][0], "ask_pass") == 0 && isset($_SESSION['imapAdmPass'])) {
$imap_admin_password = $_SESSION['ldap']->decrypt($_SESSION['imapAdmPass']);
}
return $imap_admin_password; return $imap_admin_password;
} }
@ -324,7 +363,7 @@ class imapAccess extends baseModule {
$imap_admin_user = $this->moduleSettings['ImapAccess_ImapAdmin'][0]; $imap_admin_user = $this->moduleSettings['ImapAccess_ImapAdmin'][0];
if (isset($_POST['ImapAdminPassword']) && $_POST['ImapAdminPassword'] != "") { if (isset($_POST['ImapAdminPassword']) && $_POST['ImapAdminPassword'] != "") {
$imap_admin_password = $_POST['ImapAdminPassword']; $imap_admin_password = $_POST['ImapAdminPassword'];
$mbox = @imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN); $mbox = @imap_open("{" . $imap_server_address . "}", $imap_admin_user, $imap_admin_password, OP_HALFOPEN, 1);
if ($mbox) { if ($mbox) {
$_SESSION['imapAdmPass'] = $_SESSION['ldap']->encrypt($_POST['ImapAdminPassword']); $_SESSION['imapAdmPass'] = $_SESSION['ldap']->encrypt($_POST['ImapAdminPassword']);
@imap_close($mbox); @imap_close($mbox);
@ -390,18 +429,20 @@ class imapAccess extends baseModule {
* @return boolean true if domains match * @return boolean true if domains match
*/ */
function isWrongDomain($email_domain) { function isWrongDomain($email_domain) {
$ret_result = true;
if (isset($this->moduleSettings['ImapAccess_ImapDomain'][0])) { if (isset($this->moduleSettings['ImapAccess_ImapDomain'][0])) {
$domain_list_string = $this->moduleSettings['ImapAccess_ImapDomain'][0]; $domain_list_string = $this->moduleSettings['ImapAccess_ImapDomain'][0];
if ($domain_list_string == '*') {
return false;
}
$domains_array = explode(",", $domain_list_string); $domains_array = explode(",", $domain_list_string);
if (in_array($email_domain, $domains_array)) { if ((sizeof($domains_array) == 0) || in_array($email_domain, $domains_array)) {
$ret_result = false; return false;
} }
} }
else { else {
$ret_result = false; return false;
} }
return $ret_result; return true;
} }
} }