diff --git a/apps/user_ldap/ajax/clearMappings.php b/apps/user_ldap/ajax/clearMappings.php new file mode 100644 index 0000000000..5dab39839b --- /dev/null +++ b/apps/user_ldap/ajax/clearMappings.php @@ -0,0 +1,35 @@ +. + * + */ + +// Check user and app status +OCP\JSON::checkAdminUser(); +OCP\JSON::checkAppEnabled('user_ldap'); +OCP\JSON::callCheck(); + +$subject = $_POST['ldap_clear_mapping']; +if(\OCA\user_ldap\lib\Helper::clearMapping($subject)) { + OCP\JSON::success(); +} else { + $l=OC_L10N::get('user_ldap'); + OCP\JSON::error(array('message' => $l->t('Failed to clear the mappings.'))); +} \ No newline at end of file diff --git a/apps/user_ldap/css/settings.css b/apps/user_ldap/css/settings.css index 84ada0832a..185952e14b 100644 --- a/apps/user_ldap/css/settings.css +++ b/apps/user_ldap/css/settings.css @@ -11,6 +11,10 @@ display: inline-block; } +.ldapIndent { + margin-left: 50px; +} + .ldapwarning { margin-left: 1.4em; color: #FF3B3B; diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js index 9279dc0203..f47d49cf22 100644 --- a/apps/user_ldap/js/settings.js +++ b/apps/user_ldap/js/settings.js @@ -99,6 +99,26 @@ var LdapConfiguration = { } } ); + }, + + clearMappings: function(mappingSubject) { + $.post( + OC.filePath('user_ldap','ajax','clearMappings.php'), + 'ldap_clear_mapping='+mappingSubject, + function(result) { + if(result.status == 'success') { + OC.dialogs.info( + t('user_ldap', 'mappings cleared'), + t('user_ldap', 'Success') + ); + } else { + OC.dialogs.alert( + result.message, + t('user_ldap', 'Error') + ); + } + } + ); } } @@ -166,6 +186,16 @@ $(document).ready(function() { ); }); + $('#ldap_action_clear_user_mappings').click(function(event) { + event.preventDefault(); + LdapConfiguration.clearMappings('user'); + }); + + $('#ldap_action_clear_group_mappings').click(function(event) { + event.preventDefault(); + LdapConfiguration.clearMappings('group'); + }); + $('#ldap_serverconfig_chooser').change(function(event) { value = $('#ldap_serverconfig_chooser option:selected:first').attr('value'); if(value === 'NEW') { diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php index ad355ce5e2..a7611eb3e8 100644 --- a/apps/user_ldap/lib/access.php +++ b/apps/user_ldap/lib/access.php @@ -317,7 +317,19 @@ abstract class Access { } $ldapname = $ldapname[0]; } - $intname = $isUser ? $this->sanitizeUsername($uuid) : $ldapname; + + if($isUser) { + $usernameAttribute = $this->connection->ldapExpertUsernameAttr; + if(!emptY($usernameAttribute)) { + $username = $this->readAttribute($dn, $usernameAttribute); + $username = $username[0]; + } else { + $username = $uuid; + } + $intname = $this->sanitizeUsername($username); + } else { + $intname = $ldapname; + } //a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups //disabling Cache is required to avoid that the new user is cached as not-existing in fooExists check @@ -897,6 +909,12 @@ abstract class Access { return true; } + $fixedAttribute = $this->connection->ldapExpertUUIDAttr; + if(!empty($fixedAttribute)) { + $this->connection->ldapUuidAttribute = $fixedAttribute; + return true; + } + //for now, supported (known) attributes are entryUUID, nsuniqueid, objectGUID $testAttributes = array('entryuuid', 'nsuniqueid', 'objectguid', 'guid'); diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php index 88ff318586..ba4de13534 100644 --- a/apps/user_ldap/lib/connection.php +++ b/apps/user_ldap/lib/connection.php @@ -65,6 +65,8 @@ class Connection { 'ldapAttributesForGroupSearch' => null, 'homeFolderNamingRule' => null, 'hasPagedResultSupport' => false, + 'ldapExpertUsernameAttr' => null, + 'ldapExpertUUIDAttr' => null, ); /** @@ -265,6 +267,10 @@ class Connection { = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search')); $this->config['ldapAttributesForGroupSearch'] = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search')); + $this->config['ldapExpertUsernameAttr'] + = $this->$v('ldap_expert_username_attr'); + $this->config['ldapExpertUUIDAttr'] + = $this->$v('ldap_expert_uuid_attr'); $this->configured = $this->validateConfiguration(); } @@ -290,7 +296,6 @@ class Connection { 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName', - 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', @@ -302,7 +307,9 @@ class Connection { 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', - 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch' + 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch', + 'ldap_expert_username_attr' => 'ldapExpertUsernameAttr', + 'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr', ); return $array; } @@ -505,6 +512,10 @@ class Connection { $configurationOK = false; } + if(!empty($this->config['ldapExpertUUIDAttr'])) { + $this->config['ldapUuidAttribute'] = $this->config['ldapExpertUUIDAttr']; + } + return $configurationOK; } @@ -543,6 +554,8 @@ class Connection { 'ldap_configuration_active' => 1, 'ldap_attributes_for_user_search' => '', 'ldap_attributes_for_group_search' => '', + 'ldap_expert_username_attr' => '', + 'ldap_expert_uuid_attr' => '', ); } diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php index 8bebd84c12..07d13a806a 100644 --- a/apps/user_ldap/lib/helper.php +++ b/apps/user_ldap/lib/helper.php @@ -102,4 +102,29 @@ class Helper { return true; } + + /** + * Truncate's the given mapping table + * + * @param string $mapping either 'user' or 'group' + * @return boolean true on success, false otherwise + */ + static public function clearMapping($mapping) { + if($mapping === 'user') { + $table = '`*PREFIX*ldap_user_mapping`'; + } else if ($mapping === 'group') { + $table = '`*PREFIX*ldap_group_mapping`'; + } else { + return false; + } + + $query = \OCP\DB::prepare('TRUNCATE '.$table); + $res = $query->execute(); + + if(\OCP\DB::isError($res)) { + return false; + } + + return true; + } } diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php index 05497ae8a3..22e2dac6d2 100644 --- a/apps/user_ldap/settings.php +++ b/apps/user_ldap/settings.php @@ -4,7 +4,9 @@ * ownCloud - user_ldap * * @author Dominik Schmidt + * @author Arthur Schiwon * @copyright 2011 Dominik Schmidt dev@dominik-schmidt.de + * @copyright 2012-2013 Arthur Schiwon blizzz@owncloud.com * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php index f0ee8c6b08..972970aa3e 100644 --- a/apps/user_ldap/templates/settings.php +++ b/apps/user_ldap/templates/settings.php @@ -3,6 +3,7 @@ '.$l->t('Warning: Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour. Please ask your system administrator to disable one of them.').'

'); @@ -96,6 +97,17 @@ +
+

t('Internal Username'));?>

+

t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder in ownCloud. It is also a port of remote URLs, for instance for all *DAV services. With this setting, the default behaviour can be overriden. To achieve a similar behaviour as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behaviour. Changes will have effect only on newly mapped (added) LDAP users.'));?>

+

+

t('Override UUID detection'));?>

+

t('By default, ownCloud autodetects the UUID attribute. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behaviour. Changes will have effect only on newly mapped (added) LDAP users and groups.'));?>

+

+

t('Username-LDAP User Mapping'));?>

+

t('ownCloud uses usernames to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have a internal username. This requires a mapping from ownCloud username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found by ownCloud. The internal ownCloud name is used all over in ownCloud. Clearing the Mappings will have leftovers everywhere. Clearing the Mappings is not configuration sensitive, it affects all LDAP configurations! Do never clear the mappings in a production environment. Only clear mappings in a testing or experimental stage.'));?>

+


+
t('Help'));?> diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php index 7e5b9045df..73cc096318 100644 --- a/apps/user_ldap/user_proxy.php +++ b/apps/user_ldap/user_proxy.php @@ -174,7 +174,7 @@ class User_Proxy extends lib\Proxy implements \OCP\UserInterface { foreach($this->backends as $backend) { $backendUsers = $backend->getDisplayNames($search, $limit, $offset); if (is_array($backendUsers)) { - $users = array_merge($users, $backendUsers); + $users = $users + $backendUsers; } } return $users;