LDAP: add support for backup/replica servers
This commit is contained in:
Arthur Schiwon
parent
6063ce9c8d
commit
3d56cf3a5b
|
|
@ -36,6 +36,8 @@ class Connection {
|
|||
protected $config = array(
|
||||
'ldapHost' => null,
|
||||
'ldapPort' => null,
|
||||
'ldapBackupHost' => null,
|
||||
'ldapBackupPort' => null,
|
||||
'ldapBase' => null,
|
||||
'ldapBaseUsers' => null,
|
||||
'ldapBaseGroups' => null,
|
||||
|
|
@ -56,6 +58,7 @@ class Connection {
|
|||
'ldapCacheTTL' => null,
|
||||
'ldapUuidAttribute' => null,
|
||||
'ldapOverrideUuidAttribute' => null,
|
||||
'ldapOverrideMainServer' => false,
|
||||
'homeFolderNamingRule' => null,
|
||||
'hasPagedResultSupport' => false,
|
||||
);
|
||||
|
|
@ -188,7 +191,10 @@ class Connection {
|
|||
private function readConfiguration($force = false) {
|
||||
if((!$this->configured || $force) && !is_null($this->configID)) {
|
||||
$this->config['ldapHost'] = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_host', '');
|
||||
$this->config['ldapBackupHost'] = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_backup_host', '');
|
||||
$this->config['ldapPort'] = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_port', 389);
|
||||
$this->config['ldapBackupPort'] = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_backup_port', $this->config['ldapPort']);
|
||||
$this->config['ldapOverrideMainServer']= \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_override_main_server', false);
|
||||
$this->config['ldapAgentName'] = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_dn', '');
|
||||
$this->config['ldapAgentPassword'] = base64_decode(\OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_agent_password', ''));
|
||||
$rawLdapBase = \OCP\Config::getAppValue($this->configID, $this->configPrefix.'ldap_base', '');
|
||||
|
|
@ -229,7 +235,7 @@ class Connection {
|
|||
return false;
|
||||
}
|
||||
|
||||
$params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
|
||||
$params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldapOverrideMainServer' => 'ldap_override_main_server', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
|
||||
|
||||
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule');
|
||||
|
||||
|
|
@ -342,16 +348,34 @@ class Connection {
|
|||
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
|
||||
}
|
||||
}
|
||||
$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
||||
if($this->config['ldapTLS']) {
|
||||
ldap_start_tls($this->ldapConnectionRes);
|
||||
}
|
||||
}
|
||||
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
|
||||
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
|
||||
$bindStatus = $this->bind();
|
||||
}
|
||||
|
||||
return $this->bind();
|
||||
$error = null;
|
||||
//if LDAP server is not reachable, try the Backup (Replica!) Server
|
||||
if((!$bindStatus && ($error = ldap_errno($this->ldapConnectionRes)) == -1)
|
||||
|| $this->config['ldapOverrideMainServer']
|
||||
|| $this->getFromCache('overrideMainServer')) {
|
||||
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
|
||||
$bindStatus = $this->bind();
|
||||
if($bindStatus && $error == -1) {
|
||||
$this->writeToCache('overrideMainServer', true);
|
||||
}
|
||||
}
|
||||
return $bindStatus;
|
||||
}
|
||||
}
|
||||
|
||||
private function doConnect($host, $port) {
|
||||
$this->ldapConnectionRes = ldap_connect($host, $port);
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
||||
if($this->config['ldapTLS']) {
|
||||
ldap_start_tls($this->ldapConnectionRes);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
OC_Util::checkAdminUser();
|
||||
|
||||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
|
||||
$params = array('ldap_host', 'ldap_port', 'ldap_backup_host', 'ldap_backup_port', 'ldap_override_main_server', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
|
||||
|
||||
OCP\Util::addscript('user_ldap', 'settings');
|
||||
OCP\Util::addstyle('user_ldap', 'settings');
|
||||
|
|
|
|||
|
|
@ -22,6 +22,9 @@
|
|||
</fieldset>
|
||||
<fieldset id="ldapSettings-2">
|
||||
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
|
||||
<p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" value="<?php echo $_['ldap_backup_host']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
|
||||
<p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="text" id="ldap_backup_port" name="ldap_backup_port" value="<?php echo $_['ldap_backup_port']; ?>" /></p>
|
||||
<p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1"<?php if ($_['ldap_override_main_server']) echo ' checked'; ?> title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
|
||||
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" title="<?php echo $l->t('Base User Tree');?>"><?php echo $_['ldap_base_users']; ?></textarea></p>
|
||||
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" title="<?php echo $l->t('Base Group Tree');?>"><?php echo $_['ldap_base_groups']; ?></textarea></p>
|
||||
<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
|
||||
|
|
|
|||
Loading…
Reference in New Issue