+ * This file is licensed under the Affero General Public License version 3 or later.
+ * See the COPYING-README file.
+ */
+
+OCA = OCA || {};
+
+(function() {
+
+ /**
+ * @classdesc This class represents the view belonging to the login filter
+ * tab in the LDAP wizard.
+ */
+ var WizardTabLoginFilter = OCA.LDAP.Wizard.WizardTabGeneric.subClass({
+ /**
+ * initializes the instance. Always call it after initialization.
+ *
+ * @param tabIndex
+ * @param tabID
+ */
+ init: function (tabIndex, tabID) {
+ this._super(tabIndex, tabID);
+
+ var items = {
+ ldap_loginfilter_username: {
+ $element: $('#ldap_loginfilter_username'),
+ setMethod: 'setLoginAttributeUsername'
+ },
+ ldap_loginfilter_email: {
+ $element: $('#ldap_loginfilter_email'),
+ setMethod: 'setLoginAttributeEmail'
+ },
+ ldap_login_filter_mode: {
+ setMethod: 'setFilterMode'
+ },
+ ldap_loginfilter_attributes: {
+ $element: $('#ldap_loginfilter_attributes'),
+ setMethod: 'setLoginAttributesOther'
+ },
+ ldap_login_filter: {
+ $element: $('#ldap_login_filter'),
+ setMethod: 'setLoginFilter'
+ },
+ loginFilterRawToggle: {
+ $element: $('#toggleRawLoginFilter')
+ },
+ loginFilterRawContainer: {
+ $element: $('#rawLoginFilterContainer')
+ },
+ ldap_test_loginname: {
+ $element: $('#ldap_test_loginname'),
+ $relatedElements: $('.ldapVerifyLoginName')
+ }
+ };
+ this.setManagedItems(items);
+
+ this.filterModeKey = 'ldapLoginFilterMode';
+ this._initMultiSelect(
+ this.managedItems.ldap_loginfilter_attributes.$element,
+ t('user_ldap', 'Select attributes')
+ );
+ this.filterName = 'ldap_login_filter';
+ this._initFilterModeSwitcher(
+ this.managedItems.loginFilterRawToggle.$element,
+ this.managedItems.loginFilterRawContainer.$element,
+ [
+ this.managedItems.ldap_loginfilter_username.$element,
+ this.managedItems.ldap_loginfilter_email.$element,
+ this.managedItems.ldap_loginfilter_attributes.$element
+ ],
+ 'ldap_login_filter_mode'
+ );
+ _.bindAll(this, 'onVerifyClick');
+ this.managedItems.ldap_test_loginname.$relatedElements.click(this.onVerifyClick);
+ },
+
+ /**
+ * Sets the config model for this view and subscribes to some events.
+ * Also binds the config chooser to the model
+ *
+ * @param {OCA.LDAP.Wizard.ConfigModel} configModel
+ */
+ setModel: function(configModel) {
+ this._super(configModel);
+ this.configModel.on('configLoaded', this.onConfigSwitch, this);
+ this.configModel.on('receivedLdapFeature', this.onFeatureReceived, this);
+ },
+
+ /**
+ * sets the selected attributes
+ *
+ * @param {Array} attributes
+ */
+ setLoginAttributesOther: function(attributes) {
+ this.setElementValue(this.managedItems.ldap_loginfilter_attributes.$element, attributes);
+ this.managedItems.ldap_loginfilter_attributes.$element.multiselect('refresh');
+ },
+
+ /**
+ * sets the login list filter
+ *
+ * @param {string} filter
+ */
+ setLoginFilter: function(filter) {
+ this.setElementValue(this.managedItems.ldap_login_filter.$element, filter);
+ this.$filterModeRawContainer.siblings('.ldapReadOnlyFilterContainer').find('.ldapFilterReadOnlyElement').text(filter);
+ },
+
+ /**
+ * updates the username attribute check box
+ *
+ * @param {string} useUsername contains an int
+ */
+ setLoginAttributeUsername: function(useUsername) {
+ this.setElementValue(
+ this.managedItems.ldap_loginfilter_username.$element, useUsername
+ );
+ },
+
+ /**
+ * updates the email attribute check box
+ *
+ * @param {string} useEmail contains an int
+ */
+ setLoginAttributeEmail: function(useEmail) {
+ this.setElementValue(
+ this.managedItems.ldap_loginfilter_email.$element, useEmail
+ );
+ },
+
+ /**
+ * presents the result of the login name test
+ *
+ * @param result
+ */
+ handleLoginTestResult: function(result) {
+ var message;
+ var isHtml = false;
+ if(result.status === 'success') {
+ var usersFound = parseInt(result.changes.ldap_test_loginname, 10);
+ if(usersFound < 1) {
+ var filter = $('').text(result.changes.ldap_test_effective_filter).html();
+ message = t('user_ldap', 'User not found. Please check your login attributes and username. Effective filter (to copy-and-paste for command line validation):
' + filter);
+ console.warn(filter);
+ isHtml = true;
+ } else if(usersFound === 1) {
+ message = t('user_ldap', 'User found and settings verified.');
+ } else if(usersFound > 1) {
+ message = t('user_ldap', 'Settings verified, but one user found. Only the first will be able to login. Consider a more narrow filter.');
+ }
+ } else {
+ message = t('user_ldap', 'An unspecified error occurred. Please check the settings and the log.');
+ if(!_.isUndefined(result.message) && result.message) {
+ message = result.message;
+ }
+ if(message === 'Bad search filter') {
+ message = t('user_ldap', 'The search filter is invalid, probably due to syntax issues like uneven number of opened and closed brackets. Please revise.');
+ } else if(message === 'connection error') {
+ message = t('user_ldap', 'A connection error to LDAP / AD occurred, please check host, port and credentials.');
+ } else if(message === 'missing placeholder') {
+ message = t('user_ldap', 'The %uid placeholder is missing. It will be replaced with the login name when querying LDAP / AD.');
+ }
+ }
+ OC.Notification.showTemporary(message, {isHTML: isHtml});
+ },
+
+ /**
+ * @inheritdoc
+ */
+ considerFeatureRequests: function() {
+ if(!this.isActive) {
+ return;
+ }
+ if(this.managedItems.ldap_loginfilter_attributes.$element.find('option').length === 0) {
+ this.disableElement(this.managedItems.ldap_loginfilter_attributes.$element);
+ if(this.parsedFilterMode === this.configModel.FILTER_MODE_ASSISTED) {
+ this.configModel.requestWizard('ldap_loginfilter_attributes');
+ }
+ }
+ },
+
+ /**
+ * @inheritdoc
+ */
+ onActivate: function() {
+ this.considerFeatureRequests();
+ if(!this.managedItems.ldap_login_filter.$element.val()) {
+ this.configModel.requestWizard('ldap_login_filter');
+ }
+ },
+
+ /**
+ * resets the view when a configuration switch happened.
+ *
+ * @param {WizardTabLoginFilter} view
+ * @param {Object} configuration
+ */
+ onConfigSwitch: function(view, configuration) {
+ view.managedItems.ldap_loginfilter_attributes.$element.find('option').remove();
+
+ view.onConfigLoaded(view, configuration);
+ },
+
+ /**
+ * if UserObjectClasses are found, the corresponding element will be
+ * updated
+ *
+ * @param {WizardTabLoginFilter} view
+ * @param {FeaturePayload} payload
+ */
+ onFeatureReceived: function(view, payload) {
+ if(payload.feature === 'AvailableAttributes') {
+ view.equipMultiSelect(view.managedItems.ldap_loginfilter_attributes.$element, payload.data);
+ } else if(payload.feature === 'TestLoginName') {
+ view.handleLoginTestResult(payload.data);
+ }
+ },
+
+ /**
+ * request to test the provided login name
+ *
+ * @param {Event} event
+ */
+ onVerifyClick: function(event) {
+ event.preventDefault();
+ var testLogin = this.managedItems.ldap_test_loginname.$element.val();
+ if(!testLogin) {
+ OC.Notification.showTemporary(t('user_ldap', 'Please provide a login name to test against'), 3);
+ } else {
+ this.configModel.requestWizard('ldap_test_loginname', {ldap_test_loginname: testLogin});
+ }
+ }
+
+ });
+
+ OCA.LDAP.Wizard.WizardTabLoginFilter = WizardTabLoginFilter;
+})();
diff --git a/apps/user_ldap/js/wizard/wizardTabUserFilter.js b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
new file mode 100644
index 0000000000..992c1ccf37
--- /dev/null
+++ b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
@@ -0,0 +1,136 @@
+/**
+ * Copyright (c) 2015, Arthur Schiwon
+ * This file is licensed under the Affero General Public License version 3 or later.
+ * See the COPYING-README file.
+ */
+
+OCA = OCA || {};
+
+(function() {
+
+ /**
+ * @classdesc This class represents the view belonging to the server tab
+ * in the LDAP wizard.
+ */
+ var WizardTabUserFilter = OCA.LDAP.Wizard.WizardTabAbstractFilter.subClass({
+ /**
+ * @inheritdoc
+ */
+ init: function (fotf, tabIndex, tabID) {
+ tabID = '#ldapWizard2';
+ var items = {
+ ldap_userfilter_objectclass: {
+ $element: $('#ldap_userfilter_objectclass'),
+ setMethod: 'setObjectClass',
+ keyName: 'ldap_userfilter_objectclass',
+ featureName: 'UserObjectClasses'
+ },
+ ldap_user_filter_mode: {
+ setMethod: 'setFilterMode'
+ },
+ ldap_userfilter_groups: {
+ $element: $('#ldap_userfilter_groups'),
+ setMethod: 'setGroups',
+ keyName: 'ldap_userfilter_groups',
+ featureName: 'GroupsForUsers',
+ $relatedElements: $(
+ tabID + ' .ldapGroupListAvailable,' +
+ tabID + ' .ldapGroupListSelected,' +
+ tabID + ' .ldapManyGroupsSearch'
+ )
+ },
+ ldap_userlist_filter: {
+ $element: $('#ldap_userlist_filter'),
+ setMethod: 'setFilter',
+ keyName: 'ldap_userlist_filter'
+ },
+ userFilterRawToggle: {
+ $element: $('#toggleRawUserFilter')
+ },
+ userFilterRawContainer: {
+ $element: $('#rawUserFilterContainer')
+ },
+ ldap_user_count: {
+ $element: $('#ldap_user_count'),
+ $relatedElements: $('.ldapGetUserCount'),
+ setMethod: 'setCount',
+ keyName: 'ldap_user_count'
+ }
+ };
+ this.setManagedItems(items);
+ this.manyGroupsSupport = true;
+ this._super(fotf, tabIndex, tabID);
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getObjectClassItem: function () {
+ return this.managedItems.ldap_userfilter_objectclass;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getGroupsItem: function () {
+ return this.managedItems.ldap_userfilter_groups;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getFilterItem: function () {
+ return this.managedItems.ldap_userlist_filter;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getToggleItem: function () {
+ return this.managedItems.userFilterRawToggle;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getRawFilterContainerItem: function () {
+ return this.managedItems.userFilterRawContainer;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {Object}
+ */
+ getCountItem: function () {
+ return this.managedItems.ldap_user_count;
+ },
+
+ /**
+ * @inheritdoc
+ * @returns {string}
+ */
+ getFilterModeKey: function () {
+ return 'ldap_user_filter_mode';
+ },
+
+ /**
+ * @inheritdoc
+ */
+ overrideErrorMessage: function(message, key) {
+ if( key === 'ldap_userfilter_groups'
+ && message === 'memberOf is not supported by the server'
+ ) {
+ message = t('user_ldap', 'The group box was disabled, because the LDAP / AD server does not support memberOf.');
+ }
+ return message;
+ }
+
+ });
+
+ OCA.LDAP.Wizard.WizardTabUserFilter = WizardTabUserFilter;
+})();
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index e7fb4165c3..f38d11d4be 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -595,6 +595,22 @@ class Access extends LDAPUtility implements user\IUserTools {
return $altName;
}
+ /**
+ * fetches a list of users according to a provided loginName and utilizing
+ * the login filter.
