* @throws OCSException * * 200: Config created successfully */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'POST', url: '/api/v1/config')] public function create() { try { $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix(); $configHolder = new Configuration($configPrefix); $configHolder->ldapConfigurationActive = false; $configHolder->saveConfiguration(); } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when creating the new config.'); } return new DataResponse(['configID' => $configPrefix]); } /** * Delete a LDAP configuration * * @param string $configID ID of the config * @return DataResponse, array{}> * @throws OCSException * @throws OCSNotFoundException Config not found * * 200: Config deleted successfully */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'DELETE', url: '/api/v1/config/{configID}')] public function delete($configID) { try { $this->ensureConfigIDExists($configID); if (!$this->ldapHelper->deleteServerConfiguration($configID)) { throw new OCSException('Could not delete configuration'); } } catch (OCSException $e) { throw $e; } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when deleting the config.'); } return new DataResponse(); } /** * Modify a configuration * * @param string $configID ID of the config * @param array $configData New config * @return DataResponse, array{}> * @throws OCSException * @throws OCSBadRequestException Modifying config is not possible * @throws OCSNotFoundException Config not found * * 200: Config returned */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'PUT', url: '/api/v1/config/{configID}')] public function modify($configID, $configData) { try { $this->ensureConfigIDExists($configID); if (!is_array($configData)) { throw new OCSBadRequestException('configData is not properly set'); } $configuration = new Configuration($configID); $configKeys = $configuration->getConfigTranslationArray(); foreach ($configKeys as $i => $key) { if (isset($configData[$key])) { $configuration->$key = $configData[$key]; } } $configuration->saveConfiguration(); $this->connectionFactory->get($configID)->clearCache(); } catch (OCSException $e) { throw $e; } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when modifying the config.'); } return $this->show($configID, false); } /** * Get a configuration * * Output can look like this: * * * * ok * 200 * OK * * * ldaps://my.ldap.server * 7770 * * * ou=small,dc=my,dc=ldap,dc=server * ou=users,ou=small,dc=my,dc=ldap,dc=server * ou=small,dc=my,dc=ldap,dc=server * cn=root,dc=my,dc=ldap,dc=server * clearTextWithShowPassword=1 * 1 * 0 * * displayname * uid * inetOrgPerson * * (&(objectclass=nextcloudUser)(nextcloudEnabled=TRUE)) * 1 * (&(|(objectclass=nextcloudGroup))) * 0 * nextcloudGroup * * cn * memberUid * (&(|(objectclass=inetOrgPerson))(uid=%uid)) * 0 * 0 * 1 * * * * mail * 20 * auto * auto * * 1 * uid;sn;givenname * * 0 * * * 1 * uid * uid * * 0 * 0 * 500 * 1 * * * * * @param string $configID ID of the config * @param bool $showPassword Whether to show the password * @return DataResponse, array{}> * @throws OCSException * @throws OCSNotFoundException Config not found * * 200: Config returned */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'GET', url: '/api/v1/config/{configID}')] public function show($configID, $showPassword = false) { try { $this->ensureConfigIDExists($configID); $config = new Configuration($configID); $data = $config->getConfiguration(); if (!$showPassword) { $data['ldapAgentPassword'] = '***'; } foreach ($data as $key => $value) { if (is_array($value)) { $value = implode(';', $value); $data[$key] = $value; } } } catch (OCSException $e) { throw $e; } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when modifying the config.'); } return new DataResponse($data); } /** * Test a configuration * * @param string $configID ID of the LDAP config * @return DataResponse * @throws OCSException An unexpected error happened * @throws OCSNotFoundException Config not found * * 200: Test was run and results are returned */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'POST', url: '/api/v1/config/{configID}/test')] public function testConfiguration(string $configID) { try { $this->ensureConfigIDExists($configID); $connection = $this->connectionFactory->get($configID); $conf = $connection->getConfiguration(); if ($conf['ldap_configuration_active'] !== '1') { //needs to be true, otherwise it will also fail with an irritating message $conf['ldap_configuration_active'] = '1'; } try { $connection->setConfiguration($conf, throw: true); } catch (ConfigurationIssueException $e) { return new DataResponse([ 'success' => false, 'message' => $this->l->t('Invalid configuration: %s', $e->getHint()), ]); } // Configuration is okay if (!$connection->bind()) { return new DataResponse([ 'success' => false, 'message' => $this->l->t('Valid configuration, but binding failed. Please check the server settings and credentials.'), ]); } /* * This shiny if block is an ugly hack to find out whether anonymous * bind is possible on AD or not. Because AD happily and constantly * replies with success to any anonymous bind request, we need to * fire up a broken operation. If AD does not allow anonymous bind, * it will end up with LDAP error code 1 which is turned into an * exception by the LDAP wrapper. We catch this. Other cases may * pass (like e.g. expected syntax error). */ try { $ldapWrapper = Server::get(ILDAPWrapper::class); $ldapWrapper->read($connection->getConnectionResource(), '', 'objectClass=*', ['dn']); } catch (\Exception $e) { if ($e->getCode() === 1) { return new DataResponse([ 'success' => false, 'message' => $this->l->t('Invalid configuration: Anonymous binding is not allowed.'), ]); } } return new DataResponse([ 'success' => true, 'message' => $this->l->t('Valid configuration, connection established!'), ]); } catch (OCSException $e) { throw $e; } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when testing the config.'); } } /** * Copy a configuration * * @param string $configID ID of the LDAP config * @return DataResponse * @throws OCSException An unexpected error happened * @throws OCSNotFoundException Config not found * * 200: Config was copied, new configID was returned */ #[AuthorizedAdminSetting(settings: Admin::class)] #[ApiRoute(verb: 'POST', url: '/api/v1/config/{configID}/copy')] public function copyConfiguration(string $configID) { try { $this->ensureConfigIDExists($configID); $configPrefix = $this->ldapHelper->getNextServerConfigurationPrefix(); $newConfig = new Configuration($configPrefix, false); $originalConfig = new Configuration($configID); $newConfig->setConfiguration($originalConfig->getConfiguration()); $newConfig->saveConfiguration(); return new DataResponse(['configID' => $configPrefix]); } catch (OCSException $e) { throw $e; } catch (\Exception $e) { $this->logger->error($e->getMessage(), ['exception' => $e]); throw new OCSException('An issue occurred when creating the new config.'); } } /** * If the given config ID is not available, an exception is thrown * * @param string $configID * @throws OCSNotFoundException */ #[AuthorizedAdminSetting(settings: Admin::class)] private function ensureConfigIDExists($configID): void { $prefixes = $this->ldapHelper->getServerConfigurationPrefixes(); if (!in_array($configID, $prefixes, true)) { throw new OCSNotFoundException('Config ID not found'); } } }