mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/apps/user_ldap/lib/connection.php

531 lines
19 KiB
PHP
Raw Normal View History

LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
<?php
/**
* ownCloud LDAP Access
*
* @author Arthur Schiwon
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\user_ldap\lib;
class Connection {
private $ldapConnectionRes = null;
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
private $configPrefix;
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
private $configID;
private $configured = false;
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
2012-07-26 18:11:23 +04:00
//cache handler
protected $cache;
//settings
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
'ldapBackupHost' => null,
'ldapBackupPort' => null,
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only. Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
2012-08-06 01:00:47 +04:00
'turnOffCertCheck' => null,
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
2013-01-24 02:40:21 +04:00
'ldapGroupMemberAssocAttr' => null,
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
2012-07-26 18:11:23 +04:00
'ldapCacheTTL' => null,
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
2012-08-23 20:29:43 +04:00
'ldapUuidAttribute' => null,
'ldapOverrideUuidAttribute' => null,
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
'ldapOverrideMainServer' => false,
LDAP: implement getHome() function, use either username (default) or specify an LDAP attribute value to use
2012-08-28 16:24:31 +04:00
'homeFolderNamingRule' => null,
LDAP: know, wether server supports paged search
2012-10-26 23:52:58 +04:00
'hasPagedResultSupport' => false,
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
);
documentation for the Connection constructor
2013-01-11 02:34:24 +04:00
/**
* @brief Constructor
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
*/
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
public function __construct($configPrefix = '', $configID = 'user_ldap') {
$this->configPrefix = $configPrefix;
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
$this->configID = $configID;
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
2012-07-26 18:11:23 +04:00
$this->cache = \OC_Cache::getGlobalCache();
LDAP: know, wether server supports paged search
2012-10-26 23:52:58 +04:00
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
public function __destruct() {
LDAP: check for resource before unbinding
2012-10-26 15:30:07 +04:00
if(is_resource($this->ldapConnectionRes)) {
@ldap_unbind($this->ldapConnectionRes);
};
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
public function __get($name) {
if(!$this->configured) {
$this->readConfiguration();
}
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
2012-08-23 20:29:43 +04:00
public function __set($name, $value) {
$changed = false;
//omly few options are writable
if($name == 'ldapUuidAttribute') {
\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG);
$this->config[$name] = $value;
if(!empty($this->configID)) {
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', $value);
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
2012-08-23 20:29:43 +04:00
}
$changed = true;
}
if($changed) {
$this->validateConfiguration();
}
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
/**
* @brief initializes the LDAP backend
* @param $force read the config settings no matter what
*
* initializes the LDAP backend
*/
public function init($force = false) {
$this->readConfiguration($force);
$this->establishConnection();
}
/**
* Returns the LDAP handler
*/
public function getConnectionResource() {
if(!$this->ldapConnectionRes) {
$this->init();
LDAP: fix potentially unavailable LDAP resource, which can prevent successful login
2012-08-22 17:22:52 +04:00
} else if(!is_resource($this->ldapConnectionRes)) {
$this->ldapConnectionRes = null;
$this->establishConnection();
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
if(is_null($this->ldapConnectionRes)) {
\OCP\Util::writeLog('user_ldap', 'Connection could not be established', \OCP\Util::ERROR);
}
return $this->ldapConnectionRes;
}
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
2012-07-26 18:11:23 +04:00
private function getCacheKey($key) {
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
2012-07-26 18:11:23 +04:00
if(is_null($key)) {
return $prefix;
}
return $prefix.md5($key);
}
public function getFromCache($key) {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']) {
return null;
}
if(!$this->isCached($key)) {
return null;
}
$key = $this->getCacheKey($key);
return unserialize(base64_decode($this->cache->get($key)));
}
public function isCached($key) {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']) {
return false;
}
$key = $this->getCacheKey($key);
return $this->cache->hasKey($key);
}
public function writeToCache($key, $value) {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']) {
return null;
}
$key = $this->getCacheKey($key);
$value = base64_encode(serialize($value));
$this->cache->set($key, $value, $this->config['ldapCacheTTL']);
}
public function clearCache() {
$this->cache->clear($this->getCacheKey(null));
}
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
private function getValue($varname) {
static $defaults;
if(is_null($defaults)){
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue($this->configID,
$this->configPrefix.$varname,
$defaults[$varname]);
}
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
private function setValue($varname, $value) {
\OCP\Config::setAppValue($this->configID,
$this->configPrefix.$varname,
$value);
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
/**
* Caches the general LDAP configuration.
*/
private function readConfiguration($force = false) {
if((!$this->configured || $force) && !is_null($this->configID)) {
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
$defaults = $this->getDefaults();
$v = 'getValue';
$this->config['ldapHost'] = $this->$v('ldap_host');
$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
$this->config['ldapPort'] = $this->$v('ldap_port');
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
$this->config['ldapOverrideMainServer']
= $this->$v('ldap_override_main_server');
$this->config['ldapAgentName'] = $this->$v('ldap_dn');
$this->config['ldapAgentPassword']
= base64_decode($this->$v('ldap_agent_password'));
$rawLdapBase = $this->$v('ldap_base');
$this->config['ldapBase']
= preg_split('/\r\n|\r|\n/', $rawLdapBase);
$this->config['ldapBaseUsers']
= preg_split('/\r\n|\r|\n/', ($this->$v('ldap_base_users')));
$this->config['ldapBaseGroups']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_base_groups'));
LDAP: fix read configuration, remove unnecessary debug output
2013-01-16 17:58:49 +04:00
unset($rawLdapBase);
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
$this->config['ldapTLS'] = $this->$v('ldap_tls');
$this->config['ldapNoCase'] = $this->$v('ldap_nocase');
$this->config['turnOffCertCheck']
= $this->$v('ldap_turn_off_cert_check');
$this->config['ldapUserDisplayName']
= mb_strtolower($this->$v('ldap_display_name'),'UTF-8');
$this->config['ldapUserFilter']
= $this->$v('ldap_userlist_filter');
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
$this->config['ldapGroupDisplayName']
= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
$this->config['ldapQuotaAttribute']
= $this->$v('ldap_quota_attr');
$this->config['ldapQuotaDefault']
= $this->$v('ldap_quota_def');
$this->config['ldapEmailAttribute']
= $this->$v('ldap_email_attr');
$this->config['ldapGroupMemberAssocAttr']
= $this->$v('ldap_group_member_assoc_attribute');
$this->config['ldapIgnoreNamingRules']
= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
$this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
$this->config['ldapUuidAttribute']
= $this->$v('ldap_uuid_attribute');
$this->config['ldapOverrideUuidAttribute']
= $this->$v('ldap_override_uuid_attribute');
$this->config['homeFolderNamingRule']
= $this->$v('home_folder_naming_rule');
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
$this->configured = $this->validateConfiguration();
}
}
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
private function getConfigTranslationArray() {
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
2013-01-24 02:40:21 +04:00
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck');
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
return $array;
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
/**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
if(!is_array($config)) {
return false;
}
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
$params = $this->getConfigTranslationArray();
LDAP: add Test Configuration functionality in the settings
2012-07-26 20:10:53 +04:00
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
foreach($config as $parameter => $value) {
if(isset($this->config[$parameter])) {
$this->config[$parameter] = $value;
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
LDAP: add Test Configuration functionality in the settings
2012-07-26 20:10:53 +04:00
} else if(isset($params[$parameter])) {
$this->config[$params[$parameter]] = $value;
if(is_array($setParameters)) {
$setParameters[] = $params[$parameter];
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
}
$this->configured = $this->validateConfiguration();
return $this->configured;
}
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
public function saveConfiguration() {
$trans = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $value) {
\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.$value, \OCP\Util::DEBUG);
switch ($key) {
fix more config keys for save settings handling
2013-01-20 21:30:14 +04:00
case 'ldapAgentPassword':
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
$value = base64_encode($value);
break;
fix more config keys for save settings handling
2013-01-20 21:30:14 +04:00
case 'homeFolderNamingRule':
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
$value = empty($value) ? 'opt:username' : 'attr:'.$value;
break;
case 'ldapIgnoreNamingRules':
case 'ldapOverrideUuidAttribute':
fix continue in switch, add another key to skip
2013-01-20 21:27:39 +04:00
case 'ldapUuidAttribute':
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
case 'hasPagedResultSupport':
fix continue in switch, add another key to skip
2013-01-20 21:27:39 +04:00
continue 2;
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
default:
if(is_null($value)) {
$value = 0;
}
}
$this->setValue($trans[$key], $value);
}
}
fix mixed key and value
2013-01-18 16:53:26 +04:00
/**
* @brief get the current LDAP configuration
* @return array
*/
public function getConfiguration() {
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
2013-01-24 02:40:21 +04:00
$this->readConfiguration();
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
$trans = $this->getConfigTranslationArray();
$config = array();
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
2013-01-24 02:40:21 +04:00
foreach($trans as $dbKey => $classKey) {
if($classKey == 'homeFolderNamingRule') {
if(strpos($this->config[$classKey], 'opt') === 0) {
$config[$dbKey] = '';
} else {
$config[$dbKey] = substr($this->config[$dbKey], 5);
}
continue;
}
$config[$dbKey] = $this->config[$classKey];
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
}
make sure that Configuration is read when getConfiguration is called. And give back the appropriate result.
