From 4956eb04100418014c7b5e1c05ce7aadfb2396ca Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Mon, 21 Mar 2022 11:15:39 -0700 Subject: [PATCH 1/3] WIP: needs to be tested. adds ldap_manager field to ldap sync --- app/Http/Controllers/SettingsController.php | 1 + app/Models/Ldap.php | 2 ++ .../2022_03_21_162724_adds_ldap_manager.php | 34 +++++++++++++++++++ resources/lang/en/admin/settings/general.php | 1 + resources/views/settings/ldap.blade.php | 13 +++++++ 5 files changed, 51 insertions(+) create mode 100644 database/migrations/2022_03_21_162724_adds_ldap_manager.php diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php index 852212ef3c..224ba7c346 100755 --- a/app/Http/Controllers/SettingsController.php +++ b/app/Http/Controllers/SettingsController.php @@ -946,6 +946,7 @@ class SettingsController extends Controller $setting->ldap_active_flag = $request->input('ldap_active_flag'); $setting->ldap_emp_num = $request->input('ldap_emp_num'); $setting->ldap_email = $request->input('ldap_email'); + $setting->ldap_manager = $request->input('ldap_manager'); $setting->ad_domain = $request->input('ad_domain'); $setting->is_ad = $request->input('is_ad', '0'); $setting->ad_append_domain = $request->input('ad_append_domain', '0'); diff --git a/app/Models/Ldap.php b/app/Models/Ldap.php index 3861509ebd..6aa87461fc 100644 --- a/app/Models/Ldap.php +++ b/app/Models/Ldap.php @@ -208,6 +208,7 @@ class Ldap extends Model $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle; $ldap_result_country = Setting::getSettings()->ldap_country; $ldap_result_dept = Setting::getSettings()->ldap_dept; + $ldap_result_manager = Setting::getSettings()->ldap_manager; // Get LDAP user data $item = []; $item['username'] = isset($ldapattributes[$ldap_result_username][0]) ? $ldapattributes[$ldap_result_username][0] : ''; @@ -219,6 +220,7 @@ class Ldap extends Model $item['jobtitle'] = isset($ldapattributes[$ldap_result_jobtitle][0]) ? $ldapattributes[$ldap_result_jobtitle][0] : ''; $item['country'] = isset($ldapattributes[$ldap_result_country][0]) ? $ldapattributes[$ldap_result_country][0] : ''; $item['department'] = isset($ldapattributes[$ldap_result_dept][0]) ? $ldapattributes[$ldap_result_dept][0] : ''; + $item['manager'] = isset($ldapattributes[$ldap_result_manager][0]) ? $ldapattributes[$ldap_result_manager][0] : ''; return $item; } diff --git a/database/migrations/2022_03_21_162724_adds_ldap_manager.php b/database/migrations/2022_03_21_162724_adds_ldap_manager.php new file mode 100644 index 0000000000..44a8fd7127 --- /dev/null +++ b/database/migrations/2022_03_21_162724_adds_ldap_manager.php @@ -0,0 +1,34 @@ +string('ldap_manager')->after('ldap_jobtitle')->nullable(); + }); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + // + Schema::table('settings', function (Blueprint $table) { + $table->dropColumn('ldap_manager'); + }); + } +} diff --git a/resources/lang/en/admin/settings/general.php b/resources/lang/en/admin/settings/general.php index 6bbab229e3..7f37e550ce 100644 --- a/resources/lang/en/admin/settings/general.php +++ b/resources/lang/en/admin/settings/general.php @@ -84,6 +84,7 @@ return [ 'ldap_client_tls_key' => 'LDAP Client-Side TLS key', 'ldap_login_test_help' => 'Enter a valid LDAP username and password from the base DN you specified above to test whether your LDAP login is configured correctly. YOU MUST SAVE YOUR UPDATED LDAP SETTINGS FIRST.', 'ldap_login_sync_help' => 'This only tests that LDAP can sync correctly. If your LDAP Authentication query is not correct, users may still not be able to login. YOU MUST SAVE YOUR UPDATED LDAP SETTINGS FIRST.', + 'ldap_manager' => 'LDAP Manager', 'ldap_server' => 'LDAP Server', 'ldap_server_help' => 'This should start with ldap:// (for unencrypted or TLS) or ldaps:// (for SSL)', 'ldap_server_cert' => 'LDAP SSL certificate validation', diff --git a/resources/views/settings/ldap.blade.php b/resources/views/settings/ldap.blade.php index faf653d17e..ab83656d5d 100644 --- a/resources/views/settings/ldap.blade.php +++ b/resources/views/settings/ldap.blade.php @@ -383,6 +383,19 @@ @endif + +
+
+ {{ Form::label('ldap_dept', trans('admin/settings/general.ldap_manager')) }} +
+
+ {{ Form::text('ldap_manager', Request::old('ldap_manager', $setting->ldap_manager), ['class' => 'form-control','placeholder' => 'manager', $setting->demoMode]) }} + {!! $errors->first('ldap_manager', '') !!} + @if (config('app.lock_passwords')===true) +

{{ trans('general.feature_disabled') }}

+ @endif +
+
From c1f8252388597bd1b2b866a3c663b480f8788632 Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Thu, 24 Mar 2022 11:24:39 -0700 Subject: [PATCH 2/3] adds manager field to LDAP sync --- app/Console/Commands/LdapSync.php | 12 +++++++++++- app/Http/Controllers/Api/UsersController.php | 1 + app/Models/User.php | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/Console/Commands/LdapSync.php b/app/Console/Commands/LdapSync.php index 19694569f9..2df54632e5 100755 --- a/app/Console/Commands/LdapSync.php +++ b/app/Console/Commands/LdapSync.php @@ -56,6 +56,7 @@ class LdapSync extends Command $ldap_result_jobtitle = Setting::getSettings()->ldap_jobtitle; $ldap_result_country = Setting::getSettings()->ldap_country; $ldap_result_dept = Setting::getSettings()->ldap_dept; + $ldap_result_manager = Setting::getSettings()->ldap_manager; try { $ldapconn = Ldap::connectToLdap(); @@ -184,12 +185,12 @@ class LdapSync extends Command $item['jobtitle'] = isset($results[$i][$ldap_result_jobtitle][0]) ? $results[$i][$ldap_result_jobtitle][0] : ''; $item['country'] = isset($results[$i][$ldap_result_country][0]) ? $results[$i][$ldap_result_country][0] : ''; $item['department'] = isset($results[$i][$ldap_result_dept][0]) ? $results[$i][$ldap_result_dept][0] : ''; + $item['manager'] = isset($results[$i][$ldap_result_manager][0]) ? $results[$i][$ldap_result_manager][0] : ''; $department = Department::firstOrCreate([ 'name' => $item['department'], ]); - $user = User::where('username', $item['username'])->first(); if ($user) { // Updating an existing user. @@ -212,6 +213,15 @@ class LdapSync extends Command $user->country = $item['country']; $user->department_id = $department->id; + if($item['manager']!= null) { + //Captures only the Canonical Name + $item['manager'] = ltrim($item['manager'], "CN="); + $item['manager'] = substr($item['manager'],0, strpos($item['manager'], ',')); + $ldap_manager = User::where('username', $item['manager'])->first(); + $user->manager_id = $ldap_manager->id; + } + + // Sync activated state for Active Directory. if (array_key_exists('useraccountcontrol', $results[$i])) { /* The following is _probably_ the correct logic, but we can't use it because diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 26a998007c..01ee9b369c 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -54,6 +54,7 @@ class UsersController extends Controller 'users.locale', 'users.location_id', 'users.manager_id', + 'users.manager_name', 'users.notes', 'users.permissions', 'users.phone', diff --git a/app/Models/User.php b/app/Models/User.php index 8f06eae6a8..8974d598d6 100755 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -52,6 +52,7 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo 'locale', 'location_id', 'manager_id', + 'manager_name', 'password', 'phone', 'notes', From a1429ce86b7ab142ccbbadb0d04abe9def03b9ec Mon Sep 17 00:00:00 2001 From: Godfrey M Date: Thu, 24 Mar 2022 11:47:13 -0700 Subject: [PATCH 3/3] removed manager_name from user files --- app/Http/Controllers/Api/UsersController.php | 1 - app/Models/User.php | 1 - 2 files changed, 2 deletions(-) diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index 01ee9b369c..26a998007c 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -54,7 +54,6 @@ class UsersController extends Controller 'users.locale', 'users.location_id', 'users.manager_id', - 'users.manager_name', 'users.notes', 'users.permissions', 'users.phone', diff --git a/app/Models/User.php b/app/Models/User.php index 8974d598d6..8f06eae6a8 100755 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -52,7 +52,6 @@ class User extends SnipeModel implements AuthenticatableContract, AuthorizableCo 'locale', 'location_id', 'manager_id', - 'manager_name', 'password', 'phone', 'notes',