open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

LDAP: move Configuration out of Connection into class of its own. The new wizard requires it.

Browse Source
remotes/origin/stable6
Arthur Schiwon 12 years ago
parent 02f292d0fd
commit 652caa1c88
4 changed files with 562 additions and 393 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/user_ldap/lib/access.php
  2. 352
      apps/user_ldap/lib/configuration.php
  3. 598
      apps/user_ldap/lib/connection.php
  4. 3
      apps/user_ldap/settings.php

2
apps/user_ldap/lib/access.php
Unescape View File

@ -831,7 +831,7 @@ class Access extends LDAPUtility {
private function combineFilter($filters, $operator) {
$combinedFilter = '('.$operator;
foreach($filters as $filter) {
if($filter[0] !== '(') {
if(!empty($filter) && $filter[0] !== '(') {
$filter = '('.$filter.')';
}
$combinedFilter.=$filter;

352
apps/user_ldap/lib/configuration.php
Unescape View File

@ -0,0 +1,352 @@
<?php
/**
* ownCloud – LDAP Connection
*
* @author Arthur Schiwon
* @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\user_ldap\lib;
class Configuration {
protected $configPrefix = null;
protected $configRead = false;
//settings
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
'ldapBackupHost' => null,
'ldapBackupPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
'turnOffCertCheck' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
'ldapCacheTTL' => null,
'ldapUuidAttribute' => 'auto',
'ldapOverrideUuidAttribute' => null,
'ldapOverrideMainServer' => false,
'ldapConfigurationActive' => false,
'ldapAttributesForUserSearch' => null,
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDAttr' => null,
);
public function __construct($configPrefix, $autoread = true) {
$this->configPrefix = $configPrefix;
if($autoread) {
$this->readConfiguration();
}
}
public function __get($name) {
if(isset($this->config[$name])) {
return $this->config[$name];
}
}
public function __set($name, $value) {
$this->setConfiguration(array($name => $value));
}
public function getConfiguration() {
return $this->config;
}
/**
* @brief set LDAP configuration with values delivered by an array, not read
* from configuration. It does not save the configuration! To do so, you
* must call saveConfiguration afterwards.
* @param $config array that holds the config parameters in an associated
* array
* @param &$applied optional; array where the set fields will be given to
* @return null
*/
public function setConfiguration($config, &$applied = null) {
if(!is_array($config)) {
return false;
}
$cta = $this->getConfigTranslationArray();
foreach($config as $inputkey => $val) {
if(strpos($inputkey, '_') !== false && isset($cta[$inputkey])) {
$key = $cta[$inputkey];
} elseif(isset($this->config[$inputkey])) {
$key = $inputkey;
} else {
continue;
}
$setMethod = 'setValue';
switch($key) {
case 'homeFolderNamingRule':
if(!empty($val) && strpos($val, 'attr:') === false) {
$val = 'attr:'.$val;
}
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
$setMethod = 'setMultiLine';
default:
$this->$setMethod($key, $val);
if(is_array($applied)) {
$applied[] = $inputkey;
}
}
}
}
public function readConfiguration() {
if(!$this->configRead && !is_null($this->configPrefix)) {
$cta = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $val) {
// if($this->configPrefix == 's04') var_dump($key);
if(!isset($cta[$key])) {
//some are determined
continue;
}
$dbkey = $cta[$key];
// if($this->configPrefix == 's04') var_dump($dbkey);
switch($key) {
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
$readMethod = 'getMultiLine';
break;
case 'ldapIgnoreNamingRules':
$readMethod = 'getSystemValue';
$dbkey = $key;
break;
case 'ldapAgentPassword':
$readMethod = 'getPwd';
break;
case 'ldapUserDisplayName':
case 'ldapGroupDisplayName':
$readMethod = 'getLcValue';
break;
default:
$readMethod = 'getValue';
break;
}
// if($this->configPrefix == 's04') var_dump($readMethod);
$this->config[$key] = $this->$readMethod($dbkey);
}
$this->configRead = true;
}
if($this->configPrefix == 's03') {
// var_dump($this->config);
// die;
}
}
/**