2013-01-24 02:40:21 +04:00
return $config;
fix mixed key and value
2013-01-18 16:53:26 +04:00
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
/**
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
if(empty($this->config['ldapBaseUsers'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapBaseGroups'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
}
Checkstyle fixes: NoSpaceAfterComma
2012-11-04 14:10:46 +04:00
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
introduce configPrefix to allow settings for multiple LDAP servers
2013-01-11 02:30:26 +04:00
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
2012-08-23 20:29:43 +04:00
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
}
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
2013-01-17 16:56:37 +04:00
if(empty($this->config['ldapBackupPort'])) {
//force default
$this->config['ldapBackupPort'] = $this->config['ldapPort'];
}
LDAP: identify (map) users with their directory UUID. Fixes the issue, that usernames for owncloud will change, when the DN changes (which happens rarely, but it happens).
2012-08-23 20:29:43 +04:00
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
$configurationOK = true;
if(empty($this->config['ldapHost'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapPort'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapUserDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapGroupDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapLoginFilter'])) {
\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$configurationOK = false;
}
return $configurationOK;
}
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
/**
* @returns an associted array with the default values. Keys are correspond
* to configvalue entries in the database table
*/
public function getDefaults() {
return array(
'ldap_host' => '',
'ldap_port' => '389',
'ldap_backup_host' => '',
'ldap_backup_port' => '',
'ldap_override_main_server' => '',
'ldap_dn' => '',
'ldap_agent_password' => '',
'ldap_base' => '',
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => 'objectClass=person',
'ldap_login_filter' => 'uid=%uid',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember',
'ldap_cache_ttl' => 600,
'ldap_uuid_attribute' => 'auto',
'ldap_override_uuid_attribute' => 0,
'home_folder_naming_rule' => '',
Ajaxifiy Settings Save
2013-01-20 21:02:44 +04:00
'ldap_turn_off_cert_check' => 0,
LDAP: gather defaults in one place, simplify readConfiguration
2013-01-18 16:35:40 +04:00
);
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
/**
* Connects and Binds to LDAP
*/
private function establishConnection() {
LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.
2012-07-25 20:40:48 +04:00
static $phpLDAPinstalled = true;
if(!$phpLDAPinstalled) {
return false;
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
if(!$this->configured) {
\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
return false;
}
if(!$this->ldapConnectionRes) {
LDAP: check if php-ldap is installed. If not, give an error output. FIX: blank Users page when the module is not installed.
2012-07-25 20:40:48 +04:00
if(!function_exists('ldap_connect')) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', \OCP\Util::ERROR);
return false;
}
LDAP: offer option to disable SSL certificate checks. Works around problems with self-signed certificates, for example. However, the best and right way to solve it is always to import the LDAP server cert to the owncloud server, so you it for testing only. Like to hear wether it works, instead appending LDAPTLS_REQCERT=never to ldap.conf.
2012-08-06 01:00:47 +04:00
if($this->config['turnOffCertCheck']) {
if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN);
} else {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
}
}
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
$bindStatus = $this->bind();
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
2013-01-17 16:56:37 +04:00
$error = ldap_errno($this->ldapConnectionRes);
fix undeclared variable
2013-01-17 16:46:32 +04:00
} else {
$bindStatus = false;
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
2013-01-17 16:56:37 +04:00
$error = null;
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
}
$error = null;
//if LDAP server is not reachable, try the Backup (Replica!) Server
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
2013-01-17 16:56:37 +04:00
if((!$bindStatus && ($error == -1))
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
|| $this->config['ldapOverrideMainServer']
|| $this->getFromCache('overrideMainServer')) {
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
$bindStatus = $this->bind();
if($bindStatus && $error == -1) {
make sure port is used as backup port if not specified. documentation. determine connection error earlier.
2013-01-17 16:56:37 +04:00
//when bind to backup server succeeded and failed to main server,
//skip contacting him until next cache refresh
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
$this->writeToCache('overrideMainServer', true);
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
}
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
return $bindStatus;
}
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
LDAP: add support for backup/replica servers
2013-01-17 16:31:14 +04:00
private function doConnect($host, $port) {
$this->ldapConnectionRes = ldap_connect($host, $port);
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
if($this->config['ldapTLS']) {
ldap_start_tls($this->ldapConnectionRes);
}
}
LDAP: split up LIB_LDAP into Access for LDAP interaction functions and Connection for configuration and resource management. Adjust user_ldap, group_ldap and the app accordingly.
2012-07-25 14:37:39 +04:00
}
}
/**
* Binds to LDAP
*/
public function bind() {
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
$this->ldapConnectionRes = null;
return false;
}
return true;
}
LDAP: take out ldapUuidAttribute from on-the-fly check, cannot be set by the user and would lead to server error. Fixes oc-1625
2012-09-19 17:35:50 +04:00
}