<?php
if (!isset($_SERVER["REMOTE_USER"])) {
die("please login");
}
$ldap_user = $_SERVER["REMOTE_USER"];
$ldap_host = getenv("TASKD_LDAP_HOST");
$ldap_dn = getenv('TASKD_LDAP_DN');
$ldap_password = getenv('TASKD_LDAP_PASSWORD');
$ldap_base = getenv('TASKD_LDAP_BASE');
$ldap_filter = getenv('TASKD_LDAP_FILTER');
$host = getenv('TASKD_HOST');
$vardir = getenv('TASKD_VARDIR');
$connect = ldap_connect($ldap_host);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!$connect || !ldap_bind($connect, $ldap_dn, $ldap_password)) {
die("impossible to connect to LDAP");
}
$search_query = str_replace('%login%', ldap_escape($ldap_user), $ldap_filter);
$search = ldap_search($connect, $ldap_base, $search_query);
$info = ldap_get_entries($connect, $search);
if (ldap_count_entries($connect, $search) != 1) {
die("Impossible to find user in LDAP");
}
$entries = [];
foreach($info[0]["immaetaskid"] as $key => $value) {
if ($key !== "count") {
$entries[] = explode(":", $value);
}
}
if (isset($_GET["file"])) {
$basecert = $vardir . "/userkeys/" . $ldap_user;
if (!file_exists($basecert . ".cert.pem")) {
exec("taskserver-user-certs $ldap_user");
}
$certificate = file_get_contents($basecert . ".cert.pem");
$cert_key = file_get_contents($basecert . ".key.pem");
$server_cert = file_get_contents($vardir . "/keys/server.cert");
$file = $_GET["file"];
switch($file) {
case "ca.cert.pem":
$content = $server_cert;
$name = "ca.cert.pem";
$type = "application/x-x509-ca-cert";
break;
case "cert.pem":
$content = $certificate;
$name = $ldap_user . ".cert.pem";
$type = "application/x-x509-ca-cert";
break;
case "key.pem":
$content = $cert_key;
$name = $ldap_user . ".key.pem";
$type = "application/x-x509-ca-cert";
break;
case "mirakel";
foreach ($entries as $entry) {
list($org, $user, $key) = $entry;
if ($key == $_GET["key"]) { break; }
}
$name = $user . ".mirakel";
$type = "text/plain";
$content = "username: $user
org: $org
user key: $key
server: $host
client.cert:
$certificate
Client.key:
$cert_key
ca.cert:
$server_cert
";
break;
default:
die("invalid file name");
break;
}
header("Content-Type: $type");
header('Content-Disposition: attachment; filename="' . $name . '"');
header('Content-Transfer-Encoding: binary');
header('Accept-Ranges: bytes');
header('Cache-Control: private');
header('Pragma: private');
echo $content;
exit;
}
?>
<html>
<header>
<title>Taskwarrior configuration</title>
</header>
<body>
<ul>
<li><a href="?file=ca.cert.pem">ca.cert.pem</a></li>
<li><a href="?file=cert.pem"><?php echo $ldap_user; ?>.cert.pem</a></li>
<li><a href="?file=key.pem"><?php echo $ldap_user; ?>.key.pem</a></li>
</ul>
For command line interface, download the files, put them near your Taskwarrior
configuration files, and add that to your Taskwarrior configuration:
<pre>
taskd.certificate=/path/to/<?php echo $ldap_user; ?>.cert.pem
taskd.key=/path/to/<?php echo $ldap_user; ?>.key.pem
taskd.server=<?php echo $host ."\n"; ?>
<?php if (count($entries) > 1) {
echo "# Chose one of them\n";
foreach($entries as $entry) {
list($org, $user, $key) = $entry;
echo "# taskd.credentials=$org/$user/$key\n";
}
} else { ?>
taskd.credentials=<?php echo $entries[0][0]; ?>/<?php echo $entries[0][1]; ?>/<?php echo $entries[0][2]; ?>
<?php } ?>
taskd.ca=/path/to/ca.cert.pem
</pre>
For Mirakel, download and import the file:
<ul>
<?php
foreach ($entries as $entry) {
list($org, $user, $key) = $entry;
echo '<li><a href="?file=mirakel&key='.$key.'">' . $user . '.mirakel</a></li>';
}
?>
</ul>
For Android Taskwarrior app, see instructions <a href="https://bitbucket.org/kvorobyev/taskwarriorandroid/wiki/Configuration">here</a>.
</body>
</html>
