Combing LDAP backend with LDAP extended backend
This commit is contained in:
Arthur Schiwon
parent
490c9db15d
commit
7ff4e40b20
|
|
@ -32,13 +32,13 @@ define('OC_USER_BACKEND_LDAP_DEFAULT_PORT', 389);
|
|||
define('OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME', 'uid');
|
||||
|
||||
// register user backend
|
||||
OC_User::useBackend( "LDAP" );
|
||||
OC_User::useBackend( 'LDAP' );
|
||||
|
||||
// add settings page to navigation
|
||||
$entry = array(
|
||||
'id' => "user_ldap_settings",
|
||||
'id' => 'user_ldap_settings',
|
||||
'order'=>1,
|
||||
'href' => OC_Helper::linkTo( "user_ldap", "settings.php" ),
|
||||
'href' => OC_Helper::linkTo( 'user_ldap', 'settings.php' ),
|
||||
'name' => 'LDAP'
|
||||
);
|
||||
// OC_App::addNavigationSubEntry( "core_users", $entry);
|
||||
|
|
|
|||
|
|
@ -12,6 +12,9 @@
|
|||
<small><?php echo $l->t('Currently the display name field needs to be the same you matched %%uid against in the filter above, because ownCloud doesn\'t distinguish between user id and user name.');?></small></p>
|
||||
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
|
||||
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if ($_['ldap_nocase']) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
|
||||
<p><label for="ldap_quota">Quota Attribute</label><input type="text" id="ldap_quota" name="ldap_quota" value="<?php echo $_['ldap_quota']; ?>" />
|
||||
<label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php echo $_['ldap_quota_def']; ?>" />bytes</p>
|
||||
<p><label for="ldap_email">Email Attribute</label><input type="text" id="ldap_email" name="ldap_email" value="<?php echo $_['ldap_email']; ?>" /></p>
|
||||
<input type="submit" value="Save" />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -36,6 +36,12 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
protected $ldap_tls;
|
||||
protected $ldap_nocase;
|
||||
protected $ldap_display_name;
|
||||
protected $ldap_quota;
|
||||
protected $ldap_quota_def;
|
||||
protected $ldap_email;
|
||||
|
||||
// will be retrieved from LDAP server
|
||||
protected $ldap_dc = false;
|
||||
|
||||
function __construct() {
|
||||
$this->ldap_host = OC_Appconfig::getValue('user_ldap', 'ldap_host','');
|
||||
|
|
@ -47,6 +53,9 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
$this->ldap_tls = OC_Appconfig::getValue('user_ldap', 'ldap_tls', 0);
|
||||
$this->ldap_nocase = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0);
|
||||
$this->ldap_display_name = OC_Appconfig::getValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
|
||||
$this->ldap_quota_attr = OC_Appconfig::getValue('user_ldap', 'ldap_quota_attr','');
|
||||
$this->ldap_quota_def = OC_Appconfig::getValue('user_ldap', 'ldap_quota_def','');
|
||||
$this->ldap_email_attr = OC_Appconfig::getValue('user_ldap', 'ldap_email_attr','');
|
||||
|
||||
if( !empty($this->ldap_host)
|
||||
&& !empty($this->ldap_port)
|
||||
|
|
@ -66,6 +75,28 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
ldap_unbind($this->ds);
|
||||
}
|
||||
|
||||
private function setQuota( $uid ) {
|
||||
if( !$this->ldap_dc )
|
||||
return false;
|
||||
|
||||
$quota = $this->ldap_dc[$this->ldap_quota_attr][0];
|
||||
$quota = $quota != -1 ? $quota : $this->ldap_quota_def;
|
||||
OC_Preferences::setValue($uid, 'files', 'quota', $quota);
|
||||
}
|
||||
|
||||
private function setEmail( $uid ) {
|
||||
if( !$this->ldap_dc )
|
||||
return false;
|
||||
|
||||
$email = OC_Preferences::getValue($uid, 'settings', 'email', '');
|
||||
if ( !empty( $email ) )
|
||||
return false;
|
||||
|
||||
$email = $this->ldap_dc[$this->ldap_email_attr][0];
|
||||
OC_Preferences::setValue($uid, 'settings', 'email', $email);
|
||||
}
|
||||
|
||||
//Connect to LDAP and store the resource
|
||||
private function getDs() {
|
||||
if(!$this->ds) {
|
||||
$this->ds = ldap_connect( $this->ldap_host, $this->ldap_port );
|
||||
|
|
@ -74,18 +105,19 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
if($this->ldap_tls)
|
||||
ldap_start_tls($this->ds);
|
||||
}
|
||||
|
||||
//TODO: Not necessary to perform a bind each time, is it?
|
||||
// login
|
||||
if(!empty($this->ldap_dn)) {
|
||||
$ldap_login = @ldap_bind( $this->ds, $this->ldap_dn, $this->ldap_password );
|
||||
if(!$ldap_login)
|
||||
if(!$ldap_login) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return $this->ds;
|
||||
}
|
||||
|
||||
private function getDn( $uid ) {
|
||||
private function getDc( $uid ) {
|
||||
if(!$this->configured)
|
||||
return false;
|
||||
|
||||
|
|
@ -99,31 +131,43 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
|
||||
$entries = ldap_get_entries( $this->getDs(), $sr );
|
||||
|
||||
if( $entries['count'] == 0 )
|
||||
if( $entries['count'] == 0 ) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $entries[0]['dn'];
|
||||
$this->ldap_dc = $entries[0];
|
||||
|
||||
return $this->ldap_dc;
|
||||
}
|
||||
|
||||
public function checkPassword( $uid, $password ) {
|
||||
if(!$this->configured){
|
||||
return false;
|
||||
}
|
||||
$dn = $this->getDn( $uid );
|
||||
if( !$dn )
|
||||
$dc = $this->getDc( $uid );
|
||||
if( !$dc )
|
||||
return false;
|
||||
|
||||
if (!@ldap_bind( $this->getDs(), $dn, $password ))
|
||||
if (!@ldap_bind( $this->getDs(), $dc['dn'], $password )) {
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
if(!empty($this->ldap_quota) && !empty($this->ldap_quota_def)) {
|
||||
$this->setQuota($uid);
|
||||
}
|
||||
|
||||
if(!empty($this->ldap_email_attr)) {
|
||||
$this->setEmail($uid);
|
||||
}
|
||||
|
||||
if($this->ldap_nocase) {
|
||||
$filter = str_replace('%uid', $uid, $this->ldap_filter);
|
||||
$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
|
||||
$entries = ldap_get_entries( $this->getDs(), $sr );
|
||||
if( $entries['count'] == 1 ) {
|
||||
foreach($entries as $row) {
|
||||
$ldap_display_name = strtolower($this->ldap_display_name);
|
||||
if(isset($row[$ldap_display_name])) {
|
||||
$ldap_display_name = strtolower($this->ldap_display_name);
|
||||
if(isset($row[$ldap_display_name])) {
|
||||
return $row[$ldap_display_name][0];
|
||||
}
|
||||
}
|
||||
|
|
@ -131,12 +175,12 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
else {
|
||||
return $uid;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
else {
|
||||
return $uid;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public function userExists( $uid ) {
|
||||
|
|
@ -146,17 +190,17 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
$dn = $this->getDn($uid);
|
||||
return !empty($dn);
|
||||
}
|
||||
|
||||
|
||||
public function getUsers()
|
||||
{
|
||||
if(!$this->configured)
|
||||
return false;
|
||||
|
||||
|
||||
// connect to server
|
||||
$ds = $this->getDs();
|
||||
if( !$ds )
|
||||
return false;
|
||||
|
||||
|
||||
// get users
|
||||
$filter = 'objectClass=person';
|
||||
$sr = ldap_search( $this->getDs(), $this->ldap_base, $filter );
|
||||
|
|
@ -169,7 +213,7 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
// TODO ldap_get_entries() seems to lower all keys => needs review
|
||||
$ldap_display_name = strtolower($this->ldap_display_name);
|
||||
if(isset($row[$ldap_display_name])) {
|
||||
$users[] = $row[$ldap_display_name][0];
|
||||
$users[] = $row[$ldap_display_name][0];
|
||||
}
|
||||
}
|
||||
// TODO language specific sorting of user names
|
||||
|
|
|
|||
Loading…
Reference in New Issue