Skip to content

Commit 0adfec7

Browse files
simonLeary42simonLeary42
committed
check for conflicts across entire LDAP tree
1 parent 0308fd1 commit 0adfec7

File tree

2 files changed

+32
-35
lines changed

2 files changed

+32
-35
lines changed

resources/init.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@
4040
$CONFIG["ldap"]["user"],
4141
$CONFIG["ldap"]["pass"],
4242
__DIR__ . "/../deployment/custom_user_mappings",
43+
$CONFIG["ldap"]["basedn"],
4344
$CONFIG["ldap"]["user_ou"],
4445
$CONFIG["ldap"]["group_ou"],
4546
$CONFIG["ldap"]["pigroup_ou"],

resources/lib/UnityLDAP.php

Lines changed: 31 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -26,13 +26,15 @@ class UnityLDAP extends ldapConn
2626
);
2727

2828
// string vars for OUs
29+
private $STR_BASEOU;
2930
private $STR_USEROU;
3031
private $STR_GROUPOU;
3132
private $STR_PIGROUPOU;
3233
private $STR_ORGGROUPOU;
3334
private $STR_ADMINGROUP;
3435

3536
// Instance vars for various ldapEntry objects
37+
private $baseOU;
3638
private $userOU;
3739
private $groupOU;
3840
private $pi_groupOU;
@@ -49,6 +51,7 @@ public function __construct(
4951
$dn,
5052
$pass,
5153
$custom_user_mappings,
54+
$base_dn,
5255
$user_ou,
5356
$group_ou,
5457
$pigroup_ou,
@@ -59,13 +62,15 @@ public function __construct(
5962
) {
6063
parent::__construct($host, $dn, $pass);
6164

65+
$this->STR_BASEOU = $base_dn;
6266
$this->STR_USEROU = $user_ou;
6367
$this->STR_GROUPOU = $group_ou;
6468
$this->STR_PIGROUPOU = $pigroup_ou;
6569
$this->STR_ORGGROUPOU = $orggroup_ou;
6670
$this->STR_ADMINGROUP = $admin_group;
6771

6872
// Get Global Entries
73+
$this->baseOU = $this->getEntry($base_dn);
6974
$this->userOU = $this->getEntry($user_ou);
7075
$this->groupOU = $this->getEntry($group_ou);
7176
$this->pi_groupOU = $this->getEntry($pigroup_ou);
@@ -123,74 +128,65 @@ public function getNextUIDNumber($UnitySQL)
123128
{
124129
$max_uid = $UnitySQL->getSiteVar('MAX_UID');
125130
$new_uid = $max_uid + 1;
126-
127-
while ($this->IDNumInUse($new_uid)) {
131+
$id_nums_in_use = $this->getIDNumsInUse();
132+
while ($this->IDNumInUse($new_uid, $id_nums_in_use)) {
128133
$new_uid++;
129134
}
130-
131135
$UnitySQL->updateSiteVar('MAX_UID', $new_uid);
132-
133136
return $new_uid;
134137
}
135138

136139
public function getNextPiGIDNumber($UnitySQL)
137140
{
138141
$max_pigid = $UnitySQL->getSiteVar('MAX_PIGID');
139142
$new_pigid = $max_pigid + 1;
140-
141-
while ($this->IDNumInUse($new_pigid)) {
143+
$id_nums_in_use = $this->getIDNumsInUse();
144+
while ($this->IDNumInUse($new_pigid, $id_nums_in_use)) {
142145
$new_pigid++;
143146
}
144-
145147
$UnitySQL->updateSiteVar('MAX_PIGID', $new_pigid);
146-
147148
return $new_pigid;
148149
}
149150

150151
public function getNextOrgGIDNumber($UnitySQL)
151152
{
152153
$max_gid = $UnitySQL->getSiteVar('MAX_GID');
153154
$new_gid = $max_gid + 1;
154-
155-
while ($this->IDNumInUse($new_gid)) {
155+
$id_nums_in_use = $this->getIDNumsInUse();
156+
while ($this->IDNumInUse($new_gid, $id_nums_in_use)) {
156157
$new_gid++;
157158
}
158-
159159
$UnitySQL->updateSiteVar('MAX_GID', $new_gid);
160-
161160
return $new_gid;
162161
}
163162

164-
private function IDNumInUse($id)
163+
private function IDNumInUse($id_num, $id_nums_in_use)
165164
{
166-
// id reserved for debian packages
167-
if (($id >= 100 && $id <= 999) || ($id >= 60000 && $id <= 64999)) {
165+
// reserved for debian packages
166+
if (($id_num >= 100 && $id_num <= 999) || ($id_num >= 60000 && $id_num <= 64999)) {
168167
return true;
169168
}
170-
$users = $this->userOU->getChildrenArray([], true);
171-
foreach ($users as $user) {
172-
if ($user["uidnumber"][0] == $id) {
173-
return true;
174-
}
175-
}
176-
$pi_groups = $this->pi_groupOU->getChildrenArray(["gidnumber"], true);
177-
foreach ($pi_groups as $pi_group) {
178-
if ($pi_group["gidnumber"][0] == $id) {
179-
return true;
180-
}
181-
}
182-
$groups = $this->groupOU->getChildrenArray(["gidnumber"], true);
183-
foreach ($groups as $group) {
184-
if ($group["gidnumber"][0] == $id) {
185-
return true;
186-
}
187-
}
169+
return in_array($id_num, $id_nums_in_use);
170+
}
188171

189-
return false;
172+
private function getIDNumsInUse()
173+
{
174+
return array_merge(
175+
// search entire LDAP tree, not just for entries created by portal
176+
array_map(
177+
fn($x) => intval($x["uidnumber"][0]),
178+
$this->baseOU->getChildrenArray(["uidnumber"], true, "objectClass=posixAccount")
179+
),
180+
array_map(
181+
fn($x) => intval($x["gidnumber"][0]),
182+
$this->baseOU->getChildrenArray(["gidnumber"], true, "objectClass=posixGroup")
183+
),
184+
);
190185
}
191186

192187
public function getUnassignedID($uid, $UnitySQL)
193188
{
189+
$id_nums_in_use = $this->getIDNumsInUse();
194190
$netid = strtok($uid, "_"); // extract netid
195191
// scrape all files in custom folder
196192
$dir = new \DirectoryIterator($this->custom_mappings_path);
@@ -204,7 +200,7 @@ public function getUnassignedID($uid, $UnitySQL)
204200

205201
if ($uid == $netid_match || $netid == $netid_match) {
206202
// found a match
207-
if (!$this->IDNumInUse($uid_match)) {
203+
if (!$this->IDNumInUse($uid_match, $id_nums_in_use)) {
208204
return $uid_match;
209205
}
210206
}

0 commit comments

Comments
 (0)