+ *
+ * @param string $loginName
+ * @param array $attributes optional, list of attributes to read
+ * @return array
+ */
+ public function fetchUsersByLoginName($loginName, $attributes = array('dn')) {
+ $loginName = $this->escapeFilterPart($loginName);
+ $filter = \OCP\Util::mb_str_replace(
+ '%uid', $loginName, $this->connection->ldapLoginFilter, 'UTF-8');
+ $users = $this->fetchListOfUsers($filter, $attributes);
+ return $users;
+ }
+
/**
* @param string $filter
* @param string|string[] $attr
@@ -686,6 +702,17 @@ class Access extends LDAPUtility implements user\IUserTools {
return $this->count($filter, $this->connection->ldapBaseGroups, $attr, $limit, $offset);
}
+ /**
+ * returns the number of available objects on the base DN
+ *
+ * @param int|null $limit
+ * @param int|null $offset
+ * @return int|bool
+ */
+ public function countObjects($limit = null, $offset = null) {
+ return $this->count('objectclass=*', $this->connection->ldapBase, array('dn'), $limit, $offset);
+ }
+
/**
* retrieved. Results will according to the order in the array.
* @param int $limit optional, maximum results to be counted
diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php
index 9b01fd2e55..373c5b4841 100644
--- a/apps/user_ldap/lib/configuration.php
+++ b/apps/user_ldap/lib/configuration.php
@@ -201,11 +201,14 @@ class Configuration {
case 'ldapAgentPassword':
$readMethod = 'getPwd';
break;
- case 'ldapUserDisplayName':
case 'ldapGroupDisplayName':
$readMethod = 'getLcValue';
break;
+ case 'ldapUserDisplayName':
default:
+ // user display name does not lower case because
+ // we rely on an upper case N as indicator whether to
+ // auto-detect it or not. FIXME
$readMethod = 'getValue';
break;
}
@@ -374,7 +377,7 @@ class Configuration {
'ldap_groupfilter_groups' => '',
'ldap_display_name' => 'displayName',
'ldap_group_display_name' => 'cn',
- 'ldap_tls' => 1,
+ 'ldap_tls' => 0,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
diff --git a/apps/user_ldap/lib/wizard.php b/apps/user_ldap/lib/wizard.php
index 97f3002cca..7bb5752352 100644
--- a/apps/user_ldap/lib/wizard.php
+++ b/apps/user_ldap/lib/wizard.php
@@ -75,9 +75,11 @@ class Wizard extends LDAPUtility {
/**
* counts entries in the LDAP directory
+ *
* @param string $filter the LDAP search filter
* @param string $type a string being either 'users' or 'groups';
- * @return int|bool
+ * @return bool|int
+ * @throws \Exception
*/
public function countEntries($filter, $type) {
$reqs = array('ldapHost', 'ldapPort', 'ldapBase');
@@ -88,17 +90,36 @@ class Wizard extends LDAPUtility {
throw new \Exception('Requirements not met', 400);
}
+ $attr = array('dn'); // default
+ $limit = 1001;
if($type === 'groups') {
- $result = $this->access->countGroups($filter);
+ $result = $this->access->countGroups($filter, $attr, $limit);
} else if($type === 'users') {
- $result = $this->access->countUsers($filter);
+ $result = $this->access->countUsers($filter, $attr, $limit);
+ } else if ($type === 'objects') {
+ $result = $this->access->countObjects($limit);
} else {
- throw new \Exception('internal error: invald object type', 500);
+ throw new \Exception('internal error: invalid object type', 500);
}
return $result;
}
+ /**
+ * formats the return value of a count operation to the string to be
+ * inserted.
+ *
+ * @param bool|int $count
+ * @return int|string
+ */
+ private function formatCountResult($count) {
+ $formatted = ($count !== false) ? $count : 0;
+ if($formatted > 1000) {
+ $formatted = '> 1000';
+ }
+ return $formatted;
+ }
+
public function countGroups() {
$filter = $this->configuration->ldapGroupFilter;
@@ -109,7 +130,7 @@ class Wizard extends LDAPUtility {
}
try {
- $groupsTotal = $this->countEntries($filter, 'groups');
+ $groupsTotal = $this->formatCountResult($this->countEntries($filter, 'groups'));
} catch (\Exception $e) {
//400 can be ignored, 500 is forwarded
if($e->getCode() === 500) {
@@ -117,7 +138,6 @@ class Wizard extends LDAPUtility {
}
return false;
}
- $groupsTotal = ($groupsTotal !== false) ? $groupsTotal : 0;
$output = self::$l->n('%s group found', '%s groups found', $groupsTotal, array($groupsTotal));
$this->result->addChange('ldap_group_count', $output);
return $this->result;
@@ -130,13 +150,28 @@ class Wizard extends LDAPUtility {
public function countUsers() {
$filter = $this->access->getFilterForUserCount();
- $usersTotal = $this->countEntries($filter, 'users');
- $usersTotal = ($usersTotal !== false) ? $usersTotal : 0;
+ $usersTotal = $this->formatCountResult($this->countEntries($filter, 'users'));
$output = self::$l->n('%s user found', '%s users found', $usersTotal, array($usersTotal));
$this->result->addChange('ldap_user_count', $output);
return $this->result;
}
+ /**
+ * counts any objects in the currently set base dn
+ *
+ * @return WizardResult
+ * @throws \Exception
+ */
+ public function countInBaseDN() {
+ // we don't need to provide a filter in this case
+ $total = $this->countEntries(null, 'objects');
+ if($total === false) {
+ throw new \Exception('invalid results received');
+ }
+ $this->result->addChange('ldap_test_base', $total);
+ return $this->result;
+ }
+
/**
* counts users with a specified attribute
* @param string $attr
@@ -281,45 +316,6 @@ class Wizard extends LDAPUtility {
return $this->result;
}
- /**
- * return the state of the Group Filter Mode
- * @return WizardResult
- */
- public function getGroupFilterMode() {
- $this->getFilterMode('ldapGroupFilterMode');
- return $this->result;
- }
-
- /**
- * return the state of the Login Filter Mode
- * @return WizardResult
- */
- public function getLoginFilterMode() {
- $this->getFilterMode('ldapLoginFilterMode');
- return $this->result;
- }
-
- /**
- * return the state of the User Filter Mode
- * @return WizardResult
- */
- public function getUserFilterMode() {
- $this->getFilterMode('ldapUserFilterMode');
- return $this->result;
- }
-
- /**
- * return the state of the mode of the specified filter
- * @param string $confKey contains the access key of the Configuration
- */
- private function getFilterMode($confKey) {
- $mode = $this->configuration->$confKey;
- if(is_null($mode)) {
- $mode = $this->LFILTER_MODE_ASSISTED;
- }
- $this->result->addChange($confKey, $mode);
- }
-
/**
* detects the available LDAP attributes
* @return array|false The instance's WizardResult instance
@@ -467,8 +463,7 @@ class Wizard extends LDAPUtility {
return false;
}
$this->configuration->setConfiguration(array('ldapGroupMemberAssocAttr' => $attribute));
- //so it will be saved on destruct
- $this->result->markChange();
+ $this->result->addChange('ldap_group_member_assoc_attribute', $attribute);
return $this->result;
}
@@ -603,6 +598,41 @@ class Wizard extends LDAPUtility {
return $this->result;
}
+ /**
+ * @return bool|WizardResult
+ * @param string $loginName
+ * @throws \Exception
+ */
+ public function testLoginName($loginName) {
+ if(!$this->checkRequirements(array('ldapHost',
+ 'ldapPort',
+ 'ldapBase',
+ 'ldapLoginFilter',
+ ))) {
+ return false;
+ }
+
+ $cr = $this->access->connection->getConnectionResource();
+ if(!$this->ldap->isResource($cr)) {
+ throw new \Exception('connection error');
+ }
+
+ if(mb_strpos($this->access->connection->ldapLoginFilter, '%uid', 0, 'UTF-8')
+ === false) {
+ throw new \Exception('missing placeholder');
+ }
+
+ $users = $this->access->fetchUsersByLoginName($loginName);
+ if($this->ldap->errno($cr) !== 0) {
+ throw new \Exception($this->ldap->error($cr));
+ }
+ $filter = \OCP\Util::mb_str_replace(
+ '%uid', $loginName, $this->access->connection->ldapLoginFilter, 'UTF-8');
+ $this->result->addChange('ldap_test_loginname', count($users));
+ $this->result->addChange('ldap_test_effective_filter', $filter);
+ return $this->result;
+ }
+
/**
* Tries to determine the port, requires given Host, User DN and Password
* @return WizardResult|false WizardResult on success, false otherwise
@@ -674,10 +704,13 @@ class Wizard extends LDAPUtility {
}
$dparts = explode('.', $domain);
- $base2 = implode('dc=', $dparts);
- if($base !== $base2 && $this->testBaseDN($base2)) {
- $this->applyFind('ldap_base', $base2);
- return $this->result;
+ while(count($dparts) > 0) {
+ $base2 = 'dc=' . implode(',dc=', $dparts);
+ if ($base !== $base2 && $this->testBaseDN($base2)) {
+ $this->applyFind('ldap_base', $base2);
+ return $this->result;
+ }
+ array_shift($dparts);
}
return false;
@@ -720,7 +753,7 @@ class Wizard extends LDAPUtility {
* @throws \Exception
*/
private function detectGroupMemberAssoc() {
- $possibleAttrs = array('uniqueMember', 'memberUid', 'member', 'unfugasdfasdfdfa');
+ $possibleAttrs = array('uniqueMember', 'memberUid', 'member');
$filter = $this->configuration->ldapGroupFilter;
if(empty($filter)) {
return false;
@@ -730,7 +763,7 @@ class Wizard extends LDAPUtility {
throw new \Exception('Could not connect to LDAP');
}
$base = $this->configuration->ldapBase[0];
- $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs);
+ $rr = $this->ldap->search($cr, $base, $filter, $possibleAttrs, 0, 1000);
if(!$this->ldap->isResource($rr)) {
return false;
}
@@ -1114,7 +1147,8 @@ class Wizard extends LDAPUtility {
//skip when the filter is a wildcard and results were found
continue;
}
- $rr = $this->ldap->search($cr, $base, $filter, array($attr));
+ // 20k limit for performance and reason
+ $rr = $this->ldap->search($cr, $base, $filter, array($attr), 0, 20000);
if(!$this->ldap->isResource($rr)) {
continue;
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 85bfbaa076..d17361cdfd 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -29,13 +29,6 @@
OC_Util::checkAdminUser();
-OCP\Util::addScript('user_ldap', 'ldapFilter');
-OCP\Util::addScript('user_ldap', 'experiencedAdmin');
-OCP\Util::addScript('user_ldap', 'settings');
-\OC_Util::addVendorScript('user_ldap', 'ui-multiselect/src/jquery.multiselect');
-OCP\Util::addStyle('user_ldap', 'settings');
-\OC_Util::addVendorStyle('user_ldap', 'ui-multiselect/jquery.multiselect');
-
// fill template
$tmpl = new OCP\Template('user_ldap', 'settings');
@@ -55,9 +48,9 @@ $l = \OC::$server->getL10N('user_ldap');
$wizTabs = array();
$wizTabs[] = array('tpl' => 'part.wizard-server', 'cap' => $l->t('Server'));
-$wizTabs[] = array('tpl' => 'part.wizard-userfilter', 'cap' => $l->t('User Filter'));
-$wizTabs[] = array('tpl' => 'part.wizard-loginfilter', 'cap' => $l->t('Login Filter'));
-$wizTabs[] = array('tpl' => 'part.wizard-groupfilter', 'cap' => $l->t('Group Filter'));
+$wizTabs[] = array('tpl' => 'part.wizard-userfilter', 'cap' => $l->t('Users'));
+$wizTabs[] = array('tpl' => 'part.wizard-loginfilter', 'cap' => $l->t('Login Attributes'));
