Add dynamic Group Attribute. (wheelybird#119)

huzvar · web-flow · commit 08a37ee96196 · 2021-10-05T14:55:22.000+01:00
* Add dynamic Group Attribute.

* Update ldap_functions.inc.php

* Update show_group.php

* Update run_checks.php
diff --git a/www/account_manager/show_group.php b/www/account_manager/show_group.php
@@ -50,7 +50,7 @@
   $new_group = FALSE;
   $initialise_group = TRUE;
   $current_members = array();
-  $full_dn = "cn=$group_cn,${LDAP['group_dn']}";
+  $full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}";
   $has_been = "created";
 }
 else {
diff --git a/www/includes/config.inc.php b/www/includes/config.inc.php
@@ -24,6 +24,7 @@
  #Optional
 
  $LDAP['account_attribute'] = (getenv('LDAP_ACCOUNT_ATTRIBUTE') ? getenv('LDAP_ACCOUNT_ATTRIBUTE') : 'uid');
+ $LDAP['group_attribute'] = (getenv('LDAP_GROUP_ATTRIBUTE') ? getenv('LDAP_GROUP_ATTRIBUTE') : 'cn');
  $LDAP['group_ou'] = (getenv('LDAP_GROUP_OU') ? getenv('LDAP_GROUP_OU') : 'groups');
  $LDAP['user_ou'] = (getenv('LDAP_USER_OU') ? getenv('LDAP_USER_OU') : 'people');
 
diff --git a/www/includes/ldap_functions.inc.php b/www/includes/ldap_functions.inc.php
@@ -420,9 +420,9 @@ function ldap_get_group_list($ldap_connection,$start=0,$entries=NULL,$sort="asc"
  $records = array();
  foreach ($result as $record) {
 
-  if (isset($record['cn'][0])) {
+  if (isset($record[$LDAP['group_attribute']][0])) {
 
-   array_push($records, $record['cn'][0]);
+   array_push($records, $record[$LDAP['group_attribute']][0]);
 
   }
  }
@@ -444,7 +444,7 @@ function ldap_get_dn_of_group($ldap_connection,$group_name) {
 
  if (isset($group_name)) {
 
-  $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
+  $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
   $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("dn"));
   $result = @ ldap_get_entries($ldap_connection, $ldap_search);
 
@@ -466,7 +466,7 @@ function ldap_get_group_members($ldap_connection,$group_name,$start=0,$entries=N
 
  if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
 
- $ldap_search_query = "(cn=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
+ $ldap_search_query = "(${LDAP['group_attribute']}=". ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
  $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_membership_attribute']));
 
  $result = @ ldap_get_entries($ldap_connection, $ldap_search);
@@ -513,7 +513,7 @@ function ldap_is_group_member($ldap_connection,$group_name,$username) {
 
  if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
 
- $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
+ $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
  $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
 
  if ($ldap_search) {
@@ -550,13 +550,13 @@ function ldap_user_group_membership($ldap_connection,$username) {
  }
 
  $ldap_search_query = "(&(objectClass=posixGroup)(${LDAP['group_membership_attribute']}=${username}))";
- $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array('cn'));
+ $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query, array($LDAP['group_attribute']));
  $result = ldap_get_entries($ldap_connection, $ldap_search);
 
  $groups = array();
  foreach ($result as $record) {
-  if (isset($record['cn'][0])) {
-   array_push($groups, $record['cn'][0]);
+  if (isset($record[$LDAP['group_attribute']][0])) {
+   array_push($groups, $record[$LDAP['group_attribute']][0]);
   }
  }
  sort($groups);
@@ -578,7 +578,7 @@ function ldap_new_group($ldap_connection,$group_name,$initial_member="") {
   $new_group = ldap_escape($group_name, "", LDAP_ESCAPE_FILTER);
   $initial_member = ldap_escape($initial_member, "", LDAP_ESCAPE_FILTER);
 
-  $ldap_search_query = "(cn=$new_group,${LDAP['group_dn']})";
+  $ldap_search_query = "(${LDAP['group_attribute']}=$new_group,${LDAP['group_dn']})";
   $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query);
   $result = @ ldap_get_entries($ldap_connection, $ldap_search);
 
@@ -643,7 +643,7 @@ function ldap_delete_group($ldap_connection,$group_name) {
 
  if (isset($group_name)) {
 
-  $delete_query = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
+  $delete_query = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
   $delete = @ ldap_delete($ldap_connection, $delete_query);
 
   if ($delete) {
@@ -668,7 +668,7 @@ function ldap_get_gid_of_group($ldap_connection,$group_name) {
 
  if (isset($group_name)) {
 
-  $ldap_search_query = "(cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
+  $ldap_search_query = "(${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ")";
   $ldap_search = @ ldap_search($ldap_connection, "${LDAP['group_dn']}", $ldap_search_query , array("gidNumber"));
   $result = @ ldap_get_entries($ldap_connection, $ldap_search);
 
@@ -865,7 +865,7 @@ function ldap_add_member_to_group($ldap_connection,$group_name,$username) {
 
   if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
 
-  $group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
+  $group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
 
   if ($LDAP['group_membership_uses_uid'] == FALSE) {
    $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
@@ -900,7 +900,7 @@ function ldap_delete_member_from_group($ldap_connection,$group_name,$username) {
   else {
     if ($LDAP['rfc2307bis_check_run'] != TRUE) { $rfc2307bis_available = ldap_detect_rfc2307bis($ldap_connection); }
 
-    $group_dn = "cn=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
+    $group_dn = "${LDAP['group_attribute']}=" . ldap_escape($group_name, "", LDAP_ESCAPE_FILTER) . ",${LDAP['group_dn']}";
 
     if ($LDAP['group_membership_uses_uid'] == FALSE and $username != "") {
       $username = "${LDAP['account_attribute']}=$username,${LDAP['user_dn']}";
diff --git a/www/setup/run_checks.php b/www/setup/run_checks.php
@@ -187,7 +187,7 @@
 }
 
 
-$defgroup_filter  = "(&(objectclass=posixGroup)(cn=${DEFAULT_USER_GROUP}))";
+$defgroup_filter  = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${DEFAULT_USER_GROUP}))";
 $ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter);
 $defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search);
 
@@ -207,7 +207,7 @@
 }
 
 
-$adminsgroup_filter  = "(&(objectclass=posixGroup)(cn=${LDAP['admins_group']}))";
+$adminsgroup_filter  = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${LDAP['admins_group']}))";
 $ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter);
 $adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);
 

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@`
`50`	`50`	`$new_group = FALSE;`
`51`	`51`	`$initialise_group = TRUE;`
`52`	`52`	`$current_members = array();`
`53`		`- $full_dn = "cn=$group_cn,${LDAP['group_dn']}";`
	`53`	`+ $full_dn = "${LDAP['group_attribute']}=$group_cn,${LDAP['group_dn']}";`
`54`	`54`	`$has_been = "created";`
`55`	`55`	`}`
`56`	`56`	`else {`
Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@`
`187`	`187`	`}`
`188`	`188`
`189`	`189`
`190`		`-$defgroup_filter = "(&(objectclass=posixGroup)(cn=${DEFAULT_USER_GROUP}))";`
	`190`	`+$defgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${DEFAULT_USER_GROUP}))";`
`191`	`191`	`$ldap_defgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $defgroup_filter);`
`192`	`192`	`$defgroup_result = ldap_get_entries($ldap_connection, $ldap_defgroup_search);`
`193`	`193`
`@@ -207,7 +207,7 @@`
`207`	`207`	`}`
`208`	`208`
`209`	`209`
`210`		`-$adminsgroup_filter = "(&(objectclass=posixGroup)(cn=${LDAP['admins_group']}))";`
	`210`	`+$adminsgroup_filter = "(&(objectclass=posixGroup)(${LDAP['group_attribute']}=${LDAP['admins_group']}))";`
`211`	`211`	`$ldap_adminsgroup_search = ldap_search($ldap_connection, "${LDAP['base_dn']}", $adminsgroup_filter);`
`212`	`212`	`$adminsgroup_result = ldap_get_entries($ldap_connection, $ldap_adminsgroup_search);`
`213`	`213`