summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Hoffend <dh@dotlan.net>2015-02-26 22:17:21 (GMT)
committerDaniel Hoffend <dh@dotlan.net>2015-02-26 22:17:21 (GMT)
commit4d06bf5dd18f1d21213b9e7b958cbc967fb03dd1 (patch)
tree668643d617fc157eb5332e10643f8f527aeeed8f
parentb417fb2ef03ce75162b79170e21a05117cc6cf92 (diff)
downloadkolab-wap-4d06bf5dd18f1d21213b9e7b958cbc967fb03dd1.tar.gz
adding default acl for domainrelated object. finally fixes #4731
-rw-r--r--lib/Auth/LDAP.php18
1 files changed, 12 insertions, 6 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index b0027be..a2d0ba3 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -176,12 +176,6 @@ class LDAP extends Net_LDAP3 {
$domain_dn = $domain_name_attribute . '=' . $domain . ',' . $domain_base_dn;
- $result = $this->add_entry($domain_dn, $attributes);
-
- if (!$result) {
- return false;
- }
-
if (!empty($attributes['inetdomainbasedn'])) {
$inetdomainbasedn = $attributes['inetdomainbasedn'];
}
@@ -189,6 +183,18 @@ class LDAP extends Net_LDAP3 {
$inetdomainbasedn = $this->_standard_root_dn($domain);
}
+ if (empty($attributes['aci'])) {
+ $attributes['aci'] = array(
+ "(targetattr = \"*\") (version 3.0;acl \"Read Access for {$domain} Users\";allow (read,compare,search)(userdn = \"ldap:///{$inetdomainbasedn}??sub?(objectclass=*)\");)"
+ );
+ }
+
+ $result = $this->add_entry($domain_dn, $attributes);
+
+ if (!$result) {
+ return false;
+ }
+
// Query the ACI for the primary domain
if ($domain_entry = $this->_find_domain($primary_domain)) {
$domain_entry = array_shift($domain_entry);