Projects
Kolab:3.4
php-pear-Net-LDAP3
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 11
View file
php-pear-Net-LDAP3.spec
Changed
@@ -23,20 +23,20 @@ %else Name: php-Net-LDAP3 %endif -Version: 1.0.0 -Release: 2%{?dist} +Version: 1.0.1 +Release: 1%{?dist} Summary: Object oriented interface for searching and manipulating LDAP-entries Group: Development/Libraries License: LGPLv3 URL: http://kolab.org Source0: pear-Net-LDAP3-%{version}.tar.gz -Patch1: no-password-logging_fix-fatal-error.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch Requires: mozldap-tools >= 6.0.5 +Requires: php-ldap Requires: php-pear(Net_LDAP2) Provides: php-pear(%{pear_name}) = %{version}-%{release} @@ -46,8 +46,6 @@ %prep %setup -q -n pear-Net-LDAP3-%{version} -%patch1 -p1 - %build %install @@ -65,11 +63,15 @@ %dir %{_datadir}/%{php} %endif %dir %{_datadir}/%{php}/Net -%{_datadir}/%{php}/Net/LDAP3.php +%{_datadir}/%{php}/Net/LDAP3.php %dir %{_datadir}/%{php}/Net/LDAP3 %{_datadir}/%{php}/Net/LDAP3/Result.php %changelog +* Wed Sep 10 2014 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.0.1-1 +- New upstream release w/ Oracle DSEE aclRights support for + effectiveRights. + * Fri Aug 29 2014 Daniel Hoffend <dh@dotlan.net> - 1.0.0-2 - Fix PHP Fatal Error Call - Don't log ldap passwords
View file
debian.changelog
Changed
@@ -1,3 +1,10 @@ +php-net-ldap3 (1.0.1-0~kolab1) unstable; urgency=low + + * New upstream release w/ support for Oracle DSEE getEffectiveRights control + responses. + + -- Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Wed, 10 Sep 2014 15:27:46 +0100 + php-net-ldap3 (1.0.0-0~kolab3) unstable; urgency=low * Fixed PHP Fatal Error
View file
debian.control
Changed
@@ -9,7 +9,7 @@ Package: php-net-ldap3 Architecture: all -Depends: php-net-ldap2, ${misc:Depends} +Depends: php-net-ldap2, php-ldap, ${misc:Depends} Pre-Depends: php5 (>= 5.3) Description: Extended LDAP (v3) capabilities based on php-net-ldap2 and friends Supplies consuming applications with VLV/SSS and effectiveRights
View file
pear-Net-LDAP3-1.0.0.tar.gz/composer.json -> pear-Net-LDAP3-1.0.1.tar.gz/composer.json
Changed
@@ -2,7 +2,7 @@ "name": "kolab/Net_LDAP3", "description": "A successor of the PEAR:Net_LDAP2 module providing advanced functionality for accessing LDAP directories", "type": "library", - "version": "1.0.0", + "version": "1.0.1", "keywords": ["pear", "ldap", "vlv"], "homepage": "http://git.kolab.org/pear/Net_LDAP3/", "license": "GPL-3.0", @@ -36,4 +36,4 @@ "autoload": { "classmap": ["lib/"] } -} \ No newline at end of file +}
View file
pear-Net-LDAP3-1.0.0.tar.gz/lib/Net/LDAP3.php -> pear-Net-LDAP3-1.0.1.tar.gz/lib/Net/LDAP3.php
Changed
@@ -481,7 +481,7 @@ return true; } - $this->_debug("C: Bind [dn: $bind_dn] [pass: $bind_pw]"); + $this->_debug("C: Bind [dn: $bind_dn]"); if (@ldap_bind($this->conn, $bind_dn, $bind_pw)) { $this->_debug("S: OK"); @@ -689,15 +689,16 @@ 'entryLevelRights' => array(), ); - $output = array(); $entry_dn = $this->entry_dn($subject); if (!$entry_dn) { $entry_dn = $this->config_get($subject . "_base_dn"); } + if (!$entry_dn) { $entry_dn = $this->config_get("base_dn"); } + if (!$entry_dn) { $entry_dn = $this->config_get("root_dn"); } @@ -717,34 +718,73 @@ return null; } - $command = array( - $moz_ldapsearch, - '-x', - '-h', - $this->_ldap_server, - '-p', - $this->_ldap_port, - '-b', - escapeshellarg($entry_dn), - '-D', - escapeshellarg($this->_current_bind_dn), - '-w', - escapeshellarg($this->_current_bind_pw), - '-J', - escapeshellarg(implode(':', array( - $effective_rights_control_oid, // OID - 'true', // Criticality - 'dn:' . $this->_current_bind_dn // User DN - ))), - '-s', - 'base', - '"(objectclass=*)"', - '"*"', - ); + $output = array(); + $command = Array( + $moz_ldapsearch, + '-x', + '-h', + $this->_ldap_server, + '-p', + $this->_ldap_port, + '-b', + escapeshellarg($entry_dn), + '-s', + 'base', + '-D', + escapeshellarg($this->_current_bind_dn), + '-w', + escapeshellarg($this->_current_bind_pw) + ); - $command = implode(' ', $command); + if ($this->vendor_name() == "Oracle Corporation") { + // For Oracle DSEE + $command[] = "-J"; + $command[] = escapeshellarg( + implode( + ':', + Array( + $effective_rights_control_oid, // OID + 'true' // Criticality + ) + ) + ); + $command[] = "-c"; + $command[] = escapeshellarg( + 'dn:' . $this->_current_bind_dn + ); - $this->_debug("LDAP: Executing command: $command"); + } else { + // For 389 DS: + $command[] = "-J"; + $command[] = escapeshellarg( + implode( + ':', + Array( + $effective_rights_control_oid, // OID + 'true', // Criticality + 'dn:' . $this->_current_bind_dn // User DN + ) + ) + ); + } + + // For both + $command[] = '"(objectclass=*)"'; + $command[] = '"*"'; + + if ($this->vendor_name() == "Oracle Corporation") { + // Oracle DSEE + $command[] = 'aclRights'; + } + + // remove password from debug log + $command_debug = $command; + $command_debug[11] = '*'; + + $command = implode(' ', $command); + $command_debug = implode(' ', $command_debug); + + $this->_debug("LDAP: Executing command: $command_debug"); exec($command, $output, $return_code); @@ -766,24 +806,46 @@ } } - foreach ($lines as $line) { - $line_components = explode(':', $line); - $attribute_name = array_shift($line_components); - $attribute_value = trim(implode(':', $line_components)); - - switch ($attribute_name) { - case "attributeLevelRights": - $attributes[$attribute_name] = $this->parse_attribute_level_rights($attribute_value); - break; - case "dn": - $attributes[$attribute_name] = $attribute_value; - break; - case "entryLevelRights": - $attributes[$attribute_name] = $this->parse_entry_level_rights($attribute_value); - break; + if ($this->vendor_name() == "Oracle Corporation") { + // Example for attribute level rights: + // aclRights;attributeLevel;$attr:$right:$bool,$right:$bool + // Example for entry level rights: + // aclRights;entryLevel: add:1,delete:1,read:1,write:1,proxy:1 + foreach ($lines as $line) { + $line_components = explode(':', $line); + $attribute_name = explode(';', array_shift($line_components)); + + switch ($attribute_name[0]) { + case "aclRights": + $this->parse_aclrights($attributes, $line); + break; + case "dn": + $attributes[$attribute_name[0]] = trim(implode(';', $line_components)); + break; + default: + break; + } + } - default: - break; + } else { + foreach ($lines as $line) { + $line_components = explode(':', $line); + $attribute_name = array_shift($line_components); + $attribute_value = trim(implode(':', $line_components)); + + switch ($attribute_name) { + case "attributeLevelRights": + $attributes[$attribute_name] = $this->parse_attribute_level_rights($attribute_value); + break; + case "dn": + $attributes[$attribute_name] = $attribute_value; + break; + case "entryLevelRights": + $attributes[$attribute_name] = $this->parse_entry_level_rights($attribute_value); + break; + default: + break; + } } } @@ -987,7 +1049,9 @@ $result = $ldap->search($root_dn, '(objectclass=nsds5replicationagreement)', 'sub', array('nsds5replicahost')); if (!$result) { - $this->_debug("No replicas configured"); + $this->_debug("No replicas configured on $replica_host"); + $ldap->close(); + continue; } foreach ($result->entries(true) as $dn => $attrs) { @@ -1435,7 +1499,7 @@ $method = 'DIGEST-MD5'; } - $this->_debug("C: Bind [mech: $method, authc: $authc, authz: $authz] [pass: $pass]"); + $this->_debug("C: Bind [mech: $method, authc: $authc, authz: $authz]"); if (ldap_sasl_bind($this->conn, null, $pass, $method, null, $authc, $authz)) { $this->_debug("S: OK"); @@ -2226,6 +2290,45 @@ return true; } + private function parse_aclrights(&$attributes, $attribute_value) { + $components = explode(':', $rights); + $_acl_target = array_shift($components); + $_acl_value = trim(implode(':', $components)); + + $_acl_components = explode(';', $_acl_target); + + switch ($_acl_components[1]) { + case "entryLevel": + $attributes['entryLevelRights'] = Array(); + $_acl_value = explode(',', $_acl_value); + + foreach ($_acl_value as $right) { + list($method, $bool) = explode(':', $right); + if ($bool == "1" && !in_array($method, $attributes['entryLevelRights'])) { + $attributes['entryLevelRights'][] = $method; + } + } + + break; + + case "attributeLevel": + $attributes['attributeLevelRights'][$_acl_components[2]] = Array(); + $_acl_value = explode(',', $_acl_value); + + foreach ($_acl_value as $right) { + list($method, $bool) = explode(':', $right); + if ($bool == "1" && !in_array($method, $attributes['attributeLevelRights'][$_acl_components[2]])) { + $attributes['attributeLevelRights'][$_acl_components[2]][] = $method; + } + } + + break; + + default: + break; + } + } + private function parse_attribute_level_rights($attribute_value) { $attribute_value = str_replace(", ", ",", $attribute_value); @@ -2288,6 +2391,33 @@ return $control; } + private function vendor_name() + { + if (!empty($this->vendor_name)) { + return $this->vendor_name; + } + + $this->_info("Obtaining LDAP server vendor name"); + + if ($result = $this->search('', '(objectclass=*)', 'base', array('vendorname'))) { + $result = $result->entries(true); + $name = $result['']['vendorname']; + } + else { + $name = false; + } + + if ($name !== false) { + $this->_info("Vendor name is $name"); + } else { + $this->_info("No vendor name!"); + } + + $this->vendor = $name; + + return $name; + } + protected function _alert() { $this->__log(LOG_ALERT, func_get_args());
View file
pear-Net-LDAP3-1.0.0.tar.gz/lib/Net/LDAP3/Result.php -> pear-Net-LDAP3-1.0.1.tar.gz/lib/Net/LDAP3/Result.php
Changed
@@ -71,7 +71,7 @@ } /** - * + * Wrapper for ldap_sort() */ public function sort($attr) { @@ -79,18 +79,23 @@ } /** - * + * Get entries count */ public function count() { - if (!isset($this->count)) + if (!isset($this->count)) { $this->count = ldap_count_entries($this->conn, $this->result); + } return $this->count; } /** + * Wrapper for ldap_get_entries() * + * @param bool $normalize Optionally normalize the entries to a list of hash arrays + * + * @return array List of LDAP entries */ public function entries($normalize = false) { @@ -103,6 +108,14 @@ return $entries; } + /** + * Wrapper for ldap_get_dn() using the current entry pointer + */ + public function get_dn() + { + return $this->current ? ldap_get_dn($this->conn, $this->current) : null; + } + /*** Implement PHP 5 Iterator interface to make foreach work ***/
View file
php-net-ldap3.dsc
Changed
@@ -2,7 +2,7 @@ Source: php-net-ldap3 Binary: php-net-ldap3 Architecture: all -Version: 1.0.0-0~kolab3 +Version: 1.0.1-0~kolab1 Maintainer: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com> Homepage: http://kolab.org Standards-Version: 3.9.3 @@ -11,5 +11,5 @@ Package-List: php-net-ldap3 deb php optional Files: - 00000000000000000000000000000000 0 pear-Net-LDAP3-1.0.0.tar.gz + 00000000000000000000000000000000 0 pear-Net-LDAP3-1.0.1.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.