protected function onSetup()
{
if ($this->hasBeenSubmitted()) {
// Do not hinder the form from being stored
return;
}
if ($this->hasBeenSent() && $this->isValidPartial($this->getRequest()->getPost())) {
$resourceName = $this->getValue('resource');
} else {
$resourceName = $this->config()->get('db', 'resource');
}
if ($resourceName) {
$resource = ResourceFactory::create($resourceName);
$db = $resource->getDbAdapter();
try {
$query = $db->select()->from('director_dbversion', 'COUNT(*)');
$db->fetchOne($query);
if (!$this->hasBeenSent()) {
$hint = $this->translate('Configuration looks good, you should be ready to %s' . ' Icinga Director');
$link = $this->getView()->qlink($this->translate('start using'), 'director/welcome', null, array('data-base-target' => '_main'));
$this->addHtmlHint(sprintf($hint, $link));
}
} catch (Exception $e) {
$this->getElement('resource')->addError('Could not fetch: ' . $e->getMessage())->removeDecorator('description');
$hint = $this->translate('Please make sure that your database grants enough permissions' . ' and that you deployed the correct %s.');
$link = $this->getView()->qlink($this->translate('database schema'), 'director/schema/' . $resource->getDbType(), null, array('data-base-target' => '_next'));
$this->addHtmlHint(sprintf($hint, $link));
}
}
}
protected function connection()
{
if ($this->connection === null) {
$this->connection = ResourceFactory::create($this->settings['resource']);
}
return $this->connection;
}
/**
* Create and add elements to this form
*
* @param array $formData
*/
public function createElements(array $formData)
{
$isAd = isset($formData['type']) ? $formData['type'] === 'msldap' : false;
$this->addElement('text', 'name', array('required' => true, 'label' => $this->translate('Backend Name'), 'description' => $this->translate('The name of this authentication provider that is used to differentiate it from others.')));
$this->addElement('select', 'resource', array('required' => true, 'label' => $this->translate('LDAP Connection'), 'description' => $this->translate('The LDAP connection to use for authenticating with this provider.'), 'multiOptions' => !empty($this->resources) ? array_combine($this->resources, $this->resources) : array()));
$baseDn = null;
$hasAdOid = false;
if (!$isAd && !empty($this->resources)) {
$this->addElement('button', 'discovery_btn', array('type' => 'submit', 'value' => 'discovery_btn', 'label' => $this->translate('Discover', 'A button to discover LDAP capabilities'), 'title' => $this->translate('Push to fill in the chosen connection\'s default settings.'), 'decorators' => array(array('ViewHelper', array('separator' => '')), array('HtmlTag', array('tag' => 'div', 'class' => 'element'))), 'formnovalidate' => 'formnovalidate'));
$this->addDisplayGroup(array('resource', 'discovery_btn'), 'connection_discovery', array('decorators' => array('FormElements', array('HtmlTag', array('tag' => 'div', 'class' => 'control-group')))));
if ($this->getElement('discovery_btn')->isChecked()) {
$connection = ResourceFactory::create(isset($formData['resource']) ? $formData['resource'] : reset($this->resources));
try {
$capabilities = $connection->bind()->getCapabilities();
$baseDn = $capabilities->getDefaultNamingContext();
$hasAdOid = $capabilities->isActiveDirectory();
} catch (Exception $e) {
$this->warning(sprintf($this->translate('Failed to discover the chosen LDAP connection: %s'), $e->getMessage()));
}
}
}
if ($isAd || $hasAdOid) {
// ActiveDirectory defaults
$userClass = 'user';
$filter = '!(objectClass=computer)';
$userNameAttribute = 'sAMAccountName';
} else {
// OpenLDAP defaults
$userClass = 'inetOrgPerson';
$filter = null;
$userNameAttribute = 'uid';
}
$this->addElement('text', 'user_class', array('preserveDefault' => true, 'required' => !$isAd, 'ignore' => $isAd, 'disabled' => $isAd ?: null, 'label' => $this->translate('LDAP User Object Class'), 'description' => $this->translate('The object class used for storing users on the LDAP server.'), 'value' => $userClass));
$this->addElement('text', 'filter', array('preserveDefault' => true, 'allowEmpty' => true, 'value' => $filter, 'label' => $this->translate('LDAP Filter'), 'description' => $this->translate('An additional filter to use when looking up users using the specified connection. ' . 'Leave empty to not to use any additional filter rules.'), 'requirement' => $this->translate('The filter needs to be expressed as standard LDAP expression.' . ' (e.g. &(foo=bar)(bar=foo) or foo=bar)'), 'validators' => array(array('Callback', false, array('callback' => function ($v) {
// This is not meant to be a full syntax check. It will just
// ensure that we can safely strip unnecessary parentheses.
$v = trim($v);
return !$v || $v[0] !== '(' || (strpos($v, ')(') !== false ? substr($v, -2) === '))' : substr($v, -1) === ')');
}, 'messages' => array('callbackValue' => $this->translate('The filter is invalid. Please check your syntax.')))))));
$this->addElement('text', 'user_name_attribute', array('preserveDefault' => true, 'required' => !$isAd, 'ignore' => $isAd, 'disabled' => $isAd ?: null, 'label' => $this->translate('LDAP User Name Attribute'), 'description' => $this->translate('The attribute name used for storing the user name on the LDAP server.'), 'value' => $userNameAttribute));
$this->addElement('hidden', 'backend', array('disabled' => true, 'value' => $isAd ? 'msldap' : 'ldap'));
$this->addElement('text', 'base_dn', array('preserveDefault' => true, 'required' => false, 'label' => $this->translate('LDAP Base DN'), 'description' => $this->translate('The path where users can be found on the LDAP server. Leave ' . 'empty to select all users available using the specified connection.'), 'value' => $baseDn));
}
/**
* Create and return a user backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig = null)
{
if ($backendConfig === null) {
self::assertBackendsExist();
if (self::$backends->hasSection($name)) {
$backendConfig = self::$backends->getSection($name);
} else {
throw new ConfigurationError('User backend "%s" does not exist', $name);
}
}
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'backend\' directive', $name);
}
if ($backendType === 'external') {
$backend = new ExternalBackend($backendConfig);
$backend->setName($name);
return $backend;
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user backend unless it's actually required
} elseif (($customClass = static::getCustomUserBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\User\\UserBackendInterface')) {
throw new ConfigurationError('Cannot utilize user backend of type "%s". Class "%s" does not implement UserBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Authentication configuration for user backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Authentication configuration for user backend "%s" is missing the \'resource\' directive', $name);
}
$resource = ResourceFactory::create($backendConfig->resource);
switch ($backendType) {
case 'db':
$backend = new DbUserBackend($resource);
break;
case 'msldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'user'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'sAMAccountName'));
$backend->setFilter($backendConfig->filter);
break;
case 'ldap':
$backend = new LdapUserBackend($resource);
$backend->setBaseDn($backendConfig->base_dn);
$backend->setUserClass($backendConfig->get('user_class', 'inetOrgPerson'));
$backend->setUserNameAttribute($backendConfig->get('user_name_attribute', 'uid'));
$backend->setFilter($backendConfig->filter);
break;
}
$backend->setName($name);
return $backend;
}
/**
* Get this backend's internal resource
*
* @return mixed
*/
public function getResource()
{
if ($this->resource === null) {
$this->resource = ResourceFactory::create($this->config->get('resource'));
if ($this->is('ido') && $this->resource->getDbType() !== 'oracle') {
// TODO(el): The resource should set the table prefix
$this->resource->setTablePrefix('icinga_');
}
}
return $this->resource;
}
/**
* Return the names of all configured LDAP user backends
*
* @param LdapConnection $resource
*
* @return array
*/
protected function getLdapUserBackendNames(LdapConnection $resource)
{
$names = array();
foreach (UserBackend::getBackendConfigs() as $name => $config) {
if (in_array(strtolower($config->backend), array('ldap', 'msldap'))) {
$backendResource = ResourceFactory::create($config->resource);
if ($backendResource->getHostname() === $resource->getHostname() && $backendResource->getPort() === $resource->getPort()) {
$names[] = $name;
}
}
}
return $names;
}
/**
* Create and return a user group backend with the given name and given configuration applied to it
*
* @param string $name
* @param ConfigObject $backendConfig
*
* @return UserGroupBackendInterface
*
* @throws ConfigurationError
*/
public static function create($name, ConfigObject $backendConfig)
{
if ($backendConfig->name !== null) {
$name = $backendConfig->name;
}
if (!($backendType = strtolower($backendConfig->backend))) {
throw new ConfigurationError('Configuration for user group backend "%s" is missing the \'backend\' directive', $name);
}
if (in_array($backendType, static::$defaultBackends)) {
// The default backend check is the first one because of performance reasons:
// Do not attempt to load a custom user group backend unless it's actually required
} elseif (($customClass = static::getCustomUserGroupBackend($backendType)) !== null) {
$backend = new $customClass($backendConfig);
if (!is_a($backend, 'Icinga\\Authentication\\UserGroup\\UserGroupBackendInterface')) {
throw new ConfigurationError('Cannot utilize user group backend of type "%s".' . ' Class "%s" does not implement UserGroupBackendInterface', $backendType, $customClass);
}
$backend->setName($name);
return $backend;
} else {
throw new ConfigurationError('Configuration for user group backend "%s" defines an invalid backend type.' . ' Backend type "%s" is not supported', $name, $backendType);
}
if ($backendConfig->resource === null) {
throw new ConfigurationError('Configuration for user group backend "%s" is missing the \'resource\' directive', $name);
}
$resource = ResourceFactory::create($backendConfig->resource);
switch ($backendType) {
case 'db':
$backend = new DbUserGroupBackend($resource);
break;
case 'ini':
$backend = new IniUserGroupBackend($resource);
break;
case 'ldap':
case 'msldap':
$backend = new LdapUserGroupBackend($resource);
$backend->setConfig($backendConfig);
break;
}
$backend->setName($name);
return $backend;
}
