Merge pull request #1365 from owncloud/ldap_multiple_server
LDAP: support for multiple LDAP/AD servers
This commit is contained in:
commit
411e8e5218
|
@ -0,0 +1,35 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud - user_ldap
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Check user and app status
|
||||||
|
OCP\JSON::checkAdminUser();
|
||||||
|
OCP\JSON::checkAppEnabled('user_ldap');
|
||||||
|
OCP\JSON::callCheck();
|
||||||
|
|
||||||
|
$prefix = $_POST['ldap_serverconfig_chooser'];
|
||||||
|
if(\OCA\user_ldap\lib\Helper::deleteServerConfiguration($prefix)){
|
||||||
|
OCP\JSON::success();
|
||||||
|
} else {
|
||||||
|
$l=OC_L10N::get('user_ldap');
|
||||||
|
OCP\JSON::error(array('message' => $l->t('Failed to delete the server configuration')));
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud - user_ldap
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Check user and app status
|
||||||
|
OCP\JSON::checkAdminUser();
|
||||||
|
OCP\JSON::checkAppEnabled('user_ldap');
|
||||||
|
OCP\JSON::callCheck();
|
||||||
|
|
||||||
|
$prefix = $_POST['ldap_serverconfig_chooser'];
|
||||||
|
$connection = new \OCA\user_ldap\lib\Connection($prefix);
|
||||||
|
OCP\JSON::success(array('configuration' => $connection->getConfiguration()));
|
|
@ -0,0 +1,34 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud - user_ldap
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Check user and app status
|
||||||
|
OCP\JSON::checkAdminUser();
|
||||||
|
OCP\JSON::checkAppEnabled('user_ldap');
|
||||||
|
OCP\JSON::callCheck();
|
||||||
|
|
||||||
|
$serverConnections = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes();
|
||||||
|
sort($serverConnections);
|
||||||
|
$lk = array_pop($serverConnections);
|
||||||
|
$ln = intval(str_replace('s', '', $lk));
|
||||||
|
$nk = 's'.str_pad($ln+1, 2, '0', STR_PAD_LEFT);
|
||||||
|
OCP\JSON::success(array('configPrefix' => $nk));
|
|
@ -0,0 +1,33 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud - user_ldap
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
// Check user and app status
|
||||||
|
OCP\JSON::checkAdminUser();
|
||||||
|
OCP\JSON::checkAppEnabled('user_ldap');
|
||||||
|
OCP\JSON::callCheck();
|
||||||
|
|
||||||
|
$prefix = $_POST['ldap_serverconfig_chooser'];
|
||||||
|
$connection = new \OCA\user_ldap\lib\Connection($prefix);
|
||||||
|
$connection->setConfiguration($_POST);
|
||||||
|
$connection->saveConfiguration();
|
||||||
|
OCP\JSON::success();
|
|
@ -4,7 +4,7 @@
|
||||||
* ownCloud - user_ldap
|
* ownCloud - user_ldap
|
||||||
*
|
*
|
||||||
* @author Arthur Schiwon
|
* @author Arthur Schiwon
|
||||||
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
|
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
*
|
*
|
||||||
* This library is free software; you can redistribute it and/or
|
* This library is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
@ -26,14 +26,16 @@ OCP\JSON::checkAdminUser();
|
||||||
OCP\JSON::checkAppEnabled('user_ldap');
|
OCP\JSON::checkAppEnabled('user_ldap');
|
||||||
OCP\JSON::callCheck();
|
OCP\JSON::callCheck();
|
||||||
|
|
||||||
$connection = new \OCA\user_ldap\lib\Connection(null);
|
$l=OC_L10N::get('user_ldap');
|
||||||
|
|
||||||
|
$connection = new \OCA\user_ldap\lib\Connection('', null);
|
||||||
if($connection->setConfiguration($_POST)) {
|
if($connection->setConfiguration($_POST)) {
|
||||||
//Configuration is okay
|
//Configuration is okay
|
||||||
if($connection->bind()) {
|
if($connection->bind()) {
|
||||||
OCP\JSON::success(array('message' => 'The configuration is valid and the connection could be established!'));
|
OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!')));
|
||||||
} else {
|
} else {
|
||||||
OCP\JSON::error(array('message' => 'The configuration is valid, but the Bind failed. Please check the server settings and credentials.'));
|
OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
OCP\JSON::error(array('message' => 'The configuration is invalid. Please look in the ownCloud log for further details.'));
|
OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,15 +23,23 @@
|
||||||
|
|
||||||
OCP\App::registerAdmin('user_ldap', 'settings');
|
OCP\App::registerAdmin('user_ldap', 'settings');
|
||||||
|
|
||||||
$connector = new OCA\user_ldap\lib\Connection('user_ldap');
|
$configPrefixes = OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes(true);
|
||||||
|
if(count($configPrefixes) == 1) {
|
||||||
|
$connector = new OCA\user_ldap\lib\Connection($configPrefixes[0]);
|
||||||
$userBackend = new OCA\user_ldap\USER_LDAP();
|
$userBackend = new OCA\user_ldap\USER_LDAP();
|
||||||
$userBackend->setConnector($connector);
|
$userBackend->setConnector($connector);
|
||||||
$groupBackend = new OCA\user_ldap\GROUP_LDAP();
|
$groupBackend = new OCA\user_ldap\GROUP_LDAP();
|
||||||
$groupBackend->setConnector($connector);
|
$groupBackend->setConnector($connector);
|
||||||
|
} else {
|
||||||
|
$userBackend = new OCA\user_ldap\User_Proxy($configPrefixes);
|
||||||
|
$groupBackend = new OCA\user_ldap\Group_Proxy($configPrefixes);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(count($configPrefixes) > 0) {
|
||||||
// register user backend
|
// register user backend
|
||||||
OC_User::useBackend($userBackend);
|
OC_User::useBackend($userBackend);
|
||||||
OC_Group::useBackend($groupBackend);
|
OC_Group::useBackend($groupBackend);
|
||||||
|
}
|
||||||
|
|
||||||
// add settings page to navigation
|
// add settings page to navigation
|
||||||
$entry = array(
|
$entry = array(
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
//ATTENTION
|
//ATTENTION
|
||||||
//Upgrade from ownCloud 3 (LDAP backend 0.1) to ownCloud 4.5 (LDAP backend 0.3) is not supported!!
|
//Upgrade from ownCloud 3 (LDAP backend 0.1) to ownCloud 4.5 (LDAP backend 0.3) is not supported!!
|
||||||
//You must do upgrade to ownCloud 4.0 first!
|
//You must do upgrade to ownCloud 4.0 first!
|
||||||
//The upgrade stuff in the section from 0.1 to 0.2 is just to minimize the bad efffects.
|
//The upgrade stuff in the section from 0.1 to 0.2 is just to minimize the bad effects.
|
||||||
|
|
||||||
//settings
|
//settings
|
||||||
$pw = OCP\Config::getAppValue('user_ldap', 'ldap_password');
|
$pw = OCP\Config::getAppValue('user_ldap', 'ldap_password');
|
||||||
|
@ -22,12 +22,10 @@ if($state == 'unset') {
|
||||||
OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
|
OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
|
||||||
}
|
}
|
||||||
|
|
||||||
// ### SUPPORTED upgrade path starts here ###
|
|
||||||
|
|
||||||
//from version 0.2 to 0.3 (0.2.0.x dev version)
|
//from version 0.2 to 0.3 (0.2.0.x dev version)
|
||||||
$objects = array('user', 'group');
|
$objects = array('user', 'group');
|
||||||
|
|
||||||
$connector = new \OCA\user_ldap\lib\Connection('user_ldap');
|
$connector = new \OCA\user_ldap\lib\Connection();
|
||||||
$userBE = new \OCA\user_ldap\USER_LDAP();
|
$userBE = new \OCA\user_ldap\USER_LDAP();
|
||||||
$userBE->setConnector($connector);
|
$userBE->setConnector($connector);
|
||||||
$groupBE = new \OCA\user_ldap\GROUP_LDAP();
|
$groupBE = new \OCA\user_ldap\GROUP_LDAP();
|
||||||
|
@ -80,3 +78,13 @@ function escapeDN($dn) {
|
||||||
|
|
||||||
return $dn;
|
return $dn;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// SUPPORTED UPGRADE FROM Version 0.3 (ownCloud 4.5) to 0.4 (ownCloud 5)
|
||||||
|
|
||||||
|
if(!isset($connector)) {
|
||||||
|
$connector = new \OCA\user_ldap\lib\Connection();
|
||||||
|
}
|
||||||
|
//it is required, that connections do have ldap_configuration_active setting stored in the database
|
||||||
|
$connector->getConfiguration();
|
||||||
|
$connector->saveConfiguration();
|
|
@ -1 +1 @@
|
||||||
0.3.0.1
|
0.3.9.0
|
|
@ -171,7 +171,6 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
$search = empty($search) ? '*' : '*'.$search.'*';
|
|
||||||
$groupUsers = array();
|
$groupUsers = array();
|
||||||
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
|
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
|
||||||
foreach($members as $member) {
|
foreach($members as $member) {
|
||||||
|
@ -179,7 +178,7 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
||||||
//we got uids, need to get their DNs to 'tranlsate' them to usernames
|
//we got uids, need to get their DNs to 'tranlsate' them to usernames
|
||||||
$filter = $this->combineFilterWithAnd(array(
|
$filter = $this->combineFilterWithAnd(array(
|
||||||
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
|
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
|
||||||
$this->connection->ldapUserDisplayName.'='.$search
|
$this->getFilterPartForUserSearch($search)
|
||||||
));
|
));
|
||||||
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
|
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
|
||||||
if(count($ldap_users) < 1) {
|
if(count($ldap_users) < 1) {
|
||||||
|
@ -188,8 +187,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
||||||
$groupUsers[] = $this->dn2username($ldap_users[0]);
|
$groupUsers[] = $this->dn2username($ldap_users[0]);
|
||||||
} else {
|
} else {
|
||||||
//we got DNs, check if we need to filter by search or we can give back all of them
|
//we got DNs, check if we need to filter by search or we can give back all of them
|
||||||
if($search != '*') {
|
if(!empty($search)) {
|
||||||
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
|
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -230,10 +229,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
|
||||||
if($limit <= 0) {
|
if($limit <= 0) {
|
||||||
$limit = null;
|
$limit = null;
|
||||||
}
|
}
|
||||||
$search = empty($search) ? '*' : '*'.$search.'*';
|
|
||||||
$filter = $this->combineFilterWithAnd(array(
|
$filter = $this->combineFilterWithAnd(array(
|
||||||
$this->connection->ldapGroupFilter,
|
$this->connection->ldapGroupFilter,
|
||||||
$this->connection->ldapGroupDisplayName.'='.$search
|
$this->getFilterPartForGroupSearch($search)
|
||||||
));
|
));
|
||||||
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
|
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
|
||||||
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
|
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
|
||||||
|
|
|
@ -0,0 +1,178 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud
|
||||||
|
*
|
||||||
|
* @author Artuhr Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\user_ldap;
|
||||||
|
|
||||||
|
class Group_Proxy extends lib\Proxy implements \OCP\GroupInterface {
|
||||||
|
private $backends = array();
|
||||||
|
private $refBackend = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Constructor
|
||||||
|
* @param $serverConfigPrefixes array containing the config Prefixes
|
||||||
|
*/
|
||||||
|
public function __construct($serverConfigPrefixes) {
|
||||||
|
parent::__construct();
|
||||||
|
foreach($serverConfigPrefixes as $configPrefix) {
|
||||||
|
$this->backends[$configPrefix] = new \OCA\user_ldap\GROUP_LDAP();
|
||||||
|
$connector = $this->getConnector($configPrefix);
|
||||||
|
$this->backends[$configPrefix]->setConnector($connector);
|
||||||
|
if(is_null($this->refBackend)) {
|
||||||
|
$this->refBackend = &$this->backends[$configPrefix];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Tries the backends one after the other until a positive result is returned from the specified method
|
||||||
|
* @param $gid string, the gid connected to the request
|
||||||
|
* @param $method string, the method of the group backend that shall be called
|
||||||
|
* @param $parameters an array of parameters to be passed
|
||||||
|
* @return mixed, the result of the method or false
|
||||||
|
*/
|
||||||
|
protected function walkBackends($gid, $method, $parameters) {
|
||||||
|
$cacheKey = $this->getGroupCacheKey($gid);
|
||||||
|
foreach($this->backends as $configPrefix => $backend) {
|
||||||
|
if($result = call_user_func_array(array($backend, $method), $parameters)) {
|
||||||
|
$this->writeToCache($cacheKey, $configPrefix);
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Asks the backend connected to the server that supposely takes care of the gid from the request.
|
||||||
|
* @param $gid string, the gid connected to the request
|
||||||
|
* @param $method string, the method of the group backend that shall be called
|
||||||
|
* @param $parameters an array of parameters to be passed
|
||||||
|
* @return mixed, the result of the method or false
|
||||||
|
*/
|
||||||
|
protected function callOnLastSeenOn($gid, $method, $parameters) {
|
||||||
|
$cacheKey = $this->getGroupCacheKey($gid);;
|
||||||
|
$prefix = $this->getFromCache($cacheKey);
|
||||||
|
//in case the uid has been found in the past, try this stored connection first
|
||||||
|
if(!is_null($prefix)) {
|
||||||
|
if(isset($this->backends[$prefix])) {
|
||||||
|
$result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
|
||||||
|
if(!$result) {
|
||||||
|
//not found here, reset cache to null
|
||||||
|
$this->writeToCache($cacheKey, null);
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief is user in group?
|
||||||
|
* @param $uid uid of the user
|
||||||
|
* @param $gid gid of the group
|
||||||
|
* @returns true/false
|
||||||
|
*
|
||||||
|
* Checks whether the user is member of a group or not.
|
||||||
|
*/
|
||||||
|
public function inGroup($uid, $gid) {
|
||||||
|
return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Get all groups a user belongs to
|
||||||
|
* @param $uid Name of the user
|
||||||
|
* @returns array with group names
|
||||||
|
*
|
||||||
|
* This function fetches all groups a user belongs to. It does not check
|
||||||
|
* if the user exists at all.
|
||||||
|
*/
|
||||||
|
public function getUserGroups($uid) {
|
||||||
|
$groups = array();
|
||||||
|
|
||||||
|
foreach($this->backends as $backend) {
|
||||||
|
$backendGroups = $backend->getUserGroups($uid);
|
||||||
|
if (is_array($backendGroups)) {
|
||||||
|
$groups = array_merge($groups, $backendGroups);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $groups;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief get a list of all users in a group
|
||||||
|
* @returns array with user ids
|
||||||
|
*/
|
||||||
|
public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
|
||||||
|
$users = array();
|
||||||
|
|
||||||
|
foreach($this->backends as $backend) {
|
||||||
|
$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
|
||||||
|
if (is_array($backendUsers)) {
|
||||||
|
$users = array_merge($users, $backendUsers);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $users;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief get a list of all groups
|
||||||
|
* @returns array with group names
|
||||||
|
*
|
||||||
|
* Returns a list with all groups
|
||||||
|
*/
|
||||||
|
public function getGroups($search = '', $limit = -1, $offset = 0) {
|
||||||
|
$groups = array();
|
||||||
|
|
||||||
|
foreach($this->backends as $backend) {
|
||||||
|
$backendGroups = $backend->getGroups($search, $limit, $offset);
|
||||||
|
if (is_array($backendGroups)) {
|
||||||
|
$groups = array_merge($groups, $backendGroups);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $groups;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check if a group exists
|
||||||
|
* @param string $gid
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function groupExists($gid) {
|
||||||
|
return $this->handleRequest($gid, 'groupExists', array($gid));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Check if backend implements actions
|
||||||
|
* @param $actions bitwise-or'ed actions
|
||||||
|
* @returns boolean
|
||||||
|
*
|
||||||
|
* Returns the supported actions as int to be
|
||||||
|
* compared with OC_USER_BACKEND_CREATE_USER etc.
|
||||||
|
*/
|
||||||
|
public function implementsActions($actions) {
|
||||||
|
//it's the same across all our user backends obviously
|
||||||
|
return $this->refBackend->implementsActions($actions);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,113 @@
|
||||||
|
var LdapConfiguration = {
|
||||||
|
refreshConfig: function() {
|
||||||
|
if($('#ldap_serverconfig_chooser option').length < 2) {
|
||||||
|
LdapConfiguration.addConfiguration(true);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$.post(
|
||||||
|
OC.filePath('user_ldap','ajax','getConfiguration.php'),
|
||||||
|
$('#ldap_serverconfig_chooser').serialize(),
|
||||||
|
function (result) {
|
||||||
|
if(result.status == 'success') {
|
||||||
|
$.each(result.configuration, function(configkey, configvalue) {
|
||||||
|
elementID = '#'+configkey;
|
||||||
|
|
||||||
|
//deal with Checkboxes
|
||||||
|
if($(elementID).is('input[type=checkbox]')) {
|
||||||
|
if(configvalue == 1) {
|
||||||
|
$(elementID).attr('checked', 'checked');
|
||||||
|
} else {
|
||||||
|
$(elementID).removeAttr('checked');
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
//On Textareas, Multi-Line Settings come as array
|
||||||
|
if($(elementID).is('textarea') && $.isArray(configvalue)) {
|
||||||
|
configvalue = configvalue.join("\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
// assign the value
|
||||||
|
$('#'+configkey).val(configvalue);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
},
|
||||||
|
|
||||||
|
resetDefaults: function() {
|
||||||
|
$('#ldap').find('input[type=text], input[type=number], input[type=password], textarea, select').each(function() {
|
||||||
|
if($(this).attr('id') == 'ldap_serverconfig_chooser') {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$(this).val($(this).attr('data-default'));
|
||||||
|
});
|
||||||
|
$('#ldap').find('input[type=checkbox]').each(function() {
|
||||||
|
if($(this).attr('data-default') == 1) {
|
||||||
|
$(this).attr('checked', 'checked');
|
||||||
|
} else {
|
||||||
|
$(this).removeAttr('checked');
|
||||||
|
}
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
deleteConfiguration: function() {
|
||||||
|
$.post(
|
||||||
|
OC.filePath('user_ldap','ajax','deleteConfiguration.php'),
|
||||||
|
$('#ldap_serverconfig_chooser').serialize(),
|
||||||
|
function (result) {
|
||||||
|
if(result.status == 'success') {
|
||||||
|
$('#ldap_serverconfig_chooser option:selected').remove();
|
||||||
|
$('#ldap_serverconfig_chooser option:first').select();
|
||||||
|
LdapConfiguration.refreshConfig();
|
||||||
|
} else {
|
||||||
|
OC.dialogs.alert(
|
||||||
|
result.message,
|
||||||
|
t('user_ldap', 'Deletion failed')
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
},
|
||||||
|
|
||||||
|
addConfiguration: function(doNotAsk) {
|
||||||
|
$.post(
|
||||||
|
OC.filePath('user_ldap','ajax','getNewServerConfigPrefix.php'),
|
||||||
|
function (result) {
|
||||||
|
if(result.status == 'success') {
|
||||||
|
if(doNotAsk) {
|
||||||
|
LdapConfiguration.resetDefaults();
|
||||||
|
} else {
|
||||||
|
OC.dialogs.confirm(
|
||||||
|
t('user_ldap', 'Take over settings from recent server configuration?'),
|
||||||
|
t('user_ldap', 'Keep settings?'),
|
||||||
|
function(keep) {
|
||||||
|
if(!keep) {
|
||||||
|
LdapConfiguration.resetDefaults();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$('#ldap_serverconfig_chooser option:selected').removeAttr('selected');
|
||||||
|
var html = '<option value="'+result.configPrefix+'" selected="selected">'+$('#ldap_serverconfig_chooser option').length+'. Server</option>';
|
||||||
|
$('#ldap_serverconfig_chooser option:last').before(html);
|
||||||
|
} else {
|
||||||
|
OC.dialogs.alert(
|
||||||
|
result.message,
|
||||||
|
t('user_ldap', 'Cannot add server configuration')
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$(document).ready(function() {
|
$(document).ready(function() {
|
||||||
$('#ldapSettings').tabs();
|
$('#ldapSettings').tabs();
|
||||||
|
$('#ldap_submit').button();
|
||||||
$('#ldap_action_test_connection').button();
|
$('#ldap_action_test_connection').button();
|
||||||
|
$('#ldap_action_delete_configuration').button();
|
||||||
|
LdapConfiguration.refreshConfig();
|
||||||
$('#ldap_action_test_connection').click(function(event){
|
$('#ldap_action_test_connection').click(function(event){
|
||||||
event.preventDefault();
|
event.preventDefault();
|
||||||
$.post(
|
$.post(
|
||||||
|
@ -10,15 +117,60 @@ $(document).ready(function() {
|
||||||
if (result.status == 'success') {
|
if (result.status == 'success') {
|
||||||
OC.dialogs.alert(
|
OC.dialogs.alert(
|
||||||
result.message,
|
result.message,
|
||||||
'Connection test succeeded'
|
t('user_ldap', 'Connection test succeeded')
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
OC.dialogs.alert(
|
OC.dialogs.alert(
|
||||||
result.message,
|
result.message,
|
||||||
'Connection test failed'
|
t('user_ldap', 'Connection test failed')
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
$('#ldap_action_delete_configuration').click(function(event) {
|
||||||
|
event.preventDefault();
|
||||||
|
OC.dialogs.confirm(
|
||||||
|
t('user_ldap', 'Do you really want to delete the current Server Configuration?'),
|
||||||
|
t('user_ldap', 'Confirm Deletion'),
|
||||||
|
function(deleteConfiguration) {
|
||||||
|
if(deleteConfiguration) {
|
||||||
|
LdapConfiguration.deleteConfiguration();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
$('#ldap_submit').click(function(event) {
|
||||||
|
event.preventDefault();
|
||||||
|
$.post(
|
||||||
|
OC.filePath('user_ldap','ajax','setConfiguration.php'),
|
||||||
|
$('#ldap').serialize(),
|
||||||
|
function (result) {
|
||||||
|
bgcolor = $('#ldap_submit').css('background');
|
||||||
|
if (result.status == 'success') {
|
||||||
|
//the dealing with colors is a but ugly, but the jQuery version in use has issues with rgba colors
|
||||||
|
$('#ldap_submit').css('background', '#fff');
|
||||||
|
$('#ldap_submit').effect('highlight', {'color':'#A8FA87'}, 5000, function() {
|
||||||
|
$('#ldap_submit').css('background', bgcolor);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
$('#ldap_submit').css('background', '#fff');
|
||||||
|
$('#ldap_submit').effect('highlight', {'color':'#E97'}, 5000, function() {
|
||||||
|
$('#ldap_submit').css('background', bgcolor);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
$('#ldap_serverconfig_chooser').change(function(event) {
|
||||||
|
value = $('#ldap_serverconfig_chooser option:selected:first').attr('value');
|
||||||
|
if(value == 'NEW') {
|
||||||
|
LdapConfiguration.addConfiguration(false);
|
||||||
|
} else {
|
||||||
|
LdapConfiguration.refreshConfig();
|
||||||
|
}
|
||||||
|
});
|
||||||
});
|
});
|
|
@ -719,6 +719,50 @@ abstract class Access {
|
||||||
return $combinedFilter;
|
return $combinedFilter;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief creates a filter part for to perfrom search for users
|
||||||
|
* @param string $search the search term
|
||||||
|
* @return string the final filter part to use in LDAP searches
|
||||||
|
*/
|
||||||
|
public function getFilterPartForUserSearch($search) {
|
||||||
|
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief creates a filter part for to perfrom search for groups
|
||||||
|
* @param string $search the search term
|
||||||
|
* @return string the final filter part to use in LDAP searches
|
||||||
|
*/
|
||||||
|
public function getFilterPartForGroupSearch($search) {
|
||||||
|
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief creates a filter part for searches
|
||||||
|
* @param string $search the search term
|
||||||
|
* @param string $fallbackAttribute a fallback attribute in case the user
|
||||||
|
* did not define search attributes. Typically the display name attribute.
|
||||||
|
* @returns string the final filter part to use in LDAP searches
|
||||||
|
*/
|
||||||
|
private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
|
||||||
|
$filter = array();
|
||||||
|
$search = empty($search) ? '*' : '*'.$search.'*';
|
||||||
|
if(!is_array($searchAttributes) || count($searchAttributes) == 0) {
|
||||||
|
if(empty($fallbackAttribute)) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
$filter[] = $fallbackAttribute . '=' . $search;
|
||||||
|
} else {
|
||||||
|
foreach($searchAttributes as $attribute) {
|
||||||
|
$filter[] = $attribute . '=' . $search;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if(count($filter) == 1) {
|
||||||
|
return '('.$filter[0].')';
|
||||||
|
}
|
||||||
|
return $this->combineFilterWithOr($filter);
|
||||||
|
}
|
||||||
|
|
||||||
public function areCredentialsValid($name, $password) {
|
public function areCredentialsValid($name, $password) {
|
||||||
$name = $this->DNasBaseParameter($name);
|
$name = $this->DNasBaseParameter($name);
|
||||||
$testConnection = clone $this->connection;
|
$testConnection = clone $this->connection;
|
||||||
|
@ -912,7 +956,7 @@ abstract class Access {
|
||||||
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
|
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
|
||||||
//a bit recursive, $offset of 0 is the exit
|
//a bit recursive, $offset of 0 is the exit
|
||||||
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
|
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
|
||||||
$this->search($filter, $base, $attr, $limit, $reOffset, true);
|
$this->search($filter, array($base), $attr, $limit, $reOffset, true);
|
||||||
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
|
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
|
||||||
//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
|
//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
|
||||||
//TODO: remember this, probably does not change in the next request...
|
//TODO: remember this, probably does not change in the next request...
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
* ownCloud – LDAP Access
|
* ownCloud – LDAP Access
|
||||||
*
|
*
|
||||||
* @author Arthur Schiwon
|
* @author Arthur Schiwon
|
||||||
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
|
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
*
|
*
|
||||||
* This library is free software; you can redistribute it and/or
|
* This library is free software; you can redistribute it and/or
|
||||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
@ -25,6 +25,7 @@ namespace OCA\user_ldap\lib;
|
||||||
|
|
||||||
class Connection {
|
class Connection {
|
||||||
private $ldapConnectionRes = null;
|
private $ldapConnectionRes = null;
|
||||||
|
private $configPrefix;
|
||||||
private $configID;
|
private $configID;
|
||||||
private $configured = false;
|
private $configured = false;
|
||||||
|
|
||||||
|
@ -35,6 +36,8 @@ class Connection {
|
||||||
protected $config = array(
|
protected $config = array(
|
||||||
'ldapHost' => null,
|
'ldapHost' => null,
|
||||||
'ldapPort' => null,
|
'ldapPort' => null,
|
||||||
|
'ldapBackupHost' => null,
|
||||||
|
'ldapBackupPort' => null,
|
||||||
'ldapBase' => null,
|
'ldapBase' => null,
|
||||||
'ldapBaseUsers' => null,
|
'ldapBaseUsers' => null,
|
||||||
'ldapBaseGroups' => null,
|
'ldapBaseGroups' => null,
|
||||||
|
@ -48,6 +51,7 @@ class Connection {
|
||||||
'ldapUserFilter' => null,
|
'ldapUserFilter' => null,
|
||||||
'ldapGroupFilter' => null,
|
'ldapGroupFilter' => null,
|
||||||
'ldapGroupDisplayName' => null,
|
'ldapGroupDisplayName' => null,
|
||||||
|
'ldapGroupMemberAssocAttr' => null,
|
||||||
'ldapLoginFilter' => null,
|
'ldapLoginFilter' => null,
|
||||||
'ldapQuotaAttribute' => null,
|
'ldapQuotaAttribute' => null,
|
||||||
'ldapQuotaDefault' => null,
|
'ldapQuotaDefault' => null,
|
||||||
|
@ -55,15 +59,24 @@ class Connection {
|
||||||
'ldapCacheTTL' => null,
|
'ldapCacheTTL' => null,
|
||||||
'ldapUuidAttribute' => null,
|
'ldapUuidAttribute' => null,
|
||||||
'ldapOverrideUuidAttribute' => null,
|
'ldapOverrideUuidAttribute' => null,
|
||||||
|
'ldapOverrideMainServer' => false,
|
||||||
|
'ldapConfigurationActive' => false,
|
||||||
|
'ldapAttributesForUserSearch' => null,
|
||||||
|
'ldapAttributesForGroupSearch' => null,
|
||||||
'homeFolderNamingRule' => null,
|
'homeFolderNamingRule' => null,
|
||||||
'hasPagedResultSupport' => false,
|
'hasPagedResultSupport' => false,
|
||||||
);
|
);
|
||||||
|
|
||||||
public function __construct($configID = 'user_ldap') {
|
/**
|
||||||
|
* @brief Constructor
|
||||||
|
* @param $configPrefix a string with the prefix for the configkey column (appconfig table)
|
||||||
|
* @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
|
||||||
|
*/
|
||||||
|
public function __construct($configPrefix = '', $configID = 'user_ldap') {
|
||||||
|
$this->configPrefix = $configPrefix;
|
||||||
$this->configID = $configID;
|
$this->configID = $configID;
|
||||||
$this->cache = \OC_Cache::getGlobalCache();
|
$this->cache = \OC_Cache::getGlobalCache();
|
||||||
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
|
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
|
||||||
\OCP\Util::writeLog('user_ldap', 'PHP supports paged results? '.print_r($this->config['hasPagedResultSupport'], true), \OCP\Util::INFO);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __destruct() {
|
public function __destruct() {
|
||||||
|
@ -84,12 +97,12 @@ class Connection {
|
||||||
|
|
||||||
public function __set($name, $value) {
|
public function __set($name, $value) {
|
||||||
$changed = false;
|
$changed = false;
|
||||||
//omly few options are writable
|
//only few options are writable
|
||||||
if($name == 'ldapUuidAttribute') {
|
if($name == 'ldapUuidAttribute') {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG);
|
\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG);
|
||||||
$this->config[$name] = $value;
|
$this->config[$name] = $value;
|
||||||
if(!empty($this->configID)) {
|
if(!empty($this->configID)) {
|
||||||
\OCP\Config::setAppValue($this->configID, 'ldap_uuid_attribute', $value);
|
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', $value);
|
||||||
}
|
}
|
||||||
$changed = true;
|
$changed = true;
|
||||||
}
|
}
|
||||||
|
@ -126,7 +139,7 @@ class Connection {
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getCacheKey($key) {
|
private function getCacheKey($key) {
|
||||||
$prefix = 'LDAP-'.$this->configID.'-';
|
$prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
|
||||||
if(is_null($key)) {
|
if(is_null($key)) {
|
||||||
return $prefix;
|
return $prefix;
|
||||||
}
|
}
|
||||||
|
@ -164,7 +177,8 @@ class Connection {
|
||||||
if(!$this->configured) {
|
if(!$this->configured) {
|
||||||
$this->readConfiguration();
|
$this->readConfiguration();
|
||||||
}
|
}
|
||||||
if(!$this->config['ldapCacheTTL']) {
|
if(!$this->config['ldapCacheTTL']
|
||||||
|
|| !$this->config['ldapConfigurationActive']) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$key = $this->getCacheKey($key);
|
$key = $this->getCacheKey($key);
|
||||||
|
@ -176,42 +190,96 @@ class Connection {
|
||||||
$this->cache->clear($this->getCacheKey(null));
|
$this->cache->clear($this->getCacheKey(null));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function getValue($varname) {
|
||||||
|
static $defaults;
|
||||||
|
if(is_null($defaults)){
|
||||||
|
$defaults = $this->getDefaults();
|
||||||
|
}
|
||||||
|
return \OCP\Config::getAppValue($this->configID,
|
||||||
|
$this->configPrefix.$varname,
|
||||||
|
$defaults[$varname]);
|
||||||
|
}
|
||||||
|
|
||||||
|
private function setValue($varname, $value) {
|
||||||
|
\OCP\Config::setAppValue($this->configID,
|
||||||
|
$this->configPrefix.$varname,
|
||||||
|
$value);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Caches the general LDAP configuration.
|
* Caches the general LDAP configuration.
|
||||||
*/
|
*/
|
||||||
private function readConfiguration($force = false) {
|
private function readConfiguration($force = false) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Checking conf state: isConfigured? '.print_r($this->configured, true).' isForce? '.print_r($force, true).' configID? '.print_r($this->configID, true), \OCP\Util::DEBUG);
|
|
||||||
if((!$this->configured || $force) && !is_null($this->configID)) {
|
if((!$this->configured || $force) && !is_null($this->configID)) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Reading the configuration', \OCP\Util::DEBUG);
|
$defaults = $this->getDefaults();
|
||||||
$this->config['ldapHost'] = \OCP\Config::getAppValue($this->configID, 'ldap_host', '');
|
$v = 'getValue';
|
||||||
$this->config['ldapPort'] = \OCP\Config::getAppValue($this->configID, 'ldap_port', 389);
|
$this->config['ldapHost'] = $this->$v('ldap_host');
|
||||||
$this->config['ldapAgentName'] = \OCP\Config::getAppValue($this->configID, 'ldap_dn', '');
|
$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
|
||||||
$this->config['ldapAgentPassword'] = base64_decode(\OCP\Config::getAppValue($this->configID, 'ldap_agent_password', ''));
|
$this->config['ldapPort'] = $this->$v('ldap_port');
|
||||||
$this->config['ldapBase'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base', ''));
|
$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
|
||||||
$this->config['ldapBaseUsers'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base_users', $this->config['ldapBase']));
|
$this->config['ldapOverrideMainServer']
|
||||||
$this->config['ldapBaseGroups'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']));
|
= $this->$v('ldap_override_main_server');
|
||||||
$this->config['ldapTLS'] = \OCP\Config::getAppValue($this->configID, 'ldap_tls', 0);
|
$this->config['ldapAgentName'] = $this->$v('ldap_dn');
|
||||||
$this->config['ldapNoCase'] = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0);
|
$this->config['ldapAgentPassword']
|
||||||
$this->config['turnOffCertCheck'] = \OCP\Config::getAppValue($this->configID, 'ldap_turn_off_cert_check', 0);
|
= base64_decode($this->$v('ldap_agent_password'));
|
||||||
$this->config['ldapUserDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8');
|
$rawLdapBase = $this->$v('ldap_base');
|
||||||
$this->config['ldapUserFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter', 'objectClass=person');
|
$this->config['ldapBase']
|
||||||
$this->config['ldapGroupFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter', '(objectClass=posixGroup)');
|
= preg_split('/\r\n|\r|\n/', $rawLdapBase);
|
||||||
$this->config['ldapLoginFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_login_filter', '(uid=%uid)');
|
$this->config['ldapBaseUsers']
|
||||||
$this->config['ldapGroupDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_group_display_name', 'uid'), 'UTF-8');
|
= preg_split('/\r\n|\r|\n/', ($this->$v('ldap_base_users')));
|
||||||
$this->config['ldapQuotaAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_attr', '');
|
$this->config['ldapBaseGroups']
|
||||||
$this->config['ldapQuotaDefault'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_def', '');
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_base_groups'));
|
||||||
$this->config['ldapEmailAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_email_attr', '');
|
unset($rawLdapBase);
|
||||||
$this->config['ldapGroupMemberAssocAttr'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_member_assoc_attribute', 'uniqueMember');
|
$this->config['ldapTLS'] = $this->$v('ldap_tls');
|
||||||
$this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
|
$this->config['ldapNoCase'] = $this->$v('ldap_nocase');
|
||||||
$this->config['ldapCacheTTL'] = \OCP\Config::getAppValue($this->configID, 'ldap_cache_ttl', 10*60);
|
$this->config['turnOffCertCheck']
|
||||||
$this->config['ldapUuidAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_uuid_attribute', 'auto');
|
= $this->$v('ldap_turn_off_cert_check');
|
||||||
$this->config['ldapOverrideUuidAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_override_uuid_attribute', 0);
|
$this->config['ldapUserDisplayName']
|
||||||
$this->config['homeFolderNamingRule'] = \OCP\Config::getAppValue($this->configID, 'home_folder_naming_rule', 'opt:username');
|
= mb_strtolower($this->$v('ldap_display_name'),'UTF-8');
|
||||||
|
$this->config['ldapUserFilter']
|
||||||
|
= $this->$v('ldap_userlist_filter');
|
||||||
|
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
|
||||||
|
$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
|
||||||
|
$this->config['ldapGroupDisplayName']
|
||||||
|
= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
|
||||||
|
$this->config['ldapQuotaAttribute']
|
||||||
|
= $this->$v('ldap_quota_attr');
|
||||||
|
$this->config['ldapQuotaDefault']
|
||||||
|
= $this->$v('ldap_quota_def');
|
||||||
|
$this->config['ldapEmailAttribute']
|
||||||
|
= $this->$v('ldap_email_attr');
|
||||||
|
$this->config['ldapGroupMemberAssocAttr']
|
||||||
|
= $this->$v('ldap_group_member_assoc_attribute');
|
||||||
|
$this->config['ldapIgnoreNamingRules']
|
||||||
|
= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
|
||||||
|
$this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
|
||||||
|
$this->config['ldapUuidAttribute']
|
||||||
|
= $this->$v('ldap_uuid_attribute');
|
||||||
|
$this->config['ldapOverrideUuidAttribute']
|
||||||
|
= $this->$v('ldap_override_uuid_attribute');
|
||||||
|
$this->config['homeFolderNamingRule']
|
||||||
|
= $this->$v('home_folder_naming_rule');
|
||||||
|
$this->config['ldapConfigurationActive']
|
||||||
|
= $this->$v('ldap_configuration_active');
|
||||||
|
$this->config['ldapAttributesForUserSearch']
|
||||||
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
|
||||||
|
$this->config['ldapAttributesForGroupSearch']
|
||||||
|
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
|
||||||
|
|
||||||
$this->configured = $this->validateConfiguration();
|
$this->configured = $this->validateConfiguration();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return returns an array that maps internal variable names to database fields
|
||||||
|
*/
|
||||||
|
private function getConfigTranslationArray() {
|
||||||
|
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
|
||||||
|
|
||||||
|
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
|
||||||
|
return $array;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief set LDAP configuration with values delivered by an array, not read from configuration
|
* @brief set LDAP configuration with values delivered by an array, not read from configuration
|
||||||
* @param $config array that holds the config parameters in an associated array
|
* @param $config array that holds the config parameters in an associated array
|
||||||
|
@ -223,9 +291,7 @@ class Connection {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
|
$params = $this->getConfigTranslationArray();
|
||||||
|
|
||||||
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule');
|
|
||||||
|
|
||||||
foreach($config as $parameter => $value) {
|
foreach($config as $parameter => $value) {
|
||||||
if(isset($this->config[$parameter])) {
|
if(isset($this->config[$parameter])) {
|
||||||
|
@ -246,6 +312,71 @@ class Connection {
|
||||||
return $this->configured;
|
return $this->configured;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief saves the current Configuration in the database
|
||||||
|
*/
|
||||||
|
public function saveConfiguration() {
|
||||||
|
$trans = array_flip($this->getConfigTranslationArray());
|
||||||
|
foreach($this->config as $key => $value) {
|
||||||
|
\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.$value, \OCP\Util::DEBUG);
|
||||||
|
switch ($key) {
|
||||||
|
case 'ldapAgentPassword':
|
||||||
|
$value = base64_encode($value);
|
||||||
|
break;
|
||||||
|
case 'homeFolderNamingRule':
|
||||||
|
$value = empty($value) ? 'opt:username' : 'attr:'.$value;
|
||||||
|
break;
|
||||||
|
case 'ldapBase':
|
||||||
|
case 'ldapBaseUsers':
|
||||||
|
case 'ldapBaseGroups':
|
||||||
|
case 'ldapAttributesForUserSearch':
|
||||||
|
case 'ldapAttributesForGroupSearch':
|
||||||
|
if(is_array($value)){
|
||||||
|
$value = implode("\n", $value);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case 'ldapIgnoreNamingRules':
|
||||||
|
case 'ldapOverrideUuidAttribute':
|
||||||
|
case 'ldapUuidAttribute':
|
||||||
|
case 'hasPagedResultSupport':
|
||||||
|
continue 2;
|
||||||
|
}
|
||||||
|
if(is_null($value)) {
|
||||||
|
$value = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->setValue($trans[$key], $value);
|
||||||
|
}
|
||||||
|
$this->clearCache();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief get the current LDAP configuration
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function getConfiguration() {
|
||||||
|
$this->readConfiguration();
|
||||||
|
$trans = $this->getConfigTranslationArray();
|
||||||
|
$config = array();
|
||||||
|
foreach($trans as $dbKey => $classKey) {
|
||||||
|
if($classKey == 'homeFolderNamingRule') {
|
||||||
|
if(strpos($this->config[$classKey], 'opt') === 0) {
|
||||||
|
$config[$dbKey] = '';
|
||||||
|
} else {
|
||||||
|
$config[$dbKey] = substr($this->config[$classKey], 5);
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
} else if((strpos($classKey, 'ldapBase') !== false)
|
||||||
|
|| (strpos($classKey, 'ldapAttributes') !== false)) {
|
||||||
|
$config[$dbKey] = implode("\n", $this->config[$classKey]);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$config[$dbKey] = $this->config[$classKey];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $config;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Validates the user specified configuration
|
* @brief Validates the user specified configuration
|
||||||
* @returns true if configuration seems OK, false otherwise
|
* @returns true if configuration seems OK, false otherwise
|
||||||
|
@ -264,9 +395,21 @@ class Connection {
|
||||||
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
|
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
|
||||||
}
|
}
|
||||||
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
|
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
|
||||||
\OCP\Config::setAppValue($this->configID, 'ldap_uuid_attribute', 'auto');
|
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
|
||||||
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
|
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
|
||||||
}
|
}
|
||||||
|
if(empty($this->config['ldapBackupPort'])) {
|
||||||
|
//force default
|
||||||
|
$this->config['ldapBackupPort'] = $this->config['ldapPort'];
|
||||||
|
}
|
||||||
|
foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
|
||||||
|
if(is_array($this->config[$key])
|
||||||
|
&& count($this->config[$key]) == 1
|
||||||
|
&& empty($this->config[$key][0])) {
|
||||||
|
$this->config[$key] = array();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
|
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
|
||||||
|
@ -310,10 +453,51 @@ class Connection {
|
||||||
return $configurationOK;
|
return $configurationOK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @returns an associative array with the default values. Keys are correspond
|
||||||
|
* to config-value entries in the database table
|
||||||
|
*/
|
||||||
|
public function getDefaults() {
|
||||||
|
return array(
|
||||||
|
'ldap_host' => '',
|
||||||
|
'ldap_port' => '389',
|
||||||
|
'ldap_backup_host' => '',
|
||||||
|
'ldap_backup_port' => '',
|
||||||
|
'ldap_override_main_server' => '',
|
||||||
|
'ldap_dn' => '',
|
||||||
|
'ldap_agent_password' => '',
|
||||||
|
'ldap_base' => '',
|
||||||
|
'ldap_base_users' => '',
|
||||||
|
'ldap_base_groups' => '',
|
||||||
|
'ldap_userlist_filter' => 'objectClass=person',
|
||||||
|
'ldap_login_filter' => 'uid=%uid',
|
||||||
|
'ldap_group_filter' => 'objectClass=posixGroup',
|
||||||
|
'ldap_display_name' => 'cn',
|
||||||
|
'ldap_group_display_name' => 'cn',
|
||||||
|
'ldap_tls' => 1,
|
||||||
|
'ldap_nocase' => 0,
|
||||||
|
'ldap_quota_def' => '',
|
||||||
|
'ldap_quota_attr' => '',
|
||||||
|
'ldap_email_attr' => '',
|
||||||
|
'ldap_group_member_assoc_attribute' => 'uniqueMember',
|
||||||
|
'ldap_cache_ttl' => 600,
|
||||||
|
'ldap_uuid_attribute' => 'auto',
|
||||||
|
'ldap_override_uuid_attribute' => 0,
|
||||||
|
'home_folder_naming_rule' => 'opt:username',
|
||||||
|
'ldap_turn_off_cert_check' => 0,
|
||||||
|
'ldap_configuration_active' => 1,
|
||||||
|
'ldap_attributes_for_user_search' => '',
|
||||||
|
'ldap_attributes_for_group_search' => '',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Connects and Binds to LDAP
|
* Connects and Binds to LDAP
|
||||||
*/
|
*/
|
||||||
private function establishConnection() {
|
private function establishConnection() {
|
||||||
|
if(!$this->config['ldapConfigurationActive']) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
static $phpLDAPinstalled = true;
|
static $phpLDAPinstalled = true;
|
||||||
if(!$phpLDAPinstalled) {
|
if(!$phpLDAPinstalled) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -336,7 +520,34 @@ class Connection {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
|
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
|
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
|
||||||
|
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
|
||||||
|
$bindStatus = $this->bind();
|
||||||
|
$error = ldap_errno($this->ldapConnectionRes);
|
||||||
|
} else {
|
||||||
|
$bindStatus = false;
|
||||||
|
$error = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
$error = null;
|
||||||
|
//if LDAP server is not reachable, try the Backup (Replica!) Server
|
||||||
|
if((!$bindStatus && ($error == -1))
|
||||||
|
|| $this->config['ldapOverrideMainServer']
|
||||||
|
|| $this->getFromCache('overrideMainServer')) {
|
||||||
|
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
|
||||||
|
$bindStatus = $this->bind();
|
||||||
|
if($bindStatus && $error == -1) {
|
||||||
|
//when bind to backup server succeeded and failed to main server,
|
||||||
|
//skip contacting him until next cache refresh
|
||||||
|
$this->writeToCache('overrideMainServer', true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $bindStatus;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private function doConnect($host, $port) {
|
||||||
|
$this->ldapConnectionRes = ldap_connect($host, $port);
|
||||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||||
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
||||||
if($this->config['ldapTLS']) {
|
if($this->config['ldapTLS']) {
|
||||||
|
@ -344,15 +555,15 @@ class Connection {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->bind();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Binds to LDAP
|
* Binds to LDAP
|
||||||
*/
|
*/
|
||||||
public function bind() {
|
public function bind() {
|
||||||
|
if(!$this->config['ldapConfigurationActive']) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
|
||||||
if(!$ldapLogin) {
|
if(!$ldapLogin) {
|
||||||
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
|
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
|
||||||
|
|
|
@ -0,0 +1,105 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud – LDAP Helper
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\user_ldap\lib;
|
||||||
|
|
||||||
|
class Helper {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief returns prefixes for each saved LDAP/AD server configuration.
|
||||||
|
* @param bool optional, whether only active configuration shall be
|
||||||
|
* retrieved, defaults to false
|
||||||
|
* @return array with a list of the available prefixes
|
||||||
|
*
|
||||||
|
* Configuration prefixes are used to set up configurations for n LDAP or
|
||||||
|
* AD servers. Since configuration is stored in the database, table
|
||||||
|
* appconfig under appid user_ldap, the common identifiers in column
|
||||||
|
* 'configkey' have a prefix. The prefix for the very first server
|
||||||
|
* configuration is empty.
|
||||||
|
* Configkey Examples:
|
||||||
|
* Server 1: ldap_login_filter
|
||||||
|
* Server 2: s1_ldap_login_filter
|
||||||
|
* Server 3: s2_ldap_login_filter
|
||||||
|
*
|
||||||
|
* The prefix needs to be passed to the constructor of Connection class,
|
||||||
|
* except the default (first) server shall be connected to.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
static public function getServerConfigurationPrefixes($activeConfigurations = false) {
|
||||||
|
$referenceConfigkey = 'ldap_configuration_active';
|
||||||
|
|
||||||
|
$query = '
|
||||||
|
SELECT DISTINCT `configkey`
|
||||||
|
FROM `*PREFIX*appconfig`
|
||||||
|
WHERE `configkey` LIKE ?
|
||||||
|
';
|
||||||
|
if($activeConfigurations) {
|
||||||
|
$query .= ' AND `configvalue` = 1';
|
||||||
|
}
|
||||||
|
$query = \OCP\DB::prepare($query);
|
||||||
|
|
||||||
|
$serverConfigs = $query->execute(array('%'.$referenceConfigkey))->fetchAll();
|
||||||
|
$prefixes = array();
|
||||||
|
|
||||||
|
foreach($serverConfigs as $serverConfig) {
|
||||||
|
$len = strlen($serverConfig['configkey']) - strlen($referenceConfigkey);
|
||||||
|
$prefixes[] = substr($serverConfig['configkey'], 0, $len);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $prefixes;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief deletes a given saved LDAP/AD server configuration.
|
||||||
|
* @param string the configuration prefix of the config to delete
|
||||||
|
* @return bool true on success, false otherwise
|
||||||
|
*/
|
||||||
|
static public function deleteServerConfiguration($prefix) {
|
||||||
|
//just to be on the safe side
|
||||||
|
\OCP\User::checkAdminUser();
|
||||||
|
|
||||||
|
if(!in_array($prefix, self::getServerConfigurationPrefixes())) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$query = \OCP\DB::prepare('
|
||||||
|
DELETE
|
||||||
|
FROM `*PREFIX*appconfig`
|
||||||
|
WHERE `configkey` LIKE ?
|
||||||
|
AND `appid` = "user_ldap"
|
||||||
|
AND `configkey` NOT IN ("enabled", "installed_version", "types", "bgjUpdateGroupsLastRun")
|
||||||
|
');
|
||||||
|
$res = $query->execute(array($prefix.'%'));
|
||||||
|
|
||||||
|
if(\OCP\DB::isError($res)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($res->numRows() == 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,104 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud – LDAP Backend Proxy
|
||||||
|
*
|
||||||
|
* @author Arthur Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\user_ldap\lib;
|
||||||
|
|
||||||
|
abstract class Proxy {
|
||||||
|
static private $connectors = array();
|
||||||
|
|
||||||
|
public function __construct() {
|
||||||
|
$this->cache = \OC_Cache::getGlobalCache();
|
||||||
|
}
|
||||||
|
|
||||||
|
private function addConnector($configPrefix) {
|
||||||
|
self::$connectors[$configPrefix] = new \OCA\user_ldap\lib\Connection($configPrefix);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getConnector($configPrefix) {
|
||||||
|
if(!isset(self::$connectors[$configPrefix])) {
|
||||||
|
$this->addConnector($configPrefix);
|
||||||
|
}
|
||||||
|
return self::$connectors[$configPrefix];
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getConnectors() {
|
||||||
|
return self::$connectors;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getUserCacheKey($uid) {
|
||||||
|
return 'user-'.$uid.'-lastSeenOn';
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getGroupCacheKey($gid) {
|
||||||
|
return 'group-'.$gid.'-lastSeenOn';
|
||||||
|
}
|
||||||
|
|
||||||
|
abstract protected function callOnLastSeenOn($id, $method, $parameters);
|
||||||
|
abstract protected function walkBackends($id, $method, $parameters);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Takes care of the request to the User backend
|
||||||
|
* @param $uid string, the uid connected to the request
|
||||||
|
* @param $method string, the method of the user backend that shall be called
|
||||||
|
* @param $parameters an array of parameters to be passed
|
||||||
|
* @return mixed, the result of the specified method
|
||||||
|
*/
|
||||||
|
protected function handleRequest($id, $method, $parameters) {
|
||||||
|
if(!$result = $this->callOnLastSeenOn($id, $method, $parameters)) {
|
||||||
|
$result = $this->walkBackends($id, $method, $parameters);
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getCacheKey($key) {
|
||||||
|
$prefix = 'LDAP-Proxy-';
|
||||||
|
if(is_null($key)) {
|
||||||
|
return $prefix;
|
||||||
|
}
|
||||||
|
return $prefix.md5($key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getFromCache($key) {
|
||||||
|
if(!$this->isCached($key)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
$key = $this->getCacheKey($key);
|
||||||
|
|
||||||
|
return unserialize(base64_decode($this->cache->get($key)));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isCached($key) {
|
||||||
|
$key = $this->getCacheKey($key);
|
||||||
|
return $this->cache->hasKey($key);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function writeToCache($key, $value) {
|
||||||
|
$key = $this->getCacheKey($key);
|
||||||
|
$value = base64_encode(serialize($value));
|
||||||
|
$this->cache->set($key, $value, '2592000');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function clearCache() {
|
||||||
|
$this->cache->clear($this->getCacheKey(null));
|
||||||
|
}
|
||||||
|
}
|
|
@ -23,58 +23,46 @@
|
||||||
|
|
||||||
OC_Util::checkAdminUser();
|
OC_Util::checkAdminUser();
|
||||||
|
|
||||||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
|
$params = array('ldap_host', 'ldap_port', 'ldap_backup_host',
|
||||||
|
'ldap_backup_port', 'ldap_override_main_server', 'ldap_dn',
|
||||||
|
'ldap_agent_password', 'ldap_base', 'ldap_base_users',
|
||||||
|
'ldap_base_groups', 'ldap_userlist_filter',
|
||||||
|
'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name',
|
||||||
|
'ldap_group_display_name', 'ldap_tls',
|
||||||
|
'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def',
|
||||||
|
'ldap_quota_attr', 'ldap_email_attr',
|
||||||
|
'ldap_group_member_assoc_attribute', 'ldap_cache_ttl',
|
||||||
|
'home_folder_naming_rule'
|
||||||
|
);
|
||||||
|
|
||||||
OCP\Util::addscript('user_ldap', 'settings');
|
OCP\Util::addscript('user_ldap', 'settings');
|
||||||
OCP\Util::addstyle('user_ldap', 'settings');
|
OCP\Util::addstyle('user_ldap', 'settings');
|
||||||
|
|
||||||
if ($_POST) {
|
|
||||||
$clearCache = false;
|
|
||||||
foreach($params as $param) {
|
|
||||||
if(isset($_POST[$param])) {
|
|
||||||
$clearCache = true;
|
|
||||||
if('ldap_agent_password' == $param) {
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param]));
|
|
||||||
} elseif('home_folder_naming_rule' == $param) {
|
|
||||||
$value = empty($_POST[$param]) ? 'opt:username' : 'attr:'.$_POST[$param];
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, $value);
|
|
||||||
} else {
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
elseif('ldap_tls' == $param) {
|
|
||||||
// unchecked checkboxes are not included in the post paramters
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, 0);
|
|
||||||
}
|
|
||||||
elseif('ldap_nocase' == $param) {
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, 0);
|
|
||||||
}
|
|
||||||
elseif('ldap_turn_off_cert_check' == $param) {
|
|
||||||
OCP\Config::setAppValue('user_ldap', $param, 0);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if($clearCache) {
|
|
||||||
$ldap = new \OCA\user_ldap\lib\Connection('user_ldap');
|
|
||||||
$ldap->clearCache();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// fill template
|
// fill template
|
||||||
$tmpl = new OCP\Template('user_ldap', 'settings');
|
$tmpl = new OCP\Template('user_ldap', 'settings');
|
||||||
foreach($params as $param) {
|
|
||||||
$value = OCP\Config::getAppValue('user_ldap', $param, '');
|
$prefixes = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes();
|
||||||
$tmpl->assign($param, $value);
|
$scoHtml = '';
|
||||||
|
$i = 1;
|
||||||
|
$sel = ' selected';
|
||||||
|
foreach($prefixes as $prefix) {
|
||||||
|
$scoHtml .= '<option value="'.$prefix.'"'.$sel.'>'.$i++.'. Server</option>';
|
||||||
|
$sel = '';
|
||||||
|
}
|
||||||
|
if(count($prefixes) == 0) {
|
||||||
|
$scoHtml .= '<option value="" selected>1. Server</option>';
|
||||||
|
}
|
||||||
|
$tmpl->assign('serverConfigurationOptions', $scoHtml, false);
|
||||||
|
|
||||||
|
// assign default values
|
||||||
|
if(!isset($ldap)) {
|
||||||
|
$ldap = new \OCA\user_ldap\lib\Connection();
|
||||||
|
}
|
||||||
|
$defaults = $ldap->getDefaults();
|
||||||
|
foreach($defaults as $key => $default) {
|
||||||
|
$tmpl->assign($key.'_default', $default);
|
||||||
}
|
}
|
||||||
|
|
||||||
// settings with default values
|
// $tmpl->assign();
|
||||||
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389'));
|
|
||||||
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));
|
|
||||||
$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
|
|
||||||
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
|
|
||||||
$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
|
|
||||||
$tmpl->assign( 'ldap_cache_ttl', OCP\Config::getAppValue('user_ldap', 'ldap_cache_ttl', '600'));
|
|
||||||
$hfnr = OCP\Config::getAppValue('user_ldap', 'home_folder_naming_rule', 'opt:username');
|
|
||||||
$hfnr = ($hfnr == 'opt:username') ? '' : substr($hfnr, strlen('attr:'));
|
|
||||||
$tmpl->assign( 'home_folder_naming_rule', $hfnr, '');
|
|
||||||
|
|
||||||
return $tmpl->fetchPage();
|
return $tmpl->fetchPage();
|
||||||
|
|
|
@ -12,31 +12,43 @@
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<fieldset id="ldapSettings-1">
|
<fieldset id="ldapSettings-1">
|
||||||
<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
|
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
|
||||||
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"><?php echo $_['ldap_base']; ?></textarea></p>
|
<?php echo $_['serverConfigurationOptions']; ?>
|
||||||
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
|
<option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
|
||||||
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" value="<?php echo $_['ldap_agent_password']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
|
</select>
|
||||||
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" value="<?php echo $_['ldap_login_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
|
<button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button>
|
||||||
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" value="<?php echo $_['ldap_userlist_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
|
</p>
|
||||||
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" value="<?php echo $_['ldap_group_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
|
<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
|
||||||
|
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
|
||||||
|
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||||
|
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
|
||||||
|
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
|
||||||
|
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
|
||||||
|
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset id="ldapSettings-2">
|
<fieldset id="ldapSettings-2">
|
||||||
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
|
<p><label for="ldap_configuration_active"><?php echo $l->t('Configuration Active');?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php echo $_['ldap_configuration_active_default']; ?>" title="<?php echo $l->t('When unchecked, this configuration will be skipped.');?>" /></p>
|
||||||
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" title="<?php echo $l->t('Base User Tree');?>"><?php echo $_['ldap_base_users']; ?></textarea></p>
|
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="number" id="ldap_port" name="ldap_port" data-default="<?php echo $_['ldap_port_default']; ?>" /></p>
|
||||||
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" title="<?php echo $l->t('Base Group Tree');?>"><?php echo $_['ldap_base_groups']; ?></textarea></p>
|
<p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
|
||||||
<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
|
<p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>" /></p>
|
||||||
<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?> title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
|
<p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>" title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
|
||||||
<p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label> <input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
|
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" data-default="<?php echo $_['ldap_base_users_default']; ?>" title="<?php echo $l->t('Base User Tree');?>"></textarea></p>
|
||||||
<p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" value="1"<?php if ($_['ldap_turn_off_cert_check']) echo ' checked'; ?>><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
|
<p><label for="ldap_attributes_for_user_search"><?php echo $l->t('User Search Attributes');?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_user_search_default']; ?>" title="<?php echo $l->t('User Search Attributes');?>"></textarea></p>
|
||||||
<p><label for="ldap_display_name"><?php echo $l->t('User Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the user`s ownCloud name.');?>" /></p>
|
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" data-default="<?php echo $_['ldap_base_groups_default']; ?>" title="<?php echo $l->t('Base Group Tree');?>"></textarea></p>
|
||||||
<p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the groups`s ownCloud name.');?>" /></p>
|
<p><label for="ldap_attributes_for_group_search"><?php echo $l->t('Group Search Attributes');?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_group_search_default']; ?>" title="<?php echo $l->t('Group Search Attributes');?>"></textarea></p>
|
||||||
<p><label for="ldap_quota_attr">Quota Field</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" /></p>
|
<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php echo $_['ldap_group_member_assoc_attribute_default']; ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
|
||||||
<p><label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" title="<?php echo $l->t('in bytes');?>" /></p>
|
<p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
|
||||||
<p><label for="ldap_email_attr">Email Field</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
|
<p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label> <input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
|
||||||
<p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="text" id="ldap_cache_ttl" name="ldap_cache_ttl" value="<?php echo $_['ldap_cache_ttl']; ?>" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" /></p>
|
<p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
|
||||||
<p><label for="home_folder_naming_rule">User Home Folder Naming Rule</label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" value="<?php echo $_['home_folder_naming_rule']; ?>" title="<?php echo $l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.');?>" /></p>
|
<p><label for="ldap_display_name"><?php echo $l->t('User Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php echo $_['ldap_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the user`s ownCloud name.');?>" /></p>
|
||||||
|
<p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php echo $_['ldap_group_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the groups`s ownCloud name.');?>" /></p>
|
||||||
|
<p><label for="ldap_quota_attr">Quota Field</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php echo $_['ldap_quota_attr_default']; ?>"/></p>
|
||||||
|
<p><label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php echo $_['ldap_quota_def_default']; ?>" title="<?php echo $l->t('in bytes');?>" /></p>
|
||||||
|
<p><label for="ldap_email_attr">Email Field</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php echo $_['ldap_email_attr_default']; ?>" /></p>
|
||||||
|
<p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p>
|
||||||
|
<p><label for="home_folder_naming_rule">User Home Folder Naming Rule</label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php echo $l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.');?>" data-default="<?php echo $_['home_folder_naming_rule_default']; ?>" /></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<input type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection">Test Configuration</button> <a href="http://owncloud.org/support/ldap-backend/" target="_blank"><img src="<?php echo OCP\Util::imagePath('', 'actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
|
<input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection">Test Configuration</button> <a href="http://doc.owncloud.org/server/5.0/admin_manual/auth_ldap.html" target="_blank"><img src="<?php echo OCP\Util::imagePath('', 'actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -116,10 +116,9 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
|
||||||
if($limit <= 0) {
|
if($limit <= 0) {
|
||||||
$limit = null;
|
$limit = null;
|
||||||
}
|
}
|
||||||
$search = empty($search) ? '*' : '*'.$search.'*';
|
|
||||||
$filter = $this->combineFilterWithAnd(array(
|
$filter = $this->combineFilterWithAnd(array(
|
||||||
$this->connection->ldapUserFilter,
|
$this->connection->ldapUserFilter,
|
||||||
$this->connection->ldapUserDisplayName.'='.$search
|
$this->getFilterPartForUserSearch($search)
|
||||||
));
|
));
|
||||||
|
|
||||||
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
|
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
|
||||||
|
|
|
@ -0,0 +1,159 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ownCloud
|
||||||
|
*
|
||||||
|
* @author Artuhr Schiwon
|
||||||
|
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 3 of the License, or any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public
|
||||||
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\user_ldap;
|
||||||
|
|
||||||
|
class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
|
||||||
|
private $backends = array();
|
||||||
|
private $refBackend = null;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Constructor
|
||||||
|
* @param $serverConfigPrefixes array containing the config Prefixes
|
||||||
|
*/
|
||||||
|
public function __construct($serverConfigPrefixes) {
|
||||||
|
parent::__construct();
|
||||||
|
foreach($serverConfigPrefixes as $configPrefix) {
|
||||||
|
$this->backends[$configPrefix] = new \OCA\user_ldap\USER_LDAP();
|
||||||
|
$connector = $this->getConnector($configPrefix);
|
||||||
|
$this->backends[$configPrefix]->setConnector($connector);
|
||||||
|
if(is_null($this->refBackend)) {
|
||||||
|
$this->refBackend = &$this->backends[$configPrefix];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Tries the backends one after the other until a positive result is returned from the specified method
|
||||||
|
* @param $uid string, the uid connected to the request
|
||||||
|
* @param $method string, the method of the user backend that shall be called
|
||||||
|
* @param $parameters an array of parameters to be passed
|
||||||
|
* @return mixed, the result of the method or false
|
||||||
|
*/
|
||||||
|
protected function walkBackends($uid, $method, $parameters) {
|
||||||
|
$cacheKey = $this->getUserCacheKey($uid);
|
||||||
|
foreach($this->backends as $configPrefix => $backend) {
|
||||||
|
if($result = call_user_func_array(array($backend, $method), $parameters)) {
|
||||||
|
$this->writeToCache($cacheKey, $configPrefix);
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Asks the backend connected to the server that supposely takes care of the uid from the request.
|
||||||
|
* @param $uid string, the uid connected to the request
|
||||||
|
* @param $method string, the method of the user backend that shall be called
|
||||||
|
* @param $parameters an array of parameters to be passed
|
||||||
|
* @return mixed, the result of the method or false
|
||||||
|
*/
|
||||||
|
protected function callOnLastSeenOn($uid, $method, $parameters) {
|
||||||
|
$cacheKey = $this->getUserCacheKey($uid);
|
||||||
|
$prefix = $this->getFromCache($cacheKey);
|
||||||
|
//in case the uid has been found in the past, try this stored connection first
|
||||||
|
if(!is_null($prefix)) {
|
||||||
|
if(isset($this->backends[$prefix])) {
|
||||||
|
$result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
|
||||||
|
if(!$result) {
|
||||||
|
//not found here, reset cache to null
|
||||||
|
$this->writeToCache($cacheKey, null);
|
||||||
|
}
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Check if backend implements actions
|
||||||
|
* @param $actions bitwise-or'ed actions
|
||||||
|
* @returns boolean
|
||||||
|
*
|
||||||
|
* Returns the supported actions as int to be
|
||||||
|
* compared with OC_USER_BACKEND_CREATE_USER etc.
|
||||||
|
*/
|
||||||
|
public function implementsActions($actions) {
|
||||||
|
//it's the same across all our user backends obviously
|
||||||
|
return $this->refBackend->implementsActions($actions);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Get a list of all users
|
||||||
|
* @returns array with all uids
|
||||||
|
*
|
||||||
|
* Get a list of all users.
|
||||||
|
*/
|
||||||
|
public function getUsers($search = '', $limit = 10, $offset = 0) {
|
||||||
|
//we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
|
||||||
|
$users = array();
|
||||||
|
foreach($this->backends as $backend) {
|
||||||
|
$backendUsers = $backend->getUsers($search, $limit, $offset);
|
||||||
|
if (is_array($backendUsers)) {
|
||||||
|
$users = array_merge($users, $backendUsers);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $users;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief check if a user exists
|
||||||
|
* @param string $uid the username
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function userExists($uid) {
|
||||||
|
return $this->handleRequest($uid, 'userExists', array($uid));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Check if the password is correct
|
||||||
|
* @param $uid The username
|
||||||
|
* @param $password The password
|
||||||
|
* @returns true/false
|
||||||
|
*
|
||||||
|
* Check if the password is correct without logging in the user
|
||||||
|
*/
|
||||||
|
public function checkPassword($uid, $password) {
|
||||||
|
return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief get the user's home directory
|
||||||
|
* @param string $uid the username
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function getHome($uid) {
|
||||||
|
return $this->handleRequest($uid, 'getHome', array($uid));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief delete a user
|
||||||
|
* @param $uid The username of the user to delete
|
||||||
|
* @returns true/false
|
||||||
|
*
|
||||||
|
* Deletes a user
|
||||||
|
*/
|
||||||
|
public function deleteUser($uid) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue