Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th May 2013, 11:21
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Post New Module Microsoft Exchange Hosted

Dear All,

We have started a new module, for managing Microsoft Exchange / Active Directory using ISPConfig. The goal of this module is to provide customer control into their Tenancy organization. There is a lot of works, but we are on the good way, and we have do a lot of stuff.
This module is on 2 parts, one on Windows (using a Windows service to communicate with the AD / Exchange and the database), and the second is on ISPConfig, for displaying, managing Active Directory Objects.

As this module use a copy of the LDAP database under mysql (done by the windows service) we need to implement complicate SQL query.

However, we didin't find documentation for ISPConfig for doing that.
We just see that every Mysql Table must have some columns, like sys_userid, sys_groupid etc..
How can we do that ? We need to implement "where" to the query, but on the module, we have to select all the table, and the {AUTHSQL} never help .

Is there a way for doing that ?
like that :

Code:
$liste["name"] 				= "Exchange_details";
// Database table
$liste["table"] 			        = "AD_MY_TABLE";
$liste["where"] 			= "columns='" .  $_REQUEST['id']  ."'";
Also, we need to use other objects with mysql, for performance, like stored procedure, and views..

In advance, thanks for your help.

PS: Of course, when this module will be done, all the sources will be push to the community, include Windows source.
Reply With Quote
The Following 2 Users Say Thank You to remy74 For This Useful Post:
edge (14th May 2013), till (14th May 2013)
Sponsored Links
  #2  
Old 14th May 2013, 13:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

You can override many values or override subfunctions of the list object including the complete "where" part of the sql query. Example from web_domain_list.php:

Code:
$list = new list_action;
$list->SQLExtWhere = "type = 'vhost' AND parent_domain_id = '0'";
$list->SQLOrderBy = 'ORDER BY domain';
$list->onLoad();
The list object is defined in lib/classes/listform_actions.inc.php, its a good place to get a overview of the existing functions. Basically you can override nearly every aspect of the list generation and query building in ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
remy74 (14th May 2013)
  #3  
Old 14th May 2013, 13:59
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Default

Thanks for your prompt reply !
This is what we see when we browse the ISPCONFIG class (list form_actions.inc.php)
We test it, and it's working fine ! Again, thanks for your help !

Is there a global documentation about all the classes ?
Reply With Quote
  #4  
Old 14th May 2013, 14:08
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
Is there a global documentation about all the classes ?
No, not yet. It is planned but we simply did not had the time to write it.

Basically forms are inherited from tform_actions class and lists from listform_actions class. You can override subfunctions of the form calss similar to the list class, so you can read even data from other sources then mysql. See e.g. the admin/server_config_edit.php file which reads the data that is displayed in the form from a ini style text blob field in mysql (it could have been a file as well or also ldap if you use ldap functions to get data in form of a array / hash in php.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 14th May 2013 at 14:12.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
remy74 (14th May 2013)
  #5  
Old 23rd May 2013, 17:30
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Hi,

We are on the good way with the module, but we have some problem.
For example, users have multiple properties to be set / or change.
But on our module, you are not allowed to change mail address and reset the password, or unlock account etc..
For the moment, we manage users using a tform with multiple TAB. When we switch from one TAB to another TAB, it's automatically save into the database. This is not what we except.. Is there a possible override to block that ?
We do not wan't to build each form for each function, and if we have another way..
Thanks for your help !
Reply With Quote
  #6  
Old 23rd May 2013, 17:35
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
For the moment, we manage users using a tform with multiple TAB. When we switch from one TAB to another TAB, it's automatically save into the database. This is not what we except.. Is there a possible override to block that ?
This is configurable under System > Interface config.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
remy74 (23rd May 2013)
  #7  
Old 29th May 2013, 08:20
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Good work, seems to be an interesting plugin.

But...

Quote:
Originally Posted by remy74 View Post
Dear All,

Is there a way for doing that ?
like that :

Code:
$liste["name"] 				= "Exchange_details";
// Database table
$liste["table"] 			        = "AD_MY_TABLE";
$liste["where"] 			= "columns='" .  $_REQUEST['id']  ."'";
Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.
Reply With Quote
The Following User Says Thank You to Ben For This Useful Post:
remy74 (29th May 2013)
  #8  
Old 29th May 2013, 08:29
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Quote:
Originally Posted by Ben View Post
Good work, seems to be an interesting plugin.

But...



Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Reply With Quote
  #9  
Old 29th May 2013, 08:38
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Quote:
Originally Posted by remy74 View Post
Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.
Good to read. If there is code ready, just provide a link where to look at it.

@Falko / Till: There isn't a kind of security best practices in context of ISPConfig3 module development, so that not every interested developer needs to read all the OWASP stuff totally as probably some of those issues are solve by helper functions. So the dev' "just" needs to unterstand the issue and why to use such helpers.
Reply With Quote
The Following User Says Thank You to Ben For This Useful Post:
remy74 (29th May 2013)
  #10  
Old 29th May 2013, 14:39
remy74 remy74 is offline
Junior Member
 
Join Date: May 2013
Posts: 16
Thanks: 9
Thanked 6 Times in 4 Posts
Smile

Hi all,
I have another question about "validators".

At what time does they operate ?
For example :

We use the beforeUpdate to set others SQL, and we use $app->tform->getDataRecord($this->id) to get old informations and compare it to the new to be sure that we need to update it or not.

We have also put some validator on all forms, but the validators returns errors on update (I guess).

But if we try this way, when validators returns errors, the beforeUpdate was already called. And if we use AfterUpdate, the old Data is = new data..

Do we can check with other way the old / new data ? or do we have an option to check all validators beforeUpdate ?

Hope this is clear for who reading this...

For information, the module is in multiple parts :

- Windows service
=> read / write ActiveDirectory / Set Exchange Command
=> read / write to mysql

- ISPConfig module
=> read / write mysql using ISPConfig Class
=> read/ write to others mysql using custom query for command to Windows Service. (with sys_group, sys_userid etc..)


Thanks all in advance
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freeradius and Mysql uvstudios HOWTO-Related Questions 4 19th February 2014 12:11
Proftpd + MySQL virtual users, can't connect geekman HOWTO-Related Questions 28 27th September 2010 18:03
FreeRadius + MySQL working, but I don't know how to customise SQL queries awe Installation/Configuration 4 4th April 2010 23:28
ffmpeg Video support for ubuntu 7.10 [suphp-ispconfig] amaurib Installation/Configuration 13 16th February 2010 17:26
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 02:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.