open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #5404 from owncloud/ldap_settings_wizard

Browse Source 
Ldap settings wizard
remotes/origin/stable6
blizzz 12 years ago
parent 2d14daf36b 30c0f5dee6
commit 32e02c24a2
20 changed files with 2721 additions and 481 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 96
      apps/user_ldap/ajax/wizard.php
  2. 2
      apps/user_ldap/appinfo/app.php
  3. 94
      apps/user_ldap/css/settings.css
  4. 537
      apps/user_ldap/js/settings.js
  5. 2
      apps/user_ldap/lib/access.php
  6. 384
      apps/user_ldap/lib/configuration.php
  7. 585
      apps/user_ldap/lib/connection.php
  8. 21
      apps/user_ldap/lib/helper.php
  9. 24
      apps/user_ldap/lib/ildapwrapper.php
  10. 12
      apps/user_ldap/lib/ldap.php
  11. 1024
      apps/user_ldap/lib/wizard.php
  12. 58
      apps/user_ldap/lib/wizardresult.php
  13. 41
      apps/user_ldap/settings.php
  14. 12
      apps/user_ldap/templates/part.settingcontrols.php
  15. 42
      apps/user_ldap/templates/part.wizard-groupfilter.php
  16. 37
      apps/user_ldap/templates/part.wizard-loginfilter.php
  17. 71
      apps/user_ldap/templates/part.wizard-server.php
  18. 42
      apps/user_ldap/templates/part.wizard-userfilter.php
  19. 15
      apps/user_ldap/templates/part.wizardcontrols.php
  20. 69
      apps/user_ldap/templates/settings.php

96
apps/user_ldap/ajax/wizard.php
Unescape View File

@ -0,0 +1,96 @@
<?php
/**
* ownCloud - user_ldap
*
* @author Arthur Schiwon
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
// Check user and app status
OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
$l=OC_L10N::get('user_ldap');
if(!isset($_POST['action'])) {
\OCP\JSON::error(array('message' => $l->t('No action specified')));
}
$action = $_POST['action'];
if(!isset($_POST['ldap_serverconfig_chooser'])) {
\OCP\JSON::error(array('message' => $l->t('No configuration specified')));
}
$prefix = $_POST['ldap_serverconfig_chooser'];
$ldapWrapper = new OCA\user_ldap\lib\LDAP();
$configuration = new \OCA\user_ldap\lib\Configuration($prefix);
$wizard = new \OCA\user_ldap\lib\Wizard($configuration, $ldapWrapper);
switch($action) {
case 'guessPortAndTLS':
case 'guessBaseDN':
case 'determineGroupMemberAssoc':
case 'determineUserObjectClasses':
case 'determineGroupObjectClasses':
case 'determineGroupsForUsers':
case 'determineGroupsForGroups':
case 'determineAttributes':
case 'getUserListFilter':
case 'getUserLoginFilter':
case 'getGroupFilter':
case 'countUsers':
case 'countGroups':
try {
$result = $wizard->$action();
if($result !== false) {
OCP\JSON::success($result->getResultArray());
exit;
}
} catch (\Exception $e) {
\OCP\JSON::error(array('message' => $e->getMessage()));
exit;
}
\OCP\JSON::error();
exit;
break;
case 'save':
$key = isset($_POST['cfgkey']) ? $_POST['cfgkey'] : false;
$val = isset($_POST['cfgval']) ? $_POST['cfgval'] : null;
if($key === false || is_null($val)) {
\OCP\JSON::error(array('message' => $l->t('No data specified')));
exit;
}
$cfg = array($key => $val);
$setParameters = array();
$configuration->setConfiguration($cfg, $setParameters);
if(!in_array($key, $setParameters)) {
\OCP\JSON::error(array('message' => $l->t($key.
' Could not set configuration %s', $setParameters[0])));
exit;
}
$configuration->saveConfiguration();
OCP\JSON::success();
break;
default:
//TODO: return 4xx error
break;
}

2
apps/user_ldap/appinfo/app.php
Unescape View File

@ -30,7 +30,7 @@ if(count($configPrefixes) === 1) {
$ldapAccess = new OCA\user_ldap\lib\Access($connector, $ldapWrapper); $ldapAccess = new OCA\user_ldap\lib\Access($connector, $ldapWrapper);
$userBackend = new OCA\user_ldap\USER_LDAP($ldapAccess); $userBackend = new OCA\user_ldap\USER_LDAP($ldapAccess);
$groupBackend = new OCA\user_ldap\GROUP_LDAP($ldapAccess); $groupBackend = new OCA\user_ldap\GROUP_LDAP($ldapAccess);
} else { } else if(count($configPrefixes) > 1) {
$userBackend = new OCA\user_ldap\User_Proxy($configPrefixes, $ldapWrapper); $userBackend = new OCA\user_ldap\User_Proxy($configPrefixes, $ldapWrapper);
$groupBackend = new OCA\user_ldap\Group_Proxy($configPrefixes, $ldapWrapper); $groupBackend = new OCA\user_ldap\Group_Proxy($configPrefixes, $ldapWrapper);
} }

94
apps/user_ldap/css/settings.css
Unescape View File

@ -1,3 +1,85 @@
.table {
display: table;
width: 60%;
}
.tablecell {
display: table-cell !important;
white-space: nowrap;
}
.tablerow {
display: table-row;
}
.tablerow input, .tablerow textarea {
width: 100% !important;
}
.tablerow textarea {
height: 15px;
}
.invisible {
visibility: hidden;
}
.ldapSettingsTabs {
float: right !important;
}
.ldapWizardControls {
width: 60%;
text-align: right;
}
.ldapWizardInfo {
width: 100% !important;
height: 50px;
background-color: lightyellow;
border-radius: 0.5em;
padding: 0.6em 0.5em 0.4em !important;
margin-bottom: 0.3em;
}
#ldapWizard1 .hostPortCombinator {
width: 60%;
display: table;
}
#ldapWizard1 .hostPortCombinator div span {
width: 7%;
display: table-cell;
text-align: right;
}
#ldapWizard1 .host {
width: 96.5% !important;
}
.tableCellInput {
margin-left: -40%;
width: 100%;
}
.tableCellLabel {
text-align: right;
padding-right: 25%;
}
.ldapIndent {
margin-left: 50px;
}
.ldapwarning {
margin-left: 1.4em;
color: #FF3B3B;
}
.wizSpinner {
height: 15px;
}
#ldap fieldset p label { #ldap fieldset p label {
width: 20%; width: 20%;
max-width: 200px; max-width: 200px;
@ -17,11 +99,9 @@
vertical-align: bottom; vertical-align: bottom;
} }
.ldapIndent { select[multiple=multiple] + button {
margin-left: 50px; height: 28px;
} padding-top: 6px !important;
min-width: 40%;
.ldapwarning { max-width: 40%;
margin-left: 1.4em;
color: #FF3B3B;
} }

537
apps/user_ldap/js/settings.js
Unescape View File

@ -30,6 +30,7 @@ var LdapConfiguration = {
// assign the value // assign the value
$('#'+configkey).val(configvalue); $('#'+configkey).val(configvalue);
}); });
LdapWizard.init();
} }
} }
); );
@ -91,6 +92,7 @@ var LdapConfiguration = {
$('#ldap_serverconfig_chooser option:selected').removeAttr('selected'); $('#ldap_serverconfig_chooser option:selected').removeAttr('selected');
var html = '<option value="'+result.configPrefix+'" selected="selected">'+$('#ldap_serverconfig_chooser option').length+'. Server</option>'; var html = '<option value="'+result.configPrefix+'" selected="selected">'+$('#ldap_serverconfig_chooser option').length+'. Server</option>';
$('#ldap_serverconfig_chooser option:last').before(html); $('#ldap_serverconfig_chooser option:last').before(html);
LdapWizard.init();
} else { } else {
OC.dialogs.alert( OC.dialogs.alert(
result.message, result.message,
@ -122,13 +124,546 @@ var LdapConfiguration = {
} }
}; };
var LdapWizard = {
checkPortInfoShown: false,
saveBlacklist: {},
userFilterGroupSelectState: 'enable',
spinner: '<img class="wizSpinner" src="'+ OC.imagePath('core', 'loading.gif') +'">',
ajax: function(param, fnOnSuccess, fnOnError) {
$.post(
OC.filePath('user_ldap','ajax','wizard.php'),
param,
function(result) {
if(result.status == 'success') {
fnOnSuccess(result);
} else {
fnOnError(result);
}
}
);
},
applyChanges: function (result) {
for (id in result.changes) {
if(!$.isArray(result.changes[id])) {
//no need to blacklist multiselect
LdapWizard.saveBlacklist[id] = true;
}
if(id.indexOf('count') > 0) {
$('#'+id).text(result.changes[id]);
} else {
$('#'+id).val(result.changes[id]);
}
}
LdapWizard.functionalityCheck();
if($('#ldapSettings').tabs('option', 'active') == 0) {
LdapWizard.basicStatusCheck();
}
},
basicStatusCheck: function() {
//criterias to continue from the first tab
// - host, port, user filter, agent dn, password, base dn
host = $('#ldap_host').val();
port = $('#ldap_port').val();
agent = $('#ldap_dn').val();
pwd = $('#ldap_agent_password').val();
base = $('#ldap_base').val();
if(host && port && agent && pwd && base) {
$('.ldap_action_continue').removeAttr('disabled');
$('#ldapSettings').tabs('option', 'disabled', []);
} else {
$('.ldap_action_continue').attr('disabled', 'disabled');
$('#ldapSettings').tabs('option', 'disabled', [1, 2, 3, 4, 5]);
}
},
checkBaseDN: function() {
host = $('#ldap_host').val();
port = $('#ldap_port').val();
user = $('#ldap_dn').val();
pass = $('#ldap_agent_password').val();
if(host && port && user && pass) {
param = 'action=guessBaseDN'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#ldap_base');
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
LdapWizard.hideSpinner('#ldap_base');
if($('#ldap_base').val()) {
$('#ldap_base').removeClass('invisible');
LdapWizard.hideInfoBox();
}
},
function (result) {
LdapWizard.hideSpinner('#ldap_base');
$('#ldap_base').removeClass('invisible');
LdapWizard.showInfoBox('Please specify a port');
}
);
}
},
checkPort: function() {
host = $('#ldap_host').val();
user = $('#ldap_dn').val();
pass = $('#ldap_agent_password').val();
if(host && user && pass) {
param = 'action=guessPortAndTLS'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#ldap_port');
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
LdapWizard.hideSpinner('#ldap_port');
if($('#ldap_port').val()) {
LdapWizard.checkBaseDN();
$('#ldap_port').removeClass('invisible');
LdapWizard.hideInfoBox();
}
},
function (result) {
LdapWizard.hideSpinner('#ldap_port');
$('#ldap_port').removeClass('invisible');
LdapWizard.showInfoBox('Please specify the BaseDN');
}
);
}
},
composeFilter: function(type) {
if(type == 'user') {
action = 'getUserListFilter';
} else if(type == 'login') {
action = 'getUserLoginFilter';
} else if(type == 'group') {
action = 'getGroupFilter';
}
param = 'action='+action+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
if(type == 'user') {
LdapWizard.countUsers();
} else if(type == 'group') {
LdapWizard.countGroups();
LdapWizard.detectGroupMemberAssoc();
}
},
function (result) {
// error handling
}
);
},
controlBack: function() {
curTabIndex = $('#ldapSettings').tabs('option', 'active');
if(curTabIndex == 0) {
return;
}
if(curTabIndex == 1) {
$('.ldap_action_back').addClass('invisible');
}
$('#ldapSettings').tabs('option', 'active', curTabIndex - 1);
if(curTabIndex == 3) {
$('.ldap_action_continue').removeClass('invisible');
}
},
controlContinue: function() {
curTabIndex = $('#ldapSettings').tabs('option', 'active');
if(curTabIndex == 3) {
return;
}
$('#ldapSettings').tabs('option', 'active', 1 + curTabIndex);
if(curTabIndex == 2) {
//now last tab
$('.ldap_action_continue').addClass('invisible');
}
if(curTabIndex == 0) {
$('.ldap_action_back').removeClass('invisible');
}
},
_countThings: function(method) {
param = 'action='+method+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
LdapWizard.applyChanges(result);
},
function (result) {
// error handling
}
);
},
countGroups: function() {
LdapWizard._countThings('countGroups');
},
countUsers: function() {
LdapWizard._countThings('countUsers');
},
detectGroupMemberAssoc: function() {
param = 'action=determineGroupMemberAssoc'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
//pure background story
},
function (result) {
// error handling
}
);
},
findAttributes: function() {
param = 'action=determineAttributes'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#ldap_loginfilter_attributes');
LdapWizard.ajax(param,
function(result) {
$('#ldap_loginfilter_attributes').find('option').remove();
for (i in result.options['ldap_loginfilter_attributes']) {
//FIXME: move HTML into template
attr = result.options['ldap_loginfilter_attributes'][i];
$('#ldap_loginfilter_attributes').append(
"<option value='"+attr+"'>"+attr+"</option>");
}
LdapWizard.hideSpinner('#ldap_loginfilter_attributes');
LdapWizard.applyChanges(result);
$('#ldap_loginfilter_attributes').multiselect('refresh');
$('#ldap_loginfilter_attributes').multiselect('enable');
},
function (result) {
//deactivate if no attributes found
$('#ldap_loginfilter_attributes').multiselect(
{noneSelectedText : 'No attributes found'});
$('#ldap_loginfilter_attributes').multiselect('disable');
LdapWizard.hideSpinner('#ldap_loginfilter_attributes');
}
);
},
findAvailableGroups: function(multisel, type) {
if(type != 'Users' && type != 'Groups') {
return false;
}
param = 'action=determineGroupsFor'+type+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#'+multisel);
LdapWizard.ajax(param,
function(result) {
$('#'+multisel).find('option').remove();
for (i in result.options[multisel]) {
//FIXME: move HTML into template
objc = result.options[multisel][i];
$('#'+multisel).append("<option value='"+objc+"'>"+objc+"</option>");
}
LdapWizard.hideSpinner('#'+multisel);
LdapWizard.applyChanges(result);
$('#'+multisel).multiselect('refresh');
$('#'+multisel).multiselect('enable');
},
function (result) {
LdapWizard.hideSpinner('#'+multisel);
$('#'+multisel).multiselect('disable');
}
);
},
findObjectClasses: function(multisel, type) {
if(type != 'User' && type != 'Group') {
return false;
}
param = 'action=determine'+type+'ObjectClasses'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.showSpinner('#'+multisel);
LdapWizard.ajax(param,
function(result) {
$('#'+multisel).find('option').remove();
for (i in result.options[multisel]) {
//FIXME: move HTML into template
objc = result.options[multisel][i];
$('#'+multisel).append("<option value='"+objc+"'>"+objc+"</option>");
}
LdapWizard.hideSpinner('#'+multisel);
LdapWizard.applyChanges(result);
$('#'+multisel).multiselect('refresh');
},
function (result) {
LdapWizard.hideSpinner('#'+multisel);
//TODO: error handling
}
);
},
functionalityCheck: function() {
//criterias to enable the connection:
// - host, port, user filter, login filter
host = $('#ldap_host').val();
port = $('#ldap_port').val();
userfilter = $('#ldap_dn').val();
loginfilter = $('#ldap_agent_password').val();
//FIXME: activates a manually deactivated configuration.
if(host && port && userfilter && loginfilter) {
if($('#ldap_configuration_active').is(':checked')) {
return;
}
$('#ldap_configuration_active').prop('checked', true);
LdapWizard.save($('#ldap_configuration_active')[0]);
} else {
if($('#ldap_configuration_active').is(':checked')) {
$('#ldap_configuration_active').prop('checked', false);
LdapWizard.save($('#ldap_configuration_active')[0]);
}
}
},
hideInfoBox: function() {
if(LdapWizard.checkInfoShown) {
$('#ldapWizard1 .ldapWizardInfo').addClass('invisible');
LdapWizard.checkInfoShown = false;
}
},
hideSpinner: function(id) {
$(id+' + .wizSpinner').remove();
$(id + " + button").css('display', 'inline');
},
init: function() {
if($('#ldap_port').val()) {
$('#ldap_port').removeClass('invisible');
}
if($('#ldap_base').val()) {
$('#ldap_base').removeClass('invisible');
}
LdapWizard.basicStatusCheck();
},
initGroupFilter: function() {
LdapWizard.findObjectClasses('ldap_groupfilter_objectclass', 'Group');
LdapWizard.findAvailableGroups('ldap_groupfilter_groups', 'Groups');
LdapWizard.composeFilter('group');
LdapWizard.countGroups();
},
initLoginFilter: function() {
LdapWizard.findAttributes();
LdapWizard.composeFilter('login');
},
initMultiSelect: function(object, id, caption) {
object.multiselect({
header: false,
selectedList: 9,
noneSelectedText: caption,
click: function(event, ui) {
LdapWizard.saveMultiSelect(id,
$('#'+id).multiselect("getChecked"));
}
});
},
initUserFilter: function() {
LdapWizard.findObjectClasses('ldap_userfilter_objectclass', 'User');
LdapWizard.findAvailableGroups('ldap_userfilter_groups', 'Users');
LdapWizard.composeFilter('user');
LdapWizard.countUsers();
},
onTabChange: function(event, ui) {
if(ui.newTab[0].id === '#ldapWizard2') {
LdapWizard.initUserFilter();
} else if(ui.newTab[0].id === '#ldapWizard3') {
LdapWizard.initLoginFilter();
} else if(ui.newTab[0].id === '#ldapWizard4') {
LdapWizard.initGroupFilter();
}
},
processChanges: function(triggerObj) {
if(triggerObj.id == 'ldap_host'
|| triggerObj.id == 'ldap_port'
|| triggerObj.id == 'ldap_dn'
|| triggerObj.id == 'ldap_agent_password') {
LdapWizard.checkPort();
if($('#ldap_port').val()) {
//if Port is already set, check BaseDN
LdapWizard.checkBaseDN();
}
}
if(triggerObj.id == 'ldap_userlist_filter') {
LdapWizard.countUsers();
} else if(triggerObj.id == 'ldap_group_filter') {
LdapWizard.countGroups();
LdapWizard.detectGroupMemberAssoc();
}
if(triggerObj.id == 'ldap_loginfilter_username'
|| triggerObj.id == 'ldap_loginfilter_email') {
LdapWizard.composeFilter('login');
}
if($('#ldapSettings').tabs('option', 'active') == 0) {
LdapWizard.basicStatusCheck();
}
},
save: function(inputObj) {
if(LdapWizard.saveBlacklist.hasOwnProperty(inputObj.id)) {
delete LdapWizard.saveBlacklist[inputObj.id];
return;
}
if($(inputObj).is('input[type=checkbox]')
&& !$(inputObj).is(':checked')) {
val = 0;
} else {
val = $(inputObj).val();
}
LdapWizard._save(inputObj, val);
},
saveMultiSelect: function(originalObj, resultObj) {
values = '';
for(i = 0; i < resultObj.length; i++) {
values = values + "\n" + resultObj[i].value;
}
LdapWizard._save($('#'+originalObj)[0], $.trim(values));
if(originalObj == 'ldap_userfilter_objectclass'
|| originalObj == 'ldap_userfilter_groups') {
LdapWizard.composeFilter('user');
//when user filter is changed afterwards, login filter needs to
//be adjusted, too
LdapWizard.composeFilter('login');
} else if(originalObj == 'ldap_loginfilter_attributes') {
LdapWizard.composeFilter('login');
} else if(originalObj == 'ldap_groupfilter_objectclass'
|| originalObj == 'ldap_groupfilter_groups') {
LdapWizard.composeFilter('group');
}
},
_save: function(object, value) {
param = 'cfgkey='+object.id+
'&cfgval='+value+
'&action=save'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
$.post(
OC.filePath('user_ldap','ajax','wizard.php'),
param,
function(result) {
if(result.status == 'success') {
LdapWizard.processChanges(object);
} else {
// alert('Oooooooooooh :(');
}
}
);
},
showInfoBox: function(text) {
$('#ldapWizard1 .ldapWizardInfo').text(t('user_ldap', text));
$('#ldapWizard1 .ldapWizardInfo').removeClass('invisible');
LdapWizard.checkInfoShown = true;
},
showSpinner: function(id) {
if($(id + ' + .wizSpinner').length == 0) {
$(LdapWizard.spinner).insertAfter($(id));
$(id + " + img + button").css('display', 'none');
}
},
toggleRawFilter: function(container, moc, mg, stateVar) {
if($(container).hasClass('invisible')) {
$(container).removeClass('invisible');
$(moc).multiselect('disable');
if($(mg).multiselect().attr('disabled') == 'disabled') {
LdapWizard[stateVar] = 'disable';
} else {
LdapWizard[stateVar] = 'enable';
}
$(mg).multiselect('disable');
} else {
$(container).addClass('invisible');
$(mg).multiselect(LdapWizard[stateVar]);
$(moc).multiselect('enable');
}
},
toggleRawGroupFilter: function() {
LdapWizard.toggleRawFilter('#rawGroupFilterContainer',
'#ldap_groupfilter_objectclass',
'#ldap_groupfilter_groups',
'groupFilterGroupSelectState'
);
},
toggleRawUserFilter: function() {
LdapWizard.toggleRawFilter('#rawUserFilterContainer',
'#ldap_userfilter_objectclass',
'#ldap_userfilter_groups',
'userFilterGroupSelectState'
);
}
};
$(document).ready(function() { $(document).ready(function() {
$('#ldapAdvancedAccordion').accordion({ heightStyle: 'content', animate: 'easeInOutCirc'}); $('#ldapAdvancedAccordion').accordion({ heightStyle: 'content', animate: 'easeInOutCirc'});
$('#ldapSettings').tabs(); $('#ldapSettings').tabs({ beforeActivate: LdapWizard.onTabChange });
$('#ldap_submit').button(); $('#ldap_submit').button();
$('#ldap_action_test_connection').button(); $('#ldap_action_test_connection').button();
$('#ldap_action_delete_configuration').button(); $('#ldap_action_delete_configuration').button();
LdapWizard.initMultiSelect($('#ldap_userfilter_groups'),
'ldap_userfilter_groups',
t('user_ldap', 'Select groups'));
LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
'ldap_userfilter_objectclass',
t('user_ldap', 'Select object classes'));
LdapWizard.initMultiSelect($('#ldap_loginfilter_attributes'),
'ldap_loginfilter_attributes',
t('user_ldap', 'Select attributes'));
LdapWizard.initMultiSelect($('#ldap_groupfilter_groups'),
'ldap_groupfilter_groups',
t('user_ldap', 'Select groups'));
LdapWizard.initMultiSelect($('#ldap_groupfilter_objectclass'),
'ldap_groupfilter_objectclass',
t('user_ldap', 'Select object classes'));
$('.lwautosave').change(function() { LdapWizard.save(this); });
$('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
$('#toggleRawGroupFilter').click(LdapWizard.toggleRawGroupFilter);
LdapConfiguration.refreshConfig(); LdapConfiguration.refreshConfig();
$('.ldap_action_continue').click(function(event) {
event.preventDefault();
LdapWizard.controlContinue();
});
$('.ldap_action_back').click(function(event) {
event.preventDefault();
LdapWizard.controlBack();
});
$('#ldap_action_test_connection').click(function(event){ $('#ldap_action_test_connection').click(function(event){
event.preventDefault(); event.preventDefault();
$.post( $.post(

2
apps/user_ldap/lib/access.php
Unescape View File

@ -831,7 +831,7 @@ class Access extends LDAPUtility {
private function combineFilter($filters, $operator) { private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator; $combinedFilter = '('.$operator;
foreach($filters as $filter) { foreach($filters as $filter) {
if($filter[0] !== '(') { if(!empty($filter) && $filter[0] !== '(') {
$filter = '('.$filter.')'; $filter = '('.$filter.')';
} }
$combinedFilter.=$filter; $combinedFilter.=$filter;

384
apps/user_ldap/lib/configuration.php
Unescape View File

@ -0,0 +1,384 @@
<?php
/**
* ownCloud – LDAP Connection
*
* @author Arthur Schiwon
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\user_ldap\lib;
class Configuration {
protected $configPrefix = null;
protected $configRead = false;
//settings
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
'ldapBackupHost' => null,
'ldapBackupPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
'turnOffCertCheck' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilterObjectclass' => null,
'ldapUserFilterGroups' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupFilterObjectclass' => null,
'ldapGroupFilterGroups' => null,
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapLoginFilterEmail' => null,
'ldapLoginFilterUsername' => null,
'ldapLoginFilterAttributes' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
'ldapCacheTTL' => null,
'ldapUuidUserAttribute' => 'auto',
'ldapUuidGroupAttribute' => 'auto',
'ldapOverrideMainServer' => false,
'ldapConfigurationActive' => false,
'ldapAttributesForUserSearch' => null,
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
'hasMemberOfFilterSupport' => false,
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDUserAttr' => null,
'ldapExpertUUIDGroupAttr' => null,
);
public function __construct($configPrefix, $autoread = true) {
$this->configPrefix = $configPrefix;
if($autoread) {
$this->readConfiguration();
}
}
public function __get($name) {
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
public function __set($name, $value) {
$this->setConfiguration(array($name => $value));
}
public function getConfiguration() {
return $this->config;
}
/**
* @brief set LDAP configuration with values delivered by an array, not read
* from configuration. It does not save the configuration! To do so, you
* must call saveConfiguration afterwards.
* @param $config array that holds the config parameters in an associated
* array
* @param &$applied optional; array where the set fields will be given to
* @return null
*/
public function setConfiguration($config, &$applied = null) {
if(!is_array($config)) {
return false;
}
$cta = $this->getConfigTranslationArray();
foreach($config as $inputkey => $val) {
if(strpos($inputkey, '_') !== false && isset($cta[$inputkey])) {
$key = $cta[$inputkey];
} elseif(isset($this->config[$inputkey])) {
$key = $inputkey;
} else {
continue;
}
$setMethod = 'setValue';
switch($key) {
case 'homeFolderNamingRule':
if(!empty($val) && strpos($val, 'attr:') === false) {
$val = 'attr:'.$val;
}
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapGroupFilterObjectclass':
case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
$setMethod = 'setMultiLine';
default:
$this->$setMethod($key, $val);
if(is_array($applied)) {
$applied[] = $inputkey;
}
}
}
}
public function readConfiguration() {
if(!$this->configRead && !is_null($this->configPrefix)) {
$cta = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $val) {
if(!isset($cta[$key])) {
//some are determined
continue;
}
$dbkey = $cta[$key];
switch($key) {
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapGroupFilterObjectclass':
case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
$readMethod = 'getMultiLine';
break;
case 'ldapIgnoreNamingRules':
$readMethod = 'getSystemValue';
$dbkey = $key;
break;
case 'ldapAgentPassword':
$readMethod = 'getPwd';
break;
case 'ldapUserDisplayName':
case 'ldapGroupDisplayName':
$readMethod = 'getLcValue';
break;
default:
$readMethod = 'getValue';
break;
}
$this->config[$key] = $this->$readMethod($dbkey);
}
$this->configRead = true;
}
}
/**
* @brief saves the current Configuration in the database
*/
public function saveConfiguration() {
$cta = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $value) {
switch ($key) {
case 'ldapAgentPassword':
$value = base64_encode($value);
break;
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapGroupFilterObjectclass':
case 'ldapGroupFilterGroups':
case 'ldapLoginFilterAttributes':
if(is_array($value)) {
$value = implode("\n", $value);
}
break;
//following options are not stored but detected, skip them
case 'ldapIgnoreNamingRules':
case 'hasPagedResultSupport':
case 'ldapUuidUserAttribute':
case 'ldapUuidGroupAttribute':
continue 2;
}
if(is_null($value)) {
$value = '';
}
$this->saveValue($cta[$key], $value);
}
}
protected function getMultiLine($varname) {
$value = $this->getValue($varname);
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
}
return $value;
}
protected function setMultiLine($varname, $value) {
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
if($value === false) {
$value = '';
}
}
$this->setValue($varname, $value);
}
protected function getPwd($varname) {
return base64_decode($this->getValue($varname));
}
protected function getLcValue($varname) {
return mb_strtolower($this->getValue($varname), 'UTF-8');
}
protected function getSystemValue($varname) {
//FIXME: if another system value is added, softcode the default value
return \OCP\Config::getSystemValue($varname, false);
}
protected function getValue($varname) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname,
$defaults[$varname]);
}
protected function setValue($varname, $value) {
$this->config[$varname] = $value;
}
protected function saveValue($varname, $value) {
return \OCP\Config::setAppValue('user_ldap',
$this->configPrefix.$varname,
$value);
}
/**
* @returns an associative array with the default values. Keys are correspond
* to config-value entries in the database table
*/
public function getDefaults() {
return array(
'ldap_host' => '',
'ldap_port' => '',
'ldap_backup_host' => '',
'ldap_backup_port' => '',
'ldap_override_main_server' => '',
'ldap_dn' => '',
'ldap_agent_password' => '',
'ldap_base' => '',
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => '',
'ldap_userfilter_objectclass' => '',
'ldap_userfilter_groups' => '',
'ldap_login_filter' => 'uid=%uid',
'ldap_loginfilter_email' => 0,
'ldap_loginfilter_username' => 1,
'ldap_loginfilter_attributes' => '',
'ldap_group_filter' => '',
'ldap_groupfilter_objectclass' => '',
'ldap_groupfilter_groups' => '',
'ldap_display_name' => 'displayName',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember',
'ldap_cache_ttl' => 600,
'ldap_uuid_user_attribute' => 'auto',
'ldap_uuid_group_attribute' => 'auto',
'home_folder_naming_rule' => '',
'ldap_turn_off_cert_check' => 0,
'ldap_configuration_active' => 0,
'ldap_attributes_for_user_search' => '',
'ldap_attributes_for_group_search' => '',
'ldap_expert_username_attr' => '',
'ldap_expert_uuid_user_attr' => '',
'ldap_expert_uuid_group_attr' => '',
'has_memberof_filter_support' => 0,
);
}
/**
* @return returns an array that maps internal variable names to database fields
*/
public function getConfigTranslationArray() {
//TODO: merge them into one representation
static $array = array(
'ldap_host' => 'ldapHost',
'ldap_port' => 'ldapPort',
'ldap_backup_host' => 'ldapBackupHost',
'ldap_backup_port' => 'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn' => 'ldapAgentName',
'ldap_agent_password' => 'ldapAgentPassword',
'ldap_base' => 'ldapBase',
'ldap_base_users' => 'ldapBaseUsers',
'ldap_base_groups' => 'ldapBaseGroups',
'ldap_userfilter_objectclass' => 'ldapUserFilterObjectclass',
'ldap_userfilter_groups' => 'ldapUserFilterGroups',
'ldap_userlist_filter' => 'ldapUserFilter',
'ldap_login_filter' => 'ldapLoginFilter',
'ldap_loginfilter_email' => 'ldapLoginFilterEmail',
'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
'ldap_group_filter' => 'ldapGroupFilter',
'ldap_groupfilter_objectclass' => 'ldapGroupFilterObjectclass',
'ldap_groupfilter_groups' => 'ldapGroupFilterGroups',
'ldap_display_name' => 'ldapUserDisplayName',
'ldap_group_display_name' => 'ldapGroupDisplayName',
'ldap_tls' => 'ldapTLS',
'ldap_nocase' => 'ldapNoCase',
'ldap_quota_def' => 'ldapQuotaDefault',
'ldap_quota_attr' => 'ldapQuotaAttribute',
'ldap_email_attr' => 'ldapEmailAttribute',
'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
'ldap_cache_ttl' => 'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
'ldap_expert_uuid_user_attr' => 'ldapExpertUUIUserDAttr',
'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
'has_memberof_filter_support' => 'hasMemberOfFilterSupport',
);
return $array;
}
}

585
apps/user_ldap/lib/connection.php
Unescape View File

@ -1,7 +1,7 @@
<?php <?php
/** /**
* ownCloud – LDAP Access * ownCloud – LDAP Connection
* *
* @author Arthur Schiwon * @author Arthur Schiwon
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com * @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
@ -31,48 +31,13 @@ class Connection extends LDAPUtility {
//whether connection should be kept on __destruct //whether connection should be kept on __destruct
private $dontDestruct = false; private $dontDestruct = false;
private $hasPagedResultSupport = true;
//cache handler //cache handler
protected $cache; protected $cache;
//settings //settings handler
protected $config = array( protected $configuration;
'ldapHost' => null,
'ldapPort' => null,
'ldapBackupHost' => null,
'ldapBackupPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
'turnOffCertCheck' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
'ldapCacheTTL' => null,
'ldapUuidUserAttribute' => 'auto',
'ldapUuidGroupAttribute' => 'auto',
'ldapOverrideUuidAttribute' => null,
'ldapOverrideMainServer' => false,
'ldapConfigurationActive' => false,
'ldapAttributesForUserSearch' => null,
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDUserAttr' => null,
'ldapExpertUUIDGroupAttr' => null,
);
/** /**
* @brief Constructor * @brief Constructor
@ -83,13 +48,14 @@ class Connection extends LDAPUtility {
parent::__construct($ldap); parent::__construct($ldap);
$this->configPrefix = $configPrefix; $this->configPrefix = $configPrefix;
$this->configID = $configID; $this->configID = $configID;
$this->configuration = new Configuration($configPrefix);
$memcache = new \OC\Memcache\Factory(); $memcache = new \OC\Memcache\Factory();
if($memcache->isAvailable()) { if($memcache->isAvailable()) {
$this->cache = $memcache->create(); $this->cache = $memcache->create();
} else { } else {
$this->cache = \OC_Cache::getGlobalCache(); $this->cache = \OC_Cache::getGlobalCache();
} }
$this->config['hasPagedResultSupport'] = $this->hasPagedResultSupport =
$this->ldap->hasPagedResultSupport(); $this->ldap->hasPagedResultSupport();
} }
@ -114,23 +80,21 @@ class Connection extends LDAPUtility {
$this->readConfiguration(); $this->readConfiguration();
} }
if(isset($this->config[$name])) { if($name === 'hasPagedResultSupport') {
return $this->config[$name]; return $this->hasPagedResultSupport;
} }
return $this->configuration->$name;
} }
public function __set($name, $value) { public function __set($name, $value) {
$changed = false; $before = $this->configuration->$name;
//only few options are writable $this->configuration->$name = $value;
if($name === 'ldapUuidUserAttribute' || $name === 'ldapUuidGroupAttribute') { $after = $this->configuration->$name;
\OCP\Util::writeLog('user_ldap', 'Set config '.$name.' to '.$value, \OCP\Util::DEBUG); if($before !== $after) {
$this->config[$name] = $value;
if(!empty($this->configID)) { if(!empty($this->configID)) {
\OCP\Config::setAppValue($this->configID, $this->configPrefix.$name, $value); $this->configuration->saveConfiguration();
}
$changed = true;
} }
if($changed) {
$this->validateConfiguration(); $this->validateConfiguration();
} }
} }
@ -174,7 +138,7 @@ class Connection extends LDAPUtility {
if(!$this->configured) { if(!$this->configured) {
$this->readConfiguration(); $this->readConfiguration();
} }
if(!$this->config['ldapCacheTTL']) { if(!$this->configuration->ldapCacheTTL) {
return null; return null;
} }
if(!$this->isCached($key)) { if(!$this->isCached($key)) {
@ -190,7 +154,7 @@ class Connection extends LDAPUtility {
if(!$this->configured) { if(!$this->configured) {
$this->readConfiguration(); $this->readConfiguration();
} }
if(!$this->config['ldapCacheTTL']) { if(!$this->configuration->ldapCacheTTL) {
return false; return false;
} }
$key = $this->getCacheKey($key); $key = $this->getCacheKey($key);
@ -201,156 +165,32 @@ class Connection extends LDAPUtility {
if(!$this->configured) { if(!$this->configured) {
$this->readConfiguration(); $this->readConfiguration();
} }
if(!$this->config['ldapCacheTTL'] if(!$this->configuration->ldapCacheTTL
|| !$this->config['ldapConfigurationActive']) { || !$this->configuration->ldapConfigurationActive) {
return null; return null;
} }
$key = $this->getCacheKey($key); $key = $this->getCacheKey($key);
$value = base64_encode(serialize($value)); $value = base64_encode(serialize($value));
$this->cache->set($key, $value, $this->config['ldapCacheTTL']); $this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
} }
public function clearCache() { public function clearCache() {
$this->cache->clear($this->getCacheKey(null)); $this->cache->clear($this->getCacheKey(null));
} }
private function getValue($varname) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue($this->configID,
$this->configPrefix.$varname,
$defaults[$varname]);
}
private function setValue($varname, $value) {
\OCP\Config::setAppValue($this->configID,
$this->configPrefix.$varname,
$value);
}
/** /**
* Special handling for reading Base Configuration * @brief Caches the general LDAP configuration.
* * @param $force optional. true, if the re-read should be forced. defaults
* @param $base the internal name of the config key * to false.
* @param $value the value stored for the base * @return null
*/
private function readBase($base, $value) {
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
}
$this->config[$base] = $value;
}
/**
* Caches the general LDAP configuration.
*/ */
private function readConfiguration($force = false) { private function readConfiguration($force = false) {
if((!$this->configured || $force) && !is_null($this->configID)) { if((!$this->configured || $force) && !is_null($this->configID)) {
$v = 'getValue'; $this->configuration->readConfiguration();
$this->config['ldapHost'] = $this->$v('ldap_host');
$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
$this->config['ldapPort'] = $this->$v('ldap_port');
$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
$this->config['ldapOverrideMainServer']
= $this->$v('ldap_override_main_server');
$this->config['ldapAgentName'] = $this->$v('ldap_dn');
$this->config['ldapAgentPassword']
= base64_decode($this->$v('ldap_agent_password'));
$this->readBase('ldapBase', $this->$v('ldap_base'));
$this->readBase('ldapBaseUsers', $this->$v('ldap_base_users'));
$this->readBase('ldapBaseGroups', $this->$v('ldap_base_groups'));
$this->config['ldapTLS'] = $this->$v('ldap_tls');
$this->config['ldapNoCase'] = $this->$v('ldap_nocase');
$this->config['turnOffCertCheck']
= $this->$v('ldap_turn_off_cert_check');
$this->config['ldapUserDisplayName']
= mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
$this->config['ldapUserFilter']
= $this->$v('ldap_userlist_filter');
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
$this->config['ldapGroupDisplayName']
= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
$this->config['ldapQuotaAttribute']
= $this->$v('ldap_quota_attr');
$this->config['ldapQuotaDefault']
= $this->$v('ldap_quota_def');
$this->config['ldapEmailAttribute']
= $this->$v('ldap_email_attr');
$this->config['ldapGroupMemberAssocAttr']
= $this->$v('ldap_group_member_assoc_attribute');
$this->config['ldapIgnoreNamingRules']
= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
$this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
$this->config['ldapUuidUserAttribute']
= $this->$v('ldap_uuid_user_attribute');
$this->config['ldapUuidGroupAttribute']
= $this->$v('ldap_uuid_group_attribute');
$this->config['ldapOverrideUuidAttribute']
= $this->$v('ldap_override_uuid_attribute');
$this->config['homeFolderNamingRule']
= $this->$v('home_folder_naming_rule');
$this->config['ldapConfigurationActive']
= $this->$v('ldap_configuration_active');
$this->config['ldapAttributesForUserSearch']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
$this->config['ldapAttributesForGroupSearch']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
$this->config['ldapExpertUsernameAttr']
= $this->$v('ldap_expert_username_attr');
$this->config['ldapExpertUUIDUserAttr']
= $this->$v('ldap_expert_uuid_user_attr');
$this->config['ldapExpertUUIDGroupAttr']
= $this->$v('ldap_expert_uuid_group_attr');
$this->configured = $this->validateConfiguration(); $this->configured = $this->validateConfiguration();
} }
} }
/**
* @return returns an array that maps internal variable names to database fields
*/
private function getConfigTranslationArray() {
static $array = array(
'ldap_host'=>'ldapHost',
'ldap_port'=>'ldapPort',
'ldap_backup_host'=>'ldapBackupHost',
'ldap_backup_port'=>'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn'=>'ldapAgentName',
'ldap_agent_password'=>'ldapAgentPassword',
'ldap_base'=>'ldapBase',
'ldap_base_users'=>'ldapBaseUsers',
'ldap_base_groups'=>'ldapBaseGroups',
'ldap_userlist_filter'=>'ldapUserFilter',
'ldap_login_filter'=>'ldapLoginFilter',
'ldap_group_filter'=>'ldapGroupFilter',
'ldap_display_name'=>'ldapUserDisplayName',
'ldap_group_display_name'=>'ldapGroupDisplayName',
'ldap_tls'=>'ldapTLS',
'ldap_nocase'=>'ldapNoCase',
'ldap_quota_def'=>'ldapQuotaDefault',
'ldap_quota_attr'=>'ldapQuotaAttribute',
'ldap_email_attr'=>'ldapEmailAttribute',
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
'ldap_cache_ttl'=>'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
);
return $array;
}
/** /**
* @brief set LDAP configuration with values delivered by an array, not read from configuration * @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array * @param $config array that holds the config parameters in an associated array
@ -358,79 +198,24 @@ class Connection extends LDAPUtility {
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters * @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/ */
public function setConfiguration($config, &$setParameters = null) { public function setConfiguration($config, &$setParameters = null) {
if(!is_array($config)) { if(is_null($setParameters)) {
return false; $setParameters = array();
}
$params = $this->getConfigTranslationArray();
foreach($config as $parameter => $value) {
if(($parameter === 'homeFolderNamingRule'
|| (isset($params[$parameter])
&& $params[$parameter] === 'homeFolderNamingRule'))
&& !empty($value)) {
$value = 'attr:'.$value;
} else if (strpos($parameter, 'ldapBase') !== false
|| (isset($params[$parameter])
&& strpos($params[$parameter], 'ldapBase') !== false)) {
$this->readBase($params[$parameter], $value);
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
continue;
} }
if(isset($this->config[$parameter])) { $this->configuration->setConfiguration($config, $setParameters);
$this->config[$parameter] = $value; if(count($setParameters) > 0) {
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
} else if(isset($params[$parameter])) {
$this->config[$params[$parameter]] = $value;
if(is_array($setParameters)) {
$setParameters[] = $params[$parameter];
}
}
}
$this->configured = $this->validateConfiguration(); $this->configured = $this->validateConfiguration();
}
return $this->configured; return $this->configured;
} }
/** /**
* @brief saves the current Configuration in the database * @brief saves the current Configuration in the database and empties the
* cache
* @return null
*/ */
public function saveConfiguration() { public function saveConfiguration() {
$trans = array_flip($this->getConfigTranslationArray()); $this->configuration->saveConfiguration();
foreach($this->config as $key => $value) {
\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.
' value '.print_r($value, true), \OCP\Util::DEBUG);
switch ($key) {
case 'ldapAgentPassword':
$value = base64_encode($value);
break;
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
if(is_array($value)) {
$value = implode("\n", $value);
}
break;
case 'ldapIgnoreNamingRules':
case 'ldapOverrideUuidAttribute':
case 'ldapUuidUserAttribute':
case 'ldapUuidGroupAttribute':
case 'hasPagedResultSupport':
continue 2;
}
if(is_null($value)) {
$value = '';
}
$this->setValue($trans[$key], $value);
}
$this->clearCache(); $this->clearCache();
} }
@ -440,191 +225,197 @@ class Connection extends LDAPUtility {
*/ */
public function getConfiguration() { public function getConfiguration() {
$this->readConfiguration(); $this->readConfiguration();
$trans = $this->getConfigTranslationArray(); $config = $this->configuration->getConfiguration();
$config = array(); $cta = $this->configuration->getConfigTranslationArray();
foreach($trans as $dbKey => $classKey) { $result = array();
if($classKey === 'homeFolderNamingRule') { foreach($cta as $dbkey => $configkey) {
if(strpos($this->config[$classKey], 'attr:') === 0) { switch($configkey) {
$config[$dbKey] = substr($this->config[$classKey], 5); case 'homeFolderNamingRule':
if(strpos($config[$configkey], 'attr:') === 0) {
$result[$dbkey] = substr($config[$configkey], 5);
} else { } else {
$config[$dbKey] = ''; $result[$dbkey] = '';
} }
continue; break;
} else if((strpos($classKey, 'ldapBase') !== false case 'ldapBase':
|| strpos($classKey, 'ldapAttributes') !== false) case 'ldapBaseUsers':
&& is_array($this->config[$classKey])) { case 'ldapBaseGroups':
$config[$dbKey] = implode("\n", $this->config[$classKey]); case 'ldapAttributesForUserSearch':
continue; case 'ldapAttributesForGroupSearch':
if(is_array($config[$configkey])) {
$result[$dbkey] = implode("\n", $config[$configkey]);
break;
} //else follows default
default:
$result[$dbkey] = $config[$configkey];
} }
$config[$dbKey] = $this->config[$classKey];
} }
return $result;
return $config;
} }
/** private function doSoftValidation() {
* @brief Validates the user specified configuration //if User or Group Base are not set, take over Base DN setting
* @returns true if configuration seems OK, false otherwise foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
*/ $val = $this->configuration->$keyBase;
private function validateConfiguration() { if(empty($val)) {
// first step: "soft" checks: settings that are not really $obj = strpos('Users', $keyBase) !== false ? 'Users' : 'Groups';
// necessary, but advisable. If left empty, give an info message \OCP\Util::writeLog('user_ldap',
if(empty($this->config['ldapBaseUsers'])) { 'Base tree for '.$obj.
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO); ' is empty, using Base DN',
$this->config['ldapBaseUsers'] = $this->config['ldapBase']; \OCP\Util::INFO);
$this->configuration->$keyBase = $this->configuration->ldapBase;
} }
if(empty($this->config['ldapBaseGroups'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
} }
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
$groupFilter = $this->configuration->ldapGroupFilter;
if(empty($groupFilter)) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'No group filter is specified, LDAP group feature will not be used.', 'No group filter is specified, LDAP group '.
'feature will not be used.',
\OCP\Util::INFO); \OCP\Util::INFO);
} }
$uuidAttributes = array(
'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid'); foreach(array('ldapExpertUUIDUserAttr' => 'ldapUuidUserAttribute',
$uuidSettings = array( 'ldapExpertUUIDGroupAttr' => 'ldapUuidGroupAttribute')
'ldapUuidUserAttribute' => 'ldapExpertUUIDUserAttr', as $expertSetting => $effectiveSetting) {
'ldapUuidGroupAttribute' => 'ldapExpertUUIDGroupAttr'); $uuidOverride = $this->configuration->$expertSetting;
$cta = array_flip($this->getConfigTranslationArray()); if(!empty($uuidOverride)) {
foreach($uuidSettings as $defaultKey => $overrideKey) { $this->configuration->$effectiveSetting = $uuidOverride;
if( !in_array($this->config[$defaultKey], $uuidAttributes) } else {
&& is_null($this->config[$overrideKey]) $uuidAttributes = array('auto', 'entryuuid', 'nsuniqueid',
&& !is_null($this->configID)) { 'objectguid', 'guid');
\OCP\Config::setAppValue($this->configID, if(!in_array($this->configuration->$effectiveSetting,
$this->configPrefix.$cta[$defaultKey], $uuidAttributes)
'auto'); && (!is_null($this->configID))) {
$this->configuration->$effectiveSetting = 'auto';
$this->configuration->saveConfiguration();
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'Illegal value for'.$defaultKey.', reset to autodetect.', 'Illegal value for the '.
\OCP\Util::DEBUG); $effectiveSetting.', '.'reset to '.
'autodetect.', \OCP\Util::INFO);
}
} }
} }
if(empty($this->config['ldapBackupPort'])) { $backupPort = $this->configuration->ldapBackupPort;
//force default if(empty($backupPort)) {
$this->config['ldapBackupPort'] = $this->config['ldapPort']; $this->configuration->backupPort = $this->configuration->ldapPort;
} }
foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
if(is_array($this->config[$key]) //make sure empty search attributes are saved as simple, empty array
&& count($this->config[$key]) === 1 $sakeys = array('ldapAttributesForUserSearch',
&& empty($this->config[$key][0])) { 'ldapAttributesForGroupSearch');
$this->config[$key] = array(); foreach($sakeys as $key) {
$val = $this->configuration->$key;
if(is_array($val) && count($val) === 1 && empty($val[0])) {
$this->configuration->$key = array();
} }
} }
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
&& $this->config['ldapTLS']) { if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
$this->config['ldapTLS'] = false; && $this->configuration->ldapTLS) {
$this->configuration->ldapTLS = false;
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', 'LDAPS (already using secure connection) and '.
'TLS do not work together. Switched off TLS.',
\OCP\Util::INFO); \OCP\Util::INFO);
} }
}
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning. private function doCriticalValidation() {
$configurationOK = true; $configurationOK = true;
if(empty($this->config['ldapHost'])) { $errorStr = 'Configuration Error (prefix '.
\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN); strval($this->configPrefix).'): ';
$configurationOK = false;
//options that shall not be empty
$options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
'ldapGroupDisplayName', 'ldapLoginFilter');
foreach($options as $key) {
$val = $this->configuration->$key;
if(empty($val)) {
switch($key) {
case 'ldapHost':
$subj = 'LDAP Host';
break;
case 'ldapPort':
$subj = 'LDAP Port';
break;
case 'ldapUserDisplayName':
$subj = 'LDAP User Display Name';
break;
case 'ldapGroupDisplayName':
$subj = 'LDAP Group Display Name';
break;
case 'ldapLoginFilter':
$subj = 'LDAP Login Filter';
break;
default:
$subj = $key;
break;
} }
if(empty($this->config['ldapPort'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false; $configurationOK = false;
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', $errorStr.'No '.$subj.' given!',
\OCP\Util::WARN); \OCP\Util::WARN);
$configurationOK = false;
} }
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase'])
&& (empty($this->config['ldapBaseUsers'])
&& empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
} }
if(empty($this->config['ldapUserDisplayName'])) {
//combinations
$agent = $this->configuration->ldapAgentName;
$pwd = $this->configuration->ldapAgentPassword;
if((empty($agent) && !empty($pwd)) || (!empty($agent) && empty($pwd))) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'No user display name attribute specified, won`t connect.', $errorStr.'either no password is given for the'.
'user agent or a password is given, but not an'.
'LDAP agent.',
\OCP\Util::WARN); \OCP\Util::WARN);
$configurationOK = false; $configurationOK = false;
} }
if(empty($this->config['ldapGroupDisplayName'])) {
$base = $this->configuration->ldapBase;
$baseUsers = $this->configuration->ldapBaseUsers;
$baseGroups = $this->configuration->ldapBaseGroups;
if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'No group display name attribute specified, won`t connect.', $errorStr.'Not a single Base DN given.',
\OCP\Util::WARN); \OCP\Util::WARN);
$configurationOK = false; $configurationOK = false;
} }
if(empty($this->config['ldapLoginFilter'])) {
\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN); if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
$configurationOK = false; === false) {
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'Login filter does not contain %uid place holder, won`t connect.', $errorStr.'login filter does not contain %uid '.
'place holder.',
\OCP\Util::WARN); \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$configurationOK = false; $configurationOK = false;
} }
if(!empty($this->config['ldapExpertUUIDUserAttr'])) {
$this->config['ldapUuidUserAttribute'] = $this->config['ldapExpertUUIDUserAttr'];
}
if(!empty($this->config['ldapExpertUUIDGroupAttr'])) {
$this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr'];
}
return $configurationOK; return $configurationOK;
} }
/** /**
* @returns an associative array with the default values. Keys are correspond * @brief Validates the user specified configuration
* to config-value entries in the database table * @returns true if configuration seems OK, false otherwise
*/ */
static public function getDefaults() { private function validateConfiguration() {
return array( // first step: "soft" checks: settings that are not really
'ldap_host' => '', // necessary, but advisable. If left empty, give an info message
'ldap_port' => '389', $this->doSoftValidation();
'ldap_backup_host' => '',
'ldap_backup_port' => '', //second step: critical checks. If left empty or filled wrong, set as
'ldap_override_main_server' => '', //unconfigured and give a warning.
'ldap_dn' => '', return $this->doCriticalValidation();
'ldap_agent_password' => '',
'ldap_base' => '',
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => 'objectClass=person',
'ldap_login_filter' => 'uid=%uid',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember',
'ldap_cache_ttl' => 600,
'ldap_uuid_user_attribute' => 'auto',
'ldap_uuid_group_attribute' => 'auto',
'ldap_override_uuid_attribute' => 0,
'home_folder_naming_rule' => '',
'ldap_turn_off_cert_check' => 0,
'ldap_configuration_active' => 1,
'ldap_attributes_for_user_search' => '',
'ldap_attributes_for_group_search' => '',
'ldap_expert_username_attr' => '',
'ldap_expert_uuid_user_attr' => '',
'ldap_expert_uuid_group_attr' => '',
);
} }
/** /**
* Connects and Binds to LDAP * Connects and Binds to LDAP
*/ */
private function establishConnection() { private function establishConnection() {
if(!$this->config['ldapConfigurationActive']) { if(!$this->configuration->ldapConfigurationActive) {
return null; return null;
} }
static $phpLDAPinstalled = true; static $phpLDAPinstalled = true;
@ -632,29 +423,36 @@ class Connection extends LDAPUtility {
return false; return false;
} }
if(!$this->configured) { if(!$this->configured) {
\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN); \OCP\Util::writeLog('user_ldap',
'Configuration is invalid, cannot connect',
\OCP\Util::WARN);
return false; return false;
} }
if(!$this->ldapConnectionRes) { if(!$this->ldapConnectionRes) {
if(!$this->ldap->areLDAPFunctionsAvailable()) { if(!$this->ldap->areLDAPFunctionsAvailable()) {
$phpLDAPinstalled = false; $phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', 'function ldap_connect is not available. Make '.
'sure that the PHP ldap module is installed.',
\OCP\Util::ERROR); \OCP\Util::ERROR);
return false; return false;
} }
if($this->config['turnOffCertCheck']) { if($this->configuration->turnOffCertCheck) {
if(putenv('LDAPTLS_REQCERT=never')) { if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'Turned off SSL certificate validation successfully.', 'Turned off SSL certificate validation successfully.',
\OCP\Util::WARN); \OCP\Util::WARN);
} else { } else {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN); \OCP\Util::writeLog('user_ldap',
'Could not turn off SSL certificate validation.',
\OCP\Util::WARN);
} }
} }
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) { if(!$this->configuration->ldapOverrideMainServer
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']); && !$this->getFromCache('overrideMainServer')) {
$this->doConnect($this->configuration->ldapHost,
$this->configuration->ldapPort);
$bindStatus = $this->bind(); $bindStatus = $this->bind();
$error = $this->ldap->isResource($this->ldapConnectionRes) ? $error = $this->ldap->isResource($this->ldapConnectionRes) ?
$this->ldap->errno($this->ldapConnectionRes) : -1; $this->ldap->errno($this->ldapConnectionRes) : -1;
@ -665,9 +463,10 @@ class Connection extends LDAPUtility {
//if LDAP server is not reachable, try the Backup (Replica!) Server //if LDAP server is not reachable, try the Backup (Replica!) Server
if((!$bindStatus && ($error !== 0)) if((!$bindStatus && ($error !== 0))
|| $this->config['ldapOverrideMainServer'] || $this->configuration->ldapOverrideMainServer
|| $this->getFromCache('overrideMainServer')) { || $this->getFromCache('overrideMainServer')) {
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']); $this->doConnect($this->configuration->ldapBackupHost,
$this->configuration->ldapBackupPort);
$bindStatus = $this->bind(); $bindStatus = $this->bind();
if(!$bindStatus && $error === -1) { if(!$bindStatus && $error === -1) {
//when bind to backup server succeeded and failed to main server, //when bind to backup server succeeded and failed to main server,
@ -690,7 +489,7 @@ class Connection extends LDAPUtility {
$this->ldapConnectionRes = $this->ldap->connect($host, $port); $this->ldapConnectionRes = $this->ldap->connect($host, $port);
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) { if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) { if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
if($this->config['ldapTLS']) { if($this->configuration->ldapTLS) {
$this->ldap->startTls($this->ldapConnectionRes); $this->ldap->startTls($this->ldapConnectionRes);
} }
} }
@ -702,7 +501,7 @@ class Connection extends LDAPUtility {
*/ */
public function bind() { public function bind() {
static $getConnectionResourceAttempt = false; static $getConnectionResourceAttempt = false;
if(!$this->config['ldapConfigurationActive']) { if(!$this->configuration->ldapConfigurationActive) {
return false; return false;
} }
if($getConnectionResourceAttempt) { if($getConnectionResourceAttempt) {
@ -716,8 +515,8 @@ class Connection extends LDAPUtility {
return false; return false;
} }
$ldapLogin = @$this->ldap->bind($cr, $ldapLogin = @$this->ldap->bind($cr,
$this->config['ldapAgentName'], $this->configuration->ldapAgentName,
$this->config['ldapAgentPassword']); $this->configuration->ldapAgentPassword);
if(!$ldapLogin) { if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', \OCP\Util::writeLog('user_ldap',
'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr), 'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),

21
apps/user_ldap/lib/helper.php
Unescape View File

@ -161,4 +161,25 @@ class Helper {
return true; return true;
} }
/**
* @brief extractsthe domain from a given URL
* @param $url the URL
* @return mixed, domain as string on success, false otherwise
*/
static public function getDomainFromURL($url) {
$uinfo = parse_url($url);
if(!is_array($uinfo)) {
return false;
}
$domain = false;
if(isset($uinfo['host'])) {
$domain = $uinfo['host'];
} else if(isset($uinfo['path'])) {
$domain = $uinfo['path'];
}
return $domain;
}
} }

24
apps/user_ldap/lib/ildapwrapper.php
Unescape View File

@ -67,6 +67,14 @@ interface ILDAPWrapper {
*/ */
public function controlPagedResultResponse($link, $result, &$cookie); public function controlPagedResultResponse($link, $result, &$cookie);
/**
* @brief Count the number of entries in a search
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return mixed, number of results on success, false otherwise
*/
public function countEntries($link, $result);
/** /**
* @brief Return the LDAP error number of the last LDAP command * @brief Return the LDAP error number of the last LDAP command
* @param $link LDAP link resource * @param $link LDAP link resource
@ -97,6 +105,14 @@ interface ILDAPWrapper {
* */ * */
public function getAttributes($link, $result); public function getAttributes($link, $result);
/**
* @brief Get the DN of a result entry
* @param $link LDAP link resource
* @param $result LDAP result resource
* @return string containing the DN, false on error
*/
public function getDN($link, $result);
/** /**
* @brief Get all result entries * @brief Get all result entries
* @param $link LDAP link resource * @param $link LDAP link resource
@ -105,6 +121,14 @@ interface ILDAPWrapper {
*/ */
public function getEntries($link, $result); public function getEntries($link, $result);
/**
* @brief Return next result id
* @param $link LDAP link resource
* @param $result LDAP entry result resource
* @return an LDAP search result resource
* */
public function nextEntry($link, $result);
/** /**
* @brief Read an entry * @brief Read an entry
* @param $link LDAP link resource * @param $link LDAP link resource

12
apps/user_ldap/lib/ldap.php
Unescape View File

@ -49,6 +49,10 @@ class LDAP implements ILDAPWrapper {
$isCritical, $cookie); $isCritical, $cookie);
} }
public function countEntries($link, $result) {
return $this->invokeLDAPMethod('count_entries', $link, $result);
}
public function errno($link) { public function errno($link) {
return $this->invokeLDAPMethod('errno', $link); return $this->invokeLDAPMethod('errno', $link);
} }
@ -65,10 +69,18 @@ class LDAP implements ILDAPWrapper {
return $this->invokeLDAPMethod('get_attributes', $link, $result); return $this->invokeLDAPMethod('get_attributes', $link, $result);
} }
public function getDN($link, $result) {
return $this->invokeLDAPMethod('get_dn', $link, $result);
}
public function getEntries($link, $result) { public function getEntries($link, $result) {
return $this->invokeLDAPMethod('get_entries', $link, $result); return $this->invokeLDAPMethod('get_entries', $link, $result);
} }
public function nextEntry($link, $result) {
return $this->invokeLDAPMethod('next_entry', $link, $result);
}
public function read($link, $baseDN, $filter, $attr) { public function read($link, $baseDN, $filter, $attr) {
return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr); return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
} }

1024
apps/user_ldap/lib/wizard.php
View File

File diff suppressed because it is too large Load Diff

58
apps/user_ldap/lib/wizardresult.php
Unescape View File

@ -0,0 +1,58 @@
<?php
/**
* ownCloud – LDAP Wizard Result
*
* @author Arthur Schiwon
* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\user_ldap\lib;
class WizardResult {
protected $changes = array();
protected $options = array();
protected $markedChange = false;
public function addChange($key, $value) {
$this->changes[$key] = $value;
}
public function markChange() {
$this->markedChange = true;
}
public function addOptions($key, $values) {
if(!is_array($values)) {
$values = array($values);
}
$this->options[$key] = $values;
}
public function hasChanges() {
return (count($this->changes) > 0 || $this->markedChange);
}
public function getResultArray() {
$result = array();
$result['changes'] = $this->changes;
if(count($this->options) > 0) {
$result['options'] = $this->options;
}
return $result;
}
}

41
apps/user_ldap/settings.php
Unescape View File

@ -25,19 +25,50 @@
OC_Util::checkAdminUser(); OC_Util::checkAdminUser();
OCP\Util::addscript('user_ldap', 'settings'); OCP\Util::addScript('user_ldap', 'settings');
OCP\Util::addstyle('user_ldap', 'settings'); OCP\Util::addScript('core', 'jquery.multiselect');
OCP\Util::addStyle('user_ldap', 'settings');
OCP\Util::addStyle('core', 'jquery.multiselect');
OCP\Util::addStyle('core', 'jquery-ui-1.10.0.custom');
// fill template // fill template
$tmpl = new OCP\Template('user_ldap', 'settings'); $tmpl = new OCP\Template('user_ldap', 'settings');
$prefixes = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes(); $prefixes = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes();
$hosts = \OCA\user_ldap\lib\Helper::getServerConfigurationHosts(); $hosts = \OCA\user_ldap\lib\Helper::getServerConfigurationHosts();
$tmpl->assign('serverConfigurationPrefixes', $prefixes);
$tmpl->assign('serverConfigurationHosts', $hosts); $wizardHtml = '';
$toc = array();
$wControls = new OCP\Template('user_ldap', 'part.wizardcontrols');
$wControls = $wControls->fetchPage();
$sControls = new OCP\Template('user_ldap', 'part.settingcontrols');
$sControls = $sControls->fetchPage();
$wizTabs = array();
$wizTabs[] = array('tpl' => 'part.wizard-server', 'cap' => 'Server');
$wizTabs[] = array('tpl' => 'part.wizard-userfilter', 'cap' => 'User Filter');
$wizTabs[] = array('tpl' => 'part.wizard-loginfilter', 'cap' => 'Login Filter');
$wizTabs[] = array('tpl' => 'part.wizard-groupfilter', 'cap' => 'Group Filter');
for($i = 0; $i < count($wizTabs); $i++) {
$tab = new OCP\Template('user_ldap', $wizTabs[$i]['tpl']);
if($i === 0) {
$tab->assign('serverConfigurationPrefixes', $prefixes);
$tab->assign('serverConfigurationHosts', $hosts);
}
$tab->assign('wizardControls', $wControls);
$wizardHtml .= $tab->fetchPage();
$toc['#ldapWizard'.($i+1)] = $wizTabs[$i]['cap'];
}
$tmpl->assign('tabs', $wizardHtml);
$tmpl->assign('toc', $toc);
$tmpl->assign('settingControls', $sControls);
// assign default values // assign default values
$defaults = \OCA\user_ldap\lib\Connection::getDefaults(); $config = new \OCA\user_ldap\lib\Configuration('', false);
$defaults = $config->getDefaults();
foreach($defaults as $key => $default) { foreach($defaults as $key => $default) {
$tmpl->assign($key.'_default', $default); $tmpl->assign($key.'_default', $default);
} }

12
apps/user_ldap/templates/part.settingcontrols.php
Unescape View File

@ -0,0 +1,12 @@
<div class="ldapSettingControls">
<input id="ldap_submit" type="submit" value="Save" />
<button id="ldap_action_test_connection" name="ldap_action_test_connection">
<?php p($l->t('Test Configuration'));?>
</button>
<a href="<?php p($theme->getDocBaseUrl()); ?>/server/5.0/admin_manual/auth_ldap.html"
target="_blank">
<img src="<?php print_unescaped(OCP\Util::imagePath('', 'actions/info.png')); ?>"
style="height:1.75ex" />
<?php p($l->t('Help'));?>
</a>
</div>

42
apps/user_ldap/templates/part.wizard-groupfilter.php
Unescape View File

@ -0,0 +1,42 @@
<fieldset id="ldapWizard4">
<div>
<p>
<?php p($l->t('Limit the access to %s to groups meeting this criteria:', $theme->getName()));?>
</p>
<p>
<label for="ldap_groupfilter_objectclass">
<?php p($l->t('only those object classes:'));?>
</label>
<select id="ldap_groupfilter_objectclass" multiple="multiple"
name="ldap_groupfilter_objectclass">
</select>
</p>
<p>
<label for="ldap_groupfilter_groups">
<?php p($l->t('only from those groups:'));?>
</label>
<select id="ldap_groupfilter_groups" multiple="multiple"
name="ldap_groupfilter_groups">
</select>
</p>
<p>
<label><a id='toggleRawGroupFilter'><?php p($l->t('Edit raw filter instead'));?></a></label>
</p>
<p id="rawGroupFilterContainer" class="invisible">
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
class="lwautosave"
placeholder="<?php p($l->t('Raw LDAP filter'));?>"
title="<?php p($l->t('The filter specifies which LDAP groups shall have access to the %s instance.', $theme->getName()));?>"
/>
</p>
<p>
<div class="ldapWizardInfo invisible">&nbsp;</div>
</p>
<p>
<span id="ldap_group_count">0 <?php p($l->t('groups found'));?></span>
</p>
<?php print_unescaped($_['wizardControls']); ?>
</div>
</fieldset>

37
apps/user_ldap/templates/part.wizard-loginfilter.php
Unescape View File

@ -0,0 +1,37 @@
<fieldset id="ldapWizard3">
<div>
<p>
<?php p($l->t('What attribute shall be used as login name:'));?>
</p>
<p>
<label for="ldap_loginfilter_username">
<?php p($l->t('LDAP Username:'));?>
</label>
<input type="checkbox" id="ldap_loginfilter_username"
name="ldap_loginfilter_username" value="1" class="lwautosave" />
</p>
<p>
<label for="ldap_loginfilter_email">
<?php p($l->t('LDAP Email Address:'));?>
</label>
<input type="checkbox" id="ldap_loginfilter_email"
name="ldap_loginfilter_email" value="1" class="lwautosave" />
</p>
<p>
<label for="ldap_loginfilter_attributes">
<?php p($l->t('Other Attributes:'));?>
</label>
<select id="ldap_loginfilter_attributes" multiple="multiple"
name="ldap_loginfilter_attributes">
</select>
</p>
<p>
<div class="ldapWizardInfo invisible">&nbsp;</div>
</p>
<?php print_unescaped($_['wizardControls']); ?>
</div>
</fieldset>

71
apps/user_ldap/templates/part.wizard-server.php
Unescape View File

@ -0,0 +1,71 @@
<fieldset id="ldapWizard1">
<p>
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<?php if(count($_['serverConfigurationPrefixes']) === 0 ) {
?>
<option value="" selected>1. Server</option>');
<?php
} else {
$i = 1;
$sel = ' selected';
foreach($_['serverConfigurationPrefixes'] as $prefix) {
?>
<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($i++); ?>. Server: <?php p($_['serverConfigurationHosts'][$prefix]); ?></option>
<?php
}
}
?>
<option value="NEW"><?php p($l->t('Add Server Configuration'));?></option>
</select>
<button id="ldap_action_delete_configuration"
name="ldap_action_delete_configuration">Delete Configuration</button>
</p>
<div class="hostPortCombinator">
<div class="tablerow">
<div class="tablecell">
<div class="table">
<input type="text" class="host tablecell lwautosave" id="ldap_host"
name="ldap_host"
placeholder="<?php p($l->t('Host'));?>"
title="<?php p($l->t('You can omit the protocol, except you require SSL. Then start with ldaps://'));?>"
/>
<span>
<input type="number" id="ldap_port" name="ldap_port"
class="invisible lwautosave"
placeholder="<?php p($l->t('Port'));?>" />
</span>
</div>
</div>
</div>
<div class="tablerow">
<input type="text" id="ldap_dn" name="ldap_dn"
class="tablecell lwautosave"
placeholder="<?php p($l->t('User DN'));?>"
title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.'));?>"
/>
</div>
<div class="tablerow">
<input type="password" id="ldap_agent_password"
class="tablecell lwautosave" name="ldap_agent_password"
placeholder="<?php p($l->t('Password'));?>"
title="<?php p($l->t('For anonymous access, leave DN and Password empty.'));?>"
/>
</div>
<div class="tablerow">
<textarea id="ldap_base" name="ldap_base"
class="tablecell invisible lwautosave"
placeholder="<?php p($l->t('One Base DN per line'));?>"
title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>">
</textarea>
</div>
<div class="tablerow">
<div class="tablecell ldapWizardInfo invisible">&nbsp;
</div>
</div>
</div>
<?php print_unescaped($_['wizardControls']); ?>
</fieldset>

42
apps/user_ldap/templates/part.wizard-userfilter.php
Unescape View File

@ -0,0 +1,42 @@
<fieldset id="ldapWizard2">
<div>
<p>
<?php p($l->t('Limit the access to %s to users meeting this criteria:', $theme->getName()));?>
</p>
<p>
<label for="ldap_userfilter_objectclass">
<?php p($l->t('only those object classes:'));?>
</label>
<select id="ldap_userfilter_objectclass" multiple="multiple"
name="ldap_userfilter_objectclass">
</select>
</p>
<p>
<label for="ldap_userfilter_groups">
<?php p($l->t('only from those groups:'));?>
</label>
<select id="ldap_userfilter_groups" multiple="multiple"
name="ldap_userfilter_groups">
</select>
</p>
<p>
<label><a id='toggleRawUserFilter'><?php p($l->t('Edit raw filter instead'));?></a></label>
</p>
<p id="rawUserFilterContainer" class="invisible">
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
class="lwautosave"
placeholder="<?php p($l->t('Raw LDAP filter'));?>"
title="<?php p($l->t('The filter specifies which LDAP users shall have access to the %s instance.', $theme->getName()));?>"
/>
</p>
<p>
<div class="ldapWizardInfo invisible">&nbsp;</div>
</p>
<p>
<span id="ldap_user_count">0 <?php p($l->t('users found'));?></span>
</p>
<?php print_unescaped($_['wizardControls']); ?>
</div>
</fieldset>

15
apps/user_ldap/templates/part.wizardcontrols.php
Unescape View File

@ -0,0 +1,15 @@
<div class="ldapWizardControls">
<button class="ldap_action_back invisible" name="ldap_action_back"
type="button">
<?php p($l->t('Back'));?>
</button>
<button class="ldap_action_continue" name="ldap_action_continue" type="button">
<?php p($l->t('Continue'));?>
</button>
<a href="<?php p($theme->getDocBaseUrl()); ?>/server/5.0/admin_manual/auth_ldap.html"
target="_blank">
<img src="<?php print_unescaped(OCP\Util::imagePath('', 'actions/info.png')); ?>"
style="height:1.75ex" />
<?php p($l->t('Help'));?>
</a>
</div>

69
apps/user_ldap/templates/settings.php
Unescape View File

@ -1,9 +1,11 @@
<form id="ldap" action="#" method="post"> <form id="ldap" action="#" method="post">
<div id="ldapSettings" class="personalblock"> <div id="ldapSettings" class="personalblock">
<ul> <ul>
<li><a href="#ldapSettings-1">LDAP Basic</a></li> <?php foreach($_['toc'] as $id => $title) { ?>
<li><a href="#ldapSettings-2">Advanced</a></li> <li id="<?php p($id); ?>"><a href="<?php p($id); ?>"><?php p($title); ?></a></li>
<li><a href="#ldapSettings-3">Expert</a></li> <?php } ?>
<li class="ldapSettingsTabs"><a href="#ldapSettings-2">Expert</a></li>
<li class="ldapSettingsTabs"><a href="#ldapSettings-1">Advanced</a></li>
</ul> </ul>
<?php if(OCP\App::isEnabled('user_webdavauth')) { <?php if(OCP\App::isEnabled('user_webdavauth')) {
print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behavior. Please ask your system administrator to disable one of them.').'</p>'); print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> Apps user_ldap and user_webdavauth are incompatible. You may experience unexpected behavior. Please ask your system administrator to disable one of them.').'</p>');
@ -12,65 +14,19 @@
print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>'); print_unescaped('<p class="ldapwarning">'.$l->t('<b>Warning:</b> The PHP LDAP module is not installed, the backend will not work. Please ask your system administrator to install it.').'</p>');
} }
?> ?>
<?php print_unescaped($_['tabs']); ?>
<fieldset id="ldapSettings-1"> <fieldset id="ldapSettings-1">
<p><label for="ldap_serverconfig_chooser"><?php p($l->t('Server configuration'));?></label>
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<?php if(count($_['serverConfigurationPrefixes']) === 0 ) {
?>
<option value="" selected>1. Server</option>');
<?php
} else {
$i = 1;
$sel = ' selected';
foreach($_['serverConfigurationPrefixes'] as $prefix) {
?>
<option value="<?php p($prefix); ?>"<?php p($sel); $sel = ''; ?>><?php p($i++); ?>. Server: <?php p($_['serverConfigurationHosts'][$prefix]); ?></option>
<?php
}
}
?>
<option value="NEW"><?php p($l->t('Add Server Configuration'));?></option>
</select>
<button id="ldap_action_delete_configuration"
name="ldap_action_delete_configuration">Delete Configuration</button>
</p>
<p><label for="ldap_host"><?php p($l->t('Host'));?></label>
<input type="text" id="ldap_host" name="ldap_host" data-default="<?php p($_['ldap_host_default']); ?>"
title="<?php p($l->t('You can omit the protocol, except you require SSL. Then start with ldaps://'));?>"></p>
<p><label for="ldap_base"><?php p($l->t('Base DN'));?></label>
<textarea id="ldap_base" name="ldap_base" placeholder="<?php p($l->t('One Base DN per line'));?>"
title="<?php p($l->t('You can specify Base DN for users and groups in the Advanced tab'));?>"
data-default="<?php p($_['ldap_base_default']); ?>" ></textarea></p>
<p><label for="ldap_dn"><?php p($l->t('User DN'));?></label>
<input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php p($_['ldap_dn_default']); ?>"
title="<?php p($l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.'));?>" /></p>
<p><label for="ldap_agent_password"><?php p($l->t('Password'));?></label>
<input type="password" id="ldap_agent_password" name="ldap_agent_password"
data-default="<?php p($_['ldap_agent_password_default']); ?>"
title="<?php p($l->t('For anonymous access, leave DN and Password empty.'));?>" /></p>
<p><label for="ldap_login_filter"><?php p($l->t('User Login Filter'));?></label>
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
data-default="<?php p($_['ldap_login_filter_default']); ?>"
title="<?php p($l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action. Example: "uid=%%uid"'));?>" /></p>
<p><label for="ldap_userlist_filter"><?php p($l->t('User List Filter'));?></label>
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
data-default="<?php p($_['ldap_userlist_filter_default']); ?>"
title="<?php p($l->t('Defines the filter to apply, when retrieving users (no placeholders). Example: "objectClass=person"'));?>" /></p>
<p><label for="ldap_group_filter"><?php p($l->t('Group Filter'));?></label>
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
data-default="<?php p($_['ldap_group_filter_default']); ?>"
title="<?php p($l->t('Defines the filter to apply, when retrieving groups (no placeholders). Example: "objectClass=posixGroup"'));?>" /></p>
</fieldset>
<fieldset id="ldapSettings-2">
<div id="ldapAdvancedAccordion"> <div id="ldapAdvancedAccordion">
<h3><?php p($l->t('Connection Settings'));?></h3> <h3><?php p($l->t('Connection Settings'));?></h3>
<div> <div>
<p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p> <p><label for="ldap_configuration_active"><?php p($l->t('Configuration Active'));?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php p($_['ldap_configuration_active_default']); ?>" title="<?php p($l->t('When unchecked, this configuration will be skipped.'));?>" /></p>
<p><label for="ldap_port"><?php p($l->t('Port'));?></label><input type="number" id="ldap_port" name="ldap_port" data-default="<?php p($_['ldap_port_default']); ?>" /></p> <p><label for="ldap_login_filter"><?php p($l->t('User Login Filter'));?></label>
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
data-default="<?php p($_['ldap_login_filter_default']); ?>"
title="<?php p($l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action. Example: "uid=%%uid"'));?>" /></p>
<p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p> <p><label for="ldap_backup_host"><?php p($l->t('Backup (Replica) Host'));?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php p($_['ldap_backup_host_default']); ?>" title="<?php p($l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.'));?>"></p>
<p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port'));?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>" /></p> <p><label for="ldap_backup_port"><?php p($l->t('Backup (Replica) Port'));?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php p($_['ldap_backup_port_default']); ?>" /></p>
<p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server'));?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>" title="<?php p($l->t('Only connect to the replica server.'));?>" /></p> <p><label for="ldap_override_main_server"><?php p($l->t('Disable Main Server'));?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php p($_['ldap_override_main_server_default']); ?>" title="<?php p($l->t('Only connect to the replica server.'));?>" /></p>
<p><label for="ldap_tls"><?php p($l->t('Use TLS'));?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php p($_['ldap_tls_default']); ?>" title="<?php p($l->t('Do not use it additionally for LDAPS connections, it will fail.'));?>" /></p>
<p><label for="ldap_nocase"><?php p($l->t('Case insensitve LDAP server (Windows)'));?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php p($_['ldap_nocase_default']); ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) p(' checked'); ?>></p> <p><label for="ldap_nocase"><?php p($l->t('Case insensitve LDAP server (Windows)'));?></label><input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php p($_['ldap_nocase_default']); ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) p(' checked'); ?>></p>
<p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.'));?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', $theme->getName() ));?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p> <p><label for="ldap_turn_off_cert_check"><?php p($l->t('Turn off SSL certificate validation.'));?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php p($l->t('Not recommended, use it for testing only! If connection only works with this option, import the LDAP server\'s SSL certificate in your %s server.', $theme->getName() ));?>" data-default="<?php p($_['ldap_turn_off_cert_check_default']); ?>" value="1"><br/></p>
<p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live'));?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.'));?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p> <p><label for="ldap_cache_ttl"><?php p($l->t('Cache Time-To-Live'));?></label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php p($l->t('in seconds. A change empties the cache.'));?>" data-default="<?php p($_['ldap_cache_ttl_default']); ?>" /></p>
@ -93,8 +49,9 @@
<p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule'));?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.'));?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p> <p><label for="home_folder_naming_rule"><?php p($l->t('User Home Folder Naming Rule'));?></label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php p($l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.'));?>" data-default="<?php p($_['home_folder_naming_rule_default']); ?>" /></p>
</div> </div>
</div> </div>
<?php print_unescaped($_['settingControls']); ?>
</fieldset> </fieldset>
<fieldset id="ldapSettings-3"> <fieldset id="ldapSettings-2">
<p><strong><?php p($l->t('Internal Username'));?></strong></p> <p><strong><?php p($l->t('Internal Username'));?></strong></p>
<p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. To achieve a similar behavior as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p> <p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ]. Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. To achieve a similar behavior as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p>
<p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p> <p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p>
@ -105,8 +62,8 @@
<p><strong><?php p($l->t('Username-LDAP User Mapping'));?></strong></p> <p><strong><?php p($l->t('Username-LDAP User Mapping'));?></strong></p>
<p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have a internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.'));?></p> <p class="ldapIndent"><?php p($l->t('Usernames are used to store and assign (meta) data. In order to precisely identify and recognize users, each LDAP user will have a internal username. This requires a mapping from username to LDAP user. The created username is mapped to the UUID of the LDAP user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If the DN changes, the changes will be found. The internal username is used all over. Clearing the mappings will have leftovers everywhere. Clearing the mappings is not configuration sensitive, it affects all LDAP configurations! Never clear the mappings in a production environment, only in a testing or experimental stage.'));?></p>
<p class="ldapIndent"><button id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping'));?></button><br/><button id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping'));?></button></p> <p class="ldapIndent"><button id="ldap_action_clear_user_mappings" name="ldap_action_clear_user_mappings"><?php p($l->t('Clear Username-LDAP User Mapping'));?></button><br/><button id="ldap_action_clear_group_mappings" name="ldap_action_clear_group_mappings"><?php p($l->t('Clear Groupname-LDAP Group Mapping'));?></button></p>
<?php print_unescaped($_['settingControls']); ?>
</fieldset> </fieldset>
<input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection"><?php p($l->t('Test Configuration'));?></button> <a href="<?php print_unescaped(link_to_docs('admin-ldap')); ?>" target="_blank"><img src="<?php print_unescaped(OCP\Util::imagePath('', 'actions/info.png')); ?>" style="height:1.75ex" /> <?php p($l->t('Help'));?></a>
</div> </div>
</form> </form>

Write Preview
Loading…
Cancel
Save