open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1708 from owncloud/style-cleanup-user_ldap

Browse Source 
Style cleanup user_ldap
remotes/origin/stable5
Bernhard Posselt 12 years ago
parent c0fafe8199 925de78cec
commit 90939c8f12
9 changed files with 206 additions and 69 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      apps/user_ldap/ajax/testConfiguration.php
  2. 4
      apps/user_ldap/appinfo/app.php
  3. 4
      apps/user_ldap/appinfo/update.php
  4. 18
      apps/user_ldap/group_ldap.php
  5. 60
      apps/user_ldap/lib/access.php
  6. 86
      apps/user_ldap/lib/connection.php
  7. 34
      apps/user_ldap/lib/jobs.php
  8. 42
      apps/user_ldap/templates/settings.php
  9. 18
      apps/user_ldap/user_ldap.php

9
apps/user_ldap/ajax/testConfiguration.php
Unescape View File

@ -32,10 +32,13 @@ $connection = new \OCA\user_ldap\lib\Connection('', null);
if($connection->setConfiguration($_POST)) {
//Configuration is okay
if($connection->bind()) {
OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!')));
OCP\JSON::success(array('message'
=> $l->t('The configuration is valid and the connection could be established!')));
} else {
OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
OCP\JSON::error(array('message'
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
}
} else {
OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
OCP\JSON::error(array('message'
=> $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
}

4
apps/user_ldap/appinfo/app.php
Unescape View File

@ -51,5 +51,7 @@ $entry = array(
OCP\Backgroundjob::addRegularTask('OCA\user_ldap\lib\Jobs', 'updateGroups');
if(OCP\App::isEnabled('user_webdavauth')) {
OCP\Util::writeLog('user_ldap', 'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour', OCP\Util::WARN);
OCP\Util::writeLog('user_ldap',
'user_ldap and user_webdavauth are incompatible. You may experience unexpected behaviour',
OCP\Util::WARN);
}

4
apps/user_ldap/appinfo/update.php
Unescape View File

@ -58,7 +58,9 @@ foreach($objects as $object) {
try {
$updateQuery->execute(array($newDN, $uuid, $dn['ldap_dn']));
} catch(Exception $e) {
\OCP\Util::writeLog('user_ldap', 'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Could not update '.$object.' '.$dn['ldap_dn'].' in the mappings table. ',
\OCP\Util::WARN);
}
}

18
apps/user_ldap/group_ldap.php
Unescape View File

@ -177,7 +177,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if($isMemberUid) {
//we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
\OCP\Util::mb_str_replace('%uid', $member,
$this->connection>ldapLoginFilter, 'UTF-8'),
$this->getFilterPartForUserSearch($search)
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
@ -188,7 +189,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
} else {
//we got DNs, check if we need to filter by search or we can give back all of them
if(!empty($search)) {
if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
if(!$this->readAttribute($member,
$this->connection->ldapUserDisplayName,
$this->getFilterPartForUserSearch($search))) {
continue;
}
}
@ -225,7 +228,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
return $ldap_groups;
}
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
// error. With a limit of 0, we get 0 results. So we pass null.
if($limit <= 0) {
$limit = null;
}
@ -234,7 +238,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
$this->getFilterPartForGroupSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'),
$limit, $offset);
$ldap_groups = $this->ownCloudGroupNames($ldap_groups);
$this->connection->writeToCache($cachekey, $ldap_groups);
@ -282,7 +287,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
* compared with OC_USER_BACKEND_CREATE_USER etc.
*/
public function implementsActions($actions) {
//always returns false, because possible actions are modifying actions. We do not write to LDAP, at least for now.
//always returns false, because possible actions are modifying
// actions. We do not write to LDAP, at least for now.
return false;
}
}
}

60
apps/user_ldap/lib/access.php
Unescape View File

@ -48,7 +48,9 @@ abstract class Access {
*/
public function readAttribute($dn, $attr, $filter = 'objectClass=*') {
if(!$this->checkConnection()) {
\OCP\Util::writeLog('user_ldap', 'No LDAP Connector assigned, access impossible for readAttribute.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No LDAP Connector assigned, access impossible for readAttribute.',
\OCP\Util::WARN);
return false;
}
$cr = $this->connection->getConnectionResource();
@ -123,7 +125,8 @@ abstract class Access {
return $result;
}
//OID sometimes gives back DNs with whitespace after the comma a la "uid=foo, cn=bar, dn=..." We need to tackle this!
//OID sometimes gives back DNs with whitespace after the comma
// a la "uid=foo, cn=bar, dn=..." We need to tackle this!
$dn = preg_replace('/([^\\\]),(\s+)/u', '\1,', $dn);
//make comparisons and everything work
@ -218,7 +221,8 @@ abstract class Access {
* @param $ldapname optional, the display name of the object
* @returns string with with the name to use in ownCloud, false on DN outside of search DN
*
* returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
* returns the internal ownCloud name for the given LDAP DN of the
* group, false on DN outside of search DN or failure
*/
public function dn2groupname($dn, $ldapname = null) {
//To avoid bypassing the base DN settings under certain circumstances
@ -646,7 +650,9 @@ abstract class Access {
$sr = ldap_search($linkResources, $base, $filter, $attr);
$error = ldap_errno($link_resource);
if(!is_array($sr) || $error > 0) {
\OCP\Util::writeLog('user_ldap', 'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource), \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource),
\OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap', 'Attempt for Paging? '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
return array();
}
@ -668,7 +674,9 @@ abstract class Access {
if($skipHandling) {
return;
}
//if count is bigger, then the server does not support paged search. Instead, he did a normal search. We set a flag here, so the callee knows how to deal with it.
// if count is bigger, then the server does not support
// paged search. Instead, he did a normal search. We set a
// flag here, so the callee knows how to deal with it.
if($findings['count'] <= $limit) {
$this->pagedSearchedSuccessful = true;
}
@ -702,7 +710,9 @@ abstract class Access {
$key = mb_strtolower($key, 'UTF-8');
if(isset($item[$key])) {
if($key != 'dn') {
$selection[$i][$key] = $this->resemblesDN($key) ? $this->sanitizeDN($item[$key][0]) : $item[$key][0];
$selection[$i][$key] = $this->resemblesDN($key) ?
$this->sanitizeDN($item[$key][0])
: $item[$key][0];
} else {
$selection[$i][$key] = $this->sanitizeDN($item[$key]);
}
@ -806,7 +816,9 @@ abstract class Access {
* @return string the final filter part to use in LDAP searches
*/
public function getFilterPartForUserSearch($search) {
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
return $this->getFilterPartForSearch($search,
$this->connection->ldapAttributesForUserSearch,
$this->connection->ldapUserDisplayName);
}
/**
@ -815,7 +827,9 @@ abstract class Access {
* @return string the final filter part to use in LDAP searches
*/
public function getFilterPartForGroupSearch($search) {
return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
return $this->getFilterPartForSearch($search,
$this->connection->ldapAttributesForGroupSearch,
$this->connection->ldapGroupDisplayName);
}
/**
@ -874,13 +888,15 @@ abstract class Access {
foreach($testAttributes as $attribute) {
\OCP\Util::writeLog('user_ldap', 'Testing '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
$value = $this->readAttribute($dn, $attribute);
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
$value = $this->readAttribute($dn, $attribute);
if(is_array($value) && isset($value[0]) && !empty($value[0])) {
\OCP\Util::writeLog('user_ldap', 'Setting '.$attribute.' as UUID attr', \OCP\Util::DEBUG);
$this->connection->ldapUuidAttribute = $attribute;
return true;
}
\OCP\Util::writeLog('user_ldap', 'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true), \OCP\Util::DEBUG);
}
\OCP\Util::writeLog('user_ldap',
'The looked for uuid attr is not '.$attribute.', result was '.print_r($value, true),
\OCP\Util::DEBUG);
}
return false;
@ -888,7 +904,9 @@ abstract class Access {
public function getUUID($dn) {
if($this->detectUuidAttribute($dn)) {
\OCP\Util::writeLog('user_ldap', 'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute, \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'UUID Checking \ UUID for '.$dn.' using '. $this->connection->ldapUuidAttribute,
\OCP\Util::DEBUG);
$uuid = $this->readAttribute($dn, $this->connection->ldapUuidAttribute);
if(!is_array($uuid) && $this->connection->ldapOverrideUuidAttribute) {
$this->detectUuidAttribute($dn, true);
@ -1027,13 +1045,18 @@ abstract class Access {
$pagedSearchOK = false;
if($this->connection->hasPagedResultSupport && !is_null($limit)) {
$offset = intval($offset); //can be null
\OCP\Util::writeLog('user_ldap', 'initializing paged search for Filter'.$filter.' base '.print_r($bases, true).' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset, \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'initializing paged search for Filter'.$filter.' base '.print_r($bases, true)
.' attr '.print_r($attr, true). ' limit ' .$limit.' offset '.$offset,
\OCP\Util::INFO);
//get the cookie from the search for the previous search, required by LDAP
foreach($bases as $base) {
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
if(empty($cookie) && ($offset > 0)) {
//no cookie known, although the offset is not 0. Maybe cache run out. We need to start all over *sigh* (btw, Dear Reader, did you need LDAP paged searching was designed by MSFT?)
// no cookie known, although the offset is not 0. Maybe cache run out. We need
// to start all over *sigh* (btw, Dear Reader, did you need LDAP paged
// searching was designed by MSFT?)
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
@ -1049,13 +1072,16 @@ abstract class Access {
if($offset > 0) {
\OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO);
}
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(), $limit, false, $cookie);
$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(),
$limit, false, $cookie);
if(!$pagedSearchOK) {
return false;
}
\OCP\Util::writeLog('user_ldap', 'Ready for a paged search', \OCP\Util::INFO);
} else {
\OCP\Util::writeLog('user_ldap', 'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset, \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'No paged search for us, Cpt., Limit '.$limit.' Offset '.$offset,
\OCP\Util::INFO);
}
}

86
apps/user_ldap/lib/connection.php
Unescape View File

@ -76,7 +76,8 @@ class Connection {
$this->configPrefix = $configPrefix;
$this->configID = $configID;
$this->cache = \OC_Cache::getGlobalCache();
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result')
&& function_exists('ldap_control_paged_result_response'));
}
public function __destruct() {
@ -274,9 +275,36 @@ class Connection {
* @return returns an array that maps internal variable names to database fields
*/
private function getConfigTranslationArray() {
static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
static $array = array(
'ldap_host'=>'ldapHost',
'ldap_port'=>'ldapPort',
'ldap_backup_host'=>'ldapBackupHost',
'ldap_backup_port'=>'ldapBackupPort',
'ldap_override_main_server' => 'ldapOverrideMainServer',
'ldap_dn'=>'ldapAgentName',
'ldap_agent_password'=>'ldapAgentPassword',
'ldap_base'=>'ldapBase',
'ldap_base_users'=>'ldapBaseUsers',
'ldap_base_groups'=>'ldapBaseGroups',
'ldap_userlist_filter'=>'ldapUserFilter',
'ldap_login_filter'=>'ldapLoginFilter',
'ldap_group_filter'=>'ldapGroupFilter',
'ldap_display_name'=>'ldapUserDisplayName',
'ldap_group_display_name'=>'ldapGroupDisplayName',
'ldap_tls'=>'ldapTLS',
'ldap_nocase'=>'ldapNoCase',
'ldap_quota_def'=>'ldapQuotaDefault',
'ldap_quota_attr'=>'ldapQuotaAttribute',
'ldap_email_attr'=>'ldapEmailAttribute',
'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
'ldap_cache_ttl'=>'ldapCacheTTL',
'home_folder_naming_rule' => 'homeFolderNamingRule',
'ldap_turn_off_cert_check' => 'turnOffCertCheck',
'ldap_configuration_active' => 'ldapConfigurationActive',
'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch'
);
return $array;
}
@ -388,7 +416,8 @@ class Connection {
* @returns true if configuration seems OK, false otherwise
*/
private function validateConfiguration() {
//first step: "soft" checks: settings that are not really necessary, but advisable. If left empty, give an info message
// first step: "soft" checks: settings that are not really
// necessary, but advisable. If left empty, give an info message
if(empty($this->config['ldapBaseUsers'])) {
\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
@ -398,11 +427,16 @@ class Connection {
$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
}
if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'No group filter is specified, LDAP group feature will not be used.',
\OCP\Util::INFO);
}
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid'))
&& (!is_null($this->configID))) {
\OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'Illegal value for the UUID Attribute, reset to autodetect.',
\OCP\Util::INFO);
}
if(empty($this->config['ldapBackupPort'])) {
//force default
@ -418,7 +452,9 @@ class Connection {
if((strpos($this->config['ldapHost'], 'ldaps') === 0)
&& $this->config['ldapTLS']) {
$this->config['ldapTLS'] = false;
\OCP\Util::writeLog('user_ldap', 'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
\OCP\Util::INFO);
}
@ -435,20 +471,28 @@ class Connection {
}
if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
\OCP\Util::writeLog('user_ldap', 'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
//TODO: check if ldapAgentName is in DN form
if(empty($this->config['ldapBase']) && (empty($this->config['ldapBaseUsers']) && empty($this->config['ldapBaseGroups']))) {
if(empty($this->config['ldapBase'])
&& (empty($this->config['ldapBaseUsers'])
&& empty($this->config['ldapBaseGroups']))) {
\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapUserDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No user display name attribute specified, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No user display name attribute specified, won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapGroupDisplayName'])) {
\OCP\Util::writeLog('user_ldap', 'No group display name attribute specified, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'No group display name attribute specified, won`t connect.',
\OCP\Util::WARN);
$configurationOK = false;
}
if(empty($this->config['ldapLoginFilter'])) {
@ -456,7 +500,9 @@ class Connection {
