Ldap Wizard: find out whether server supports memberOf in LDAP Filter and disable group chooser if not
This commit is contained in:
parent
e87b091536
commit
162bfb231a
|
@ -216,9 +216,10 @@ var LdapWizard = {
|
||||||
}
|
}
|
||||||
LdapWizard.applyChanges(result);
|
LdapWizard.applyChanges(result);
|
||||||
$('#ldap_userfilter_groups').multiselect('refresh');
|
$('#ldap_userfilter_groups').multiselect('refresh');
|
||||||
|
$('#ldap_userfilter_groups').multiselect('enable');
|
||||||
},
|
},
|
||||||
function (result) {
|
function (result) {
|
||||||
//TODO: error handling
|
$('#ldap_userfilter_groups').multiselect('disable');
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
},
|
},
|
||||||
|
|
|
@ -25,8 +25,10 @@ namespace OCA\user_ldap\lib;
|
||||||
|
|
||||||
class Wizard extends LDAPUtility {
|
class Wizard extends LDAPUtility {
|
||||||
static protected $l;
|
static protected $l;
|
||||||
|
protected $cr;
|
||||||
protected $configuration;
|
protected $configuration;
|
||||||
protected $result;
|
protected $result;
|
||||||
|
protected $resultCache = array();
|
||||||
|
|
||||||
const LRESULT_PROCESSED_OK = 0;
|
const LRESULT_PROCESSED_OK = 0;
|
||||||
const LRESULT_PROCESSED_INVALID = 1;
|
const LRESULT_PROCESSED_INVALID = 1;
|
||||||
|
@ -71,12 +73,51 @@ class Wizard extends LDAPUtility {
|
||||||
}
|
}
|
||||||
|
|
||||||
$obclasses = array('posixGroup', 'group', '*');
|
$obclasses = array('posixGroup', 'group', '*');
|
||||||
return $this->determineFeature($obclasses,
|
$groups = $this->determineFeature($obclasses,
|
||||||
'cn',
|
'cn',
|
||||||
'ldap_userfilter_groups',
|
'ldap_userfilter_groups',
|
||||||
'ldapUserFilterGroups');
|
'ldapUserFilterGroups');
|
||||||
|
|
||||||
//TODO: Check, whether member-of-overlay is installed on the LDAP Server
|
$isMemberOfWorking = $this->testMemberOf($groups);
|
||||||
|
if(!$isMemberOfWorking) {
|
||||||
|
throw new \Exception('memberOf is not supported by the server');
|
||||||
|
}
|
||||||
|
|
||||||
|
return $this->result;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function testMemberOf($groups) {
|
||||||
|
$cr = $this->getConnection();
|
||||||
|
if(!$cr) {
|
||||||
|
throw new \Excpetion('Could not connect to LDAP');
|
||||||
|
}
|
||||||
|
if(!is_array($this->configuration->ldapBase)
|
||||||
|
|| !isset($this->configuration->ldapBase[0])) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$base = $this->configuration->ldapBase[0];
|
||||||
|
$filterPrefix = '(&(objectclass=*)(memberOf=';
|
||||||
|
|
||||||
|
foreach($this->resultCache as $dn => $properties) {
|
||||||
|
if(!isset($properties['cn'])) {
|
||||||
|
//assuming only groups have their cn cached :)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$filter = strtolower($filterPrefix . $dn.'))');
|
||||||
|
$rr = $this->ldap->search($cr, $base, $filter, array('dn'));
|
||||||
|
if(!$this->ldap->isResource($rr)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$entries = $this->ldap->countEntries($cr, $rr);
|
||||||
|
//we do not know which groups are empty, so test any and return
|
||||||
|
//success on the first match that returns at least one user
|
||||||
|
if(($entries !== false) && ($entries > 0)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -89,7 +130,6 @@ class Wizard extends LDAPUtility {
|
||||||
'ldapAgentName',
|
'ldapAgentName',
|
||||||
'ldapAgentPassword',
|
'ldapAgentPassword',
|
||||||
'ldapBase',
|
'ldapBase',
|
||||||
true
|
|
||||||
))) {
|
))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -100,10 +140,13 @@ class Wizard extends LDAPUtility {
|
||||||
|
|
||||||
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
|
$obclasses = array('inetOrgPerson', 'person', 'organizationalPerson',
|
||||||
'user', 'posixAccount', '*');
|
'user', 'posixAccount', '*');
|
||||||
return $this->determineFeature($obclasses,
|
$this->determineFeature($obclasses,
|
||||||
'objectclass',
|
'objectclass',
|
||||||
'ldap_userfilter_objectclass',
|
'ldap_userfilter_objectclass',
|
||||||
'ldapUserFilterObjectclass');
|
'ldapUserFilterObjectclass',
|
||||||
|
true);
|
||||||
|
|
||||||
|
return $this->result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -375,9 +418,12 @@ class Wizard extends LDAPUtility {
|
||||||
if($dn === false || in_array($dn, $dnRead)) {
|
if($dn === false || in_array($dn, $dnRead)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
$newItems = array();
|
||||||
$state = $this->getAttributeValuesFromEntry($attributes,
|
$state = $this->getAttributeValuesFromEntry($attributes,
|
||||||
$attr,
|
$attr,
|
||||||
$foundItems);
|
$newItems);
|
||||||
|
$foundItems = array_merge($foundItems, $newItems);
|
||||||
|
$this->resultCache[$dn][$attr] = $newItems;
|
||||||
$dnRead[] = $dn;
|
$dnRead[] = $dn;
|
||||||
$getEntryFunc = 'nextEntry';
|
$getEntryFunc = 'nextEntry';
|
||||||
$rr = $entry; //will be expected by nextEntry next round
|
$rr = $entry; //will be expected by nextEntry next round
|
||||||
|
@ -386,7 +432,7 @@ class Wizard extends LDAPUtility {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $foundItems;
|
return array_unique($foundItems);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -398,7 +444,7 @@ class Wizard extends LDAPUtility {
|
||||||
* Configuration class
|
* Configuration class
|
||||||
* @param $po boolean, whether the objectClass with most result entries
|
* @param $po boolean, whether the objectClass with most result entries
|
||||||
* shall be pre-selected via the result
|
* shall be pre-selected via the result
|
||||||
* @returns the instance's WizardResult instance
|
* @returns array, list of found items.
|
||||||
*/
|
*/
|
||||||
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
|
private function determineFeature($objectclasses, $attr, $dbkey, $confkey, $po = false) {
|
||||||
$cr = $this->getConnection();
|
$cr = $this->getConnection();
|
||||||
|
@ -430,7 +476,7 @@ class Wizard extends LDAPUtility {
|
||||||
$this->result->addChange($dbkey, $maxEntryObjC);
|
$this->result->addChange($dbkey, $maxEntryObjC);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->result;
|
return $availableFeatures;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -457,7 +503,6 @@ class Wizard extends LDAPUtility {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(!in_array($val, $known)) {
|
if(!in_array($val, $known)) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Found objclass '.$val, \OCP\Util::DEBUG);
|
|
||||||
$known[] = $val;
|
$known[] = $val;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -468,6 +513,9 @@ class Wizard extends LDAPUtility {
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getConnection() {
|
private function getConnection() {
|
||||||
|
if(!is_null($this->cr)) {
|
||||||
|
return $cr;
|
||||||
|
}
|
||||||
$cr = $this->ldap->connect(
|
$cr = $this->ldap->connect(
|
||||||
$this->configuration->ldapHost.':'.$this->configuration->ldapPort,
|
$this->configuration->ldapHost.':'.$this->configuration->ldapPort,
|
||||||
$this->configuration->ldapPort);
|
$this->configuration->ldapPort);
|
||||||
|
@ -482,6 +530,7 @@ class Wizard extends LDAPUtility {
|
||||||
$this->configuration->ldapAgentName,
|
$this->configuration->ldapAgentName,
|
||||||
$this->configuration->ldapAgentPassword);
|
$this->configuration->ldapAgentPassword);
|
||||||
if($lo === true) {
|
if($lo === true) {
|
||||||
|
$this->$cr = $cr;
|
||||||
return $cr;
|
return $cr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue