starting to create the ldap group backend (with some inspiration from Yoann Gini) and preparing an general LDAP class
This commit is contained in:
parent
dec139716e
commit
61a43419a5
|
@ -21,7 +21,9 @@
|
|||
*
|
||||
*/
|
||||
|
||||
require_once('apps/user_ldap/lib_ldap.php');
|
||||
require_once('apps/user_ldap/user_ldap.php');
|
||||
require_once('apps/user_ldap/group_ldap.php');
|
||||
|
||||
OC_APP::registerAdmin('user_ldap','settings');
|
||||
|
||||
|
@ -33,6 +35,7 @@ define('OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME', 'uid');
|
|||
|
||||
// register user backend
|
||||
OC_User::useBackend( 'LDAP' );
|
||||
OC_Group::useBackend( 'LDAP' );
|
||||
|
||||
// add settings page to navigation
|
||||
$entry = array(
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud – LDAP group backend
|
||||
*
|
||||
* @author Arthur Schiwon
|
||||
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||
// //group specific settings
|
||||
protected $ldapGroupFilter;
|
||||
protected $ldapGroupDisplayName;
|
||||
|
||||
public function __construct() {
|
||||
$this->ldapGroupFilter = OC_Appconfig::getValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
|
||||
$this->ldapGroupDisplayName = OC_Appconfig::getValue('user_ldap', 'ldap_group_display_name', 'cn');
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief is user in group?
|
||||
* @param $uid uid of the user
|
||||
* @param $gid gid of the group
|
||||
* @returns true/false
|
||||
*
|
||||
* Checks whether the user is member of a group or not.
|
||||
*/
|
||||
public function inGroup($uid, $gid) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Get all groups a user belongs to
|
||||
* @param $uid Name of the user
|
||||
* @returns array with group names
|
||||
*
|
||||
* This function fetches all groups a user belongs to. It does not check
|
||||
* if the user exists at all.
|
||||
*/
|
||||
public function getUserGroups($uid) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get a list of all users in a group
|
||||
* @returns array with user ids
|
||||
*/
|
||||
public function getUsersInGroup($gid) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get a list of all groups
|
||||
* @returns array with group names
|
||||
*
|
||||
* Returns a list with all groups
|
||||
*/
|
||||
public function getGroups() {
|
||||
$groups = OC_LDAP::search($this->ldapGroupFilter, $this->ldapGroupDisplayName);
|
||||
|
||||
if(count($groups) == 0 )
|
||||
return array();
|
||||
else {
|
||||
return array_unique($groups, SORT_LOCALE_STRING);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,101 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud – LDAP lib
|
||||
*
|
||||
* @author Arthur Schiwon
|
||||
* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
class OC_LDAP {
|
||||
static protected $ldapConnectionRes = false;
|
||||
static protected $configured = false;
|
||||
|
||||
//cached settings
|
||||
static protected $ldapHost;
|
||||
static protected $ldapPort;
|
||||
static protected $ldapBase;
|
||||
static protected $ldapAgentName;
|
||||
static protected $ldapAgentPassword;
|
||||
static protected $ldapTLS;
|
||||
static protected $ldapNoCase;
|
||||
|
||||
static public function init() {
|
||||
self::readConfiguration();
|
||||
self::establishConnection();
|
||||
}
|
||||
|
||||
static public function search($filter, $attr = null) {
|
||||
$sr = ldap_search(self::getConnectionResource(), self::$ldapBase, $filter);
|
||||
$findings = ldap_get_entries(self::getConnectionResource(), $sr );
|
||||
|
||||
if(!is_null($attr)) {
|
||||
$selection = array();
|
||||
foreach($findings as $item) {
|
||||
if(isset($item[strtolower($attr)])) {
|
||||
$selection[] = $item[strtolower($attr)][0];
|
||||
}
|
||||
}
|
||||
return $selection;
|
||||
}
|
||||
|
||||
return $findings;
|
||||
}
|
||||
|
||||
static private function getConnectionResource() {
|
||||
if(!self::$ldapConnectionRes) {
|
||||
self::init();
|
||||
}
|
||||
return self::$ldapConnectionRes;
|
||||
}
|
||||
|
||||
static private function readConfiguration() {
|
||||
if(!self::$configured) {
|
||||
self::$ldapHost = OC_Appconfig::getValue('user_ldap', 'ldap_host', '');
|
||||
self::$ldapPort = OC_Appconfig::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
|
||||
self::$ldapAgentName = OC_Appconfig::getValue('user_ldap', 'ldap_dn','');
|
||||
self::$ldapAgentPassword = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
|
||||
self::$ldapBase = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
|
||||
self::$ldapTLS = OC_Appconfig::getValue('user_ldap', 'ldap_tls',0);
|
||||
self::$ldapNoCase = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0);
|
||||
|
||||
//TODO: sanity checking
|
||||
self::$configured = true;
|
||||
}
|
||||
}
|
||||
|
||||
static private function establishConnection() {
|
||||
if(!self::$ldapConnectionRes) {
|
||||
self::$ldapConnectionRes = ldap_connect(self::$ldapHost, self::$ldapPort);
|
||||
if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
|
||||
if(ldap_set_option(self::$ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
|
||||
if(self::$ldapTLS) {
|
||||
ldap_start_tls(self::$ldapConnectionRes);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//TODO: Check if it works. Before, it was outside the resource-condition
|
||||
$ldapLogin = @ldap_bind(self::$ldapConnectionRes, self::$ldapAgentName, self::$ldapAgentPassword );
|
||||
if(!$ldapLogin) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
Loading…
Reference in New Issue