LDAP group: support for memberUid, fix for oc-594
This commit is contained in:
parent
051442bc76
commit
c1490239e5
|
@ -24,9 +24,11 @@
|
||||||
class OC_GROUP_LDAP extends OC_Group_Backend {
|
class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
// //group specific settings
|
// //group specific settings
|
||||||
protected $ldapGroupFilter;
|
protected $ldapGroupFilter;
|
||||||
|
protected $ldapGroupMemberAssocAttr;
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
|
$this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)');
|
||||||
|
$this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -44,7 +46,22 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
if(!$dn_group || !$dn_user) {
|
if(!$dn_group || !$dn_user) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$members = OC_LDAP::readAttribute($dn_group, LDAP_GROUP_MEMBER_ASSOC_ATTR);
|
$members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr);
|
||||||
|
|
||||||
|
//extra work if we don't get back user DNs
|
||||||
|
//TODO: this can be done with one LDAP query
|
||||||
|
if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||||
|
$dns = array();
|
||||||
|
foreach($members as $uid) {
|
||||||
|
$filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
|
||||||
|
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||||
|
if(count($ldap_users) < 1) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$dns[] = $ldap_users[0];
|
||||||
|
}
|
||||||
|
$members = $dns;
|
||||||
|
}
|
||||||
|
|
||||||
return in_array($dn_user, $members);
|
return in_array($dn_user, $members);
|
||||||
}
|
}
|
||||||
|
@ -63,9 +80,20 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//uniqueMember takes DN, memberuid the uid, so we need to distinguish
|
||||||
|
if(strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') {
|
||||||
|
$uid = $userDN;
|
||||||
|
} else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||||
|
$result = OC_LDAP::readAttribute($userDN, 'uid');
|
||||||
|
$uid = $result[0];
|
||||||
|
} else {
|
||||||
|
// just in case
|
||||||
|
$uid = $userDN;
|
||||||
|
}
|
||||||
|
|
||||||
$filter = OC_LDAP::combineFilterWithAnd(array(
|
$filter = OC_LDAP::combineFilterWithAnd(array(
|
||||||
$this->ldapGroupFilter,
|
$this->ldapGroupFilter,
|
||||||
LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$userDN
|
$this->ldapGroupMemberAssocAttr.'='.$uid
|
||||||
));
|
));
|
||||||
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
$groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn'));
|
||||||
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
|
$userGroups = OC_LDAP::ownCloudGroupNames($groups);
|
||||||
|
@ -82,9 +110,19 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
|
||||||
if(!$groupDN) {
|
if(!$groupDN) {
|
||||||
return array();
|
return array();
|
||||||
}
|
}
|
||||||
$members = OC_LDAP::readAttribute($groupDN, LDAP_GROUP_MEMBER_ASSOC_ATTR);
|
$members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr);
|
||||||
$result = array();
|
$result = array();
|
||||||
foreach($members as $member) {
|
foreach($members as $member) {
|
||||||
|
if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') {
|
||||||
|
$filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter'));
|
||||||
|
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||||
|
if(count($ldap_users) < 1) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$result[] = OC_LDAP::dn2username($ldap_users[0]);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
//de-facto else
|
||||||
$result[] = OC_LDAP::dn2username($member);
|
$result[] = OC_LDAP::dn2username($member);
|
||||||
}
|
}
|
||||||
return array_unique($result, SORT_LOCALE_STRING);
|
return array_unique($result, SORT_LOCALE_STRING);
|
||||||
|
|
|
@ -49,6 +49,7 @@ class OC_LDAP {
|
||||||
static protected $ldapUserDisplayName;
|
static protected $ldapUserDisplayName;
|
||||||
static protected $ldapUserFilter;
|
static protected $ldapUserFilter;
|
||||||
static protected $ldapGroupDisplayName;
|
static protected $ldapGroupDisplayName;
|
||||||
|
static protected $ldapLoginFilter;
|
||||||
|
|
||||||
static public function init() {
|
static public function init() {
|
||||||
self::readConfiguration();
|
self::readConfiguration();
|
||||||
|
@ -76,6 +77,7 @@ class OC_LDAP {
|
||||||
$availableProperties = array(
|
$availableProperties = array(
|
||||||
'ldapUserDisplayName',
|
'ldapUserDisplayName',
|
||||||
'ldapGroupDisplayName',
|
'ldapGroupDisplayName',
|
||||||
|
'ldapLoginFilter'
|
||||||
);
|
);
|
||||||
|
|
||||||
if(in_array($key, $availableProperties)) {
|
if(in_array($key, $availableProperties)) {
|
||||||
|
@ -574,6 +576,7 @@ class OC_LDAP {
|
||||||
self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
|
self::$ldapNoCase = OCP\Config::getAppValue('user_ldap', 'ldap_nocase', 0);
|
||||||
self::$ldapUserDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
|
self::$ldapUserDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
|
||||||
self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
|
self::$ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter','objectClass=person');
|
||||||
|
self::$ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
|
||||||
self::$ldapGroupDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR);
|
self::$ldapGroupDisplayName = OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', LDAP_GROUP_DISPLAY_NAME_ATTR);
|
||||||
|
|
||||||
if(empty(self::$ldapBaseUsers)) {
|
if(empty(self::$ldapBaseUsers)) {
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr');
|
$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
|
||||||
|
|
||||||
OCP\Util::addscript('user_ldap', 'settings');
|
OCP\Util::addscript('user_ldap', 'settings');
|
||||||
|
|
||||||
|
@ -50,5 +50,6 @@ foreach($params as $param){
|
||||||
// settings with default values
|
// settings with default values
|
||||||
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
|
$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT));
|
||||||
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
|
$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME));
|
||||||
|
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
|
||||||
|
|
||||||
return $tmpl->fetchPage();
|
return $tmpl->fetchPage();
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
|
<p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
|
||||||
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><input type="text" id="ldap_base_users" name="ldap_base_users" value="<?php echo $_['ldap_base_users']; ?>" /></p>
|
<p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><input type="text" id="ldap_base_users" name="ldap_base_users" value="<?php echo $_['ldap_base_users']; ?>" /></p>
|
||||||
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><input type="text" id="ldap_base_groups" name="ldap_base_groups" value="<?php echo $_['ldap_base_groups']; ?>" /></p>
|
<p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><input type="text" id="ldap_base_groups" name="ldap_base_groups" value="<?php echo $_['ldap_base_groups']; ?>" /></p>
|
||||||
|
<p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option></select></p>
|
||||||
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
|
<p><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?>><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label></p>
|
||||||
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
|
<p><input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label></p>
|
||||||
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
|
<p><label for="ldap_display_name"><?php echo $l->t('Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" />
|
||||||
|
|
|
@ -27,7 +27,6 @@ class OC_USER_LDAP extends OC_User_Backend {
|
||||||
|
|
||||||
// cached settings
|
// cached settings
|
||||||
protected $ldapUserFilter;
|
protected $ldapUserFilter;
|
||||||
protected $ldapLoginFilter;
|
|
||||||
protected $ldapQuotaAttribute;
|
protected $ldapQuotaAttribute;
|
||||||
protected $ldapQuotaDefault;
|
protected $ldapQuotaDefault;
|
||||||
protected $ldapEmailAttribute;
|
protected $ldapEmailAttribute;
|
||||||
|
@ -37,7 +36,6 @@ class OC_USER_LDAP extends OC_User_Backend {
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
|
$this->ldapUserFilter = OCP\Config::getAppValue('user_ldap', 'ldap_userlist_filter', '(objectClass=posixAccount)');
|
||||||
$this->ldapLoginFilter = OCP\Config::getAppValue('user_ldap', 'ldap_login_filter', '(uid=%uid)');
|
|
||||||
$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
|
$this->ldapQuotaAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_quota_attr', '');
|
||||||
$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
|
$this->ldapQuotaDefault = OCP\Config::getAppValue('user_ldap', 'ldap_quota_def', '');
|
||||||
$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
|
$this->ldapEmailAttribute = OCP\Config::getAppValue('user_ldap', 'ldap_email_attr', '');
|
||||||
|
@ -83,7 +81,7 @@ class OC_USER_LDAP extends OC_User_Backend {
|
||||||
*/
|
*/
|
||||||
public function checkPassword($uid, $password){
|
public function checkPassword($uid, $password){
|
||||||
//find out dn of the user name
|
//find out dn of the user name
|
||||||
$filter = str_replace('%uid', $uid, $this->ldapLoginFilter);
|
$filter = str_replace('%uid', $uid, OC_LDAP::conf('ldapLoginFilter'));
|
||||||
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
$ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn');
|
||||||
if(count($ldap_users) < 1) {
|
if(count($ldap_users) < 1) {
|
||||||
return false;
|
return false;
|
||||||
|
|
Loading…
Reference in New Issue