. * */ class OC_GROUP_LDAP extends OC_Group_Backend { // //group specific settings protected $ldapGroupFilter; protected $ldapGroupMemberAssocAttr; protected $configured = false; protected $_group_user = array(); protected $_user_groups = array(); protected $_group_users = array(); protected $_groups = array(); public function __construct() { $this->ldapGroupFilter = OCP\Config::getAppValue('user_ldap', 'ldap_group_filter', '(objectClass=posixGroup)'); $this->ldapGroupMemberAssocAttr = OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'); if(!empty($this->ldapGroupFilter) && !empty($this->ldapGroupMemberAssocAttr)) { $this->configured = true; } } /** * @brief is user in group? * @param $uid uid of the user * @param $gid gid of the group * @returns true/false * * Checks whether the user is member of a group or not. */ public function inGroup($uid, $gid) { if(!$this->configured) { return false; } if(isset($this->_group_user[$gid][$uid])) { return $this->_group_user[$gid][$uid]; } $dn_user = OC_LDAP::username2dn($uid); $dn_group = OC_LDAP::groupname2dn($gid); // just in case if(!$dn_group || !$dn_user) { return false; } //usually, LDAP attributes are said to be case insensitive. But there are exceptions of course. $members = OC_LDAP::readAttribute($dn_group, $this->ldapGroupMemberAssocAttr); if(!$members) { return false; } //extra work if we don't get back user DNs //TODO: this can be done with one LDAP query if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') { $dns = array(); foreach($members as $mid) { $filter = str_replace('%uid', $mid, OC_LDAP::conf('ldapLoginFilter')); $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn'); if(count($ldap_users) < 1) { continue; } $dns[] = $ldap_users[0]; } $members = $dns; } $this->_group_user[$gid][$uid] = in_array($dn_user, $members); return $this->_group_user[$gid][$uid]; } /** * @brief Get all groups a user belongs to * @param $uid Name of the user * @returns array with group names * * This function fetches all groups a user belongs to. It does not check * if the user exists at all. */ public function getUserGroups($uid) { if(!$this->configured) { return array(); } if(isset($this->_user_groups[$uid])) { return $this->_user_groups[$uid]; } $userDN = OC_LDAP::username2dn($uid); if(!$userDN) { $this->_user_groups[$uid] = array(); return array(); } //uniqueMember takes DN, memberuid the uid, so we need to distinguish if((strtolower($this->ldapGroupMemberAssocAttr) == 'uniquemember') || (strtolower($this->ldapGroupMemberAssocAttr) == 'member')) { $uid = $userDN; } else if(strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid') { $result = OC_LDAP::readAttribute($userDN, 'uid'); $uid = $result[0]; } else { // just in case $uid = $userDN; } $filter = OC_LDAP::combineFilterWithAnd(array( $this->ldapGroupFilter, $this->ldapGroupMemberAssocAttr.'='.$uid )); $groups = OC_LDAP::fetchListOfGroups($filter, array(OC_LDAP::conf('ldapGroupDisplayName'),'dn')); $this->_user_groups[$uid] = array_unique(OC_LDAP::ownCloudGroupNames($groups), SORT_LOCALE_STRING); return $this->_user_groups[$uid]; } /** * @brief get a list of all users in a group * @returns array with user ids */ public function usersInGroup($gid) { if(!$this->configured) { return array(); } if(isset($this->_group_users[$gid])) { return $this->_group_users[$gid]; } $groupDN = OC_LDAP::groupname2dn($gid); if(!$groupDN) { $this->_group_users[$gid] = array(); return array(); } $members = OC_LDAP::readAttribute($groupDN, $this->ldapGroupMemberAssocAttr); if(!$members) { $this->_group_users[$gid] = array(); return array(); } $result = array(); $isMemberUid = (strtolower($this->ldapGroupMemberAssocAttr) == 'memberuid'); foreach($members as $member) { if($isMemberUid) { $filter = str_replace('%uid', $member, OC_LDAP::conf('ldapLoginFilter')); $ldap_users = OC_LDAP::fetchListOfUsers($filter, 'dn'); if(count($ldap_users) < 1) { continue; } $result[] = OC_LDAP::dn2username($ldap_users[0]); continue; } else { $result[] = OC_LDAP::dn2username($member); } } if(!$isMemberUid) { $result = array_intersect($result, OCP\User::getUsers()); } $this->_group_users[$gid] = array_unique($result, SORT_LOCALE_STRING); return $this->_group_users[$gid]; } /** * @brief get a list of all groups * @returns array with group names * * Returns a list with all groups */ public function getGroups() { if(!$this->configured) { return array(); } if(is_null($this->_groups)) { $ldap_groups = OC_LDAP::fetchListOfGroups($this->ldapGroupFilter, array(OC_LDAP::conf('ldapGroupDisplayName'), 'dn')); $this->_groups = OC_LDAP::ownCloudGroupNames($ldap_groups); } return $this->groups; } /** * check if a group exists * @param string $gid * @return bool */ public function groupExists($gid){ return in_array($gid, $this->getGroups()); } }