[turba] R: RDN uniqueness using LDAP with Turba

Sun May 31 20:08:50 UTC 2009

> Da: turba-bounces at lists.horde.org 
> [mailto:turba-bounces at lists.horde.org] Per conto di Adam 
> Tauno Williams

> On Wed, 2009-05-27 at 14:49 +0200, Lux wrote:
> > Hi all
> > 
> > This seems to be a faq, but I did not find a general answer 
> which does not
> > involve patching Turba in some non-general way.
> > Then I did the following mappings in Turba sources.php:
> > 'map' => array(
> >   'name' => array('fields' => array('firstname', 
> 'lastname', 'company'),
> > 'format' => '%s %s %s'),
> >   'firstname' => 'givenname',
> >   'lastname' => 'sn',
> >   'company' => 'o',
> > If I use 
> > 'dn' => array('givename','sn')
> > I get an error about non-existent object: to store
> > Dn: givenname=john,sn=smith,dc=org
> > I must already have something like
> > Dn: sn=smith,dc=org
> > But I don't want to have to build it.
> > I could use
> > 'dn' => array('uid')
> > But this doesn't please me much: I like to be able to 
> browse my ldap tree
> > with something understandable in the dn.
> 
> Agree, I don't like UID as an RDN as it more or less assumes 
> Turba/Horde
> is the only/primary consumer/client;  which defeats the idea of a
> directory server.
> 
> > The ideal solution, for me, would be to have Turba to 
> generate the DNs like
> > this:
> > Dn: cn=name.surname.company,dc=ord
> 
> The correct way is the generate a multi-valued RDN.  AFAIK, this isn't
> possible out-of-the-box with Horde.  See the thread around
> <http://lists.horde.org/archives/turba/Week-of-Mon-20070115/00
5375.html>

Hi Adam, thank you for your answer. I wrote a small patch which enables
using multi-value RDNs. You can find it attached below. Simply, you can mix
'+' and ',' as values of the dn array on sources.conf. This makes subsequent
valus forming the rdn to be linked with that character. So you can go with
'dn' => array('+', 'cn', 'sn', 'o')
to have a multi-valued rdn formed with cn, sn, o; or you can use
'dn' => array('+', 'cn', 'sn', ',', 'o')
to have a dn like dn: cn=john+sn=smith,o=acme,dc=dom,dc=tld

The patch is backword compatible with the (wrong?) previous behaviour so uf
you have
'dn' => array('cn', 'sn')
you still get dn: cn=john,sn=smith,dc=dom,dc=tld

Obviously I would like to have my patch, or some variation of it, included
in Turba so I don't have to keep patching my install.

I think this solves <http://bugs.horde.org/ticket/7893>

The patch:

diff -uarNbB turba.orig/config/sources.php turba/config/sources.php

--- turba.orig/config/sources.php	2009-05-27 18:37:00.000000000 +0200
+++ turba/config/sources.php	2009-05-31 21:37:45.000000000 +0200
@@ -217,8 +217,10 @@
         //'bind_password' => 'ldapass',
         'bind_dn' => ( $uid == 'info' || $uid == 'avvisi' ) ?
'cn=ldapmin,dc=ztp,dc=it' : '',
         'bind_password' => ( $uid == 'info' || $uid == 'avvisi' ) ?
'ldapass' : '',
-        'sizelimit' => 200,
-        'dn' => array('uid'),
+	// Via il limite, dovremmo accedere solo da locale tanto
+        //'sizelimit' => 2000,
+        //'dn' => array('uid'),
+        'dn' => array('+', 'cn', 'sn', ',', 'o'),
         'objectclass' => array('top',
                                'person',
                                'organizationalPerson',
@@ -248,7 +250,8 @@
         //'name' => 'cn',
 	'name' => array('fields' => array('firstname', 'lastname',
'company'), 'format' => '%s %s %s'),
         'title' => 'title',
-	'firstname' => 'givenname',
+	#'firstname' => 'givenname',
+	'firstname' => 'cn',
 	'lastname' => 'sn',
 	'initials' => 'initials',
 	'company' => 'o',
diff -uarNbB turba.orig/config/sources.php.dist
turba/config/sources.php.dist
--- turba.orig/config/sources.php.dist	2007-01-12 18:49:57.000000000 +0100
+++ turba/config/sources.php.dist	2009-05-31 21:49:31.000000000 +0200
@@ -46,6 +46,10 @@
  *
  *   dn:            Only applies to LDAP servers. Defines the list of LDAP
  *                  attributes that build a valid DN.
+ *                  The special values '+' and ',' define the linking
+ *                  character used to join the attributes to form the RDN.
+ *                  For backword compatibility, ',' is the default.
+ *                  By Using '+', multi-valued RDNs can be employed.
  *
  *   objectclass:   Only applies to LDAP servers. Defines a list of
  *                  objectclasses that the LDAP object must be a member of.
diff -uarNbB turba.orig/lib/Driver/ldap.php turba/lib/Driver/ldap.php
--- turba.orig/lib/Driver/ldap.php	2006-09-28 07:13:15.000000000 +0200
+++ turba/lib/Driver/ldap.php	2009-05-31 21:46:56.000000000 +0200
@@ -363,6 +363,8 @@
         foreach ($this->_params['dn'] as $param) {
             if (isset($attributes[$param])) {
                 $pairs[] = array($param, $attributes[$param]);
+            } elseif ( $param == ',' or $param == '+' ) {
+                $pairs[] = array($param, ' ');
             }
         }
         return $this->_quoteDN($pairs);
@@ -709,10 +711,21 @@
     function _quoteDN($parts)
     {
         $dn = '';
+        $sep = ',';
         $count = count($parts);
         for ($i = 0; $i < $count; $i++) {
-            if ($i > 0) {
-                $dn .= ',';
+            if ($parts[$i][0] == ',' or $parts[$i][0] == '+') {
+                $sep = $parts[$i][0];
+                continue;
+            }
+
+            // When using multi-valued RDNs, emplty values should be left
out from the RDN.
+            if ( $sep == '+' and (! isset($parts[$i][1]) or
strlen($parts[$i][1]) == 0) ) {
+                continue;
+            }
+
+            if (strlen($dn) > 0) {
+                $dn .= $sep;
             }
             $dn .= $parts[$i][0] . '=';
 

