mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

starting to create the ldap group backend (with some inspiration from Yoann Gini) and preparing an general LDAP class

This commit is contained in:
Arthur Schiwon 2012-04-14 18:05:29 +02:00
parent dec139716e
commit 61a43419a5
3 changed files with 183 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/user_ldap/appinfo/app.php
View File

@ -21,7 +21,9 @@
*
*/
require_once('apps/user_ldap/lib_ldap.php');
require_once('apps/user_ldap/user_ldap.php');
require_once('apps/user_ldap/group_ldap.php');
OC_APP::registerAdmin('user_ldap','settings');
@ -33,6 +35,7 @@ define('OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME', 'uid');
// register user backend
OC_User::useBackend( 'LDAP' );
OC_Group::useBackend( 'LDAP' );
// add settings page to navigation
$entry = array(

79
apps/user_ldap/group_ldap.php Normal file
View File

@ -0,0 +1,79 @@
<?php
/**
* ownCloud LDAP group backend
*
* @author Arthur Schiwon
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
class OC_GROUP_LDAP extends OC_Group_Backend {
// //group specific settings
protected $ldapGroupFilter;
protected $ldapGroupDisplayName;
public function __construct() {
$this->ldapGroupFilter = OC_Appconfig::getValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
$this->ldapGroupDisplayName = OC_Appconfig::getValue('user_ldap', 'ldap_group_display_name', 'cn');
}
/**
* @brief is user in group?
* @param $uid uid of the user
* @param $gid gid of the group
* @returns true/false
*
* Checks whether the user is member of a group or not.
*/
public function inGroup($uid, $gid) {
}
/**
* @brief Get all groups a user belongs to
* @param $uid Name of the user
* @returns array with group names
*
* This function fetches all groups a user belongs to. It does not check
* if the user exists at all.
*/
public function getUserGroups($uid) {
}
/**
* @brief get a list of all users in a group
* @returns array with user ids
*/
public function getUsersInGroup($gid) {
}
/**
* @brief get a list of all groups
* @returns array with group names
*
* Returns a list with all groups
*/
public function getGroups() {
$groups = OC_LDAP::search($this->ldapGroupFilter, $this->ldapGroupDisplayName);
if(count($groups) == 0 )
return array();
else {
return array_unique($groups, SORT_LOCALE_STRING);
}
}
}

101
apps/user_ldap/lib_ldap.php Normal file
View File

@ -0,0 +1,101 @@
<?php
/**
* ownCloud LDAP lib
*
* @author Arthur Schiwon
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
class OC_LDAP {
static protected $ldapConnectionRes = false;
static protected $configured = false;
//cached settings
static protected $ldapHost;
static protected $ldapPort;
static protected $ldapBase;
static protected $ldapAgentName;
static protected $ldapAgentPassword;
static protected $ldapTLS;
static protected $ldapNoCase;
static public function init() {
self::readConfiguration();
self::establishConnection();
}
static public function search($filter, $attr = null) {
$sr = ldap_search(self::getConnectionResource(), self::$ldapBase, $filter);
$findings = ldap_get_entries(self::getConnectionResource(), $sr );
if(!is_null($attr)) {
$selection = array();
foreach($findings as $item) {
if(isset($item[strtolower($attr)])) {
$selection[] = $item[strtolower($attr)][0];
}
}
return $selection;
}
return $findings;
}
static private function getConnectionResource() {
if(!self::$ldapConnectionRes) {
self::init();
}
return self::$ldapConnectionRes;
}
static private function readConfiguration() {
if(!self::$configured) {
self::$ldapHost = OC_Appconfig::getValue('user_ldap', 'ldap_host', '');
self::$ldapPort = OC_Appconfig::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
self::$ldapAgentName = OC_Appconfig::getValue('user_ldap', 'ldap_dn','');
self::$ldapAgentPassword = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
self::$ldapBase = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
self::$ldapTLS = OC_Appconfig::getValue('user_ldap', 'ldap_tls',0);
self::$ldapNoCase = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0);
//TODO: sanity checking
self::$configured = true;
}
}
static private function establishConnection() {
if(!self::$ldapConnectionRes) {
self::$ldapConnectionRes = ldap_connect(self::$ldapHost, self::$ldapPort);
if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
if(self::$ldapTLS) {
ldap_start_tls(self::$ldapConnectionRes);
}
}
}
//TODO: Check if it works. Before, it was outside the resource-condition
$ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword );
if(!$ldapLogin) {
return false;
}
}
}
}