nextcloud/apps/user_ldap/ajax/testConfiguration.php

89 lines
3.3 KiB
PHP
Raw Normal View History

<?php
/**
2016-07-21 17:49:16 +03:00
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
2016-05-26 20:56:05 +03:00
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
2016-07-21 17:49:16 +03:00
* @author Joas Schilling <coding@schilljs.com>
* @author Juan Pablo Villafáñez <jvillafanez@solidgear.es>
2015-03-26 13:44:34 +03:00
* @author Morris Jobke <hey@morrisjobke.de>
2016-07-21 19:13:36 +03:00
* @author Robin Appelman <robin@icewind.nl>
* @author Roeland Jago Douma <roeland@famdouma.nl>
2015-03-26 13:44:34 +03:00
* @author Thomas Müller <thomas.mueller@tmit.eu>
*
2015-03-26 13:44:34 +03:00
* @license AGPL-3.0
*
2015-03-26 13:44:34 +03:00
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
2015-03-26 13:44:34 +03:00
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
2015-03-26 13:44:34 +03:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
2015-03-26 13:44:34 +03:00
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
// Check user and app status
\OC_JSON::checkAdminUser();
\OC_JSON::checkAppEnabled('user_ldap');
\OC_JSON::callCheck();
2014-08-31 12:05:59 +04:00
$l = \OC::$server->getL10N('user_ldap');
2013-01-31 20:43:24 +04:00
2016-05-12 17:21:28 +03:00
$ldapWrapper = new OCA\User_LDAP\LDAP();
$connection = new \OCA\User_LDAP\Connection($ldapWrapper, $_POST['ldap_serverconfig_chooser']);
try {
$configurationOk = true;
$conf = $connection->getConfiguration();
if ($conf['ldap_configuration_active'] === '0') {
//needs to be true, otherwise it will also fail with an irritating message
$conf['ldap_configuration_active'] = '1';
$configurationOk = $connection->setConfiguration($conf);
}
if ($configurationOk) {
//Configuration is okay
/*
* Clossing the session since it won't be used from this point on. There might be a potential
* race condition if a second request is made: either this request or the other might not
* contact the LDAP backup server the first time when it should, but there shouldn't be any
* problem with that other than the extra connection.
*/
\OC::$server->getSession()->close();
if ($connection->bind()) {
/*
* This shiny if block is an ugly hack to find out whether anonymous
* bind is possible on AD or not. Because AD happily and constantly
* replies with success to any anonymous bind request, we need to
* fire up a broken operation. If AD does not allow anonymous bind,
* it will end up with LDAP error code 1 which is turned into an
* exception by the LDAP wrapper. We catch this. Other cases may
* pass (like e.g. expected syntax error).
*/
try {
$ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']);
} catch (\Exception $e) {
if($e->getCode() === 1) {
\OC_JSON::error(['message' => $l->t('Invalid configuration: Anonymous binding is not allowed.')]);
exit;
}
}
\OC_JSON::success(['message'
=> $l->t('Valid configuration, connection established!')]);
} else {
\OC_JSON::error(['message'
=> $l->t('Valid configuration, but binding failed. Please check the server settings and credentials.')]);
}
} else {
\OC_JSON::error(['message'
=> $l->t('Invalid configuration. Please have a look at the logs for further details.')]);
}
} catch (\Exception $e) {
\OC_JSON::error(['message' => $e->getMessage()]);
}