* @brief saves the current Configuration in the database
*/
public function saveConfiguration() {
$cta = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $value) {
switch ($key) {
case 'ldapAgentPassword':
$value = base64_encode($value);
break;
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
if(is_array($value)) {
$value = implode("\n", $value);
}
break;
//following options are not stored but detected, skip them
case 'ldapIgnoreNamingRules':
case 'ldapOverrideUuidAttribute':
case 'hasPagedResultSupport':
continue 2;
}
if(is_null($value)) {
$value = '';
}
$this->saveValue($cta[$key], $value);
}
}
protected function getMultiLine($varname) {
$value = $this->getValue($varname);
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
}
return $value;
}
protected function setMultiLine($varname, $value) {
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
}
$this->setValue($varname, $value);
}
protected function getPwd($varname) {
return base64_decode($this->getValue($varname));
}
protected function getLcValue($varname) {
return mb_strtolower($this->getValue($varname), 'UTF-8');
}
protected function getSystemValue($varname) {
//FIXME: if another system value is added, softcode the default value
return \OCP\Config::getSystemValue($varname, false);
}
protected function getValue($varname) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
// if($this->configPrefix == 's04') var_dump($this->configPrefix.$varname);
// if(0 == $this->configKeyToDBKey($varname)) {
// var_dump($varname);
// print("<pre>");
// debug_print_backtrace(); die;
// }
return \OCP\Config::getAppValue('user_ldap',
$this->configPrefix.$varname,
$defaults[$varname]);
}
protected function setValue($varname, $value) {
$this->config[$varname] = $value;
}
protected function saveValue($varname, $value) {
return \OCP\Config::setAppValue('user_ldap',
$this->configPrefix.$varname,
$value);
}
/**
* @returns an associative array with the default values. Keys are correspond
* to config-value entries in the database table
*/
public function getDefaults() {
return array(
'ldap_host' => '',
'ldap_port' => '389',
'ldap_backup_host' => '',
'ldap_backup_port' => '',
'ldap_override_main_server' => '',
'ldap_dn' => '',
'ldap_agent_password' => '',
'ldap_base' => '',
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => 'objectClass=person',
'ldap_login_filter' => 'uid=%uid',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember',
'ldap_cache_ttl' => 600,
'ldap_uuid_attribute' => 'auto',
'ldap_override_uuid_attribute' => 0,
'home_folder_naming_rule' => '',
'ldap_turn_off_cert_check' => 0,
'ldap_configuration_active' => 1,
'ldap_attributes_for_user_search' => '',
'ldap_attributes_for_group_search' => '',
'ldap_expert_username_attr' => '',
'ldap_expert_uuid_attr' => '',
);
}
/**
* @return returns an array that maps internal variable names to database fields
*/
public function getConfigTranslationArray() {
//TODO: merge them into one representation
static $array = array(
'ldap_host' => 'ldapHost',
'ldap_port' => 'ldapPort',
'ldap_backup_host' => 'ldapBackupHost',
'ldap_backup_port' => 'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn' => 'ldapAgentName',
'ldap_agent_password' => 'ldapAgentPassword',
'ldap_base' => 'ldapBase',
'ldap_base_users' => 'ldapBaseUsers',
'ldap_base_groups' => 'ldapBaseGroups',
'ldap_userlist_filter' => 'ldapUserFilter',
'ldap_login_filter' => 'ldapLoginFilter',
'ldap_group_filter' => 'ldapGroupFilter',
'ldap_display_name' => 'ldapUserDisplayName',
'ldap_group_display_name' => 'ldapGroupDisplayName',
'ldap_tls' => 'ldapTLS',
'ldap_nocase' => 'ldapNoCase',
'ldap_quota_def' => 'ldapQuotaDefault',
'ldap_quota_attr' => 'ldapQuotaAttribute',
'ldap_email_attr' => 'ldapEmailAttribute',
'ldap_group_member_assoc_attribute' => 'ldapGroupMemberAssocAttr',
'ldap_cache_ttl' => 'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
'ldap_expert_uuid_attr' => 'ldapExpertUUIDAttr',
);
return $array;
}
}

598
apps/user_ldap/lib/connection.php
Unescape View File

@ -31,48 +31,15 @@ class Connection extends LDAPUtility {
//whether connection should be kept on __destruct
private $dontDestruct = false;
private $hasPagedResultSupport = true;
//cache handler
protected $cache;
//settings
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
'ldapBackupHost' => null,
'ldapBackupPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
'ldapAgentName' => null,
'ldapAgentPassword' => null,
'ldapTLS' => null,
'ldapNoCase' => null,
'turnOffCertCheck' => null,
'ldapIgnoreNamingRules' => null,
'ldapUserDisplayName' => null,
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
'ldapCacheTTL' => null,
'ldapUuidUserAttribute' => 'auto',
//settings handler
protected $configuration;
'ldapUuidGroupAttribute' => 'auto',
'ldapOverrideUuidAttribute' => null,
'ldapOverrideMainServer' => false,
'ldapConfigurationActive' => false,
'ldapAttributesForUserSearch' => null,
'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
'ldapExpertUsernameAttr' => null,
'ldapExpertUUIDUserAttr' => null,
'ldapExpertUUIDGroupAttr' => null,
);
/**
* @brief Constructor
@ -83,13 +50,14 @@ class Connection extends LDAPUtility {
parent::__construct($ldap);
$this->configPrefix = $configPrefix;
$this->configID = $configID;
$this->configuration = new Configuration($configPrefix);
$memcache = new \OC\Memcache\Factory();
if($memcache->isAvailable()) {
$this->cache = $memcache->create();
} else {
$this->cache = \OC_Cache::getGlobalCache();
}
$this->config['hasPagedResultSupport'] =
$this->hasPagedResultSupport =
$this->ldap->hasPagedResultSupport();
}
@ -114,23 +82,21 @@ class Connection extends LDAPUtility {
$this->readConfiguration();
}
if(isset($this->config[$name])) {
return $this->config[$name];
if($name === 'hasPagedResultSupport') {
return $this->hasPagedResultSupport;
}
return $this->configuration->$name;
}
public function __set($name, $value) {
$changed = false;
//only few options are writable
if($name === 'ldapUuidUserAttribute' || $name === 'ldapUuidGroupAttribute') {
\OCP\Util::writeLog('user_ldap', 'Set config '.$name.' to '.$value, \OCP\Util::DEBUG);
$this->config[$name] = $value;
$before = $this->configuration->$name;
$this->configuration->$name = $value;
$after = $this->configuration->$name;
if($before !== $after) {
if(!empty($this->configID)) {
\OCP\Config::setAppValue($this->configID, $this->configPrefix.$name, $value);
$this->configuration->saveConfiguration();
}
$changed = true;
}
if($changed) {
$this->validateConfiguration();
}
}
@ -174,7 +140,7 @@ class Connection extends LDAPUtility {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']) {
if(!$this->configuration->ldapCacheTTL) {
return null;
}
if(!$this->isCached($key)) {
@ -190,7 +156,7 @@ class Connection extends LDAPUtility {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']) {
if(!$this->configuration->ldapCacheTTL) {
return false;
}
$key = $this->getCacheKey($key);
@ -201,110 +167,30 @@ class Connection extends LDAPUtility {
if(!$this->configured) {
$this->readConfiguration();
}
if(!$this->config['ldapCacheTTL']
|| !$this->config['ldapConfigurationActive']) {
if(!$this->configuration->ldapCacheTTL
|| !$this->configuration->ldapConfigurationActive) {
return null;
}
$key = $this->getCacheKey($key);
$value = base64_encode(serialize($value));
$this->cache->set($key, $value, $this->config['ldapCacheTTL']);
$this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
}
public function clearCache() {
$this->cache->clear($this->getCacheKey(null));
}
private function getValue($varname) {
static $defaults;
if(is_null($defaults)) {
$defaults = $this->getDefaults();
}
return \OCP\Config::getAppValue($this->configID,
$this->configPrefix.$varname,
$defaults[$varname]);
}
private function setValue($varname, $value) {
\OCP\Config::setAppValue($this->configID,
$this->configPrefix.$varname,
$value);
}
/**
* Special handling for reading Base Configuration
*
* @param $base the internal name of the config key
* @param $value the value stored for the base
*/
private function readBase($base, $value) {
if(empty($value)) {
$value = '';
} else {
$value = preg_split('/\r\n|\r|\n/', $value);
}
$this->config[$base] = $value;
}
/**
* Caches the general LDAP configuration.
* @brief Caches the general LDAP configuration.
* @param $force optional. true, if the re-read should be forced. defaults
* to false.
* @return null
*/
private function readConfiguration($force = false) {
if((!$this->configured || $force) && !is_null($this->configID)) {
$v = 'getValue';
$this->config['ldapHost'] = $this->$v('ldap_host');
$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
$this->config['ldapPort'] = $this->$v('ldap_port');
$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
$this->config['ldapOverrideMainServer']
= $this->$v('ldap_override_main_server');
$this->config['ldapAgentName'] = $this->$v('ldap_dn');
$this->config['ldapAgentPassword']
= base64_decode($this->$v('ldap_agent_password'));
$this->readBase('ldapBase', $this->$v('ldap_base'));
$this->readBase('ldapBaseUsers', $this->$v('ldap_base_users'));
$this->readBase('ldapBaseGroups', $this->$v('ldap_base_groups'));
$this->config['ldapTLS'] = $this->$v('ldap_tls');
$this->config['ldapNoCase'] = $this->$v('ldap_nocase');
$this->config['turnOffCertCheck']
= $this->$v('ldap_turn_off_cert_check');
$this->config['ldapUserDisplayName']
= mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
$this->config['ldapUserFilter']
= $this->$v('ldap_userlist_filter');
$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
$this->config['ldapGroupDisplayName']
= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
$this->config['ldapQuotaAttribute']
= $this->$v('ldap_quota_attr');
$this->config['ldapQuotaDefault']
= $this->$v('ldap_quota_def');
$this->config['ldapEmailAttribute']
= $this->$v('ldap_email_attr');
$this->config['ldapGroupMemberAssocAttr']
= $this->$v('ldap_group_member_assoc_attribute');
$this->config['ldapIgnoreNamingRules']
= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
$this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
$this->config['ldapUuidUserAttribute']
= $this->$v('ldap_uuid_user_attribute');
$this->configuration->readConfiguration();
$this->config['ldapUuidGroupAttribute']
= $this->$v('ldap_uuid_group_attribute');
$this->config['ldapOverrideUuidAttribute']
= $this->$v('ldap_override_uuid_attribute');
$this->config['homeFolderNamingRule']
= $this->$v('home_folder_naming_rule');
$this->config['ldapConfigurationActive']
= $this->$v('ldap_configuration_active');
$this->config['ldapAttributesForUserSearch']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
$this->config['ldapAttributesForGroupSearch']
= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
$this->config['ldapExpertUsernameAttr']
= $this->$v('ldap_expert_username_attr');
$this->config['ldapExpertUUIDUserAttr']
= $this->$v('ldap_expert_uuid_user_attr');
$this->config['ldapExpertUUIDGroupAttr']
= $this->$v('ldap_expert_uuid_group_attr');
@ -313,124 +199,32 @@ class Connection extends LDAPUtility {
}
/**
* @return returns an array that maps internal variable names to database fields
*/
private function getConfigTranslationArray() {
static $array = array(
'ldap_host'=>'ldapHost',
'ldap_port'=>'ldapPort',
'ldap_backup_host'=>'ldapBackupHost',
'ldap_backup_port'=>'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn'=>'ldapAgentName',
'ldap_agent_password'=>'ldapAgentPassword',
'ldap_base'=>'ldapBase',
'ldap_base_users'=>'ldapBaseUsers',
'ldap_base_groups'=>'ldapBaseGroups',
'ldap_userlist_filter'=>'ldapUserFilter',
'ldap_login_filter'=>'ldapLoginFilter',
'ldap_group_filter'=>'ldapGroupFilter',
'ldap_display_name'=>'ldapUserDisplayName',
'ldap_group_display_name'=>'ldapGroupDisplayName',
'ldap_tls'=>'ldapTLS',
'ldap_nocase'=>'ldapNoCase',
'ldap_quota_def'=>'ldapQuotaDefault',
'ldap_quota_attr'=>'ldapQuotaAttribute',
'ldap_email_attr'=>'ldapEmailAttribute',
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
'ldap_cache_ttl'=>'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
);
return $array;
}
/**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
* @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
*/
public function setConfiguration($config, &$setParameters = null) {
if(!is_array($config)) {
return false;
if(is_null($setParameters)) {
$setParameters = array();
}
$params = $this->getConfigTranslationArray();
foreach($config as $parameter => $value) {
if(($parameter === 'homeFolderNamingRule'
|| (isset($params[$parameter])
&& $params[$parameter] === 'homeFolderNamingRule'))
&& !empty($value)) {
$value = 'attr:'.$value;
} else if (strpos($parameter, 'ldapBase') !== false
|| (isset($params[$parameter])
&& strpos($params[$parameter], 'ldapBase') !== false)) {
$this->readBase($params[$parameter], $value);
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
continue;
}
if(isset($this->config[$parameter])) {
$this->config[$parameter] = $value;
if(is_array($setParameters)) {
$setParameters[] = $parameter;
}
} else if(isset($params[$parameter])) {
$this->config[$params[$parameter]] = $value;
if(is_array($setParameters)) {
$setParameters[] = $params[$parameter];
}
}
$this->configuration->setConfiguration($config, $setParameters);
if(count($setParameters) > 0) {
$this->configured = $this->validateConfiguration();
}
$this->configured = $this->validateConfiguration();
return $this->configured;
}
/**
* @brief saves the current Configuration in the database
* @brief saves the current Configuration in the database and empties the
* cache
* @return null
*/
public function saveConfiguration() {
$trans = array_flip($this->getConfigTranslationArray());
foreach($this->config as $key => $value) {
\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.
' value '.print_r($value, true), \OCP\Util::DEBUG);
switch ($key) {
case 'ldapAgentPassword':
$value = base64_encode($value);
break;
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
if(is_array($value)) {
$value = implode("\n", $value);
}
break;
case 'ldapIgnoreNamingRules':
case 'ldapOverrideUuidAttribute':
case 'ldapUuidUserAttribute':
$this->configuration->saveConfiguration();
case 'ldapUuidGroupAttribute':
case 'hasPagedResultSupport':
continue 2;
}
if(is_null($value)) {
$value = '';
}
$this->setValue($trans[$key], $value);
}
$this->clearCache();
}
@ -440,191 +234,205 @@ class Connection extends LDAPUtility {
*/
public function getConfiguration() {
$this->readConfiguration();
$trans = $this->getConfigTranslationArray();
$config = array();
foreach($trans as $dbKey => $classKey) {
if($classKey === 'homeFolderNamingRule') {
if(strpos($this->config[$classKey], 'attr:') === 0) {
$config[$dbKey] = substr($this->config[$classKey], 5);
} else {
$config[$dbKey] = '';
}
continue;
} else if((strpos($classKey, 'ldapBase') !== false
|| strpos($classKey, 'ldapAttributes') !== false)
&& is_array($this->config[$classKey])) {
$config[$dbKey] = implode("\n", $this->config[$classKey]);
continue;
$config = $this->configuration->getConfiguration();
$cta = $this->configuration->getConfigTranslationArray();
$result = array();
foreach($cta as $dbkey => $configkey) {
switch($configkey) {
case 'homeFolderNamingRule':
if(strpos($config[$configkey], 'attr:') === 0) {
$result[$dbkey] = substr($config[$configkey], 5);
} else {
$result[$dbkey] = '';
}
break;
case 'ldapBase':
case 'ldapBaseUsers':
case 'ldapBaseGroups':
case 'ldapAttributesForUserSearch':
case 'ldapAttributesForGroupSearch':
if(is_array($config[$configkey])) {
$result[$dbkey] = implode("\n", $config[$configkey]);
break;
} //else follows default
default:
$result[$dbkey] = $config[$configkey];
}
$config[$dbKey] = $this->config[$classKey];
}
return $config;
return $result;
}
/**
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
// first step: "soft" checks: settings that are not really
// necessary, but advisable. If left empty, give an info message
if(empty($this->config['ldapBaseUsers'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapBaseGroups'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
//TODO remove if not necessary
// public function getDefaults() {
// return $this->configuration->getDefaults();
// }
private function doSoftValidation() {
//if User or Group Base are not set, take over Base DN setting
foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
$val = $this->configuration->$keyBase;
if(empty($val)) {
$obj = strpos('Users', $keyBase) !== false ? 'Users' : 'Groups';
\OCP\Util::writeLog('user_ldap',
'Base tree for '.$obj.
' is empty, using Base DN',
\OCP\Util::INFO);
$this->configuration->$keyBase = $this->configuration->ldapBase;
}
}
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
$groupFilter = $this->configuration->ldapGroupFilter;
if(empty($groupFilter)) {
\OCP\Util::writeLog('user_ldap',
'No group filter is specified, LDAP group feature will not be used.',
\OCP\Util::INFO);
}
$uuidAttributes = array(
'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid');
$uuidSettings = array(
'ldapUuidUserAttribute' => 'ldapExpertUUIDUserAttr',
'ldapUuidGroupAttribute' => 'ldapExpertUUIDGroupAttr');
$cta = array_flip($this->getConfigTranslationArray());
foreach($uuidSettings as $defaultKey => $overrideKey) {
if( !in_array($this->config[$defaultKey], $uuidAttributes)
&& is_null($this->config[$overrideKey])
&& !is_null($this->configID)) {
\OCP\Config::setAppValue($this->configID,
$this->configPrefix.$cta[$defaultKey],
'No group filter is specified, LDAP group '.
'feature will not be used.',
\OCP\Util::INFO);
}
$uuidOverride = $this->configuration->ldapExpertUUIDAttr;
if(!empty($uuidOverride)) {
$this->configuration->ldapUuidAttribute = $uuidOverride;
} else {
$uuidAttributes = array('auto', 'entryuuid', 'nsuniqueid',
'objectguid', 'guid');
if(!in_array($this->configuration->ldapUuidAttribute,
$uuidAttributes)
&& (!is_null($this->configID))) {
$this->configuration->ldapUuidAttribute = 'auto';
$this->configuration->saveConfiguration();
'auto');
\OCP\Util::writeLog('user_ldap',
'Illegal value for'.$defaultKey.', reset to autodetect.',
\OCP\Util::DEBUG);
'Illegal value for the UUID Attribute, '.
'reset to autodetect.',
\OCP\Util::INFO);
}
}
if(empty($this->config['ldapBackupPort'])) {
//force default
$this->config['ldapBackupPort'] = $this->config['ldapPort'];
$backupPort = $this->configuration->ldapBackupPort;
if(empty($backupPort)) {
$this->configuration->backupPort = $this->configuration->ldapPort;
}
foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
if(is_array($this->config[$key])
&& count($this->config[$key]) === 1
&& empty($this->config[$key][0])) {
$this->config[$key] = array();
//make sure empty search attributes are saved as simple, empty array
$sakeys = array('ldapAttributesForUserSearch',
'ldapAttributesForGroupSearch');
foreach($sakeys as $key) {
$val = $this->configuration->$key;
if(is_array($val) && count($val) === 1 && empty($val[0])) {
$this->configuration->$key = array();
}
}
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
&& $this->config['ldapTLS']) {
$this->config['ldapTLS'] = false;
if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
&& $this->configuration->ldapTLS) {
$this->configuration->ldapTLS = false;
\OCP\Util::writeLog('user_ldap',
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
\OCP\Util::INFO);
'LDAPS (already using secure connection) and '.
'TLS do not work together. Switched off TLS.',
\OCP\Util::INFO);
}
}
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
private function doCriticalValidation() {
$configurationOK = true;
if(empty($this->config['ldapHost'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapPort'])) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap',
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase'])
&& (empty($this->config['ldapBaseUsers'])
&& empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
$errorStr = 'Configuration Error (prefix '.
strval($this->configPrefix).'): ';
//options that shall not be empty
$options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
'ldapGroupDisplayName', 'ldapLoginFilter');
foreach($options as $key) {
$val = $this->configuration->$key;
if(empty($val)) {
switch($key) {
case 'ldapHost':
$subj = 'LDAP Host';
break;
case 'ldapPort':
$subj = 'LDAP Port';
break;
case 'ldapUserDisplayName':
$subj = 'LDAP User Display Name';
break;
case 'ldapGroupDisplayName':
$subj = 'LDAP Group Display Name';
break;
case 'ldapLoginFilter':
$subj = 'LDAP Login Filter';
break;
default:
$subj = $key;
break;
}
$configurationOK = false;
\OCP\Util::writeLog('user_ldap',
$errorStr.'No '.$subj.' given!',
\OCP\Util::WARN);
}
}
if(empty($this->config['ldapUserDisplayName'])) {
//combinations
$agent = $this->configuration->ldapAgentName;
$pwd = $this->configuration->ldapAgentPassword;
if((empty($agent) && !empty($pwd)) || (!empty($agent) && empty($pwd))) {
\OCP\Util::writeLog('user_ldap',
'No user display name attribute specified, won`t connect.',
$errorStr.'either no password is given for the'.
'user agent or a password is given, but not an'.
'LDAP agent.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapGroupDisplayName'])) {
$base = $this->configuration->ldapBase;
$baseUsers = $this->configuration->ldapBaseUsers;
$baseGroups = $this->configuration->ldapBaseGroups;
if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
\OCP\Util::writeLog('user_ldap',
'No group display name attribute specified, won`t connect.',
\OCP\Util::WARN);
$errorStr.'Not a single Base DN given.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapLoginFilter'])) {
\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
=== false) {
\OCP\Util::writeLog('user_ldap',
'Login filter does not contain %uid place holder, won`t connect.',
\OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$errorStr.'login filter does not contain %uid '.
'place holder.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(!empty($this->config['ldapExpertUUIDUserAttr'])) {
$this->config['ldapUuidUserAttribute'] = $this->config['ldapExpertUUIDUserAttr'];
}
if(!empty($this->config['ldapExpertUUIDGroupAttr'])) {
$this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr'];
}
return $configurationOK;
}
/**
* @returns an associative array with the default values. Keys are correspond
* to config-value entries in the database table
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
*/
static public function getDefaults() {
return array(
'ldap_host' => '',
'ldap_port' => '389',
'ldap_backup_host' => '',
'ldap_backup_port' => '',
'ldap_override_main_server' => '',
'ldap_dn' => '',
'ldap_agent_password' => '',
'ldap_base' => '',
'ldap_base_users' => '',
'ldap_base_groups' => '',
'ldap_userlist_filter' => 'objectClass=person',
'ldap_login_filter' => 'uid=%uid',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
'ldap_tls' => 1,
'ldap_nocase' => 0,
'ldap_quota_def' => '',
'ldap_quota_attr' => '',
'ldap_email_attr' => '',
'ldap_group_member_assoc_attribute' => 'uniqueMember',
'ldap_cache_ttl' => 600,
'ldap_uuid_user_attribute' => 'auto',
private function validateConfiguration() {
// first step: "soft" checks: settings that are not really
// necessary, but advisable. If left empty, give an info message
$this->doSoftValidation();
//second step: critical checks. If left empty or filled wrong, set as
//unconfigured and give a warning.
