From fe92630ce4aa4c95ad27f3b095efcd6c01c2d37b Mon Sep 17 00:00:00 2001
From: Geert Josten <geert.josten@marklogic.com>
Date: Wed, 27 May 2015 11:06:03 +0200
Subject: [PATCH] Fixed #445: added apply settings for external security,
 including bind-method

---
 deploy/lib/xquery/setup.xqy | 54 +++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/deploy/lib/xquery/setup.xqy b/deploy/lib/xquery/setup.xqy
index 3ac50b21..a18e3a77 100644
--- a/deploy/lib/xquery/setup.xqy
+++ b/deploy/lib/xquery/setup.xqy
@@ -311,6 +311,21 @@ declare variable $field-settings :=
     <setting>word-searches</setting>
   </settings>;
   
+declare variable $external-security-settings :=
+  <settings>
+    <setting min-version="7.0-0">authentication</setting>
+    <setting min-version="7.0-0">authorization</setting>
+    <setting min-version="7.0-0">cache-timeout</setting>
+    <setting min-version="7.0-0">description</setting>
+    <setting min-version="7.0-0">ldap-attribute</setting>
+    <setting min-version="7.0-0">ldap-base</setting>
+    <setting min-version="8.0-2">ldap-bind-method</setting>
+    <setting min-version="7.0-0">ldap-default-user</setting>
+    <setting min-version="7.0-0">ldap-password</setting>
+    <setting min-version="7.0-0">ldap-server-uri</setting>
+    <setting min-version="7.0-0">name</setting>
+  </settings>;
+
 (: A note on naming conventions:
   $admin-config refers to the configuration passed around by the Admin APIs
   $import-config is the import/export configuration format that setup:get-configuration() generates
@@ -445,6 +460,7 @@ declare function setup:do-setup($import-config as element(configuration)+) as it
       setup:create-roles($import-config),
       setup:create-users($import-config),
       setup:create-external-security($import-config),
+      setup:apply-external-security-settings($import-config),
       setup:create-mimetypes($import-config),
       setup:create-groups($import-config),
       setup:configure-groups($import-config),
@@ -4373,6 +4389,44 @@ declare function setup:create-external-security(
     )
 };
 
+declare function setup:apply-external-security-settings($import-config as element(configuration)) as item()*
+{
+  for $es-config in $import-config/sec:external-securities/sec:external-security
+  let $es-name := $es-config/sec:external-security-name
+  let $apply-settings :=
+    for $setting in $external-security-settings/*:setting
+    let $setting-test :=
+      if ($setting/@accept-blank = "true") then
+        ""
+      else
+        "[fn:string-length(fn:string(.)) > 0]"
+    let $value :=
+      if ($setting/@value) then
+        xdmp:value($setting/@value)
+      else
+        fn:data(xdmp:value(fn:concat("$es-config/sec:", $setting, $setting-test)))
+    let $min-version as xs:string? := $setting/@min-version
+    where (fn:exists($value))
+    return
+      if (fn:empty($min-version) or setup:at-least-version($min-version)) then
+        xdmp:eval(
+          fn:concat('
+            xquery version "1.0-ml";
+            import module namespace sec = "http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy";
+            declare variable $value external;
+            sec:external-security-set-', fn:replace($setting, 'external-security-', ''), '("', $es-name, '", $value)
+          '),
+          (xs:QName("value"), $value),
+          <options xmlns="xdmp:eval"><database>{$default-security}</database></options>
+        )
+      else
+        fn:error(
+          xs:QName("VERSION_NOT_SUPPORTED"),
+          fn:concat("MarkLogic ", xdmp:version(), " does not support ", $setting, ". Use ", $min-version, " or higher."))
+  return
+    fn:concat("External security ", $es-name, " settings applied succesfully.")
+};
+
 declare function setup:validate-external-security(
   $import-config as element(configuration))
 {