Make it possible to have multiple, logically-ORed LDAP recursion filters in
LDAP links and groups.
This commit is contained in:
Drake
parent
f1b62f54d0
commit
950c1e2306
5 changed files with 33 additions and 12 deletions
|
|
@ -22,6 +22,7 @@ my $session = start(); # this line required
|
|||
recalculateProjectCompletion($session);
|
||||
updateSqlReportTable($session);
|
||||
updateProductsTable($session);
|
||||
makeLdapRecursiveFiltersText($session);
|
||||
|
||||
finish($session); # this line required
|
||||
|
||||
|
|
@ -54,6 +55,20 @@ sub updateProductsTable {
|
|||
$session->db->write("alter table products add column (groupId varchar(22), groupExpiresOffset varchar(16))");
|
||||
}
|
||||
|
||||
sub makeLdapRecursiveFiltersText {
|
||||
my $session = shift;
|
||||
print "\tMaking LDAP recursive filters text fields.\n" unless $quiet;
|
||||
$session->db->write($_) for(<<'EOT',
|
||||
ALTER TABLE LDAPLink
|
||||
CHANGE COLUMN ldapGlobalRecursiveFilter ldapGlobalRecursiveFilter mediumtext NULL DEFAULT NULL
|
||||
EOT
|
||||
<<'EOT',
|
||||
ALTER TABLE groups
|
||||
CHANGE COLUMN ldapRecursiveFilter ldapRecursiveFilter mediumtext NULL DEFAULT NULL
|
||||
EOT
|
||||
)
|
||||
}
|
||||
|
||||
# ---- DO NOT EDIT BELOW THIS LINE ----
|
||||
|
||||
#-------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -270,7 +270,13 @@ sub recurseProperty {
|
|||
my $recurseFilter = $_[5] || $self->get->{ldapGlobalRecursiveFilter};
|
||||
return unless($ldap && $base && $property);
|
||||
|
||||
#Prevent infinate recursion
|
||||
if (length $recurseFilter) {
|
||||
$recurseFilter =~ s/\A\n*//; $recurseFilter =~ s/\n*\z//;
|
||||
$recurseFilter = (join '|', map{quotemeta} grep{/\S/} split /\n/, $recurseFilter);
|
||||
$recurseFilter = length($recurseFilter)? qr/$recurseFilter/ : undef;
|
||||
}
|
||||
|
||||
#Prevent infinite recursion
|
||||
$count++;
|
||||
return if $count == 99;
|
||||
|
||||
|
|
@ -294,8 +300,8 @@ sub recurseProperty {
|
|||
$properties = $entry->get_value($recProperty,asref => 1);
|
||||
}
|
||||
foreach my $prop (@{$properties}) {
|
||||
next if ($recurseFilter && $prop =~ m/$recurseFilter/ig);
|
||||
$self->recurseProperty($prop,$array,$property,$recProperty,$count,$recurseFilter);
|
||||
next if $recurseFilter and $prop =~ m/$recurseFilter/i;
|
||||
$self->recurseProperty($prop,$array,$property,$recProperty,$count,$recurseFilter);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -392,7 +392,7 @@ sub www_editGroup {
|
|||
-hoverHelp=>$i18n->get("LDAPLink_ldapRecursiveProperty","AuthLDAP"),
|
||||
-value=>$g->ldapRecursiveProperty
|
||||
);
|
||||
$f->text(
|
||||
$f->textarea(
|
||||
-name=>"ldapRecursiveFilter",
|
||||
-label=>$i18n->get("LDAPLink_ldapRecursiveFilter","AuthLDAP"),
|
||||
-hoverHelp=>$i18n->get("LDAPLink_ldapRecursiveFilterDescription","AuthLDAP"),
|
||||
|
|
@ -433,7 +433,7 @@ sub www_editGroupSave {
|
|||
$g->ldapGroup($session->form->text("ldapGroup"));
|
||||
$g->ldapGroupProperty($session->form->text("ldapGroupProperty"));
|
||||
$g->ldapRecursiveProperty($session->form->text("ldapRecursiveProperty"));
|
||||
$g->ldapRecursiveFilter($session->form->text("ldapRecursiveFilter"));
|
||||
$g->ldapRecursiveFilter($session->form->process("ldapRecursiveFilter"));
|
||||
return www_listGroups($session);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -251,7 +251,7 @@ sub www_editLDAPLink {
|
|||
-hoverHelp => $i18n->get('8 description'),
|
||||
-value => $db{ldapPasswordName},
|
||||
);
|
||||
$f->text(
|
||||
$f->textarea(
|
||||
-name => "ldapGlobalRecursiveFilter",
|
||||
-label => $i18n->get("global recursive filter label"),
|
||||
-hoverHelp => $i18n->get("global recursive filter label description"),
|
||||
|
|
|
|||
|
|
@ -3,19 +3,19 @@ package WebGUI::i18n::English::AuthLDAP;
|
|||
our $I18N = {
|
||||
'global recursive filter label' => {
|
||||
message => q|LDAP Recursive Group Filter|,
