LDAP group: support for memberUid, fix for oc-594
This commit is contained in:
parent
051442bc76
commit
c1490239e5
|
@ -24,9 +24,11 @@
|
|||
class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||
// //group specific settings
|
||||
protected $ldapGroupFilter;
|
||||
protected $ldapGroupMemberAssocAttr;
|
||||
|
||||
public function __construct() {
|
||||
$this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
|
||||
$this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
|
||||
$this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -44,7 +46,22 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
|||
if(!$dn_group || !$dn_user) {
|
||||
return false;
|
||||
}
|
||||
$members = OC_LDAP::readAttribute($dn_group, LDAP_GROUP_MEMBER_ASSOC_ATTR);
|
||||
$members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
|
||||
|
||||
//extra work if we don't get back user DNs
|
||||
//TODO: this can be done with one LDAP query
|
||||
if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||
$dns = array();
|
||||
foreach($members as $uid) {
|
||||
$filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
|
||||
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||
if(count($ldap_users) < 1) {
|
||||
continue;
|
||||
}
|
||||
$dns[] = $ldap_users[0];
|
||||
}
|
||||
$members = $dns;
|
||||
}
|
||||
|
||||
return in_array($dn_user, $members);
|
||||
}
|
||||
|
@ -63,9 +80,20 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
|||
return array();
|
||||
}
|
||||
|
||||
//uniqueMember takes DN, memberuid the uid, so we need to distinguish
|
||||
if(strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') {
|
||||
$uid = $userDN;
|
||||
} else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||
$result = OC_LDAP::readAttribute($userDN, 'uid');
|
||||
$uid = $result[0];
|
||||
} else {
|
||||
// just in case
|
||||
$uid = $userDN;
|
||||
}
|
||||
|
||||
$filter = OC_LDAP::combineFilterWithAnd(array(
|
||||
$this->ldapGroupFilter,
|
||||
LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$userDN
|
||||
$this->ldapGroupMemberAssocAttr.'='.$uid
|
||||
));
|
||||
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
||||
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
|
||||
|
@ -82,9 +110,19 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
|||
if(!$groupDN) {
|
||||
return array();
|
||||
}
|
||||
$members = OC_LDAP::readAttribute($groupDN, LDAP_GROUP_MEMBER_ASSOC_ATTR);
|
||||
$members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
|
||||
$result = array();
|
||||
foreach($members as $member) {
|
||||
if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||
$filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'));
|
||||
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||
if(count($ldap_users) < 1) {
|
||||
continue;
|
||||
}
|
||||
$result[] = OC_LDAP::dn2username($ldap_users[0]);
|
||||
continue;
|
||||
}
|
||||
//de-facto else
|
||||
$result[] = OC_LDAP::dn2username($member);
|
||||
}
|
||||
return array_unique($result, SORT_LOCALE_STRING);
|
||||
|
|
|
@ -49,6 +49,7 @@ class OC_LDAP {
|
|||
static protected $ldapUserDisplayName;
|
||||
static protected $ldapUserFilter;
|
||||
static protected $ldapGroupDisplayName;
|
||||
static protected $ldapLoginFilter;
|
||||
|
||||
static public function init() {
|
||||
self::readConfiguration();
|
||||
|
@ -76,6 +77,7 @@ class OC_LDAP {
|
|||
$availableProperties = array(
|
||||
'ldapUserDisplayName',
|
||||
'ldapGroupDisplayName',
|
||||
'ldapLoginFilter'
|
||||
);
|
||||
|
||||
if(in_array($key, $availableProperties)) {
|
||||
|
@ -574,6 +576,7 @@ class OC_LDAP {
|
|||
self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
|
||||
self::$ldapUserDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
|
||||
self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
|
||||
self::$ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
|
||||
self::$ldapGroupDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR);
|
||||
|
||||
if(empty(self::$ldapBaseUsers)) {
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr');
|
||||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
|
||||
|
||||
OCP\Util::addscript('user_ldap', 'settings');
|
||||
|
||||
|
@ -50,5 +50,6 @@ foreach($params as $param){
|
|||
// settings with default values
|
||||
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
|
||||
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
|
||||
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
|
||||
|
||||
return $tmpl->fetchPage();
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
|
||||
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><input type="text" id="ldap_base_users" name="ldap_base_users" value="<?php echo $_['ldap_base_users']; ?>" /></p>
|
||||
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><input type="text" id="ldap_base_groups" name="ldap_base_groups" value="<?php echo $_['ldap_base_groups']; ?>" /></p>
|
||||
<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option></select></p>
|
||||
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
|
||||
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
|
||||
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
|
||||
|
|
|
@ -27,7 +27,6 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
|
||||
// cached settings
|
||||
protected $ldapUserFilter;
|
||||
protected $ldapLoginFilter;
|
||||
protected $ldapQuotaAttribute;
|
||||
protected $ldapQuotaDefault;
|
||||
protected $ldapEmailAttribute;
|
||||
|
@ -37,7 +36,6 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
|
||||
public function __construct() {
|
||||
$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
|
||||
$this->ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
|
||||
$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
|
||||
$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
|
||||
$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
|
||||
|
@ -83,7 +81,7 @@ class OC_USER_LDAP extends OC_User_Backend {
|
|||
*/
|
||||
public function checkPassword($uid, $password){
|
||||
//find out dn of the user name
|
||||
$filter = str_replace('%uid', $uid, $this->ldapLoginFilter);
|
||||
$filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
|
||||
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||
if(count($ldap_users) < 1) {
|
||||
return false;
|
||||
|
|
Loading…
Reference in New Issue