2012-07-25 14:37:39 +04:00
< ? php
/**
* ownCloud – LDAP Access
*
* @ author Arthur Schiwon
2013-01-11 02:30:26 +04:00
* @ copyright 2012 , 2013 Arthur Schiwon blizzz @ owncloud . com
2012-07-25 14:37:39 +04:00
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
*
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
namespace OCA\user_ldap\lib ;
class Connection {
private $ldapConnectionRes = null ;
2013-01-11 02:30:26 +04:00
private $configPrefix ;
2012-07-25 14:37:39 +04:00
private $configID ;
private $configured = false ;
2012-07-26 18:11:23 +04:00
//cache handler
protected $cache ;
//settings
2012-07-25 14:37:39 +04:00
protected $config = array (
'ldapHost' => null ,
'ldapPort' => null ,
2013-01-17 16:31:14 +04:00
'ldapBackupHost' => null ,
'ldapBackupPort' => null ,
2012-07-25 14:37:39 +04:00
'ldapBase' => null ,
'ldapBaseUsers' => null ,
'ldapBaseGroups' => null ,
'ldapAgentName' => null ,
'ldapAgentPassword' => null ,
'ldapTLS' => null ,
'ldapNoCase' => null ,
2012-08-06 01:00:47 +04:00
'turnOffCertCheck' => null ,
2012-07-25 14:37:39 +04:00
'ldapIgnoreNamingRules' => null ,
'ldapUserDisplayName' => null ,
'ldapUserFilter' => null ,
'ldapGroupFilter' => null ,
'ldapGroupDisplayName' => null ,
2013-01-24 02:40:21 +04:00
'ldapGroupMemberAssocAttr' => null ,
2012-07-25 14:37:39 +04:00
'ldapLoginFilter' => null ,
'ldapQuotaAttribute' => null ,
'ldapQuotaDefault' => null ,
'ldapEmailAttribute' => null ,
2012-07-26 18:11:23 +04:00
'ldapCacheTTL' => null ,
2012-08-23 20:29:43 +04:00
'ldapUuidAttribute' => null ,
'ldapOverrideUuidAttribute' => null ,
2013-01-17 16:31:14 +04:00
'ldapOverrideMainServer' => false ,
2013-01-25 01:39:05 +04:00
'ldapConfigurationActive' => false ,
2013-01-31 04:46:34 +04:00
'ldapAttributesForUserSearch' => null ,
'ldapAttributesForGroupSearch' => null ,
2012-08-28 16:24:31 +04:00
'homeFolderNamingRule' => null ,
2012-10-26 23:52:58 +04:00
'hasPagedResultSupport' => false ,
2012-07-25 14:37:39 +04:00
);
2013-01-11 02:34:24 +04:00
/**
* @ brief Constructor
* @ param $configPrefix a string with the prefix for the configkey column ( appconfig table )
* @ param $configID a string with the value for the appid column ( appconfig table ) or null for on - the - fly connections
*/
2013-01-11 02:30:26 +04:00
public function __construct ( $configPrefix = '' , $configID = 'user_ldap' ) {
$this -> configPrefix = $configPrefix ;
2012-07-25 14:37:39 +04:00
$this -> configID = $configID ;
2012-07-26 18:11:23 +04:00
$this -> cache = \OC_Cache :: getGlobalCache ();
2012-10-26 23:52:58 +04:00
$this -> config [ 'hasPagedResultSupport' ] = ( function_exists ( 'ldap_control_paged_result' ) && function_exists ( 'ldap_control_paged_result_response' ));
2012-07-25 14:37:39 +04:00
}
public function __destruct () {
2012-10-26 15:30:07 +04:00
if ( is_resource ( $this -> ldapConnectionRes )) {
@ ldap_unbind ( $this -> ldapConnectionRes );
};
2012-07-25 14:37:39 +04:00
}
public function __get ( $name ) {
if ( ! $this -> configured ) {
$this -> readConfiguration ();
}
if ( isset ( $this -> config [ $name ])) {
return $this -> config [ $name ];
}
}
2012-08-23 20:29:43 +04:00
public function __set ( $name , $value ) {
$changed = false ;
2013-01-31 20:51:59 +04:00
//only few options are writable
2012-08-23 20:29:43 +04:00
if ( $name == 'ldapUuidAttribute' ) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Set config ldapUuidAttribute to ' . $value , \OCP\Util :: DEBUG );
$this -> config [ $name ] = $value ;
if ( ! empty ( $this -> configID )) {
2013-01-11 02:30:26 +04:00
\OCP\Config :: setAppValue ( $this -> configID , $this -> configPrefix . 'ldap_uuid_attribute' , $value );
2012-08-23 20:29:43 +04:00
}
$changed = true ;
}
if ( $changed ) {
$this -> validateConfiguration ();
}
}
2012-07-25 14:37:39 +04:00
/**
* @ brief initializes the LDAP backend
* @ param $force read the config settings no matter what
*
* initializes the LDAP backend
*/
public function init ( $force = false ) {
$this -> readConfiguration ( $force );
$this -> establishConnection ();
}
/**
* Returns the LDAP handler
*/
public function getConnectionResource () {
if ( ! $this -> ldapConnectionRes ) {
$this -> init ();
2012-08-22 17:22:52 +04:00
} else if ( ! is_resource ( $this -> ldapConnectionRes )) {
$this -> ldapConnectionRes = null ;
$this -> establishConnection ();
2012-07-25 14:37:39 +04:00
}
if ( is_null ( $this -> ldapConnectionRes )) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Connection could not be established' , \OCP\Util :: ERROR );
}
return $this -> ldapConnectionRes ;
}
2012-07-26 18:11:23 +04:00
private function getCacheKey ( $key ) {
2013-01-11 02:30:26 +04:00
$prefix = 'LDAP-' . $this -> configID . '-' . $this -> configPrefix . '-' ;
2012-07-26 18:11:23 +04:00
if ( is_null ( $key )) {
return $prefix ;
}
return $prefix . md5 ( $key );
}
public function getFromCache ( $key ) {
if ( ! $this -> configured ) {
$this -> readConfiguration ();
}
if ( ! $this -> config [ 'ldapCacheTTL' ]) {
return null ;
}
if ( ! $this -> isCached ( $key )) {
return null ;
}
$key = $this -> getCacheKey ( $key );
return unserialize ( base64_decode ( $this -> cache -> get ( $key )));
}
public function isCached ( $key ) {
if ( ! $this -> configured ) {
$this -> readConfiguration ();
}
if ( ! $this -> config [ 'ldapCacheTTL' ]) {
return false ;
}
$key = $this -> getCacheKey ( $key );
return $this -> cache -> hasKey ( $key );
}
public function writeToCache ( $key , $value ) {
if ( ! $this -> configured ) {
$this -> readConfiguration ();
}
2013-01-25 01:39:05 +04:00
if ( ! $this -> config [ 'ldapCacheTTL' ]
|| ! $this -> config [ 'ldapConfigurationActive' ]) {
2012-07-26 18:11:23 +04:00
return null ;
}
$key = $this -> getCacheKey ( $key );
$value = base64_encode ( serialize ( $value ));
$this -> cache -> set ( $key , $value , $this -> config [ 'ldapCacheTTL' ]);
}
public function clearCache () {
$this -> cache -> clear ( $this -> getCacheKey ( null ));
}
2013-01-18 16:35:40 +04:00
private function getValue ( $varname ) {
static $defaults ;
if ( is_null ( $defaults )){
$defaults = $this -> getDefaults ();
}
return \OCP\Config :: getAppValue ( $this -> configID ,
$this -> configPrefix . $varname ,
$defaults [ $varname ]);
}
2013-01-20 21:02:44 +04:00
private function setValue ( $varname , $value ) {
\OCP\Config :: setAppValue ( $this -> configID ,
$this -> configPrefix . $varname ,
$value );
}
2012-07-25 14:37:39 +04:00
/**
* Caches the general LDAP configuration .
*/
private function readConfiguration ( $force = false ) {
if (( ! $this -> configured || $force ) && ! is_null ( $this -> configID )) {
2013-01-18 16:35:40 +04:00
$defaults = $this -> getDefaults ();
$v = 'getValue' ;
$this -> config [ 'ldapHost' ] = $this -> $v ( 'ldap_host' );
$this -> config [ 'ldapBackupHost' ] = $this -> $v ( 'ldap_backup_host' );
$this -> config [ 'ldapPort' ] = $this -> $v ( 'ldap_port' );
2013-01-20 21:02:44 +04:00
$this -> config [ 'ldapBackupPort' ] = $this -> $v ( 'ldap_backup_port' );
2013-01-18 16:35:40 +04:00
$this -> config [ 'ldapOverrideMainServer' ]
= $this -> $v ( 'ldap_override_main_server' );
$this -> config [ 'ldapAgentName' ] = $this -> $v ( 'ldap_dn' );
$this -> config [ 'ldapAgentPassword' ]
= base64_decode ( $this -> $v ( 'ldap_agent_password' ));
$rawLdapBase = $this -> $v ( 'ldap_base' );
$this -> config [ 'ldapBase' ]
= preg_split ( '/\r\n|\r|\n/' , $rawLdapBase );
$this -> config [ 'ldapBaseUsers' ]
= preg_split ( '/\r\n|\r|\n/' , ( $this -> $v ( 'ldap_base_users' )));
$this -> config [ 'ldapBaseGroups' ]
= preg_split ( '/\r\n|\r|\n/' , $this -> $v ( 'ldap_base_groups' ));
2013-01-16 17:58:49 +04:00
unset ( $rawLdapBase );
2013-01-18 16:35:40 +04:00
$this -> config [ 'ldapTLS' ] = $this -> $v ( 'ldap_tls' );
$this -> config [ 'ldapNoCase' ] = $this -> $v ( 'ldap_nocase' );
$this -> config [ 'turnOffCertCheck' ]
= $this -> $v ( 'ldap_turn_off_cert_check' );
$this -> config [ 'ldapUserDisplayName' ]
= mb_strtolower ( $this -> $v ( 'ldap_display_name' ), 'UTF-8' );
$this -> config [ 'ldapUserFilter' ]
= $this -> $v ( 'ldap_userlist_filter' );
$this -> config [ 'ldapGroupFilter' ] = $this -> $v ( 'ldap_group_filter' );
$this -> config [ 'ldapLoginFilter' ] = $this -> $v ( 'ldap_login_filter' );
$this -> config [ 'ldapGroupDisplayName' ]
= mb_strtolower ( $this -> $v ( 'ldap_group_display_name' ), 'UTF-8' );
$this -> config [ 'ldapQuotaAttribute' ]
= $this -> $v ( 'ldap_quota_attr' );
$this -> config [ 'ldapQuotaDefault' ]
= $this -> $v ( 'ldap_quota_def' );
$this -> config [ 'ldapEmailAttribute' ]
= $this -> $v ( 'ldap_email_attr' );
$this -> config [ 'ldapGroupMemberAssocAttr' ]
= $this -> $v ( 'ldap_group_member_assoc_attribute' );
$this -> config [ 'ldapIgnoreNamingRules' ]
= \OCP\Config :: getSystemValue ( 'ldapIgnoreNamingRules' , false );
$this -> config [ 'ldapCacheTTL' ] = $this -> $v ( 'ldap_cache_ttl' );
$this -> config [ 'ldapUuidAttribute' ]
= $this -> $v ( 'ldap_uuid_attribute' );
$this -> config [ 'ldapOverrideUuidAttribute' ]
= $this -> $v ( 'ldap_override_uuid_attribute' );
$this -> config [ 'homeFolderNamingRule' ]
= $this -> $v ( 'home_folder_naming_rule' );
2013-01-25 01:39:05 +04:00
$this -> config [ 'ldapConfigurationActive' ]
= $this -> $v ( 'ldap_configuration_active' );
2013-01-31 04:46:34 +04:00
$this -> config [ 'ldapAttributesForUserSearch' ]
= preg_split ( '/\r\n|\r|\n/' , $this -> $v ( 'ldap_attributes_for_user_search' ));
$this -> config [ 'ldapAttributesForGroupSearch' ]
= preg_split ( '/\r\n|\r|\n/' , $this -> $v ( 'ldap_attributes_for_group_search' ));
2012-07-25 14:37:39 +04:00
$this -> configured = $this -> validateConfiguration ();
}
}
2013-01-30 06:44:11 +04:00
/**
* @ return returns an array that maps internal variable names to database fields
*/
2013-01-20 21:02:44 +04:00
private function getConfigTranslationArray () {
static $array = array ( 'ldap_host' => 'ldapHost' , 'ldap_port' => 'ldapPort' , 'ldap_backup_host' => 'ldapBackupHost' , 'ldap_backup_port' => 'ldapBackupPort' , 'ldap_override_main_server' => 'ldapOverrideMainServer' , 'ldap_dn' => 'ldapAgentName' , 'ldap_agent_password' => 'ldapAgentPassword' , 'ldap_base' => 'ldapBase' , 'ldap_base_users' => 'ldapBaseUsers' , 'ldap_base_groups' => 'ldapBaseGroups' , 'ldap_userlist_filter' => 'ldapUserFilter' , 'ldap_login_filter' => 'ldapLoginFilter' , 'ldap_group_filter' => 'ldapGroupFilter' , 'ldap_display_name' => 'ldapUserDisplayName' , 'ldap_group_display_name' => 'ldapGroupDisplayName' ,
2013-01-31 04:46:34 +04:00
'ldap_tls' => 'ldapTLS' , 'ldap_nocase' => 'ldapNoCase' , 'ldap_quota_def' => 'ldapQuotaDefault' , 'ldap_quota_attr' => 'ldapQuotaAttribute' , 'ldap_email_attr' => 'ldapEmailAttribute' , 'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr' , 'ldap_cache_ttl' => 'ldapCacheTTL' , 'home_folder_naming_rule' => 'homeFolderNamingRule' , 'ldap_turn_off_cert_check' => 'turnOffCertCheck' , 'ldap_configuration_active' => 'ldapConfigurationActive' , 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch' , 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch' );
2013-01-20 21:02:44 +04:00
return $array ;
}
2012-07-25 14:37:39 +04:00
/**
* @ brief set LDAP configuration with values delivered by an array , not read from configuration
* @ param $config array that holds the config parameters in an associated array
* @ param & $setParameters optional ; array where the set fields will be given to
* @ return true if config validates , false otherwise . Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration ( $config , & $setParameters = null ) {
if ( ! is_array ( $config )) {
return false ;
}
2013-01-20 21:02:44 +04:00
$params = $this -> getConfigTranslationArray ();
2012-07-26 20:10:53 +04:00
2012-07-25 14:37:39 +04:00
foreach ( $config as $parameter => $value ) {
if ( isset ( $this -> config [ $parameter ])) {
$this -> config [ $parameter ] = $value ;
if ( is_array ( $setParameters )) {
$setParameters [] = $parameter ;
}
2012-07-26 20:10:53 +04:00
} else if ( isset ( $params [ $parameter ])) {
$this -> config [ $params [ $parameter ]] = $value ;
if ( is_array ( $setParameters )) {
$setParameters [] = $params [ $parameter ];
}
2012-07-25 14:37:39 +04:00
}
}
$this -> configured = $this -> validateConfiguration ();
return $this -> configured ;
}
2013-01-30 06:44:11 +04:00
/**
* @ brief saves the current Configuration in the database
*/
2013-01-20 21:02:44 +04:00
public function saveConfiguration () {
$trans = array_flip ( $this -> getConfigTranslationArray ());
foreach ( $this -> config as $key => $value ) {
\OCP\Util :: writeLog ( 'user_ldap' , 'LDAP: storing key ' . $key . ' value ' . $value , \OCP\Util :: DEBUG );
switch ( $key ) {
2013-01-20 21:30:14 +04:00
case 'ldapAgentPassword' :
2013-01-20 21:02:44 +04:00
$value = base64_encode ( $value );
break ;
2013-01-20 21:30:14 +04:00
case 'homeFolderNamingRule' :
2013-01-20 21:02:44 +04:00
$value = empty ( $value ) ? 'opt:username' : 'attr:' . $value ;
break ;
2013-01-25 01:39:05 +04:00
case 'ldapBase' :
case 'ldapBaseUsers' :
case 'ldapBaseGroups' :
2013-01-31 04:46:34 +04:00
case 'ldapAttributesForUserSearch' :
case 'ldapAttributesForGroupSearch' :
2013-01-25 01:39:05 +04:00
if ( is_array ( $value )){
$value = implode ( " \n " , $value );
}
break ;
2013-01-20 21:02:44 +04:00
case 'ldapIgnoreNamingRules' :
case 'ldapOverrideUuidAttribute' :
2013-01-20 21:27:39 +04:00
case 'ldapUuidAttribute' :
2013-01-20 21:02:44 +04:00
case 'hasPagedResultSupport' :
2013-01-20 21:27:39 +04:00
continue 2 ;
2013-01-31 05:00:29 +04:00
}
if ( is_null ( $value )) {
$value = '' ;
2013-01-20 21:02:44 +04:00
}
$this -> setValue ( $trans [ $key ], $value );
}
2013-01-24 15:44:30 +04:00
$this -> clearCache ();
2013-01-20 21:02:44 +04:00
}
2013-01-18 16:53:26 +04:00
/**
* @ brief get the current LDAP configuration
* @ return array
*/
public function getConfiguration () {
2013-01-24 02:40:21 +04:00
$this -> readConfiguration ();
2013-01-20 21:02:44 +04:00
$trans = $this -> getConfigTranslationArray ();
$config = array ();
2013-01-24 02:40:21 +04:00
foreach ( $trans as $dbKey => $classKey ) {
if ( $classKey == 'homeFolderNamingRule' ) {
if ( strpos ( $this -> config [ $classKey ], 'opt' ) === 0 ) {
$config [ $dbKey ] = '' ;
} else {
2013-01-31 04:46:54 +04:00
$config [ $dbKey ] = substr ( $this -> config [ $classKey ], 5 );
2013-01-24 02:40:21 +04:00
}
continue ;
2013-01-31 04:46:34 +04:00
} else if (( strpos ( $classKey , 'ldapBase' ) !== false )
|| ( strpos ( $classKey , 'ldapAttributes' ) !== false )) {
2013-01-25 01:39:05 +04:00
$config [ $dbKey ] = implode ( " \n " , $this -> config [ $classKey ]);
continue ;
2013-01-24 02:40:21 +04:00
}
$config [ $dbKey ] = $this -> config [ $classKey ];
2013-01-20 21:02:44 +04:00
}
2013-01-24 02:40:21 +04:00
return $config ;
2013-01-18 16:53:26 +04:00
}
2012-07-25 14:37:39 +04:00
/**
* @ brief Validates the user specified configuration
* @ returns true if configuration seems OK , false otherwise
*/
private function validateConfiguration () {
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
if ( empty ( $this -> config [ 'ldapBaseUsers' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Base tree for Users is empty, using Base DN' , \OCP\Util :: INFO );
$this -> config [ 'ldapBaseUsers' ] = $this -> config [ 'ldapBase' ];
}
if ( empty ( $this -> config [ 'ldapBaseGroups' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Base tree for Groups is empty, using Base DN' , \OCP\Util :: INFO );
$this -> config [ 'ldapBaseGroups' ] = $this -> config [ 'ldapBase' ];
}
if ( empty ( $this -> config [ 'ldapGroupFilter' ]) && empty ( $this -> config [ 'ldapGroupMemberAssocAttr' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No group filter is specified, LDAP group feature will not be used.' , \OCP\Util :: INFO );
}
2012-11-04 14:10:46 +04:00
if ( ! in_array ( $this -> config [ 'ldapUuidAttribute' ], array ( 'auto' , 'entryuuid' , 'nsuniqueid' , 'objectguid' )) && ( ! is_null ( $this -> configID ))) {
2013-01-11 02:30:26 +04:00
\OCP\Config :: setAppValue ( $this -> configID , $this -> configPrefix . 'ldap_uuid_attribute' , 'auto' );
2012-08-23 20:29:43 +04:00
\OCP\Util :: writeLog ( 'user_ldap' , 'Illegal value for the UUID Attribute, reset to autodetect.' , \OCP\Util :: INFO );
}
2013-01-17 16:56:37 +04:00
if ( empty ( $this -> config [ 'ldapBackupPort' ])) {
//force default
$this -> config [ 'ldapBackupPort' ] = $this -> config [ 'ldapPort' ];
}
2013-01-31 04:46:34 +04:00
foreach ( array ( 'ldapAttributesForUserSearch' , 'ldapAttributesForGroupSearch' ) as $key ) {
if ( is_array ( $this -> config [ $key ])
&& count ( $this -> config [ $key ]) == 1
&& empty ( $this -> config [ $key ][ 0 ])) {
$this -> config [ $key ] = array ();
}
}
2013-02-06 17:30:17 +04:00
if (( strpos ( $this -> config [ 'ldapHost' ], 'ldaps' ) === 0 )
&& $this -> config [ 'ldapTLS' ]) {
$this -> config [ 'ldapTLS' ] = false ;
2013-02-07 19:05:45 +04:00
\OCP\Util :: writeLog ( 'user_ldap' , 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.' , \OCP\Util :: INFO );
2013-02-06 17:30:17 +04:00
}
2013-01-31 04:46:34 +04:00
2012-08-23 20:29:43 +04:00
2012-07-25 14:37:39 +04:00
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
$configurationOK = true ;
if ( empty ( $this -> config [ 'ldapHost' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No LDAP host given, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if ( empty ( $this -> config [ 'ldapPort' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No LDAP Port given, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if (( empty ( $this -> config [ 'ldapAgentName' ]) && ! empty ( $this -> config [ 'ldapAgentPassword' ]))
|| ( ! empty ( $this -> config [ 'ldapAgentName' ]) && empty ( $this -> config [ 'ldapAgentPassword' ]))) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
//TODO: check if ldapAgentName is in DN form
if ( empty ( $this -> config [ 'ldapBase' ]) && ( empty ( $this -> config [ 'ldapBaseUsers' ]) && empty ( $this -> config [ 'ldapBaseGroups' ]))) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No Base DN given, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if ( empty ( $this -> config [ 'ldapUserDisplayName' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No user display name attribute specified, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if ( empty ( $this -> config [ 'ldapGroupDisplayName' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No group display name attribute specified, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if ( empty ( $this -> config [ 'ldapLoginFilter' ])) {
\OCP\Util :: writeLog ( 'user_ldap' , 'No login filter specified, won`t connect.' , \OCP\Util :: WARN );
$configurationOK = false ;
}
if ( mb_strpos ( $this -> config [ 'ldapLoginFilter' ], '%uid' , 0 , 'UTF-8' ) === false ) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Login filter does not contain %uid place holder, won`t connect.' , \OCP\Util :: WARN );
\OCP\Util :: writeLog ( 'user_ldap' , 'Login filter was ' . $this -> config [ 'ldapLoginFilter' ], \OCP\Util :: DEBUG );
$configurationOK = false ;
}
return $configurationOK ;
}
2013-01-18 16:35:40 +04:00
/**
2013-01-31 20:51:59 +04:00
* @ returns an associative array with the default values . Keys are correspond
* to config - value entries in the database table
2013-01-18 16:35:40 +04:00
*/
public function getDefaults () {
return array (
'ldap_host' => '' ,
'ldap_port' => '389' ,
'ldap_backup_host' => '' ,
'ldap_backup_port' => '' ,
'ldap_override_main_server' => '' ,
'ldap_dn' => '' ,
'ldap_agent_password' => '' ,
'ldap_base' => '' ,
'ldap_base_users' => '' ,
'ldap_base_groups' => '' ,
'ldap_userlist_filter' => 'objectClass=person' ,
'ldap_login_filter' => 'uid=%uid' ,
'ldap_group_filter' => 'objectClass=posixGroup' ,
'ldap_display_name' => 'cn' ,
'ldap_group_display_name' => 'cn' ,
'ldap_tls' => 1 ,
'ldap_nocase' => 0 ,
'ldap_quota_def' => '' ,
'ldap_quota_attr' => '' ,
'ldap_email_attr' => '' ,
'ldap_group_member_assoc_attribute' => 'uniqueMember' ,
'ldap_cache_ttl' => 600 ,
'ldap_uuid_attribute' => 'auto' ,
'ldap_override_uuid_attribute' => 0 ,
2013-01-24 02:46:55 +04:00
'home_folder_naming_rule' => 'opt:username' ,
2013-01-20 21:02:44 +04:00
'ldap_turn_off_cert_check' => 0 ,
2013-01-25 01:39:05 +04:00
'ldap_configuration_active' => 1 ,
2013-01-31 04:46:34 +04:00
'ldap_attributes_for_user_search' => '' ,
'ldap_attributes_for_group_search' => '' ,
2013-01-18 16:35:40 +04:00
);
}
2012-07-25 14:37:39 +04:00
/**
* Connects and Binds to LDAP
*/
private function establishConnection () {
2013-01-25 01:39:05 +04:00
if ( ! $this -> config [ 'ldapConfigurationActive' ]) {
return null ;
}
2012-07-25 20:40:48 +04:00
static $phpLDAPinstalled = true ;
if ( ! $phpLDAPinstalled ) {
return false ;
}
2012-07-25 14:37:39 +04:00
if ( ! $this -> configured ) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Configuration is invalid, cannot connect' , \OCP\Util :: WARN );
return false ;
}
if ( ! $this -> ldapConnectionRes ) {
2012-07-25 20:40:48 +04:00
if ( ! function_exists ( 'ldap_connect' )) {
$phpLDAPinstalled = false ;
\OCP\Util :: writeLog ( 'user_ldap' , 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.' , \OCP\Util :: ERROR );
return false ;
}
2012-08-06 01:00:47 +04:00
if ( $this -> config [ 'turnOffCertCheck' ]) {
if ( putenv ( 'LDAPTLS_REQCERT=never' )) {
\OCP\Util :: writeLog ( 'user_ldap' , 'Turned off SSL certificate validation successfully.' , \OCP\Util :: WARN );
} else {
\OCP\Util :: writeLog ( 'user_ldap' , 'Could not turn off SSL certificate validation.' , \OCP\Util :: WARN );
}
}
2013-01-17 16:31:14 +04:00
if ( ! $this -> config [ 'ldapOverrideMainServer' ] && ! $this -> getFromCache ( 'overrideMainServer' )) {
$this -> doConnect ( $this -> config [ 'ldapHost' ], $this -> config [ 'ldapPort' ]);
$bindStatus = $this -> bind ();
2013-02-06 17:32:00 +04:00
$error = is_resource ( $this -> ldapConnectionRes ) ? ldap_errno ( $this -> ldapConnectionRes ) : - 1 ;
2013-01-17 16:46:32 +04:00
} else {
$bindStatus = false ;
2013-01-17 16:56:37 +04:00
$error = null ;
2013-01-17 16:31:14 +04:00
}
$error = null ;
//if LDAP server is not reachable, try the Backup (Replica!) Server
2013-01-17 16:56:37 +04:00
if (( ! $bindStatus && ( $error == - 1 ))
2013-01-17 16:31:14 +04:00
|| $this -> config [ 'ldapOverrideMainServer' ]
|| $this -> getFromCache ( 'overrideMainServer' )) {
$this -> doConnect ( $this -> config [ 'ldapBackupHost' ], $this -> config [ 'ldapBackupPort' ]);
$bindStatus = $this -> bind ();
if ( $bindStatus && $error == - 1 ) {
2013-01-17 16:56:37 +04:00
//when bind to backup server succeeded and failed to main server,
//skip contacting him until next cache refresh
2013-01-17 16:31:14 +04:00
$this -> writeToCache ( 'overrideMainServer' , true );
2012-07-25 14:37:39 +04:00
}
}
2013-01-17 16:31:14 +04:00
return $bindStatus ;
}
}
2012-07-25 14:37:39 +04:00
2013-01-17 16:31:14 +04:00
private function doConnect ( $host , $port ) {
2013-02-06 17:32:00 +04:00
if ( empty ( $host )) {
return false ;
}
2013-01-17 16:31:14 +04:00
$this -> ldapConnectionRes = ldap_connect ( $host , $port );
if ( ldap_set_option ( $this -> ldapConnectionRes , LDAP_OPT_PROTOCOL_VERSION , 3 )) {
if ( ldap_set_option ( $this -> ldapConnectionRes , LDAP_OPT_REFERRALS , 0 )) {
if ( $this -> config [ 'ldapTLS' ]) {
ldap_start_tls ( $this -> ldapConnectionRes );
}
}
2012-07-25 14:37:39 +04:00
}
}
/**
* Binds to LDAP
*/
public function bind () {
2013-01-25 01:39:05 +04:00
if ( ! $this -> config [ 'ldapConfigurationActive' ]) {
return false ;
}
2013-02-06 17:32:00 +04:00
$cr = $this -> getConnectionResource ();
if ( ! is_resource ( $cr )) {
return false ;
}
$ldapLogin = @ ldap_bind ( $cr , $this -> config [ 'ldapAgentName' ], $this -> config [ 'ldapAgentPassword' ]);
2012-07-25 14:37:39 +04:00
if ( ! $ldapLogin ) {
2013-02-06 17:32:00 +04:00
\OCP\Util :: writeLog ( 'user_ldap' , 'Bind failed: ' . ldap_errno ( $cr ) . ': ' . ldap_error ( $cr ), \OCP\Util :: ERROR );
2012-07-25 14:37:39 +04:00
$this -> ldapConnectionRes = null ;
return false ;
}
return true ;
}
2012-09-19 17:35:50 +04:00
}