2012-07-25 14:37:39 +04:00
|
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* ownCloud – LDAP Access
|
|
|
|
|
*
|
|
|
|
|
* @author Arthur Schiwon
|
2013-01-11 02:30:26 +04:00
|
|
|
|
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
|
2012-07-25 14:37:39 +04:00
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace OCA\user_ldap\lib;
|
|
|
|
|
|
|
|
|
|
class Connection {
|
|
|
|
|
private $ldapConnectionRes = null;
|
2013-01-11 02:30:26 +04:00
|
|
|
|
private $configPrefix;
|
2012-07-25 14:37:39 +04:00
|
|
|
|
private $configID;
|
|
|
|
|
private $configured = false;
|
|
|
|
|
|
2012-07-26 18:11:23 +04:00
|
|
|
|
//cache handler
|
|
|
|
|
protected $cache;
|
|
|
|
|
|
|
|
|
|
//settings
|
2012-07-25 14:37:39 +04:00
|
|
|
|
protected $config = array(
|
|
|
|
|
'ldapHost' => null,
|
|
|
|
|
'ldapPort' => null,
|
2013-01-17 16:31:14 +04:00
|
|
|
|
'ldapBackupHost' => null,
|
|
|
|
|
'ldapBackupPort' => null,
|
2012-07-25 14:37:39 +04:00
|
|
|
|
'ldapBase' => null,
|
|
|
|
|
'ldapBaseUsers' => null,
|
|
|
|
|
'ldapBaseGroups' => null,
|
|
|
|
|
'ldapAgentName' => null,
|
|
|
|
|
'ldapAgentPassword' => null,
|
|
|
|
|
'ldapTLS' => null,
|
|
|
|
|
'ldapNoCase' => null,
|
2012-08-06 01:00:47 +04:00
|
|
|
|
'turnOffCertCheck' => null,
|
2012-07-25 14:37:39 +04:00
|
|
|
|
'ldapIgnoreNamingRules' => null,
|
|
|
|
|
'ldapUserDisplayName' => null,
|
|
|
|
|
'ldapUserFilter' => null,
|
|
|
|
|
'ldapGroupFilter' => null,
|
|
|
|
|
'ldapGroupDisplayName' => null,
|
2013-01-24 02:40:21 +04:00
|
|
|
|
'ldapGroupMemberAssocAttr' => null,
|
2012-07-25 14:37:39 +04:00
|
|
|
|
'ldapLoginFilter' => null,
|
|
|
|
|
'ldapQuotaAttribute' => null,
|
|
|
|
|
'ldapQuotaDefault' => null,
|
|
|
|
|
'ldapEmailAttribute' => null,
|
2012-07-26 18:11:23 +04:00
|
|
|
|
'ldapCacheTTL' => null,
|
2012-08-23 20:29:43 +04:00
|
|
|
|
'ldapUuidAttribute' => null,
|
|
|
|
|
'ldapOverrideUuidAttribute' => null,
|
2013-01-17 16:31:14 +04:00
|
|
|
|
'ldapOverrideMainServer' => false,
|
2013-01-25 01:39:05 +04:00
|
|
|
|
'ldapConfigurationActive' => false,
|
2013-01-31 04:46:34 +04:00
|
|
|
|
'ldapAttributesForUserSearch' => null,
|
|
|
|
|
'ldapAttributesForGroupSearch' => null,
|
2012-08-28 16:24:31 +04:00
|
|
|
|
'homeFolderNamingRule' => null,
|
2012-10-26 23:52:58 +04:00
|
|
|
|
'hasPagedResultSupport' => false,
|
2013-05-08 16:55:56 +04:00
|
|
|
|
'ldapExpertUsernameAttr' => null,
|
2013-05-08 16:05:08 +04:00
|
|
|
|
'ldapExpertUUIDAttr' => null,
|
2012-07-25 14:37:39 +04:00
|
|
|
|
);
|
|
|
|
|
|
2013-01-11 02:34:24 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief Constructor
|
|
|
|
|
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
|
|
|
|
|
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
|
|
|
|
|
*/
|
2013-01-11 02:30:26 +04:00
|
|
|
|
public function __construct($configPrefix = '', $configID = 'user_ldap') {
|
|
|
|
|
$this->configPrefix = $configPrefix;
|
2012-07-25 14:37:39 +04:00
|
|
|
|
$this->configID = $configID;
|
2012-07-26 18:11:23 +04:00
|
|
|
|
$this->cache = \OC_Cache::getGlobalCache();
|
2013-02-15 01:16:48 +04:00
|
|
|
|
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result')
|
|
|
|
|
&& function_exists('ldap_control_paged_result_response'));
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function __destruct() {
|
2012-10-26 15:30:07 +04:00
|
|
|
|
if(is_resource($this->ldapConnectionRes)) {
|
|
|
|
|
@ldap_unbind($this->ldapConnectionRes);
|
|
|
|
|
};
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function __get($name) {
|
|
|
|
|
if(!$this->configured) {
|
|
|
|
|
$this->readConfiguration();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(isset($this->config[$name])) {
|
|
|
|
|
return $this->config[$name];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-23 20:29:43 +04:00
|
|
|
|
public function __set($name, $value) {
|
|
|
|
|
$changed = false;
|
2013-01-31 20:51:59 +04:00
|
|
|
|
//only few options are writable
|
2013-04-21 00:45:50 +04:00
|
|
|
|
if($name === 'ldapUuidAttribute') {
|
2012-08-23 20:29:43 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG);
|
|
|
|
|
$this->config[$name] = $value;
|
|
|
|
|
if(!empty($this->configID)) {
|
2013-01-11 02:30:26 +04:00
|
|
|
|
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', $value);
|
2012-08-23 20:29:43 +04:00
|
|
|
|
}
|
|
|
|
|
$changed = true;
|
|
|
|
|
}
|
|
|
|
|
if($changed) {
|
|
|
|
|
$this->validateConfiguration();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief initializes the LDAP backend
|
|
|
|
|
* @param $force read the config settings no matter what
|
|
|
|
|
*
|
|
|
|
|
* initializes the LDAP backend
|
|
|
|
|
*/
|
|
|
|
|
public function init($force = false) {
|
|
|
|
|
$this->readConfiguration($force);
|
|
|
|
|
$this->establishConnection();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the LDAP handler
|
|
|
|
|
*/
|
|
|
|
|
public function getConnectionResource() {
|
|
|
|
|
if(!$this->ldapConnectionRes) {
|
|
|
|
|
$this->init();
|
2012-08-22 17:22:52 +04:00
|
|
|
|
} else if(!is_resource($this->ldapConnectionRes)) {
|
|
|
|
|
$this->ldapConnectionRes = null;
|
|
|
|
|
$this->establishConnection();
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
if(is_null($this->ldapConnectionRes)) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Connection could not be established', \OCP\Util::ERROR);
|
|
|
|
|
}
|
|
|
|
|
return $this->ldapConnectionRes;
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-26 18:11:23 +04:00
|
|
|
|
private function getCacheKey($key) {
|
2013-01-11 02:30:26 +04:00
|
|
|
|
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
|
2012-07-26 18:11:23 +04:00
|
|
|
|
if(is_null($key)) {
|
|
|
|
|
return $prefix;
|
|
|
|
|
}
|
|
|
|
|
return $prefix.md5($key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getFromCache($key) {
|
|
|
|
|
if(!$this->configured) {
|
|
|
|
|
$this->readConfiguration();
|
|
|
|
|
}
|
|
|
|
|
if(!$this->config['ldapCacheTTL']) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
if(!$this->isCached($key)) {
|
|
|
|
|
return null;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
$key = $this->getCacheKey($key);
|
|
|
|
|
|
|
|
|
|
return unserialize(base64_decode($this->cache->get($key)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isCached($key) {
|
|
|
|
|
if(!$this->configured) {
|
|
|
|
|
$this->readConfiguration();
|
|
|
|
|
}
|
|
|
|
|
if(!$this->config['ldapCacheTTL']) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$key = $this->getCacheKey($key);
|
|
|
|
|
return $this->cache->hasKey($key);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function writeToCache($key, $value) {
|
|
|
|
|
if(!$this->configured) {
|
|
|
|
|
$this->readConfiguration();
|
|
|
|
|
}
|
2013-01-25 01:39:05 +04:00
|
|
|
|
if(!$this->config['ldapCacheTTL']
|
|
|
|
|
|| !$this->config['ldapConfigurationActive']) {
|
2012-07-26 18:11:23 +04:00
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
$key = $this->getCacheKey($key);
|
|
|
|
|
$value = base64_encode(serialize($value));
|
|
|
|
|
$this->cache->set($key, $value, $this->config['ldapCacheTTL']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function clearCache() {
|
|
|
|
|
$this->cache->clear($this->getCacheKey(null));
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-18 16:35:40 +04:00
|
|
|
|
private function getValue($varname) {
|
|
|
|
|
static $defaults;
|
2013-02-09 19:46:55 +04:00
|
|
|
|
if(is_null($defaults)) {
|
2013-01-18 16:35:40 +04:00
|
|
|
|
$defaults = $this->getDefaults();
|
|
|
|
|
}
|
|
|
|
|
return \OCP\Config::getAppValue($this->configID,
|
|
|
|
|
$this->configPrefix.$varname,
|
|
|
|
|
$defaults[$varname]);
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-20 21:02:44 +04:00
|
|
|
|
private function setValue($varname, $value) {
|
|
|
|
|
\OCP\Config::setAppValue($this->configID,
|
|
|
|
|
$this->configPrefix.$varname,
|
|
|
|
|
$value);
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
/**
|
|
|
|
|
* Caches the general LDAP configuration.
|
|
|
|
|
*/
|
|
|
|
|
private function readConfiguration($force = false) {
|
|
|
|
|
if((!$this->configured || $force) && !is_null($this->configID)) {
|
2013-01-18 16:35:40 +04:00
|
|
|
|
$v = 'getValue';
|
|
|
|
|
$this->config['ldapHost'] = $this->$v('ldap_host');
|
|
|
|
|
$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
|
|
|
|
|
$this->config['ldapPort'] = $this->$v('ldap_port');
|
2013-01-20 21:02:44 +04:00
|
|
|
|
$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
|
2013-01-18 16:35:40 +04:00
|
|
|
|
$this->config['ldapOverrideMainServer']
|
|
|
|
|
= $this->$v('ldap_override_main_server');
|
|
|
|
|
$this->config['ldapAgentName'] = $this->$v('ldap_dn');
|
|
|
|
|
$this->config['ldapAgentPassword']
|
|
|
|
|
= base64_decode($this->$v('ldap_agent_password'));
|
|
|
|
|
$rawLdapBase = $this->$v('ldap_base');
|
|
|
|
|
$this->config['ldapBase']
|
|
|
|
|
= preg_split('/\r\n|\r|\n/', $rawLdapBase);
|
|
|
|
|
$this->config['ldapBaseUsers']
|
|
|
|
|
= preg_split('/\r\n|\r|\n/', ($this->$v('ldap_base_users')));
|
|
|
|
|
$this->config['ldapBaseGroups']
|
|
|
|
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_base_groups'));
|
2013-01-16 17:58:49 +04:00
|
|
|
|
unset($rawLdapBase);
|
2013-01-18 16:35:40 +04:00
|
|
|
|
$this->config['ldapTLS'] = $this->$v('ldap_tls');
|
|
|
|
|
$this->config['ldapNoCase'] = $this->$v('ldap_nocase');
|
|
|
|
|
$this->config['turnOffCertCheck']
|
|
|
|
|
= $this->$v('ldap_turn_off_cert_check');
|
|
|
|
|
$this->config['ldapUserDisplayName']
|
2013-02-09 20:35:47 +04:00
|
|
|
|
= mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
|
2013-01-18 16:35:40 +04:00
|
|
|
|
$this->config['ldapUserFilter']
|
|
|
|
|
= $this->$v('ldap_userlist_filter');
|
|
|
|
|
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
|
|
|
|
|
$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
|
|
|
|
|
$this->config['ldapGroupDisplayName']
|
|
|
|
|
= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
|
|
|
|
|
$this->config['ldapQuotaAttribute']
|
|
|
|
|
= $this->$v('ldap_quota_attr');
|
|
|
|
|
$this->config['ldapQuotaDefault']
|
|
|
|
|
= $this->$v('ldap_quota_def');
|
|
|
|
|
$this->config['ldapEmailAttribute']
|
|
|
|
|
= $this->$v('ldap_email_attr');
|
|
|
|
|
$this->config['ldapGroupMemberAssocAttr']
|
|
|
|
|
= $this->$v('ldap_group_member_assoc_attribute');
|
|
|
|
|
$this->config['ldapIgnoreNamingRules']
|
|
|
|
|
= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
|
|
|
|
|
$this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
|
|
|
|
|
$this->config['ldapUuidAttribute']
|
|
|
|
|
= $this->$v('ldap_uuid_attribute');
|
|
|
|
|
$this->config['ldapOverrideUuidAttribute']
|
|
|
|
|
= $this->$v('ldap_override_uuid_attribute');
|
|
|
|
|
$this->config['homeFolderNamingRule']
|
|
|
|
|
= $this->$v('home_folder_naming_rule');
|
2013-01-25 01:39:05 +04:00
|
|
|
|
$this->config['ldapConfigurationActive']
|
|
|
|
|
= $this->$v('ldap_configuration_active');
|
2013-01-31 04:46:34 +04:00
|
|
|
|
$this->config['ldapAttributesForUserSearch']
|
|
|
|
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
|
|
|
|
|
$this->config['ldapAttributesForGroupSearch']
|
|
|
|
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
|
2013-05-08 16:55:56 +04:00
|
|
|
|
$this->config['ldapExpertUsernameAttr']
|
|
|
|
|
= $this->$v('ldap_expert_username_attr');
|
2013-05-08 16:05:08 +04:00
|
|
|
|
$this->config['ldapExpertUUIDAttr']
|
|
|
|
|
= $this->$v('ldap_expert_uuid_attr');
|
2012-07-25 14:37:39 +04:00
|
|
|
|
|
|
|
|
|
$this->configured = $this->validateConfiguration();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-30 06:44:11 +04:00
|
|
|
|
/**
|
|
|
|
|
* @return returns an array that maps internal variable names to database fields
|
|
|
|
|
*/
|
2013-01-20 21:02:44 +04:00
|
|
|
|
private function getConfigTranslationArray() {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
static $array = array(
|
|
|
|
|
'ldap_host'=>'ldapHost',
|
|
|
|
|
'ldap_port'=>'ldapPort',
|
|
|
|
|
'ldap_backup_host'=>'ldapBackupHost',
|
|
|
|
|
'ldap_backup_port'=>'ldapBackupPort',
|
|
|
|
|
'ldap_override_main_server' => 'ldapOverrideMainServer',
|
|
|
|
|
'ldap_dn'=>'ldapAgentName',
|
|
|
|
|
'ldap_agent_password'=>'ldapAgentPassword',
|
|
|
|
|
'ldap_base'=>'ldapBase',
|
|
|
|
|
'ldap_base_users'=>'ldapBaseUsers',
|
|
|
|
|
'ldap_base_groups'=>'ldapBaseGroups',
|
|
|
|
|
'ldap_userlist_filter'=>'ldapUserFilter',
|
|
|
|
|
'ldap_login_filter'=>'ldapLoginFilter',
|
|
|
|
|
'ldap_group_filter'=>'ldapGroupFilter',
|
|
|
|
|
'ldap_display_name'=>'ldapUserDisplayName',
|
|
|
|
|
'ldap_group_display_name'=>'ldapGroupDisplayName',
|
|
|
|
|
'ldap_tls'=>'ldapTLS',
|
|
|
|
|
'ldap_nocase'=>'ldapNoCase',
|
|
|
|
|
'ldap_quota_def'=>'ldapQuotaDefault',
|
|
|
|
|
'ldap_quota_attr'=>'ldapQuotaAttribute',
|
|
|
|
|
'ldap_email_attr'=>'ldapEmailAttribute',
|
|
|
|
|
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
|
|
|
|
|
'ldap_cache_ttl'=>'ldapCacheTTL',
|
|
|
|
|
'home_folder_naming_rule' => 'homeFolderNamingRule',
|
|
|
|
|
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
|
|
|
|
|
'ldap_configuration_active' => 'ldapConfigurationActive',
|
|
|
|
|
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
|
2013-05-08 16:05:08 +04:00
|
|
|
|
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
|
2013-05-08 16:55:56 +04:00
|
|
|
|
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
|
2013-05-08 16:05:08 +04:00
|
|
|
|
'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr',
|
2013-02-15 01:16:48 +04:00
|
|
|
|
);
|
2013-01-20 21:02:44 +04:00
|
|
|
|
return $array;
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief set LDAP configuration with values delivered by an array, not read from configuration
|
|
|
|
|
* @param $config array that holds the config parameters in an associated array
|
|
|
|
|
* @param &$setParameters optional; array where the set fields will be given to
|
|
|
|
|
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
|
|
|
|
|
*/
|
|
|
|
|
public function setConfiguration($config, &$setParameters = null) {
|
|
|
|
|
if(!is_array($config)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-20 21:02:44 +04:00
|
|
|
|
$params = $this->getConfigTranslationArray();
|
2012-07-26 20:10:53 +04:00
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
foreach($config as $parameter => $value) {
|
2013-04-21 00:45:50 +04:00
|
|
|
|
if(($parameter === 'homeFolderNamingRule'
|
2013-02-16 05:33:19 +04:00
|
|
|
|
|| (isset($params[$parameter])
|
2013-04-21 00:45:50 +04:00
|
|
|
|
&& $params[$parameter] === 'homeFolderNamingRule'))
|
2013-02-06 16:04:35 +04:00
|
|
|
|
&& !empty($value)) {
|
|
|
|
|
$value = 'attr:'.$value;
|
|
|
|
|
}
|
2012-07-25 14:37:39 +04:00
|
|
|
|
if(isset($this->config[$parameter])) {
|
|
|
|
|
$this->config[$parameter] = $value;
|
|
|
|
|
if(is_array($setParameters)) {
|
|
|
|
|
$setParameters[] = $parameter;
|
|
|
|
|
}
|
2012-07-26 20:10:53 +04:00
|
|
|
|
} else if(isset($params[$parameter])) {
|
|
|
|
|
$this->config[$params[$parameter]] = $value;
|
|
|
|
|
if(is_array($setParameters)) {
|
|
|
|
|
$setParameters[] = $params[$parameter];
|
|
|
|
|
}
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->configured = $this->validateConfiguration();
|
|
|
|
|
|
|
|
|
|
return $this->configured;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-30 06:44:11 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief saves the current Configuration in the database
|
|
|
|
|
*/
|
2013-01-20 21:02:44 +04:00
|
|
|
|
public function saveConfiguration() {
|
|
|
|
|
$trans = array_flip($this->getConfigTranslationArray());
|
|
|
|
|
foreach($this->config as $key => $value) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.$value, \OCP\Util::DEBUG);
|
|
|
|
|
switch ($key) {
|
2013-01-20 21:30:14 +04:00
|
|
|
|
case 'ldapAgentPassword':
|
2013-01-20 21:02:44 +04:00
|
|
|
|
$value = base64_encode($value);
|
|
|
|
|
break;
|
2013-01-25 01:39:05 +04:00
|
|
|
|
case 'ldapBase':
|
|
|
|
|
case 'ldapBaseUsers':
|
|
|
|
|
case 'ldapBaseGroups':
|
2013-01-31 04:46:34 +04:00
|
|
|
|
case 'ldapAttributesForUserSearch':
|
|
|
|
|
case 'ldapAttributesForGroupSearch':
|
2013-02-09 19:46:55 +04:00
|
|
|
|
if(is_array($value)) {
|
2013-01-25 01:39:05 +04:00
|
|
|
|
$value = implode("\n", $value);
|
|
|
|
|
}
|
|
|
|
|
break;
|
2013-01-20 21:02:44 +04:00
|
|
|
|
case 'ldapIgnoreNamingRules':
|
|
|
|
|
case 'ldapOverrideUuidAttribute':
|
2013-01-20 21:27:39 +04:00
|
|
|
|
case 'ldapUuidAttribute':
|
2013-01-20 21:02:44 +04:00
|
|
|
|
case 'hasPagedResultSupport':
|
2013-01-20 21:27:39 +04:00
|
|
|
|
continue 2;
|
2013-01-31 05:00:29 +04:00
|
|
|
|
}
|
|
|
|
|
if(is_null($value)) {
|
|
|
|
|
$value = '';
|
2013-01-20 21:02:44 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$this->setValue($trans[$key], $value);
|
|
|
|
|
}
|
2013-01-24 15:44:30 +04:00
|
|
|
|
$this->clearCache();
|
2013-01-20 21:02:44 +04:00
|
|
|
|
}
|
|
|
|
|
|
2013-01-18 16:53:26 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief get the current LDAP configuration
|
|
|
|
|
* @return array
|
|
|
|
|
*/
|
|
|
|
|
public function getConfiguration() {
|
2013-01-24 02:40:21 +04:00
|
|
|
|
$this->readConfiguration();
|
2013-01-20 21:02:44 +04:00
|
|
|
|
$trans = $this->getConfigTranslationArray();
|
|
|
|
|
$config = array();
|
2013-01-24 02:40:21 +04:00
|
|
|
|
foreach($trans as $dbKey => $classKey) {
|
2013-04-21 00:45:50 +04:00
|
|
|
|
if($classKey === 'homeFolderNamingRule') {
|
2013-02-23 00:26:07 +04:00
|
|
|
|
if(strpos($this->config[$classKey], 'attr:') === 0) {
|
2013-01-31 04:46:54 +04:00
|
|
|
|
$config[$dbKey] = substr($this->config[$classKey], 5);
|
2013-02-23 00:26:07 +04:00
|
|
|
|
} else {
|
|
|
|
|
$config[$dbKey] = '';
|
2013-01-24 02:40:21 +04:00
|
|
|
|
}
|
|
|
|
|
continue;
|
2013-01-31 04:46:34 +04:00
|
|
|
|
} else if((strpos($classKey, 'ldapBase') !== false)
|
|
|
|
|
|| (strpos($classKey, 'ldapAttributes') !== false)) {
|
2013-01-25 01:39:05 +04:00
|
|
|
|
$config[$dbKey] = implode("\n", $this->config[$classKey]);
|
|
|
|
|
continue;
|
2013-01-24 02:40:21 +04:00
|
|
|
|
}
|
|
|
|
|
$config[$dbKey] = $this->config[$classKey];
|
2013-01-20 21:02:44 +04:00
|
|
|
|
}
|
|
|
|
|
|
2013-01-24 02:40:21 +04:00
|
|
|
|
return $config;
|
2013-01-18 16:53:26 +04:00
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
/**
|
|
|
|
|
* @brief Validates the user specified configuration
|
|
|
|
|
* @returns true if configuration seems OK, false otherwise
|
|
|
|
|
*/
|
|
|
|
|
private function validateConfiguration() {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
// first step: "soft" checks: settings that are not really
|
|
|
|
|
// necessary, but advisable. If left empty, give an info message
|
2012-07-25 14:37:39 +04:00
|
|
|
|
if(empty($this->config['ldapBaseUsers'])) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
|
|
|
|
|
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapBaseGroups'])) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
|
|
|
|
|
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'No group filter is specified, LDAP group feature will not be used.',
|
|
|
|
|
\OCP\Util::INFO);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
2013-04-26 17:02:05 +04:00
|
|
|
|
$uuidAttributes = array(
|
|
|
|
|
'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid');
|
|
|
|
|
if(!in_array($this->config['ldapUuidAttribute'], $uuidAttributes)
|
2013-02-15 01:16:48 +04:00
|
|
|
|
&& (!is_null($this->configID))) {
|
2013-01-11 02:30:26 +04:00
|
|
|
|
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'Illegal value for the UUID Attribute, reset to autodetect.',
|
|
|
|
|
\OCP\Util::INFO);
|
2012-08-23 20:29:43 +04:00
|
|
|
|
}
|
2013-01-17 16:56:37 +04:00
|
|
|
|
if(empty($this->config['ldapBackupPort'])) {
|
|
|
|
|
//force default
|
|
|
|
|
$this->config['ldapBackupPort'] = $this->config['ldapPort'];
|
|
|
|
|
}
|
2013-01-31 04:46:34 +04:00
|
|
|
|
foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
|
|
|
|
|
if(is_array($this->config[$key])
|
2013-04-21 00:45:50 +04:00
|
|
|
|
&& count($this->config[$key]) === 1
|
2013-01-31 04:46:34 +04:00
|
|
|
|
&& empty($this->config[$key][0])) {
|
|
|
|
|
$this->config[$key] = array();
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-02-06 17:30:17 +04:00
|
|
|
|
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
|
|
|
|
|
&& $this->config['ldapTLS']) {
|
|
|
|
|
$this->config['ldapTLS'] = false;
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
|
|
|
|
|
\OCP\Util::INFO);
|
2013-02-06 17:30:17 +04:00
|
|
|
|
}
|
2013-01-31 04:46:34 +04:00
|
|
|
|
|
2012-08-23 20:29:43 +04:00
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
|
|
|
|
|
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
|
|
|
|
|
$configurationOK = true;
|
|
|
|
|
if(empty($this->config['ldapHost'])) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
|
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapPort'])) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
|
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|
|
|
|
|
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
|
|
|
|
|
\OCP\Util::WARN);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
//TODO: check if ldapAgentName is in DN form
|
2013-02-15 01:16:48 +04:00
|
|
|
|
if(empty($this->config['ldapBase'])
|
|
|
|
|
&& (empty($this->config['ldapBaseUsers'])
|
|
|
|
|
&& empty($this->config['ldapBaseGroups']))) {
|
2012-07-25 14:37:39 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
|
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapUserDisplayName'])) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'No user display name attribute specified, won`t connect.',
|
|
|
|
|
\OCP\Util::WARN);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapGroupDisplayName'])) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'No group display name attribute specified, won`t connect.',
|
|
|
|
|
\OCP\Util::WARN);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if(empty($this->config['ldapLoginFilter'])) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
|
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'Login filter does not contain %uid place holder, won`t connect.',
|
|
|
|
|
\OCP\Util::WARN);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
|
|
|
|
|
$configurationOK = false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-08 16:55:56 +04:00
|
|
|
|
if(!empty($this->config['ldapExpertUUIDAttr'])) {
|
|
|
|
|
$this->config['ldapUuidAttribute'] = $this->config['ldapExpertUUIDAttr'];
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
return $configurationOK;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-18 16:35:40 +04:00
|
|
|
|
/**
|
2013-01-31 20:51:59 +04:00
|
|
|
|
* @returns an associative array with the default values. Keys are correspond
|
|
|
|
|
* to config-value entries in the database table
|
2013-01-18 16:35:40 +04:00
|
|
|
|
*/
|
|
|
|
|
public function getDefaults() {
|
|
|
|
|
return array(
|
|
|
|
|
'ldap_host' => '',
|
|
|
|
|
'ldap_port' => '389',
|
|
|
|
|
'ldap_backup_host' => '',
|
|
|
|
|
'ldap_backup_port' => '',
|
|
|
|
|
'ldap_override_main_server' => '',
|
|
|
|
|
'ldap_dn' => '',
|
|
|
|
|
'ldap_agent_password' => '',
|
|
|
|
|
'ldap_base' => '',
|
|
|
|
|
'ldap_base_users' => '',
|
|
|
|
|
'ldap_base_groups' => '',
|
|
|
|
|
'ldap_userlist_filter' => 'objectClass=person',
|
|
|
|
|
'ldap_login_filter' => 'uid=%uid',
|
|
|
|
|
'ldap_group_filter' => 'objectClass=posixGroup',
|
|
|
|
|
'ldap_display_name' => 'cn',
|
|
|
|
|
'ldap_group_display_name' => 'cn',
|
|
|
|
|
'ldap_tls' => 1,
|
|
|
|
|
'ldap_nocase' => 0,
|
|
|
|
|
'ldap_quota_def' => '',
|
|
|
|
|
'ldap_quota_attr' => '',
|
|
|
|
|
'ldap_email_attr' => '',
|
|
|
|
|
'ldap_group_member_assoc_attribute' => 'uniqueMember',
|
|
|
|
|
'ldap_cache_ttl' => 600,
|
|
|
|
|
'ldap_uuid_attribute' => 'auto',
|
|
|
|
|
'ldap_override_uuid_attribute' => 0,
|
2013-02-23 00:26:07 +04:00
|
|
|
|
'home_folder_naming_rule' => '',
|
2013-01-20 21:02:44 +04:00
|
|
|
|
'ldap_turn_off_cert_check' => 0,
|
2013-01-25 01:39:05 +04:00
|
|
|
|
'ldap_configuration_active' => 1,
|
2013-01-31 04:46:34 +04:00
|
|
|
|
'ldap_attributes_for_user_search' => '',
|
|
|
|
|
'ldap_attributes_for_group_search' => '',
|
2013-05-08 16:55:56 +04:00
|
|
|
|
'ldap_expert_username_attr' => '',
|
2013-05-08 16:05:08 +04:00
|
|
|
|
'ldap_expert_uuid_attr' => '',
|
2013-01-18 16:35:40 +04:00
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-25 14:37:39 +04:00
|
|
|
|
/**
|
|
|
|
|
* Connects and Binds to LDAP
|
|
|
|
|
*/
|
|
|
|
|
private function establishConnection() {
|
2013-01-25 01:39:05 +04:00
|
|
|
|
if(!$this->config['ldapConfigurationActive']) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
2012-07-25 20:40:48 +04:00
|
|
|
|
static $phpLDAPinstalled = true;
|
|
|
|
|
if(!$phpLDAPinstalled) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2012-07-25 14:37:39 +04:00
|
|
|
|
if(!$this->configured) {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if(!$this->ldapConnectionRes) {
|
2012-07-25 20:40:48 +04:00
|
|
|
|
if(!function_exists('ldap_connect')) {
|
|
|
|
|
$phpLDAPinstalled = false;
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
|
|
|
|
|
\OCP\Util::ERROR);
|
2012-07-25 20:40:48 +04:00
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2012-08-06 01:00:47 +04:00
|
|
|
|
if($this->config['turnOffCertCheck']) {
|
|
|
|
|
if(putenv('LDAPTLS_REQCERT=never')) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'Turned off SSL certificate validation successfully.',
|
|
|
|
|
\OCP\Util::WARN);
|
2012-08-06 01:00:47 +04:00
|
|
|
|
} else {
|
|
|
|
|
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-01-17 16:31:14 +04:00
|
|
|
|
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
|
|
|
|
|
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
|
|
|
|
|
$bindStatus = $this->bind();
|
2013-02-06 17:32:00 +04:00
|
|
|
|
$error = is_resource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
|
2013-01-17 16:46:32 +04:00
|
|
|
|
} else {
|
|
|
|
|
$bindStatus = false;
|
2013-01-17 16:56:37 +04:00
|
|
|
|
$error = null;
|
2013-01-17 16:31:14 +04:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//if LDAP server is not reachable, try the Backup (Replica!) Server
|
2013-05-25 13:02:51 +04:00
|
|
|
|
if((!$bindStatus && ($error !== 0))
|
2013-01-17 16:31:14 +04:00
|
|
|
|
|| $this->config['ldapOverrideMainServer']
|
|
|
|
|
|| $this->getFromCache('overrideMainServer')) {
|
|
|
|
|
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
|
|
|
|
|
$bindStatus = $this->bind();
|
2013-05-25 13:02:51 +04:00
|
|
|
|
if(!$bindStatus && $error === -1) {
|
2013-01-17 16:56:37 +04:00
|
|
|
|
//when bind to backup server succeeded and failed to main server,
|
|
|
|
|
//skip contacting him until next cache refresh
|
2013-01-17 16:31:14 +04:00
|
|
|
|
$this->writeToCache('overrideMainServer', true);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
}
|
2013-01-17 16:31:14 +04:00
|
|
|
|
return $bindStatus;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-07-25 14:37:39 +04:00
|
|
|
|
|
2013-01-17 16:31:14 +04:00
|
|
|
|
private function doConnect($host, $port) {
|
2013-02-06 17:32:00 +04:00
|
|
|
|
if(empty($host)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2013-06-04 01:07:32 +04:00
|
|
|
|
if(strpos($host, '://') !== false) {
|
|
|
|
|
//ldap_connect ignores port paramater when URLs are passed
|
|
|
|
|
$host .= ':' . $port;
|
|
|
|
|
}
|
2013-01-17 16:31:14 +04:00
|
|
|
|
$this->ldapConnectionRes = ldap_connect($host, $port);
|
|
|
|
|
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
|
|
|
|
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
|
|
|
|
if($this->config['ldapTLS']) {
|
|
|
|
|
ldap_start_tls($this->ldapConnectionRes);
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-07-25 14:37:39 +04:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Binds to LDAP
|
|
|
|
|
*/
|
|
|
|
|
public function bind() {
|
2013-05-25 13:03:58 +04:00
|
|
|
|
static $getConnectionResourceAttempt = false;
|
2013-01-25 01:39:05 +04:00
|
|
|
|
if(!$this->config['ldapConfigurationActive']) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2013-05-25 13:03:58 +04:00
|
|
|
|
if($getConnectionResourceAttempt) {
|
|
|
|
|
$getConnectionResourceAttempt = false;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$getConnectionResourceAttempt = true;
|
2013-02-06 17:32:00 +04:00
|
|
|
|
$cr = $this->getConnectionResource();
|
2013-05-25 13:03:58 +04:00
|
|
|
|
$getConnectionResourceAttempt = false;
|
2013-02-06 17:32:00 +04:00
|
|
|
|
if(!is_resource($cr)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
if(!$ldapLogin) {
|
2013-02-15 01:16:48 +04:00
|
|
|
|
\OCP\Util::writeLog('user_ldap',
|
|
|
|
|
'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr),
|
|
|
|
|
\OCP\Util::ERROR);
|
2012-07-25 14:37:39 +04:00
|
|
|
|
$this->ldapConnectionRes = null;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-19 17:35:50 +04:00
|
|
|
|
}
|