mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Style cleanup user_ldap

This commit is contained in:
Bart Visscher 2013-02-14 22:16:48 +01:00
parent bfe6334cd9
commit 1ef2ecd6e8
9 changed files with 217 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/user_ldap/ajax/testConfiguration.php
View File

@ -32,10 +32,14 @@ $connection = new \OCA\user_ldap\lib\Connection('', null);
if($connection->setConfiguration($_POST)) {
//Configuration is okay
if($connection->bind()) {
OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!')));
OCP\JSON::success(array('message'
=> $l->t('The configuration is valid and the connection could be established!')));
} else {
OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
OCP\JSON::error(array('message'
=> $l->t('The configuration is valid, but the Bind failed.'
.' Please check the server settings and credentials.')));
}
} else {
OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
OCP\JSON::error(array('message'
=> $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
}

4
apps/user_ldap/appinfo/app.php
View File

@ -51,5 +51,7 @@ $entry = array(
OCP\Backgroundjob::addRegularTask('OCA\user_ldap\lib\Jobs', 'updateGroups');
if(OCP\App::isEnabled('user_webdavauth')) {
OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', OCP\Util::WARN);
OCP\Util::writeLog('user_ldap',
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
OCP\Util::WARN);
}

4
apps/user_ldap/appinfo/update.php
View File

@ -58,7 +58,9 @@ foreach($objects as $object) {
try {
$updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
} catch(Exception $e) {
\OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ',
\OCP\Util::WARN);
}
}

18
apps/user_ldap/group_ldap.php
View File

@ -177,7 +177,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if($isMemberUid) {
//we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
\OCP\Util::mb_str_replace('%uid', $member,
$this->connection>ldapLoginFilter, 'UTF-8'),
$this->getFilterPartForUserSearch($search)
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
@ -188,7 +189,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
} else {
//we got DNs, check if we need to filter by search or we can give back all of them
if(!empty($search)) {
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
if(!$this->readAttribute($member,
$this->connection->ldapUserDisplayName,
$this->getFilterPartForUserSearch($search))) {
continue;
}
}
@ -225,7 +228,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
return $ldap_groups;
}
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
// error. With a limit of 0, we get 0 results. So we pass null.
if($limit <= 0) {
$limit = null;
}
@ -234,7 +238,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
$this->getFilterPartForGroupSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'),
$limit, $offset);
$ldap_groups = $this->ownCloudGroupNames($ldap_groups);
$this->connection->writeToCache($cachekey, $ldap_groups);
@ -282,7 +287,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
* compared with OC_USER_BACKEND_CREATE_USER etc.
*/
public function implementsActions($actions) {
//always returns false, because possible actions are modifying actions. We do not write to LDAP, at least for now.
//always returns false, because possible actions are modifying
// actions. We do not write to LDAP, at least for now.
return false;
}
}
}

62
apps/user_ldap/lib/access.php
View File

@ -48,7 +48,9 @@ abstract class Access {
*/
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
if(!$this->checkConnection()) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No LDAP Connector assigned, access impossible for readAttribute.',
\OCP\Util::WARN);
return false;
}
$cr = $this->connection->getConnectionResource();
@ -123,7 +125,8 @@ abstract class Access {
return $result;
}
//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
//OID sometimes gives back DNs with whitespace after the comma
// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
//make comparisons and everything work
@ -218,7 +221,8 @@ abstract class Access {
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
* returns the internal ownCloud name for the given LDAP DN of the
* group, false on DN outside of search DN or failure
*/
public function dn2groupname($dn, $ldapname = null) {
//To avoid bypassing the base DN settings under certain circumstances
@ -646,7 +650,9 @@ abstract class Access {
$sr = ldap_search($linkResources, $base, $filter, $attr);
$error = ldap_errno($link_resource);
if(!is_array($sr) || $error > 0) {
\OCP\Util::writeLog('user_ldap', 'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource), \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource),
\OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
return array();
}
@ -668,7 +674,9 @@ abstract class Access {
if($skipHandling) {
return;
}
//if count is bigger, then the server does not support paged search. Instead, he did a normal search. We set a flag here, so the callee knows how to deal with it.
// if count is bigger, then the server does not support
// paged search. Instead, he did a normal search. We set a
// flag here, so the callee knows how to deal with it.
if($findings['count'] <= $limit) {
$this->pagedSearchedSuccessful = true;
}
@ -702,7 +710,9 @@ abstract class Access {
$key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) {
if($key != 'dn') {
$selection[$i][$key] = $this->resemblesDN($key) ? $this->sanitizeDN($item[$key][0]) : $item[$key][0];
$selection[$i][$key] = $this->resemblesDN($key) ?
$this->sanitizeDN($item[$key][0])
: $item[$key][0];
} else {
$selection[$i][$key] = $this->sanitizeDN($item[$key]);
}
@ -806,7 +816,9 @@ abstract class Access {
* @return string the final filter part to use in LDAP searches
*/
public function getFilterPartForUserSearch($search) {
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
return $this->getFilterPartForSearch($search,
$this->connection->ldapAttributesForUserSearch,
$this->connection->ldapUserDisplayName);
}
/**
@ -815,7 +827,9 @@ abstract class Access {
* @return string the final filter part to use in LDAP searches
*/
public function getFilterPartForGroupSearch($search) {
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
return $this->getFilterPartForSearch($search,
$this->connection->ldapAttributesForGroupSearch,
$this->connection->ldapGroupDisplayName);
}
/**
@ -874,13 +888,15 @@ abstract class Access {
foreach($testAttributes as $attribute) {
\OCP\Util::writeLog('user_ldap', 'Testing '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
$value = $this->readAttribute($dn, $attribute);
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
$value = $this->readAttribute($dn, $attribute);
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
\OCP\Util::writeLog('user_ldap', 'Setting '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
$this->connection->ldapUuidAttribute = $attribute;
return true;
}
\OCP\Util::writeLog('user_ldap', 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), \OCP\Util::DEBUG);
}
\OCP\Util::writeLog('user_ldap',
'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true),
\OCP\Util::DEBUG);
}
return false;
@ -888,7 +904,9 @@ abstract class Access {
public function getUUID($dn) {
if($this->detectUuidAttribute($dn)) {
\OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute,
\OCP\Util::DEBUG);
$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
$this->detectUuidAttribute($dn, true);
@ -1027,13 +1045,20 @@ abstract class Access {
$pagedSearchOK = false;
if($this->connection->hasPagedResultSupport && !is_null($limit)) {
$offset = intval($offset); //can be null
\OCP\Util::writeLog('user_ldap', 'initializing paged search for Filter'.$filter.' base '.print_r($bases, true).' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset, \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'initializing paged search for Filter'.$filter.' base '.print_r($bases, true)
.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
\OCP\Util::INFO);
//get the cookie from the search for the previous search, required by LDAP
foreach($bases as $base) {
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
if(empty($cookie) && ($offset > 0)) {
//no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?)
// no cookie known, although the offset
// is not 0. Maybe cache run out. We need
// to start all over *sigh* (btw, Dear
// Reader, did you need LDAP paged
// searching was designed by MSFT?)
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
@ -1049,13 +1074,16 @@ abstract class Access {
if($offset > 0) {
\OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO);
}
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie);
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(),
$limit, false, $cookie);
if(!$pagedSearchOK) {
return false;
}
\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO);
} else {
\OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset, \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
\OCP\Util::INFO);
}
}

86
apps/user_ldap/lib/connection.php
View File

@ -76,7 +76,8 @@ class Connection {
$this->configPrefix = $configPrefix;
$this->configID = $configID;
$this->cache = \OC_Cache::getGlobalCache();
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result')
&& function_exists('ldap_control_paged_result_response'));
}
public function __destruct() {
@ -235,7 +236,7 @@ class Connection {
$this->config['turnOffCertCheck']
= $this->$v('ldap_turn_off_cert_check');
$this->config['ldapUserDisplayName']
= mb_strtolower($this->$v('ldap_display_name'),'UTF-8');
= mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
$this->config['ldapUserFilter']
= $this->$v('ldap_userlist_filter');
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
@ -274,9 +275,36 @@ class Connection {
* @return returns an array that maps internal variable names to database fields
*/
private function getConfigTranslationArray() {
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
static $array = array(
'ldap_host'=>'ldapHost',
'ldap_port'=>'ldapPort',
'ldap_backup_host'=>'ldapBackupHost',
'ldap_backup_port'=>'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn'=>'ldapAgentName',
'ldap_agent_password'=>'ldapAgentPassword',
'ldap_base'=>'ldapBase',
'ldap_base_users'=>'ldapBaseUsers',
'ldap_base_groups'=>'ldapBaseGroups',
'ldap_userlist_filter'=>'ldapUserFilter',
'ldap_login_filter'=>'ldapLoginFilter',
'ldap_group_filter'=>'ldapGroupFilter',
'ldap_display_name'=>'ldapUserDisplayName',
'ldap_group_display_name'=>'ldapGroupDisplayName',
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
'ldap_tls'=>'ldapTLS',
'ldap_nocase'=>'ldapNoCase',
'ldap_quota_def'=>'ldapQuotaDefault',
'ldap_quota_attr'=>'ldapQuotaAttribute',
'ldap_email_attr'=>'ldapEmailAttribute',
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
'ldap_cache_ttl'=>'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch'
);
return $array;
}
@ -387,7 +415,8 @@ class Connection {
* @returns true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
// first step: "soft" checks: settings that are not really
// necessary, but advisable. If left empty, give an info message
if(empty($this->config['ldapBaseUsers'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
@ -397,11 +426,16 @@ class Connection {
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'No group filter is specified, LDAP group feature will not be used.',
\OCP\Util::INFO);
}
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid'))
&& (!is_null($this->configID))) {
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'Illegal value for the UUID Attribute, reset to autodetect.',
\OCP\Util::INFO);
}
if(empty($this->config['ldapBackupPort'])) {
//force default
@ -417,7 +451,9 @@ class Connection {
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
&& $this->config['ldapTLS']) {
$this->config['ldapTLS'] = false;
\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
\OCP\Util::INFO);
}
@ -434,20 +470,28 @@ class Connection {
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
if(empty($this->config['ldapBase'])
&& (empty($this->config['ldapBaseUsers'])
&& empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapUserDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No user display name attribute specified, won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapGroupDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No group display name attribute specified, won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapLoginFilter'])) {
@ -455,7 +499,9 @@ class Connection {
$configurationOK = false;
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Login filter does not contain %uid place holder, won`t connect.',
\OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$configurationOK = false;
}
@ -519,13 +565,17 @@ class Connection {
if(!$this->ldapConnectionRes) {
if(!function_exists('ldap_connect')) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
\OCP\Util::ERROR);
return false;
}
if($this->config['turnOffCertCheck']) {
if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Turned off SSL certificate validation successfully.',
\OCP\Util::WARN);
} else {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
}
@ -583,7 +633,9 @@ class Connection {
}
$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr),
\OCP\Util::ERROR);
$this->ldapConnectionRes = null;
return false;
}

34
apps/user_ldap/lib/jobs.php
View File

@ -42,7 +42,9 @@ class Jobs {
$actualGroups = self::getGroupBE()->getGroups();
if(empty($actualGroups) && empty($knownGroups)) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" groups do not seem to be configured properly, aborting.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" groups do not seem to be configured properly, aborting.',
\OCP\Util::INFO);
\OCP\Config::setAppValue('user_ldap', 'bgjUpdateGroupsLastRun', time());
return;
}
@ -75,19 +77,25 @@ class Jobs {
$hasChanged = false;
foreach(array_diff($knownUsers, $actualUsers) as $removedUser) {
\OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group));
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" "'.$removedUser.'" removed from "'.$group.'".', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" "'.$removedUser.'" removed from "'.$group.'".',
\OCP\Util::INFO);
$hasChanged = true;
}
foreach(array_diff($actualUsers, $knownUsers) as $addedUser) {
\OCP\Util::emitHook('OC_User', 'post_addFromGroup', array('uid' => $addedUser, 'gid' => $group));
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" "'.$addedUser.'" added to "'.$group.'".', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" "'.$addedUser.'" added to "'.$group.'".',
\OCP\Util::INFO);
$hasChanged = true;
}
if($hasChanged) {
$query->execute(array(serialize($actualUsers), $group));
}
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" FINISHED dealing with known Groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" FINISHED dealing with known Groups.',
\OCP\Util::DEBUG);
}
static private function handleCreatedGroups($createdGroups) {
@ -98,11 +106,15 @@ class Jobs {
VALUES (?, ?)
');
foreach($createdGroups as $createdGroup) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" new group "'.$createdGroup.'" found.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" new group "'.$createdGroup.'" found.',
\OCP\Util::INFO);
$users = serialize(self::getGroupBE()->usersInGroup($createdGroup));
$query->execute(array($createdGroup, $users));
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" FINISHED dealing with created Groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" FINISHED dealing with created Groups.',
\OCP\Util::DEBUG);
}
static private function handleRemovedGroups($removedGroups) {
@ -113,10 +125,14 @@ class Jobs {
WHERE `owncloudname` = ?
');
foreach($removedGroups as $removedGroup) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" group "'.$removedGroup.'" was removed.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" group "'.$removedGroup.'" was removed.',
\OCP\Util::INFO);
$query->execute(array($removedGroup));
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" FINISHED dealing with removed groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" FINISHED dealing with removed groups.',
\OCP\Util::DEBUG);
}
static private function getConnector() {
@ -154,4 +170,4 @@ class Jobs {
return self::$groupsFromDB;
}
}
}

52
apps/user_ldap/templates/settings.php
View File

@ -5,26 +5,56 @@
<li><a href="#ldapSettings-2">Advanced</a></li>
</ul>
<?php if(OCP\App::isEnabled('user_webdavauth')) {
echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'</p>';
echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible.'
.' You may experience unexpected behaviour.'
.' Please ask your system administrator to disable one of them.').'</p>';
}
if(!function_exists('ldap_connect')) {
echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>';
echo '<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed,'
.' the backend will not work. Please ask your system administrator to install it.').'</p>';
}
?>
<fieldset id="ldapSettings-1">
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label>
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<?php echo $_['serverConfigurationOptions']; ?>
<option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
</select>
<button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button>
<button id="ldap_action_delete_configuration"
name="ldap_action_delete_configuration">Delete Configuration</button>
</p>
<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
<p><label for="ldap_host"><?php echo $l->t('Host');?></label>
<input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>"
title="<?php echo $l->t('You can omit the protocol, except you require SSL.'
.' Then start with ldaps://');?>"></p>
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label>
<textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>"
title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"
data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label>
<input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>"
title="<?php echo $l->t('The DN of the client user with which the bind shall be done,'
.' e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label>
<input type="password" id="ldap_agent_password" name="ldap_agent_password"
data-default="<?php echo $_['ldap_agent_password_default']; ?>"
title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label>
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
data-default="<?php echo $_['ldap_login_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when login is attempted.'
.' %%uid replaces the username in the login action.');?>" />
<br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label>
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
data-default="<?php echo $_['ldap_userlist_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" />
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label>
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
data-default="<?php echo $_['ldap_group_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" />
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
</fieldset>
<fieldset id="ldapSettings-2">
<div id="ldapAdvancedAccordion">

18
apps/user_ldap/user_ldap.php
View File

@ -112,7 +112,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
return $ldap_users;
}
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
// error. With a limit of 0, we get 0 results. So we pass null.
if($limit <= 0) {
$limit = null;
}
@ -121,9 +122,12 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
$this->getFilterPartForUserSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
\OCP\Util::DEBUG);
//do the search and translate results to owncloud names
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'), $limit, $offset);
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'),
$limit, $offset);
$ldap_users = $this->ownCloudUserNames($ldap_users);
\OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG);
@ -189,11 +193,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
//check for / at the beginning or pattern c:\ resp. c:/
if(
'/' == $path[0]
|| (3 < strlen($path) && ctype_alpha($path[0]) && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
|| (3 < strlen($path) && ctype_alpha($path[0])
&& $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
) {
$homedir = $path;
} else {
$homedir = \OCP\Config::getSystemValue('datadirectory', \OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
$homedir = \OCP\Config::getSystemValue('datadirectory',
\OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
}
$this->connection->writeToCache($cacheKey, $homedir);
return $homedir;
@ -267,4 +273,4 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
public function hasUserListings() {
return true;
}
}
}