$configurationOK = false;
}
if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
\OCP\Util::writeLog('user_ldap', 'Login filter does not contain %uid place holder, won`t connect.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Login filter does not contain %uid place holder, won`t connect.',
\OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
$configurationOK = false;
}
@ -520,13 +566,17 @@ class Connection {
if(!$this->ldapConnectionRes) {
if(!function_exists('ldap_connect')) {
$phpLDAPinstalled = false;
\OCP\Util::writeLog('user_ldap', 'function ldap_connect is not available. Make sure that the PHP ldap module is installed.', \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
\OCP\Util::ERROR);
return false;
}
if($this->config['turnOffCertCheck']) {
if(putenv('LDAPTLS_REQCERT=never')) {
\OCP\Util::writeLog('user_ldap', 'Turned off SSL certificate validation successfully.', \OCP\Util::WARN);
\OCP\Util::writeLog('user_ldap',
'Turned off SSL certificate validation successfully.',
\OCP\Util::WARN);
} else {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
}
@ -584,7 +634,9 @@ class Connection {
}
$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr), \OCP\Util::ERROR);
\OCP\Util::writeLog('user_ldap',
'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr),
\OCP\Util::ERROR);
$this->ldapConnectionRes = null;
return false;
}

34
apps/user_ldap/lib/jobs.php
Unescape View File

@ -42,7 +42,9 @@ class Jobs {
$actualGroups = self::getGroupBE()->getGroups();
if(empty($actualGroups) && empty($knownGroups)) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – groups do not seem to be configured properly, aborting.',
\OCP\Util::INFO);
\OCP\Config::setAppValue('user_ldap', 'bgjUpdateGroupsLastRun', time());
return;
}
@ -75,19 +77,25 @@ class Jobs {
$hasChanged = false;
foreach(array_diff($knownUsers, $actualUsers) as $removedUser) {
\OCP\Util::emitHook('OC_User', 'post_removeFromGroup', array('uid' => $removedUser, 'gid' => $group));
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – "'.$removedUser.'" removed from "'.$group.'".',
\OCP\Util::INFO);
$hasChanged = true;
}
foreach(array_diff($actualUsers, $knownUsers) as $addedUser) {
\OCP\Util::emitHook('OC_User', 'post_addFromGroup', array('uid' => $addedUser, 'gid' => $group));
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – "'.$addedUser.'" added to "'.$group.'".',
\OCP\Util::INFO);
$hasChanged = true;
}
if($hasChanged) {
$query->execute(array(serialize($actualUsers), $group));
}
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with known Groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – FINISHED dealing with known Groups.',
\OCP\Util::DEBUG);
}
static private function handleCreatedGroups($createdGroups) {
@ -98,11 +106,15 @@ class Jobs {
VALUES (?, ?)
');
foreach($createdGroups as $createdGroup) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – new group "'.$createdGroup.'" found.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – new group "'.$createdGroup.'" found.',
\OCP\Util::INFO);
$users = serialize(self::getGroupBE()->usersInGroup($createdGroup));
$query->execute(array($createdGroup, $users));
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with created Groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – FINISHED dealing with created Groups.',
\OCP\Util::DEBUG);
}
static private function handleRemovedGroups($removedGroups) {
@ -113,10 +125,14 @@ class Jobs {
WHERE `owncloudname` = ?
');
foreach($removedGroups as $removedGroup) {
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.', \OCP\Util::INFO);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – group "'.$removedGroup.'" was removed.',
\OCP\Util::INFO);
$query->execute(array($removedGroup));
}
\OCP\Util::writeLog('user_ldap', 'bgJ "updateGroups" – FINISHED dealing with removed groups.', \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'bgJ "updateGroups" – FINISHED dealing with removed groups.',
\OCP\Util::DEBUG);
}
static private function getConnector() {
@ -154,4 +170,4 @@ class Jobs {
return self::$groupsFromDB;
}
}
}

42
apps/user_ldap/templates/settings.php
Unescape View File

@ -12,19 +12,43 @@
}
?>
<fieldset id="ldapSettings-1">
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label>
<select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
<?php echo $_['serverConfigurationOptions']; ?>
<option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
</select>
<button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button>
<button id="ldap_action_delete_configuration"
name="ldap_action_delete_configuration">Delete Configuration</button>
</p>
<p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
<p><label for="ldap_host"><?php echo $l->t('Host');?></label>
<input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>"
title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
<p><label for="ldap_base"><?php echo $l->t('Base DN');?></label>
<textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>"
title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"
data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
<p><label for="ldap_dn"><?php echo $l->t('User DN');?></label>
<input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>"
title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label>
<input type="password" id="ldap_agent_password" name="ldap_agent_password"
data-default="<?php echo $_['ldap_agent_password_default']; ?>"
title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
<p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label>
<input type="text" id="ldap_login_filter" name="ldap_login_filter"
data-default="<?php echo $_['ldap_login_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" />
<br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
<p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label>
<input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter"
data-default="<?php echo $_['ldap_userlist_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" />
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
<p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label>
<input type="text" id="ldap_group_filter" name="ldap_group_filter"
data-default="<?php echo $_['ldap_group_filter_default']; ?>"
title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" />
<br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
</fieldset>
<fieldset id="ldapSettings-2">
<div id="ldapAdvancedAccordion">

18
apps/user_ldap/user_ldap.php
Unescape View File

@ -112,7 +112,8 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
return $ldap_users;
}
// if we'd pass -1 to LDAP search, we'd end up in a Protocol error. With a limit of 0, we get 0 results. So we pass null.
// if we'd pass -1 to LDAP search, we'd end up in a Protocol
// error. With a limit of 0, we get 0 results. So we pass null.
if($limit <= 0) {
$limit = null;
}
@ -121,9 +122,12 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
$this->getFilterPartForUserSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
\OCP\Util::writeLog('user_ldap',
'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
\OCP\Util::DEBUG);
//do the search and translate results to owncloud names
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'), $limit, $offset);
$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'),
$limit, $offset);
$ldap_users = $this->ownCloudUserNames($ldap_users);
\OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG);
@ -189,11 +193,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
//check for / at the beginning or pattern c:\ resp. c:/
if(
'/' == $path[0]
|| (3 < strlen($path) && ctype_alpha($path[0]) && $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
|| (3 < strlen($path) && ctype_alpha($path[0])
&& $path[1] == ':' && ('\\' == $path[2] || '/' == $path[2]))
) {
$homedir = $path;
} else {
$homedir = \OCP\Config::getSystemValue('datadirectory', \OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
$homedir = \OCP\Config::getSystemValue('datadirectory',
\OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
}
$this->connection->writeToCache($cacheKey, $homedir);
return $homedir;
@ -270,4 +276,4 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
public function hasUserListings() {
return true;
}
}
}

Write Preview
Loading…
Cancel
Save