allow login names to be used for s2s with LDAP users
This commit is contained in:
parent
c3fbc2b6fd
commit
66bc8145a9
|
@ -49,6 +49,14 @@ class Server2Server {
|
|||
return new \OC_OCS_Result(null, 400, 'The mountpoint name contains invalid characters.');
|
||||
}
|
||||
|
||||
\OCP\Util::writeLog('files_sharing', 'shareWith before, ' . $shareWith, \OCP\Util::DEBUG);
|
||||
\OCP\Util::emitHook(
|
||||
'\OCA\Files_Sharing\API\Server2Server',
|
||||
'preLoginNameUsedAsUserName',
|
||||
array('uid' => &$shareWith)
|
||||
);
|
||||
\OCP\Util::writeLog('files_sharing', 'shareWith after, ' . $shareWith, \OCP\Util::DEBUG);
|
||||
|
||||
if (!\OCP\User::userExists($shareWith)) {
|
||||
return new \OC_OCS_Result(null, 400, 'User does not exists');
|
||||
}
|
||||
|
|
|
@ -62,6 +62,13 @@ if(count($configPrefixes) > 0) {
|
|||
OCP\Backgroundjob::registerJob('OCA\user_ldap\lib\Jobs');
|
||||
OCP\Backgroundjob::registerJob('\OCA\User_LDAP\Jobs\CleanUp');
|
||||
|
||||
\OCP\Util::connectHook(
|
||||
'\OCA\Files_Sharing\API\Server2Server',
|
||||
'preLoginNameUsedAsUserName',
|
||||
'\OCA\user_ldap\lib\Helper',
|
||||
'loginName2UserName'
|
||||
);
|
||||
|
||||
if(OCP\App::isEnabled('user_webdavauth')) {
|
||||
OCP\Util::writeLog('user_ldap',
|
||||
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
|
||||
|
|
|
@ -27,6 +27,9 @@
|
|||
|
||||
namespace OCA\user_ldap\lib;
|
||||
|
||||
use OCA\user_ldap\lib\LDAP;
|
||||
use OCA\user_ldap\User_Proxy;
|
||||
|
||||
class Helper {
|
||||
|
||||
/**
|
||||
|
@ -181,4 +184,32 @@ class Helper {
|
|||
|
||||
return $domain;
|
||||
}
|
||||
|
||||
/**
|
||||
* listens to a hook thrown by server2server sharing and replaces the given
|
||||
* login name by a username, if it matches an LDAP user.
|
||||
*
|
||||
* @param array $param
|
||||
* @throws \Exception
|
||||
*/
|
||||
public static function loginName2UserName($param) {
|
||||
if(!isset($param['uid'])) {
|
||||
throw new \Exception('key uid is expected to be set in $param');
|
||||
}
|
||||
|
||||
//ain't it ironic?
|
||||
$helper = new Helper();
|
||||
|
||||
$configPrefixes = $helper->getServerConfigurationPrefixes(true);
|
||||
$ldapWrapper = new LDAP();
|
||||
$ocConfig = \OC::$server->getConfig();
|
||||
|
||||
$userBackend = new User_Proxy(
|
||||
$configPrefixes, $ldapWrapper, $ocConfig
|
||||
);
|
||||
$uid = $userBackend->loginName2UserName($param['uid'] );
|
||||
if($uid !== false) {
|
||||
$param['uid'] = $uid;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -70,6 +70,41 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the username for the given login name, if available
|
||||
*
|
||||
* @param string $loginName
|
||||
* @return string|false
|
||||
*/
|
||||
public function loginName2UserName($loginName) {
|
||||
try {
|
||||
$ldapRecord = $this->getLDAPUserByLoginName($loginName);
|
||||
$user = $this->access->userManager->get($ldapRecord['dn']);
|
||||
return $user->getUsername();
|
||||
} catch (\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* returns an LDAP record based on a given login name
|
||||
*
|
||||
* @param $loginName
|
||||
* @return array
|
||||
* @throws \Exception
|
||||
*/
|
||||
public function getLDAPUserByLoginName($loginName) {
|
||||
$uid = $this->access->escapeFilterPart($loginName);
|
||||
//find out dn of the user name
|
||||
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
|
||||
'uid', 'samaccountname');
|
||||
$users = $this->access->fetchUsersByLoginName($uid, $attrs);
|
||||
if(count($users) < 1) {
|
||||
throw new \Exception('No user available for the given login name.');
|
||||
}
|
||||
return $users[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the password is correct
|
||||
* @param string $uid The username
|
||||
|
@ -79,15 +114,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
* Check if the password is correct without logging in the user
|
||||
*/
|
||||
public function checkPassword($uid, $password) {
|
||||
//find out dn of the user name
|
||||
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
|
||||
'uid', 'samaccountname');
|
||||
$users = $this->access->fetchUsersByLoginName($uid, $attrs);
|
||||
if(count($users) < 1) {
|
||||
try {
|
||||
$ldapRecord = $this->getLDAPUserByLoginName($uid);
|
||||
} catch(\Exception $e) {
|
||||
return false;
|
||||
}
|
||||
$dn = $users[0]['dn'];
|
||||
$dn = $ldapRecord['dn'];
|
||||
$user = $this->access->userManager->get($dn);
|
||||
|
||||
if(!$user instanceof User) {
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'LDAP Login: Could not get user object for DN ' . $dn .
|
||||
|
@ -102,14 +136,14 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
|
|||
}
|
||||
|
||||
$user->markLogin();
|
||||
if(isset($users[0][$this->access->connection->ldapUserDisplayName])) {
|
||||
$dpn = $users[0][$this->access->connection->ldapUserDisplayName];
|
||||
if(isset($ldapRecord[$this->access->connection->ldapUserDisplayName])) {
|
||||
$dpn = $ldapRecord[$this->access->connection->ldapUserDisplayName];
|
||||
$user->storeDisplayName($dpn);
|
||||
}
|
||||
if(isset($users[0]['uid'])) {
|
||||
$user->storeLDAPUserName($users[0]['uid']);
|
||||
} else if(isset($users[0]['samaccountname'])) {
|
||||
$user->storeLDAPUserName($users[0]['samaccountname']);
|
||||
$user->storeLDAPUserName($ldapRecord['uid']);
|
||||
} else if(isset($ldapRecord['samaccountname'])) {
|
||||
$user->storeLDAPUserName($ldapRecord['samaccountname']);
|
||||
}
|
||||
|
||||
return $user->getUsername();
|
||||
|
|
|
@ -159,7 +159,7 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
|
|||
|
||||
/**
|
||||
* check if a user exists on LDAP
|
||||
* @param string|OCA\User_LDAP\lib\User\User $user either the ownCloud user
|
||||
* @param string|\OCA\User_LDAP\lib\User\User $user either the ownCloud user
|
||||
* name or an instance of that user
|
||||
* @return boolean
|
||||
*/
|
||||
|
@ -180,6 +180,17 @@ class User_Proxy extends lib\Proxy implements \OCP\IUserBackend, \OCP\UserInterf
|
|||
return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
|
||||
}
|
||||
|
||||
/**
|
||||
* returns the username for the given login name, if available
|
||||
*
|
||||
* @param string $loginName
|
||||
* @return string|false
|
||||
*/
|
||||
public function loginName2UserName($loginName) {
|
||||
$id = 'LOGINNAME,' . $loginName;
|
||||
return $this->handleRequest($id, 'loginName2UserName', array($loginName));
|
||||
}
|
||||
|
||||
/**
|
||||
* get the user's home directory
|
||||
* @param string $uid the username
|
||||
|
|
Loading…
Reference in New Issue