extend ILDAPProvider to allow reading arbitrairy ldap attributes for users

Signed-off-by: Robin Appelman <robin@icewind.nl>
This commit is contained in:
Robin Appelman 2021-01-14 16:51:13 +01:00
parent b9287f9780
commit fdc8635afb
No known key found for this signature in database
GPG Key ID: 42B69D8A64526EFB
2 changed files with 59 additions and 18 deletions

View File

@ -42,7 +42,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
private $logger; private $logger;
private $helper; private $helper;
private $deletedUsersIndex; private $deletedUsersIndex;
/** /**
* Create new LDAPProvider * Create new LDAPProvider
* @param \OCP\IServerContainer $serverContainer * @param \OCP\IServerContainer $serverContainer
@ -77,7 +77,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled'); throw new \Exception('To use the LDAPProvider, user_ldap app must be enabled');
} }
} }
/** /**
* Translate an user id to LDAP DN * Translate an user id to LDAP DN
* @param string $uid user id * @param string $uid user id
@ -126,7 +126,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $result; return $result;
} }
/** /**
* Convert a stored DN so it can be used as base parameter for LDAP queries. * Convert a stored DN so it can be used as base parameter for LDAP queries.
* @param string $dn the DN in question * @param string $dn the DN in question
@ -135,7 +135,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function DNasBaseParameter($dn) { public function DNasBaseParameter($dn) {
return $this->helper->DNasBaseParameter($dn); return $this->helper->DNasBaseParameter($dn);
} }
/** /**
* Sanitize a DN received from the LDAP server. * Sanitize a DN received from the LDAP server.
* @param array $dn the DN in question * @param array $dn the DN in question
@ -144,7 +144,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function sanitizeDN($dn) { public function sanitizeDN($dn) {
return $this->helper->sanitizeDN($dn); return $this->helper->sanitizeDN($dn);
} }
/** /**
* Return a new LDAP connection resource for the specified user. * Return a new LDAP connection resource for the specified user.
* The connection must be closed manually. * The connection must be closed manually.
@ -172,7 +172,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $this->groupBackend->getNewLDAPConnection($gid); return $this->groupBackend->getNewLDAPConnection($gid);
} }
/** /**
* Get the LDAP base for users. * Get the LDAP base for users.
* @param string $uid user id * @param string $uid user id
@ -202,7 +202,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
); );
return array_shift($bases); return array_shift($bases);
} }
/** /**
* Get the LDAP base for groups. * Get the LDAP base for groups.
* @param string $uid user id * @param string $uid user id
@ -216,7 +216,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
$bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups; $bases = $this->userBackend->getLDAPAccess($uid)->getConnection()->ldapBaseGroups;
return array_shift($bases); return array_shift($bases);
} }
/** /**
* Clear the cache if a cache is used, otherwise do nothing. * Clear the cache if a cache is used, otherwise do nothing.
* @param string $uid user id * @param string $uid user id
@ -241,7 +241,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
$this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache(); $this->groupBackend->getLDAPAccess($gid)->getConnection()->clearCache();
} }
/** /**
* Check whether a LDAP DN exists * Check whether a LDAP DN exists
* @param string $dn LDAP DN * @param string $dn LDAP DN
@ -251,7 +251,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
$result = $this->userBackend->dn2UserName($dn); $result = $this->userBackend->dn2UserName($dn);
return !$result ? false : true; return !$result ? false : true;
} }
/** /**
* Flag record for deletion. * Flag record for deletion.
* @param string $uid user id * @param string $uid user id
@ -259,7 +259,7 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
public function flagRecord($uid) { public function flagRecord($uid) {
$this->deletedUsersIndex->markUser($uid); $this->deletedUsersIndex->markUser($uid);
} }
/** /**
* Unflag record for deletion. * Unflag record for deletion.
* @param string $uid user id * @param string $uid user id
@ -306,4 +306,35 @@ class LDAPProvider implements ILDAPProvider, IDeletionFlagSupport {
} }
return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute']; return $this->groupBackend->getLDAPAccess($gid)->getConnection()->getConfiguration()['ldap_group_member_assoc_attribute'];
} }
/**
* Get an LDAP attribute for a nextcloud user
* @param string $uid the nextcloud user id to get the attribute for
* @param string $attribute the name of the attribute to read
* @return string|null
* @throws \Exception if user id was not found in LDAP
*/
public function getUserAttribute(string $uid, string $attribute): ?string {
if (!$this->userBackend->userExists($uid)) {
throw new \Exception('User id not found in LDAP');
}
$access = $this->userBackend->getLDAPAccess($uid);
$connection = $access->getConnection();
$key = $uid . "::" . $attribute;
$cached = $connection->getFromCache($key);
if ($cached !== null) {
return $cached;
}
$value = $access->readAttribute($access->username2dn($uid), $attribute);
if (is_array($value) && count($value) > 0) {
$value = current($value);
} else {
return null;
}
$connection->writeToCache($key, $value);
return $value;
}
} }

View File

@ -58,7 +58,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getUserName($dn); public function getUserName($dn);
/** /**
* Convert a stored DN so it can be used as base parameter for LDAP queries. * Convert a stored DN so it can be used as base parameter for LDAP queries.
* @param string $dn the DN * @param string $dn the DN
@ -66,7 +66,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function DNasBaseParameter($dn); public function DNasBaseParameter($dn);
/** /**
* Sanitize a DN received from the LDAP server. * Sanitize a DN received from the LDAP server.
* @param array $dn the DN in question * @param array $dn the DN in question
@ -74,7 +74,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function sanitizeDN($dn); public function sanitizeDN($dn);
/** /**
* Return a new LDAP connection resource for the specified user. * Return a new LDAP connection resource for the specified user.
* @param string $uid user id * @param string $uid user id
@ -90,7 +90,7 @@ interface ILDAPProvider {
* @since 13.0.0 * @since 13.0.0
*/ */
public function getGroupLDAPConnection($gid); public function getGroupLDAPConnection($gid);
/** /**
* Get the LDAP base for users. * Get the LDAP base for users.
* @param string $uid user id * @param string $uid user id
@ -99,7 +99,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getLDAPBaseUsers($uid); public function getLDAPBaseUsers($uid);
/** /**
* Get the LDAP base for groups. * Get the LDAP base for groups.
* @param string $uid user id * @param string $uid user id
@ -108,7 +108,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function getLDAPBaseGroups($uid); public function getLDAPBaseGroups($uid);
/** /**
* Check whether a LDAP DN exists * Check whether a LDAP DN exists
* @param string $dn LDAP DN * @param string $dn LDAP DN
@ -116,7 +116,7 @@ interface ILDAPProvider {
* @since 11.0.0 * @since 11.0.0
*/ */
public function dnExists($dn); public function dnExists($dn);
/** /**
* Clear the cache if a cache is used, otherwise do nothing. * Clear the cache if a cache is used, otherwise do nothing.
* @param string $uid user id * @param string $uid user id
@ -157,4 +157,14 @@ interface ILDAPProvider {
* @since 13.0.0 * @since 13.0.0
*/ */
public function getLDAPGroupMemberAssoc($gid); public function getLDAPGroupMemberAssoc($gid);
/**
* Get an LDAP attribute for a nextcloud user
* @param string $uid the nextcloud user id to get the attribute for
* @param string $attribute the name of the attribute to read
* @return string|null
* @throws \Exception if user id was not found in LDAP
* @since 22.0.0
*/
public function getUserAttribute(string $uid, string $attribute): ?string;
} }