protected function onSetup() { if ($this->hasBeenSubmitted()) { // Do not hinder the form from being stored return; } if ($this->hasBeenSent() && $this->isValidPartial($this->getRequest()->getPost())) { $resourceName = $this->getValue('resource'); } else { $resourceName = $this->config()->get('db', 'resource'); } if ($resourceName) { $resource = ResourceFactory::create($resourceName); $db = $resource->getDbAdapter(); try { $query = $db->select()->from('director_dbversion', 'COUNT(*)'); $db->fetchOne($query); if (!$this->hasBeenSent()) { $hint = $this->translate('Configuration looks good, you should be ready to %s' . ' Icinga Director'); $link = $this->getView()->qlink($this->translate('start using'), 'director/welcome', null, array('data-base-target' => '_main')); $this->addHtmlHint(sprintf($hint, $link)); } } catch (Exception $e) { $this->getElement('resource')->addError('Could not fetch: ' . $e->getMessage())->removeDecorator('description'); $hint = $this->translate('Please make sure that your database grants enough permissions' . ' and that you deployed the correct %s.'); $link = $this->getView()->qlink($this->translate('database schema'), 'director/schema/' . $resource->getDbType(), null, array('data-base-target' => '_next')); $this->addHtmlHint(sprintf($hint, $link)); } } }
protected function connection() { if ($this->connection === null) { $this->connection = ResourceFactory::create($this->settings['resource']); } return $this->connection; }
/** * Create and add elements to this form * * @param array $formData */ public function createElements(array $formData) { $isAd = isset($formData['type']) ? $formData['type'] === 'msldap' : false; $this->addElement('text', 'name', array('required' => true, 'label' => $this->translate('Backend Name'), 'description' => $this->translate('The name of this authentication provider that is used to differentiate it from others.'))); $this->addElement('select', 'resource', array('required' => true, 'label' => $this->translate('LDAP Connection'), 'description' => $this->translate('The LDAP connection to use for authenticating with this provider.'), 'multiOptions' => !empty($this->resources) ? array_combine($this->resources, $this->resources) : array())); $baseDn = null; $hasAdOid = false; if (!$isAd && !empty($this->resources)) { $this->addElement('button', 'discovery_btn', array('type' => 'submit', 'value' => 'discovery_btn', 'label' => $this->translate('Discover', 'A button to discover LDAP capabilities'), 'title' => $this->translate('Push to fill in the chosen connection\'s default settings.'), 'decorators' => array(array('ViewHelper', array('separator' => '')), array('HtmlTag', array('tag' => 'div', 'class' => 'element'))), 'formnovalidate' => 'formnovalidate')); $this->addDisplayGroup(array('resource', 'discovery_btn'), 'connection_discovery', array('decorators' => array('FormElements', array('HtmlTag', array('tag' => 'div', 'class' => 'control-group'))))); if ($this->getElement('discovery_btn')->isChecked()) { $connection = ResourceFactory::create(isset($formData['resource']) ? $formData['resource'] : reset($this->resources)); try { $capabilities = $connection->bind()->getCapabilities(); $baseDn = $capabilities->getDefaultNamingContext(); $hasAdOid = $capabilities->isActiveDirectory(); } catch (Exception $e) { $this->warning(sprintf($this->translate('Failed to discover the chosen LDAP connection: %s'), $e->getMessage())); } } } if ($isAd || $hasAdOid) { // ActiveDirectory defaults $userClass = 'user'; $filter = '!(objectClass=computer)'; $userNameAttribute = 'sAMAccountName'; } else { // OpenLDAP defaults $userClass = 'inetOrgPerson'; $filter = null; $userNameAttribute = 'uid'; } $this->addElement('text', 'user_class', array('preserveDefault' => true, 'required' => !$isAd, 'ignore' => $isAd, 'disabled' => $isAd ?: null, 'label' => $this->translate('LDAP User Object Class'), 'description' => $this->translate('The object class used for storing users on the LDAP server.'), 'value' => $userClass)); $this->addElement('text', 'filter', array('preserveDefault' => true, 'allowEmpty' => true, 'value' => $filter, 'label' => $this->translate('LDAP Filter'), 'description' => $this->translate('An additional filter to use when looking up users using the specified connection. ' . 'Leave empty to not to use any additional filter rules.'), 'requirement' => $this->translate('The filter needs to be expressed as standard LDAP expression.' . ' (e.g. &(foo=bar)(bar=foo) or foo=bar)'), 'validators' => array(array('Callback', false, array('callback' => function ($v) { // This is not meant to be a full syntax check. It will just // ensure that we can safely strip unnecessary parentheses. $v = trim($v); return !$v || $v[0] !== '(' || (strpos($v, ')(') !== false ? substr($v, -2) === '))' : substr($v, -1) === ')'); }, 'messages' => array('callbackValue' => $this->translate('The filter is invalid. Please check your syntax.'))))))); $this->addElement('text', 'user_name_attribute', array('preserveDefault' => true, 'required' => !$isAd, 'ignore' => $isAd, 'disabled' => $isAd ?: null, 'label' => $this->translate('LDAP User Name Attribute'), 'description' => $this->translate('The attribute name used for storing the user name on the LDAP server.'), 'value' => $userNameAttribute)); $this->addElement('hidden', 'backend', array('disabled' => true, 'value' => $isAd ? 'msldap' : 'ldap')); $this->addElement('text', 'base_dn', array('preserveDefault' => true, 'required' => false, 'label' => $this->translate('LDAP Base DN'), 'description' => $this->translate('The path where users can be found on the LDAP server. Leave ' . 'empty to select all users available using the specified connection.'), 'value' => $baseDn)); }
/** * Create and return a user backend with the given name and given configuration applied to it * * @param string $name * @param ConfigObject $backendConfig * * @return UserBackendInterface * * @throws ConfigurationError */ public static function create($name, ConfigObject $backendConfig = null) { if ($backendConfig === null) { self::assertBackendsExist(); if (self::$backends->hasSection($name)) { $backendConfig = self::$backends->getSection($name); } else { throw new ConfigurationError('User backend "%s" does not exist', $name); } } if ($backendConfig->name !== null) { $name = $backendConfig->name; } if (!($backendType = strtolower($backendConfig->backend))) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name); } if ($backendType === 'external') { $backend = new ExternalBackend($backendConfig); $backend->setName($name); return $backend; } if (in_array($backendType, static::$defaultBackends)) { // The default backend check is the first one because of performance reasons: // Do not attempt to load a custom user backend unless it's actually required } elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) { $backend = new $customClass($backendConfig); if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) { throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass); } $backend->setName($name); return $backend; } else { throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType); } if ($backendConfig->resource === null) { throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name); } $resource = ResourceFactory::create($backendConfig->resource); switch ($backendType) { case 'db': $backend = new DbUserBackend($resource); break; case 'msldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'user')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName')); $backend->setFilter($backendConfig->filter); break; case 'ldap': $backend = new LdapUserBackend($resource); $backend->setBaseDn($backendConfig->base_dn); $backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson')); $backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid')); $backend->setFilter($backendConfig->filter); break; } $backend->setName($name); return $backend; }
/** * Get this backend's internal resource * * @return mixed */ public function getResource() { if ($this->resource === null) { $this->resource = ResourceFactory::create($this->config->get('resource')); if ($this->is('ido') && $this->resource->getDbType() !== 'oracle') { // TODO(el): The resource should set the table prefix $this->resource->setTablePrefix('icinga_'); } } return $this->resource; }
/** * Return the names of all configured LDAP user backends * * @param LdapConnection $resource * * @return array */ protected function getLdapUserBackendNames(LdapConnection $resource) { $names = array(); foreach (UserBackend::getBackendConfigs() as $name => $config) { if (in_array(strtolower($config->backend), array('ldap', 'msldap'))) { $backendResource = ResourceFactory::create($config->resource); if ($backendResource->getHostname() === $resource->getHostname() && $backendResource->getPort() === $resource->getPort()) { $names[] = $name; } } } return $names; }
/** * Create and return a user group backend with the given name and given configuration applied to it * * @param string $name * @param ConfigObject $backendConfig * * @return UserGroupBackendInterface * * @throws ConfigurationError */ public static function create($name, ConfigObject $backendConfig) { if ($backendConfig->name !== null) { $name = $backendConfig->name; } if (!($backendType = strtolower($backendConfig->backend))) { throw new ConfigurationError('Configuration for user group backend "%s" is missing the \'backend\' directive', $name); } if (in_array($backendType, static::$defaultBackends)) { // The default backend check is the first one because of performance reasons: // Do not attempt to load a custom user group backend unless it's actually required } elseif (($customClass = static::getCustomUserGroupBackend($backendType)) !== null) { $backend = new $customClass($backendConfig); if (!is_a($backend, 'Icinga\\Authentication\\UserGroup\\UserGroupBackendInterface')) { throw new ConfigurationError('Cannot utilize user group backend of type "%s".' . ' Class "%s" does not implement UserGroupBackendInterface', $backendType, $customClass); } $backend->setName($name); return $backend; } else { throw new ConfigurationError('Configuration for user group backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType); } if ($backendConfig->resource === null) { throw new ConfigurationError('Configuration for user group backend "%s" is missing the \'resource\' directive', $name); } $resource = ResourceFactory::create($backendConfig->resource); switch ($backendType) { case 'db': $backend = new DbUserGroupBackend($resource); break; case 'ini': $backend = new IniUserGroupBackend($resource); break; case 'ldap': case 'msldap': $backend = new LdapUserGroupBackend($resource); $backend->setConfig($backendConfig); break; } $backend->setName($name); return $backend; }