|
||||
lastUpdate => 0
|
||||
lastUpdate => 1160517240
|
||||
},
|
||||
'global recursive filter label description' => {
|
||||
message => q|Enter a string by which to filter out anything in your recursive ldap group that might not be a group. This is a performance setting which can help speed up the group search in the case where your groups and group members are both part of the same attribute used for groups of groups within LDAP. For example, if both users and groups are stored in the "member" attribute and users always contain the string o= while groups contain the string cn=, you might add o= as the filter in order that the code to recurse through the groups skips over the users in the group and only searches the groups. This setting will be applied to each LDAP group with recursive group settings. Optionally, you may choose to apply this setting to individual groups. The individual group setting will override the global setting|,
|
||||
lastUpdate => 0
|
||||
message => q|Enter any number of strings by which to filter out anything in your recursive LDAP group that is not a group, delimited by newlines. An object matching any one of these strings will not be searched recursively. This is a performance setting which can help speed up the group search in the case where your groups and group members are both part of the same attribute used for groups of groups within LDAP. For example, if both users and groups are stored in the "member" attribute and users always contain the string o= while groups contain the string cn=, you might add o= as a filter in order to skip over users and only search recursively within groups. This setting will be applied to each LDAP group with recursive group settings. Optionally, you may choose to apply this setting to individual groups; in that case, the individual group setting will override the global setting.|,
|
||||
lastUpdate => 1160517240
|
||||
},
|
||||
'LDAPLink_ldapRecursiveFilter' => {
|
||||
message => q|LDAP Recursive Group Filter|,
|
||||
lastUpdate => 0
|
||||
lastUpdate => 1160517240
|
||||
},
|
||||
'LDAPLink_ldapRecursiveFilterDescription' => {
|
||||
message => q|Enter a string by which to filter out anything in your recursive ldap group that might not be a group. This is a performance setting which can help speed up the group search in the case where your groups and group members are both part of the same attribute used for groups of groups within LDAP. For example, if both users and groups are stored in the "member" attribute and users always contain the string o= while groups contain the string cn=, you might add o= as the filter in order that the code to recurse through the groups skips over the users in the group and only searches the groups. This setting will be applied to only this group. and will override any global filter you may have set for the ldap connection chosen.|,
|
||||
lastUpdate => 0
|
||||
message => q|Enter any number of strings by which to filter out anything in your recursive LDAP group that is not a group. An object matching any of these strings will not be searched recursively. This is a performance setting which can help speed up the group search in the case where your groups and group members are both part of the same attribute used for groups of groups within LDAP. For example, if both users and groups are stored in the "member" attribute and users always contain the string o= while groups contain the string cn=, you might add o= as a filter in order to skip over users and only search recursively within groups. This setting will be applied to only this group, and will override any global filter you may have set for the LDAP connection chosen.|,
|
||||
lastUpdate => 1160517240
|
||||
},
|
||||
'ldap link name blank' => {
|
||||
message => q|The LDAP Link Name field cannot be blank.|,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue