Merge pull request #6 from preemeijer/groupsprovider

thijskh · thijskh · commit 0eccaef318e1 · 2015-11-13T13:26:21.000+01:00
Option for choosing a groupsprovider
diff --git a/config/voot.ini.defaults b/config/voot.ini.defaults
@@ -21,7 +21,14 @@ dsn = "sqlite:/PATH/TO/APP/data/voot.sqlite"
 persistentConnection = FALSE
 
 [LdapVootStorage]
-; OpenLDAP / Fedora Directory Server
+; OpenLDAP - Which groupsprovider solution are you using.
+; Options: posixgroup, groupsofnames(default)
+; Uncomment the following line when using posixgroups
+; groupsProvider = "posixgroup"
+
+; Uncomment the appropriate OpenLDAP solution
+
+; OpenLDAP - GROUPOFNAMES / Fedora Directory Server
 uri = "ldap://localhost"
 peopleDn = "ou=People,dc=example,dc=org"
 groupDn = "ou=Groups,dc=example,dc=org"
@@ -33,6 +40,18 @@ attributeMapping["id"]          = "uid"
 attributeMapping["displayName"] = "cn"
 attributeMapping["mail"]        = "mail"
 
+; OpenLDAP - POSIXGROUP
+;uri = "ldap://"
+;peopleDn = "ou=Users,dc=,dc=,dc="
+;groupDn = "ou=Groups,dc=,dc=,dc="
+
+;userIdAttribute = "uid";
+;memberAttribute = "memberUid"
+
+;attributeMapping["id"]          = "cn"
+;attributeMapping["displayName"] = "cn"
+;attributeMapping["mail"]        = "mail"
+
 ; Microsoft Active Directory
 ;uri = "ldap://ad.example.org"
 ;bindDn = "cn=Administrator,cn=Users,dc=example,dc=org"
diff --git a/src/fkooman/VootProvider/LdapVootStorage.php b/src/fkooman/VootProvider/LdapVootStorage.php
@@ -112,7 +112,9 @@ public function getGroupMembers($resourceOwnerId, $groupId, $startIndex = 0, $co
         $memberAttribute = $this->config->s('LdapVootStorage')->l('memberAttribute');
 
         $userDn = $this->getUserDn($resourceOwnerId);
-
+	
+        $groupsProvider = $this->config->s('LdapVootStorage')->l('groupsProvider');
+    
         // FIXME: make sure the user is member of the group being requested
 
         $filter = '(cn=' . $groupId . ')';
@@ -127,6 +129,17 @@ public function getGroupMembers($resourceOwnerId, $groupId, $startIndex = 0, $co
         if (false === $query) {
             throw new VootStorageException("ldap_error", "directory query for group failed");
         }
+	
+        $all = ldap_get_entries($this->ldapConnection, $query); 
+        
+        switch ($groupsProvider) {
+          case "posixgroup":
+              // we are only interested in group memberuid array
+              $attributes = $all[0];
+              break;
+          default:
+              break;
+	}
 
         $entry = @ldap_first_entry($this->ldapConnection, $query);
         if (false === $entry) {
@@ -143,7 +156,16 @@ public function getGroupMembers($resourceOwnerId, $groupId, $startIndex = 0, $co
             for ($i = 0; $i < $attributes[$memberAttribute]["count"]; $i++) {
                 // member DN
                 // fetch attributes for this particular user
-                $userAttributes = $this->getUserAttributesByDn($attributes[$memberAttribute][$i]);
+                switch ($groupsProvider) {
+                  case "posixgroup": 
+                      $user_dn = 'uid=' . $attributes[$memberAttribute][$i] . ',' . $this->config->s('LdapVootStorage')->l('peopleDn');
+                      $userAttributes = $this->getUserAttributesByDn($user_dn);
+                      break;
+                  default: 
+                      $userAttributes = $this->getUserAttributesByDn($attributes[$memberAttribute][$i]);
+                      break;
+		}
+
                 $userAttributes['voot_membership_role'] = "member";
                 array_push($data, $userAttributes);
             }
@@ -167,8 +189,19 @@ public function isMemberOf($resourceOwnerId, $startIndex = null, $count = null)
         $userDn = $this->getUserDn($resourceOwnerId);
 
         $userGroups = array();
+        
+        $groupsProvider = $this->config->s('LdapVootStorage')->l('groupsProvider');
+    
         /* get the groups the user is a member of */
-        $filter = '(' . $this->config->s('LdapVootStorage')->l('memberAttribute') . '=' . $userDn . ')';
+        switch ($groupsProvider) {
+          case "posixgroup":
+              $filter = '(' . $this->config->s('LdapVootStorage')->l('memberAttribute') . '=' . $resourceOwnerId . ')';
+              break;
+          default:
+              $filter = '(' . $this->config->s('LdapVootStorage')->l('memberAttribute') . '=' . $userDn . ')';
+              break;
+	}
+
         $query = @ldap_search($this->ldapConnection, $this->config->s('LdapVootStorage')->l('groupDn'), $filter);
         if (false === $query) {
             throw new VootStorageException("ldap_error", "directory query for groups failed");