+$wizTabs[] = array('tpl' => 'part.wizard-groupfilter', 'cap' => $l->t('Groups'));
$wizTabsCount = count($wizTabs);
for($i = 0; $i < $wizTabsCount; $i++) {
$tab = new OCP\Template('user_ldap', $wizTabs[$i]['tpl']);
diff --git a/apps/user_ldap/templates/part.settingcontrols.php b/apps/user_ldap/templates/part.settingcontrols.php
index e67cea41d9..bac00daa39 100644
--- a/apps/user_ldap/templates/part.settingcontrols.php
+++ b/apps/user_ldap/templates/part.settingcontrols.php
@@ -1,5 +1,4 @@
-
diff --git a/apps/user_ldap/templates/part.wizard-groupfilter.php b/apps/user_ldap/templates/part.wizard-groupfilter.php
index 1953d2eaa6..bfcfd11521 100644
--- a/apps/user_ldap/templates/part.wizard-groupfilter.php
+++ b/apps/user_ldap/templates/part.wizard-groupfilter.php
@@ -5,31 +5,48 @@
+
+
+
+
+
+
+
+
+
+
+
+
-
+
+
+
+
+
-
+
@@ -38,7 +55,10 @@
- 0 t('groups found'));?>
+
+
diff --git a/apps/user_ldap/templates/part.wizard-loginfilter.php b/apps/user_ldap/templates/part.wizard-loginfilter.php
index 3dde46fa97..fa17a9b430 100644
--- a/apps/user_ldap/templates/part.wizard-loginfilter.php
+++ b/apps/user_ldap/templates/part.wizard-loginfilter.php
@@ -1,23 +1,25 @@
\ No newline at end of file
diff --git a/apps/user_ldap/templates/part.wizard-server.php b/apps/user_ldap/templates/part.wizard-server.php
index c1744143f9..3ce912fac4 100644
--- a/apps/user_ldap/templates/part.wizard-server.php
+++ b/apps/user_ldap/templates/part.wizard-server.php
@@ -22,32 +22,41 @@
}
}
?>
-
+
+
+ name="ldap_action_delete_configuration" class="icon-delete"
+ title="Delete the current configuration">
@@ -55,7 +64,7 @@
@@ -63,15 +72,21 @@
+
+
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 6aa2183726..f40eba005d 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -1,3 +1,56 @@
+
+
-
+
+
diff --git a/apps/user_ldap/tests/user_ldap.php b/apps/user_ldap/tests/user_ldap.php
index fa3afe9c51..b9beed1d35 100644
--- a/apps/user_ldap/tests/user_ldap.php
+++ b/apps/user_ldap/tests/user_ldap.php
@@ -108,12 +108,6 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
* @return void
*/
private function prepareAccessForCheckPassword(&$access, $noDisplayName = false) {
- $access->expects($this->once())
- ->method('escapeFilterPart')
- ->will($this->returnCallback(function($uid) {
- return $uid;
- }));
-
$access->connection->expects($this->any())
->method('__get')
->will($this->returnCallback(function($name) {
@@ -132,6 +126,15 @@ class Test_User_Ldap_Direct extends \Test\TestCase {
return array();
}));
+ $access->expects($this->any())
+ ->method('fetchUsersByLoginName')
+ ->will($this->returnCallback(function($uid) {
+ if($uid === 'roland') {
+ return array(array('dn' => 'dnOfRoland,dc=test'));
+ }
+ return array();
+ }));
+
$retVal = 'gunslinger';
if($noDisplayName === true) {
$retVal = false;
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index ea1371c14d..54e14c093f 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -79,14 +79,10 @@ class USER_LDAP extends BackendUtility implements \OCP\IUserBackend, \OCP\UserIn
* Check if the password is correct without logging in the user
*/
public function checkPassword($uid, $password) {
- $uid = $this->access->escapeFilterPart($uid);
-
//find out dn of the user name
$attrs = array($this->access->connection->ldapUserDisplayName, 'dn',
'uid', 'samaccountname');
- $filter = \OCP\Util::mb_str_replace(
- '%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
- $users = $this->access->fetchListOfUsers($filter, $attrs);
+ $users = $this->access->fetchUsersByLoginName($uid, $attrs);
if(count($users) < 1) {
return false;
}