Kolab_delegation: add option to use different LDAP server than the default (Bifrost#T141128)
... e.g. for master-slave environments
This commit is contained in:
Aleksander Machniak
parent
b5fd329db3
commit
c142ce597a
2 changed files with 57 additions and 5 deletions
|
|
@ -1,5 +1,21 @@
|
|||
<?php
|
||||
|
||||
// The id of the LDAP address book (which refers to the $rcmail_config['ldap_public'])
|
||||
// or complete addressbook definition array.
|
||||
// --------------------------------------------------------------------
|
||||
// Note: Multi-domain (hosted) installations can resolve domain aliases
|
||||
// by adding following settings in kolab_auth_addressbook spec.:
|
||||
//
|
||||
// 'domain_base_dn' => 'cn=kolab,cn=config',
|
||||
// 'domain_filter' => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',
|
||||
// 'domain_name_attr' => 'associateddomain',
|
||||
//
|
||||
// With this %dc variable in base_dn and groups/base_dn will be
|
||||
// replaced with DN string of resolved domain
|
||||
//---------------------------------------------------------------------
|
||||
// When empty, defaults to kolab_auth_addressbook.
|
||||
$config['kolab_delegation_addressbook'] = '';
|
||||
|
||||
// This will overwrite defined LDAP filter
|
||||
// Note: LDAP addressbook defined for kolab_auth plugin is used
|
||||
$config['kolab_delegation_filter'] = '(|(objectClass=kolabInetOrgPerson)(&(objectclass=kolabsharedfolder)(kolabFolderType=mail)))';
|
||||
|
|
@ -9,6 +25,19 @@ $config['kolab_delegation_filter'] = '(|(objectClass=kolabInetOrgPerson)(&(objec
|
|||
// Note: LDAP addressbook defined for kolab_auth plugin is used
|
||||
$config['kolab_delegation_delegate_field'] = 'kolabDelegate';
|
||||
|
||||
// User authentication ID field (from fieldmap configuration)
|
||||
// See kolab_auth plugin config
|
||||
$config['kolab_delegation_login_field'] = 'email';
|
||||
|
||||
// Use this fields (from fieldmap configuration) for identities
|
||||
// If the value array contains more than one field, first non-empty will be used
|
||||
// Note: These are not LDAP attributes, but field names in config
|
||||
// Note: If there are more than one email address, as many identities will be created
|
||||
// See kolab_auth plugin config
|
||||
$config['kolab_delegation_name_field'] = array('name', 'cn');
|
||||
$config['kolab_delegation_email_field'] = array('email');
|
||||
$config['kolab_delegation_organization_field'] = array('organization');
|
||||
|
||||
// Remove all user identities which do not match the user's primary or alias
|
||||
// addresses and delegator's addresses
|
||||
$config['kolab_delegation_purge_identities'] = false;
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ class kolab_delegation_engine
|
|||
public $context;
|
||||
|
||||
private $rc;
|
||||
private $ldap;
|
||||
private $ldap_filter;
|
||||
private $ldap_delegate_field;
|
||||
private $ldap_login_field;
|
||||
|
|
@ -225,7 +226,29 @@ class kolab_delegation_engine
|
|||
*/
|
||||
private function ldap()
|
||||
{
|
||||
$ldap = kolab_auth::ldap();
|
||||
if ($this->ldap !== null) {
|
||||
return $this->ldap;
|
||||
}
|
||||
|
||||
if ($addressbook = $this->rc->config->get('kolab_delegation_addressbook')) {
|
||||
if (!is_array($addressbook)) {
|
||||
$ldap_config = (array) $this->rc->config->get('ldap_public');
|
||||
$addressbook = $ldap_config[$addressbook];
|
||||
}
|
||||
|
||||
if (!empty($addressbook)) {
|
||||
require_once __DIR__ . '/../kolab_auth/kolab_auth_ldap.php';
|
||||
|
||||
$ldap = new kolab_auth_ldap($addressbook);
|
||||
}
|
||||
}
|
||||
|
||||
// Fallback to kolab_auth plugin's addressbook
|
||||
if (!$ldap) {
|
||||
$ldap = kolab_auth::ldap();
|
||||
}
|
||||
|
||||
$this->ldap = $ldap;
|
||||
|
||||
if (!$ldap || !$ldap->ready) {
|
||||
return null;
|
||||
|
|
@ -239,13 +262,13 @@ class kolab_delegation_engine
|
|||
$this->ldap_dn = $_SESSION['kolab_dn'];
|
||||
|
||||
// Name of the LDAP field with authentication ID
|
||||
$this->ldap_login_field = $this->rc->config->get('kolab_auth_login');
|
||||
$this->ldap_login_field = $this->rc->config->get('kolab_delegation_login_field', $this->rc->config->get('kolab_auth_login'));
|
||||
// Name of the LDAP field with user name used for identities
|
||||
$this->ldap_name_field = $this->rc->config->get('kolab_auth_name');
|
||||
$this->ldap_name_field = $this->rc->config->get('kolab_delegation_name_field', $this->rc->config->get('kolab_auth_name'));
|
||||
// Name of the LDAP field with email addresses used for identities
|
||||
$this->ldap_email_field = $this->rc->config->get('kolab_auth_email');
|
||||
$this->ldap_email_field = $this->rc->config->get('kolab_delegation_email_field', $this->rc->config->get('kolab_auth_email'));
|
||||
// Name of the LDAP field with organization name for identities
|
||||
$this->ldap_org_field = $this->rc->config->get('kolab_auth_organization');
|
||||
$this->ldap_org_field = $this->rc->config->get('kolab_delegation_organization_field', $this->rc->config->get('kolab_auth_organization'));
|
||||
|
||||
$ldap->set_filter($this->ldap_filter);
|
||||
$ldap->extend_fieldmap(array($this->ldap_delegate_field => $this->ldap_delegate_field));
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue