changed to PHP_OS to prevent PHP Notice when running cli.php

classes/providers/ad/CachedAdUserViewProvider.class.php

@@ -0,0 +1,203 @@
+<?php
+/**
+ * iF.SVNAdmin
+ * Copyright (c) 2010 by Manuel Freiholz
+ * http://www.insanefactory.com/
+ *
+ * Copyright (c) 2012 by Roy Kaldung <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.
+ */
+namespace svnadmin\providers\ad;
+
+/**
+ * The  CachedAdUserViewProvider class provides fast access for data which
+ * comes from the AdUserViewProvider. It only accesses the LDAP server inside
+ * the "update()" method implementation.
+ * 
+ * @author Manuel Freiholz, insaneFactory.com
+ */
+class CachedAdUserViewProvider
+	extends \svnadmin\providers\ad\AdUserViewProvider
+{
+	/**
+	 * Cache file for users.
+	 * @var \IF_JsonObjectStorage
+	 */
+	private $_cache;
+
+	/**
+	 * Holds the singleton instance of this class.
+	 * @var \svnadmin\providers\ldap\CachedLdapUserViewProvider 
+	 */
+	private static $_instance;
+
+	/**
+	 * Indicates whether the
+	 * @var type 
+	 */
+	private $_update_done = false;
+
+	/**
+	 * Indicates whether the 'init()' method has been called.
+	 * @var type 
+	 */
+	private $_init_done = false;
+
+	/**
+	 * Constructor.
+	 * Loads cache file. 
+	 */
+	public function __construct()
+	{
+		parent::__construct();
+		$this->_cache = new \IF_JsonObjectStorage(
+				\svnadmin\core\Engine::getInstance()->getConfig()
+				->getValue('Ldap', 'CacheFile', './data/ldap.cache.json')
+			);
+	}
+
+	/**
+	 * Gets the singleton instance of this class.
+	 * 
+	 * @return \svnadmin\providers\ldap\CachedLdapUserViewProvider 
+	 */
+	public static function getInstance()
+	{
+		if (self::$_instance == null) {
+			self::$_instance = new CachedLdapUserViewProvider();
+		}
+		return self::$_instance;
+	}
+
+	public function init()
+	{
+		if (!$this->_init_done) {
+			$this->_init_done = true;
+			\svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->init();
+		}
+		return parent::init();
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IViewProvider::isUpdateable()
+	 */
+	public function isUpdateable()
+	{
+		return true;
+	}
+
+	/**
+	 * Update the SVNAuthFile with data from LDAP server.
+	 * @see svnadmin\core\interfaces.IViewProvider::update()
+	 */
+	public function update()
+	{
+		if (!$this->_update_done) {
+			$this->_update_done = true;
+
+			// Get all users from LDAP and save them to cache.
+			$users = parent::getUsers(false);
+			$this->_cache->setData("users", $users);
+			$this->_cache->save();
+
+			return parent::update();
+		}
+		return true;
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IUserViewProvider::getUsers()
+	 */
+	public function getUsers($withStarUser=true)
+	{
+		$cached_users = $this->_cache->getData("users");
+		$users = array();
+
+		for ($i = 0; $i < count($cached_users); ++$i) {
+			$o = $this->_cache->objectCast($cached_users[$i], '\svnadmin\core\entities\User');
+			$users[] = $o;
+		}
+
+		if ($withStarUser) {
+			$o = new \svnadmin\core\entities\User;
+			$o->id = '*';
+			$o->name = '*';
+			$users[] = $o;
+		}
+
+		return $users;
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IUserViewProvider::userExists()
+	 */
+	public function userExists($user)
+	{
+		foreach ($this->getUsers() as $o) {
+			if ($o->name == $user->name) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IGroupViewProvider::getGroups()
+	 */
+	public function getGroups()
+	{
+		return \svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->getGroups();
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IGroupViewProvider::groupExists()
+	 */
+	public function groupExists($objGroup)
+	{
+		return \svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->groupExists($objGroup);
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IGroupViewProvider::getGroupsOfUser()
+	 */
+	public function getGroupsOfUser($objUser)
+	{
+		return \svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->getGroupsOfUser($objUser);
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IGroupViewProvider::getUsersOfGroup()
+	 */
+	public function getUsersOfGroup($objGroup)
+	{
+		return \svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->getUsersOfGroup($objGroup);
+	}
+
+	/**
+	 * (non-PHPdoc)
+	 * @see svnadmin\core\interfaces.IGroupViewProvider::isUserInGroup()
+	 */
+	public function isUserInGroup($objUser, $objGroup)
+	{
+		return \svnadmin\providers\AuthFileGroupAndPathProvider::getInstance()->isUserInGroup($objUser, $objGroup);
+	}
+}

data/config.tpl.ini

@@ -16,20 +16,21 @@ Directory=./translations/
 AuthenticationStatus=basic
 
 # User view provider.
-# Types: off, passwd, ldap
+# Types: off, passwd, ldap, ad
 UserViewProviderType=passwd
 
 # User edit provider.
-# Types: off, passwd (no ldap here!)
+# Types: off, passwd (no ldap or ad here!)
 UserEditProviderType=passwd
 
 # Group view provider.
 # The type 'ldap' can only be used here, if the 'UserViewProviderType' is 'ldap', too.
-# Types: off, svnauthfile, ldap
+# With ad you can set the 'UserViewProviderType' to 'off' if needed to support only groups.
+# Types: off, svnauthfile, ldap, ad
 GroupViewProviderType=svnauthfile
 
 # Group edit provider.
-# Types: off, svnauthfile (no ldap here!)
+# Types: off, svnauthfile (no ldap or ad here!)
 GroupEditProviderType=svnauthfile
 
 # Access-Path view provider.
@@ -100,6 +101,25 @@ CacheEnabled=false
 # Storage file of LDAP user and group cache.
 CacheFile=./data/ldap.cache.json
 
+
+[Ad]
+# your Domain name, DCs will be detected automatically
+DomainName=example.com
+
+# User to bind, you can use the userPrincipalName or DN or samAccountName
+[email protected]
+
+BindPassword=secret
+# where to cache the Domain Controller URLs
+
+# List of your Domaincontroller, separated by ,
+DomainController=dc1.example.com,dc2.example.com
+
+[Groups:ad]
+Filter=SVN-*
+StrictMode=false
+
+
 [Users:ldap]
 # The organisation unit, where all other users takes place.
 BaseDN=DC=insanefactory,DC=com

grouplist.php

@@ -4,6 +4,8 @@
  * Copyright (c) 2010 by Manuel Freiholz
  * http://www.insanefactory.com/
  *
+ * Copyright (c) 2012 by Roy Kaldung <[email protected]>
+ *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; version 2

include/config.inc.php

@@ -93,6 +93,8 @@
 include_once( "./classes/core/Engine.class.php" );
 include_once( "./classes/core/Exceptions.class.php" );
 
+include_once("src/adLDAP.php");
+
 /**
  * iF.SVNAdmin version.
  */

include/ifcorelib/IF_SVNBaseC.class.php

@@ -87,7 +87,7 @@ class IF_SVNBaseC
 	public function __construct()
 	{
 		// Find out whether the system is based on MS Windows.
-		$soft = $_SERVER["SERVER_SOFTWARE"];
+		$soft = PHP_OS;
 		$soft = strtoupper($soft);
 
 		if (strpos($soft, "WIN") !== FALSE)

pages/settings/backend.html.php

@@ -56,6 +56,17 @@
     "#LdapGroupTestResult");
   });
 
+  $('#AdDomainControllerDetect').click(function(){
+      getSettings("AdDomainControllerDetect", {AdDomainName: $("#AdDomainName").val()}, "#AdDomainController");
+  });
+
+  $('#AdConnectionTest').click(function() {
+    testSettings("AdConnection",
+        {AdDomainController: $("#AdDomainController").val(),
+         AdBindUser: $("#AdBindUser").val(), AdBindPassword: $("#AdBindPassword").val()},
+        "#AdConnectionTestResult");
+  });
+
 });
 </script>
 
@@ -364,6 +375,71 @@
 </table>
 <br>
 
+<!-- AD connection -->
+<table class="datatable settings" id="tbl_adconnection">
+    <colgroup>
+        <col width="50%">
+        <col width="50%">
+    </colgroup>
+    <thead>
+    <tr>
+        <th colspan="2"><?php Translate("AD connection information"); ?></th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr>
+        <td><?php Translate("Domain name"); ?><br><small><b><?php Translate("Example"); ?>:</b> <?php PrintStringValue("AdDomainNameEx"); ?></small></td>
+        <td><input type="text" name="AdDomainName" id="AdDomainName" value="<?php PrintStringValue("AdDomainName"); ?>"></td>
+    </tr>
+    <tr>
+        <td><?php Translate("Domain controller"); ?><br><small><b><?php Translate("Example"); ?>:</b> <?php PrintStringValue("AdDomainControllerEx"); ?></small></td>
+        <td>
+            <input type="text" name="AdDomainController" id="AdDomainController" value="<?php PrintStringValue("AdDomainController"); ?>">
+            <input type="button" id="AdDomainControllerDetect" value="<?php Translate("Detect"); ?>">
+            <span id="AdDomainControllerDetectResult" style="display:none;"></span>
+        </td>
+    </tr>
+    <tr>
+        <td><?php Translate("Bind user"); ?><br><small><b><?php Translate("Example"); ?>:</b> <?php PrintStringValue("AdBindUserEx"); ?></small></td>
+        <td><input type="text" name="AdBindUser" id="AdBindUser" value="<?php PrintStringValue("AdBindUser"); ?>"></td>
+    </tr>
+    <tr>
+        <td><?php Translate("Bind password"); ?><br><small><b><?php Translate("Example"); ?>:</b> <?php PrintStringValue("AdBindPasswordEx"); ?></small></td>
+        <td>
+            <input type="password" name="AdBindPassword" id="AdBindPassword" value="<?php PrintStringValue("AdBindPassword"); ?>">
+            <input type="button" id="AdConnectionTest" value="<?php Translate("Test"); ?>">
+            <span id="AdConnectionTestResult" style="display:none;"></span>
+        </td>
+    </tr>
+    </tbody>
+</table>
+<br>
+
+
+<!-- AD Group provider -->
+<table class="datatable settings" id="tbl_adgroup">
+    <colgroup>
+        <col width="50%">
+        <col width="50%">
+    </colgroup>
+    <thead>
+    <tr>
+        <th colspan="2"><?php Translate("AD group provider information"); ?></th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr>
+        <td><?php Translate("Filter"); ?><br><small><b><?php Translate("Example"); ?>:</b> <?php PrintStringValue("AdGroupFilterEx"); ?></small></td>
+        <td><input type="text" name="AdGroupFilter" id="AdGroupFilter" value="<?php PrintStringValue("AdGroupFilter"); ?>"></td>
+    </tr>
+    <tr>
+        <td><?php Translate("Strict mode"); ?></td>
+        <td><input type="checkbox" name="AdGroupStrictMode" id="AdGroupStrictMode" <?php if (GetBoolValue("AdGroupStrictMode")) { echo "checked"; }; ?>></td>
+    </tr>
+    </tbody>
+</table>
+<br>
+
 <input type="submit" value="<?php Translate("Save configuration"); ?>">
 
 </form>

readme.md

@@ -4,7 +4,10 @@ The iF.SVNAdmin application is a web based GUI to your Subversion authorization
 file. It is based on PHP 5.3 and requires a web server (Apache) to be installed. 
 The application doesn’t need a database back end or anything similar, it 
 completely based on the Subversion authorization- and user authentication file. 
-(+Inludes LDAP support for users and groups)
+(+Includes LDAP support for users and groups).
+
+Now with direct Active Directory support (provider: ad) including nested groups.
+This feature needs the adLDAP library.
 
 
 Documentation
@@ -15,4 +18,6 @@ Documentation about installation and configuration can be found on the project h
 
 Who is responsible for this crap?
 ---------------------------------
-© 2009-2012 Manuel Freiholz, [insaneFactory.com](http://www.insanefactory.com/)
+© 2009-2012 Manuel Freiholz, [insaneFactory.com](http://www.insanefactory.com/)
+
+&copy; 2012 Roy Kaldung <[email protected]> for the Active Directory Stuff