Enh/ldap (#6838)

* Fix LDAP encryption labels and allow ignore part of DNs * Use StartWith for ignore DN matching * updated Changelog
2025-03-14 20:19:47 +01:00 · 2024-02-07 12:28:01 +01:00 · 2024-02-07 12:28:01 +01:00 · ec72cca8c3
commit ec72cca8c3
parent 5c663f54ae
4 changed files with 11 additions and 5 deletions
--- a/CHANGELOG-DEV.md
+++ b/CHANGELOG-DEV.md
@ -56,3 +56,4 @@ HumHub Changelog
 - Enh #6812: Reduce people filter options depending on what filtered users have
 - Fix #6810: Top menu on small screens: the previous page remains active when the new page is in the drop-down submenu
 - Fix #6830: Wrong view filename after module enabling
+- Enh #6838: Fix LDAP encryption labels and allow ignore also part of DNs
--- a/protected/humhub/modules/ldap/authclient/LdapAuth.php
+++ b/protected/humhub/modules/ldap/authclient/LdapAuth.php
@ -486,8 +486,11 @@ class LdapAuth extends BaseFormAuth implements AutoSyncUsers, SyncAttributes, Ap
            $authClient = null;
            $ids = [];
            foreach ($this->getUserCollection() as $ldapEntry) {
-                if (in_array(strtolower($ldapEntry['dn']), $this->ignoredDNs)) {
-                    continue;
+                $dn = strtolower($ldapEntry['dn']);
+                foreach ($this->ignoredDNs as $ignoredDN) {
+                    if (str_starts_with($dn, strtolower($ignoredDN))) {
+                        continue 2;
+                    }
                }

                $authClient = $this->getAuthClientInstance($ldapEntry);
--- a/protected/humhub/modules/ldap/models/LdapSettings.php
+++ b/protected/humhub/modules/ldap/models/LdapSettings.php
@ -104,8 +104,8 @@ class LdapSettings extends Model
     */
    public $encryptionTypes = [
        '' => 'None',
-        'tls' => 'TLS (aka SSLV2)',
-        'ssl' => 'SSL',
+        'tls' => 'StartTLS',
+        'ssl' => 'SSL/TLS',
    ];

    /**
@ -159,7 +159,6 @@ class LdapSettings extends Model
    public function attributeHints()
    {
        return [
-            'encryption' => Yii::t('LdapModule.base', 'A TLS/SSL is strongly favored in production environments to prevent passwords from be transmitted in clear text.'),
            'username' => Yii::t('LdapModule.base', 'The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames.'),
            'passwordField' => Yii::t('LdapModule.base', 'The default credentials password (used only with username above).'),
            'baseDn' => Yii::t('LdapModule.base', 'The default base DN used for searching for accounts.'),
--- a/protected/humhub/modules/ldap/views/admin/index.php
+++ b/protected/humhub/modules/ldap/views/admin/index.php
@ -62,12 +62,15 @@ use humhub\modules\ui\form\widgets\ActiveForm;
    <?= $form->field($model, 'encryption')->dropDownList($model->encryptionTypes) ?>
    <?= $form->field($model, 'username')->textInput() ?>
    <?= $form->field($model, 'passwordField')->passwordInput() ?>
+
    <?= $form->field($model, 'baseDn')->textInput() ?>
    <?= $form->field($model, 'loginFilter')->textArea() ?>
    <?= $form->field($model, 'userFilter')->textArea() ?>
+
    <?= $form->field($model, 'usernameAttribute')->textInput() ?>
    <?= $form->field($model, 'emailAttribute')->textInput() ?>
    <?= $form->field($model, 'idAttribute')->textInput() ?>
+
    <?= $form->field($model, 'refreshUsers')->checkbox() ?>

    <?= $form->beginCollapsibleFields(Yii::t('AdminModule.base', 'Advanced settings')); ?>