Add a new value for i_use_mode_kerberos: "allow_fallback_ldap_auth",
which will fallback to username/password authentication when the
REMOTE_USER value is unset.
Currently, when `i_use_mode_kerberos` is enabled in the LDAP driver,
Davical checks the `REMOTE_USER` server variable, followed by the
`REDIRECT_REMOTE_USER` variable, for a matching username. If a matching
username is not found, authentication fails immediately.
This commit modifies the LDAP driver to fallback to standard LDAP
password authentication when `i_use_mode_kerberos` is enabled and
neither of these server variables are set. This allows
non-kerberos-enabled clients to authenticate as well.
Fixes#323
This allows us to have more complex test files where an action is taken, then
we test something, then another action is taken, etc.
Changes to test files are required so that URL is defined after all the
required settings are set.
Changes to the result files are either whitespace changes due to above logic
changes, or printing out a SQL Result header before each result. I figured it
was useful.
Add some properties to classes to fix errors like:
Creation of dynamic property iSchedule::$body_cannon is deprecated in /usr/share/davical/inc/iSchedule.php on line 533
Creation of dynamic property FakeSession::$user_active is deprecated in /usr/share/davical/inc/iSchedule-POST.php on line 23
Fixes:
- PHP Warning: Trying to access array offset on value of type null in inc/iSchedule.php on line 83
- PHP Warning: Undefined array key "t" in inc/iSchedule.php on line 165
- PHP Warning: Undefined array key "t" in inc/iSchedule.php on line 167
- PHP Warning: Undefined array key "p" in inc/iSchedule.php on line 184
Concatenate the DNS entry we're going to look up once rather than everytime
we need it.
Test that other users can't delete:
- collections
- tickets
- bindings
No significant change, just return an error message rather than assume that
things worked.
There is now a Perl script that'll generate tests and result files to a
wide variety of dates. From this we currently don't support < 1 AD or >
9999 AD.
run_regressions is modified to remove the UNTIL option as I want to use a
character after the test number to allow "subtests".
postgresql is fussy about dates before 1900. Add a test with a recuring
event startting before 1900.
Signed-off-by: Benedikt Spranger <b.spranger@linutronix.de>
Add a new 'sasl' option to the LDAP driver, which invokes
ldap_sasl_bind() instead of ldap_bind().
This allows authenticating to LDAP using the GSSAPI (kerberos) or
EXTERNAL mechanisms, rather than a bindDN and password.
Note that for GSSAPI binds, PHP needs access to valid kerberos
credentials (for example, by setting the KRB5CCNAME environment variable
for the PHP process).
Tested with OpenLDAP/Heimdal kerberos, but should also work with Active
Directory.
Resolves this warning in PHP 7.4.0:
Deprecated: bindec(): Passing null to parameter #1 ($binary_string) of type
string is deprecated in /usr/share/davical/inc/ui/principal-edit.php on line
412
Resolves this warning in PHP 8.2:
Warning: Undefined array key 0 in /usr/share/davical/inc/iSchedule.php on
line 218
Warning: Trying to access array offset on null in
/usr/share/davical/inc/iSchedule.php on line 218
PHP 8.2.0 has deprecated dynamic creation of properties.
This kind of warning message is displayed:
Deprecated: Creation of dynamic property DAViCalSession::$login_failed is
deprecated in /usr/share/awl/inc/Session.php on line 153
