extend ILDAPProvider to allow reading arbitrairy ldap attributes for users
Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
parent
24a7772d6c
commit
b38149edaa
|
@ -42,7 +42,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
private $logger;
|
private $logger;
|
||||||
private $helper;
|
private $helper;
|
||||||
private $deletedUsersIndex;
|
private $deletedUsersIndex;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create new LDAPProvider
|
* Create new LDAPProvider
|
||||||
* @param \OCP\IServerContainer $serverContainer
|
* @param \OCP\IServerContainer $serverContainer
|
||||||
|
@ -77,7 +77,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
|
throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Translate an user id to LDAP DN
|
* Translate an user id to LDAP DN
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -126,7 +126,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
||||||
* @param string $dn the DN in question
|
* @param string $dn the DN in question
|
||||||
|
@ -135,7 +135,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
public function DNasBaseParameter($dn) {
|
public function DNasBaseParameter($dn) {
|
||||||
return $this->helper->DNasBaseParameter($dn);
|
return $this->helper->DNasBaseParameter($dn);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize a DN received from the LDAP server.
|
* Sanitize a DN received from the LDAP server.
|
||||||
* @param array $dn the DN in question
|
* @param array $dn the DN in question
|
||||||
|
@ -144,7 +144,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
public function sanitizeDN($dn) {
|
public function sanitizeDN($dn) {
|
||||||
return $this->helper->sanitizeDN($dn);
|
return $this->helper->sanitizeDN($dn);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a new LDAP connection resource for the specified user.
|
* Return a new LDAP connection resource for the specified user.
|
||||||
* The connection must be closed manually.
|
* The connection must be closed manually.
|
||||||
|
@ -172,7 +172,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
}
|
}
|
||||||
return $this->groupBackend->getNewLDAPConnection($gid);
|
return $this->groupBackend->getNewLDAPConnection($gid);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the LDAP base for users.
|
* Get the LDAP base for users.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -202,7 +202,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
);
|
);
|
||||||
return array_shift($bases);
|
return array_shift($bases);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the LDAP base for groups.
|
* Get the LDAP base for groups.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -216,7 +216,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
|
$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
|
||||||
return array_shift($bases);
|
return array_shift($bases);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Clear the cache if a cache is used, otherwise do nothing.
|
* Clear the cache if a cache is used, otherwise do nothing.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -241,7 +241,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
}
|
}
|
||||||
$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
|
$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check whether a LDAP DN exists
|
* Check whether a LDAP DN exists
|
||||||
* @param string $dn LDAP DN
|
* @param string $dn LDAP DN
|
||||||
|
@ -251,7 +251,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
$result = $this->userBackend->dn2UserName($dn);
|
$result = $this->userBackend->dn2UserName($dn);
|
||||||
return !$result ? false : true;
|
return !$result ? false : true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Flag record for deletion.
|
* Flag record for deletion.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -259,7 +259,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
public function flagRecord($uid) {
|
public function flagRecord($uid) {
|
||||||
$this->deletedUsersIndex->markUser($uid);
|
$this->deletedUsersIndex->markUser($uid);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unflag record for deletion.
|
* Unflag record for deletion.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -306,4 +306,35 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
|
||||||
}
|
}
|
||||||
return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
|
return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an LDAP attribute for a nextcloud user
|
||||||
|
* @param string $uid the nextcloud user id to get the attribute for
|
||||||
|
* @param string $attribute the name of the attribute to read
|
||||||
|
* @return string|null
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
*/
|
||||||
|
public function getUserAttribute(string $uid, string $attribute): ?string {
|
||||||
|
if (!$this->userBackend->userExists($uid)) {
|
||||||
|
throw new \Exception('User id not found in LDAP');
|
||||||
|
}
|
||||||
|
$access = $this->userBackend->getLDAPAccess($uid);
|
||||||
|
$connection = $access->getConnection();
|
||||||
|
$key = $uid . "::" . $attribute;
|
||||||
|
$cached = $connection->getFromCache($key);
|
||||||
|
|
||||||
|
if ($cached !== null) {
|
||||||
|
return $cached;
|
||||||
|
}
|
||||||
|
|
||||||
|
$value = $access->readAttribute($access->username2dn($uid), $attribute);
|
||||||
|
if (is_array($value) && count($value) > 0) {
|
||||||
|
$value = current($value);
|
||||||
|
} else {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
$connection->writeToCache($key, $value);
|
||||||
|
|
||||||
|
return $value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,7 +58,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function getUserName($dn);
|
public function getUserName($dn);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
* Convert a stored DN so it can be used as base parameter for LDAP queries.
|
||||||
* @param string $dn the DN
|
* @param string $dn the DN
|
||||||
|
@ -66,7 +66,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function DNasBaseParameter($dn);
|
public function DNasBaseParameter($dn);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize a DN received from the LDAP server.
|
* Sanitize a DN received from the LDAP server.
|
||||||
* @param array $dn the DN in question
|
* @param array $dn the DN in question
|
||||||
|
@ -74,7 +74,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function sanitizeDN($dn);
|
public function sanitizeDN($dn);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return a new LDAP connection resource for the specified user.
|
* Return a new LDAP connection resource for the specified user.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -90,7 +90,7 @@ interface ILDAPProvider {
|
||||||
* @since 13.0.0
|
* @since 13.0.0
|
||||||
*/
|
*/
|
||||||
public function getGroupLDAPConnection($gid);
|
public function getGroupLDAPConnection($gid);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the LDAP base for users.
|
* Get the LDAP base for users.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -99,7 +99,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function getLDAPBaseUsers($uid);
|
public function getLDAPBaseUsers($uid);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the LDAP base for groups.
|
* Get the LDAP base for groups.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -108,7 +108,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function getLDAPBaseGroups($uid);
|
public function getLDAPBaseGroups($uid);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check whether a LDAP DN exists
|
* Check whether a LDAP DN exists
|
||||||
* @param string $dn LDAP DN
|
* @param string $dn LDAP DN
|
||||||
|
@ -116,7 +116,7 @@ interface ILDAPProvider {
|
||||||
* @since 11.0.0
|
* @since 11.0.0
|
||||||
*/
|
*/
|
||||||
public function dnExists($dn);
|
public function dnExists($dn);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Clear the cache if a cache is used, otherwise do nothing.
|
* Clear the cache if a cache is used, otherwise do nothing.
|
||||||
* @param string $uid user id
|
* @param string $uid user id
|
||||||
|
@ -157,4 +157,14 @@ interface ILDAPProvider {
|
||||||
* @since 13.0.0
|
* @since 13.0.0
|
||||||
*/
|
*/
|
||||||
public function getLDAPGroupMemberAssoc($gid);
|
public function getLDAPGroupMemberAssoc($gid);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an LDAP attribute for a nextcloud user
|
||||||
|
* @param string $uid the nextcloud user id to get the attribute for
|
||||||
|
* @param string $attribute the name of the attribute to read
|
||||||
|
* @return string|null
|
||||||
|
* @throws \Exception if user id was not found in LDAP
|
||||||
|
* @since 22.0.0
|
||||||
|
*/
|
||||||
|
public function getUserAttribute(string $uid, string $attribute): ?string;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue