function it_should_hydrate_an_add_operation_to_ldap($connection) { $this->setLdapObjectSchema($this->schema); $this->setOperationType(AttributeConverterInterface::TYPE_CREATE); $this->setLdapConnection($connection); $operation = new AddOperation(); $operation->setAttributes(['username' => 'John', 'password' => '12345', 'groups' => 'cn=foo,dc=example,dc=local']); $operation->setLocation('ou=employees,dc=example,dc=local'); $expected = ['cn' => "John", 'displayname' => "John", 'givenName' => "John", 'userPrincipalName' => "*****@*****.**", 'objectclass' => [0 => "top", 1 => "person", 2 => "organizationalPerson", 3 => "user"], 'sAMAccountName' => "John", 'unicodePwd' => (new EncodeWindowsPassword())->toLdap('12345'), 'userAccountControl' => "512"]; $original1 = clone $operation; $original2 = clone $operation; $this->hydrateToLdap($operation)->getAttributes()->shouldBeEqualTo($expected); $this->hydrateToLdap($original2)->getPostOperations()->shouldHaveCount(1); $this->hydrateToLdap($original1)->getDn()->shouldBeEqualTo('cn=John,ou=employees,dc=example,dc=local'); }
function it_should_call_creation_events_when_creating_a_ldap_object(EventDispatcherInterface $dispatcher, $connection) { $this->addOperation->setLocation('dc=foo,dc=bar'); $connection->execute($this->addOperation)->willReturn(true); $beforeEvent = new LdapObjectCreationEvent(Event::LDAP_OBJECT_BEFORE_CREATE); $beforeEvent->setContainer('dc=foo,dc=bar'); $beforeEvent->setData(['username' => '%foo%', 'password' => '%bar%']); $beforeEvent->setDn(''); $afterEvent = new LdapObjectCreationEvent(Event::LDAP_OBJECT_AFTER_CREATE); $afterEvent->setContainer('dc=foo,dc=bar'); $afterEvent->setData(['username' => 'somedude', 'password' => '12345']); $afterEvent->setDn('cn=somedude,dc=foo,dc=bar'); $dispatcher->dispatch($beforeEvent)->shouldBeCalled(); $dispatcher->dispatch($afterEvent)->shouldBeCalled(); $this->config->setSchemaName('ad'); $this->beConstructedWith($connection, $this->schemaFactory, $dispatcher); $this->createUser()->with(['username' => '%foo%', 'password' => '%bar%'])->in('dc=foo,dc=bar')->setParameter('foo', 'somedude')->setParameter('bar', '12345'); $this->execute(); }
/** * Builds the DN based off of the "name" attribute. The name attribute should be mapped to the "cn" attribute in * pretty much all cases except for creating an OU object. Then the "name" attribute should be mapped to "ou". * * @param AddOperation $operation */ protected function setDnToUse(AddOperation $operation) { // If the DN was explicitly set, don't do anything. if ($operation->getDn()) { return; } if (!$this->schema) { throw new LogicException("You must explicitly set the DN or specify a schema type."); } if (!$this->schema->hasAttribute('name')) { throw new LogicException('To create an object you must specify the name attribute in the schema. That attribute should typically' . ' map to the "cn" attribute, as it will use that as the base of the distinguished name.'); } $location = $operation->getLocation() ?: $this->schema->getDefaultContainer(); if (empty($location)) { throw new LogicException('You must specify a container or OU to place this LDAP object in.'); } $attribute = $this->schema->getAttributeToLdap('name'); $rdnValue = LdapUtilities::escapeValue($operation->getAttributes()[$attribute], null, LDAP_ESCAPE_DN); $location = $this->resolveParameters(['container' => $location])['container']; $operation->setDn($attribute . '=' . $rdnValue . ',' . $location); }
/** * Workaround AD special cases with the unicodePwd attribute... * * @link https://support.microsoft.com/en-us/kb/263991 * @param AddOperation $operation */ protected function unicodePwdHack(AddOperation $operation) { if (!$this->isUnicodePwdHackNeeded()) { return; } $attributes = $operation->getAttributes(); foreach ($attributes as $attribute => $value) { if (strtolower($attribute) !== 'unicodepwd') { continue; } $value = is_array($value) ? reset($value) : $value; $attributes[$attribute] = base64_encode($value); } $operation->setAttributes($attributes); }
/** * Trigger a LDAP object after creation event. * * @param AddOperation $operation */ protected function triggerAfterCreationEvent(AddOperation $operation) { $event = new LdapObjectCreationEvent(Event::LDAP_OBJECT_AFTER_CREATE); $event->setData((new ParameterResolver($this->attributes, $this->hydrator->getParameters()))->resolve()); $event->setContainer($operation->getLocation()); $event->setDn($operation->getDn()); $this->dispatcher->dispatch($event); }
function it_should_generate_add_operations_based_off_a_name_guid_sid_and_LdapObject_on_a_create_operation($connection, \LdapTools\Operation\AddOperation $operation) { $sid = 'S-1-5-21-1004336348-1177238915-682003330-512'; $sidHex = '\\01\\05\\00\\00\\00\\00\\00\\05\\15\\00\\00\\00\\dc\\f4\\dc\\3b\\83\\3d\\2b\\46\\82\\8b\\a6\\28\\00\\02\\00\\00'; $guid = 'a1131cd3-902b-44c6-b49a-1f6a567cda25'; $guidHex = '\\d3\\1c\\13\\a1\\2b\\90\\c6\\44\\b4\\9a\\1f\\6a\\56\\7c\\da\\25'; $dn = 'cn=foo,dc=example,dc=local'; $objectDn = 'CN=SomeGroup,OU=Employees,DC=example,DC=com'; $ldapObject = new LdapObject(['dn' => $objectDn], ['group'], 'group', 'group'); $connection->execute(Argument::that(function ($operation) { return $operation->getFilter() == '(&(&(objectClass=bar))(cn=Foo))'; }))->willReturn($this->entry); $connection->execute(Argument::that(function ($operation) use($guid, $guidHex) { return $operation->getFilter() == '(&(&(objectClass=bar))(|(objectGuid=' . $guidHex . ')(cn=' . $guid . ')))'; }))->willReturn($this->entryGuid); $connection->execute(Argument::that(function ($operation) use($sid, $sidHex) { return $operation->getFilter() == '(&(&(objectClass=bar))(|(objectSid=' . $sidHex . ')(cn=' . $sid . ')))'; }))->willReturn($this->entrySid); $this->setOptions(['foo' => ['to_attribute' => 'member', 'attribute' => 'cn', 'filter' => ['objectClass' => 'bar']]]); $this->setOperation($operation); $this->setLdapConnection($connection); $this->setAttribute('foo'); $this->setOperationType(AttributeConverterInterface::TYPE_CREATE); $this->setDn($dn); $operation->getDn()->willReturn($dn); $nameDn = $this->entry[0]['distinguishedname'][0]; $guidDn = $this->entryGuid[0]['distinguishedname'][0]; $sidDn = $this->entrySid[0]['distinguishedname'][0]; foreach ([$nameDn, $sidDn, $guidDn, $objectDn] as $groupDn) { $operation->addPostOperation(Argument::that(function ($op) use($dn, $groupDn) { return $op instanceof BatchModifyOperation && call_user_func($op->getBatchCollection()->toArray()[0]->getValues()[0]) == $dn && $op->getBatchCollection()->getDn() == $groupDn; }))->shouldBeCalled(); } $this->toLdap(['Foo', $guid, $sid, $ldapObject])->shouldBeArray(); }