From d81da2b38c85ce17dadf7d056e253a7c9dc257b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come@opensides.be>
Date: Thu, 1 Feb 2018 16:59:42 +0100
Subject: [PATCH] :sparkles: feat(config) Split URI and base so that several
URI might be used
URI and base are now two separate fields of referrals in config file, so
several URIs space separated may be used in URI field and no parsing has
to be done. Changes should be backward compatible
issue #5752
---
contrib/bin/fusiondirectory-setup | 18 ++++++++----
contrib/fusiondirectory.conf | 2 +-
contrib/man/fusiondirectory.conf.5 | 6 ++--
contrib/man/fusiondirectory.conf.pod | 6 ++--
include/class_config.inc | 41 ++++++++++++++--------------
include/class_ldap.inc | 3 +-
6 files changed, 41 insertions(+), 35 deletions(-)
diff --git a/contrib/bin/fusiondirectory-setup b/contrib/bin/fusiondirectory-setup
index bf6c0256e..def2222a9 100644
--- a/contrib/bin/fusiondirectory-setup
+++ b/contrib/bin/fusiondirectory-setup
@@ -739,14 +739,18 @@ sub get_ldap_connexion {
my @locs = $twig->root->first_child('main')->children('location');
my %locations = ();
foreach my $loc (@locs) {
+ $loc->lc_attnames();
my $ref = $loc->first_child('referral');
+ # Ignore case
+ $ref->lc_attnames();
$locations{$loc->{'att'}->{'name'}} = {
'tls' => 0,
- 'uri' => $ref->{'att'}->{'URI'},
- 'bind_dn' => $ref->{'att'}->{'adminDn'},
- 'bind_pwd' => $ref->{'att'}->{'adminPassword'}
+ 'uri' => $ref->{'att'}->{'uri'},
+ 'base' => $ref->{'att'}->{'base'} or $loc->{'att'}->{'base'} or '',
+ 'bind_dn' => $ref->{'att'}->{'admindn'},
+ 'bind_pwd' => $ref->{'att'}->{'adminpassword'}
};
- if (defined $loc->{'att'}->{'ldapTLS'} and $loc->{'att'}->{'ldapTLS'} =~ m/true/i) {
+ if (defined $loc->{'att'}->{'ldaptls'} and $loc->{'att'}->{'ldaptls'} =~ m/true/i) {
$locations{$loc->{'att'}->{'name'}}->{'tls'} = 1
}
}
@@ -761,7 +765,11 @@ sub get_ldap_connexion {
$location = $answer;
}
- if ($locations{$location}->{'uri'} =~ qr|^(.*)/([^/]+)$|) {
+ if ($locations{$location}->{'base'} ne '') {
+ $uri = $locations{$location}->{'uri'};
+ $base = $locations{$location}->{'base'};
+ } elsif ($locations{$location}->{'uri'} =~ qr|^(.*)/([^/]+)$|) {
+ # Format from FD<1.3
$uri = $1;
$base = $2;
} else {
diff --git a/contrib/fusiondirectory.conf b/contrib/fusiondirectory.conf
index aed6e126f..46378f263 100644
--- a/contrib/fusiondirectory.conf
+++ b/contrib/fusiondirectory.conf
@@ -33,7 +33,7 @@
ldapTLS="TRUE"
{/if}
>
- <referral URI="{$cv.connection}/{$cv.base}"
+ <referral URI="{$cv.connection}" base="{$cv.base}"
adminDn="{$cv.admin}"
adminPassword="{$cv.password}" />
</location>
diff --git a/contrib/man/fusiondirectory.conf.5 b/contrib/man/fusiondirectory.conf.5
index 9a8b54e79..9544d1f16 100644
--- a/contrib/man/fusiondirectory.conf.5
+++ b/contrib/man/fusiondirectory.conf.5
@@ -182,7 +182,7 @@ Example layout:
\& forceSSL="TRUE"
\& ...
\&
-\& <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
+\& <referral uri="ldaps://ldap.example.net:636" base="dc=example,dc=net"
\& admin="cn=fusiondirectory\-admin,dc=example,dc=net"
\& password="secret" />
\&
@@ -256,12 +256,12 @@ For every location you define inside your fusiondirectory.conf, you need at leas
Example:
.PP
.Vb 3
-\& <referral uri="ldap://ldap.example.net/dc=example,dc=net"
+\& <referral uri="ldap://ldap.example.net" base="dc=example,dc=net"
\& admin="cn=fusiondirectory\-admin,dc=example,dc=net"
\& password="secret" />
.Ve
.PP
-uri is a valid \s-1LDAP\s0 uri extendet by the base this referral is responsible for. admin is the \s-1DN\s0 which has the permission to write \s-1LDAP\s0 entries. And password is the corresponding password for this \s-1DN.\s0
+uri is a valid \s-1LDAP\s0 uri. base is the base this referral is responsible for. admin is the \s-1DN\s0 which has the permission to write \s-1LDAP\s0 entries. And password is the corresponding password for this \s-1DN.\s0
You can define a set of referrals if you have several server to connect to.
.SH "BUGS"
.IX Header "BUGS"
diff --git a/contrib/man/fusiondirectory.conf.pod b/contrib/man/fusiondirectory.conf.pod
index 77cb1abb0..406f2e720 100644
--- a/contrib/man/fusiondirectory.conf.pod
+++ b/contrib/man/fusiondirectory.conf.pod
@@ -43,7 +43,7 @@ Example layout:
forceSSL="TRUE"
...
- <referral uri="ldaps://ldap.example.net:636/dc=example,dc=net"
+ <referral uri="ldaps://ldap.example.net:636" base="dc=example,dc=net"
admin="cn=fusiondirectory-admin,dc=example,dc=net"
password="secret" />
@@ -138,11 +138,11 @@ For every location you define inside your fusiondirectory.conf, you need at leas
Example:
- <referral uri="ldap://ldap.example.net/dc=example,dc=net"
+ <referral uri="ldap://ldap.example.net" base="dc=example,dc=net"
admin="cn=fusiondirectory-admin,dc=example,dc=net"
password="secret" />
-uri is a valid LDAP uri extendet by the base this referral is responsible for. admin is the DN which has the permission to write LDAP entries. And password is the corresponding password for this DN.
+uri is a valid LDAP uri. base is the base this referral is responsible for. admin is the DN which has the permission to write LDAP entries. And password is the corresponding password for this DN.
You can define a set of referrals if you have several server to connect to.
=head1 BUGS
diff --git a/include/class_config.inc b/include/class_config.inc
index b4fe55e77..ef906ad81 100644
--- a/include/class_config.inc
+++ b/include/class_config.inc
@@ -208,7 +208,18 @@ class config
/* Handle referral tags */
case 'REFERRAL':
if ($this->tags[$this->level - 2] == 'LOCATION') {
- $server = preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $attrs['URI']);
+ if (isset($attrs['BASE'])) {
+ $server = $attrs['URI'];
+ } elseif (isset($this->data['LOCATIONS'][$this->currentLocation]['BASE'])) {
+ /* Fallback on location base */
+ $server = $attrs['URI'];
+ $attrs['BASE'] = $this->data['LOCATIONS'][$this->currentLocation]['BASE'];
+ } else {
+ /* Format from FD<1.3 */
+ $server = preg_replace('!^([^:]+://[^/]+)/.*$!', '\\1', $attrs['URI']);
+ $attrs['URI'] = $server;
+ $attrs['BASE'] = preg_replace('!^[^:]+://[^/]+/(.*)$!', '\\1', $attrs['URI']);
+ }
/* Add location elements */
if (!isset($this->data['LOCATIONS'][$this->currentLocation]['REFERRAL'])) {
@@ -355,36 +366,24 @@ class config
/* Sort referrals, if present */
if (isset($this->current['REFERRAL'])) {
- $bases = array();
$servers = array();
- foreach ($this->current['REFERRAL'] as $ref) {
- $server = preg_replace('%^(.*://[^/]+)/.*$%', '\\1', $ref['URI']);
- $base = preg_replace('%^.*://[^/]+/(.*)$%', '\\1', $ref['URI']);
-
- $bases[$base] = strlen($base);
- $servers[$base] = $server;
+ foreach ($this->current['REFERRAL'] as $server => $ref) {
+ $servers[$server] = strlen($ref['BASE']);
}
- asort($bases);
- reset($bases);
+ asort($servers);
+ reset($servers);
}
/* SERVER not defined? Load the one with the shortest base */
if (!isset($this->current['SERVER'])) {
- $this->current['SERVER'] = $servers[key($bases)];
- }
-
- /* BASE not defined? Load the one with the shortest base */
- if (!isset($this->current['BASE'])) {
- $this->current['BASE'] = key($bases);
+ $this->current['SERVER'] = key($servers);
}
/* Parse LDAP referral informations */
if (!isset($this->current['ADMINDN']) || !isset($this->current['ADMINPASSWORD'])) {
- $url = $this->current['SERVER'];
- $referral = $this->current['REFERRAL'][$url];
-
- $this->current['ADMINDN'] = $referral['ADMINDN'];
- $this->current['ADMINPASSWORD'] = $referral['ADMINPASSWORD'];
+ $this->current['BASE'] = $this->current['REFERRAL'][$this->current['SERVER']]['BASE'];
+ $this->current['ADMINDN'] = $this->current['REFERRAL'][$this->current['SERVER']]['ADMINDN'];
+ $this->current['ADMINPASSWORD'] = $this->current['REFERRAL'][$this->current['SERVER']]['ADMINPASSWORD'];
}
/* We need LDAPSIZELIMIT and LDAPSIZEIGNORE set before we connect to the ldap */
diff --git a/include/class_ldap.inc b/include/class_ldap.inc
index 234fc2ded..fd3ed2ec7 100644
--- a/include/class_ldap.inc
+++ b/include/class_ldap.inc
@@ -751,8 +751,7 @@ class LDAP
if ($ignoreReferralBases) {
$found = FALSE;
foreach ($this->referrals as $ref) {
- $base = preg_replace('!^[^:]+://[^/]+/([^?]+).*$!', '\\1', $ref['URI']);
- if ($base == $cdn) {
+ if ($ref['BASE'] == $cdn) {
$found = TRUE;
break;
}
--
GitLab