See ChangeLog
Monotone-Parent: 535292a4d5c9f53624dcaabc419821b5755e9ccc Monotone-Revision: c35e5e0bbfa47c91a6b8c9b68bf31ca78ee421fc Monotone-Author: ludovic@Sophos.ca Monotone-Date: 2010-12-14T18:08:36 Monotone-Branch: ca.inverse.sogomaint-2.0.2
parent
ba45f18cfe
commit
2c246f3e7a
|
@ -1,3 +1,10 @@
|
|||
2010-12-14 Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
|
||||
* Implemented the "bindAsCurrentUser" feature (when
|
||||
set to the LDAP SOGoUserSources, to YES) which forces
|
||||
SOGo to use the DN of the currently "requesting" user
|
||||
to perform all LDAP-related operations
|
||||
|
||||
2010-12-13 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
|
||||
* OpenChange/EOQualifier+MAPIFS.[hm]: new category module for
|
||||
|
|
Binary file not shown.
|
@ -1,14 +1,15 @@
|
|||
/*
|
||||
Copyright (C) 2005-2010 Inverse inc.
|
||||
Copyright (C) 2004-2005 SKYRIX Software AG
|
||||
|
||||
This file is part of OpenGroupware.org.
|
||||
This file is part of SOGo.
|
||||
|
||||
OGo is free software; you can redistribute it and/or modify it under
|
||||
SOGo is free software; you can redistribute it and/or modify it under
|
||||
the terms of the GNU Lesser General Public License as published by the
|
||||
Free Software Foundation; either version 2, or (at your option) any
|
||||
later version.
|
||||
|
||||
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
||||
License for more details.
|
||||
|
@ -38,7 +39,6 @@
|
|||
|
||||
- (NSDictionary *) currentLocaleConsideringLanguages:(NSArray *)_langs;
|
||||
- (NSDictionary *) localeForLanguageNamed:(NSString *)_name;
|
||||
|
||||
- (NSString *) davURLAsString;
|
||||
|
||||
@end
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
* Copyright (C) 2007-2010 Inverse inc.
|
||||
*
|
||||
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
* Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
*
|
||||
* This file is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -54,6 +55,7 @@
|
|||
NSArray *mailFields;
|
||||
NSString *IMAPHostField;
|
||||
NSArray *bindFields;
|
||||
BOOL _bindAsCurrentUser;
|
||||
|
||||
NSString *domain;
|
||||
NSString *contactInfoAttribute;
|
||||
|
@ -63,13 +65,16 @@
|
|||
NSMutableArray *searchAttributes;
|
||||
|
||||
BOOL passwordPolicy;
|
||||
|
||||
NSMutableDictionary *_dnCache;
|
||||
}
|
||||
|
||||
- (void) setBindDN: (NSString *) newBindDN
|
||||
password: (NSString *) newBindPassword
|
||||
hostname: (NSString *) newBindHostname
|
||||
port: (NSString *) newBindPort
|
||||
encryption: (NSString *) newEncryption;
|
||||
encryption: (NSString *) newEncryption
|
||||
bindAsCurrentUser: (NSString *) bindAsCurrentUser;
|
||||
|
||||
- (void) setBaseDN: (NSString *) newBaseDN
|
||||
IDField: (NSString *) newIDField
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
/* LDAPSource.m - this file is part of SOGo
|
||||
*
|
||||
* Copyright (C) 2007-2009 Inverse inc.
|
||||
* Copyright (C) 2007-2010 Inverse inc.
|
||||
*
|
||||
* Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
* Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
*
|
||||
* This file is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -40,6 +41,8 @@
|
|||
|
||||
#import "LDAPSource.h"
|
||||
|
||||
#import "../../Main/SOGo.h"
|
||||
|
||||
#define SafeLDAPCriteria(x) [[[x stringByReplacingString: @"\\" withString: @"\\\\"] \
|
||||
stringByReplacingString: @"'" withString: @"\\'"] \
|
||||
stringByReplacingString: @"%" withString: @"%%"]
|
||||
|
@ -162,6 +165,8 @@ static NSArray *commonSearchFields;
|
|||
|
||||
searchAttributes = nil;
|
||||
passwordPolicy = NO;
|
||||
|
||||
_dnCache = [[NSMutableDictionary alloc] init];
|
||||
}
|
||||
|
||||
return self;
|
||||
|
@ -169,6 +174,7 @@ static NSArray *commonSearchFields;
|
|||
|
||||
- (void) dealloc
|
||||
{
|
||||
NSLog(@"LDAPSource: -dealloc");
|
||||
[bindDN release];
|
||||
[hostname release];
|
||||
[encryption release];
|
||||
|
@ -186,6 +192,7 @@ static NSArray *commonSearchFields;
|
|||
[_scope release];
|
||||
[searchAttributes release];
|
||||
[domain release];
|
||||
[_dnCache release];
|
||||
[super dealloc];
|
||||
}
|
||||
|
||||
|
@ -203,7 +210,9 @@ static NSArray *commonSearchFields;
|
|||
password: [udSource objectForKey: @"bindPassword"]
|
||||
hostname: [udSource objectForKey: @"hostname"]
|
||||
port: [udSource objectForKey: @"port"]
|
||||
encryption: [udSource objectForKey: @"encryption"]];
|
||||
encryption: [udSource objectForKey: @"encryption"]
|
||||
bindAsCurrentUser: [udSource objectForKey: @"bindAsCurrentUser"]];
|
||||
|
||||
[self setBaseDN: [udSource objectForKey: @"baseDN"]
|
||||
IDField: [udSource objectForKey: @"IDFieldName"]
|
||||
CNField: [udSource objectForKey: @"CNFieldName"]
|
||||
|
@ -252,11 +261,27 @@ static NSArray *commonSearchFields;
|
|||
return self;
|
||||
}
|
||||
|
||||
- (void) setBindDN: (NSString *) theDN
|
||||
{
|
||||
ASSIGN(bindDN, theDN);
|
||||
}
|
||||
|
||||
- (void) setBindPassword: (NSString *) thePassword
|
||||
{
|
||||
ASSIGN (password, thePassword);
|
||||
}
|
||||
|
||||
- (BOOL) bindAsCurrentUser
|
||||
{
|
||||
return _bindAsCurrentUser;
|
||||
}
|
||||
|
||||
- (void) setBindDN: (NSString *) newBindDN
|
||||
password: (NSString *) newBindPassword
|
||||
hostname: (NSString *) newBindHostname
|
||||
port: (NSString *) newBindPort
|
||||
encryption: (NSString *) newEncryption
|
||||
bindAsCurrentUser: (NSString *) bindAsCurrentUser
|
||||
{
|
||||
ASSIGN (bindDN, newBindDN);
|
||||
ASSIGN (encryption, [newEncryption uppercaseString]);
|
||||
|
@ -266,6 +291,7 @@ static NSArray *commonSearchFields;
|
|||
if (newBindPort)
|
||||
port = [newBindPort intValue];
|
||||
ASSIGN (password, newBindPassword);
|
||||
_bindAsCurrentUser = [bindAsCurrentUser boolValue];
|
||||
}
|
||||
|
||||
- (void) setBaseDN: (NSString *) newBaseDN
|
||||
|
@ -337,6 +363,8 @@ static NSArray *commonSearchFields;
|
|||
|
||||
NS_DURING
|
||||
{
|
||||
//NSLog(@"Creating NGLdapConnection instance for bindDN '%@'", bindDN);
|
||||
|
||||
ldapConnection = [[NGLdapConnection alloc] initWithHostName: hostname
|
||||
port: port];
|
||||
[ldapConnection autorelease];
|
||||
|
@ -442,11 +470,21 @@ static NSArray *commonSearchFields;
|
|||
{
|
||||
if (queryTimeout > 0)
|
||||
[bindConnection setQueryTimeLimit: queryTimeout];
|
||||
|
||||
userDN = [_dnCache objectForKey: _login];
|
||||
|
||||
if (!userDN)
|
||||
{
|
||||
if (bindFields)
|
||||
userDN = [self _fetchUserDNForLogin: _login];
|
||||
else
|
||||
userDN = [NSString stringWithFormat: @"%@=%@,%@",
|
||||
IDField, _login, baseDN];
|
||||
}
|
||||
|
||||
// We cache the _login <-> userDN entry to speed up things
|
||||
[_dnCache setObject: userDN forKey: _login];
|
||||
|
||||
if (userDN)
|
||||
{
|
||||
NS_DURING
|
||||
|
@ -975,6 +1013,11 @@ static NSArray *commonSearchFields;
|
|||
return login;
|
||||
}
|
||||
|
||||
- (NSString *) lookupDNByLogin: (NSString *) theLogin
|
||||
{
|
||||
return [_dnCache objectForKey: theLogin];
|
||||
}
|
||||
|
||||
- (NGLdapEntry *) lookupGroupEntryByUID: (NSString *) theUID
|
||||
{
|
||||
return [self lookupGroupEntryByAttribute: UIDField
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
- (NSString *) domain;
|
||||
|
||||
- (BOOL) checkLogin: (NSString *) _login
|
||||
|
||||
password: (NSString *) _pwd
|
||||
perr: (SOGoPasswordPolicyError *) _perr
|
||||
expire: (int *) _expire
|
||||
|
@ -62,7 +63,13 @@
|
|||
|
||||
@protocol SOGoDNSource <SOGoSource>
|
||||
|
||||
- (void) setBindDN: (NSString *) theDN;
|
||||
- (void) setBindPassword: (NSString *) thePassword;
|
||||
- (BOOL) bindAsCurrentUser;
|
||||
|
||||
- (NSString *) lookupLoginByDN: (NSString *) theDN;
|
||||
- (NSString *) lookupDNByLogin: (NSString *) theLogin;
|
||||
|
||||
- (NSString *) baseDN;
|
||||
|
||||
@end
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
/*
|
||||
Copyright (C) 2006-2009 Inverse inc.
|
||||
Copyright (C) 2006-2010 Inverse inc.
|
||||
Copyright (C) 2005 SKYRIX Software AG
|
||||
|
||||
This file is part of OpenGroupware.org.
|
||||
This file is part of SOGo.
|
||||
|
||||
OGo is free software; you can redistribute it and/or modify it under
|
||||
SOGo is free software; you can redistribute it and/or modify it under
|
||||
the terms of the GNU Lesser General Public License as published by the
|
||||
Free Software Foundation; either version 2, or (at your option) any
|
||||
later version.
|
||||
|
||||
OGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
SOGo is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
||||
License for more details.
|
||||
|
@ -29,7 +29,7 @@
|
|||
SOGoUser
|
||||
|
||||
This adds some additional SOGo properties to the SoUser object. The
|
||||
properties are (currently) looked up using the LDAPUserManager.
|
||||
properties are (currently) looked up using the SOGoUserManager.
|
||||
|
||||
You have access to this object from the WOContext:
|
||||
context.activeUser
|
||||
|
@ -52,12 +52,6 @@
|
|||
@class SOGoUserProfile;
|
||||
@class SOGoUserSettings;
|
||||
|
||||
// @interface SoUser (SOGoExtension)
|
||||
|
||||
// - (NSString *) language;
|
||||
|
||||
// @end
|
||||
|
||||
@interface SOGoUser : SoUser
|
||||
{
|
||||
SOGoUserDefaults *_defaults;
|
||||
|
@ -72,8 +66,6 @@
|
|||
NSString *cn;
|
||||
}
|
||||
|
||||
// + (NSString *) language;
|
||||
|
||||
+ (SOGoUser *) userWithLogin: (NSString *) newLogin;
|
||||
|
||||
+ (SOGoUser *) userWithLogin: (NSString *) login
|
||||
|
|
|
@ -416,6 +416,9 @@
|
|||
NSMutableDictionary *currentUser;
|
||||
BOOL checkOK;
|
||||
|
||||
// We check for cached passwords. If the entry is cached, we
|
||||
// check this immediately. If not, we'll go directly at the
|
||||
// authentication source and try to validate there, then cache it.
|
||||
jsonUser = [[SOGoCache sharedCache] userAttributesForLogin: _login];
|
||||
currentUser = [jsonUser objectFromJSONString];
|
||||
dictPassword = [currentUser objectForKey: @"password"];
|
||||
|
@ -446,6 +449,25 @@
|
|||
else
|
||||
checkOK = NO;
|
||||
|
||||
// We MUST, for all LDAP sources, update the bindDN and bindPassword
|
||||
// to the user's value if bindAsCurrentUser is set to true in the
|
||||
// LDAP source configuration
|
||||
if (checkOK)
|
||||
{
|
||||
NSObject <SOGoDNSource> *currentSource;
|
||||
NSEnumerator *sources;
|
||||
|
||||
sources = [[_sources allValues] objectEnumerator];
|
||||
while ((currentSource = [sources nextObject]))
|
||||
if ([currentSource conformsToProtocol: @protocol(SOGoDNSource)] &&
|
||||
[currentSource bindAsCurrentUser] &&
|
||||
[currentSource lookupDNByLogin: _login])
|
||||
{
|
||||
[currentSource setBindDN: [currentSource lookupDNByLogin: _login]];
|
||||
[currentSource setBindPassword: _pwd];
|
||||
}
|
||||
}
|
||||
|
||||
return checkOK;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* SQLSource.h - this file is part of SOGo
|
||||
*
|
||||
* Copyright (C) 2009 Inverse inc.
|
||||
* Copyright (C) 2009-2010 Inverse inc.
|
||||
*
|
||||
* Author: Ludovic Marcotte <lmarcotte@inverse.ca>
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue