From c8e57d5460e9b6b94f5730bcc5ca8197c42188ab Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 23 Jun 2011 22:51:25 +0200
Subject: [PATCH 1/5] Add user_ldap plugin

---
 apps/user_ldap/appinfo/app.php        | 36 ++++++++++++++++
 apps/user_ldap/appinfo/info.xml       | 10 +++++
 apps/user_ldap/settings.php           | 48 +++++++++++++++++++++
 apps/user_ldap/templates/settings.php | 24 +++++++++++
 apps/user_ldap/user_ldap.php          | 62 +++++++++++++++++++++++++++
 5 files changed, 180 insertions(+)
 create mode 100644 apps/user_ldap/appinfo/app.php
 create mode 100644 apps/user_ldap/appinfo/info.xml
 create mode 100644 apps/user_ldap/settings.php
 create mode 100644 apps/user_ldap/templates/settings.php
 create mode 100644 apps/user_ldap/user_ldap.php

diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
new file mode 100644
index 0000000000..f7ce4f87a6
--- /dev/null
+++ b/apps/user_ldap/appinfo/app.php
@@ -0,0 +1,36 @@
+<?php
+
+/**
+* ownCloud - user_ldap
+*
+* @author Dominik Schmidt
+* @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+require_once('apps/user_ldap/user_ldap.php');
+
+// register user backend
+OC_USER::useBackend( "LDAP" );
+
+// add settings page to navigation
+$entry = array(
+	'id' => "user_ldap_settings",
+	'order'=>1,
+	'href' => OC_HELPER::linkTo( "user_ldap", "settings.php" ),
+	'name' => 'LDAP'
+);
+OC_APP::addNavigationSubEntry( "core_users", $entry);
diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml
new file mode 100644
index 0000000000..9a6ee1436f
--- /dev/null
+++ b/apps/user_ldap/appinfo/info.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<info>
+	<id>user_ldap</id>
+	<name>LDAP user backend</name>
+	<description>Authenticate Users by LDAP</description>
+	<version>0.1</version>
+	<licence>AGPL</licence>
+	<author>Dominik Schmidt</author>
+	<require>2</require>
+</info>
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
new file mode 100644
index 0000000000..22f817e7ca
--- /dev/null
+++ b/apps/user_ldap/settings.php
@@ -0,0 +1,48 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Dominik Schmidt
+ * @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once('../../lib/base.php');
+require( 'template.php' );
+
+if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' )){
+	header( "Location: ".OC_HELPER::linkTo( "index.php" ));
+	exit();
+}
+
+$params = array('ldap_host', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter');
+
+foreach($params as $param){
+	if(isset($_POST[$param])){
+		OC_APPCONFIG::setValue('user_ldap', $param, $_POST[$param]);
+	}
+}
+OC_APP::setActiveNavigationEntry( "user_ldap_settings" );
+
+
+// fill template
+$tmpl = new OC_TEMPLATE( 'user_ldap', 'settings', 'admin' );
+foreach($params as $param){
+		$value = OC_APPCONFIG::getValue('user_ldap', $param,'');
+		$tmpl->assign($param, $value);
+}
+$tmpl->printPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
new file mode 100644
index 0000000000..5f7ee671ce
--- /dev/null
+++ b/apps/user_ldap/templates/settings.php
@@ -0,0 +1,24 @@
+<form id="ldap" action='#' method='post'>
+	<fieldset>
+		<legend>LDAP</legend>
+		<div>
+			<div>
+				<span>Host: *</span><span><input type="text" name="ldap_host" width="200" value="<?php echo $_['ldap_host']; ?>"></span>
+			</div>
+			<div>
+				<span>DN:<input type="text" name="ldap_dn" width="200" value="<?php echo $_['ldap_dn']; ?>"></span>
+			</div>
+			<div>
+				<span>Password:<input type="text" name="ldap_password" width="200" value="<?php echo $_['ldap_password']; ?>"></span>
+			</div>
+			<div>
+				<span>Base: *<input type="text" name="ldap_base" width="200" value="<?php echo $_['ldap_base']; ?>"></span>
+			</div>
+			<div>
+				<span>Filter * (use %uid placeholder):<input type="text" name="ldap_filter" width="200" value="<?php echo $_['ldap_filter']; ?>"></span>
+			</div>
+		</div>
+		<input type='submit' value='Save'/>
+		<br/> * required
+	</fieldset>
+</form>
\ No newline at end of file
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
new file mode 100644
index 0000000000..52f8806429
--- /dev/null
+++ b/apps/user_ldap/user_ldap.php
@@ -0,0 +1,62 @@
+<?php
+
+/**
+ * ownCloud
+ *
+ * @author Dominik Schmidt
+ * @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+require_once('User/backend.php');
+
+class OC_USER_LDAP extends OC_USER_BACKEND {
+
+	public function checkPassword( $uid, $password ) {
+		$ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host','');
+		$ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn','');
+		$ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password','');
+		$ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base','');
+		$ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter','');
+
+		// connect to server
+		$ds = ldap_connect( $ldap_host );
+		if( !$ds )
+			return false;
+
+		// login for search
+		if(!empty($ldap_dn)) {
+			$ldap_login = @ldap_bind( $ds, $ldap_dn, $ldap_password );
+			if(!$ldap_login)
+				return false;
+		}
+
+		// get dn
+		$filter = str_replace("%uid", $uid, $ldap_filter);
+		$sr = ldap_search( $ds, $ldap_base, $filter );
+		$entries = ldap_get_entries( $ds, $sr );
+
+		if( $entries["count"] == 0 )
+			return false;
+
+		$dn = $entries[0]["dn"];
+		$result = @ldap_bind( $ds, $dn, $password );
+
+		return $result;
+	}
+}
+
+?>

From 612f8cb9546a0607defe7a0ff5fd8048bbfdf92c Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 23 Jun 2011 23:17:10 +0200
Subject: [PATCH 2/5] user_ldap: add port setting

---
 apps/user_ldap/appinfo/app.php        | 3 +++
 apps/user_ldap/settings.php           | 6 +++++-
 apps/user_ldap/templates/settings.php | 3 +++
 apps/user_ldap/user_ldap.php          | 5 ++++-
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index f7ce4f87a6..67b61989f7 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -23,6 +23,9 @@
 
 require_once('apps/user_ldap/user_ldap.php');
 
+// define LDAP_DEFAULT_PORT
+define("OC_USER_BACKEND_LDAP_DEFAULT_PORT", 389);
+
 // register user backend
 OC_USER::useBackend( "LDAP" );
 
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 22f817e7ca..f7aff1b461 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -29,7 +29,7 @@ if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( OC_USER::getUser(), 'admin' ))
 	exit();
 }
 
-$params = array('ldap_host', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_filter');
 
 foreach($params as $param){
 	if(isset($_POST[$param])){
@@ -45,4 +45,8 @@ foreach($params as $param){
 		$value = OC_APPCONFIG::getValue('user_ldap', $param,'');
 		$tmpl->assign($param, $value);
 }
+
+// ldap_port has a default value
+$tmpl->assign( 'ldap_port', OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
+
 $tmpl->printPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 5f7ee671ce..0145736e80 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -5,6 +5,9 @@
 			<div>
 				<span>Host: *</span><span><input type="text" name="ldap_host" width="200" value="<?php echo $_['ldap_host']; ?>"></span>
 			</div>
+			<div>
+				<span>Port: *</span><span><input type="text" name="ldap_port" width="200" value="<?php echo $_['ldap_port']; ?>"></span>
+			</div>
 			<div>
 				<span>DN:<input type="text" name="ldap_dn" width="200" value="<?php echo $_['ldap_dn']; ?>"></span>
 			</div>
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 52f8806429..cd4a92a7b1 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -25,15 +25,18 @@ require_once('User/backend.php');
 
 class OC_USER_LDAP extends OC_USER_BACKEND {
 
+
+
 	public function checkPassword( $uid, $password ) {
 		$ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host','');
+		$ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
 		$ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn','');
 		$ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password','');
 		$ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base','');
 		$ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter','');
 
 		// connect to server
-		$ds = ldap_connect( $ldap_host );
+		$ds = ldap_connect( $ldap_host, $ldap_port );
 		if( !$ds )
 			return false;
 

From d4618d633a2240c15b19c8c2b40fb05f1d2d7334 Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 23 Jun 2011 23:19:04 +0200
Subject: [PATCH 3/5] user_ldap: use input-type-password for ldap_password

---
 apps/user_ldap/templates/settings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 0145736e80..5dddb71a02 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -12,7 +12,7 @@
 				<span>DN:<input type="text" name="ldap_dn" width="200" value="<?php echo $_['ldap_dn']; ?>"></span>
 			</div>
 			<div>
-				<span>Password:<input type="text" name="ldap_password" width="200" value="<?php echo $_['ldap_password']; ?>"></span>
+				<span>Password:<input type="password" name="ldap_password" width="200" value="<?php echo $_['ldap_password']; ?>"></span>
 			</div>
 			<div>
 				<span>Base: *<input type="text" name="ldap_base" width="200" value="<?php echo $_['ldap_base']; ?>"></span>

From 5f29f8a8310823ed99b0d627ea03c9ff3e5efcb3 Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 23 Jun 2011 23:41:02 +0200
Subject: [PATCH 4/5] user_ldap: implement userExists

---
 apps/user_ldap/user_ldap.php | 70 +++++++++++++++++++++++++-----------
 1 file changed, 49 insertions(+), 21 deletions(-)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index cd4a92a7b1..1718a307cc 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -25,41 +25,69 @@ require_once('User/backend.php');
 
 class OC_USER_LDAP extends OC_USER_BACKEND {
 
+	protected $ds;
 
+	// cached settings
+	protected $ldap_host;
+	protected $ldap_port;
+	protected $ldap_dn;
+	protected $ldap_password;
+	protected $ldap_base;
+	protected $ldap_filter;
 
-	public function checkPassword( $uid, $password ) {
-		$ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host','');
-		$ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
-		$ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn','');
-		$ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password','');
-		$ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base','');
-		$ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter','');
+	function __construct() {
+		$this->ldap_host = OC_APPCONFIG::getValue('user_ldap', 'ldap_host','');
+		$this->ldap_port = OC_APPCONFIG::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT	);
+		$this->ldap_dn = OC_APPCONFIG::getValue('user_ldap', 'ldap_dn','');
+		$this->ldap_password = OC_APPCONFIG::getValue('user_ldap', 'ldap_password','');
+		$this->ldap_base = OC_APPCONFIG::getValue('user_ldap', 'ldap_base','');
+		$this->ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter','');
+	}
 
-		// connect to server
-		$ds = ldap_connect( $ldap_host, $ldap_port );
-		if( !$ds )
-			return false;
+	private function getDs() {
+		if(!$this->ds) {
+			$this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );
+		}
 
-		// login for search
-		if(!empty($ldap_dn)) {
-			$ldap_login = @ldap_bind( $ds, $ldap_dn, $ldap_password );
+		// login
+		if(!empty($this->ldap_dn)) {
+			$ldap_login = @ldap_bind( $this->ds, $this->ldap_dn, $this->ldap_password );
 			if(!$ldap_login)
 				return false;
 		}
 
+		return $this->ds;
+	}
+
+	private function getDn( $uid ) {
+		// connect to server
+		$ds = $this->getDs();
+		if( !$ds )
+			return false;
+
 		// get dn
-		$filter = str_replace("%uid", $uid, $ldap_filter);
-		$sr = ldap_search( $ds, $ldap_base, $filter );
-		$entries = ldap_get_entries( $ds, $sr );
+		$filter = str_replace("%uid", $uid, $this->ldap_filter);
+		$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
+		$entries = ldap_get_entries( $this->getDs(), $sr );
 
 		if( $entries["count"] == 0 )
 			return false;
 
-		$dn = $entries[0]["dn"];
-		$result = @ldap_bind( $ds, $dn, $password );
-
-		return $result;
+		return $entries[0]["dn"];
 	}
+	public function checkPassword( $uid, $password ) {
+		$dn = $this->getDn( $uid );
+		if( !$dn )
+			return false;
+
+		return @ldap_bind( $this->getDs(), $dn, $password );
+	}
+
+	public function userExists( $uid ) {
+		$dn = getDn($uid);
+		return !empty($dn);
+	}
+
 }
 
 ?>

From 735738fe6fbdc3afb6a9fd1d5fbec36b5020f9aa Mon Sep 17 00:00:00 2001
From: Dominik Schmidt <dev@dominik-schmidt.de>
Date: Thu, 23 Jun 2011 23:54:39 +0200
Subject: [PATCH 5/5] user_ldap: close ldap connection in dtor

---
 apps/user_ldap/user_ldap.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 1718a307cc..1ee9809b3b 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -44,6 +44,12 @@ class OC_USER_LDAP extends OC_USER_BACKEND {
 		$this->ldap_filter = OC_APPCONFIG::getValue('user_ldap', 'ldap_filter','');
 	}
 
+	function __destruct() {
+		// close the connection
+		if( $this->ds )
+			ldap_unbind($this->ds);
+	}
+
 	private function getDs() {
 		if(!$this->ds) {
 			$this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );