open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ldap Wizard: Login filter UI, detection of username attribute, composing of login filter

Browse Source
remotes/origin/stable6
Arthur Schiwon 12 years ago
parent e903db7887
commit 7c6a9c2256
5 changed files with 214 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      apps/user_ldap/ajax/wizard.php
  2. 53
      apps/user_ldap/js/settings.js
  3. 12
      apps/user_ldap/lib/configuration.php
  4. 156
      apps/user_ldap/lib/wizard.php
  5. 5
      apps/user_ldap/settings.php

2
apps/user_ldap/ajax/wizard.php
Unescape View File

@ -48,7 +48,9 @@ switch($action) {
case 'guessBaseDN':
case 'determineObjectClasses':
case 'determineGroups':
case 'determineAttributes':
case 'getUserListFilter':
case 'getUserLoginFilter':
case 'countUsers':
try {
$result = $wizard->$action();

53
apps/user_ldap/js/settings.js
Unescape View File

@ -210,6 +210,8 @@ var LdapWizard = {
composeFilter: function(type) {
if(type == 'user') {
action = 'getUserListFilter';
} else if(type == 'login') {
action = 'getUserLoginFilter';
}
param = 'action='+action+
@ -241,6 +243,32 @@ var LdapWizard = {
);
},
findAttributes: function() {
param = 'action=determineAttributes'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
LdapWizard.ajax(param,
function(result) {
$('#ldap_loginfilter_attributes').find('option').remove();
for (i in result.options['ldap_loginfilter_attributes']) {
//FIXME: move HTML into template
attr = result.options['ldap_loginfilter_attributes'][i];
$('#ldap_loginfilter_attributes').append(
"<option value='"+attr+"'>"+attr+"</option>");
}
LdapWizard.applyChanges(result);
$('#ldap_loginfilter_attributes').multiselect('refresh');
$('#ldap_loginfilter_attributes').multiselect('enable');
},
function (result) {
//deactivate if no attributes found
$('#ldap_loginfilter_attributes').multiselect(
{noneSelectedText : 'No attributes found'});
$('#ldap_loginfilter_attributes').multiselect('disable');
}
);
},
findAvailableGroups: function() {
param = 'action=determineGroups'+
'&ldap_serverconfig_chooser='+$('#ldap_serverconfig_chooser').val();
@ -297,6 +325,10 @@ var LdapWizard = {
}
},
initLoginFilter: function() {
LdapWizard.findAttributes();
},
initMultiSelect: function(object, id, caption) {
object.multiselect({
header: false,
@ -318,6 +350,8 @@ var LdapWizard = {
onTabChange: function(event, ui) {
if(ui.newTab[0].id === '#ldapWizard2') {
LdapWizard.initUserFilter();
} else if(ui.newTab[0].id === '#ldapWizard3') {
LdapWizard.initLoginFilter();
}
},
@ -333,6 +367,11 @@ var LdapWizard = {
if(triggerObj.id == 'ldap_userlist_filter') {
LdapWizard.countUsers();
}
if(triggerObj.id == 'ldap_loginfilter_username'
|| triggerObj.id == 'ldap_loginfilter_email') {
LdapWizard.composeFilter('login');
}
},
save: function(inputObj) {
@ -340,7 +379,13 @@ var LdapWizard = {
delete LdapWizard.saveBlacklist[inputObj.id];
return;
}
LdapWizard._save(inputObj, $(inputObj).val());
if($(inputObj).is('input[type=checkbox]')
&& !$(inputObj).is(':checked')) {
val = 0;
} else {
val = $(inputObj).val();
}
LdapWizard._save(inputObj, val);
},
saveMultiSelect: function(originalObj, resultObj) {
@ -352,7 +397,10 @@ var LdapWizard = {
if(originalObj == 'ldap_userfilter_objectclass'
|| originalObj == 'ldap_userfilter_groups') {
LdapWizard.composeFilter('user');
} else if(originalObj == 'ldap_loginfilter_attributes') {
LdapWizard.composeFilter('login');
}
},
_save: function(object, value) {
@ -410,6 +458,9 @@ $(document).ready(function() {
LdapWizard.initMultiSelect($('#ldap_userfilter_objectclass'),
'ldap_userfilter_objectclass',
t('user_ldap', 'Select object classes'));
LdapWizard.initMultiSelect($('#ldap_loginfilter_attributes'),
'ldap_loginfilter_attributes',
t('user_ldap', 'Select attributes'));
$('.lwautosave').change(function() { LdapWizard.save(this); });
$('#toggleRawUserFilter').click(LdapWizard.toggleRawUserFilter);
LdapConfiguration.refreshConfig();

12
apps/user_ldap/lib/configuration.php
Unescape View File

@ -51,6 +51,9 @@ class Configuration {
'ldapGroupDisplayName' => null,
'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapLoginFilterEmail' => null,
'ldapLoginFilterUsername' => null,
'ldapLoginFilterAttributes' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
@ -126,6 +129,7 @@ class Configuration {
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapLoginFilterAttributes':
$setMethod = 'setMultiLine';
default:
$this->$setMethod($key, $val);
@ -154,6 +158,7 @@ class Configuration {
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapLoginFilterAttributes':
$readMethod = 'getMultiLine';
break;
case 'ldapIgnoreNamingRules':
@ -194,6 +199,7 @@ class Configuration {
case 'ldapAttributesForGroupSearch':
case 'ldapUserFilterObjectclass':
case 'ldapUserFilterGroups':
case 'ldapLoginFilterAttributes':
if(is_array($value)) {
$value = implode("\n", $value);
}
@ -286,6 +292,9 @@ class Configuration {
'ldap_userfilter_objectclass' => '',
'ldap_userfilter_groups' => '',
'ldap_login_filter' => 'uid=%uid',
'ldap_loginfilter_email' => 0,
'ldap_loginfilter_username' => 1,
'ldap_loginfilter_attributes' => '',
'ldap_group_filter' => 'objectClass=posixGroup',
'ldap_display_name' => 'cn',
'ldap_group_display_name' => 'cn',
@ -329,6 +338,9 @@ class Configuration {
'ldap_userfilter_groups' => 'ldapUserFilterGroups',
'ldap_userlist_filter' => 'ldapUserFilter',
'ldap_login_filter' => 'ldapLoginFilter',
'ldap_loginfilter_email' => 'ldapLoginFilterEmail',
'ldap_loginfilter_username' => 'ldapLoginFilterUsername',
'ldap_loginfilter_attributes' => 'ldapLoginFilterAttributes',
'ldap_group_filter' => 'ldapGroupFilter',
'ldap_display_name' => 'ldapUserDisplayName',
'ldap_group_display_name' => 'ldapGroupDisplayName',

156
apps/user_ldap/lib/wizard.php
Unescape View File

@ -30,13 +30,13 @@ class Wizard extends LDAPUtility {
protected $result;
protected $resultCache = array();
const LRESULT_PROCESSED_OK = 0;
const LRESULT_PROCESSED_INVALID = 1;
const LRESULT_PROCESSED_SKIP = 2;
const LRESULT_PROCESSED_OK = 2;
const LRESULT_PROCESSED_INVALID = 3;
const LRESULT_PROCESSED_SKIP = 4;
const LFILTER_LOGIN = 0;
const LFILTER_USER_LIST = 1;
const LFILTER_GROUP_LIST = 2;
const LFILTER_LOGIN = 2;
const LFILTER_USER_LIST = 3;
const LFILTER_GROUP_LIST = 4;
/**
* @brief Constructor
@ -87,6 +87,67 @@ class Wizard extends LDAPUtility {
return $this->result;
}
public function determineAttributes() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase',
'ldapUserFilter',
))) {
return false;
}
$attributes = $this->getUserAttributes();
natcasesort($attributes);
$attributes = array_values($attributes);
$this->result->addOptions('ldap_loginfilter_attributes', $attributes);
$selected = $this->configuration->ldapLoginFilterAttributes;
if(is_array($selected) && !empty($selected)) {
$this->result->addChange('ldap_loginfilter_attributes', $selected);
}
return $this->result;
}
/**
* @brief detects the available LDAP attributes
* @returns the instance's WizardResult instance
*/
private function getUserAttributes() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase',
'ldapUserFilter',
))) {
return false;
}
$cr = $this->getConnection();
if(!$cr) {
throw new \Excpetion('Could not connect to LDAP');
}
$base = $this->configuration->ldapBase[0];
$filter = $this->configuration->ldapUserFilter;
$rr = $this->ldap->search($cr, $base, $filter, array(), 1, 1);
if(!$this->ldap->isResource($rr)) {
return false;
}
$er = $this->ldap->firstEntry($cr, $rr);
$attributes = $this->ldap->getAttributes($cr, $er);
$pureAttributes = array();
for($i = 0; $i < $attributes['count']; $i++) {
$pureAttributes[] = $attributes[$i];
}
return $pureAttributes;
}
/**
* @brief detects the available LDAP groups
* @returns the instance's WizardResult instance
@ -167,6 +228,25 @@ class Wizard extends LDAPUtility {
return $this->result;
}
public function getUserLoginFilter() {
if(!$this->checkRequirements(array('ldapHost',
'ldapPort',
'ldapAgentName',
'ldapAgentPassword',
'ldapBase',
'ldapUserFilter',
))) {
return false;
}
$filter = $this->composeLdapFilter(self::LFILTER_LOGIN);
if(!$filter) {
throw new \Exception('Cannot create filter');
}
$this->applyFind('ldap_login_filter', $filter);
return $this->result;
}
/**
* Tries to determine the port, requires given Host, User DN and Password
* @returns mixed WizardResult on success, false otherwise
@ -361,10 +441,8 @@ class Wizard extends LDAPUtility {
switch ($filterType) {
case self::LFILTER_USER_LIST:
$objcs = $this->configuration->ldapUserFilterObjectclass;
\OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($objcs, true), \OCP\Util::DEBUG);
//glue objectclasses
if(is_array($objcs) && count($objcs) > 0) {
\OCP\Util::writeLog('user_ldap', 'Wiz: Processing objectclasses', \OCP\Util::DEBUG);
$filter .= '(|';
foreach($objcs as $objc) {
$filter .= '(objectclass=' . $objc . ')';
@ -372,13 +450,10 @@ class Wizard extends LDAPUtility {
$filter .= ')';
$parts++;
}
\OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
//glue group memberships
if($this->configuration->hasMemberOfFilterSupport) {
$cns = $this->configuration->ldapUserFilterGroups;
\OCP\Util::writeLog('user_ldap', 'Wiz: '.print_r($cns, true), \OCP\Util::DEBUG);
if(is_array($cns) && count($cns) > 0) {
\OCP\Util::writeLog('user_ldap', 'Wiz: Processing groups', \OCP\Util::DEBUG);
$filter .= '(|';
$cr = $this->getConnection();
if(!$cr) {
@ -397,15 +472,70 @@ class Wizard extends LDAPUtility {
$filter .= ')';
}
$parts++;
\OCP\Util::writeLog('user_ldap', 'Wiz: Intermediate filter '.$filter, \OCP\Util::DEBUG);
}
//wrap parts in AND condition
if($parts > 1) {
$filter = '(&' . $filter . ')';
}
if(empty($filter)) {
$filter = 'objectclass=*';
$filter = '(objectclass=*)';
}
break;
case self::LFILTER_LOGIN:
$ulf = $this->configuration->ldapUserFilter;
$loginpart = '=%uid';
$filterUsername = '';
$userAttributes = $this->getUserAttributes();
$userAttributes = array_change_key_case(array_flip($userAttributes));
$parts = 0;
$x = $this->configuration->ldapLoginFilterUsername;
if($this->configuration->ldapLoginFilterUsername === '1') {
$attr = '';
if(isset($userAttributes['uid'])) {
$attr = 'uid';
} else if(isset($userAttributes['samaccountname'])) {
$attr = 'samaccountname';
} else if(isset($userAttributes['cn'])) {
//fallback
$attr = 'cn';
}
if(!empty($attr)) {
$filterUsername = '(' . $attr . $loginpart . ')';
$parts++;
}
}
$filterEmail = '';
if($this->configuration->ldapLoginFilterEmail === '1') {
$filterEmail = '(|(mailPrimaryAddress=%uid)(mail=%uid))';
$parts++;
}
$filterAttributes = '';
$attrsToFilter = $this->configuration->ldapLoginFilterAttributes;
if(is_array($attrsToFilter) && count($attrsToFilter) > 0) {
$filterAttributes = '(|';
foreach($attrsToFilter as $attribute) {
$filterAttributes .= '(' . $attribute . $loginpart . ')';
}
$filterAttributes .= ')';
$parts++;
}
$filterLogin = '';
if($parts > 1) {
$filterLogin = '(|';
}
$filterLogin .= $filterUsername;
$filterLogin .= $filterEmail;
$filterLogin .= $filterAttributes;
if($parts > 1) {
$filterLogin .= ')';
}
$filter = '(&'.$ulf.$filterLogin.')';
break;
}

5
apps/user_ldap/settings.php
Unescape View File

@ -57,6 +57,11 @@ $wizard2->assign('wizardControls', $wControls);
$wizardHtml .= $wizard2->fetchPage();
$toc['#ldapWizard2'] = 'User Filter';
$wizard3 = new OCP\Template('user_ldap', 'part.wizard-loginfilter');
$wizard3->assign('wizardControls', $wControls);
$wizardHtml .= $wizard3->fetchPage();
$toc['#ldapWizard3'] = 'Login Filter';
$tmpl->assign('tabs', $wizardHtml);
$tmpl->assign('toc', $toc);

Write Preview
Loading…
Cancel
Save