return $this->doCriticalValidation();
'ldap_uuid_group_attribute' => 'auto',
'ldap_override_uuid_attribute' => 0,
'home_folder_naming_rule' => '',
'ldap_turn_off_cert_check' => 0,
'ldap_configuration_active' => 1,
'ldap_attributes_for_user_search' => '',
'ldap_attributes_for_group_search' => '',
'ldap_expert_username_attr' => '',
'ldap_expert_uuid_user_attr' => '',
'ldap_expert_uuid_group_attr' => '',
);
}
/**
* Connects and Binds to LDAP
*/
private function establishConnection() {
if(!$this->config['ldapConfigurationActive']) {
if(!$this->configuration->ldapConfigurationActive) {
return null;
}
static $phpLDAPinstalled = true;
@ -632,29 +440,36 @@ class Connection extends LDAPUtility {
return false;
}
if(!$this->configured) {
\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Configuration is invalid, cannot connect',
\OCP\Util::WARN);
return false;
}
if(!$this->ldapConnectionRes) {
if(!$this->ldap->areLDAPFunctionsAvailable()) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap',
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
\OCP\Util::ERROR);
'function ldap_connect is not available. Make '.
'sure that the PHP ldap module is installed.',
\OCP\Util::ERROR);
return false;
}
if($this->config['turnOffCertCheck']) {
if($this->configuration->turnOffCertCheck) {
if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap',
'Turned off SSL certificate validation successfully.',
\OCP\Util::WARN);
} else {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Could not turn off SSL certificate validation.',
\OCP\Util::WARN);
}
}
if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
if(!$this->configuration->ldapOverrideMainServer
&& !$this->getFromCache('overrideMainServer')) {
$this->doConnect($this->configuration->ldapHost,
$this->configuration->ldapPort);
$bindStatus = $this->bind();
$error = $this->ldap->isResource($this->ldapConnectionRes) ?
$this->ldap->errno($this->ldapConnectionRes) : -1;
@ -665,9 +480,10 @@ class Connection extends LDAPUtility {
//if LDAP server is not reachable, try the Backup (Replica!) Server
if((!$bindStatus && ($error !== 0))
|| $this->config['ldapOverrideMainServer']
|| $this->configuration->ldapOverrideMainServer
|| $this->getFromCache('overrideMainServer')) {
$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
$this->doConnect($this->configuration->ldapBackupHost,
$this->configuration->ldapBackupPort);
$bindStatus = $this->bind();
if(!$bindStatus && $error === -1) {
//when bind to backup server succeeded and failed to main server,
@ -690,7 +506,7 @@ class Connection extends LDAPUtility {
$this->ldapConnectionRes = $this->ldap->connect($host, $port);
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
if($this->config['ldapTLS']) {
if($this->configuration->ldapTLS) {
$this->ldap->startTls($this->ldapConnectionRes);
}
}
@ -702,7 +518,7 @@ class Connection extends LDAPUtility {
*/
public function bind() {
static $getConnectionResourceAttempt = false;
if(!$this->config['ldapConfigurationActive']) {
if(!$this->configuration->ldapConfigurationActive) {
return false;
}
if($getConnectionResourceAttempt) {
@ -716,8 +532,8 @@ class Connection extends LDAPUtility {
return false;
}
$ldapLogin = @$this->ldap->bind($cr,
$this->config['ldapAgentName'],
$this->config['ldapAgentPassword']);
$this->configuration->ldapAgentName,
$this->configuration->ldapAgentPassword);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap',
'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),

3
apps/user_ldap/settings.php
Unescape View File

@ -37,7 +37,8 @@ $tmpl->assign('serverConfigurationPrefixes', $prefixes);
$tmpl->assign('serverConfigurationHosts', $hosts);
// assign default values
$defaults = \OCA\user_ldap\lib\Connection::getDefaults();
$config = new \OCA\user_ldap\lib\Configuration('', false);
$defaults = $config->getDefaults();
foreach($defaults as $key => $default) {
$tmpl->assign($key.'_default', $default);
}

Write Preview
Loading…
Cancel
Save