New Module Microsoft Exchange Hosted

Dear All,

We have started a new module, for managing Microsoft Exchange / Active Directory using ISPConfig. The goal of this module is to provide customer control into their Tenancy organization. There is a lot of works, but we are on the good way, and we have do a lot of stuff.
This module is on 2 parts, one on Windows (using a Windows service to communicate with the AD / Exchange and the database), and the second is on ISPConfig, for displaying, managing Active Directory Objects.

As this module use a copy of the LDAP database under mysql (done by the windows service) we need to implement complicate SQL query.

However, we didin't find documentation for ISPConfig for doing that.
We just see that every Mysql Table must have some columns, like sys_userid, sys_groupid etc..
How can we do that ? We need to implement "where" to the query, but on the module, we have to select all the table, and the {AUTHSQL} never help .

Is there a way for doing that ?
like that :

Code:

$liste["name"] 				= "Exchange_details";
// Database table
$liste["table"] 			        = "AD_MY_TABLE";
[B]$liste["where"] 			= "columns='" .  $_REQUEST['id']  ."'";[/B]

Also, we need to use other objects with mysql, for performance, like stored procedure, and views..

In advance, thanks for your help.

PS: Of course, when this module will be done, all the sources will be push to the community, include Windows source.

 

Thanks for your prompt reply !
This is what we see when we browse the ISPCONFIG class (list form_actions.inc.php)
We test it, and it's working fine ! Again, thanks for your help !

Is there a global documentation about all the classes ?

 

Hi,

We are on the good way with the module, but we have some problem.
For example, users have multiple properties to be set / or change.
But on our module, you are not allowed to change mail address and reset the password, or unlock account etc..
For the moment, we manage users using a tform with multiple TAB. When we switch from one TAB to another TAB, it's automatically save into the database. This is not what we except.. Is there a possible override to block that ?
We do not wan't to build each form for each function, and if we have another way..
Thanks for your help !

 

Hi All,

Another question for everybody who knows.. Is there an inside function to convert a integer of byte to MB / GB / TB before display it ?
We have see :

Code:

    public function convertSize($value)
    {
        $unit = array('Bytes', 'KB', 'MB', 'GB', 'TB');
        return @round($value/pow(1024, ($i = floor(log($value, 1024)))), 2).' '.$unit[$i];
    }

under ApsBase, but nothing that could help us.
We would like to use it for display the value, not set it (in the DB we prefer have the byte value..)
Maybe with a filter in the tform ?
If someone have an idea..

Thanks for your precious help.

 

I use

Code:

function formatBytes($size, $precision = 2) {
        $base=log($size)/log(1024);
        $suffixes=array('','k','M','G','T');
        return round(pow(1024,$base-floor($base)),$precision).$suffixes[floor($base)];
}

in cron_daily.php to add the Backup-Size of each file to the Database. The patch is avalable in the svn-trunk.

 

Thanks for your answer, but what do you mean about this ?
Do you said that you have implement this ?

 

For testing, I'm trying to add this :

Code:

function filterField($field_name, $field_value, $filters, $filter_event) {

                        global $app;
                        $returnval = $field_value;

                        //* Loop trough all filters
                        foreach($filters as $filter) {
                                if($filter['event'] == $filter_event) {
                                        switch ($filter['type']) {
                                                case 'TOLOWER':
                                                        $returnval = strtolower($returnval);
                                                break;
                                                case 'TOUPPER':
                                                        $returnval = strtoupper($returnval);
                                                break;
                                                case 'IDNTOASCII':
                                                        $returnval = $app->functions->idn_encode($returnval);
                                                break;
                                                case 'IDNTOUTF8':
                                                        $returnval = $app->functions->idn_decode($returnval);
                                                break;
                                                case 'FORMATED_BYTES':
                                                        $unit = array('Bytes', 'KB', 'MB', 'GB', 'TB');
                                                        $returnval= @round($value/pow(1024, ($i = floor(log($returnval, 1024)))), 2).' '.$unit[$i];
                                                //   In the next try, will implement this on the functions class ..   
                                               // $returnval = $app->functions->convertSize($returnval);
                                                break;          
                                                default:
                                                        $this->errorMessage .= "Unknown Filter: ".$filter['type'];
                                                break;

                                        }
                                }
                        }
            return $returnval;
        }

on the tform.inc files ..
And on the tfrom file module :

Code:

'filters'   => array( 0 => array( 'event' => 'SHOW',
                                              'type' => 'FORMATED_BYTES')
											  ),                     

but no lucky, not working.. Is we forget something else ?

 

Ok it's working, implement this on functions.inc.php (before the last '}' of the file) :

Code:

	public function formatBytes($size, $precision = 2) {
        $base=log($size)/log(1024);
        $suffixes=array('','k','M','G','T');
        return round(pow(1024,$base-floor($base)),$precision).$suffixes[floor($base)];	
        
		}

And on tform.inc.php :

Code:

       function filterField($field_name, $field_value, $filters, $filter_event) {

			global $app;
			$returnval = $field_value;
				
			//* Loop trough all filters
			foreach($filters as $filter) {
				if($filter['event'] == $filter_event) {
					switch ($filter['type']) {
						case 'TOLOWER':
							$returnval = strtolower($returnval);
						break;
						case 'TOUPPER':
							$returnval = strtoupper($returnval);
						break;
						case 'IDNTOASCII':
							$returnval = $app->functions->idn_encode($returnval);
						break;
						case 'IDNTOUTF8':
							$returnval = $app->functions->idn_decode($returnval);
						break;
						case 'BYTES':
                                                // format the value for bytes, return a TEXT / VARCHAR, not integer !
							$returnval = $app->functions->formatBytes($returnval);
						break;	
						default:
							$this->errorMessage .= "Unknown Filter: ".$filter['type'];
						break;
						
					}
				}
			}
            return $returnval;
        }

Maybe this will help someone else.

 

Not reallay - it´s implemented in cron_daily.php but not as an api-function (btw: thanks for writing the patch).

I only posted my code as it allows to define the precision.

 

Ok, thanks for your reply. It's real simple patch, and it's working for me because only used for "SHOW" events not "SAVE".
So the patch is not complete (I think..)
When I will have time, will try to see the other event..

 

Good work, seems to be an interesting plugin.

But...

Eventhough this was just sample code, would you mind validating and escaping all external input, e.g. here to validate $_REQUEST['id'] for beein just numbers or characters what ever will be the right syntax, and if the valid charset could lead to sql injection or similar, you should escape it additionally.
Btw this should happen for all data that you can not control, in this case also for data you gather from and to the exchange side.

 

Yes, we knows that. In all forms, we put validators, and when we extract data from Exchange (ActiveDirectory) we also validate the format.

We try our best, but we will also need other "eyes" to be sure that all is conform for ISPConfig and the security.

 

Good to read. If there is code ready, just provide a link where to look at it.

@Falko / Till: There isn't a kind of security best practices in context of ISPConfig3 module development, so that not every interested developer needs to read all the OWASP stuff totally as probably some of those issues are solve by helper functions. So the dev' "just" needs to unterstand the issue and why to use such helpers.

 

Hi all,
I have another question about "validators".

At what time does they operate ?
For example :

We use the beforeUpdate to set others SQL, and we use $app->tform->getDataRecord($this->id) to get old informations and compare it to the new to be sure that we need to update it or not.

We have also put some validator on all forms, but the validators returns errors on update (I guess).

But if we try this way, when validators returns errors, the beforeUpdate was already called. And if we use AfterUpdate, the old Data is = new data..

Do we can check with other way the old / new data ? or do we have an option to check all validators beforeUpdate ?

Hope this is clear for who reading this...

For information, the module is in multiple parts :

- Windows service
=> read / write ActiveDirectory / Set Exchange Command
=> read / write to mysql

- ISPConfig module
=> read / write mysql using ISPConfig Class
=> read/ write to others mysql using custom query for command to Windows Service. (with sys_group, sys_userid etc..)


Thanks all in advance

 

In fact, we just need to knows if there is a simple function to track which data was modified, after they are validate.