nextcloud/apps/user_ldap/user_ldap.php

<?php

/**
 * ownCloud
 *
 * @author Dominik Schmidt
 * @author Artuhr Schiwon
 * @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de
 * @copyright 2012 Arthur Schiwon blizzz@owncloud.com
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

class OC_USER_LDAP extends OC_User_Backend {

	// cached settings
	protected $ldapUserFilter;
	protected $ldapQuotaAttribute;
	protected $ldapQuotaDefault;
	protected $ldapEmailAttribute;

	// will be retrieved from LDAP server
	protected $ldap_dc = false;

	// cache getUsers()
	protected $_users = null;

	public function __construct() {
		$this->ldapUserFilter      = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
		$this->ldapQuotaAttribute  = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
		$this->ldapQuotaDefault    = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
		$this->ldapEmailAttribute  = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
	}

	private function updateQuota($dn) {
		$quota = null;
		if(!empty($this->ldapQuotaDefault)) {
			$quota = $this->ldapQuotaDefault;
		}
		if(!empty($this->ldapQuotaAttribute)) {
			$aQuota = OC_LDAP::readAttribute($dn, $this->ldapQuotaAttribute);

			if($aQuota && (count($aQuota) > 0)) {
				$quota = $aQuota[0];
			}
		}
		if(!is_null($quota)) {
			OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'files', 'quota', OCP\Util::computerFileSize($quota));
		}
	}

	private function updateEmail($dn) {
		$email = null;
		if(!empty($this->ldapEmailAttribute)) {
			$aEmail = OC_LDAP::readAttribute($dn, $this->ldapEmailAttribute);
			if($aEmail && (count($aEmail) > 0)) {
				$email = $aEmail[0];
			}
			if(!is_null($email)){
				OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'settings', 'email', $email);
			}
		}
	}

	/**
	 * @brief Check if the password is correct
	 * @param $uid The username
	 * @param $password The password
	 * @returns true/false
	 *
	 * Check if the password is correct without logging in the user
	 */
	public function checkPassword($uid, $password){
		//find out dn of the user name
		$filter = OCP\Util::mb_str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'), 'UTF-8');
		$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
		if(count($ldap_users) < 1) {
			return false;
		}
		$dn = $ldap_users[0];

		//are the credentials OK?
		if(!OC_LDAP::areCredentialsValid($dn, $password)) {
			return false;
		}

		//update some settings, if necessary
		$this->updateQuota($dn);
		$this->updateEmail($dn);

		//give back the display name
		return OC_LDAP::dn2username($dn);
	}

	/**
	 * @brief Get a list of all users
	 * @returns array with all uids
	 *
	 * Get a list of all users.
	 */
	public function getUsers(){
		if(is_null($this->_users)) {
			$ldap_users = OC_LDAP::fetchListOfUsers($this->ldapUserFilter, array(OC_LDAP::conf('ldapUserDisplayName'), 'dn'));
			$this->_users = OC_LDAP::ownCloudUserNames($ldap_users);
		}
		return $this->_users;
	}

	/**
	 * @brief check if a user exists
	 * @param string $uid the username
	 * @return boolean
	 */
	public function userExists($uid){
		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
		$dn = OC_LDAP::username2dn($uid);
		if(!$dn) {
			return false;
		}

		//if user really still exists, we will be able to read his cn
		$cn = OC_LDAP::readAttribute($dn, 'cn');
		if(!$cn || empty($cn)) {
			return false;
		}

		return true;
	}

}
Add user_ldap plugin 2011-06-24 00:51:25 +04:00			`<?php`

			`/**`
			`* ownCloud`
			`*`
			`* @author Dominik Schmidt`
LDAP: copyright stuff 2012-05-04 15:25:52 +04:00			`* @author Artuhr Schiwon`
Add user_ldap plugin 2011-06-24 00:51:25 +04:00			`* @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de`
LDAP: copyright stuff 2012-05-04 15:25:52 +04:00			`* @copyright 2012 Arthur Schiwon blizzz@owncloud.com`
Add user_ldap plugin 2011-06-24 00:51:25 +04:00			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
			`* License as published by the Free Software Foundation; either`
			`* version 3 of the License, or any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public`
			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`

Renaming classes :-) 2011-07-29 23:36:03 +04:00			`class OC_USER_LDAP extends OC_User_Backend {`
Add user_ldap plugin 2011-06-24 00:51:25 +04:00
user_ldap: implement userExists 2011-06-24 01:41:02 +04:00			`// cached settings`
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`protected $ldapUserFilter;`
			`protected $ldapQuotaAttribute;`
			`protected $ldapQuotaDefault;`
			`protected $ldapEmailAttribute;`

Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00			`// will be retrieved from LDAP server`
			`protected $ldap_dc = false;`
user_ldap: add port setting 2011-06-24 01:17:10 +04:00
LDAP: cache the results, reduce LDAP searches 2012-06-07 20:55:32 +04:00			`// cache getUsers()`
			`protected $_users = null;`

LDAP: checkPassword ain't static 2012-05-04 15:14:03 +04:00			`public function __construct() {`
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');`
			`$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');`
			`$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');`
			`$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');`
user_ldap: close ldap connection in dtor 2011-06-24 01:54:39 +04:00			`}`

LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`private function updateQuota($dn) {`
			`$quota = null;`
			`if(!empty($this->ldapQuotaDefault)) {`
			`$quota = $this->ldapQuotaDefault;`
			`}`
			`if(!empty($this->ldapQuotaAttribute)) {`
			`$aQuota = OC_LDAP::readAttribute($dn, $this->ldapQuotaAttribute);`
Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`if($aQuota && (count($aQuota) > 0)) {`
			`$quota = $aQuota[0];`
			`}`
			`}`
			`if(!is_null($quota)) {`
			`OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'files', 'quota', OCP\Util::computerFileSize($quota));`
LDAP: set also quota, when there is no explicit default value 2012-03-01 17:31:06 +04:00			`}`
Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00			`}`

LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`private function updateEmail($dn) {`
			`$email = null;`
			`if(!empty($this->ldapEmailAttribute)) {`
			`$aEmail = OC_LDAP::readAttribute($dn, $this->ldapEmailAttribute);`
			`if($aEmail && (count($aEmail) > 0)) {`
			`$email = $aEmail[0];`
			`}`
			`if(!is_null($email)){`
			`OCP\Config::setUserValue(OC_LDAP::dn2username($dn), 'settings', 'email', $email);`
			`}`
			`}`
Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00			`}`

LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`/**`
			`* @brief Check if the password is correct`
			`* @param $uid The username`
			`* @param $password The password`
			`* @returns true/false`
			`*`
			`* Check if the password is correct without logging in the user`
			`*/`
LDAP: checkPassword ain't static 2012-05-04 15:14:03 +04:00			`public function checkPassword($uid, $password){`
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`//find out dn of the user name`
LDAP: make it UTF-8 save 2012-07-02 22:31:07 +04:00			`$filter = OCP\Util::mb_str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'), 'UTF-8');`
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');`
			`if(count($ldap_users) < 1) {`
only use ldap user backend when it is configured 2011-07-06 02:30:57 +04:00			`return false;`
			`}`
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`$dn = $ldap_users[0];`
user_ldap: implement userExists 2011-06-24 01:41:02 +04:00
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`//are the credentials OK?`
			`if(!OC_LDAP::areCredentialsValid($dn, $password)) {`
Fix OC_USER_LDAP::checkPassword() to return the username REVIEW: 102487 2011-08-29 22:08:26 +04:00			`return false;`
Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00			`}`

LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`//update some settings, if necessary`
			`$this->updateQuota($dn);`
			`$this->updateEmail($dn);`
Combing LDAP backend with LDAP extended backend 2012-02-16 20:55:39 +04:00
LDAP: make oc_user_ldap::checkPassword make use of central OC_LDAP 2012-05-04 15:02:20 +04:00			`//give back the display name`
			`return OC_LDAP::dn2username($dn);`
user_ldap: implement userExists 2011-06-24 01:41:02 +04:00			`}`
Add user_ldap plugin 2011-06-24 00:51:25 +04:00
LDAP: make oc_user_ldap::getUsers make use of central OC_LDAP 2012-05-04 01:41:08 +04:00			`/**`
			`* @brief Get a list of all users`
			`* @returns array with all uids`
			`*`
			`* Get a list of all users.`
			`*/`
LDAP: also those functions were not meant to be static 2012-05-04 15:48:55 +04:00			`public function getUsers(){`
LDAP: cache the results, reduce LDAP searches 2012-06-07 20:55:32 +04:00			`if(is_null($this->_users)) {`
			`$ldap_users = OC_LDAP::fetchListOfUsers($this->ldapUserFilter, array(OC_LDAP::conf('ldapUserDisplayName'), 'dn'));`
			`$this->_users = OC_LDAP::ownCloudUserNames($ldap_users);`
			`}`
			`return $this->_users;`
Disable save button while saving. Streamlined code. 2011-11-30 02:11:42 +04:00			`}`
user_ldap: implement userExists 2011-06-24 01:41:02 +04:00
LDAP: make oc_user_ldap::userExists make use of central OC_LDAP 2012-05-04 01:44:12 +04:00			`/**`
			`* @brief check if a user exists`
			`* @param string $uid the username`
			`* @return boolean`
			`*/`
LDAP: also those functions were not meant to be static 2012-05-04 15:48:55 +04:00			`public function userExists($uid){`
LDAP: cheaper userExists() implementation 2012-06-22 14:42:07 +04:00			`//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.`
			`$dn = OC_LDAP::username2dn($uid);`
			`if(!$dn) {`
			`return false;`
			`}`

			`//if user really still exists, we will be able to read his cn`
			`$cn = OC_LDAP::readAttribute($dn, 'cn');`
			`if(!$cn \|\| empty($cn)) {`
			`return false;`
			`}`

			`return true;`
LDAP: make oc_user_ldap::userExists make use of central OC_LDAP 2012-05-04 01:44:12 +04:00			`}`

remove unnecessary closing PHP tag 2012-06-22 14:49:56 +04:00			`}`